Agentic OSINT
Threat Intelligence

Overview

AGENTIQ Security OSINT is a multi-agent threat intelligence platform purpose-built for critical infrastructure operators. It continuously monitors open-source intelligence across four security domains — Cyber, Physical, Personnel, and Supply Chain — and delivers structured intelligence reports without human intervention.

Designed as a systems-integration product, AGENTIQ is customised for each client’s sector, geography, and threat landscape. Organisations can self-host the platform on their own infrastructure under a CAPEX ownership model, or subscribe to a fully managed OPEX service with dedicated support.

The Problem

Critical infrastructure operators face an asymmetric threat landscape. Adversaries span nation-states, cybercriminals, insider threats, and physical saboteurs — yet most security teams rely on fragmented, manually curated intelligence that covers only one domain at a time.

Traditional OSINT solutions are expensive, require dedicated analyst headcount, and rarely deliver cross-domain correlation. Smaller operators — regional utilities, water authorities, transport networks — are left with generic threat feeds that generate noise, not insight.

What AGENTIQ Does

Automated Collection

AGENTIQ deploys a fleet of specialised AI agents that continuously collect, clean, and categorise data from curated open-source feeds. Out of the box, the platform monitors 16+ sources including government advisories, vulnerability databases, and global news — with sources tailored to each client’s sector and geography.

Collection runs daily with no AI compute cost, using a proprietary cleaning pipeline that typically strips 99%+ of raw noise from HTML, XML, JSON, and RSS data before any AI processing occurs.

Cross-Domain Analysis

A dedicated Analyst agent applies structured intelligence methodologies to identify Tactics, Techniques, and Procedures (TTPs) across all four security domains:

Domain	Example Coverage
Cyber	Vulnerability exploitation, ransomware campaigns, SCADA/ICS threats
Physical	Substation sabotage, copper theft, terrorism targeting infrastructure
Personnel	Insider threats, social engineering, credential harvesting
Supply Chain	Software supply chain compromise, vendor risk, dependency attacks

Every TTP is graded using the NATO Admiralty System for source reliability and information credibility, giving decision-makers a standardised confidence framework.

Deterministic Reporting

AGENTIQ produces two flagship reports:

• TTP Intelligence Report — A structured, technical assessment for security teams, featuring individually scored threat cards mapped to the MITRE ATT&CK framework where applicable.
• Executive Intelligence Summary (EIS) — A concise, non-technical brief for leadership and boards, including domain-level threat summaries, convergence scenarios, and prioritised monitoring recommendations.

Reports are generated as branded, paginated PDFs using a deterministic JSON-to-template architecture. This means formatting is guaranteed — no layout drift, no missing sections, no surprises.

Source Provenance & Anti-Hallucination

AGENTIQ implements a three-layer provenance system that ensures every cited source in a report traces back to a verified data feed:

1. Source Registry — Only pre-approved, real-world sources can be cited
2. Prompt Constraints — The AI is explicitly prohibited from fabricating or inferring sources
3. Post-Processing Validation — Every source URL is programmatically verified against the registry before publication

The result: no hallucinated sources observed across all production reports to date.

Flash Alerts

Between weekly analysis cycles, AGENTIQ scans daily collections for critical threat patterns — such as active exploitation of critical infrastructure systems — and can trigger real-time email alerts to nominated stakeholders when high-confidence matches are detected.

Architecture

AGENTIQ is built on a multi-agent orchestration model with four specialised roles:

Agent	Function
Collector	Gathers and categorises raw OSINT from curated feeds
Analyst	Applies structured methodology to identify and grade TTPs
Reporter	Synthesises analysis into standardised intelligence products
Orchestrator	Coordinates the pipeline, manages sequencing and error handling

The platform runs inside a hardened, sandboxed environment with strict network isolation policies. Only explicitly whitelisted endpoints are reachable — all other traffic is denied by default. This architecture is designed for environments where security, auditability, and data sovereignty are non-negotiable.

Hybrid Execution Model

AGENTIQ separates collection from analysis to optimise cost and performance:

• Daily — Automated data collection and cleaning across all sources. Zero AI compute cost.
• Weekly — AI-powered analysis, TTP identification, report generation, and delivery. Current typical cost per cycle: under $0.20 (subject to model pricing).

This hybrid approach can significantly reduce operational AI costs compared to daily full-analysis models, while maintaining comprehensive threat coverage.

Deployment Models

AGENTIQ is a systems-integration product, customised for each client’s operational environment.

CAPEX — Self-Hosted Ownership

The platform is deployed on the client’s own infrastructure — on-premises, private cloud, or air-gapped environments. The client owns the system outright.

• Full source code transparency and audit rights
• Custom source selection and reporting cadence
• Optional support and maintenance agreements
• Ideal for organisations with sovereign data requirements or existing security operations centres

OPEX — Managed Subscription

AGENTIQ hosts, operates, and maintains the platform on behalf of the client. Reports are delivered to nominated stakeholders on a defined schedule.

• No infrastructure overhead
• Includes ongoing source curation and platform updates
• Dedicated support
• Ideal for organisations that want intelligence outcomes without operational complexity

Current Capabilities (v0.3)

Capability	Status
Automated daily OSINT collection (16 sources)	✅ Production
Cross-domain TTP analysis (4 domains)	✅ Production
NATO Admiralty grading	✅ Production
Branded PDF reporting (TTP + EIS)	✅ Production
Deterministic JSON/Jinja2 report architecture	✅ Production
Three-layer anti-hallucination provenance	✅ Production
Flash Alert pattern scanning	✅ Production
Hybrid execution model (daily collect / weekly analyse)	✅ Production
Automated email delivery to stakeholders	✅ Production
Hardened sandbox with network isolation	✅ Production
Automated cron scheduling	✅ Production

Roadmap

Near-Term (v0.4–v0.5)

• Longitudinal trend tracking — SQLite-backed historical analysis to identify emerging threat patterns over time
• Automated instance cloning — Single-script deployment for rapid client onboarding
• Per-client branding and source presets — Multi-tenant configuration management
• Interactive dashboard — Real-time visibility into collection status, source health, and threat trends

Medium-Term (v1.0)

• Sector-specific intelligence packs — Pre-configured source sets and analytical frameworks for energy, water, transport, telecommunications, and healthcare
• Bi-directional API integration — Ingest from and push to existing SIEM, SOAR, and GRC platforms
• Collaborative intelligence — Cross-client anonymised threat sharing for sector-wide situational awareness (opt-in)
• Regulatory mapping — Automated alignment of identified threats to compliance frameworks (SOCI Act, NIST CSF, ISO 27001, AESCSF)

Long-Term Vision

• Predictive threat modelling — AI-driven forecasting of threat actor behaviour based on historical pattern analysis
• AI-driven response recommendations — Context-aware mitigation strategies tailored to the client’s operational environment
• Continuous real-time monitoring — Transition from periodic collection to persistent, event-driven intelligence
• Edge deployment — Lightweight collection agents deployable on operational technology networks for direct ICS/SCADA visibility

Why AGENTIQ

• Cross-domain by design — Many platforms focus primarily on cyber threats. AGENTIQ analyses physical, personnel, and supply chain threats in the same pipeline.
• Rigorous anti-hallucination controls — Every source is verified against a pre-approved registry. Every report is auditable.
• Built for critical infrastructure — Hardened, isolatable, deployable in sovereign and air-gapped environments.
• Structured intelligence output, continuous operation — Reports modelled on established intelligence reporting standards, generated without human intervention.
• Transparent economics — No per-seat licensing. No query limits under current plans. Predictable costs whether self-hosted or managed.

Sectors

AGENTIQ is designed for any organisation responsible for critical infrastructure, including but not limited to:

• Electricity generation, transmission, and distribution
• Water and wastewater utilities
• Oil, gas, and pipeline operators
• Transport and logistics networks
• Telecommunications providers
• Healthcare and hospital networks
• Government and defence facilities
• Ports and maritime infrastructure