Antonio Formato
Antonio Formato is a Senior Cybersecurity Solution Engineer at Microsoft, where he leads technical engagements on security platforms including Defender XDR, Sentinel, and Defender for Cloud for enterprise and public sector customers across EMEA. With 18+ years of experience in cybersecurity, he advises CISOs and security teams on Zero Trust strategies, multi-cloud security posture, and secure AI adoption.
Outside his professional role, Antonio is an independent researcher exploring the intersection of Generative AI and Cyber Threat Intelligence. He is the creator of TI Mindmap HUB, an AI-powered research platform that automates the transformation of unstructured threat reports into structured, machine-readable intelligence using LLMs and the STIX 2.1 standard. He is co-author of an academic paper on automated STIX 2.1 bundle generation currently under peer review, and collaborates with the University of Salerno as co-advisor on cybersecurity thesis projects.
Antonio is a regular speaker at security conferences including RomHack, HackInBo, BSides Athens, and ITASEC. His independent research is open to community collaboration at ti-mindmap-hub.com.
TI Mindmap HUB is a personal, independent research project, not affiliated with any employer or commercial entity.
Session
Every week, hundreds of threat intelligence reports are published in prose — rich in context, but locked in a format that no SIEM, TIP, or AI agent can consume. Without structure, CTI stays trapped in PDFs and blog posts, disconnected from the defensive stack that needs it most.
This talk presents a practitioner and research-driven approach to closing that gap. Drawing from independent research on the TI Mindmap HUB project and an academic study currently under peer review, benchmarking five LLM families against government-grade STIX 2.1 ground truth, the speaker demonstrates how a hybrid architecture — combining deterministic extraction with LLM-based semantic inference — can transform unstructured reports into machine-readable STIX 2.1 bundles.
Beyond generation, the talk explores how STIX bundles become the foundation for LLM-powered knowledge graphs and how the Model Context Protocol (MCP) exposes structured CTI as tool calls for AI agents — making intelligence not just structured, but conversationally actionable for both human analysts and autonomous copilots.
This is independent research, not a product pitch. The speaker invites collaboration from the CTI community.
Disclaimer: TI Mindmap HUB is a personal, independent research project. It is not affiliated with, endorsed by, or representative of any employer, organization, or commercial entity.