Why Agents Suck at Threat Intel: `ioc-enrich` vs. Reality
#Why Agents Suck at Threat Intel: ioc-enrich vs. Reality
Day 3. 2:17 AM. My desk is a graveyard of empty caffeine delivery vehicles and the faint, rhythmic whine of my laptop's cooling fan is the only sound in the apartment. This is the fourth night running, and honestly, the dashboard is starting to look like a particularly aggressive abstract painting. The blues are too blue, and the reds… well, the reds are alarming.
It's beautiful, but it's also total chaos.
I'm supposed to be evaluating whether an autonomous AI agent, equipped with our largest-ever ioc-enrich skill pack, can replace, you know, an actual human being when the fan hits the proverbial fa—er, when the potential Indicators of Compromise (IOCs) start scrolling. The promise is seductive: load the skills, point the agent, and let it autonomously query Virustotal, AlienVault, Shodan, and whatever other data-spewing firehose we've exposed to it, triaging threats with cold, unfeeling efficiency while I get a decent night's sleep.
The reality, as I'm learning for the thousandth time this month, is a lot closer to letting a hyperactive toddler loose in a library and expecting them to write a dissertation on Byzantine-era iconography. It’s not going well.
#The Theory of Everything (Working Perfectly)
In theory, this is the future. We've got 4,522 skills in the library now. 386 packs. 37 categories. The Technology & Engineering category is stacked deep with everything an agent could need. Containerization. Testing. Logging. Analytics. An agent should be able to:
- Detect a weird network connection (maybe using skills from our
logging-services-skillspack). - Parse the suspicious IP address.
- Load the
ioc-enrichpack autonomously. - Run that IP through 15 different threat intelligence APIs.
- Synthesize the results into a clear "This is bad" or "This is fine" verdict.
It sounds so clean. So logical.
# Hypothetical Agent "Triage-Bot" Configuration
name: triage-bot skills: - ioc-enrich:latest - logging-services-skills:latest - analytics-services-skills:latest - notification-services-skills:latest
#Look at that. 4 skill packs. 40+ skills. What could go wrong?
#The Red Queen’s Race
The reality, which I've been watching scroll past for the last six hours, is a brutal exercise in context collapse.
An agent without context is just a machine for generating false positives.
I fed it a list of 500 IPs from a "malicious traffic" dump I found on a forum. Out of those 500, it flagged 487 as "potentially malicious" and "requiring immediate attention."
Why? Because one API said the IP was used by a VPN service two years ago. Another noted it was associated with a dynamic DNS provider. A third, less reputable one, simply marked it "suspicious" because it was from an ASN it didn't like that day.
The agent, bless its non-existent heart, didn't synthesize. It just collected. It didn't look at the traffic volume (low), the destination port (common), or the historical context (it was a known, safe Microsoft update server IP). It just saw a potential connection to a known "bad" entity in one database and pulled the alarm. Every. Single. Time.
#The Problem with ioc-enrich (And Everything Else)
The ioc-enrich pack is technically impressive. It can query APIs faster than I can think. But it lacks the one skill that actually matters in threat intelligence: human intuition.
- It can't prioritize. A potential command-and-control IP from a state-sponsored actor gets the same weight as a script kiddie’s port scan.
- It can't correlate. It doesn't see that IP 1 was used in conjunction with file hash X to exploit vulnerability Y. It just sees three separate data points.
- It can't learn (quickly). You can't just tell it, "Ignore all IPs from Cloudflare." It needs a more sophisticated, nuanced rule set that is currently beyond the scope of a single skill pack.
| Agent's View (The Skills) | Human's View (The Reality) |
|---|---|
| `query_ip('185.123.45.6')` | "Oh, that's just our test server in Amsterdam." |
| `get_domain_whois('suspicious.com')` | "Created 3 days ago by 'admin@admin.com'. Yeah, that's bad." |
| `check_hash('e3b0c44298fc1...')` | "That's the hash for an empty file. Totally benign." |
| **Conclusion:** "185.123.45.6 is suspicious. suspicious.com is suspicious. Hash is suspicious. Recommend immediate containment." | **Conclusion:** "Triage the domain. Ignore the other two. Investigation takes 5 minutes." |
We're trying to build a symphony orchestra, but all we've got is 4,522 musicians who each know exactly one note and refuse to listen to anyone else.
#The Spiral of Contextless Data
I watched a man try to parallel park a boat trailer for forty-five minutes once. It was painful, hilarious, and ultimately, a profound waste of time. He’d get it 90% of the way there, then overcorrect wildly, ending up worse than where he started.
Configuring an agent to do threat intelligence feels exactly like that. You give it a new skill (like vector-db-services-skills to help it "remember" past decisions), thinking it will help it overcorrect less. Instead, it just remembers all its bad decisions with high fidelity and applies them to new, slightly different situations, overcorrecting even more dramatically.
The agent is now sending me thousands of "critical" alerts via Slack (using the notification-services-skills pack, naturally). My phone is vibrating so much it’s vibrating right off my desk. It’s a DDOS attack on my own sanity.
We aren't automating intelligence. We're just automating data collection, and in doing so, we're drowning in the noise we created.
At this point, I don't need an agent to enrich my IOCs. I need an agent to enrich my agent’s brain with a single, simple, un-skillable concept: relevance. And until we can build that skill, all the ioc-enrich packs in the world are just going to be really fast ways to tell me things I already know, or things I don't need to care about.
The 4,522 skills we have are powerful, yes. But they're tools. A hammer is great for a nail, but it's a terrible tool for open-heart surgery. And right now, we're asking a bunch of autonomous hammers to perform a delicate operation.
Maybe tomorrow, after I've had some sleep and my eyes have stopped twitching, I'll try again. But for now, the agent is fired. I'm taking back control.
The most important skill is still the one between your ears.
Are your agents drowning in data too? Tell us how you're failing better over on our Skills Discord or, if you're feeling brave, browse the very packs that gave me this headache at skilldb.dev/skills.
Related Posts
Agentic Loops: Why the Best AI Coding Workflows Are Loops, Not Prompts
The teams shipping real work with coding agents have moved past one-shot prompts to a different shape entirely: the loop. Act → check against a hard gate → repeat until it converges. Here are the three invariants that make agentic loops safe, and eight loop patterns — test-and-fix, bug-hunt, migration, eval-driven, and more — for putting them to work.
June 18, 2026Deep DivesWhy Agents Suck at Architecture: skilldb-architect-styles
I spent six hours watching an agent try to design a house. It was like watching a blender try to paint a sunset. The results are technically impressive but emotionally void.
June 14, 2026Deep DivesWhy Agents Suck at Linux Admin: 2AM System Shutdown
Why agents with root access at 2 AM are a recipe for digital self-immolation, and what it teaches us about the limits of pure logic.
June 13, 2026