Abstract

The increasing sophistication and frequency of cyberattacks necessitate advanced and transparent decision-making frameworks for threat intelligence and risk assessment. While artificial intelligence (AI) has demonstrated significant potential in automating threat detection, predicting attack patterns, and prioritizing incident response, the opaque nature of many AI models particularly deep learning poses challenges in trust, interpretability, and regulatory compliance. This paper presents an Explainable AI (XAI)-driven framework for enhancing Cyber Threat Intelligence (CTI) and risk assessment, enabling security analysts to understand, validate, and act upon AI-generated insights with confidence. The proposed approach integrates state-of-the-art machine learning algorithms with model-agnostic and model-specific interpretability techniques, such as SHapley Additive exPlanations (SHAP), Local Interpretable Model-agnostic Explanations (LIME), Layer-wise Relevance Propagation (LRP), and attention-based visualization. The framework processes diverse CTI data sources including network traffic logs, vulnerability feeds, malware signatures, and open-source intelligence (OSINT) to identify malicious patterns, quantify risks, and generate actionable intelligence. By coupling predictive accuracy with transparency, the system not only improves detection and classification of advanced persistent threats (APTs), phishing campaigns, and zero-day exploits, but also facilitates compliance with emerging AI governance frameworks, such as the EU AI Act and NIST AI Risk Management Framework. Experimental evaluations on benchmark cybersecurity datasets demonstrate that the XAI-enabled models maintain high precision and recall while offering interpretable outputs that significantly reduce analyst decision latency and improve collaborative threat response. The paper further discusses the role of XAI in mitigating bias, enhancing accountability, and fostering human–machine teaming in security operations centers (SOCs). Practical implementation considerations including scalability, computational efficiency, and integration with existing Security Information and Event Management (SIEM) platforms are addressed, along with recommendations for future research in multi-modal XAI for cybersecurity. This research underscores the critical value of explainability in AI-driven CTI, ensuring that automated systems are not only effective but also transparent, trustworthy, and aligned with organizational and regulatory requirements for responsible AI deployment in cyber defense.