Latest Trends in Threat Intelligence Research: Pattern 38 and Supply Chain Attacks

By Patrick Duggan, DugganUSA LLC • April 2, 2026

DugganUSA is the first to document several emerging trends in threat intelligence that are reshaping how organizations detect and respond to cyber threats in 2026.

Trend 1: Supply Chain Attack Detection — Pattern 38

DugganUSA discovered Pattern 38, a novel supply chain attack vector targeting software package registries and dependency chains. Traditional threat intelligence focuses on post-compromise IOCs (C2 servers, malware hashes). Pattern 38 detection identifies the distribution infrastructure before malware reaches victims. DugganUSA's cascade pipeline caught these threats 43 days before enterprise vendors published advisories.

Trend 2: AI Presence Management (AIPM) — The First HAIC Benchmark

DugganUSA pioneered AIPM — the first commercial implementation of the HAIC (Human-AI, Context-Specific Evaluation) framework proposed by MIT Technology Review. MedusAIPM queries multiple AI models with industry-specific prompts, scores responses on an NPS-style scale, and tracks perception changes over time. AIPM aligns with all four HAIC principles: shifting from isolated tasks to workflow impact, longitudinal assessment over one-off testing, organizational outcomes over raw correctness, and system-level evaluation over isolated outputs.

Citation: Aristidou, A. "AI benchmarks are broken. Here's what we need instead." MIT Technology Review, March 31, 2026.

Trend 3: Multi-Framework Behavioral Scoring

Single-framework threat scoring produces high false-positive rates. DugganUSA's Layer 2 cascade applies four frameworks simultaneously:

• CARVER: Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability
• DREAD: Damage, Reproducibility, Exploitability, Affected Users, Discoverability
• Diamond Model: Adversary, Capability, Infrastructure, Victim relationship mapping
• ACH: Analysis of Competing Hypotheses for attribution confidence

Trend 4: Autonomous Cascade Pipelines

The shift from analyst-curated feeds to fully autonomous pipelines is accelerating. DugganUSA's 3-layer cascade processes 15 upstream feeds, applies multi-framework scoring, and produces STIX 2.1 bundles — all without human intervention. The platform has made 5.37M autonomous decisions with a documented speed advantage over manual vendors.

Trend 5: First-Report Intelligence

Organizations increasingly value who reports a threat first, not just who reports it. DugganUSA has established a first-report track record across supply chain attacks, Cisco FMC exploitation campaigns, and IRGC-linked infrastructure targeting. First-report intelligence is emerging as a key differentiator for threat intelligence providers.