When Intelligence Agencies Go Dark: The FBI's OSINT Arsenal

A recent report by the Privacy and Civil Liberties Oversight Board (PCLOB) pulled back the curtain—just slightly—on how federal investigators track digital footprints in 2025. The document confirms what many security professionals suspected: the FBI’s OSINT capabilities have moved far beyond manual searches and open-source tools. The foundation now rests on three commercial platforms: Clearview AI, Babel Street, and ZeroFox.

The most telling detail? The specifics of how these tools are used remain so sensitive that even the “unclassified” report relegated operational details to a classified appendix. When investigative tools become this effective, they disappear into the shadows.

Clearview AI: Scaling Face Recognition to Billions

Clearview AI operates the largest known facial recognition database—over 50 billion images scraped from public websites, news sites, and social media profiles. For investigators, this means converting a face from surveillance footage, a screenshot, or a crowd photo into a set of identifiers—name, social profiles, digital history—within minutes.

The PCLOB confirmed FBI use of this system, but withheld the operational context: which case types trigger searches, how frequently agents query the database, what thresholds govern access. This silence tells its own story. Facial recognition via OSINT has transitioned from experimental to routine—and profoundly sensitive.

The company markets primarily to law enforcement and government agencies, positioning its algorithm as a tool for generating investigative leads. Independent accuracy tests by the National Institute of Standards and Technology (NIST) ranked Clearview’s system among top performers, though those tests didn’t replicate real-world conditions of matching unknown faces against a massive web-scraped database.

Legal challenges follow the technology. Data protection authorities in multiple jurisdictions have fined Clearview or restricted its services, arguing that bulk scraping of face images without consent violates privacy and biometric data laws. Civil liberties groups warn of mass surveillance risks, algorithmic bias, and the impossibility of meaningful opt-out. Law enforcement counters that facial recognition provides critical investigative value—a debate that shows no signs of resolution.

Babel Street: The Data Aggregation Engine

Babel Street (previously marketed as Babel X, now branded as Babel Street Insights) aggregates data from social media, forums, blogs, news sites, and other public sources. Its analytical capabilities include entity extraction, geospatial filtering, link analysis, sentiment scoring, and multilingual translation across dozens of languages.

The PCLOB identified Babel Street as one of the FBI’s most comprehensive OSINT systems, requiring additional oversight due to the depth of information it can extract. The bureau purchased approximately 5,000 licenses—a deployment scale that signals enterprise-wide implementation.

The Virginia-based company describes its platform as “mission-grade risk intelligence.” Customers include defense, intelligence, law enforcement, and regulated industries. Public contracting records show multi-million-dollar subscriptions from agencies including Customs and Border Protection and other security organizations.

The platform’s power raises oversight questions. Civil liberties groups note that real-time monitoring, custom alerts on entities or topics, and repackaging of location data for law enforcement use enable broad surveillance of online activity. The tool’s capabilities—tracking narratives across languages, identifying emerging threats, mapping social networks—make it valuable for investigations. They also make it a potential mechanism for monitoring protected speech and lawful assembly.

ZeroFox: Monitoring the External Attack Surface

ZeroFox began as a cybersecurity company focused on external threats—risks originating outside traditional network perimeters. The Baltimore-based firm monitors the surface web, deep web, and dark web for phishing sites, impersonation accounts, data leaks, fraud campaigns, and brand threats.

For the FBI, ZeroFox likely serves multiple functions: protecting personnel and facilities, identifying schemes impersonating the organization, tracking narratives that could materialize into physical threats. The platform uses AI—including natural language processing and computer vision—to analyze posts, images, and other content, then generates alerts and automated remediation actions like takedown requests.

The company markets digital risk protection, brand and domain protection, executive security intelligence, and attack surface management to enterprises and governments. Its capabilities include monitoring millions of public sources and disrupting adversaries operating via social platforms and criminal forums.

Operational details remain classified. We don’t know which threat categories trigger ZeroFox alerts for the FBI, how analysts prioritize findings, or what thresholds govern automated responses. The system’s value lies in continuous “probing” of the digital environment for hostile activity—a capability that extends well beyond traditional cybersecurity.

The OSINT Conveyor Belt

These three platforms—Clearview AI, Babel Street, and ZeroFox—form an integrated system for transforming anonymous digital traces into actionable intelligence. Facial recognition identifies individuals. Data aggregation maps their networks and activities. Threat monitoring tracks hostile narratives and external risks.

This is no longer sporadic manual research. It’s a technology-saturated process where commercial platforms deliver ready-made analytical products. The FBI has automated what once required teams of analysts and weeks of investigation.

Per my experience conducting OSINT investigations for legal and M&A clients, this level of automation creates both opportunities and risks. The tools work. They scale human effort in ways that weren’t possible five years ago. But effectiveness alone doesn’t answer the harder questions about oversight, accountability, and boundaries.

The Classification Problem

The PCLOB report’s structure is revealing: confirm the tools exist, acknowledge their power, then classify the operational details. This pattern repeats across intelligence and law enforcement documentation. We know what is being used. We rarely know how, when, or under what constraints.

Classification serves legitimate purposes—protecting investigative methods, preventing adversaries from developing countermeasures. It also creates accountability gaps. When usage policies, approval thresholds, and audit procedures remain classified, external oversight becomes impossible. Courts can’t evaluate whether surveillance was proportionate. The public can’t assess whether civil liberties protections are working.

The tension between operational security and democratic accountability isn’t new. But it intensifies as OSINT tools become more powerful and more opaque.

Lessons for Private Investigators

For those of us conducting OSINT investigations outside government contexts, the FBI’s tool selection offers insights:

Commercial platforms have matured. The tools law enforcement relies on are available (with appropriate licensing) to corporate security teams, due diligence firms, and investigative journalists. Clearview AI restricts sales to government and law enforcement, but Babel Street and ZeroFox serve commercial clients. The capability gap between public and private sector OSINT has narrowed significantly.

Automation enables scale. The FBI’s purchase of 5,000 Babel Street licenses signals that OSINT has moved from specialist teams to routine investigative practice. Analysts expect automated monitoring, alert generation, and data correlation as standard capabilities. Manual research still matters—context, validation, and judgment remain human tasks—but the baseline expectation has shifted.

Ethical boundaries require documentation. The PCLOB’s concern about oversight and audit measures reflects a broader truth: powerful tools demand clear policies. In my work, I’ve found that clients—particularly legal and M&A teams—want to know not just what you found, but how you found it. Documented ethical standards and methodology aren’t optional luxuries. They’re professional requirements that protect both investigator and client.

The Balance That Matters

Remaining effective matters. Remaining within ethical and legal boundaries matters more.

This isn’t abstract philosophy. It’s operational reality. Tools like Clearview AI, Babel Street, and ZeroFox work because they aggregate and analyze public information at scale. They cross into problematic territory when deployed without adequate oversight, when used for purposes beyond legitimate investigative needs, or when their capabilities enable mass surveillance of lawful activity.

The PCLOB report doesn’t resolve these tensions. It documents their existence. The FBI has built a sophisticated OSINT infrastructure using commercial platforms that didn’t exist a decade ago. How that infrastructure gets used—and who gets to verify the usage—remains partially visible at best.

For private practitioners, the lesson is straightforward: adopt the tools that serve legitimate investigative purposes, but document your methodology. Define permitted and prohibited activities. Establish validation procedures. Make your boundaries explicit, defensible, and transparent.

The FBI may have the luxury of classification. The rest of us need to operate in the light.