Criminal IP has joined Securonix’s ThreatQ ecosystem, giving security teams a new route to bring external IP intelligence into daily investigation and response workflows at a time when corporate defenders are under pressure to cut alert noise and speed up threat triage.The collaboration, announced from Torrance, California, on May 1, 2026, integrates Criminal IP’s threat intelligence with ThreatQ, the threat intelligence operations platform now held under Securonix following its 2025 acquisition of ThreatQuotient. The tie-up is designed to help analysts enrich indicators, examine suspicious IP addresses, prioritise risk and act on clearer context without shifting between disconnected tools.
Criminal IP, operated by AI SPERA, provides IP address and domain reputation intelligence, attack surface visibility, fraud detection and brand protection capabilities. Its data is built around external-facing digital infrastructure, including exposed assets, malicious traffic patterns, vulnerable hosts and suspicious network behaviour. By placing that intelligence inside ThreatQ, the companies are targeting one of the main weaknesses in security operations: the gap between raw threat feeds and practical decision-making.
ThreatQ functions as a threat intelligence platform that centralises, aggregates and prioritises threat data from multiple sources. Security teams use such systems to connect indicators of compromise with internal telemetry, incident cases, detection rules and response playbooks. The integration means Criminal IP intelligence can be used directly in those workflows, allowing analysts to enrich IP indicators with reputation scoring, exposure-based context and risk signals relevant to live investigations.
The partnership reflects a wider shift in cybersecurity spending away from isolated detection tools and towards platforms that combine threat intelligence, automation, analytics and case management. Security operations centres face expanding attack surfaces across cloud environments, remote access systems, software supply chains and internet-exposed services. At the same time, analysts must process large volumes of alerts, many of which lack enough context to determine whether they represent genuine risk.
For enterprises, the practical value of the integration lies in reducing the manual work involved in checking suspicious IP addresses and correlating them with external intelligence. A flagged address can be assessed for reputation, associated malicious activity, exposure history and potential links to broader campaigns. That context can then support faster decisions on blocking, escalation, monitoring or dismissal.
Securonix has been strengthening its threat detection and response position through platform consolidation. Its acquisition of ThreatQuotient in June 2025 brought ThreatQ’s intelligence management capabilities into a broader security operations portfolio that includes analytics, detection engineering and investigation workflows. The addition of Criminal IP data extends that direction by expanding external intelligence enrichment inside the ThreatQ environment.
AI SPERA, through Criminal IP, has been building its profile in the cyber threat intelligence market by focusing on internet-wide visibility and AI-supported analysis. Its platform offers search and monitoring capabilities for IPs, domains, vulnerabilities, certificates, exposed services and malicious behaviour. That makes the company part of a competitive field where vendors are seeking to turn threat data into operational intelligence rather than merely supplying feeds.
The timing is significant. Cybersecurity teams are facing attacks that move across identity systems, cloud platforms, unmanaged assets and third-party infrastructure. Threat actors increasingly use automation, compromised credentials, proxy networks and vulnerable public-facing systems to disguise activity. IP reputation alone is no longer sufficient, but enriched intelligence around exposure and behavioural patterns can help analysts separate routine noise from hostile activity.
Threat intelligence platforms are also becoming more important as organisations adopt AI-driven security operations. Automated triage depends on reliable enrichment data, while analyst copilots and response engines need structured intelligence to avoid poor recommendations. Integrations such as the Criminal IP-ThreatQ link support that model by making intelligence available within the tools already used for investigation and response.
The arrangement also carries limits. External intelligence is only as valuable as its accuracy, timeliness and relevance to the organisation using it. Security teams still need governance over automated actions, validation of intelligence sources and alignment with internal risk priorities. Poorly tuned enrichment can add complexity if it floods workflows with low-value indicators or produces false confidence in automated scoring.
Topics
Technology