What is Babel?
Babel is an open, community-driven threat intelligence encyclopedia. It extracts structured intelligence from public security reports and organises it into a linked knowledge graph — so you can trace every actor, tool, and indicator back to the report it came from.
INFO
Babel is free for individual researchers, defenders, and analysts. It always will be. Community membership tiers are available on the Support page — contributions keep the platform free and independent.
Most threat intelligence exists as prose — blog posts, PDFs, advisories. Babel turns that prose into structured data: typed entities, confidence-labeled relationships, and enriched indicators, all linked to their source. Instead of reading twenty reports to understand who uses Cobalt Strike and what CVEs they exploit, you search once.
How it works
- A report URL is submitted — by a community member or via automated scanning of known sources.
- Babel fetches the report, extracts entities and relationships using LLM-based analysis.
- Extracted indicators are automatically enriched against VirusTotal, AbuseIPDB, Shodan, GreyNoise, ThreatFox, MalwareBazaar, and other sources — coverage varies by indicator type.
- New entities are merged with existing ones using alias matching and cross-type deduplication.
- Everything is linked back to the source report with a confidence label.
