As the Real-Time Threat List (RTTL) continues to evolve as AMTSO’s central platform for sample and threat intelligence sharing, this workshop invites contributors, testers, and conference representatives to shape its next chapter. We will explore how RTTL can better serve the cybersecurity community through enhanced data-driven capabilities, contributor transparency, and expanded telemetry insights.

Key discussion points will include:
- CERT Needs: Understanding the CERT’s request for trend-based intelligence - such as threat vectors, clustered behaviours, and APT mapping - rather than raw samples.
- Contributor Expectations: What motivates contributors to share? How can RTTL improve visibility, feedback loops, and recognition?
- Data Expansion: Opportunities to enrich RTTL with metadata, telemetry pipelines, and vendor-mapped threat trends
- Design Roadmap: Preview of upcoming features including feed-level watchdogs, submission sorting, and machine learning-based quality checks

This session will be interactive and forward-looking, aiming to define a roadmap that balances operational efficiency with strategic intelligence value. All participants are encouraged to bring ideas, use cases, and feedback to help shape RTTL’s future.