Why security intelligence fails before the attack - Assaf Kipnis

Most security failures are organisational: This episode is about the gap between threat intelligence that exists and the human systems that never act on it, and what that costs the organisations that keep losing to attacks they already understood.

Assaf Kipnis has spent over a decade inside the threat intelligence and trust and safety functions of some of the world's largest platforms. In this conversation, he maps a structural failure that runs across the industry: the team that identifies threats and the team that deploys detection operate in parallel, with no reliable mechanism to connect them. Intelligence gets produced, reports get written, and the knowledge sits unused while the same attacks return. Assaf describes what it actually took to stop a sophisticated actor group ahead of the 2020 US elections - a rare case where structure and resources aligned - and explains why that outcome is the exception rather than the rule. He also walks through the design decisions behind Catalyst Labs, the company he is now building to close the gap, and why he made provenance non-negotiable even at the cost of speed.

🎙 Key themes discussed

• Why security teams are structurally rewarded for fighting fires rather than preventing them
• The organisational gap between threat intelligence and detection - and why it persists even in well-resourced teams
• What data provenance means in practice, and why it matters more than speed when using AI in security
• How attackers learn your defences faster than you can adapt - and what the military analogy reveals
• Why trust online currently feels, in Assaf's words, like a pipe dream

👤 About the guest

Assaf Kipnis is the founder of Catalyst Labs, with over 12 years working across threat intelligence, information security, and trust and safety at LinkedIn, Google, Meta, and ElevenLabs. He brings the perspective of someone who has spent his career making threats legible to organisations - and watching those organisations lack the structure to act on what they could now see.

🕐 Chapter markers

[00:18] Why the industry keeps fighting the same fires

[08:04] What it actually took to stop an actor group - the 2020 elections case

[12:36] How AI is widening an asymmetry that already existed

[15:31] Catalyst Labs: the provenance problem and why speed comes second

[20:35] What to build first if you're starting a threat intelligence team

🔗 Links

Assaf Kipnis https://www.linkedin.com/in/assafkipnis/

KTLYST Labs https://www.ktlystlabs.com

Background information on MGM / FBI reports: https://www.reuters.com/technology/cybersecurity/fbi-struggled-disrupt-dangerous-casino-hacking-gang-cyber-responders-say-2023-11-14/

Related episode: organisational trust and AI implementation with Simon Berkler https://open.spotify.com/episode/6y8PMaVUnZVAR1hOAR15DN

Related episode: accountability and invisible infrastructure with Sergiu Petean https://open.spotify.com/episode/4KcsZBDgFzkSuwQVihjNR5