PulseTrace transforms unstructured threat intelligence into actionable investigations by combining locally hosted LLMs, automated OSINT, infrastructure discovery and AI-assisted analysis. Rather than simply summarising articles, it extracts technical intelligence, correlates related events and generates new investigative leads.

Inbox
The Inbox provides a stream of newly discovered security articles, each accompanied by an AI-generated summary to help quickly assess its relevance. Summaries are generated locally using Qwen 3.6 27B running on an NVIDIA RTX 3090, providing fast, private analysis without relying on external cloud services.
Enrichment
Enrichment is what transforms PulseTrace from an AI news reader into an analyst's investigation platform. Rather than simply summarising an article, PulseTrace analyses the technical content to extract actionable intelligence and generate additional artefacts that security teams can immediately use.
Most AI tools summarise articles. PulseTrace turns them into actionable intelligence.
It then explains:
- AI summary
- Regulatory impact (DORA/NIS2)
- IOC extraction
- TTP identification
- Detection engineering (Sigma & YARA)
- Threat hunting leads
- OSINT enrichment
- Source attribution
The enrichment stage is powered by a four-node NVIDIA Spark cluster running GLM 5.2. This larger local model is reserved for the deeper reasoning tasks, where it analyses the source material, maps findings against DORA and NIS2, extracts IOCs and TTPs, and generates Sigma and YARA detection content.
Intel
The Intel section extracts indicators of compromise (IOCs) and other technical artefacts referenced within articles, including IP addresses, domains, URLs, hashes and CVEs. These can be reviewed, searched and enriched to support deeper investigation and threat hunting activities.
Reports
Reports are generated by the Phishing-Tracker MCP. Rather than simply summarising an article, the MCP analyses the reported tactics, techniques and procedures (TTPs), generates targeted search strategies, and performs additional OSINT to identify related malicious infrastructure. The result is an enriched report that extends beyond the original research with newly discovered findings and supporting evidence.

Research
Research provides an AI-assisted investigation workspace where analysts can ask free-form questions or investigate specific topics. The platform performs targeted searches, gathers information from multiple sources, enriches the results with additional context, and provides references for all supporting evidence to enable further verification.

Alerts and Correlated Events
PulseTrace correlates related reporting from multiple sources, grouping articles that refer to the same campaign, vulnerability, threat actor or emerging trend. This helps distinguish isolated reporting from events receiving broader industry attention, allowing analysts to identify potentially significant developments and investigate them as a single intelligence thread.

Why PulseTrace
- Runs locally using open models.
- AI-assisted, not AI-only.
- Generates detection content (Sigma/YARA).
- Maps findings to DORA/NIS2.
- Produces investigation-ready intelligence rather than simple summaries.