I just became certified in OSINT (Open Source Intelligence) from the McAfee Institute. Professionals certified in OSINT have demonstrated mastery of the OSINT lifecycle—from intelligence gathering and analysis to managing OSINT operations effectively; the ability to work with industry-standard tools and methodologies for data collection, social media intelligence, and open-source data analysis; and the ability to apply frameworks and best practices to design, implement, and manage a comprehensive OSINT strategy tailored to real-world investigative needs.
I want to serve my clients in the best way possible when it comes to information security, which is why I took the time and invested the resources to get certified. Whether an organization needs to conduct an internal investigation or a threat assessment, understanding and mastery of the OSINT framework can be invaluable in the course of managing information security risk in various contexts.
And now for those of you who are wondering what OSINT is all about, here's my exam paper, which might be helpful in getting you up to speed on all things OSINT—from the very beginning of this discipline to today. And here's the paper itself:
The History and Future of Open-Source Intelligence
CrowdStrike, one of the leading cybersecurity organizations in the world, defines Open-Source Intelligence (OSINT) as "the active gathering and analysis of publicly available data for intelligence purposes."
Publicly available data could be anything published in newspapers and magazines, media reports, academic papers, books, census data, arrest records, and various other data published through publicly accessible portals, websites, journals, and other formats.
In the past, OSINT was considered the domain of a few specialists but now has become central to governments, enterprises, and investigators.
This paper will cover the evolution of OSINT in the 2015–2025 period, as reflected in the analysis of various field experts.
History of OSINT
The history of OSINT goes back to the days of World War II when intelligence agencies listened to the public broadcasts of the enemy's radio emissions. Even though limited in scope due to its analog format, these techniques paved the way for what we know as OSINT today. The Cold War marked yet a new phase in the maturation of OSINT. The Soviet Union gathered up to 90% of their intelligence through publicly available data in the United States. And lastly, the advent of the Internet took OSINT to a whole new level of efficiency. Data began to grow exponentially, and new tools began to be developed for the collection, analytics, and dissemination of OSINT (SentinelOne, 2025).
The latest developments in this historic ascent of OSINT as a discipline have been the invention of social networks, the dark web, and artificial intelligence/machine learning.
It's also worth noting that the Director of National Intelligence has officially designated open-source collection as an "official intelligence collection discipline." In 2024, we witnessed the release of the first-ever intelligence community OSINT strategy (DIA, 2024).
Data Privacy and Use Cases of OSINT
With the proliferation of publicly accessible data and the impact this has had on our lives, new regulation has also emerged: GDPR in the EU (2018) and the California Consumer Privacy Act in the United States, among many others. This has forced OSINT professionals to adjust their methodologies in data collection. However, it has not slowed down the trend at large.
Private OSINT vendors were one of the first to provide OSINT intelligence on the Russia-Ukraine conflict of 2022, sometimes faster than official US intelligence agencies (Tucker & Robson-Morrow, 2025).
Another example of using OSINT for attribution is Bellingcat, who used open-source satellite images, Instagram posts, and vehicle movement to pinpoint Russian military units and declared them responsible for the downing of Malaysia Airlines flight MH17 in the Ukraine in 2014.
In the corporate world, we have seen an increase in the number of companies that collect data on competitors, partners, employees, or even suppliers, all in an attempt to gain a competitive advantage in a fast-moving world.
The fact of the matter is that OSINT can be used by anyone. However, we've seen three distinct categories become the leading consumers (and contributors) to OSINT: governments, corporations, and academia.
Governments and militaries worldwide use OSINT for their national security purposes in order to help them make informed decisions. The CIA, FBI, NSA, and Department of War are just some examples of federal United States intelligence and government bodies that use OSINT. They may use it for purposes such as foreign election interference prediction, border monitoring, and counterterrorism.
In the corporate world private cybersecurity firms use OSINT to run background checks on employees, learn about their competitors, run threat monitoring, or analyze supply chain risk. (ShadowDragon, 2025) Penlink, (2025).
When it comes to academia and education, any organization that does research dependent on the acquisition of publicly accessible data is effectively involved in OSINT.
The Future of OSINT
According to ShadowDragon, 2025 marked a turning point in open-source intelligence, transforming it into "a mainstream, mission-critical discipline for enterprises across security, compliance, fraud prevention, and geopolitical risk."
Experts agree that OSINT will continue to grow in automation and AI, which will allow for a hybrid of sorts between human and machine intelligence (Azutech, n.d.; Future Market Insights, 2025). By the year 2026, OSINT analysts will likely spend between 30 to 50% of their time on automated tools handling first-level workflows. Expect to see AI agentic tools that are able to automatically summarize cases, link identities to records, flag anomalies, and more all without needing multimodal inputs (Azutech, n.d.; ShadowDragon, 2025). Industry analysts project that the OSINT industry will grow by 20.65% compounded annually from 2025 to 2035. In 2025, the worldwide OSINT market size was estimated at around $11.75 billion and is predicted to reach $76.81 billion by 2035 (Market Research Future, 2026).
Enterprise adoption is surging in threat intelligence, corporate investigations, supply, change, security, fraud, detection, and brand protection.
The expectation is that OSINT will become a standard discipline across enterprise risk in security operation centers (SOCs), legal, HR, procurement, compliance, and physical security. Another phenomenon that has become central to security professionals is the proliferation of deepfakes, where, again, OSINT can mitigate such risk as a way of presenting verified information to counter deepfake disinformation campaigns.
The History and Future of Open-Source Intelligence © 2026 by George Bakalov is licensed under CC BY-NC-ND 4.0