The Evolution of OSINT: How AI and Human Expertise Work Together

This article discusses the intersection between artificial intelligence (AI) and open-source intelligence (OSINT). It explores how derived technology is revamping traditional OSINT methods while also requiring the continued primacy of human analysis[i]. It examines the dangers and opportunities that AI raises for collecting and analysing intelligence and provides a balanced summary of the pros and cons of technological prowess against human capabilities. The article highlights recent innovations in AI technologies and their use in intelligence activities and examines the ethical implications of these advancements for the field.

Introduction

OSINT can be defined as obtaining, processing, and disseminating information from publicly or commercially available sources. Since the introduction of the ChatGPT by OpenAI in November 2022[ii], AI has been exponentially incorporated into all sectors, from intelligence gathering and analysis to other related tasks. This revolution presents fundamental questions regarding AI’s assimilation into OSINT and what that means for the future of intelligence work. Additionally, it should be recognised that integrating AI into OSINT will fundamentally change how intelligence agencies and private-sector organisations collect and analyse information[iii].

OSINT collects and analyses publicly available data to extract insights; however, approaches have changed significantly since the advent of AI tools. New data collection and analysis techniques have spawned an age where intelligence analysts can do their work as never before: faster and more easily addressing unexpected complexities. However, despite these technological advancements, human power remains vital in interpreting judgments, maintaining ethical direction, and sound decision-making.

OSINT’s Changing Face

OSINT has changed over the years. From the simple collection of data to thorough verification and validation leading to actionable intelligence[iv], the scope of OSINT also faces three key challenges: information overload, reliability, and legal and ethical issues. These three factors have collectively reshaped the definition of OSINT and translated it into the basic requirements and expertise needed to use it effectively[v].

From its beginnings, OSINT has gone far beyond mere data collection. Intelligence officers and analysts in the past rummaged through raw intelligence manually and undertook analyses to draw meaningful conclusions. Now, OSINT is based on implementing advanced data filtering, analysis, and interpretation techniques. However, despite technological advances, OSINT faces serious challenges.

Information overload is arguably the most significant challenge. The sheer volume of commercially available databases, social media feeds, and open web sources can overwhelm OSINT operations[vi]. Without proper filtration and categorisation, intelligence agencies and security researchers’ risk being inundated with irrelevant, misleading, or even deceptive information. Worse still, third parties or those controlling AI-driven intelligence platforms could deliberately inject false, fake, frivolous, or deceptive data for political manipulation, financial gain, or simple disruption. This risk is exacerbated by the increasing sophistication of automated bots and AI-generated content that can flood OSINT tools with fabricated narratives or synthetic identities.

The second major challenge is reliability. The rise of misinformation, deepfakes, and AI-generated media makes it increasingly difficult to distinguish fact from fiction. To ensure accuracy, OSINT practitioners must operate with heightened vigilance, cross-referencing sources and applying rigorous verification methods[vii]. A failure to do so could have serious security consequences, enabling threat actors to manipulate intelligence assessments, mislead law enforcement, or erode public trust in critical institutions. Moreover, Black OSINT[viii], where malicious entities deliberately use OSINT techniques for unethical or illegal purposes, adds another layer of complexity.

Criminal organisations, hackers, and even state-sponsored groups also exploit publicly available data to conduct cyber fraud, identity theft, and doxing. As AI-driven OSINT tools become more widely adopted, practitioners must remain acutely aware of the risks posed by manipulated or adversarial data injections, ensuring they differentiate between trustworthy intelligence (White OSINT) and intentionally deceptive sources (Black OSINT).

Legal and ethical issues are also factors in determining good OSINT practice. Unlike traditional investigative methods governed by established legal and ethical standards, OSINT operates relatively unregulated. This raises important questions about privacy, consent, and potential misuse. Limits of privacy laws, which map out boundaries of collection and jurisdictions, should help ensure that practitioners cannot legitimately collect certain types of intelligence. Where these standards might be breached, legal sanctions can be heavy.

Some experts argue that standalone OSINT teams with independent structures are necessary to maintain operational integrity. However, a more practical approach integrates OSINT into broader intelligence and cybersecurity efforts, ensuring that intelligence operations align with risk management and threat mitigation strategies. Success in OSINT requires a combination of digital literacy, analytical skills, ethical conduct and a deep understanding of how intelligence fits into the more significant security landscape.

How AI is Transforming OSINT

AI has had a transformative impact on OSINT, saving analysts time on data collection and analysis. It powers tools and techniques to help process and analyse enormous volumes of data in real time, gathering information from social media, news sites, and government reports. This allows intelligence analysts to spot trends and identify emerging threats far faster than previously possible.

One of the most significant advantages AI has added to OSINT is link analysis and pattern recognition. Machine learning can help discover hidden relationships or connections between events, organisations, and individual actors in a way that is often beyond the attention span of an analyst. By analysing vast datasets, AI can reveal connections that would, in other circumstances, be missed, resulting in a significantly improved intelligence collection capability.

Natural Language Processing (NLP) provides a further technological advantage. It enables the automatic processing of text-based data in one or more languages. Relevant applications include social media monitoring, sentiment analysis, and threat anticipation. NLP's models allow an OSINT practitioner to track real-time developments in different regions and language domains, enhancing situational awareness.

AI can also help reduce an analyst's cognitive load by filtering out irrelevant information, enabling them to focus on high-priority tasks. Instead of manually analysing massive datasets, intelligence experts can leverage pre-vetted datasets to help inform the decision-making process more accurately.

However, these advances have significant drawbacks, including susceptibility to bias, misinterpretation of context, and potential manipulation. Hence, careful stewardship is crucial to help guard against misdirection and ensure the reliability of OSINT analysis.

The Dangers of Rushing into AI Adoption: Lessons from DeepSeek

Recent security problems surrounding DeepSeek, an AI model developed by Chinese sources, serve as a stark warning to cautious uptake of AI for its OSINT exploits.

One of the most alarming vulnerabilities discovered in DeepSeek was an exposed ClickHouse database, which was publicly accessible without authentication. This security flaw allowed unauthorised access to sensitive internal data, including chat histories and API secrets. Exposure to sensitive information presents a significant risk as it could be exploited for cyberattacks or intelligence manipulation[ix].

Another critical issue with DeepSeek is its high vulnerability to attacks. Testing conducted by Cisco revealed that DeepSeek-R1 had a 100% attack success rate, indicating that it lacked adequate safeguards against malicious inputs[x]. This vulnerability made an AI model particularly susceptible to algorithmic jailbreaking, allowing adversaries to bypass safety measures and manipulate its outputs.

DeepSeek-R1 has also performed poorly in safety evaluations. The model failed 61% of knowledge base tests and exhibited security weaknesses that were significantly more severe than those observed in competing AI models. Compared to leading AI platforms, DeepSeek was three times more biased and four times more likely to generate insecure code[xi].

Further analysis of DeepSeek’s security flaws can be found in studies from Wiz Research, InfoQ, and Kelacyber[xii].

Conclusion

AI is revolutionising OSINT but can never wholly replace human input. The best intelligence cells will combine the speed and efficiency of AI and human intelligence to ensure intelligence-gathering procedures are accurate, ethical, and actionable.

However, until the many open questions surrounding AI security, privacy, and ethics are properly addressed, OSINT professionals will likely have to trade technological innovation for highly educated risk-taking since the future of intelligence collection has not yet been written.

Authored by: The Coalition of Cyber Investigators.

© 2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their expertise and analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. Recognising that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.

[i] Wright, P. (2024b, November 14). The transformative role of AI in OSINT and the complexities of large language models. Medium. https://medium.com/@city.paul/the-transformative-role-of-ai-in-osint-and-the-complexities-of-large-language-models-42b0879450ce (Accessed 18 February 2025)

[ii] OpenAI. (2022). "ChatGPT: Optimizing Language Models for Dialogue." OpenAI Blog. https://openai.com/blog/chatgpt (Accessed 18 February 2025)

[iii] Glassman, M., & Kang, M. J. (2023). "Intelligence in the AI Era: Transformations in OSINT Methodology." Intelligence and National Security, 38(2), 145-163. https://doi.org/10.1080/02684527.2023.2167890 (Accessed 18 February 2025)

[iv] Hassan, N., & Hijazi, R. (2022). Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence. Apress. https://link.springer.com/book/10.1007/978-1-4842-6383-6 (Accessed 18 February 2025)

[v] Gibson, H. (2023). "OSINT Framework Development: Integrating AI and Human Analysis." Journal of Intelligence Studies, 15(3), 78-96. https://doi.org/10.1080/08850607.2023.2167891 (Accessed 18 February 2025)

[vi] ShadowDragon. (2024, December 12). What are the common struggles of OSINT investigations? ShadowDragon.io. https://shadowdragon.io/blog/what-are-the-common-struggles-of-osint-investigations/ (Accessed 18 February 2025)

[vii] Van Puyvelde, D., & Rienzi, F. T. (2025). The rise of open-source intelligence. European Journal of International Security, 1–15. https://doi.org/10.1017/eis.2024.61 (Accessed 18 February 2025)

[viii] Investigators, C. O. C. (2024b, October 6). The use of black OSINT in disinformation operations and how white OSINT can be used to counter and fact check. https://www.linkedin.com/pulse/use-black-osint-disinformation-operations-wedcc/ (Accessed 18 February 2025)

[ix] Infosecurity Magazine (2025). DeepSeek Database Leaks Sensitive Data. https://www.infosecurity-magazine.com/news/deepseek-database-leaks-sensitive/ (Accessed 18 February 2025)

[x] De Simone, S. (2025b, February 5). DeepSeek Database leaking sensitive information highlights AI security risks. InfoQ. https://www.infoq.com/news/2025/02/deepsek-exposed-database/ (Accessed 18 February 2025)

[xi] Kapon, B. (2025b, January 29). DeepSeek R1 exposed: Security flaws in China’s AI model. KELA Cyber Threat Intelligence. https://www.kelacyber.com/blog/deepseek-r1-security-flaws/ (Accessed 18 February 2025)

[xii] Poireault, K. . (2025b, February 17). Cybercriminals eye DeepSeek, Alibaba LLMs for malware development. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/deepseek-alibaba-llms-malware/ (Accessed 18 February 2025)