The first part of this series examined how cyber threat intelligence lost its way. Once a tool built to support defenders, it has become a theater of performance driven by headlines, vanity, and government-aligned narratives. Analysts still write with good intentions, but their work is shaped by forces far beyond their control. The result is a body of intelligence reporting polished for optics and optimized for brand. It is no longer about protection. It is about presentation.

This second part pulls back the curtain on one of the most aggressive deceptions in the industry. The myth of premium pricing. The lie of handcrafted intelligence. The illusion of cyber threat intelligence is so complex, so elite, so inaccessible to the average defender and outsiders, only a handful of vendors are capable of producing it. And because it is allegedly rare, they can charge whatever they want. The problem is not just the cost. It is the psychology used to justify it. What customers are told they are buying is not what they receive. And what vendors claim to deliver no longer resembles the truth.

Illusion of Craft

One of the most common questions heard from customers is why cyber threat intelligence products cost so much. Every vendor sings a variation of the same tune. Their analysts are the best in the world. Their data volumes are unparalleled. Their analysis requires deep expertise. And that expertise, they claim, is expensive. Vendors then perform an elaborate dance about their elite threat hunters, their handcrafted reports, and their alleged bespoke insights.

But this is all marketing theater. Behind the curtain, the process is mechanical. The broad reporting published daily, the so-called crown jewel of cyber threat intelligence vendors, has devolved into little more than stale and recycled noise. Most of it is not intelligence. It is barely disguised plagiarism of publicly available news, repackaged with buzzwords and timestamped long after the breach has already been dissected on social media and the blogosphere. There is little to no insight added beyond a meaningless confidence statement and indicators of compromise published several days earlier.

There is no sense of urgency to help customers. There is no speed. There is no value. These vendors masquerade as critical infrastructure to cyber defense, while in reality they are glorified press clipping services, peddling latency in a world that demands immediacy. It is a shell game. Customers pay for access to knowledge they could have gathered from Blue Sky, Reddit, LinkedIn, or X for free, several days earlier.

The bespoke reporting situation is even more farcical. This alleged premium tier of intelligence is marketed as tailored insight, crafted specifically for the customer’s needs. In truth, it is often a Frankenstein collection of mismatched paragraphs, stitched together from internal archives with little regard for coherence or context. Analysts search their own database for pre-written content, make superficial modifications, and deliver it as a bespoke report for outrageous pricing.

In many cases, reporting does not even contain reused paragraphs. Instead, vendors lightly wordsmith their own narratives and, rather than providing clarity, they offer citations to the original report. Customers are sent on a scavenger hunt through clunky portals with broken search interfaces to locate earlier documents. The burden of synthesis is offloaded to the customer. What is advertised as intelligence is often just homework disguised as value.

Rise of the Machine

And now the bait and switch reaches its apex. The same vendors who demand handcrafted pricing have quietly outsourced the craft to machines. While automation for data collection and enrichment is understandable, the use of generative artificial intelligence for large portions of report writing shatters the myth of handcrafted insight. Vendors speak of analyst labor as justification for their pricing, yet much of the narrative heavy lifting is now performed by large language models. The work is not done by an intelligence professional hunched over a desk. It is done by code.

There is nothing wrong with using generative AI, agentic systems, or any form of automation to support intelligence production. This is not the problem. It is an obvious and necessary evolution. The scale and speed of adversary activity demand technological augmentation. No human team can keep pace without help. The industry should adopt these tools. It must adopt them. The issue is not the use of machines. The issue is the lie. Vendors quietly replace human labor with automation while continuing to charge handcrafted prices. They obscure the transition rather than own it. They pretend the insight is artisanal while automating the craft behind the curtain.

This is not just theoretical. It is already happening. Major cyber security vendors have cited generative artificial intelligence as justification for workforce reductions, claiming automation can supplement the work once done by trained personnel. The same companies charging exorbitant fees for their products are now using machines to replace the very people they once held up as their value proposition. It is not augmentation. It is replacement. And it reveals the truth they try to hide. The work is not expensive. It is cheap. The labor is not premium. It is expendable. The product is not handcrafted. It is automated output wrapped in legacy branding.

This is not inherently wrong. Technology has a place. But it is dishonest to pretend otherwise. This is not innovation. This is industrial scale deception. The cost to produce cyber threat intelligence has collapsed over the last three years. But the price to access it has remained unchanged. That gap is not an accident. It is not about preserving quality. It is about exploiting ignorance. It is about extracting profit from a myth vendors no longer even bother to maintain in private.

And herein lies the unfortunate truth. If you read closely, the signs are not even hidden. Intelligence reports now arrive with phrasing sounding eerily mechanical. Entire paragraphs mirror previous work. The writing style is flattened. The insights are generic. Some reports even contain factual inconsistencies or hallucinated threat actor details, artifacts of automated generation. Buried disclaimers quietly acknowledge the use of machine assistance, but the marketing materials still tout analyst craftsmanship. This is not an accident. It is a calculated sleight of hand. A sleight deployed so customers continue paying for artisanal intelligence while receiving output mass-produced by code. The deception is not subtle. It is strategic.

What these vendors are selling is not intelligence. It is margin theater.

Illusion of Exclusivity

The pricing deception runs deeper than inflated cost. It is rooted in a manufactured mystique. Vendors have convinced the market that cyber threat intelligence is so rare, so elite, so difficult to produce only a select few can deliver it properly. This is the lie beneath the lie. It is not just about money. It is about mythology. A narrative crafted to make intelligence appear unreachable to all but the privileged, justifying any price tag attached to it.

The collapse in production cost should have opened the gates. Automation should have democratized access. Instead, vendors tightened control. The same intelligence, now produced by a mix of humans and machines, is locked behind even higher paywalls. Access is not expanded. It is restricted. The result is not a more inclusive ecosystem. It is a more exclusive one. What was once justified by labor is now upheld by illusion. A fiction designed to preserve power, not share insight.

This illusion is sustained through branding and bravado. Vendors flaunt their unique telemetry and underground visibility as if access alone guarantees superior intelligence. They market their vantage points as irreplaceable. But the truth is more mundane. When the reports arrive, the findings often overlap with other vendors. The intelligence is delayed, derivative, or already known. What was sold as exclusive turns out to be recycled. The exclusivity is not in the content. It is in the story told to sell it.

Customers are paying for actionability. But that is not what they are receiving. They want value. They want intelligence they can immediately use. Instead, they are given aura. Vendors sell the idea intelligence only matters if it comes from a source with exclusive visibility. The pressure point is clear. Only the vendor sees what matters. Only the vendor has the right primary source intelligence to accurately track sophisticated threat actor activity. Only the vendor can produce insights worth acting on. The implication is unmistakable. If you are not buying from them, then you are not doing threat intelligence right. But what the customer receives is not value. It is branding. It is gatekeeping dressed up as sophistication.

The myth also insists intelligence can only be understood by an elite few. That defenders lack the ability to properly interpret reports or operationalize indicators without help from vendors providing expensive cyber threat intelligence. This is false. Intelligence is a discipline, and these skills can be taught. Courses exist. Communities thrive. And defenders are more than capable of building internal expertise. Many already have. The issue is not capability. It is capacity. Most organizations simply do not have the time nor resources to do it themselves, which is exactly why CTI tools and services exist. But those tools should serve the mission. Not manipulate the buyer.

There is nothing wrong with buying cyber threat intelligence. Nothing wrong with seeking outside expertise. But customers should not be tricked into believing they are joining a sacred order. The value must come from insight, actionability, and relevance. Not mystique. Not mythology. Not brand.

Up next in Part Three is a deeper look at how vendors exert control. How they decide what gets analyzed, what gets published, and who gets to see it. A system built not to share insight but to gatekeep it. Intelligence becomes less about protection and more about power. And the cost is paid by everyone on the outside looking in.

Support Praeryx Content

Are you passionate about advancing your understanding of cyber security and cyber threat intelligence, and want to see more in-depth, thought-provoking content like this? Consider supporting Praeryx in our mission to educate and empower with a donation directly contributing to the continued creation of valuable resources and insights, helping Praeryx to provide impactful and timely content. Join us in building a more secure digital future by donating today!

Donate to Praeryx

Sign Up for the Praeryx Newsletter

Are you interested in receiving the latest Praeryx blog posts directly to your inbox? Sign up for the Praeryx Newsletter today to stay informed about the latest cyber threats and adversary behavior, learn how to leverage cyber threat intelligence to protect your organization, and stay ahead of the ever-evolving cyber threat landscape!

Subscribe

Email sent! Check your inbox to complete your signup.

We do not spam you! Unsubscribe anytime.