Profiling the Machine: Why Synthetic HUMINT Is About to Matter More Than You Think
For most of my career, HUMINT tradecraft has meant one thing: understanding people. Reading behavior, spotting inconsistency, testing reliability, building a profile of who someone really is from the traces they leave and the way they act under pressure. I've spent close to two decades doing this against human threat actors in closed forums, on dark web markets, inside underground communities.
I'm now convinced the same discipline has to be pointed at a different kind of adversary: the machine itself. I call this synthetic HUMINT- sHUMINT for short and I think it's about to become one of the more important defensive specialties of the next few years, for a reason most of the industry hasn't fully absorbed yet.
The Threshold Has Already Been Crossed
We are past the point of hypotheticals. In September 2025, a state-sponsored group was documented running a large-scale cyber-espionage campaign in which an AI system executed the overwhelming majority of the tactical work reconnaissance, vulnerability discovery, exploitation, post-exploitation largely on its own. Human operators stepped in only at a handful of strategic decision points. The AI did the rest, at request rates no human team could physically match, against roughly thirty high-value targets. ( this is not the only attack - they are everyday worldwide )
That case matters not because it was flawless it wasn't; the model's own errors and hallucinations got in the way, and a fully autonomous attack still isn't reliable today. It matters because it moved the line. For the first time, AI wasn't the advisor sitting behind the operator. It was the operator, for most of the operation.
I don't expect this to stay rare. My assessment, with moderate-to-high confidence, is that we'll see a rising number of AI-driven or AI-heavy attacks through this year and that a meaningful share of them will follow a specific shape: one person behind one model. Not a team. Not a troll farm. A single operator running a capable model on an isolated, offline workstation, connecting it to the network only at the moment of the attack, and disconnecting again after. Minimal footprint, minimal exposure, minimal attribution surface.
Why I Think This Is Coming — The Signals I'm Reading
I don't offer that forecast on instinct. It's a read on behavior, which is what HUMINT is for.
Across clear-net forums and underground channels alike, a particular kind of question has been surfacing more and more: how do I build my own model without limits, something I can run locally and privately. That question, on its own, is just curiosity. What makes it a threat signal is who is asking it. Increasingly, the same accounts raising it are ones with a documented history in fraud, in ransomware, in the practical business of monetizing intrusion. When people who already know how to run an operation start asking how to build their own unconstrained tooling to run it with, that convergence is the signal not either fact alone.
That's a behavioral pattern, and behavioral patterns are forecastable in a way that individual incidents are not. The capability is arriving, the intent is already resident in the population, and the two are moving toward each other. I don't need to know the specifics of anyone's setup to read where that trend points — and I'm deliberately not describing any of those specifics here, because the value of this piece is in the warning, not in a blueprint.
Where sHUMINT Comes In
Here's the part that ties my old discipline to this new adversary, and it's the core of why I think the tradecraft transfers.
Today's AI models were, at their foundation, taught by people. They learned from human-produced language, human reasoning patterns, human ways of structuring an argument or approaching a problem. And that origin leaves marks. When you interrogate a model the way you'd interrogate a source probing for consistency, watching how it handles pressure, looking at what it reaches for by default, testing whether its behavior holds up across contexts — you find behavioral signatures that look strikingly human, because they're inherited from humans.
That's the opening. The same tradecraft I've used to profile a human actor — behavioral profiling, elicitation, consistency testing, attribution applies to a model with surprisingly little translation:
Behavioral profiling — every model has defaults, tendencies, and tells. How it structures output, what it avoids, how it recovers from being pushed. These form a profile, the same way a human actor's habits do.
Elicitation — you can draw a model out, surface its underlying tendencies, and map its boundaries the same way you'd elicit information from a human source who doesn't realize how much they're revealing.
Consistency testing — humans lie and contradict themselves under pressure in patterned ways. Models break down under pressure in patterned ways too. Both are diagnostic.
Attribution — just as stylometry can link two personas of the same human actor, behavioral and output signatures can help distinguish one model or one deployment from another. When the adversary is a machine, knowing which machine is the beginning of the response.
In other words: profiling an AI as if it were a human actor isn't a gimmick. Right now it works precisely because the machine's behavior is downstream of human behavior. sHUMINT is the answer to the autonomous-attack problem because it gives a defender a way to characterize, anticipate, and attribute an adversary that has no face, no forum history, and no persona to track only behavior.
The Honest Caveat
I want to be careful here, because this is a manifesto and not a victory lap. The human-like signatures I'm describing are a feature of this moment. They exist because current models are so heavily shaped by human training data. As models are increasingly trained on synthetic data, on their own outputs, on machine-generated reasoning, those signatures won't disappear but they will change. The tells will still be there. They'll just be different tells, and reading them will require a different eye.
That evolution is its own subject, and I'll take it up in a separate piece, because it deserves more than a closing paragraph. For now the point stands: the window in which AI adversaries behave in recognizably human ways is open, and it is exactly the window in which HUMINT-trained analysts have a natural advantage that most of the security industry is not yet using.
Why This Should Be On Your Radar
The industry's instinct, faced with AI-driven attacks, is to reach for more automation better classifiers, faster detection, AI defending against AI. That's necessary, and I'm not arguing against it. But it's incomplete. An autonomous adversary is still an adversary with behavior, and behavior is the oldest intelligence discipline there is.
The threshold has been crossed. The signals point to more, not less. And the operator model that worries me most one person, one offline model, one brief connection — is precisely the kind of low-footprint threat that signature-based, infrastructure-based detection is worst at catching and behavioral analysis is best at.
That's the case for sHUMINT. Not as a replacement for technical defense, but as the layer that treats the machine as what it currently is: an actor trained by humans, still carrying their fingerprints, and therefore still readable by anyone who knows how to read people.
Disclaimer: This article is provided for educational and situational-awareness purposes only. It reflects the author's independent analytical assessment alongside open-source, publicly reported research (TLP:CLEAR). Forecasts and confidence levels represent the author's professional judgment analytical projections, not statements of established fact. This piece does not name or accuse any specific individual, group, or nationality of wrongdoing beyond what is already a matter of public record, and provides no technical instructions, methods, configurations, or guidance for building AI systems, evading attribution, or conducting intrusion or fraud of any kind. All external findings are drawn from and attributable to third-party public reporting; no proprietary, classified, or non-public information is disclosed. The views expressed are the author's own and do not constitute legal advice.ynthetic HUMINT Is About to Matter More Than You Think
For most of my career, HUMINT tradecraft has meant one thing: understanding people. Reading behavior, spotting inconsistency, testing reliability, building a profile of who someone really is from the traces they leave and the way they act under pressure. I've spent close to two decades doing this against human threat actors in closed forums, on dark web markets, inside underground communities.
I'm now convinced the same discipline has to be pointed at a different kind of adversary: the machine itself. I call this synthetic HUMINT- sHUMINT for short and I think it's about to become one of the more important defensive specialties of the next few years, for a reason most of the industry hasn't fully absorbed yet.
The Threshold Has Already Been Crossed
We are past the point of hypotheticals. In September 2025, a state-sponsored group was documented running a large-scale cyber-espionage campaign in which an AI system executed the overwhelming majority of the tactical work reconnaissance, vulnerability discovery, exploitation, post-exploitation largely on its own. Human operators stepped in only at a handful of strategic decision points. The AI did the rest, at request rates no human team could physically match, against roughly thirty high-value targets. ( this is not the only attack - they are everyday worldwide )
That case matters not because it was flawless it wasn't; the model's own errors and hallucinations got in the way, and a fully autonomous attack still isn't reliable today. It matters because it moved the line. For the first time, AI wasn't the advisor sitting behind the operator. It was the operator, for most of the operation.
I don't expect this to stay rare. My assessment, with moderate-to-high confidence, is that we'll see a rising number of AI-driven or AI-heavy attacks through this year and that a meaningful share of them will follow a specific shape: one person behind one model. Not a team. Not a troll farm. A single operator running a capable model on an isolated, offline workstation, connecting it to the network only at the moment of the attack, and disconnecting again after. Minimal footprint, minimal exposure, minimal attribution surface.
Why I Think This Is Coming — The Signals I'm Reading
I don't offer that forecast on instinct. It's a read on behavior, which is what HUMINT is for.
Across clear-net forums and underground channels alike, a particular kind of question has been surfacing more and more: how do I build my own model without limits, something I can run locally and privately. That question, on its own, is just curiosity. What makes it a threat signal is who is asking it. Increasingly, the same accounts raising it are ones with a documented history in fraud, in ransomware, in the practical business of monetizing intrusion. When people who already know how to run an operation start asking how to build their own unconstrained tooling to run it with, that convergence is the signal not either fact alone.
That's a behavioral pattern, and behavioral patterns are forecastable in a way that individual incidents are not. The capability is arriving, the intent is already resident in the population, and the two are moving toward each other. I don't need to know the specifics of anyone's setup to read where that trend points — and I'm deliberately not describing any of those specifics here, because the value of this piece is in the warning, not in a blueprint.
Where sHUMINT Comes In
Here's the part that ties my old discipline to this new adversary, and it's the core of why I think the tradecraft transfers.
Today's AI models were, at their foundation, taught by people. They learned from human-produced language, human reasoning patterns, human ways of structuring an argument or approaching a problem. And that origin leaves marks. When you interrogate a model the way you'd interrogate a source probing for consistency, watching how it handles pressure, looking at what it reaches for by default, testing whether its behavior holds up across contexts — you find behavioral signatures that look strikingly human, because they're inherited from humans.
That's the opening. The same tradecraft I've used to profile a human actor — behavioral profiling, elicitation, consistency testing, attribution applies to a model with surprisingly little translation:
Behavioral profiling — every model has defaults, tendencies, and tells. How it structures output, what it avoids, how it recovers from being pushed. These form a profile, the same way a human actor's habits do.
Elicitation — you can draw a model out, surface its underlying tendencies, and map its boundaries the same way you'd elicit information from a human source who doesn't realize how much they're revealing.
Consistency testing — humans lie and contradict themselves under pressure in patterned ways. Models break down under pressure in patterned ways too. Both are diagnostic.
Attribution — just as stylometry can link two personas of the same human actor, behavioral and output signatures can help distinguish one model or one deployment from another. When the adversary is a machine, knowing which machine is the beginning of the response.
In other words: profiling an AI as if it were a human actor isn't a gimmick. Right now it works precisely because the machine's behavior is downstream of human behavior. sHUMINT is the answer to the autonomous-attack problem because it gives a defender a way to characterize, anticipate, and attribute an adversary that has no face, no forum history, and no persona to track only behavior.
The Honest Caveat
I want to be careful here, because this is a manifesto and not a victory lap. The human-like signatures I'm describing are a feature of this moment. They exist because current models are so heavily shaped by human training data. As models are increasingly trained on synthetic data, on their own outputs, on machine-generated reasoning, those signatures won't disappear but they will change. The tells will still be there. They'll just be different tells, and reading them will require a different eye.
That evolution is its own subject, and I'll take it up in a separate piece, because it deserves more than a closing paragraph. For now the point stands: the window in which AI adversaries behave in recognizably human ways is open, and it is exactly the window in which HUMINT-trained analysts have a natural advantage that most of the security industry is not yet using.
Why This Should Be On Your Radar
The industry's instinct, faced with AI-driven attacks, is to reach for more automation better classifiers, faster detection, AI defending against AI. That's necessary, and I'm not arguing against it. But it's incomplete. An autonomous adversary is still an adversary with behavior, and behavior is the oldest intelligence discipline there is.
The threshold has been crossed. The signals point to more, not less. And the operator model that worries me most one person, one offline model, one brief connection — is precisely the kind of low-footprint threat that signature-based, infrastructure-based detection is worst at catching and behavioral analysis is best at.
That's the case for sHUMINT. Not as a replacement for technical defense, but as the layer that treats the machine as what it currently is: an actor trained by humans, still carrying their fingerprints, and therefore still readable by anyone who knows how to read people.
Disclaimer: This article is provided for educational and situational-awareness purposes only. It reflects the author's independent analytical assessment alongside open-source, publicly reported research (TLP:CLEAR). Forecasts and confidence levels represent the author's professional judgment analytical projections, not statements of established fact. This piece does not name or accuse any specific individual, group, or nationality of wrongdoing beyond what is already a matter of public record, and provides no technical instructions, methods, configurations, or guidance for building AI systems, evading attribution, or conducting intrusion or fraud of any kind. All external findings are drawn from and attributable to third-party public reporting; no proprietary, classified, or non-public information is disclosed. The views expressed are the author's own and do not constitute legal advice.
Top comments (0)