Skip to content
, March 12, 2026

Situational Unawareness

Open source intelligence isn’t all it’s cracked up to be
A collage featuring images of missiles launching, a bomb exploding, a slice of pizza, and various charts.
© Nick Sheeran

At 1:15 a.m. EST on February 28, the United States and Israel launched airstrikes on Iran. During the first twenty four hours of war, the airspace over Tehran cleared as roughly two hundred fighter jets carried out airstrikes on more than one thousand targets, twice the scale of the U.S. military’s “shock and awe” campaign in Iraq back in 2003. Nine countries closed their airspaces, and ships changed course to empty out the Strait of Hormuz. Electro-optical and synthetic aperture radar satellites, critical to military intelligence, zigzagged across the sky over the strike zone, and signal interference scrambled GPS systems across the region.

I watched all of this play out in “WorldView,” which is “a geospatial command center that fuses open-source intelligence feeds onto a 3D globe,” according to Bilawal Sidhu, an ex-Google Maps product manager who had “vibe coded” it over the course of a weekend only days before war broke out. Sidhu had built WorldView using only a swarm of AI agents and publicly available data feeds: live satellite tracking, military aircraft, real-time CCTV feeds, seismic data, street traffic, and more. The result was “basically what happens when Google Earth and Palantir have a baby,” Sidhu wrote, a tool that “lets you look at any place on Earth through the eyes of an intelligence analyst” simply by opening a browser tab. The “intelligence monopoly is over” he declared of his “God’s eye view” of Operation Epic Fury, suggesting a Promethean transfer of divine power into mortal hands.

In the leadup to the war with Iran—and in the harrowing days since—a dizzying number of tools like WorldView have appeared seemingly out of thin air, bringing the once niche hobbyist community of OSINT (short for “open source intelligence”) into the mainstream. With names like “World Monitor” or “The Big Brother V3.0,” these dashboards make “your own room feel like the CIA,” according to one observer. Though it sounds like the tradecraft of spies, at a basic level they simply visualize publicly available data: from conflict zone maps to air traffic to global market fluctuations. In theory, this information, when collected and aggregated in creative ways, can help the user make some surprising inferences.

That may be true for an actual intelligence analyst, but for most users, these snazzy dashboards cram a chaotic amount of information on screen, from which no sane person can draw logical conclusions. Instead of offering actionable intelligence, the illegible cacophony just leads to a type of hypercharged doomscrolling. “The amount of vibe coded ‘situation monitor’ slop being produced these days is absolutely astronomical,” one OSINT researcher complained. Another X user tried to impose some quality control by ranking several of these new dashboards in a post called “Monitoring the Situation Monitors.” For others, it’s a fantasy come to life: every person at the center of their own personal panopticon, the world stretched out before them as they omnisciently swivel their desk chair from cell to cell, screen to screen.

Not so long ago, I had to intentionally seek out these situation monitors and their infrequent breakthroughs in new investigative tools using OSINT methods. Now they’re everywhere—and I am not the only one to take notice. In late January, during a panel discussion at the Mitchell Institute for Aerospace Studies’ Airpower Forum, U.S. Air Force Major Claire Randolph reflected on lessons learned from Operation Midnight Hammer, the June 2025 attack on Iran’s nuclear facilities. She noted how “civilian AI capabilities” and the challenge they posed to “OPSEC,” militaryspeak for operations security, had snuck up on them. “You’ve got Twitter feeds of randos that are just studying where our airplanes go and publishing it, consolidating it,” Randolph said. “If U.S. analysts did some of that we would consider it Secret or maybe even Top Secret, but that stuff is just allowed on the open internet.” Thrilled to be a thorn in the side of an Air Force major, many of the “Twitter randos” I follow in the OSINT community saw this as more of a feather in their cap than a dig—some even added the epithet to their bio.

It is tempting to think that anyone with an internet connection can pull a fast one on the world’s most powerful military or that you can bypass a presidential administration hostile to the very notion of an informed public simply by monitoring something as simple as airplane traffic. Even more seductive is the idea that everything is knowable. The digital age has blanketed the world in cameras and sensors, which generate dizzying quantities of data—in other words, noise. But in that vast noise, the OSINT thinking goes, are signals. You just have to know how to find and interpret those signals, and all will be revealed.

The OSINT revolution in many ways democratized the powerful capabilities to gather information traditionally associated with spy agencies and put them into the hands of intrepid citizens who have identified perpetrators of human rights abuses or exposed vast disinformation networks. These impressive investigations have elevated OSINT to a near-mythic status in certain corners of the internet. But the widespread misuse and abuse of these same methods have also spread conspiracy theories, incited internet mobs, and fostered the illusion that anyone can know anything—as long as you “monitor the situation.”

Providing a concise history of OSINT is difficult. Everything from Facebook stalking a crush to geolocating a video of human rights abuses posted on Telegram could plausibly fall under the OSINT umbrella. Bellingcat, a pioneer in the field of OSINT and the gold standard for its use in investigative journalism, starts its brief history of open source intelligence in July 1941, when William Donovan convinced his old classmate, President Franklin D. Roosevelt, to appoint him “Coordinator of Information.” Months later, after Pearl Harbor, his post formally became part of the Office of Strategic Services, the forerunner to the CIA, where he was appointed director and “meticulously collected dozens of newspapers, journals, press clippings, radio broadcasts reports from around the world, hunting for photos and articles that may give away crucial intelligence about the enemy.” In essence, Donovan was doing analog OSINT.    

Not every OSINT cowboy is measured in their predictions or clear-eyed about the limits of their methods.

As the sheer volume and types of data exploded, the field of OSINT exploded along with it. Much of this growth was led by civil society. Academics, journalists, and human rights researchers developed sophisticated methods to collect and analyze the unprecedented amount of data pumped out into the world every day. These groups also negotiated rigorous ethical and professional standards to guide their work, codified in the “Berkeley Protocol on Digital Open Source Investigations,” which laid out how to responsibly identify, collect, preserve, and verify digital evidence in human rights and other international criminal investigations. Organizations like Bellingcat, SITU Research, and Forensic Architecture, as well as newsroom teams like BBC Verify, published visual investigations using OSINT methods, fact-checking false claims and achieving justice and accountability for victims in the process. Companies started selling OSINT services to corporate clients. OSINT training, certifications, and conferences popped up, like one that will take place later this month and promises to help participants “Master OSINT in the Era of Information Overload at the OSINT Summit.”

Everyday people who may never have even heard the term “OSINT” have devised ingenious ways to help their communities. When Hurricane Beryl knocked out power for 2.2 million of his neighbors in 2024, one enterprising Texan opened his app for the beloved fast food chain Whataburger, which has a live map tracking the status of restaurant closures in his area—a near perfect proxy for the geographic distribution of power outages. Indeed, good OSINT abounds. “This is how real OSINT should be done,” declared The OSINT Newsletter, which described how Bellingcat “reconstructed the Minneapolis ICE shooting by syncing five different videos, mapping movements and analysing multiple camera angles,” adding: “No doxxing, no speculation—just sources and methods.”

In the Wild West of the internet, however, OSINT enthusiasts play by a different set of rules. For every Bellingcat exposing U.S. culpability in a missile strike on an Iranian girls’ school, there are scores more accounts dubiously claiming to do similar work, often with exponentially larger platforms. Collectively referred to as “BROSINT” by some, these “OSINT cowboys” share common traits, according to the Coalition of Cyber Investigators:

They’re impatient, overconfident, and often self-taught through YouTube tutorials rather than learning through properly structured training or learning from an experienced OSINT mentor. They treat investigations like a game, forgetting that real people and serious consequences are involved. Whilst their output can look impressive to the untrained eye, experienced professionals recognise that their reckless approach doesn’t just hurt their work; it damages the credibility of OSINT as a discipline.

To be sure, some OSINT cowboys are well meaning and even helpful. One Pentagon reporter I spoke to said that even if specific claims made or conclusions drawn are wrong, these accounts can help call attention to a general pattern that journalists should dig into. An account may be incorrect about, say, the exact number and model of aircraft, tankers, and transport ships that are en route to the Middle East or that the movement of fifty-seven C-17 planes means a U.S. attack is six hours out. But from a high level, any mass movement of military assets is definitely something a defense reporter should follow. Not every OSINT cowboy is measured in their predictions or clear-eyed about the limits of their methods.

Take the Pentagon Pizza Report. In early January, after the U.S. military’s strike on Venezuela and capture of President Nicolás Maduro, one of their posts on X went viral. At 2:04 a.m. EST, as the Maduro raid was underway yet still unknown to the American public, the account posted a Google Maps screenshot with the caption: “Pizzato Pizza, a late night pizzeria nearby the Pentagon, has suddenly surged in traffic,” implying that the abnormally high traffic could be attributed to Defense Department staffers ordering food in anticipation of holing up in the Pentagon for a long night of handling a major international crisis the public has yet to know about. For the Pentagon Pizza Report, the surge occurring around the time of the raid was a vindication of their method. A similar project called the Pentagon Pizza Index, which “tracks potential correlations between late-night pizza orders and military activity,” even developed an alert system called DOUGHCON, a play on DEFCON, the U.S. military’s multitiered “Defense Readiness Condition” alert system.

Had this citizen-run open source tracker revealed in real time a raid that the military had taken pains to plan and carry out with the utmost secrecy, a mission about which major news outlets had learned but decided it too risky to report to the public? Probably not. There are several problems with this theory: For starters, the Pentagon has its own food court with pizza and many more options. Second, Google Maps surges in traffic indicate an uptick in phone use, not a flurry of orders. And finally, as the Washington Post pointed out last year, with so many food delivery apps out there, “Why would anyone limit themselves to chain pizza?”

Of course, the Pentagon is well aware of this little hack. In February, a Fox News reporter brought up the Pentagon Pizza Tracker and asked Defense Secretary Pete Hegseth whether they thought about just going to the cafeteria. “I’m aware of that account,” Hegseth responded. “I’ve thought of just ordering lots of pizza on random nights just to throw everybody off. Some Friday night when you see a bunch of Domino’s orders, it might just be me on an app, throwing the whole system off.”

When Trump posted a photo on Truth Social of the makeshift Situation Room set up to monitor the Maduro operation, one of the most prominent OSINT accounts—OSINT Defender—was visible on a screen behind Secretary Hegseth and CIA Director John Ratcliffe. Another photo suggested that they may have found OSINT Defender by searching “venezuela” on X, leading to speculation this OSINT account had found such valuable actionable intelligence that even the highest levels of the U.S. government sought it out. The more likely scenario, according to the Pentagon reporter I spoke to, is that the Trump administration knows full well what OSINT accounts can track, and the government lets them see only what the government wants them to see. In this sense, the Trump administration may have been checking up on their useful idiots.

The hard truth is no amount of public data nor hours logged monitoring the situation will give you the power to predict the future.

Of course, nothing is stopping Secretary of State Marco Rubio and Ratcliffe from gathering intelligence using OSINT techniques. After all, these tools are actor agnostic: 404 Media recently reported that police departments in Miami and Los Angeles have purchased access to GeoSpy, an AI-powered OSINT software that can geolocate a photo in seconds, often with little context. Hitmen hired by a criminal group in Montenegro and Serbia used OSINT to find their mark, the leader of a rival gang, in hiding in Greece. Aware of this potential abuse, many OSINT tool kits come with disclaimers of some kind. Would-be sleuths visiting one such resource are greeted first by an “ethics agreement” pop-up informing the reader that the “tools, techniques, and knowledge provided by FreeOSINT.org are intended for ethical, legal, and responsible use only.”

Even the Pentagon Pizza Index, which created Polyglobe, a marriage of OSINT and prediction markets—an industry not known for having an abundance of scruples—has its own “Operational Disclaimer.” The notice informs users that the dashboard is “for informational and educational purposes only,” and reminds them that “pizza consumption patterns should not be used as a basis for financial, political, or strategic decisions.” Though I only found it after scrolling to the bottom of the page, where it sat partially obscured by a banner overlay and a button entreating me to “trade geopolitics on Polymarket.”     

In some cases, irresponsible OSINT cowboying can have darker consequences. After the Boston bombing in 2013, armchair investigators pored over videos and photos purportedly of the incident, swapping theories in online public forums. Within days, these OSINT cowboys thought they had their guy. When that suspect did not pan out, they thought another guy was their guy again. Every time the internet sleuths named a new “suspect”—which were overwhelmingly people of color—abuse inevitably followed. A similar pattern occurred following the January 6 Capitol riot and Trump’s assassination attempt in July 2024. 

With so many OSINT accounts out there, it can be difficult to figure out which ones to trust. And a lot of data points or pieces of information can feel overwhelming absent proper context or prior knowledge, something OSINT cowboys rarely provide. In many ways, this is why beat journalism exists. But as the profession continues its steady decline, the number of OSINT accounts have only grown, leading to information overload and the unchecked spread of misinformation. This strain of misinformation in the guise of informed synthesis is particularly sinister: confusion generated by its putative opposite.

These problems have only intensified as vibe coding makes it easier than ever to deploy trackers and dashboards that look sharp from a design perspective and therefore authoritative, as people tend to believe visual content that looks good. Incentives to feed the insatiable desire to “monitor the situation” have only grown more entrenched now that prediction markets are transforming global conflict into a competitive spectator sport, one in which the advantage goes to the player with the most reliable, real-time information.

Apophenia is the common tendency for people to detect patterns or connections in otherwise random stimuli. People see the face of Jesus in a piece of toast or a man on the moon because the human brain craves order and familiarity as it searches for meaning in a meaningless world. It is natural and understandable to try and establish some semblance of control in the entropy, even if that control is only an illusion. But the hard truth is no amount of public data nor hours logged monitoring the situation will give you the power to predict the future. This is as true in Tehran as it is in Kyiv or Gaza. So next time you see traffic surging at a random pizza parlor in Arlington, before diving into a bunker, remember the Pentagon Pizza Index’s disclaimer: “Always monitor the pizzas responsibly.”