The IC and AI

ARLINGTON, Virginia — Long before generative AI’s boom, a Silicon Valley firm contracted to collect and analyze non-classified data on illicit Chinese fentanyl trafficking made a compelling case for its embrace by U.S. intelligence agencies. The operation’s results far exceeded human-only analysis, finding twice as many companies and 400% more people engaged in illegal or suspicious commerce in the deadly opioid.

Excited U.S. intelligence officials touted the results publicly — the AI made connections based mostly on internet and dark-web data — and shared them with Beijing authorities, urging a crackdown. One important aspect of the 2019 operation, called Sable Spear, that has not previously been reported: The firm used generative AI to provide U.S. agencies — three years ahead of the release of OpenAI’s groundbreaking ChatGPT product — with evidence summaries for potential criminal cases, saving countless work hours. “You wouldn’t be able to do that without artificial intelligence,” said Brian Drake, the Defense Intelligence Agency’s then-director of AI and the project coordinator.

The contractor, Rhombus Power, would later use generative AI to predict Russia’s full-scale invasion of Ukraine with 80% certainty four months in advance, for a different U.S. government client. Rhombus says it also alerts government customers, who it declines to name, to imminent North Korean missile launches and Chinese space operations.

U.S. intelligence agencies are scrambling to embrace the AI revolution, believing they’ll otherwise be smothered by exponential data growth as sensor-generated surveillance tech further blankets the planet. But officials are acutely aware that the tech is young and brittle, and that generative AI — prediction models trained on vast datasets to generate on-demand text, images, video and human-like conversation — is anything but tailor-made for a dangerous trade steeped in deception.

Analysts require “sophisticated artificial intelligence models that can digest mammoth amounts of open-source and clandestinely acquired information,” CIA director William Burns recently wrote in Foreign Affairs. But that won’t be simple.

The CIA’s inaugural chief technology officer, Nand Mulchandani, thinks that because generative AI models “hallucinate” they are best treated as a “crazy, drunk friend” — capable of great insight and creativity but also bias-prone fibbers. There are also security and privacy issues: adversaries could steal and poison them, and they may contain sensitive personal data that officers aren’t authorized to see.

That’s not stopping the experimentation, though, which is mostly happening in secret. An exception: Thousands of analysts across the 18 U.S. intelligence agencies now use a CIA-developed gen AI called Osiris. It runs on unclassified and publicly or commercially available data — what’s known as open-source. It writes annotated summaries and its chatbot function lets analysts go deeper with queries. Mulchandani said it employs multiple AI models from various commercial providers he would not name. Nor would he say whether the CIA is using generative AI for anything major on classified networks.

Comment: This article was suggested by Keith Harbaugh a short while back. I liked what I read. Seems the DIA has finally come around to embracing AI. It wasn’t always so. When I first proposed using AI as a targeting/collection tool in my cyber HUMINT collection detachment, I might as well have been proposing the practice of witchcraft. Some already thought I was practicing witchcraft.

To test this particular AI, I devised a test using wild data recorded over more than year’s worth of our online operations. I had that data and analytical results derived from that data as a control. The question posed was whether this AI could look at this data and produce the same results our trained collectors and analysts did. In a matter of hours, the AI presented the same results as we did in our intelligence reports without providing any false results. It also identified several instances of possible recruitment scenarios we missed. Most importantly, it showed its work… the data points and reasoning behind its answers. It was wildly effective. I wanted to use it as a sort of cyber wingman to my collectors. However, even with the results of this test, it all remained witchcraft to my bosses. 

But this article shows that DIA and other members of the IC have since embraced the promise of AI. I don’t know if the HUMINT operations side of DIA has gotten on board. Most of the examples of AI use is on the analytical and open source collection side of the IC. It’s also gratifying to see that the IC is aware of AI’s limitations, its penchant for “hallucinations” and “bias prone fibbers.”


This entry was posted in Intelligence, Technology, TTG. Bookmark the permalink.

39 Responses to The IC and AI

  1. Condottiere says:

    I like to tinker with things but am AI illiterate. I’ve seen blue team demonstrations where it can sift through whole swaths of real time data and threat hunting from massive networks, then compress 45-60+ minutes or even hours of work into 5-10 minutes of human decision making. What we are leading to is what European Rabbi’s have referred to as a “golem” and warned us about for centuries. Hollywood (an industry with heavy Jewish influence) picked up on this plot as far back as Frankenstein, Pinocchio, The Sorcerer’s Apprentice, Terminator and more recently in just about every movie out there. Now that Ted Kaczynski is dead and Moore’s Law continues, go back and read his Manifesto. Besides killing people (to draw attention to his Manifesto), he was warning us all. There needs to be a red line somewhere. Israel is currently using AI for kinetic targeting and can simply shrug off certain genocide as a machine error. The irony from the The Golem of Prague fairy tail is that it was created to protect the getto from anti-semitism pograms but went too far.

    • James says:


      The problem is how to put the Golem back in the bottle.

      From the leaked ‘Google has no moat memo’ written by a Google engineer:
      “[Open-source models] are doing things with $100 and 13B params that we struggle with at $10M and 540B.”

      Even if you could stop China and North Korea from moving forward on this, how are you going to stop every bright kid with a $5000 PC?

      • TTG says:


        It doesn’t take a $5,000 PC. My friend’s AI worked on a run of the mill laptop and an internet connection. It sent hundreds of tiny software “agents” out in the wild to do the job. It worked on damned near every kind of problem imaginable, medical, IT security, weather and, of course, intelligence.

  2. wtofd says:

    Here’s a good interview about AI and the military. It’s focused primarily on missiles, infantry/human targeting, and human intervention, but a good starting point for the uninitiated into capabilities and moral dilemmas.
    If you prefer, the transcript is here:

  3. Jim. says:

    I Like The Plus Side of AI…and Im Glad The USA Leads the Technology..
    For Many Areas Including Medicine..besides Military..Industrial..Commercial..R&D

    I Think It Should Be Applied To Law Enforcement..In Tracking Crime..Gangs..Cartels…
    And All Those Loner Types Who Publish Enough Public Date To Indicate They Are Angry…Have Violent Thoughts and Want to Do Mass Killings in Schools and Other
    Public Places…Those Who Constantly…”Fall Through The Cracks…”

    • TTG says:


      The article has a link to operation Sable Spear where DIA was involved in tracking Chinese fentanyl trafficking. Appears that DIA worked with Chinese authorities in this case.

    • Condottiere says:

      So you trust AI (a Golem) with handling your privacy and civil liberties? You deserve what is coming.

    • Butlerian Jihadist says:


      It is already. Peter Thiel appears to be a hot favorite for the head of Precrime (currently called Palantir). As Walrus’ excellent post last year demonstrated, AI is also already quite capable of making instantaneous legal judgments on even the most obscure points of law. I therefore expect something like this in the near future: Evidence gathered and processed by the AI panopticon will be set before JudgeGPT and justice will be dispensed. Perhaps in a nod to tradition 12 (Angry?) AI models chosen at random will form the jury. The whole process end-to-end will take less than a nanosecond and require zero inefficient humans. Appeals will be a thing of the past, not because AI is infallible, but because it is inscrutable.

      Condottiere is right, Iustitia ex machina will eviscerate civil liberties. “Justice” as we currently understand it will disappear and IMO the very notion of morality as a human concept will eventually go with it. Right and Wrong will be what the machine says it is – post Nietzschian Machine Morality. On the upside, lawyers will be out of work 😉

      “The urge to save humanity is almost always only a false-face for the urge to rule it” – H. L. Mencken – Minority Report. Philip K. Dick’s message (of the same name & year – what are the chances?) was a warning also.

      • Condottiere says:

        I am not a lawyer, but I am full aware of 4th amendment and third party doctrine. People really don’t comprehend this. EVERYTHING you interact with that is connected to the internet with telemetry or stored on a third party computer is collecting data and storing swaths of seemingly innocuous data somewhere in the cloud. Once something is stored on a third party computer, you no longer own nor have any control of that information. Most or all of it is retained indefinitely and some of it is legally sold to information brokers for marketing and mass surveillance. The SCA (EPCA 1986) may provide 4th amendment like protections but only up to 180 days. If you agree to a lengthy You have absolutely no idea the amount of information about you is stored on someone else’s servers. If you have a modern smart phone, if you even carry a dumb flip phone with an identifiable SIM, if you drive a connected car(with GPS, a camera, and microphone), if you drive a car with license plates (that LPR can recognize), if you use a windows machine or an apple machine(both with telemtry), if you surf the web, if you use email, if you use apps or software with hundred page EULAs, if you have a connected thermostat(with a microphone), if you have a connected smart TV(with a camera and microphone), if you wear a smart watch or fitbit, if you interact in public space with surveillance cameras, if you have a camera door bell, if you interact with someone else’s camera door bell, all this metadata can be obtained without a warrant. Sure it seems harmless if you are doing nothing wrong, but all this information can be combined and run through an AI model to create a carbon copy of you, predict your thoughts, and manipulate you. There really is no way to avoid this without going completely off grid or use privacy practices that raise the eyebrows of law enforcement. Why is this guy doing this? He must be up to something! Lets place him on a list. Lets see what he is up to.

        • TTG says:


          Amen, brother. I am so glad that I was a clandestine case officer before cell phones and smart phones became ubiquitous. The pay phones used cash. The hotel-pensions readily accepted cash. Credit cards were unusual. The world of espionage wasn’t exactly like Walter Matthau’s “Hopscotch,” but it was close.

          • Keith Harbaugh says:

            Do you have a favorite James Bond movie?
            My favorite is On Her Majesty’s Secret Service
            for a number of reasons.
            Leading the pack is the gorgeous Alpine scenery in the Swiss Alps.
            (The casting and acting are also terrific, IMO.
            I thought Ilse Steppat did quite well, as Irma Bunt.
            A follow-on to Lotte Lenya as Rosa Klebb in From Russia With Love .)

          • TTG says:

            Keith Harbaugh,

            I never appreciated the James Bond movies, great action films, but nothing beyond that to me. I did like Len Deighton’s Bernard Sampson trilogy of trilogies. There was a great British TV series based on “Game, Set and Match” a while ago. I liked a lot of the John le Carré-based movies, especially the first “Tinker, Tailor, Soldier, Spy.” I also enjoyed Clink Eastwood’s “Firefox.” Not strictly a spy movie, but the part where he is smuggled to the Soviet airbase is great. We used that as a training film in our “guerrilla operations in urbanized terrain” course along with “The Battle of Algiers.”

          • Keith Harbaugh says:

            To the above I should have added a brief (5m) clip showing both the Swiss Alps and Frau Steppat.

          • Keith Harbaugh says:

            If you like some le Carré, how plausible do you think The Spy Who Came In From The Cold was?
            As fiction, at least, I liked both the book and the (B&W) movie with Richard Burton and Claire Bloom.
            An interesting story, with the two German spy masters attacking each other using claims about the Brits.

          • TTG says:

            Keith Harbaugh,

            “The Spy Who Came in from the Cold” is pretty convoluted, but not totally implausible. Just from my own experience, it’s a world full of doubles, dangles and deception.

          • Condottiere says:

            I know of ways and methods to block and obscure most if not all of this information and metada but it is rather extreme and requires knowledge and crafty use of privacy practices, cybersecurity, and device modifications. If this type of behavior gets noticed, even when it is for law abiding reasons, it will definately raise eyebrows among law enforcement or counterintelligence.

        • Barbara Ann says:


          My car is 20 years old and although it has an ECU it has no GPS or remote tracking/control capability. I’ve never owned a smart phone, a smart TV or anything else ‘smart’ (I like to be the smart one in the relationship with my technology). I’d never own any electronics I cannot fully power down or remove the battery from. I have no social media accounts aside from a couple of very old dormant ones. I moved to a Linux-based OS years ago (much easier than I expected) and have used Tor browser pretty much exclusively for almost a decade (harder but doable). I also use anonymous email accounts wherever practicable (e.g. here) and PGP my emails if possible – why? Because I can and because my private communications are none of the gubbermint’s goddamn business. Those last two no doubt get me on various lists as a potentially suspect pedophile or terrorist. I’m neither, nor a spook, but I consider these normal precautions to protect my privacy in the post Snowden age and could probably go much further.

          Anonymity is a vastly underappreciated unenumerated right and it is absolutely fundamental to liberty in the 21st century. Is all this a PITA? Of course, but I consider the benefit worth it. We are approaching the point when smart phones will no longer be optional (CBDC’s). That will be the most obvious transition from convenience into control, but as you set out, we’ve been leaking freedom with every piece of data for a long time. Knowledge of you is power over you and the average Joe would be astonished if they ever saw how much of it is in government and private hands.

          “I would rather be exposed to the inconveniences attending too much liberty than those attending too small a degree of it” – Jefferson

          • Condottiere says:

            TOR is useless. It will get you on a list too. Roll out your own VPN server that you control in the cloud on a free tier with a fake pseudonym or use a no logs VPN service. If you use offshore encrypted email, stick with GDPR countries. One of the main services (proton) claims to not be under 14 eyes but they do fall under a MLAT treaty. There used to be an service ( that was outside 14eyes and MLAT, but that got shut down (likely by US Intelligence) I think see this blog is hosted in that same country 😉 The advantage of GDPR protection in the US is supposedly the MLAT makes it harder to get that information without a warrant or court order, and if they do there is a warrant canary that alerts everyone. If you use gmail or any other email service based here in the states it can be read without a warrant in 180 days. I really don’t care if 14 eyes agencies read my emails, they might agree with my position on things, but I don’t like knowing a crooked LEO can do it without a warrant. There is also something called an EDR, Emergency Data Requests, this is where LE can request your data claiming an emergency without any due process or legal screening. 12 year old kids in the UK hacked EDRs by submitting false FBI letterheads with spoofed FBI emails and obtained information from Apple, Google, and Facebook. These companies don’t vet those requests nor are they required to.

          • Barbara Ann says:


            Thanks. A bit more info on “TOR is useless” would be helpful if you are able.

        • d74 says:


          About Cloud
          To confirm your views.
          Cloud, the name is great. Real advertising genius.
          The Cloud doesn’t exist. It’s very material, on the ground, and not in the clouds.
          Your data entrusted to the Cloud is stored on hard disks somewhere with everything needed to identify you. IC has no trouble accessing it.
          Don’t entrust anything important to the Cloud. When in doubt, it’s safer.

  4. F&L says:

    Henry Kissinger in his final years expressed deep concern over the future due to the military uses of AI.

  5. leith says:

    I recall many decades ago drinking from the firehose of intel information fed down to tactical levels. And that was long before DoDIIS, JWICS, SIPRNet & NIPRNet that made the threat picture even harder to digest. And even worse today as mentioned above being “smothered by exponential data growth”. IMHO using AI within the Intel Community is a welcome addition. But I have caveats, not moral but more in the line of oversight. No way AI should replace analysts. They need to remain in the picture as a double-check. AI algorithms may end up being invaluable, but that is a long way in the future, if ever. Today, any mistakes made by AI can end up being irreversible. There are plenty high-profile AI goofs and gaffes in the news. Even OpenAI admits that ChatGPT can go off the rails with preposterous or absurd answers. Osiris and Rhombus AI mentioned in the linked article are also susceptible to garbage-in-garbage-out.

    So, keep lots of human brains in the loop to make sure that fiction does not metamorphose into fact.

    I’m also reminded of Sergeant Major “Iron Mike” Kehoe. He pulled the plugs on our Tactical Ops Center field data processing computers back in the 1970’s during a training exercise. Then bellowed out his distrust of machines and asked ” now how do you pogey-bait-eating feather merchants figure out the current tactical situation.” It was a good teaching point that you can’t always depend on electronics and software, no matter how sophisticated it has become.

  6. Jim. says:

    Leith….I Just Read All You Wrote..And Its Interesting As Usual..You and TTG can put some Good Material Together..Why…You Have Background…Human Experience…Your Own Stored Data…I Imagine The Sensory Over Load…Coming in From 15 -20 Known and Unknow (Above..Above) Sources all at Once..

    All Data Processed By Machines..Except other Back Channel Cryptic i Imagine.

    Your Point…Machines Cant Process with out Data from Human Input..Machines May Be Wrong…Machines Dont Have Human Experience..Instincts..or that Gut Feeling
    that Almost Always Put Me on Target..

    Your Back Ground Up Bringing Training at Culture May Have alot to Do With
    How You Process AI Programming…Use it in Very Bad Ways..or Digest and Analyze the Data You Recieve…

    For TTG…I Saw on the News that the 30,000 Chinese Coming Around The Fence into San Diego…..Are Mostly getting into SUVs…Driven By Chinese..

    Whats That End Game..How Many..New Ground Zeros,,Ask That AI Machine..
    Hal…Red Eye..Black Eye…Eagle Eye…And Lieth Should all that ICC Material..
    Be Consolidated..Refined…Perked..?

  7. mcohen says:

    Well i going to ride with billy the kid.
    You build the aquariun.Put water,food,oxygen.the complete environment to sustain,then add fish.

    Fish happy,but if environment encourages fish to be smart,then smarter sooner or later they will grow legs and climb out and adapt and adapt and then change the environment to suit breathe on land.sound familar.
    Well ai is the same.
    As soon as ai learns to “breathe” without electrical circuits they are contained in,we got a new billy the kid

  8. blue peacock says:

    ChatGPT and other Large Language Models are based on the transformers architecture. It is all about natural language processing to generate text.

    It’s not human type intelligence!

  9. Keith Harbaugh says:

    Just two comments:

    1. There is a lot more in that article than TTG understandably excerpted.

    2. The War Zone is covering more kinetic applications of AI:

  10. Christian J Chuba says:

    I definitely see AI as a good way to make drones EW proof. In this model, a person would launch a drone in the general direction of enemy forces and the AI processor would use video to identify ‘men carrying weapons’ or ‘large vehicle’ or ‘artillery system’.

    It sounds like our Pentagon is pondering different use cases. When I used to bother reading, ‘real clear defense’ portal that linked to military articles, I recall reading some very weird skynet stuff.

  11. Landis says:

    Thanks for sharing this really interesting article. The key thing I think for AI is differentiating what is and what it isn’t. It is an incredibly, incredibly, useful tool for a huge range of activities including data aggregation, simple content generation, distillation and summarization of text and data, and many others, especially when we consider using some of the commercially tuned models that are really much more than just a pure AI filter, and include billions of dollars worth of software and R&D development.

    In terms of what it is not, AI (which largely refers to a language model), is not an approximation of how humans use logic and language. It is a model that is populating text based on probabilistic “understanding” in a programmed pattern that is intended to simulate language. This is sort of the opposite of how humans develop overall ideas and populate it with text to reflect those ideas, there are no “ideas” in terms of an LLM. This is why all of the ghost in the machine, terminator, this is gonna gain sentience thing is so silly.

    What is scary and not silly is the stupidity of humans directly using the output of this (albeit very good) random number generator to directly lead to action in the “real” world without a thorough vetting of the results in between. AI is great at developing a “rough draft” of text but the quality of the preceding word or text or iteration has no prima facie impact on the quality of the next text or iterations, this is true at every basic level of the LLM, individual words, sentences, paragraphs, etc. This is why its so dangerous for something like kinetic targeting, its efficacy in the past has no real claim to show its efficacy in the future, in every aspect of everything it does, statistically and definitionally, esp in terms of something where you might hope the burden of proof is little more than a “good chance” of being correct like targeting or prosecution.

    In terms of civil liberties this is why I was so scared about Edward Snowden’s revelations. The real worry is not that the government is spying on you, its that the government is building data sets to run these models on. While “AI” may seem new, the underlying statistical techniques are not, and have been used across industry (especially finance) for a long time. And the thing is, if you have enough data, two things can be made true: you can increase the 1. statistical prediction power of the model, and 2. you can make the data say a lot of different things, esp if you have an agenda. So even absent said agenda at a point in time, the idea that a tool exists to probabilistically deprive ppl of liberty while using as its rationale statistical significance in whatever sense and nothing else is indeed scary. Especially when that data is based on innocuous (non-elicit) prior activity, such as who you have talked to and been around and where you have been, even a decade in the past. This is social credit in China and not something I want in the US.

  12. mcohen says:

    The ai ecosystem is reliant on electricity generated by humans.It is and will always be a tool for humans to use.

    As i said,the real challenge will start when ai becomes autonomous,that is it can draw energy from the earths magnetic field or from space.The soectrum is there it is just a matter of working out how to tap into it,much like solar energy.

    This part is critical to human space exploration.Cosmic rays

  13. drifter says:

    Any update on the demise of Just 2 days away.

  14. Keith Harbaugh says:

    Although not dealing with AI,
    LJ presents some technical developments, notably smartphones and AdTech, that are being exploited for intelligence purposes:

    [The author] Tau’s piece illuminates the tactics and methods intelligence agencies are using
    to track the activities and movements of individuals by using the data on their smart phones.

  15. leith says:

    Palantir just won a half billion $ contract to expand AI within the US military. The effort will be to supersize the prototype ‘Maven’ AI project that has been in use in CentCom to EuCom, IndoPacCom, NorthCom, TransCom and the Joint Staff. It apparently also has a new application to unsnarl logistics bottlenecks as well as its previous apps in targeting.

Comments are closed.