OSINT in the Age of AI
When the skill floor collapses.
The thing that made OSINT hard wasn't access to information. It was always synthesis. A decade ago, any competent investigator could search LinkedIn, scrape public records, pivot through WHOIS data, and run a reverse image search. The tools were available. What separated a mediocre analyst from a great one was the ability to pull scattered signals into a coherent picture faster than the target could move. That was the moat. AI just drained it.
We're at an inflection point where capabilities that took years to develop are being commoditized into browser-accessible tools with free tiers and slick UIs. That has profound implications for defenders, investigators, journalists, threat actors, and anyone who posts their face on the internet. Let's work through what's actually happening.
The Skill Floor Collapse
Traditional OSINT had a high floor. Geolocating a photo manually required pattern recognition built over years of practice: reading shadows to infer sun angle and hemisphere, matching architectural styles to regions, identifying vegetation species, cross-referencing road signage conventions across dozens of countries. Bellingcat built a reputation on exactly this kind of painstaking pixel-level analysis. Their investigators would spend hours on a single frame.
GeoSpy changed that in December 2023.
GeoSpy, built by Graylark Technologies, is an AI-powered geolocation platform that analyzes a photo's visual content alone -- no EXIF data, no GPS coordinates, no metadata of any kind. It was trained on millions of geotagged images and learned to recognize combinations of signals: paint colors on fire hydrants, the specific brick patterns of terraced housing, soil color gradients, vegetation density, the style of road markings. Things no individual investigator could hold in their head. Its Pro tier, powered by a model called SuperBolt, compares uploads against a database of over 46 million street-level photos and can achieve accuracy within a single meter.
People began sharing videos of what GeoSpy could do. The reaction was a mix of awe and alarm. Within weeks, Graylark's founder confirmed they'd received requests from people asking to use it to track specific women. They closed public access, restricted the Pro version to law enforcement and verified organizations, and left only a limited free tier with city-level accuracy. But the precedent was set: a tool that could do in seconds what used to take an experienced analyst hours had briefly been open to anyone.
That's the skill floor collapsing in real time.
PimEyes does the same thing for faces. Feed it a photo and it crawls the public web for matches, cross-referencing against a database built from years of image indexing, using facial hashing and vectorization rather than simple pixel comparison. The Washington Post called it "one of the most capable face-searching tools on the planet." The New York Times said it offers "a potentially dangerous superpower from the world of science fiction" for $29.99 a month. In practical testing, it has successfully surfaced photos taken more than ten years prior, from crowded environments like concerts and airports. One security researcher typed in two clear photos and retrieved matches -- from a professional headshot to a conference appearance he'd forgotten was indexed -- in under 60 seconds.
The investigative applications are real. Belgian fact-checkers at Knack used PimEyes to debunk a misidentified military figure being spread in coverage of the Ukraine war. OCCRP used facial recognition to confirm the identity of a deceased Serbian drug smuggler found in Paraguay. Journalists have used it to verify whether propaganda videos are who they claim to be. These are legitimate, meaningful wins.
The abuse vector is identical to the defensive use case. Same tool. Same query. Different intent.
What AI Actually Changes
The common framing is that AI makes OSINT "faster." That's technically true but misses the structural shift. Speed was never the bottleneck for sophisticated actors. What AI changes is the minimum viable competence required to do serious intelligence work.
There's a survey of OSINT practitioners published by the OSINT Jobs newsletter that cuts to it: most working analysts now use AI daily, primarily for collection, analysis, and writing. They see measurable productivity gains. They also flag a consistent problem: information overload and a growing gap between speed and judgment. Teams have more raw intelligence than they know what to do with, and they lack the shared methodology and tradecraft to evaluate it properly.
That gap is where bad outcomes live. AI can generate an initial geolocation estimate. It can also hallucinate one convincingly. GeoSpy itself has misidentified a coastal photo from Stade, Germany as being in the Netherlands. AI-based facial recognition produces false positives. A system trained on millions of images still fails on low-quality inputs, unusual angles, or the simple bad luck of two people who look enough alike to confuse the model. The analyst who trusts the output without verification has more confidence than the evidence warrants. The analyst who understands the model's failure modes treats it as a starting point, not a verdict.
That's the real division now. Not between people who have access to AI tools and people who don't. Between people who understand what the tools are actually doing and people who don't.
The Offensive Side Nobody Likes to Discuss
Here's where it gets uncomfortable. The same capabilities that help investigators find missing persons and verify war footage help threat actors profile targets.
Google's Threat Intelligence Group published findings in late 2025 confirming what anyone paying attention suspected: state-sponsored actors from North Korea, Iran, China, and Russia were operationalizing AI across all stages of the attack lifecycle, with a heavy concentration in reconnaissance. LLMs are being used to synthesize OSINT at scale -- pulling from job postings, LinkedIn profiles, GitHub repositories, public regulatory filings, and breach data -- to build targeting packages on organizations and individuals. What would have taken a team of analysts several days to assemble manually can now be produced in hours.
The most telling detail from the Google report: these actors are using AI primarily to move faster through established playbooks, not to develop genuinely novel capabilities. OpenAI said the same thing in their October 2025 disruption report. Threat actors are bolting AI onto old techniques. The phishing lures are better. The target profiling is more granular. The personalization that used to require a dedicated human analyst can now be scaled. But the underlying attack patterns are the same as they were five years ago.
That's actually the point. The hard part of an attack was never figuring out what to do. It was doing it consistently, at scale, against well-defended targets. AI removes the friction. A Chinese APT actor documented by Google's GTIG used Gemini to conduct initial reconnaissance, research phishing payload delivery techniques, assist with lateral movement, support command-and-control, and help with data exfiltration -- all from the same chat interface. The attack lifecycle automated.
One particularly sharp detail: GTIG observed malware that used Gemini's API mid-execution to dynamically generate malicious code on the fly, specifically to evade static analysis and network-based detection. The malware outsources its own weaponization to a language model. That's not incremental improvement. That's a different category of threat.
The Transparency Trap
There's an argument circulating in intelligence circles that more open data equals better insight, and that the future of intelligence belongs to whoever can process the most of it fastest. The opposing view -- and I think the more rigorous one -- is that this is a transparency trap.
More data processed faster produces more confident outputs. Confidence is not accuracy. AI systems applied to OSINT tasks can produce plausible-sounding analysis built on flawed reasoning, hallucinated details, or training data that doesn't generalize to the specific domain at hand. The problem is that the output looks identical whether the reasoning is solid or broken. A language model explaining why a photo is probably from southern France sounds authoritative whether it's right or whether it just pattern-matched to something superficially similar in training. The analyst who can't distinguish those two cases is more dangerous with the tool than without it, because they'll act on bad intelligence with more confidence.
This is the deepest issue AI introduces to OSINT: it doesn't just lower the skill floor for collection. It masks the skill floor for evaluation. The slow, painstaking manual work that used to build analyst judgment -- hours spent geolocating a single photo, learning where models fail, building intuition for what a false positive looks like -- gets skipped. The output is convincing enough that most people don't look for the seams.
Elite practitioners understand this. Every serious survey of working analysts stresses the same thing: AI supports the workflow, human judgment makes the call. GeoSpy's own documentation says the same. But the people who need to hear that warning the most are exactly the people who will skip past it.
What This Means If You Have a Public Presence
The implications for anyone with a public-facing identity are concrete and uncomfortable. Social media platforms strip metadata from uploaded images. That was the main mitigation people relied on to prevent location inference from casual photos. GeoSpy makes that mitigation largely irrelevant. The pixels themselves carry the signal. A photo from your apartment window, your regular coffee shop, or your neighborhood park is enough for someone with the right tool and enough persistence to triangulate a routine.
PimEyes receiving 7.58 million visits in a single month in 2025, with traffic growing month over month, is not a privacy researcher statistic. Those are real people running real queries. Some percentage of them are exactly who you'd be worried about.
The traditional OPSEC advice still applies, and it applies harder. Don't post identifiable backgrounds. Vary your routines. Audit what your publicly indexed photos reveal. Check your own name and face in these tools before an adversary does -- which is, notably, PimEyes's stated primary use case, and a legitimate one. If you've published photos over the course of a career, conference appearances, social media, headshots, the indexed corpus of your face is larger than you probably assume.
The deeper structural point: the asymmetry that used to favor investigators with specialized skills has inverted. Now the attacker needs skill. The tool handles the expertise. Anyone with a browser and a credit card can run a face search or geolocate a photo to city-level accuracy. The burden of protection has shifted almost entirely to the subject.
The Actual Skill That Matters Now
Here's the steelman for AI-augmented OSINT: it genuinely enables capabilities that wouldn't exist otherwise. A journalist in a small newsroom with no dedicated intelligence analyst can now verify the location of a viral video, identify a misrepresented military figure, or map the digital footprint of a suspected fraud in the time it would have previously taken a specialist team. That's democratization in a useful sense.
The caveat is that the same sentence applies to every other actor in the ecosystem.
The skill that matters now isn't collection. Collection is solved. The skill is evaluation: knowing when the tool is right, when it's plausibly wrong, and when it's confidently hallucinating. It's understanding training data limitations well enough to know which queries are in-distribution for a given model and which ones are pushing against the edge of what it actually learned. It's treating AI outputs as hypothesis-generating, not hypothesis-confirming.
That's a narrower and harder skill than the collection tradecraft it replaces. It requires understanding how these systems work at a level most users skip entirely. And it's the skill that separates the analyst who makes better decisions with AI tools from the one who makes faster wrong decisions.
The floor collapsed. The ceiling didn't.