Key Takeaways
- Adversaries now operate largely in the open, exploiting the sheer volume of publicly available data to hide their activities beneath the “noise floor.”
- The explosion of open‑source intelligence (OSINT) data—estimated at ≥10 TB per day—combined with AI‑driven analysis tools makes it harder for defenders to separate relevant threats from irrelevant noise.
- Effective cyber defense requires moving beyond isolated tools to integrated, enterprise‑wide intelligence capabilities that fuse OSINT with internal vulnerability and threat data.
- AI should be viewed as a force multiplier for human analysts, not a magic wand; it augments decision‑support, automates routine tasks, and helps analysts focus on high‑value analysis.
- Collaboration across government agencies and with private‑sector partners that have already “cracked the code” on OSINT is essential for building resilient, mission‑focused cyber operations.
- Developing operationally relevant products demands an all‑source approach that brings together signals, cyber, and other intelligence disciplines to paint a complete picture of adversary behavior.
- Resilience is achieved when AI and automation free skilled analysts to conduct deeper, contextual analysis, enabling faster detection, validation, and response to emerging threats.
The Growing Challenge of Open‑Source Intelligence
Adversaries increasingly rely on publicly accessible infrastructure—such as commercial internet service providers and open‑source software—to conduct reconnaissance, stage attacks, and conceal their movements. Because these activities occur amid a flood of everyday digital traffic, they sit just below the noise floor, making detection difficult. The sheer volume of data generated each day—estimated at ≥10 terabytes from media platforms alone—exacerbates the problem, overwhelming traditional monitoring methods and forcing agencies to rethink how they collect, analyze, and act on intelligence.
AI Is Not a Magic Wand
Kevin Fogarty, Leidos’ senior vice president and CTO for the intelligence sector, emphasized that artificial intelligence cannot replace human judgment. His team processes roughly 61 OSINT feeds and 150,000 indicators of compromise daily, illustrating the scale of the data challenge. AI’s value lies in augmenting analysts: it can sift through massive datasets, highlight patterns, and reduce the time spent on routine correlation, allowing human experts to apply their tradecraft with greater confidence. Fogarty cautioned against seeking a one‑size‑fits‑all AI solution; instead, organizations must select appropriate models and technological “harnesses” that fit specific mission needs.
State Department’s Shift to Enterprise‑Wide Defense
Gharun Lacy, Deputy Assistant Secretary for Cyber and Technology Security at the State Department, described cybersecurity as evolving from a purely technical issue to an enterprise‑wide, department‑wide initiative. He noted that adversaries “live just beneath the noise floor” and rely on public infrastructure, which means defenders must look beyond internal logs to the open web. Lacy highlighted the importance of enriching the vast ocean of OSINT with internal vulnerability data to pinpoint where actual risk exists, transforming raw threat feeds into actionable intelligence that can disrupt attack chains before they are exploited.
Partnering with the Private Sector
Lacy stressed that the State Department is strengthening its internal vulnerability assessments but recognizes the need to collaborate with private‑sector partners who have already mastered OSINT utilization. By integrating external intelligence with internal context, agencies can differentiate between generic threats and those that pose a genuine risk to their specific environments. This partnership approach helps close the gap between raw data and mission‑focused insight, enabling more precise defensive actions.
Defense Intelligence Agency’s All‑Source Approach
Eric Miller, senior advisor for OSINT at the Defense Intelligence Agency (DIA), discussed the agency’s newly established cyber intelligence center within its Directorate of Analysis. The center aims to adopt an all‑source methodology, blending signals intelligence, cyber data, and other intelligence disciplines to develop operationally relevant products. Miller explained that the goal is to produce foreign foundational military and scientific intelligence on cyber actors, ensuring that analysts receive a holistic view that supports both strategic and tactical decision‑making.
DIA’s AI‑Driven Data Modernization
To cope with the torrent of data, DIA launched the Digital Modernization Accelerator in March, focusing on understanding and applying AI across the agency. Miller described the effort as “looking in the trenches” to harness AI for sifting through tens of thousands—or even millions—of data points. Once AI helps make sense of the information, automated processes are needed to disseminate reports swiftly, ensuring that increased product volume does not create bottlenecks in the intelligence pipeline.
AI as an Enabler of Context and Relationships
Fogarty reiterated that AI excels at uncovering hidden relationships—such as a minor exploit in an open‑source package that can cascade through entire infrastructures at lightning speed. By monitoring these connections, AI can trigger alerts that may lead to either defensive cyber actions or, in extreme cases, kinetic responses. Even with AI’s assistance, analysts will face ever‑growing data streams; the key is to distill that information into concise, actionable formats that fit within analysts’ workflows and enable rapid synthesis and reporting.
Building Resilience Through Automation and Human Expertise
Lacy defined resilience as the ability to free skilled analysts from repetitive tasks so they can concentrate on high‑value analysis. AI and automation can handle ticketing, information routing, and communication between tier‑one, tier‑two, and tier‑three analysts, creating a seamless flow of data. When analysts are liberated from low‑level chores, they can apply their expertise to identify trends, spot anomalies, and devise counter‑measures, thereby strengthening the overall security posture of networks and systems.
Conclusion: Toward Integrated, Mission‑Focused Cyber Defense
The webinar discussion made clear that defending against modern adversaries requires a shift from piecemeal tools to connected, enterprise‑wide intelligence capabilities. Agencies must blend OSINT with internal vulnerability data, leverage AI as an analyst‑augmenting force multiplier, and foster collaboration across government and industry. By adopting an all‑source approach, investing in AI‑driven data modernization, and using automation to elevate human expertise, organizations can turn the overwhelming tide of open‑source data into a defensive advantage that supports mission resilience and operational security.

