The Ascendant Role of Artificial Intelligence in Publicly-Available Intelligence

AndyC 4 July 2024

July 03, 2024The Hacker NewsOSINT / AI

Recently, the Office of the Director of National Intelligence (ODNI) revealed a fresh tactic for publicly-available intelligence (OSINT) and identified OSINT as the “INT of first resort.

The Emerging Role of AI in Open-Source Intelligence

July 03, 2024The Hacker NewsOSINT / AI

The Emerging Role of AI in Open-Source Intelligence

Recently, the Office of the Director of National Intelligence (ODNI) revealed a fresh tactic for publicly-available intelligence (OSINT) and identified OSINT as the “INT of first resort.” Both public and private sector entities are recognizing the importance the field can bring but are also encountering that the rapid expansion of digital data in recent times has inundated many traditional OSINT techniques. Thankfully, Artificial Intelligence (AI) and Machine Learning (ML) are commencing to generate a revolutionary impact on the future of information acquisition and examination.

Defining Publicly-Available Intelligence (OSINT)

Publicly-Available Intelligence pertains to the accumulation and evaluation of information from openly accessible resources. These resources may comprise conventional media, social media networks, scholarly publications, official reports, and any other data that is publicly reachable. The primary feature of OSINT is that it does not incorporate secret or covert techniques of information gathering like human intelligence or social manipulation. If I once could have obtained data during my tenure with the U.S. Government but am now unable to do so as a civilian, that does not qualify as OSINT.

Traditionally, OSINT has been a labor-intensive procedure involving several pivotal phases:

  1. Source Identification: Analysts establish which public sources are likely to hold pertinent information.
  2. Data Gathering: Information is collected from these sources, frequently through manual searches or web scraping utilities.
  3. Data Processing: The gathered information is arranged and formatted for analysis.
  4. Examination: Proficient analysts study the data to pinpoint patterns, trends, and insights.
  5. Summarization: Discoveries are consolidated into reports for decision-makers to enable more informed decisions.

Although effective, this methodology encounters constraints due to the sheer abundance of information available. Human analysts grapple with manually processing everything, and valuable insights may be concealed in intricate patterns that are challenging for humans to discern. This is where AI/ML can yield a significant advantage in how information can be collected, processed, and scrutinized, thereby liberating the human analyst to concentrate on tasks they are particularly adept at, such as furnishing context. Additionally, this transition often enhances morale as humans spend less time on routine processing activities and more time analyzing and scrutinizing information.

Areas where AI/ML can yield immediate advantages encompass:

  • Managing Extensive Data Quantities: AI systems can manage and scrutinize vast amounts of data at speeds surpassing human capacities. This enables OSINT practitioners to cast a substantially wider net than previously feasible and still manage the outcomes.
  • Real-time Scrutiny: The current digital world is inundated with data flow. AI-driven OSINT tools can track and evaluate data streams in real-time, supplying up-to-the-minute intelligence and facilitating prompt responses to emergent circumstances.
  • Multi-lingual and Multi-modal Analysis: AI can surmount language barriers by converting and analyzing content in numerous languages simultaneously. Furthermore, it can handle various data variants – text, images, audio, and video – in a unified manner, providing a more comprehensive intelligence mosaic. Numerous of these capabilities such as OpenAI’s Whisper can be engaged offline, thus eliminating any suspicions concerning operational security (OPSEC).
  • Anticipatory Analytics: Through scrutinizing historical data and current trends, AI can help forecast future events or behaviors, adding a proactive aspect to OSINT.
  • Streamlining Routine Duties: AI can help automate many time-consuming elements of OSINT, like data accumulation and preliminary filtration, freeing human analysts to concentrate on elevated-level analysis and decision-making. Tasks that were previously very intricate if not impossible to execute, such as precise sentiment analysis, are now simplistic.

At SANS Network Security, the SEC497 Practical OSINT course and the SEC587 Advanced OSINT course will furnish students with hands-on exposure utilizing these AI capabilities to not only enhance productivity but also unearth new opportunities.

While no technology is flawless, and we must weigh the potential repercussions that a hallucination might induce before we adopt AI, essential technologies presently employed for OSINT include:

  1. Natural Language Processing (NLP): NLP enables machines to comprehend, interpret, and generate human language. In OSINT, NLP is critical for:
    • Sentiment evaluation of social media posts
    • Entity recognition to pinpoint individuals, organizations, and locations in text
    • Topic classification to categorize extensive volumes of text data
    • Machine translation for multilingual intelligence gathering
  2. Computer Vision: This technology empowers machines to interpret and analyze visual information. In OSINT, computer vision is utilized for:
    • Facial recognition in images and videos
    • Facial comparisons to establish if the same individual is featured in multiple images
    • Object detection in visuals
    • Optical character recognition (OCR) to extract text from images
    • Scene comprehension in video footage
  3. Machine Learning and Data Mining: How many times have you heard “those who don’t know history are doomed to repeat it”? Machine Learning epitomizes that concept as it enables systems to learn from data and enhance their performance over time. In OSINT, they are utilized for:
    • Predictive analytics for forecasting trends or events
    • Anomaly detection to recognize unusual patterns or behaviors
    • Grouping and classification of data for simplified analysis
    • Network analysis to comprehend associations between entities

I have been involved in OSINT for nearly two decades, and this is unequivocally the most dynamic and thrilling period I have witnessed with burgeoning advancements in the realm transpiring practically every day. If you’ll be attending Network Security in Las Vegas this September, I eagerly anticipate discussing how this capability can enhance our efficacy and efficiency today, as well as what we can anticipate in the days ahead.

Not yet registered for SANS Network Security? Explore this page to uncover all that lies ahead!

Note: This article is expertly written by Matt Edmondson, a SANS Principal Instructor and Principal at Argelius Labs, with a decade of professional OSINT experience.

Viewed this article intriguing? This article is a contributed piece from one of our esteemed partners. Follow us on Twitter and LinkedIn to peruse more exclusive content we share.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025

You may have missed

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

AndyC 20 December 2025
Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

AndyC 20 December 2025

Microsoft 365 accounts targeted in wave of OAuth phishing attacks

AndyC 20 December 2025
State-linked and criminal hackers use device code phishing against M365 users

State-linked and criminal hackers use device code phishing against M365 users

AndyC 20 December 2025
Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

Three ways teams can tackle Iran’s tangled web of state-sponsored espionage

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.