Skip to main content
  1. Tags/

Threat Intelligence

Before the Threat Hunt: Enriching the Section 1260H Software List with AI

TL;DR # The U.S. Department of Defense publishes a list, under Section 1260H, of companies it has identified as Chinese military companies operating in the United States. I wanted to turn that roster of corporate names into something a defender can use: an inventory of the software those companies publish, and a way to find it on a Windows machine. This is enrichment work. It is the step before a threat hunt, not the hunt itself. I ran it twice. The first pass, with Microsoft Copilot, produced an analysis that looked right and a dataset that was empty. The second pass, with Claude Code, produced a dataset that was disciplined and mostly unverifiable. What shipped is smaller and honest: a sourced catalog of companies and their software, and a simple PowerShell script that gives you a place to start. The other cost was time. The fast start turned into a long slog dragging the work back to something trustworthy, and the lesson I am keeping is about managing that time, not the tools. The result is on GitHub.