OSINT Live 2025 Recapped

The 2025 installment of OSINT Live—our fourth year hosting the event—brought together investigators, analysts, and other practitioners from around the world to explore how open-source intelligence is evolving in scale, scope, and complexity.

This year’s sessions focused on scaling analysis, integrating new data types, and addressing the fast-changing realities of digital deception. 

Aggregating the Overlooked

Kicking off the day, Daniel Faram, Co-Founder of Public Insights, reminded the audience that “nothing is trivial in OSINT.” His presentation explored how isolated data points gain extraordinary value when aggregated across time, geography, or source types.

Drawing from his experience, Dan showed how patterns emerge through scale. In Afghanistan, manually charted Taliban checkpoints revealed local control and commander movement patterns when mapped across days and regions. Across the globe in the UK, aggregated tree removal applications from local councils exposed development trends and conservation risks at a national level.

He demonstrated how automation, through regex filtering, AI-based text interpretation, and visualization, can turn unstructured data into actionable intelligence. Importantly, he also walked through the accessible techniques and technology behind these processes, showing non-coders how tools like Pano (which makes London street-level imagery searchable) and the process behind his link charting tool can be adapted by non-technical investigators. The session offered a rare, practical look at how OSINT tools work under the hood, not just what they produce.

Beyond Breaches

Matteo Tomasini took attendees deep into the world of compromised identifiers and how breached data can be used responsibly. As the founder of District 4 Labs, Matteo has experience building tools that help professionals responsibly parse, structure, and interpret this data for legitimate investigations.

Matteo broke down the landscape of breach datasets, from combolists and open buckets to stealer logs and breached databases, showing how each requires a different approach to validation and parsing. Investigative value, he noted, lies in contextualizing breach data alongside public records and other OSINT sources.

Ethics were central to his message. Investigators must evaluate source credibility, respect jurisdictional limits, and align with internal compliance frameworks. The power of compromised identifiers lies in whether they’re used responsibly.

Uncovering Influence

Craig Silverman joined us from Indicator to demonstrate how digital ad libraries have become essential tools for OSINT practitioners investigating political communication, misinformation, and other influence campaigns.

He showed how ad repositories reveal who’s paying for ads, how much they’re spending, where they’re running, and what messages they’re amplifying. These details, he explained, allow investigators to uncover coordination, follow money flows, and identify emerging narratives.

Craig’s key advice: treat ad libraries as live data sources. Scan frequently, capture early, and cross-reference across platforms and regions.

Detecting Synthetic Media

Sam Gregory from WITNESS addressed the escalating challenge of deepfakes and synthetic media, a problem that has shifted from largely theoretical to tangible in the last 18 months.

Sam outlined how detection has evolved alongside creation. Tools like Verify Content Authenticity and AI Speech Check can assist in verification, but he warned they are fallible and biased, especially when looking at low-quality footage or ethnic groups underrepresented in training data.

The WITNESS approach prioritizes process over automation. Investigators should start with the SIFT method: Stop, Investigate the source, Find better coverage, and Trace the media before using detection tools as a secondary confirmation. Automated detector tools, he noted, should be used late in the process, as a confirmation step, not a first resort.

Not all synthetic content is malicious, he reminded the audience. Satire and creative experimentation coexist with deliberate disinformation, making intent a key factor for investigators. Investigators must prioritize media created to deceive or defraud. Ultimately, Sam reinforced that human judgment, including skepticism, verification, and contextual reasoning, remains the strongest tool in the OSINT toolkit.

AI-Enhanced Security Operations

Rounding out the sessions, Keon Ellison and Zachary Melvin from Anthropic provided a look inside how one of the world’s leading AI companies is using artificial intelligence to unify security and intelligence functions. Their recorded session explored how AI can help security teams move from reactive response to proactive detection by understanding how data flows through their operations.

Keon and Zach also introduced the concept of the “Total Intelligence Analyst,” where humans work with AI agents to enhance judgment by synthesizing multiple data streams to identify risks and ensure they don’t slip through. Their approach incorporates 360-degree, AI-enabled coverage into traditional GSOC models, improving cross-functional visibility, increasing the relevance of findings, and helping analysts focus on decision-making rather than data management. If deployed correctly, Zach and Keon say, AI can be the single most significant force multiplier for intelligence and safety teams.

OSINT-Enabled Teams Work Better

Each speaker approached OSINT from different angles, including aggregation, compromised data, digital transparency, and authenticity. Still, the message was clear: OSINT is an indispensable toolbox for teams across industries, but only when paired with the curiosity, discipline, and integrity of the analyst behind the screen.

Want to watch the full sessions from OSINT Live 2025? Access the recordings here.