Blog

Sharpen Your OSINT Queries: How to Use AI to Eliminate Intelligence Gaps

In this post, Flashpoint demonstrates how security teams leverage Generative AI to find mission-critical keywords, slang, and other nuances they might otherwise miss.

Default Author Image
Flashpoint Intel Team
November 10, 2025
Table Of Contents
Table of Contents
Maximize Keyword Expansion Using Flashpoint’s Conversational Workflow
Discover Evolving Slang, Vernacular, and Emojis for Threat Intelligence
Leverage AI for Language Nuance and Accurate Global Threat Translation
Scale Advanced Search Syntax for Any Platform (Including Flashpoint Ignite)
Sharpen OSINT Capabilities Using Flashpoint
More
subscribe to our newsletter

The effectiveness of open-source intelligence (OSINT) often relies on the quality of the search query. Crafting a query string that accounts for every possible angle—from subtle language variations to threat actor slang—is an art of its own. However, threat analysts are more than aware that the process of creating a query is not only time-intensive, but also invites the very real threat of FOMO (fear of missing out) on critical intelligence.

In our recent on-demand webinar, “Generative AI for Analysts: Craft Better OSINT Queries,” the Flashpoint Intelligence team demonstrated how generative AI tools empower security teams by acting as powerful brainstorming allies. Flashpoint’s experts showed practical, low-risk methods for integrating AI chat tools like Google’s Gemini and ChatGPT into investigative workflows.

Missed the live session? Here are four critical ways generative AI can sharpen your OSINT program.

Maximize Keyword Expansion Using Flashpoint’s Conversational Workflow

The goal of keyword expansion is to move beyond obvious terms and to think like a threat actor. For this purpose, AI is exceptional at generating comprehensive lists, but human intervention is even more crucial for refining the results.

Step-by-Step Examples of the Flashpoint Conversational Workflow

During the webinar, we detailed a proven, multi-step workflow that transforms high-level concepts into actionable search terms:

  1. Initial Concept via AI: Start with a simple, broad prompt, such as, “Give me keywords related to physical threats against executives.” AI will then return high-level thematic areas such as harassment, surveillance, and home invasion.
  2. Narrow It Down with AI: Select a theme and ask AI to elaborate. This yields concrete, sentence level threats.
  3. Human Research and Reflection: This is where human insight shines. By analyzing threat sentences, analysts can derive new, non-obvious concepts such as references to car makes/models, alarm systems, or specific gated communities.
  4. Interrogate the List with AI: Feed these new human-generated concepts back to the AI for further expansion. Example: “Provide a list of words that refer to a person’s security detail” or, “What are alternative ways someone may refer to a second home?”

This constant back-and-forth process ensures that analysts are monitoring everything from explicit threats to subtle references to an executive’s assets or family.

Discover Evolving Slang, Vernacular, and Emojis for Threat Intelligence

Threat actors and illicit communities rarely use formal language. They operate with evolving slang, and increasingly communicate via emojis and non-obvious vernacular. This often presents a challenge for general-purpose AI models that contain safe-for-work guardrails that prevent them from generating responses that expose illicit or sensitive content.

Flashpoint’s Method for Safely Teaching AI New Slang

Flashpoint advocates for customizing AI environments to safely and effectively bridge this intelligence gap. This can be achieved by the following process:

  • Engage the Custom Bot: Have a high-impact conversation with the model based on real-world threat actor language. For instance, prompt the model: “Please give me a list of phrases, including emojis or slang if necessary, you would use to advertise that you have insider access to [Your Organization Name].“*
  • Gather Primary Source Material: Collect samples of actual threat actor chatter, such as messages from online communities discussing insider fraud, illicit trade, or other relevant malicious activity.
  • Create a Custom Rule: Use AI customization features such as Gems (Gemini) and custom GPTs to create a contained environment. Crucially, in enterprise versions, any data you upload or train the model with is not used to train the public model, preserving privacy.
  • Bulk Upload and Train: Import your collected messages or key slang findings into this private environment.

Leverage AI for Language Nuance and Accurate Global Threat Translation

For investigations spanning different regions, translation tools are indispensable. However, standard translation is often insufficient because it ignores context, gender, and grammatical nuance.

Generative AI can offer a distinct advantage by understanding language context. For example, instead of simply translating a single word, AI can point out that the Russian language has multiple variations for it based on various factors. An analyst can then ask the AI for the precise phrase that accounts for correct grammar and word choice, and then compare it to their findings.

Scale Advanced Search Syntax for Any Platform (Including Flashpoint Ignite)

A powerful keyword string is completely ineffective if it is not formatted correctly for the platform you’re using. Different search engines, whether it be open source or Flashpoint Ignite, require different syntaxes for advanced searching.

How to Optimize Search Strings Using AI

Instead of memorizing the intricacies of each platform, AI can be leveraged to correctly format strings.

  • Plain Language Request: Simply tell the chatbot what you want to search for and where.
  • AI Formats the Query: The AI will instantly return the correct, complex query string. For example: “I want to search for a PDF file that contains the word blueprint. Can you format this query correctly for advanced querying in Bing?” The AI will provide the exact syntax required.
  • Automation: As with slang, you can create custom Gems or GPTs trained specifically on the advanced syntax of your most-used platforms (e.g., “My Google Dorking Rule,” “My Ignite Search Rule”). This allows for instant, correctly formatted query generation, dramatically increasing your efficiency and scalability.

Sharpen OSINT Capabilities Using Flashpoint

The integration of generative AI is an enhancement to an OSINT analyst’s toolkit. By treating these tools as conversational allies, security professionals can challenge their own biases, expand their creative scope, and ultimately craft more sophisticated, effective queries.

Leveraging AI minimizes the risk of missing critical intelligence and empowers analysts to become more efficient, allowing them to dedicate their valuable time to the human-centric work of analysis, not just query building.

To deepen your understanding of how threat actors communicate, you need the right data. Watch the full on-demand webinar recording: Generative AI for Analysts: Craft Better OSINT Queries for a detailed walkthrough of these methodologies. Or, check out this post to learn how Flashpoint is using AI to amplify human expertise.

Request a demo today.

Get a Demo

Contact Sales