Intermediate AI Lab

Build an Automated Threat Intel Scraper

Combine Python web scraping with the OpenAI API to automatically read, summarize, and alert you to breaking cybersecurity threats.

The Objective

Security Operations Center (SOC) analysts at firms like SecureT have to read dozens of security blogs daily to stay ahead of zero-day vulnerabilities. Doing this manually is inefficient.

In this lab, you will write a Python script that:

  1. Scrapes the latest headlines from a cybersecurity news feed.
  2. Sends the text to an AI model (like OpenAI's GPT).
  3. Asks the AI to generate a 2-sentence executive summary of the threat.

Step 1: Install the Arsenal

Before writing the code, open your terminal and install the required Python libraries. We need `requests` to pull the web page, `BeautifulSoup` to parse the HTML, and `openai` to talk to the AI.

pip install requests beautifulsoup4 openai

Step 2: The Code Injection

Create a file named threat_intel.py and paste the following code. Note: You will need a free API key from OpenAI for this to work.

import requests
from bs4 import BeautifulSoup
import openai

# 1. Initialize your AI
openai.api_key = "YOUR_OPENAI_API_KEY_HERE"

# 2. Target the data source (Example: A hacker news feed)
target_url = "https://thehackernews.com/"
print(f"[*] Initiating scrape on {target_url}...")

response = requests.get(target_url)
soup = BeautifulSoup(response.text, 'html.parser')

# 3. Extract the top headline and summary text
top_story = soup.find('h2', class_='home-title').text
story_desc = soup.find('div', class_='home-desc').text

print(f"\n[RAW DATA CAUGHT] {top_story}")

# 4. Feed it to the AI for analysis
print("\n[*] Sending to AI for Threat Analysis...")
ai_response = openai.ChatCompletion.create(
    model="gpt-3.5-turbo",
    messages=[
        {"role": "system", "content": "You are an elite SecureT cybersecurity analyst. Summarize this threat in exactly two sentences."},
        {"role": "user", "content": story_desc}
    ]
)

# 5. Output the Executive Summary
print(f"\n[AI THREAT BRIEFING]\n{ai_response.choices[0].message.content}\n")

Step 3: Enterprise Architecture & Deployment

Running a script on your laptop is great for practice, but in an enterprise environment, this needs to run autonomously 24/7. When designing cloud architectures for professional deployments, you want to move away from local machines and leverage serverless compute.

A highly efficient way to deploy this would be wrapping the Python script in a Docker container and deploying it to Google Cloud Run. You can then use Google Cloud Scheduler (a fully managed cron job service) to trigger the scraper every morning at 6:00 AM.

To secure the architecture, you would assign a custom Service Account with the Principle of Least Privilege, ensuring the Cloud Run instance only has permission to execute and write logs to Cloud Logging, preventing lateral movement if the container is compromised. Storing the OpenAI API key securely in Google Cloud Secret Manager, rather than hardcoding it into the script, is also a critical architectural best practice for professional cloud deployments.