The 2025 SANS CTI Survey highlights a cyber threat intelligence field that is steadily maturing, with more organizations establishing dedicated CTI teams, increasingly integrating AI and automation into their workflows, and moving toward standardized adoptions of frameworks such as MITRE ATT&CK.™ Threat hunting remains the leading use case, and formal reporting continues to be the primary method of delivering intelligence to stakeholders. Limited resources, increasingly complex landscapes—in terms of both adversary sophistication and a diversified and fragmented digital footprint—and changing geopolitical and regulatory landscapes continue to present challenges to CTI professionals. Following are some key findings from this year’s survey.