Conference program
The conference theme, ‘Intelligence in Action: Strategy to Delivery’, will examine how intelligence capabilities are conceived, operationalised, and measured. Within this overarching theme, we will explore three critical sub-themes:
Operational Agility
Partnerships
Impact and Integration
Each sub-theme reflects a core component required to sustain, evolve, and future-proof the intelligence profession in Australia.
This program is under development, and AIPIO now invites abstract submissions that are clearly aligned with the Intelligence 2026 theme. For more information about Intelligence 2026 theme and sub-themes please visit the Conference Theme page.
How does intelligence move from fragmented signals to analysis to timely, defensible action?
This masterclass explores how modern capabilities—spanning data ingestion, AI-assisted analysis, and intelligent decisioning—can be combined to operationalise intelligence at speed and scale. Using a foreign interference (FIMI) scenario, we will examine how indicators such as coordinated inauthentic behaviour can be detected, analysed, and translated into clear response options.
Participants will engage in a practical walkthrough of an end-to-end intelligence workflow, highlighting where traditional approaches stall and how emerging techniques—such as large language models and decision automation—can improve consistency, agility, and impact.
The session will focus on closing the gap between insight and outcome: ensuring intelligence not only informs, but drives action that is timely, auditable, and aligned to mission priorities.
This dynamic opening panel sets the scene for the conference by exploring how intelligence is evolving in an era defined by rapid change, technological disruption, and increasing complexity. Bringing together senior leaders, industry experts, and emerging voices, the discussion will examine what it truly means to move from insight to action—and why that remains a persistent challenge across the profession.
Through a mix of rapid-fire perspectives and candid discussion, panellists will unpack the forces reshaping intelligence today: the pressure for speed alongside the need for rigour, the growing role of AI and data-driven tools, and the enduring importance of trust, tradecraft, and human judgement. Just as importantly, the panel will spotlight the experiences and expectations of early-career professionals and students, offering a forward-looking view of the skills, pathways, and mindset required for the next generation.
Designed to spark debate and set a purposeful tone, this session will surface key tensions, challenge assumptions, and provide a shared foundation for the conversations that follow throughout the conference.
Public safety agencies are increasingly operating within an environment they were not originally designed to manage, shaped by rapidly expanding data, technology-enabled and transnational threats, rising public expectations, and growing social complexity. Yet many intelligence and public safety models remain heavily focused on reactive response and downstream intervention. This presentation examines the growing tension between traditional approaches to public safety and the emerging need for prevention-oriented, intelligence-led strategies.
Drawing on operational experience, international research and contemporary intelligence practices, the session will explore how data, analytics, interagency collaboration and trustworthy technology are reshaping the way agencies understand harm, risk and community safety. It will also consider the enduring importance of public legitimacy and trust, and the role intelligence professionals may play in supporting more informed, ethical and proactive approaches to public safety in an increasingly complex future.
This session explores what it means to lead intelligence organisations in an era of strategic competition. It examines how leaders can provide clarity of purpose while navigating ambiguity, balance risk with opportunity, and enable decision-making when information is incomplete or contested. Drawing on contemporary intelligence practice, the session will highlight how leadership must evolve from directing activity to shaping adaptive, resilient systems capable of responding to constant change.
Aligned with the conference focus on translating insight into action, this session will consider how leaders foster organisational agility, integrate emerging technologies, and build trusted partnerships across agencies and sectors. It will also address the human dimension of leadership—how to sustain trust, accountability, and professional judgement under pressure.
This session reframes leadership not as control in uncertain environments, but as the ability to guide organisations through them—turning uncertainty into strategic advantage and ensuring intelligence remains a decisive force in national security, public safety, and organisational resilience.
Well-being like you have never heard it before! This session will provide you with the real biology you were never taught at school: The chemical changes that occur in your body when you are stressed, why they occur, the damage they can do, and how to recognise and most importantly alleviate them.
In this session, we will focus on why focusing on the mental health aspect of stress is a mistake.. There are two aspects to a person – the body and the mind and both are vitally important in a person’s ability to be happy, healthy, and perform at their best.
As a double act, Dr Zoe Billings and Mark Pannone will cram in as much information as possible to help you identify signs of stress within your body and equally importantly, identify techniques that you can use to address physical symptoms of chronic stress, which can manifest far earlier than the mental symptoms, providing you with the ability to adopt an early intervention approach to your wellbeing and support your personal resilience. In a (hopefully) fun and engaging presentation Mark and Zoe will help you to protect health and wellbeing and provide evidence-based approaches to avoid dying… yet!
Confronting the Intelligence Challenge of Our Time
In an era of data abundance, clarity is the decisive advantage. The defining intelligence challenge today is no longer collection—it is connection: transforming fragmented data into actionable insight at the moment of decision.
This session explores the growing seam between government and private-sector visibility that adversarial nation-states exploit through whole-of-society strategies. Competitive advantage in the Intelligence Age will come not from matching authoritarian secrecy, but from operationalizing openness through trusted collaboration and real-time visibility.
Learn how a new intelligence model—grounded in OSINT, agentic AI, and federated collaboration—is reshaping strategic operations, and see how Strider OS enables organizations to surface strategic risk and make faster, more informed decisions.
National security and intelligence agencies need intrusive, coercive powers and capabilities to do their work. Government support and public acceptance of that is dependent upon credible assurances those agencies operate within legal and ethical constraints, lest they undermine the national values and freedoms that they exist to protect.
How can these assurances be provided when the secrecy upon which the agencies’ effectiveness depends on what they do and how they do it remaining strictly confidential?
The Office of the Inspector-General of Intelligence and Security exists to balance the enduring tension between transparency, security, and secrecy.
This presentation will explore the challenges in maintaining public trust in an era of declining social cohesion, aggressive adversaries, increasingly powerful private actors, an environment of mis and disinformation, and rapidly evolving unregulated artificial intelligence. It will examine why legality is a necessary metric, but not the only important factor by which to judge agency activities, and why the concepts of propriety, human rights, and privacy are still relevant in a post rules-based global order world.
A presentation on the sector profiles and the overall idea of ‘open sourcing’ intel for stakeholders (i.e. CMAD) using the profiles and the CMAD to:
partner with sectors and shape how they recognise, report, and respond to risk
create a feedback loop that increases our reporting through notifications.
Overtime, we will have the capacity to:
partner with agencies to help them integrate intelligence cycle thinking on risks and drivers
improve their prevention and detection capability
Australia's critical infrastructure operators manage risk across four legislated hazard domains under the Security of Critical Infrastructure Act 2018 (SOCI Act) and Critical Infrastructure Risk Management Program (CIRMP): physical, cyber, personnel, and supply chain. The cyber domain increasingly benefits from mature intelligence practice, including threat feeds, dark web monitoring, and vulnerability analysis. The physical domain, across the broad majority of SOCI-regulated entities, does not. State actors conduct reconnaissance, activist campaigns map supply chains, and organised criminal networks surveil sites, all generating open-source and geospatial signals, yet most operators have no intelligence collection architecture, and in many cases no intelligence concept, applied to the physical threat domain.
Using a multiple case study methodology, the paper applies intelligence cycle analysis to four Australian incidents: organised gold theft in Western Australia, diesel supply chain disruption across NSW and South Australia, telecommunications infrastructure sabotage on the Mornington Peninsula, and repeated forced entry at Australia Post's Melbourne GPO. Each case reconstructs the attack timeline and identifies where observable precursors, including open-source signals, and geospatial anomalies, preceded the physical incident. Cross-case analysis reveals that in three failure cases, the intelligence cycle was absent as an operational construct, not merely broken at a single stage. Detection windows of one to four weeks existed but went unexploited. The contrasting case, a WA Police Gold Squad operation with an embedded intelligence function, produced a fundamentally different outcome.
Drawing on practitioner experience in critical infrastructure security and open-source intelligence, the paper proposes a scalable, intelligence-led collection framework that adapts established intelligence-led policing principles for organisations without dedicated intelligence units. The findings support embedding intelligence as a continuous operational function within CIRMP implementation, and identify critical infrastructure physical security as an emerging domain of intelligence practice.
Structured analytic techniques (SATs) are used across the intelligence community to improve judgement, manage bias, and support robust decision-making. Yet there is a gap between formal requirements to use these techniques and how they are used in practice.
This paper draws on a mixed-methods research program (N = 900+) examining the role of acceptability in effective use of SATs, and what promotes acceptability. The findings
show that perceived acceptability strongly shapes whether SATs are applied in ways that meaningfully influence judgement and decisions. However, acceptability is not a ‘onesize-fits-all’ phenomenon.
Perceptions of acceptability vary with decision context (e.g., complexity, stakes, scrutiny), individual differences (e.g., personality traits), and social conditions such as psychological safety.
The findings challenge the assumption that analytic rigour can be achieved through compliance alone. Instead, they suggest that SATs exert influence only when they are perceived as legitimate, proportionate, and socially safe to use within the decision environment. Where acceptability is low, mandated techniques risk becoming symbolic, selectively applied, or quietly bypassed, limiting their strategic value.
The paper concludes by outlining practical implications for intelligence leaders and practitioners seeking to embed analytic practices that genuinely shape judgement,
decision quality, and organisational outcomes. It argues for a shift from enforcement-led adoption to acceptability-informed integration, reframing analytic impact as a human and organisational challenge as much as a technical one.
In an era of increasingly complex threat landscapes, intelligence professionals are under pressure to deliver faster, more accurate assessments with fewer resources. The ability to rapidly trace corporate ownership structures, identify hidden connections, and uncover and screen entities across global sanctions and watchlists is no longer a luxury – it's a baseline requirement.
This session explores how modern data intelligence platforms are transforming the speed and quality of analytical workflows in government and national security contexts. Using an anonymised case study, we walk through a real-world scenario involving cross-border entity networks, layered corporate structures, and time-sensitive screening requirements – demonstrating how integrated tools for corporate transparency, supply chain visibility, and regulatory intelligence can compress what once took months into minutes.
Attendees will gain practical insight into how automation and connected datasets support sharper decision-making under pressure, without replacing the analyst's judgement. We also examine the evolving role of AI-assisted investigation in helping teams prioritise leads, reduce noise, and maintain clarity when the operational tempo demands it.
Ideal for intelligence analysts, investigators, and leaders responsible for operational capability and modernisation.
For analysts and OSINT practitioners, the challenge is no longer finding data, but delivering impact. To bridge the gap from Strategy to Delivery, intelligence units must evolve from reactive monitoring to proactive delivery powered by Predictive and Agentic AI.
Daniel Pearce (Dataminr) explores how autonomous agents are transforming analysts from data processors into strategic commanders. Drawing on 20 years in UK Counter-Terrorism and law enforcement, Dan demonstrates "Human-on-the-loop" workflows where AI reasons and corroborates signals in real-time. Attendees will learn the art of the possible to move beyond manual triage toward high-value analysis that anticipates potential next steps of a crisis before they escalate. Discover the role of integrating predictive signals into operations to achieve mission success at the speed of relevance.
In recent years, the cybercriminal supply chain has become a core part of the cybercrime ecosystem, enabling a wide range of online criminal activity and increasingly supporting real-world fraud. PwC Threat Intelligence has observed the continued distribution of stealer logs despite law-enforcement disruption, the growing use of phishing-as-a-service affiliate schemes, and an increasing reliance on initial access brokers to support ransomware, business email compromise, account takeover, and fraud. For organisations, the challenge is not simply understanding these activities, but in turning fragmented insight from the underground economy into actionable intelligence.
This presentation examines how organisations can leverage deep and dark web intelligence to make informed decisions on organisational strategy, operational activities, and risk management. It begins with a practical primer on the underground ecosystem, contextualising how information stealers, phishing kits, credential markets, underground forums, and initial access brokers interact across the attack lifecycle. It then draws on PwC Threat Intelligence global observations, including Australian stealer log exposures, access pricing trends, and targeting patterns, to show how these signals can be prioritised and interpreted in context.
A case study based on ransomware activity of the threat actor we track as White Veles traces the full attack chain: from credentials likely harvested by an infostealer and sold on an underground marketplace, to their purchase by a separate threat actor, subsequent access to the corporate environment, and ultimately ransomware deployment. Mapping each stage to observable indicators shows where organisations can detect, disrupt, and reduce harm earlier.
We will also examine the overlap between cybercrime and real-world fraud, challenging the traditional separation between cybersecurity and fraud functions. Attendees will leave with practical approaches for integrating dark web intelligence into risk management, executive decision-making, and cross-functional response, directly supporting the conference theme of turning knowledge into action and insight into impact.
Do you identify with the following traits:
Empathetic
Active Listener
Emotional Intelligence
Non-judgemental
All of these traits are required for rapport building with anyone but even more so when operating in high stakes environment. You may be on a deadline however to get what you need you may have to listen, more than talk. You will need to understand your own morals, biases and judgements and be able to compartmentalise this dependent on the situation before you. Rapport is more than just being nice; it is about building trust and at times you may have to do this quickly. Whether it be a high stakes business deal, covert engagement or just trying to make new friends rapport building is an essential life skill that can help you achieve your end goal.
In contemporary intelligence practice, operational agility depends not merely upon analytic competence, but upon the disciplined application of tradecraft in environments characterised by uncertainty, accelerated decision making, information overload, persistent disruption, misinformation, and compressed assessment cycles. This paper argues that agile intelligence practice requires more than faster analysis. It requires purposeful engagement with stakeholders, effective human AI collaboration, and ethically grounded influence frameworks that enable intelligence to move beyond analysis into execution. These capabilities are particularly important in acute threat assessment, in safeguarding legal and normative freedoms within democratic societies, and in ensuring that the adoption of emerging technologies remains professionally accountable, values driven, and human centred. In that setting, intelligence must become faster, smarter, and more adaptive, generating near real time assessments while maintaining credibility, transparency, and professional judgment.
Drawing on practical perspectives from covert and special operations, advocacy, executive decision making, and contemporary digital investigation, the paper examines how applied tradecraft supports performance in dynamic and turbulent operational environments. It contends that communication, judgment, recipient awareness, and disciplined persuasion are not incidental interpersonal qualities, but essential operational capabilities. These capabilities assist intelligence professionals to align expectations early, frame issues clearly, reduce complexity without distortion, adapt messaging in real time, and maintain fidelity to evidence under pressure. In this respect, the classical rhetorical modes of ethos, logos, and pathos remain relevant as practical instruments for establishing credibility, shaping understanding, and supporting better decision making.
The paper further argues that operational agility is strengthened when practitioners integrate the interpersonal, technical, and leadership dimensions of tradecraft with transparent decision making, human oversight of AI assisted processes, and ethical safeguards that protect trust. On that basis, applied tradecraft is properly understood as a central operational capability through which intelligence becomes more responsive, predictive, defensible, and effective in complex environments.
Many Indo-Pacific governments are rapidly expanding their intelligence capabilities. However, capability enhancement does not automatically lead to better policy outcomes. This gap is particularly evident in domains such as information warfare and cognitive warfare, where threats evolve more quickly than institutional responses. In Japan, operational and tactical intelligence functions relatively effectively in areas such as disaster response, missile tracking, and crisis management involving Japanese nationals overseas. At the same time, strategic-level intelligence remains underutilized because its objectives are not clearly defined. Decision-makers often struggle to articulate the future state that intelligence is intended to support. They also face difficulty in prioritizing the information requirements needed to reach that state. As a result, collection and analysis tend to become supply-driven rather than purpose-driven. This limits the extent to which intelligence can influence policy.
Japan’s recent efforts to strengthen its intelligence architecture highlight this structural challenge. Institutional reforms and capability investments are advancing in areas that include countering information manipulation and disinformation. However, these initiatives cannot achieve their intended effect unless political leaders clearly articulate the policy outcomes they seek. This is particularly important in the cognitive domain, where the absence of explicit objectives makes it difficult to determine what intelligence should prioritize. Without such clarity, capability enhancement risks increasing the volume of information without improving the quality of decisions.
This challenge has direct implications for cooperation between Japan and Australia. Deepening intelligence partnership requires shared strategic objectives and mutually understood intelligence requirements. Without a jointly defined future state, cooperation frameworks struggle to generate operational value. This tendency becomes even more pronounced in cognitive domains where timing, narrative coherence, and coordinated action are essential. By clarifying objectives and aligning intelligence requirements, Japan and Australia can strengthen regional security in a more substantive and actionable manner.
Intelligence 2026 emphasises closing the gap between strategic intent and operational delivery, ensuring that knowledge turns into action and insight results in measurable impact. This gap is most evident in organisational approaches to insider threat.
Many organisations report advanced insider threat capabilities. Policies are documented, monitoring tools are in place, awareness programs are delivered, and dashboards are populated with indicators.
However, when behavioural signals surface in volatile or high-pressure situations, intelligence often stalls before it leads to decisive action. Escalation paths remain unclear, ownership is scattered across functions, and behavioural cues are interpreted inconsistently. The presence of controls is mistaken for preparedness.
Building on cross-sector capability assessments and governance advisory work, this paper contends that insider threat maturity is hard to judge because it is often assessed by structural artefacts rather than by the reliability of integrated decision pathways under stress. Detection without coordinated integration does not allow leaders to act swiftly, confidently, or with precision.
Aligned with the sub-theme of Impact and Integration, this paper redefines insider threat capability as a challenge in intelligence delivery.
It suggests practical principles for assessing real-world readiness, integrating behavioural insights into governance frameworks, and ensuring that intelligence consistently informs proportionate and timely organisational decisions.
In a risk environment defined by volatility and interconnectivity, intelligence must do more than inform. It must be designed to move.
This session explores the practical application of social media and digital footprint reviews in investigations, with a focus on how online information can be used to assess behaviour, activities and overall capacity.
Drawing on real-world experience, the session will demonstrate how open source intelligence (OSINT) is applied in workplace and liability matters, including identifying undisclosed employment, business interests, lifestyle indicators and inconsistencies with stated restrictions.
It will also cover how digital enquiries are used to analyse online behaviour, identify linkages across platforms, and work with limited or potentially misleading information, including matters involving anonymous or pseudonymous profiles.
The session will highlight common challenges, including managing uncertainty, avoiding confirmation bias and maintaining evidentiary standards.
Attendees will gain a practical understanding of how digital enquiries support decision-making, along with key considerations when interpreting and reporting findings.
This session examines how mentoring relationships benefit the intelligence community, and individuals, no matter what stage of your career you are currently in. Whether you are a mentor, or seeking out a mentor, these relationships allow us to grow, connect and lead. Drawing on lived experience, this session will explore how effective leaders cultivate the next generation of collaborative practitioners, as well as provide practical tips on how emerging practitioners can seek out and take advantage of mentoring opportunities. The session challenges leaders and practitioners to reflect on their own commitment to mentoring, at all levels, through both formal and informal mentoring relationships.
This session will be interactive with time for questions and discussion.
Critical infrastructure sits on the frontline of national security risk, yet most assets are operated by non-government organisations whose security decisions are shaped by commercial incentives and enterprise risk frameworks, rather than intelligence reporting. This has created a persistent gap between the real threats understood by intelligence agencies and the security actions taken by industry. Drawing on practitioner experience as a former intelligence officer now working in the critical infrastructure sector, this paper examines why classified intelligence often struggles to translate into effective security outcomes.
The environments in which intelligence is collected, analysed and produced are fundamentally different from those in which operational security decisions are made. Intelligence agencies necessarily communicate threat in abstract terms to protect sources and manage classification, but this can leave intelligence products feeling distant from the day-to-day realities of running complex infrastructure systems.
Intelligence agencies provide threat advice rather than enforceable direction, meaning organisations must interpret and prioritise that advice within their own commercial and regulatory frameworks, where resources are already highly contested. For senior decision-makers driven by commercial incentives and informed by quantifiable evidence, threat reporting can struggle to resonate.
These challenges are compounded by practical barriers to using classified intelligence in corporate environments. Handling requirements, clearance limitations and uneven security maturity make it difficult to translate sensitive reporting into advice that can be broadly understood and acted upon.
This paper argues that improving the impact of intelligence requires more than just information sharing. It requires a deliberate effort to bridge the intelligence–industry divide by translating threat assessments into practical terms that align with how organisations understand and manage risk. Until this gap is addressed, critical infrastructure will remain exposed to high-consequence security risks with significant economic, societal and national security implications.
The Admiralty Scale has inherent flaws - particularly in how it is applied - and misapplied to intelligence products. Rediscover the real value of properly evaluated intelligence products. In this workshop, participants will learn and apply an alternative model that can either support or even replace the admiralty scale.
Modern threats signals simultaneously across typologies, datasets, jurisdictions, and classification levels that rarely talk to each other. The bottleneck isn't collection but fusing fragmented, high-volume signals into finished intelligence before the operational window closes. This session examines how AI can be operationalised across the full analytic lifecycle in multi-vector environments — from collection triage and cross-domain entity resolution through to attribution.
This session reframes OSINT as a capability that has fundamentally shifted from a specialist-driven network to a technology-enabled function. Traditionally, effective OSINT relied on a distributed network of highly specialised practitioners, each contributing unique skills to collectively produce intelligence.
As the OSINT and SOCMINT environment continue to evolve, and professionals are required to do more with less, the ability to maintain an internal “OSINT ecosystem” is diminishing. Instead, organisations must look to partnerships, not just with other entities, but with technology itself, to bridge capability gaps.
This presentation explores how OSINT is no longer a hierarchical discipline, but a networked one—where success depends on combining human expertise with scalable technological solutions.
At 11:42 pm, a survivor receives another message from an account she has already blocked three times. The sender references her location with unsettling accuracy. Her devices show no obvious malware. Her passwords appear strong. On the surface, nothing is compromised.
But the pattern tells a different story.
What presents as a series of isolated digital incidents is, in fact, a coordinated pattern of coercive control enabled by everyday technology and amplified by online attribution signals. We refer to it as technology-facilitated abuse. This kind of abuse is now a core vector of domestic and family violence in Australia, enabling perpetrators to monitor, track, harass, and psychologically destabilise victim-survivors at scale. Yet the intelligence profession has rarely examined how its tradecraft can be operationalised to disrupt this form of harm.
Drawing on work done by the Digital Resilience Project, this paper demonstrates how intelligence tradecraft can be operationalised in frontline contexts through structured methodologies like attribution analysis, behavioural pattern mapping, and risk-based triage. It examines how intelligence functions can achieve operational agility in high-ambiguity environments, where incomplete data and time pressure demand rapid, defensible assessments.
Effective intelligence in the Indo-Pacific is no longer driven by information advantage alone, but by the quality of relationships that enable trust, access, and shared purpose. Partnership has become a core strategic capability—one that determines whether intelligence insights are credible, actionable, and ethically grounded across agencies, sectors, and borders.
This theme reframes partnership away from transactional, output-driven models toward relational frameworks that reflect how our partners themselves understand trust, obligation, and collective security. In Pacific and Indigenous contexts, relationships are not instruments to achieve outcomes; they are the outcome. Concepts such as whanaungatanga, va, kinship, reciprocity, and collective responsibility shape how legitimacy is built and how information is shared. Intelligence partnerships that fail to recognise these relational foundations risk misunderstanding intent, eroding trust, and reinforcing silos they seek to dismantle.
The theme explores how intelligence organisations can design partnership models that respond to partners as they expect to be engaged: through long-term commitment, shared accountability, respect for sovereignty, and recognition of cultural authority. This includes cross-agency collaboration, public-private partnerships, and international engagement, particularly in the Pacific where security, development, climate, and social cohesion are deeply interconnected.
By embedding relational approaches into partnership frameworks, intelligence agencies can enable secure information-sharing, improve early warning, and strengthen regional resilience. Ultimately, partnerships grounded in Indigenous and Pacific relational worldviews enhance intelligence impact—not by extracting value, but by co-creating it in ways that endure beyond immediate operational needs.
Effective regulation of market competition is essential to supply chain security and economic welfare in Australia. Social sentiment is increasingly driven by economic conditions linking agile government responses to social cohesion. While market competition has been historically difficult to detect, the emergence of artificial intelligence (AI) enhanced statistical techniques offers a new opportunity in market surveillance tradecraft. Traditional statistical tests use variance, skewness, and bid gaps to detect bid rigging. AI models can dynamically adjust thresholds for these tests and integrate with partner systems to make more accurate assessments. Factors can be layered within AI tools enabling a combination of low bidder variance, history of co-biding, and consistency of subcontracting to factor into an assessment. AI can further be trained using data from a normal competitive market and anti-competitive markets. From this information it can use k-means or DBSCAN machine learning algorithms to identify clusters invisible to traditional statistical methods. This paper will explore the potential of new AI market surveillance techniques and their effectiveness for detecting concealed anti-competitive behaviour. It will also consider how Commonwealth regulators can partner to integrate systems with departments and agencies, state governments, and industry to gain access to data and improve the detection of anti-competitive conduct.
Drawing on recent practical experience, this tradecraft session introduces GenAI as a useful addition to the analysts' toolkit, provides real world examples of the use of GenAI for analytic tradecraft, and highlights emerging challenges for the wider use of GenAI.
Professional intelligence officers represent a niche community of knowledge workers, whose primary occupational role involves the autonomous acquisition, synthesis, and application of information to problems that may be underspecified in terms of their scope and objective. Advances in artificial intelligence (AI) tools and methods present new opportunities for enhanced operational agility in the production of reliable intelligence. While the use of AI in the context of intelligence production is not new, modern agentic AI deployment reflects an emerging model of synthetic cognition with important implications for the role of human intelligence officers and the maintenance of decision advantage. Adopting a praxeological perspective, we assess the implications of contemporary agentic AI methods through the lens of Cognitive Intelligence (COGINT) – the identification and analysis of the cognitive influences upon individual and collective behaviour. Considering existing uses of AI in intelligence operations, we describe a novel strategy for the autonomous evaluation and control of bias and adversarial influence within the development and analysis of intelligence products. Characterising the role of human intelligence officers as that of interlocuter within a synthetic cognitive process, we conclude by identifying future research questions and technical challenges for the application of AI in the field of cognitive warfare.
In ancient Rome, the testudo, the tortoise formation, was unstoppable. Every soldier locked their shield to the next, leaving no gaps for the enemy to exploit. The moment one shield dropped, everyone was exposed.
Transnational organised crime thrives in exactly those gaps, between jurisdictions, sectors, agencies and communities. In this session, Crime Stoppers International CEO Hayley van Loon makes the case that closing them demands more than cooperation. It demands fusion, and that civil society has a unique role to play.
As a global for-purpose organisation working across over 30 countries, CSI sits at the intersection of government, law enforcement, the private sector and the public. With law enforcement already drinking from a firehose of data, Hayley will walk through how CSI's Global Fusion Centre and its pioneering Cybercrime Bounty program with Fortinet are designed not to add to the noise, but to cut through it, turning community information into actionable intelligence that gets to the right people at the right time.
Two thousand years later, the principle still holds: lock the shields or lose the fight.
This paper argues that meaningful convergence is occurring between risk management and the intelligence cycle, yielding an emergent practice termed risk intelligence. Drawing on security convergence theory, enterprise risk management frameworks, and intelligence studies literature, the paper traces how organisational, process, product, and information-level convergence have progressively dissolved the boundaries between these two disciplines. The paper maps the structural parallels between the risk management process and the intelligence cycle, culminating in the concept of Risk Management Based Intelligence (RMBI). It then situates Generative Artificial Intelligence (GenAI) as both a catalyst and a complicating variable in this convergence: while GenAI dramatically accelerates data synthesis, translation, and predictive analysis, it simultaneously introduces new uncertainties around source transparency, hallucination, adversarial disinformation, and the erosion of human analytical judgement. Six evolutionary trends shaping the intelligence community are identified, from the big data revolution to the prospect of human-machine teaming. The paper concludes that the promise of risk intelligence as a unified business process is real but will remain unrealised without sustained investment in analyst professionalisation, governance frameworks, and the principled integration of GenAI tools that keep humans meaningfully in the loop.
This paper examines how AI can be integrated into OSINT workflows to improve the speed, clarity, and usefulness of intelligence support without reducing analytical quality or creating unsustainable processing costs.
It addresses a practical challenge confronting modern intelligence teams: the volume of open-source reporting is increasing faster than analysts can effectively triage, assess, and convert it into actionable outputs. The paper argues that the strongest results are achieved not by applying a single powerful model across the full workflow, but by decomposing intelligence processes into deterministic, low-judgement, and high-judgement tasks, and then matching each task to the minimum viable analytical capability required.
The paper presents a tradecraft framework for building modular monitoring systems across supply chain compromise activity, CVE developments, and broader security news, research, and advisory reporting. Within this framework, deterministic logic is applied where conditions are explicit, lightweight language models are used for bounded judgement tasks such as relevance filtering, triage, and minimum viable intelligence extraction, and larger models are reserved for higher-complexity reasoning and workflow design. This layered approach enables faster and more disciplined intelligence production while maintaining auditability, consistency, and cost efficiency.
The paper demonstrates how this model can improve signal-to-noise ratios, reduce unnecessary downstream ingestion, and produce standardised intelligence feeds tailored to the needs of an enterprise-class organisation. Its contribution is a practical and repeatable framework for embedding AI into intelligence workflows in a way that preserves analytical intent, strengthens decision-support, and supports more effective intelligence delivery.
A fast-paced, high-impact Lightning Talks session featuring six concise presentations designed to spark thinking, challenge assumptions, and surface fresh perspectives across the intelligence profession.
Each talk is strictly 7 minutes, responding to a shared master question that explores a critical issue facing intelligence today. Rather than traditional presentations, speakers will deliver sharp, focused insights that cut to the heart of the topic—no filler, just ideas that matter.
Across the six talks, speakers will each address a specific angle of the master question, building a layered and multifaceted exploration of the issue from different perspectives, disciplines, and experiences.
This format is designed to:
Accelerate idea-sharing across domains and disciplines
Surface diverse perspectives from across the intelligence community
Challenge conventional thinking through brevity and precision
Encourage connection between strategic concepts and operational realities
Expect energy, provocation, and insight—delivered at speed, but with lasting impact.
Dennis Richardson AC
Kylie Flower
Jonno Newman
Nick Slater
