Introduction
The term Open-Source Intelligence (OSINT) is used (and abused) widely today. Scores of individuals profess to be ‘OSINT experts’ on social media, and post a combination of technical and geo-located information on certain military platforms or formations along with their subjective opinion. Analyses by ‘OSINT communities’ on the Web frequently enter policy- and decision-making chains without adequate verification. What constitutes OSINT, and how porous are the boundaries between open-source, paywalled, leaked, exfiltrated, and laundered information? How is OSINT different from open-source information (OSINF)? Does OSINT enhance or disrupt the existing intelligence-to-operations cycle? What role does OSINT play in conventional and grey-zone operations, and in the cognitive domain? What are the implications for militaries? This paper argues that the boundary between open source and classified is not as rigid as is assumed, and that open source is an epistemological construct, i.e., a product of institutional, technological, and political choices, with consequent implications for militaries.
Epistemic Nuances
In 2011, the Ministry of Defence of the United Kingdom described OSINT as “intelligence derived from publicly available information that has limited public distribution or access”. The British National Police Chiefs Council (NPCC) defined open source as “the collection, evaluation and analysis of materials from sources available to the public, whether on payment or otherwise to use as intelligence or evidence within investigation”. The Central Intelligence Agency (CIA) of the United States identifies the ‘open sources’ of information: the Internet, mass media, specialized journals, conference proceedings, photography, commercial imagery, and geospatial intelligence.
All these definitions are state-centric and pre-social media, and assume that ‘publicly available’ is a static and rigid category. They also define OSINT in terms of sources rather than purpose, and collapse a critical operational distinction—that there is a difference between information, which is collected and collated, and intelligence, which is collected, validated, and applied for a specific requirement. It is this tension—of purpose and access—that has prevented a coherent definition of OSINT from emerging.
This paper proposes the following working definition of OSINT: it is the systematic collection, validation, and exploitation of publicly available data and information, conducted against an operationally derived requirement, to produce intelligence that informs or enables decision-making and action.
The requirement may be transient and classified, even when the sources used to satisfy it are not. In military and national security contexts, OSINT forms part of all-source intelligence, and can support conventional and grey-zone operations, as well as operations in the cognitive domain.
The shifting nature of open source poses a fundamental challenge. Eliot Higgins, the founder of Bellingcat, excludes sites such as Wikileaks and even paywalled content from the ambit of open source. He argues that leaked classified material is controlled by the leaker, and personal ideologies often play a part in what is revealed and what is not. Leaked classified documents or records appear on select servers, and are sometimes part of information laundering operations by intelligence agencies. Some believe that any content with a price tag lies outside the ambit of open source. But the proliferation of individually subscribed newsletters such as Substack, and the monetization of exclusive content by individual handles on platforms such as X, Meta, and Instagram dissolves this distinction. Even databases such as personal financial records and vehicle registration numbers, previously considered to be within the reach of law enforcement agencies (LEAs), are now visible to anyone on the Dark Web with access to digital or cryptocurrency. There is, therefore, a considerable gap between the variety of available OSINF and the absorption capacity of organizations that seek to leverage it as OSINT.
In terms of the impact on the intelligence cycle, i.e., direction-collection-collation/ processing-exploitation-analysis/ production-dissemination-feedback, OSINT is generally seen as divided into generations, with the first focused on collection and the second on exploitation and analysis. There is arguably a third generation that imagines artificial intelligence (AI) and machine learning (ML) integrated across all stages of the intelligence cycle. AI-augmented OSINT is seen as a bridge between fluid and crystallized intelligence—the former representing pattern detection and abstraction in novel situations, and the latter the application of templates learned through experience.
A number of individuals and organizations are involved in piecing together domain-specific information and analyses that offer novel perspectives on adversary capability, disposition, and intent. Cross-platform analyses and pattern-making are enabled by the increasing datafication of individuals, routines, equipment and habits. What can be converted to data is being converted. This implies that multiple aspects of the same entity are disaggregated, logged, and analyzed across fields. For instance, as a Carrier Battle Group (CBG) transits a maritime body, marine trackers will attempt to identify the ship’s tonnage, ownership, class and route using AIS data and commercial satellite imagery, ORBAT analysts can guess its probable mission by matching hull markings and unit insignia with known deployment patterns, and aviation trackers can identify the sortie profile using Automatic Dependent Surveillance-Broadcast (ADS-B) transponder emissions. Each OSINF community can produce a narrow, partial and specialized picture of the vessel, but integrating them into a composite assessment that informs an operational plan is the process that converts OSINF into OSINT.
A taxonomy of the OSINF available online is, therefore, required. A five-tier classification of OSINF based on its amenability to conversion to OSINT is as follows.
- Tier 1 are professional OSINF collators such as Jane’s, Military Balance by the International Institute for Strategic Studies (IISS), and daily conflict updates published by the Institute for the Study of War (ISW) and Critical Threats Project. These hew close to the institutionally gated variety, i.e., not gated yet not universally accessible. These collators themselves depend heavily on open sources such as procurement records, defence white papers, national budgets, equipment specifications, commercial satellite imagery, diplomatic reporting, secondary academic literature, geolocated social media, and Telegram channels. These are meant for establishing orders of battles (ORBATs) of forces of specific countries and monitoring doctrine and weapons development but are not of short-term operational value.
- Tier 2 consists of investigative OSINT organisations such as Bellingcat, DFRLab by the Atlantic Council, Centre for Information Resilience, and DisInfo Lab. For these outfits, the primary data are social media posts, videos, commercial satellite imagery, geolocation, ship AIS data, flight ADS-B transponder data, leaked telecom and travel records, Telegram network analyses, influence operation databases, acoustic analyses, architectural spatial modelling, and witness testimonies. Their reports are extensive, generally follow the verification chain, and can be used for corroborating inputs or receiving novel perspectives on a particular issue. However, these organizations have an ideological bias and the patterning of data to serve a purpose that needs to be cross-checked.
- Tier 3 are specialist equipment and ORBAT trackers such as Oryx, Calibre Obscura, and Warspotting.
- Tier 4 comprises real-time signal- and domain-specific tracking that is usually non-military in nature but can be used by military bloggers and OSINF specialists working in the military field to produce a more granular assessment. These trackers include FlightRadar 24 (may also track military aircraft but in most operational cases, these aircraft turn off their transponders), IntelSky, MarineTraffic, Global Fishing Watch, etc. These are highly technical and data-rich accounts that can populate an intelligence assessment in detail.
- Tier 5 are high-volume, variable-verification, and fast-upload accounts that track incidents in real time but veracity of the data is generally blurred due to the chaotic nature of the event itself. The core challenge is that ill-informed or untrained civilians can misinterpret satellite imagery or apply emotional bias without contextual knowledge, especially with respect to movements of troops and military vehicles.
Today, OSINT is also being used to disseminate narratives and counter propaganda by individuals and non-state actors. The main challenge in using this data lies in the three-layered shell that encapsulates the data epistemology.
First, the source material for OSINT is distorted by the architecture of the social media platform itself, which is designed to maximize engagement. Posts by individuals and organizations are designed to elicit maximum views rather than provide nuance. Applying an ideological or strategic lens to that output requires first discounting the medium’s own active distortion layer, which primes a particular way of expression.
Second, the gatekeeping infrastructure that contextualized information through editorializing, production, and interpretive labour in mainstream media, and which analysts could treat as belonging to a particular ideological stream, has more or less collapsed. Every post now has to be re-contextualized based on the OSINT analyst’s own biases, which may or may not match the original context.
The third layer is technical, where the volume of data and anonymous identities make authentication and credibility evaluation harder.
OSINT has a major role to play in conventional as well as grey-zone operations, and also features as a major instrument in operations in the cognitive domain. The degree to which OSINT influences decision-making in conventional warfare can be illustrated using two brief case studies: Project Maven by the US, and the citizen sensor system in Ukraine.
OSINT in Conventional Warfare
Project Maven was an ambitious vision of using AI, specifically computer vision (CV), to find the answer to the most vexing question for most militaries: where is the enemy? Picture and videos from classified data—tanks, vehicles, etc., were labelled and fed into the system to train it. However, the inferencing challenges were massive.
Combining the capabilities of companies like Google, Amazon, and Microsoft with military data and personnel, Project Maven was deployed in Afghanistan in 2018. But the model, which was trained on Joint Special Operations Command (JSOC) drone footage in Somalia, severely underperformed in Afghanistan.
Another issue was that commercial companies could not access classified data directly to train their models. As a workaround, encrypted drone data were passed through a Tactical Image Production System (TIPS)—a data lake hosted on government data centres—followed by internal sensitization by the Maven team that stripped the data of contextual information before passing on the data for labelling to the companies in 3-5-second clips. This was an engineering solution to a provenance problem. When an advanced version of the system, the Maven Smart System (MSS), was deployed in Ukraine in 2022, apart from initial low rates of positive identification of 30% in snowy conditions (only 24 out of 1,500 tested models were deployed), OSINF feeds such as TikTok videos, X posts, and commercial satellite imagery became undifferentiated data points in the vast pipeline of close to 150 data streams, weighted by algorithmic confidence scores rather than source credibility, which diminished the analyst’s capability to distinguish between verified intelligence and unverified open source material.
In Ukraine, US soldiers deployed with MSS fed points of interest (POI) to a Ukrainian battle management system called Kropyva, essentially a digital map displaying real-time unit positions, fire missions and target data for artillery crews. The targeting data was routed via Maven and MSS. A number of citizens, observing and geolocating Russian troop and vehicle movements as well as static positions fed data into a system instituted by the Ukrainian armed forces through Telegram chatbots and standardised webforms. Some part of this data was also used by MSS and Maven to generate POIs for targeting by drones and artillery. Not only this, at times, OSINF identified Russian sites which are believed to have been hit by Ukrainian kinetic strikes within a 24 hour window. This citizen-sensor system has worked very well for Ukraine as it outsources the sensor part of the kill chain to mobile, dynamic and intelligent humans. At the same time, it exposes them to strikes by Russian kill chains and removes, de facto, the protection of international humanitarian law (IHL).
In conventional war, OSINF expands data points in the collection phase by presenting unprecedented amounts and variety of data, while OSINT is required in the exploitation phase. In the pre-Bellingcat era, at the Joint Operations Centre (JOC) established during the Second Gulf War at Balad, Iraq, the intelligence exploitation cycle was Find-Fix-Finish-Exploit-Analyse (F3EA). Even in intelligence cycles based solely on classified data in well-resourced militaries, the bottleneck was exploitation rather than collection, where JSOC forces conducted daily nightly raids to generate intelligence. Commercialization and proliferation of especially satellite-based sensors, datafication of entities and individuals, and incentives for monetization ensure that the collection phase is saturated. The challenge today for militaries is to build exploitation pipelines fast enough to exploit them in a manner that facilitates operations.
OSINT in Grey Zone Warfare
Grey zone operations present a paradox: they are both difficult to attribute and impossible to fully conceal. The line between civilian and military activity is intentionally blurred using a mix of actions like information operations, cyber warfare, propaganda, and proxy actors. The foremost intention is to confuse attribution and make retaliatory action difficult. Grey zone operations are deliberately conducted in public since visible yet confused attribution is the coercive mechanism and narrative construction is the end state. A fishing fleet swarming a contested island or a historical record promoting a territorial claim has to be visible to coerce. OSINT, by making the attribution public and verifiable through a verification chain, offers the ideal counter for these operations. Rather than waiting for legal processes that require chain-of-custody standards that classified intelligence cannot satisfy, the focus is on moving from semi-deniable attribution in case of proxy actors or cyber warfare where there is adequate visibility to signal capability while preserving plausible deniability, to public accountability. OSINT can prepare the ground for actors at the receiving end of grey zone operations, to collapse the attribution ambiguity that the adversary depends on.
Use of OSINT in Cognitive Domain: Advantages and Pitfalls
In the cognitive domain, OSINF and hence OSINT, can face adversarial attacks due to the very factors that have facilitated its spread. Credible OSINF organizations believe that their findings should be publicly replicable, i.e., anyone with the tools, insights, and time should be able to retrace the chain through which disaggregated information was converted to a form of analysis through a form of causality. However, this creates both a bottleneck and an attack surface for adversarial injection and disinformation operations. Consider the leak of classified US intelligence estimates on Russian and Ukrainian casualties on a Discord server in 2022. Out of the 20 leaked documents, one was edited to invert the scale of casualties on both sides, with the Ukrainian side faring worse in the edited version.
A number of OSINT principles can be tested here for fallibility. First, OSINT is a comparative and retrospective discipline when it relates to verification chain. Adversaries can seed false data in the information streams likely to be used by the OSINF community, poisoning them and destroying the credibility of the individual/ organization and, by correlation, the community. The Discord leak is an example: if only the edited versions had remained in the system, the OSINF community could never have made the connection.
Second, a methodology called reflexive control, which has been attributed to the Russians, was in play here. This is perception control—the deliberate transmission of specially prepared information designed to cajole an adversary into reaching a decision that the initiator wants, without appearing to do so. The reflex part is a recursive loop where the side with the better understanding of the adversary’s modelling of itself prevails. The mechanism is to use the cognitive filters of the adversary against itself.
Theorists have put reflexive control into three categories. The first rank functions through saturation and speed assuming that the volume and transmission speed of information will overwhelm the majority of Tier 5 OSINF operators. The second rank is where the sources for the adversary’s intelligence apparatus are identified and spoofed. The most difficult to achieve is the double second-rank, in which the actor plants incriminating information about himself, waits for the open source community to publish it as a scoop, and then publicly exposes the material as fabricated to destroy the credibility of the community. Third, a strategy called 4D (Dismiss, Distort, Distract, Dismay), some claim, was used by the Russians, especially in the downing of Malaysia Airlines flight 17 over eastern Ukraine in July 2014. Here, the counterfactual community weaponized OSINF’s transparency through endless questioning. The intent is to impose verification costs at scale and speed greater than what the OSINF community can resolve.
A number of OSINF handles depend heavily on commercial satellite imagery for insights. There are two complicating factors here. First, the ‘visibility’ afforded to the OSINF community is pre- and co-determined by a complex interplay among the imagery providers, states-as-customers, and the analyst-intermediaries. Before the proliferation of commercial space imagery options, the field was deemed to be a state monopsony. For example, in the US, the state accounted for more than 60% of the revenue of DigiGlobe (later Maxar and now Vantor). The state implemented a ‘shutter control’ regime, in which the government could cap resolution or restrict distribution by commercial imagery firms on grounds of national security. This came to an end when the National Oceanic and Atmospheric Administration (NOAA) of the US Department of Commerce published a Final Rule in the Federal Register placing limited-operations directive (or shutter control) in Tier 3 (most restricted category for systems with no foreign or domestic competitors) for a three-year window starting May 2020. The term expired in 2023 and was not renewed.
However, the Ukraine war and the ongoing operations in the Gulf present a very different situation with direct relevance for the OSINF community. In October 2025, Maxar shut down access to satellite images over Ukraine following a request from the US administration. In April 2026, PlanetLabs and Vantor announced they would restrict access to images over areas in West Asia where US and NATO forces were involved in operations. The implication is that a ‘voluntary’ request routed through customer relationships can function in the same manner as a legal mandate. This points to a skewed-access case where OSINF communities can only hold certain actors to account, and the access on which they depend for public accountability is not an objective reality.
The last issue of importance in the use of OSINT in the cognitive domain is more conceptual, and relates to the way in which information itself is constructed and released. This is what Bruno Latour calls a ‘black box’—a claim that hides the human decisions that produced it.
For analysts, the data are required to be pristine. This requirement, however, conceals the entire chain of human decisions that produces the data. This is a challenge that even historians face when writing an account based on archival records, but the implications for OSINT are more life-or-death. The decisions on what to photograph, how to label, and what model to use even when training AI-based systems are choices that humans make. The requirement of data purity functions to insulate the targeting output from scrutiny; however, when using OSINF for generating OSINT, this is dangerous since open source data are by definition unverified.
Implications for Militaries
- Exploitation is the bottleneck: As discussed earlier, the collection phase is saturated. The bottleneck has shifted to the exploitation phase. This was clear earlier too when US Special Forces used classified intelligence for operations in Iraq, but it has become more constrained with the addition of OSINF. Non-state OSINF producers, especially in the Tier 2 and 3 categories who produce genuine information need to be absorbed in militaries through a standardized structure and pipeline. The challenges of vetting, preventing adversarial attacks, weighting sources, and countering platform distortion and decontextualization must be addressed through the creation and dissemination of standards and professional military education (PME). Training pedagogy must be improved to ensure that analysts are able to filter out verified intelligence from unverified open-source information. The Berkeley Protocol on Digital Open Source Investigations can be a starting point for creating similar military standards.
- OSINT is an attack surface: The OSINF collection environment is not neutral; the provenance of open sources is artificially constructed and at times misconstrued. Information laundering, reflexive control, and state influence over sources imply that OSINT has to factor in cognitive vulnerabilities that can be exploited by the adversary. Military doctrines must treat OSINT inputs with the same source-reliability weighting that they apply to human intelligence (HUMINT), including the detection of adversarial injection at the collection stage.
- Citizen sensors: The Ukraine war has demonstrated the advantages and challenges of using citizens as active sensors for the military. The core advantage is an intelligent and dynamic assessment of adversary locations through standardized protocols in case of an invasion. However, attempts to do the same in a hostile country via its citizens may end in failure. Also, citizen sensors can be targeted by adversary forces, blurring the line between civil and military targets. Another challenge is ‘digilantism’, where untrained individuals can generate confident false positives or attribute aggressive intent to routine military movements.
- Strategic dependence on satellite imagery: The assumption that commercial satellite imagery is a stable, universally accessible OSINT input has been empirically falsified by the October 2025 Maxar Ukraine shutdown and the April 2026 PlanetLabs West Asia restriction. Commercial satellite imagery providers are still beholden to states as customers, and subject to interventions by silent regulatory authorities. Militaries that are dependent on access to these images must have alternatives in place for situations in which access is cut off. The threat of poisoning of images and delayed access also inhibits the timely analysis of events which also makes OSINT a competition of time apart from resources.
Conclusion
Instead of democratizing intelligence, OSINT has spread the bottleneck around collection and exploitation—the former being done by OSINF and the latter by states. Both face challenges: OSINF producers have to deal with misinformation and disinformation, adversarial injections, and loss of access to data points due to deliberate state intervention; states are yet to develop full capacity for ingesting OSINF into a credible pipeline to generate intelligence that can further operations.
Across the three operational domains examined in this paper, OSINT’s utility is real but bounded in ways that has not been fully absorbed through doctrine. In conventional warfare, the Ukraine and Maven case studies demonstrate that OSINT can compress the sensor-to-shooter cycle to operationally decisive timescales at the cost of provenance integrity. The citizen sensor system that proved tactically effective in Ukraine created exposure to IHL, and is only valid in certain cases. Introduction of unverified data into military kill chains can have lethal consequences.
In grey zone operations, OSINT becomes a strategic asset. Where the adversary’s coercive mechanism depends on maintaining public ambiguity, a publicly replicable verification chain is needed to collapse that. However, here the adversary is not just the opposing actor but also time, since allowing adequate time for opposing narratives to solidify defeats the purpose of public attribution. Finally, in the cognitive domain, the same transparency that makes OSINT effective in grey zone attribution makes it vulnerable to adversarial exploitation.
The deeper challenge is that open source is itself a product of institutional, technological, and political choices rather than an objective fact. The boundary between open and classified is a membrane, permeable in both directions and managed asymmetrically by actors with unequal resources and interests. Therefore, open-source information should not be treated as a stable and universally accessible substrate but also as a strategic vulnerability. For militaries, the core institutional imperative is to build OSINT capability—the training pedagogy, doctrinal framework, exploitation pipeline, verification standards, and organisational culture—that converts available information into reliable intelligence at an operational tempo.