Building a Personalized InfoSec Feed with AI

Discover how I built a custom InfoSec feed using AI to prioritize cybersecurity risks relevant to my unique environment. My solution is self-hosted, automatically collects news from reputable sources, intelligently filters content by technologies like AWS and CrowdStrike, and employs a local AI model to produce summarized, actionable insights. This daily email digest delivers critical vulnerability alerts and recommendations to enable a more proactive security posture.

AI

Andrew Brosman

7/17/20254 min read

Staying on top of the security landscape is critical and filtering through news feeds, blogs, and vendor alerts everyday is inefficient and overwhelming. We have the extent of human knowledge at our fingertips but cutting through the noise still requires analysis, or at minimum AI hand-holding.

In thinking through this issue, like most issues at this point, one of the first thoughts is how AI can assist. This seemed like a great use case for building an AI tool to focus on the risks that are actually relevant to me. Sure there are dozens of threat intelligence feeds, vulnerability alerts, and zero-day disclosures, but I wanted an easy to implement tool that knows my environment and can help me start my day thinking about the top risks based on my environment.

So I built my own tool: a fully automated, self-hosted security news summarizer and email digest, for a tailored environment, as a proof of concept. It provides a fast, focused view of what matters each day.

The Requirements

I needed something that could:

  • Pull in fresh, credible infosec news relevant to technologies I use (e.g., AWS, Okta, CrowdStrike)

  • Summarize each issue clearly while flagging critical vulnerabilities and recommending actions I can take

  • Deliver it to my inbox daily in a clean, readable format

And I wanted all of this to run locally, at least to start, without depending on third-party APIs or services.

How It Works

The tool is a Python script that runs end-to-end on my machine. Here’s what it does:

1. Pulls Security News

It pulls from a handful of trusted sources via RSS, including:

  • CISA

  • BleepingComputer

  • Hacker News (filtered)

  • ThreatPost

  • Dark Reading

2. Filters for Relevance

It uses keyword matching to detect articles related to the specific technologies and concerns I care about—things like AWS, S3, IAM, ransomware, zero-days, supply chain compromises, and so on.

3. Generates Risk-Aware Summaries

For each article, the script uses a locally run language model (Ollama) to generate a short, structured summary. I pass in context about my environment—cloud providers, security tools, identity platforms—so the summaries are aware of which issues are most likely to affect me. Each summary includes:

  • A one-line overview

  • Systems or vendors affected

  • Risk level (High, Medium, Low)

  • Recommended action

This gives me clear, actionable insight instead of generic headlines.

4. Formats the Email

The summaries are compiled to include:

  • Article title, source, and publication date

  • A link to the full article

  • A collapsible section with the summary and recommendation

It’s designed to be skimmable, with the option to expand if I want more detail.

5. Sends the Digest by Email

The final digest is emailed to me each morning. The entire system is automated and private—no external AI services, no cloud dependencies. In the future I'll plan to run it from a local server to ensure scheduling works as expected.

Why I Run It Locally

I didn’t want to send details about my stack to external APIs. By running the language model locally, I keep full control of the data and don’t depend on third-party rate limits, pricing models, or outages. It does make the processing a little slower but that’s a small sacrifice for privacy. In its' current state I can't imaging wanting to broadcast the tools we're using to AI.

Tools and Stack

  • Python for scripting and automation

  • feedparser for ingesting RSS feeds

  • A local LLM backend (via Ollama)

  • smtplib for email

  • HTML and CSS for formatting the digest

What Else?

In addition to customizing the tool to better match your environment or using a corp-approved AI tool, there’s a lot of other ideas I had on how to mature the tool:

  • Weekly summaries in addition to daily digests

    • Weekly summaries could help close out your week with a longer timeframe summary

  • Agent-based workflows for future refinement

    • What if I could respond to the email with short-hand about risks that I’ve already addressed or that are no longer relevant? Using AI agents I should be able to create an agent that reads the email I send to it, a different one that determines a decision or change to code based on the email, and another that changes the logic for future iterations. Using these same workflows you should be able to easily swap our systems if for example you switch from Crowdstrike to SentinelOne. A key consideration here would be permissioning, if multiple people are relying on the feed we likely wouldn’t want them all to be able to modify this code

  • Deduplication and historical tracking

    • Ensure the news is never duplicated day after day by capturing a log of past entries and checking against them as part of execution

  • Risk scoring that integrates with internal tools

    • Use my own risk methodology to customize how the data is presented and prioritized

  • Slack or webhook integrations

    • Notify me or my team if something reaches beyond a risk threshold to get additional eyes on it

The Result

Every morning, I get a short, tailored report that tells me what matters, what’s urgent, and what I need to do about it. I can see this helping me stay proactive rather than reactive.

If you're dealing with information overload as a security leader, building something like this is well worth the effort.

Use it Yourself!

https://github.com/ACBrosman/AI_InfoSec_Feed



© 2025. All rights reserved.