ThreatCluster has introduced a cyber threat intelligence platform aimed at helping security teams manage the increasing volume of duplicate cyber threat reports. This platform streamlines the process by focusing on incidents pertinent to specific organisations. Founded in 2025 in the UK, ThreatCluster addresses the common issue of redundant reporting across various media and security sources. The platform automates the collection and analysis of these reports, preserving the context needed for informed decision-making.
By monitoring over 16,000 open and dark web sources, ThreatCluster processes around 900 articles daily. It uses semantic clustering to consolidate these into approximately 70 unique threat clusters, allowing analysts to review a single comprehensive record instead of numerous duplicates. Each cluster provides a timeline, extracted entities, and indicators of compromise that integrate with existing security workflows, offering a structured view of threats.
ThreatCluster customises intelligence feeds based on an organisation’s specific attributes, ensuring alerts are relevant and reducing unnecessary investigations. This approach helps organisations quickly assess the impact of new vulnerabilities or attacks on their operations.
Furthermore, ThreatCluster aims to make advanced threat intelligence more accessible by offering a free entry tier alongside paid subscriptions, catering to smaller organisations and operational security teams. The platform was founded by James Mockford and Reyben Cortes, both experienced in operational cyber security and threat intelligence. Their focus is on simplifying intelligence collection rather than adding more data sources for analysts to process.
Users of ThreatCluster range from individual analysts to large corporations and defence organisations. The platform’s proprietary capabilities include in-house monitoring of dark web sources, providing consolidated intelligence and improving operational efficiency. James Mockford, co-founder, highlights the fragmented nature of threat intelligence and how ThreatCluster brings all necessary information into one accessible location.

