EMET NEWS PRESS

Why does OSINT become an operational attack surface?

Open Source Intelligence was long understood as an intelligence discipline: collecting public information, verifying it, contextualising it and turning it into usable knowledge. Generative AI changes this function. Public information is no longer only analysed. It is translated into operational access patterns.

LinkedIn profiles, corporate websites, conference programmes, social media activity, procurement notices, press releases, leaked documents, satellite imagery, metadata and public registers form a usable map of institutional life. They reveal roles, responsibilities, projects, supplier relationships, communication patterns, travel movements, technical dependencies and trust relationships.

The security rupture does not lie in a new attack vector. It lies in the industrialisation of personalised exploitation. What previously required manual research, target knowledge and operational patience can now be automated, localised and repeated.

The formula is direct: OSINT + Generative AI = automated target profiling, personalised deception and scalable influence operations.

How does automated target profiling work?

Automated target profiling begins with public visibility. An employee profile shows function, seniority, network and field of expertise. A conference programme shows travel activity, institutional affiliation and professional interests. A company website shows suppliers, management, recruitment needs and strategic projects.

Generative AI can compress these fragments into usable profiles. It can identify who approves payments, who controls procurement, who manages infrastructure, who speaks for an organisation, who works under time pressure and who is publicly exposed.

The result is not generic research. It is structured access preparation. The target is no longer only an email address or a technical account. The target becomes a role inside an institutional routine.

For intelligence services, this means that target persons can be prioritised by access value, influence position, ideological susceptibility, professional pressure, public exposure or technical proximity to critical systems.

For military adversaries, this means that not only bases, commands or weapons systems become relevant. Civilian suppliers, IT service providers, logistics firms, research partners, energy providers and maintenance companies become part of the target architecture.

Why does personalised deception defeat classical awareness?

Classical awareness training relies on familiar warning signs: poor grammar, implausible tone, generic greetings, visible urgency or linguistic errors. Generative AI weakens this model.

A malicious message can now reproduce language, hierarchy, context and institutional style. It can refer to real projects, public appointments, known colleagues, recent announcements or sector-specific terminology. The deception works because it does not appear exceptional. It appears normal.

This is the decisive shift in spear-phishing. The attack does not become louder. It becomes quieter, cleaner and more plausible.

For defenders, this creates a detection gap. Users can no longer rely on linguistic flaws as warning signals. A message can be grammatically correct, contextually appropriate and still hostile.

From an intelligence perspective, this development is relevant because credible communication is the first step in many operations: approach, deception, source assessment, access acquisition, credential theft, legend maintenance and social proximity.

From a military perspective, it matters because attacks against logistics, procurement, defence production and troop support often do not begin with an exploit. They begin with a plausible message.

What is the strategic effect?

The strategic effect lies in the reduction of operational costs. Generative AI makes deception cheaper, faster, linguistically cleaner and psychologically more precise. It shifts advantage toward actors able to exploit open societies, visible institutions and digital routines.

For democracies, this increases pressure on trust, public discourse and decision-making capacity. Disinformation becomes not only mass-produced, but adaptive. Campaigns can identify emotional fault lines, localise narratives, deploy synthetic profiles and evaluate reactions in real time.

For military alliances, the risk extends beyond classical battlefields. Arms deliveries, sanctions, deployments, defence production, mobilisation, alliance cohesion and strategic endurance become target spaces for psychological and informational operations.

The strategic purpose is not necessarily persuasion. Often, trust degradation is sufficient: amplifying suspicion, delegitimising institutions, slowing decision-making and fragmenting political majorities.

What is the operational utility?

The operational utility lies in the connection between data collection, profiling, access preparation and effect. AI-enabled OSINT supports target development, HUMINT preparation, cyber access, sabotage preparation, supply-chain targeting and influence operations.

Intelligence services can segment target persons by function, access value and vulnerability. Open traces become operational profiles: Who has system access? Who decides on procurement? Who communicates with media? Who works in research, defence, energy, public administration or critical infrastructure?

Armed forces and hybrid actors can compress open signals into assessments of readiness, deployment, material shortages, industrial capacity, command structures, communication routes and protection gaps.

This creates an intermediate space between classical espionage and cyber operations. Not pure agent handling. Not a purely technical attack. Instead: automated preparatory intelligence for later intelligence, military or hybrid use.

What is the tactical application?

The tactical application lies in concrete access operations: spear-phishing, credential theft, fake profiles, deepfake audio, social engineering against suppliers, OPSEC violations and access to critical routines.

An attack can begin with an employee profile, continue through a credible message and end in a password prompt, file release, payment instruction or contact approach. Technical compromise is then not the first step. It is the consequence of precise social preparation.

In the military environment, this logic reaches into the supply chain. Reservists, civilian employees, contractors, base infrastructure, IT providers, maintenance companies, defence suppliers, logistics partners and family environments of exposed personnel all generate exploitable traces.

For sabotage, the sequence is the same. OSINT provides the target surface. Generative AI compresses operator structures, personnel roles, supplier relationships and communication routes. Cyber or HUMINT operations generate access. Sabotage exploits the prepared access.

Why is the threat not only a cybersecurity problem?

The real target is not only a system. It is trust.

AI-enabled OSINT attacks exploit the way organisations function: approvals, invoices, applications, media contacts, executive instructions, supplier communication, research cooperation and political coordination. These are not purely technical processes. They are human and institutional routines.

A technically well-secured organisation can remain vulnerable if its public footprint reveals too much about internal roles, relationships and decision pathways.

The vulnerable points often sit outside the IT department: communications teams, assistants, HR units, research staff, local administrations, editorial offices, campaign headquarters, civil-society organisations and service providers.

For military security, this is central. Modern defence capability does not depend only on armed forces. It also depends on civilian inputs: software, sensors, logistics, energy, telecommunications, transport, precision manufacturing, maintenance and research.

How does Generative AI scale influence operations?

Generative AI lowers the cost of fake profiles, synthetic comments, fabricated images, deepfake audio, localised narratives and seemingly authentic citizen voices.

Disinformation becomes adaptive. A campaign no longer depends on one central false narrative. It can test variants, adapt language to regional audiences and imitate the tone of real communities.

The strategic effect is not only volume. It is responsiveness. Synthetic content can absorb public reactions, amplify outrage, feed polarisation and simulate consensus.

For intelligence services and military actors, this creates a scalable instrument for psychological operations, destabilisation, mobilisation inhibition, trust degradation and political pressure.

When citizens can no longer distinguish whether they are interacting with genuine actors, organised campaigns or synthetic identities, trust itself becomes the operational environment.

Why is democracy vulnerable to automated manipulation?

Democracies generate the very conditions that hostile actors exploit: openness, accountability, visible institutions, active media, electoral competition and pluralistic debate.

These features are not weaknesses. They are the operating system of democratic life. But they create a large public data surface.

Generative AI can use this surface to identify emotional fault lines, generate audience-specific messages and distribute content at high speed. Political narratives can be localised by region, language, milieu, party affinity or cultural conflict.

The deeper danger is epistemic exhaustion. Citizens lose confidence in their ability to verify what is real, who is speaking and why a narrative is circulating.

From an intelligence perspective, this effect is usable. An adversary does not need to convince an entire society. It is enough to slow decision-making, damage institutions and fragment majorities behind security policy.

Why are institutions structurally exposed?

Institutions publish information because they must be reachable, accountable and transparent. Employee profiles, project pages, annual reports, tenders, social media posts and event announcements serve legitimate purposes.

The same information can be operationalised. A procurement officer becomes a payment target. A researcher becomes an intelligence access point. A press office becomes a channel for influence. A local official becomes an entry point into a larger administrative system.

The most exposed organisations are often not the largest. Small and medium-sized companies, municipalities, universities, NGOs, parties, media outlets and schools often hold sensitive access but lack mature security architecture.

This is where high technical relevance and limited security architecture converge. An adversary does not need to compromise the defence ministry if a supplier, service provider or research partner is easier to reach.

Why is technical detection no longer enough? 

Detection remains necessary. It is no longer sufficient.

Synthetic content, AI-generated messages and context-aware phishing reduce the value of external warning signs. The question is no longer only whether a message looks suspicious. The question is whether origin, authority and requested action are verifiable.

The defensive model must shift from content inspection to provenance, process hardening and data minimisation.

For media, politics and public institutions, provenance assurance becomes central. Images, audio, video and documents need traceable origin chains. Standards such as C2PA and Content Credentials are not cosmetic transparency tools. They belong to future democratic infrastructure.

For organisations, data minimisation is the second defensive line. Publicly visible information must be checked for unnecessary exposure: direct contact chains, internal responsibilities, supplier dependencies, travel routines, project timelines and procedural details.

Critical approvals, payments, password resets and executive instructions require out-of-band verification. If an instruction arrives by email, confirmation must use a separate trusted channel.

Passwords, SMS codes and weak multi-factor procedures are no longer sufficient against credential theft, social engineering and session hijacking. Required are phishing-resistant methods, strict role validation and robust verification routines.

What must organisations do now?

Every institution needs an OSINT exposure audit. It must identify what an attacker can learn without breaching anything: names, roles, contact patterns, projects, suppliers, software environments, leadership structures, public routines and emotional pressure points.

Public communication must be reduced where it creates unnecessary operational exposure. Transparency must remain intact. Procedural intelligence must not.

Security teams must map human workflows, not only technical systems. Payment approvals, application processes, press work, research cooperation, supplier onboarding and executive communication are attackable processes.

For military and security-adjacent organisations, Operations Security must extend to civilian interfaces. Not only soldiers, officials or administrators generate exploitable traces. Suppliers, family members, external service providers, project partners and event organisers may also publish target-relevant information unintentionally.

For editorial organisations, provenance standards belong in the workflow: source retention, document verification, synthetic-media checks, chain-of-custody notes and transparent correction mechanisms.

What is the strategic assessment?

Generative AI does not replace cyber operations, espionage, sabotage or disinformation. It industrialises them.The strategic risk lies in the conversion of open information into automated operational effect. Public data becomes profiling material. Profiling enables personalised deception. Personalised deception scales into cyber intrusion, fraud, intelligence approach, influence and institutional disruption.For military actors, this creates accelerated access to target environments. For intelligence services, it creates a scalable preparatory instrument. For democracies, it creates a structural vulnerability in their open information order.This makes Threat Automation one of the defining OSINT security issues of 2026. It is geographically universal, operationally scalable and politically consequential.The decisive question for open societies is not whether visibility can be abolished. It cannot. The question is whether visibility, trust and digital functionality can be preserved without turning public information environments into automated attack surfaces.

Reference:

Microsoft Digital Defense Report 2025
microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025
Used for: AI-automated phishing, multi-stage attack chains, attacker adaptation, scaling of cyber operations and the changing defensive requirements for organisations.

Microsoft Security Insider — Microsoft Digital Defense Report 2025
microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025
Used for: AI use in phishing, intrusion automation, threat actor adaptation, secure-by-default requirements and the operational pressure created by automated attack chains.

OpenAI — Disrupting malicious uses of AI: October 2025
openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025
Used for: documented malicious AI use in scams, cyber activity, influence operations and the broader pattern that threat actors use AI to accelerate existing operational playbooks.

ENISA Threat Landscape 2025
enisa.europa.eu/publications/enisa-threat-landscape-2025
Used for: AI-supported phishing, the European cyber threat environment, social engineering trends and the role of AI in the 2024/2025 threat landscape.

Google Threat Intelligence Group — Threat actors misuse AI to enhance operations
blog.google/innovation-and-ai/technology/safety-security/google-threat-intelligence-group-report-ai-november-2025
Used for: adversarial AI use by threat actors, integration of AI into malicious workflows, acceleration of reconnaissance, phishing and operational support functions.

Mandiant / Google Cloud — AI Risk and Resilience
cloud.google.com/security/resources/ai-risk-and-resilience
Used for: transition from experimental AI misuse to operational integration, agentic workflows, AI risk management and defensive resilience requirements.

Context-Aware Spear Phishing: Generative AI-Enabled Attacks Against Individuals via Public Social Media Data

arxiv.org/abs/2605.11268
Used for: scientific evidence on the automated generation of personalised spear-phishing messages from public social-media data and the operational impact of context-aware deception.

The Verification Crisis: Expert Perceptions of GenAI Disinformation and the Case for Reproducible Provenance
arxiv.org/abs/2602.02100
Used for: GenAI-enabled disinformation, synthetic consensus, epistemic fragmentation, limits of detection-only approaches and the need for reproducible provenance.

C2PA — Coalition for Content Provenance and Authenticity
c2pa.org
Used for: cryptographic provenance standards, Content Credentials, origin verification for digital media and the relevance of provenance infrastructure for democratic information security.

IFES — Speech and Elections
ifes.org/publications/speech-and-elections
Used for: generative AI in election environments, political communication, democratic integrity, information resilience and risks to electoral trust.

World Economic Forum — How cognitive manipulation and AI will shape disinformation in 2026
weforum.org/stories/2026/03/how-cognitive-manipulation-and-ai-will-shape-disinformation-in-2026
Used as a context source for: AI-enabled disinformation, synthetic media, psychological profiling, emotional triggers and democratic stability.

Glossary

AI-Enabled OSINT
The use of artificial intelligence to collect, correlate and operationalise publicly available information for intelligence, cyber, influence or security purposes.

Automated Target Profiling
The machine-assisted process of turning open data into structured profiles of individuals, organisations, roles, vulnerabilities and access points.

C2PA
The Coalition for Content Provenance and Authenticity, a standard-setting initiative for cryptographic provenance and origin verification of digital media.

Content Credentials
Metadata-based provenance information that can show how an image, video, audio file or document was created, edited or authenticated.

Credential Theft
The theft of passwords, authentication tokens, session cookies or other access data used to enter protected systems or accounts.

Cyber Access
Initial or persistent entry into a digital system, account, device or network, often used for espionage, data theft, disruption or later sabotage preparation.

Data Minimisation
The reduction of publicly available or internally stored information to what is necessary, in order to limit exposure to profiling, targeting and misuse.

Deepfake Audio
AI-generated or AI-manipulated voice content that imitates a real person and can be used for fraud, impersonation, influence operations or deception.

Disinformation
False or misleading information deliberately created or spread to manipulate perception, damage trust or influence political, social or operational outcomes.

Epistemic Exhaustion
A state in which people lose confidence in their ability to distinguish truth from manipulation, because the information environment becomes overloaded, contested or synthetic.

Generative AI
Artificial intelligence systems that produce text, images, audio, video, code or other outputs based on learned patterns and user prompts.

HUMINT
Human Intelligence. Intelligence gathered through human sources, personal access, recruitment, contact handling, observation or covert relationships.

Influence Operations
Coordinated activities designed to shape perceptions, decisions, emotions or political behaviour in a target audience.

Initial Access
The first successful entry into a target system, account, network or organisational process.

Institutional Exposure
The vulnerability created when an organisation publicly reveals roles, routines, contacts, suppliers, projects or decision pathways that can be exploited.

Legend-Building
The creation of a credible cover identity, background story or operational persona used in espionage, fraud, influence or social engineering.

OSINT
Open Source Intelligence. Intelligence derived from publicly available sources, including websites, social media, public records, satellite imagery, databases, media reports and metadata.

OSINT Exposure Audit
A systematic review of what an adversary can learn about an organisation or person from publicly accessible information without breaching any system.

Out-of-Band Verification
Confirmation of a request through a separate trusted channel, such as verifying an email instruction by phone, secure messenger or in-person contact.

Personalised Deception
A targeted deception method that uses details about a person, organisation or context to make a malicious message or interaction appear legitimate.

Phishing-Resistant Authentication
Authentication methods designed to resist credential theft and social engineering, such as hardware security keys or passkeys.

Pre-Positioning
The preparation of access, infrastructure or influence before an operation, often used for later cyber disruption, sabotage or intelligence activity.

Provenance
Verifiable information about the origin, authorship, creation history and modification chain of digital content.

Psychological Operations
Activities intended to influence emotions, perceptions, morale or behaviour of a target audience, often in military or intelligence contexts.

Sabotage Preparation
Reconnaissance, access generation, logistics, target selection or technical preparation conducted before a disruptive or destructive operation.

Scalable Influence Operations
Influence activity that can be expanded rapidly across audiences, languages, platforms or narratives through automation and synthetic content.

Social Engineering
The manipulation of people into taking actions or revealing information by exploiting trust, authority, urgency or familiarity.

Spear-Phishing
A targeted phishing attack tailored to a specific person, role or organisation, often using contextual information to increase credibility.

Supply-Chain Targeting
The targeting of suppliers, vendors, subcontractors or service providers to gain indirect access to a more protected organisation or system.

Synthetic Identity
A fabricated or AI-enhanced identity used to impersonate a person, create credibility or support deception and influence operations.

Target Development
The process of identifying, assessing and prioritising people, systems, organisations or infrastructure for intelligence, cyber, military or influence operations.

Threat Automation
The use of automation, including AI, to accelerate reconnaissance, profiling, deception, intrusion, influence or other hostile activities.

Glossary

AI-Enabled OSINT
The use of artificial intelligence to collect, correlate and operationalise publicly available information for intelligence, cyber, influence or security purposes.

Automated Target Profiling
The machine-assisted process of turning open data into structured profiles of individuals, organisations, roles, vulnerabilities and access points.

C2PA
The Coalition for Content Provenance and Authenticity, a standard-setting initiative for cryptographic provenance and origin verification of digital media.

Content Credentials
Metadata-based provenance information that can show how an image, video, audio file or document was created, edited or authenticated.

Credential Theft
The theft of passwords, authentication tokens, session cookies or other access data used to enter protected systems or accounts.

Cyber Access
Initial or persistent entry into a digital system, account, device or network, often used for espionage, data theft, disruption or later sabotage preparation.

Data Minimisation
The reduction of publicly available or internally stored information to what is necessary, in order to limit exposure to profiling, targeting and misuse.

Deepfake Audio
AI-generated or AI-manipulated voice content that imitates a real person and can be used for fraud, impersonation, influence operations or deception.

Disinformation
False or misleading information deliberately created or spread to manipulate perception, damage trust or influence political, social or operational outcomes.

Epistemic Exhaustion
A state in which people lose confidence in their ability to distinguish truth from manipulation, because the information environment becomes overloaded, contested or synthetic.

Generative AI
Artificial intelligence systems that produce text, images, audio, video, code or other outputs based on learned patterns and user prompts.

HUMINT
Human Intelligence. Intelligence gathered through human sources, personal access, recruitment, contact handling, observation or covert relationships.

Influence Operations
Coordinated activities designed to shape perceptions, decisions, emotions or political behaviour in a target audience.

Initial Access
The first successful entry into a target system, account, network or organisational process.

Institutional Exposure
The vulnerability created when an organisation publicly reveals roles, routines, contacts, suppliers, projects or decision pathways that can be exploited.

Legend-Building
The creation of a credible cover identity, background story or operational persona used in espionage, fraud, influence or social engineering.

OSINT
Open Source Intelligence. Intelligence derived from publicly available sources, including websites, social media, public records, satellite imagery, databases, media reports and metadata.

OSINT Exposure Audit
A systematic review of what an adversary can learn about an organisation or person from publicly accessible information without breaching any system.

Out-of-Band Verification
Confirmation of a request through a separate trusted channel, such as verifying an email instruction by phone, secure messenger or in-person contact.

Personalised Deception
A targeted deception method that uses details about a person, organisation or context to make a malicious message or interaction appear legitimate.

Phishing-Resistant Authentication
Authentication methods designed to resist credential theft and social engineering, such as hardware security keys or passkeys.

Pre-Positioning
The preparation of access, infrastructure or influence before an operation, often used for later cyber disruption, sabotage or intelligence activity.

Provenance
Verifiable information about the origin, authorship, creation history and modification chain of digital content.

Psychological Operations
Activities intended to influence emotions, perceptions, morale or behaviour of a target audience, often in military or intelligence contexts.

Sabotage Preparation
Reconnaissance, access generation, logistics, target selection or technical preparation conducted before a disruptive or destructive operation.

Scalable Influence Operations
Influence activity that can be expanded rapidly across audiences, languages, platforms or narratives through automation and synthetic content.

Social Engineering
The manipulation of people into taking actions or revealing information by exploiting trust, authority, urgency or familiarity.

Spear-Phishing
A targeted phishing attack tailored to a specific person, role or organisation, often using contextual information to increase credibility.

Supply-Chain Targeting
The targeting of suppliers, vendors, subcontractors or service providers to gain indirect access to a more protected organisation or system.

Synthetic Identity
A fabricated or AI-enhanced identity used to impersonate a person, create credibility or support deception and influence operations.

Target Development
The process of identifying, assessing and prioritising people, systems, organisations or infrastructure for intelligence, cyber, military or influence operations.

Threat Automation
The use of automation, including AI, to accelerate reconnaissance, profiling, deception, intrusion, influence or other hostile activities.