Like your dad’s travel itinerary, threat intel has a lot of extra detail that you probably don’t need. Even ransomware defenders have their own version of TMI.

During a recent IT Brew event, “Trend Watch: The Latest in Ransomware and What That Means for IT Teams,” an attendee asked Grant Smith, president of Phantom Security Group: “At what point does threat intelligence become noise? We’re drowning in alerts, and I’m not sure our team knows what to escalate anymore.”

Smith advised companies to learn about the groups targeting companies in their sector, research their tactics, and then ensure defenses cover the areas those groups are targeting.

“You really have to filter out the information based on the market segment that you’re in,” he told the attendees.

After the event, we posed the same question to other security pros, who shared how to turn down the noise and make the most of all that data.

Tie the intel to your environment.—BH

Houston, we have a data and reasoning problem.

That’s the conclusion reached by Randall Degges, VP of AI engineering and developer relations at AI security platform Snyk, after he was approached by his company’s demand generation team over an issue with their lead qualification system. Although Snyk’s tech stack had applications like Salesforce, MadKudu, and Marketo to help organize leads, there were discrepancies in how high-quality leads were classified.

“For a few months this year, all of the marketing leads that we were taking, if those leads did not directly connect to an account that was already in Salesforce, we were basically just rejecting them and ignoring them completely,” Degges said, adding the company had ignored almost 8,000 leads that should have been classified and placed in Snyk’s Salesforce system.

To build or buy? That was the question.—BM

Ransomware: The proliferation of ransomware has led to an explosion in criminal innovation, with malware-as-a-service providers, shared source code and coworking across gangs, and more coordination. Learn more.

The nature of AI is that sometimes you have to put a stop to unnecessary behavior—and cash (or lack thereof) can help make that happen.

GitHub is turning to metered pricing. The company, a subsidiary of Microsoft since 2018, explained the move in a blog post on April 27; its Copilot product will adopt a token usage model starting June 1.

It’s a move that should have been expected, said Harness Field CTO Adam Arellano. Old AI pricing models, including all-you-can-prompt for a set monthly price, were unsustainable, and that pain was going to be felt sooner or later. OpenAI already introduced token-based pricing for its popular ChatGPT model.

Economics of service are like a natural ecosystem, Arellano told IT Brew, likening it to population control in the wild.

“You get rid of all the mountain lions, the deer population is going to explode, and then it’s going to rubber-band back because there’s not enough food,” Arellano said. “What initially happened was these providers of agentic coding were getting so much cash that they didn’t have to fight for survival, they didn’t have to actually do anything useful or be lean or careful.”

Why this might change how you code.—EH