LOGICAL LIMITATIONS OF AI MODELS IN THREAT INTELLIGENCE

This research evaluates how various LLMs respond to LockBit ransomware queries and other threat-intel prompts, cataloguing repeated problems such as hallucinated IOCs, incorrect source attribution, fake links, outdated information, and model poisoning risks; the author ran two test phases (mid‑2025 and Jan‑2026) across multiple models and concludes LLMs cannot be solely relied upon for threat hunting without rigorous cross-checking.