Assessing the Efficacy of AI-Driven OSINT Approaches in Cybersecurity

Assessing the Efficacy of AI-Driven OSINT Approaches in Cybersecurity: Uncovering Literature Gaps for Enhanced Threat Detection

Abstract: As connectivity increases across the digital landscape of the modern world, it opens up growing opportunities for cybercriminals. It is often the case that traditional security efforts need to be faster in reacting to new and complex threats as they emerge. When it comes to identifying emerging risks, OSINT from the public internet is the way to go about it. Whenever implemented into defensive systems, the proper implementation of the acquired OSINT data ensures the ability to detect proactively. However, manual analysis cannot be applied to a firehose of information in the social media domain, which overloads analysts. There is significant literature investigating AI and OSINT integration. They have focused on the specific functions essential to security operations, such as real-time threat identification. This study aims to assess the current state of AI-powered OSINT applications with systematic literature review (SLR) as a methodology to analyse existing literature and identify gaps in knowledge relating to strengths, limitations and optimisation of OSINT techniques when operationalized with AI. The findings also make informed recommendations for researchers to understand future industry trends and design their studies accordingly. Using SLR, this study surveys peer-reviewed articles and conference papers to evaluate how existing research has established technical feasibility and reported limitations. Special attention is paid to the literature addressing real-world deployment issues and the application of AI-powered OSINT in real life. Knowledge gaps have been extracted and organised by common themes. Finally, this study proposed solutions and directions for future work to strengthen the protection of critical systems and data through intelligence-guided protection strategies. This work provides valuable insight for both researchers developing new applications and practitioners seeking to apply AI-driven OSINT cautiously. By shedding light on areas requiring further work, this study ultimately aims to enable more effective and responsible operationalisation of these promising capabilities for cyber defence.

KEYWORDS: AI-Driven OSINT, Cybersecurity, Threat Detection, cyber defence

1. Introduction

The digitisation of critical infrastructure and widespread internet connectivity have transformed the landscape of modern society. However, greater reliance on digital technologies has also expanded the attack surface for cyber threats. Cybercriminals are exploiting vulnerabilities at an alarming rate, with many organisations struggling to detect and mitigate sophisticated intrusions in a timely manner [1]. Traditional security protocols often need to catch up with the rapidly evolving methods of cyber attackers. Furthermore, the sheer volume of data that must be analysed to glean practical threat intelligence presents a significant challenge. Cyber threat intelligence aims to provide visibility into emerging risks through analysis of indicators gathered from diverse open sources [2]. Open-source intelligence (OSINT) has emerged as a valuable approach for uncovering clues about potential threats from publicly available information online. 

While following hackers' activity and discussions, dark web trading platforms, and vulnerable facilities, the tool allows for the identification of existing or planned exploits. If information is incorporated into security systems, timely OSINT data can help prevent specific threats known to the system as they attempt to execute their intentions before the damage has been done. Nevertheless, it is unreasonable to conduct a manual analysis of a large number of available resources due to the lack of time and resources in security teams [3]. AI techniques are effective for unsupervised extraction and correlation of threat indicators at a mass scale. Trading algorithms are also better able to present patterns and peculiarities that are difficult for analysts to discover and uncover new links between parties. Natural language processing is beneficial in feeding cyber threat intelligence from basically virtually any unstructured text-based OSINT source with moderate simplicity [4]. In partnership with data visualisation, Artificial Intelligence solutions seek to turn OSINT data into intelligent information for the improvement of cybersecurity.

While initial studies demonstrate the potential of integrating AI and OSINT, many technical and practical challenges must still be addressed. Questions still need to be answered regarding the effectiveness, accuracy, and limitations of these tools when applied to real-world complex cybersecurity problems. Adversarial adaptation may undermine classifier performance over time. Bias in training datasets could negatively impact results or propagate unfair outcomes [5]. Moreover, practical implementation barriers such as infrastructure requirements, model maintenance costs, privacy and ethical concerns require deeper examination. Empirical research evaluating AI-driven OSINT approaches for real-time threat detection is limited.

Further exploration of techniques, best practices, and refinement is needed to optimise these evolving solutions [6]. Cyber-related crimes have become more and more frequent and diverse in the recent past. Advanced persistent threats operate beyond the physical boundary that has been established, while supply chain compromises begin beyond the secured network perimeter. At the same time, a new generation of commodity malware, along with the global availability of hacking tools, reduces entry barriers to sporadic cybercrime on an industrial scale. As the digital transformation exercises introduce more services and infrastructure to the online environment than ever before, the exposed attack surface remains vast [7]. Such dynamics have outcompeted the ability of security teams to cope effectively with them using traditional measures only. There is a clear imperative to find new approaches and tools that could address today's reality in the cybersecurity environment.

Open-source intelligence (OSINT) harvesting from the public internet holds promise for gaining valuable threat insights through analysis of technical forums, malware databases, and vulnerable systems. When incorporated into defensive systems, OSINT data fuels proactive detection and rapid remediation by uncovering indicators of new exploits, botnets, and planned intrusions. However, the sheer quantity of publicly available information online far surpasses what can reasonably be scrutinised by human analysts within security operations centres [8]. Automated processing is required to extract meaningful intelligence from this firehose of OSINT sources at the scale and speed demanded in modern cyber defence.

Artificial intelligence (AI) shows potential for extracting actionable threat intelligence from vast troves of OSINT at machine speeds. Techniques like natural language processing and machine learning can uncover patterns, relationships, and anomalies across structured and unstructured data that would be nearly impossible for people to discern alone or in teams. However, while initial studies highlight AI and OSINT's technical feasibility, many knowledge gaps still need to be discovered regarding practical challenges, limitations, and real-world efficacy for critical functions like real-time threat detection [9]. Other issues remain open regarding model fitness, adversarial attacks, bias, needed resources, costs of maintenance, and ethics, as these all need to be confirmed with experiments.

The current research landscape leaves security practitioners needing comprehensive guidance on standardising and operationalising effective, responsible AI-driven OSINT methodologies. This limitation undermines organisations' ability to harness these promising approaches for proactive cyber defence and leaves a crucial area of cybersecurity techniques relatively underdeveloped. Clearly defined knowledge gaps must be addressed to optimise AI and OSINT integration as envisioned [10]. This study aims to assess the efficacy of AI-driven OSINT approaches in cybersecurity, focusing on identifying gaps in the current literature and evaluating how these tools can be optimised for enhanced real-time threat detection. The objectives proposed in this manner are provided below:

• To analyse the current state of AI-driven OSINT tools and their application in cybersecurity.
• To evaluate the strengths and limitations of integrating AI with OSINT for real-time threat detection.
• To identify critical gaps in existing research on AI and OSINT in cybersecurity, particularly in relation to practical implementation.
• To propose potential solutions and future research directions for improving the efficacy of AI-driven OSINT approaches in cybersecurity.

The purpose of this research is to evaluate the current status of incorporating artificial intelligence techniques in open-source intelligence collection for cyber threat detection. More specifically, the study will be designed to uncover lacunae in extant scholarship in relation to widely acknowledged applications and limitations of AI and OSINT for operational functions like threat detection in real-time. By evaluating the strengths and limitations of these approaches as described in previous works, this study seeks to uncover areas in need of further exploration and empirical validation. Figure 1 below shows the trend of OSINT and AI literature over the years. It can be determined that the trend of OSINT and AI literature has increased over the years due to the increase in the use of these technologies. 

Figure 1 OSINT and AI literature over the years (1992–2021)

Source: [11]

The identified areas of knowledge have then been used to formulate recommendations for enhancing the future developments of AI-based OSINT procedures to enhance its prospects as it will be practised inside a security operation environment. Recommendations may involve best practices for addressing challenges, such as data bias, continuous adversarial evasion, suitable infrastructures depending on the organisation's demands, and more, as well as methods of consistent model management. The purpose is to offer information that can benefit both researchers in creating subsequent applications and practitioners in deciding where and when to implement AI-based OSINT into their cybersecurity plans. Finally, this is expected to improve the protection of systems and data by including intelligence-driven methods.

With the threats in cyberspace changing constantly and more opportunities for attacks being created all the time, intelligence-led protection methodologies have become crucial. It is only where these areas of knowledge are currently lacking that such enhancement concerns appear relevant at all to integrating AI and OSINT as techniques that can transform cybersecurity from a one-off process utilising on-average solid and scalable best practices into one that is capable of moving at the speed of change necessitated by the threatscape. This research also seeks to improve current cyber security measures by identifying numerous limitations in previous studies and offering workable recommendations to mitigate risks for developers and end users of AI-based OSINT tools. In sum, this work aims to provide new insights toward the more responsible implementation of these instead of promising technologies for the benefit of society.

2. Methods

2.1 Research Design 

Research design is the blueprint of a research process which explains all the methodological decisions and choices made that led to the completion of the study. There is a range of research designs adopted in the research community, but the choice is dependent upon the main research aim. This study aims to assess the current state of AI and OSINT integration in cybersecurity contexts. By identifying gaps in existing literature, recommendations can be made to inform further development and standardisation of effective AI-empowered OSINT methodologies for enhanced proactive cyber defence. Since this study is focused on reviewing the literature, the systematic literature review (SLR) design was deemed most suitable.

SLR is a methodology that allows researchers to conduct a critical appraisal of existing literature by systematically selecting studies, i.e. a search strategy. Unlike traditional narrative reviews, SLR enhances the reliability and validity of the review. SLR is often used to identify the best available evidence and develop best practices. However, SLR is also appreciated for its ability to synthesise existing literature and identify research gaps [13].

In this study, the SLR started with defining a search strategy by identifying keywords and databases and then continued to filter search results using inclusion and exclusion criteria. All of these steps are explained and discussed in the following sections.

2.2 Search Strategy 

A search strategy is a set of steps that SLR follows to identify and select studies from available evidence for the final review. A search strategy begins with identifying keywords and databases based on research aims and objectives [14]. Both of these choices are critical because they affect the overall reliability and validity of the review. The researchers must select relevant and authentic databases or libraries to ensure that they access the relevant literature. Similarly, researchers must choose keywords in a way that the most pertinent studies match the requirement of the research question [15]. To make sure that keywords were relevant, phrases from research objectives were selected. The following table summarises the keywords and databases selected,

Table 1: Databases and Keywords

* AND is a Boolean Operator often used to combine keywords during search strategy and refine search results 

When the keywords and their combinations were applied in the databases selected, the following results were obtained (see Table 2)

Table 2: Initial Search Results

The results above clearly indicate that there is vast literature available related to the subject and research question of this study, and it is only possible to review some of the evidence retrieved from the databases above. Hence, there is a need to refine the search results and narrow them down to a feasible number of studies. For this purpose, the SLR design allows researchers to use inclusion and exclusion criteria, which can be used to reduce the studies using a set of criteria systematically. 

Inclusion criteria are used to make sure that studies that fulfil these criteria are included in the review. The inclusion criteria ensure the specificity of the search strategy. Specificity implies that the review has relevant literature and does not miss vital evidence to answer the research question. On the other hand, exclusion criteria are used to ensure the sensitivity of the search strategy. Sensitivity refers to the ability of the search strategy to exclude irrelevant evidence and thus enable the researcher to achieve feasibility in the review [16]. Table 3 below provides the inclusion and exclusion criteria applied to reduce the number of studies retrieved in Table 2.

Once inclusion and exclusion criteria were identified, the researcher started sorting and funnelling the search results. Since multiple databases were included, therefore, there was duplication of articles. The researcher consequently started manual perusal of titles and abstracts of articles. The researcher continued to apply inclusion and exclusion criteria and finally selected 24 articles for review. The entire search strategy and results are summarised using the PRISMA flow chart as follows.

2.3 PRISMA Flowchart

A PRISMA flow chart is a commonly adopted standard that helps researchers demonstrate how they executed the search strategy by summarising all steps [15]. The following chart shows that initially, total search was 279985. The researcher started manual perusal of titles and abstracts and applied inclusion and exclusion criteria. A total of 505 articles were found to be duplicated, and 278982 were removed after applying exclusion criteria. The majority of the studies were removed when the publication year filter was used in Google Scholar, which reduced the search results significantly. Finally, after applying inclusion criteria, a total of 24 articles were selected for final review. The search strategy was a lengthy process, but it helped manage the review of a feasible number of studies. 

2.4 Data Extraction and Analysis Technique 

Once studies were selected, the researcher started applying data extraction and analysis techniques. This stage is often called the synthesis of literature [17]. In order to conduct a thorough analysis of the literature, thematic analysis was selected. Thematic analysis is a widely acknowledged data extraction and synthesis technique because it enables analysis of large pieces of text(s) (articles in cases of this review) using categories and themes [18]. Thematic analysis is a commonly used qualitative data analysis technique in social sciences. It can be used to identify recurring and common patterns or themes in large datasets [19]. The thematic analysis is executed by carefully reading and interpreting the data under analysis [20]. The reviewer notes common categories and themes and derives meaningful results from the data to answer the research question [21].

This review started the thematic analysis by carefully reading the abstracts of the articles selected and noting key categories. The reviewer then continued to conduct an in-depth and detailed reading of the main body of the articles and noted common themes with a specific focus on research gaps. The first category identified was streams of OSINT literature in the context of cyber security. This category classifies applications and implementation of OSINT in cybersecurity. A number of themes emerged in this category, which included techniques and tools in cyber security, and a range of different tools were identified. The researcher noted down all the research gaps identified in the selected studies. The second category was strengths and limitations of AI-integrated OSINT in cyber security. This category also included a number of themes, such as anomaly detection behaviour analysis and automation of security processes via AI. This category was also explicitly focused on identifying research gaps in the context of OSINT applications in cyber security. The third and final section focused on identifying future patterns in the OSINT industry and searching for potential future research opportunities. All of the themes and information were explicitly focused on identifying existing research gaps and searching for potential research areas.

2.5 Key Questions to Address in the Literature

To assess the efficacy of AI-driven Open Source Intelligence (OSINT) approaches in cybersecurity and uncover gaps for enhanced threat detection, it is essential to structure the literature review around key research questions that align with the proposed objectives. The following questions were designed to guide the analysis:

• What are the streams of AI-driven OSINT tools and their application in cybersecurity?
• What are the key strengths and limitations of integrating AI with OSINT for real-time threat detection?
• What gaps exist in the current research on AI and OSINT integration for cybersecurity?
• What potential solutions and future research directions as per industrial trends could improve the efficacy of AI-driven OSINT approaches?

2.5.1 What are the streams of AI-driven OSINT tools and their application in cybersecurity?

This question has helped determine what are the most commonly used AI-driven OSINT tools in cybersecurity and how these tools are being deployed for threat detection, threat intelligence gathering, and cyber risk management. In addition, it also determined how these tools compare with traditional OSINT approaches in terms of accuracy, efficiency, and scope.

2.5.2 What are the key strengths and limitations of integrating AI with OSINT for real-time threat detection?

This question helped to determine what AI techniques (e.g., machine learning, natural language processing) are most effective when applied to OSINT data for cybersecurity purposes and how AI enhance the speed, scalability, and precision of OSINT in identifying and mitigating cyber threats in real-time. In addition, it also provided insights into the benefits of automation in AI-driven OSINT for detecting emerging threats and trends. Moreover, it also helped to determine the main technical, ethical, and operational challenges associated with AI-driven OSINT approaches, along with the issues related to data privacy, biases, and misinformation when applying AI to OSINT in the context of cybersecurity.

2.5.3 What gaps exist in the current research on AI and OSINT integration for cybersecurity?

The third question was developed to determine where the literature falls short in addressing the practical implementation of AI-driven OSINT in threat detection and whether there are any underexplored areas related to specific types of cyber threats (e.g., nation-state actors, ransomware, zero-day vulnerabilities). Moreover, it also helped determine how well existing studies account for real-world deployment challenges, such as the scalability of AI models and integration with security operations.

2.5.4 What potential solutions and future research directions as per industrial trends could improve the efficacy of AI-driven OSINT approaches?

The last question developed for the literature was related to the emerging AI technologies or methodologies that could be integrated into OSINT to enhance threat detection capabilities. In addition, it also determined how the current limitations of AI-driven OSINT tools can be addressed to improve their reliability and scalability. 

These questions have helped structure the literature review, providing a comprehensive understanding of the current state of AI-driven OSINT while also identifying areas where more research is needed.

3. Different Aspects of Literature Review 

3.1 Introduction 

In order to gain an understanding of the state of the art of AI-powered OSINT and its application in cybersecurity, it is critical to reiterate the basic concepts of OSINT and current and future trends in the open source intelligence (OSINT) market. OSINT is information obtained by processing and analysing public data sources such as television and radio, social media, and websites. These sources provide data in text, video, image, and audio formats. The evolution of OSINT is based on the increasing demand for fast and 360° intelligence, which is generated by disparate data sources. These are critical to address public safety. OSINT enables the government and security agencies, as well as private organisations, to take swift and effective actions against cyber threats while also gaining competitiveness. Commercial organisations have the benefit of monitoring and analysing market data to gain insights into market trends and competition [22].

Many of the OSINTs' tools and techniques are integrating Artificial Intelligence (AI). OSINT involves collecting video, audio, and text data from publicly available sources and analysing it to extract information from various channels. The analysis is based on AI and machine learning algorithms and deep neural networks that allow the system to learn from the data and achieve and refine the recognition of patterns, trends, and relationships [23]. For example, in the case of a TV interview, OSINT can identify both the interviewer and the interviewee (video analysis), the key topics of discussion (voice and text analysis), how viewers react on social media (text analysis) and automatically provide, for example, opinion clusters, trends and viewer sentiments [24].

The value of the Open Source Intelligence (OSINT) Tools market was USD 9.74 Billion in 2024 and is projected to reach USD 43.72 Billion by 2032. The CAGR is 20.65% [25].

Figure 2 OSINT market source [25]

The products, i.e. tools in the OSINT market, include diverse programs as well as hardware which are designed and tailored to meet the individual needs of users. However, standard functions include collecting, examining, and deciphering data from open sources that are publicly available. Some of the familiar sources of data and information for these tools include massive volumes generated by social media platforms, government publications, news sources, forums, and other online websites. These can be easily acquired and examined [26]. The common purpose of OSINT tools is to extract useful information from the data and provide valuable insights for cybersecurity systems which are deployed for law enforcement, corporate intelligence, national security, and other competitive analysis [27].

As mentioned, there are diverse products catering to unique individual requirements related to competitive intelligence, threat intelligence, and social media that define the OSINT tools market. These are cutting-edge technologies and techniques that can sort massive data sets, identify patterns, and derive meaningful information. Some of the commonly used algorithms in these OSINTs are natural language processing (NLP), data mining, and other machine learning techniques. The capabilities of OSINT technologies increase significantly when AI is integrated, and they provide more accuracy and effectiveness [28].

Both established cybersecurity companies and cutting-edge organisations dominate the OSINT tools market. These companies offer a variety of solutions, from comprehensive intelligence platforms to specialised applications targeting specific industries or data types. The market is driven by the growing need for better decision-making tools in government and business operations, increased cyber risks, and the increasing need for real-time intelligence [29].

3.2 Streams of OSINT Literature on Application and Implementation in Cybersecurity

From the cyber intelligence and intelligence perspective, data represent relationships both jointly and in isolation in such a way that they give a specific value to information under defined contexts [30]. Precisely Cyber intelligence focuses on protection and intelligence in the search for risks or threats in computer systems, which are used as primary source assets available in information systems (databases and information networks). The use of open sources through the assets available in information systems allows intelligence and counterintelligence to be carried out at a low cost and with limited risk, being the essence of the application of OSINT techniques and tools [31].

It is essential to emphasise the role that OSINT plays in intelligence. Intelligence here is defined as the process by which information relevant to national security is required, collected, analysed and processed for decision-making. Based on this definition, it can be stated that information collected from open sources through OSINT becomes Intelligence when it is collected, analysed, exploited and disseminated in response to a specific Intelligence requirement under a case study or investigation [32].

3.2.1 Techniques and Tools of OSINT in Cybersecurity 

Given the constant increase in Internet consumption and all its interconnected services, as well as the growth of insecurity, the need arises to take extreme protection measures. From a social point of view, it is necessary to analyse the different scenarios that could occur; this is where several techniques for data collection appear [33]. The history and use of OSINT have been spreading over the years. There are several events worldwide known as "hackathons", in which participants from various places meet to show their skills in the field of research using OSINT techniques [34].

In May 2022, the first exclusive OSINT and social engineering conference called "Osintomático Conference 2022" was organised and held in Madrid, Spain. There were 25 presentations attended by 550 attendees at the event. The activities were focused on imparting knowledge and raising awareness among participants. As a highlight of the event, there was an activity called CTF (Capture The Flag), which is nothing more than a contest in which the people who participate collect points by meeting goals or objectives; for this, they make use of OSINT tools and their particular knowledge. The theme of the contest was to search for clues about missing people in real life.

It is critical to note that OSINT tools and techniques do not serve as or are alternatives to firewalls and antiviruses; instead, they are focused on gathering and providing intelligence. More specifically, OSINT is used to search and extract data (from open sources), analyse patterns and traces and draw conclusions from incidents to enable effective decision-making for cyber security [35]. 

Search engines are the most common and primary sources of data and information for OSINT. A very effective technique for OSINT consists of performing searches through the different search engines that can be found on the web. As examples and among the best known, we have the search engines Google, Yahoo, Bing, Dogpile, Yandex, DuckDuckGo, and Ask [35]. Most search engines work similarly and allow you to search for specific words and people by name and photo, search within a particular domain, search for social media profiles, search for files, even search for passwords or dictionaries for brute force attacks, etc. [36].

Google's search engine is one of the most famous around the world; in this search engine, there is something known as "dorks" that help searches to be as precise as possible. Citing some "dorks" for a better understanding that is available [37]. Search for specific terms when quotation marks are used, search within a particular domain citing terms and the URL, search for file type specifying the extension, search for the title of the web page, search with wildcards that allow, for example, to search for incomplete texts using the asterisk wildcard [38].

In reference to image search, this has been very useful in recent years; facial recognition is shown as a broad resource with the appearance and use of security cameras, excellent quality cameras in mobile phones, and the consequent exposure on the Internet creates the perfect environment to make comparisons through artificial intelligence to find someone or at least know more accurate data that allows their location [39]. The search engines mentioned can be used as tools. However, it should be noted that there are search engines specialised in the collection of more specific data, such as the Shodan search engine, which, with its filters, is capable of finding IP addresses of various devices with specific ports open on the Internet [40].

It is essential to know that any of the OSINT techniques is a good complement when considering implementing an Information Security Management System based on the ISO/IEC 27001 standard. In various studies such as [41], the application of multiple techniques, including Google Dorking, is observed to expose the security flaws present in multiple case studies. 

The table above summarises the first category and sub-themes identified in selected studies. It is important to note that this table is brief and does not cover all the tools and techniques; however, it provides a bird's eye view of the different streams of literature on AI and OSINT being used in cyber security.

3.3 Strengths and Limitations of AI Integration with OSINT 

Artificial intelligence can do more than generate photorealistic images and written content. It is a powerful tool that has found its way into many fields, from medicine to finance, e-commerce, manufacturing, and, unsurprisingly, cybersecurity. At first glance, AI Cybersecurity seems like the perfect solution. After all, AI tools are known for their speed, efficiency and accuracy, which means that they can deal with any cybersecurity threat with the greatest of ease [42]. However, there are some drawbacks to using AI in OSINT for accurate time threat detection. In this section, the focus of the discussion is to identify the benefits and risks of AI-based OSINT for accurate time threat detection and find out whether AI should be integrated into this field or not [43].

Firstly, it is critical to understand the way AI fits into OSINT for accurate time threat detection and the modern cybersecurity landscape. Artificial intelligence is not a new concept in cybersecurity, as it has been around since the early 1950s [44]. However, it is only recently that AI tools have become "smart" and powerful enough to be used in many applications, including cybersecurity. For example, many antivirus programs rely on AI to detect malware and other anomalies that could threaten a network and system. The main reason is that these programs can learn and improve over time with the help of AI and machine learning, which is a significant benefit [45].

However, there are also limitations, such as the fact that it might take a while for an AI-based cybersecurity program to figure out how to deal with a specific computer virus when it first comes into contact with it. However, the next time it does, it will know what to do to fix the problem in no time. The more a network security AI tool comes into contact with various malicious programs, the more it learns about them and the more effectively it removes them from the system [47]. Focusing on the benefits of AI in cybersecurity, general literature indicates that artificial intelligence and cybersecurity often go hand in hand for several good reasons. Following are just some of the advantages of using AI for system and network security.

3.3.1 Anomaly detection and behaviour analysis over time 

With AI security, professionals can deploy advanced protection against all threats, including computer viruses, worms, botnets, ransomware, adware, and other malware. That's because AI monitors the systems and user and program behaviours at all times and can quickly identify anything out of the ordinary. It immediately flags any anomalies in network traffic and instantly indicates risks or threats to security. It can detect a threat that would take human hours (if not days) to detect before it has enough time to cause any damage [48].

3.3.2 Analyse large amounts of data

Another advantage of combining cybersecurity and AI is that the latter can process and analyse large amounts of data quickly. An AI-based cybersecurity tool can simultaneously monitor different devices, networks, and endpoints, keeping a close eye on everything that happens and detecting threats in real time [49]. Not even an entire team of IT professionals could process such vast amounts of data as quickly and efficiently as AI.

3.3.3 Streamlining cybersecurity processes and operations

In theory, the central role of AI in cybersecurity (or any other field) is to streamline and automate all processes. For example, when trying to secure a network, experts would have to do a million little things if they were to approach the task manually [50]. They would have to check emails for spam, scan all the devices that connect to the system and its nodes, check the websites the users visit, assess the devices connected to the network, and manually update all apps and software, among many other manual tasks. Using AI experts can streamline these and other processes [51]. They can continuously monitor your network and efficiently perform time-consuming, repetitive tasks.

3.3.4 Proactive responses

As stated above, the main driver of AI's power is its ability to learn and improve over time. This feature can be valuable in the face of evolving cybersecurity threats. Therefore, an AI-based cybersecurity solution can learn to identify even novel threats at an early stage and build defences against them before they can cause damage. It can develop proactive responses, protecting the systems at all times [52]. Rather than helping experts fight off a viral infection, it can prevent it from occurring in the first place. Considering that most AI cybersecurity solutions monitor the network and all activity on it at all times, it's no surprise that they can do more than detect threats. They can also keep an eye out for any potential vulnerabilities that a cybercriminal could exploit. AI solutions can quickly detect how malware exploits existing vulnerabilities in the system and suggest solutions. In many cases, they might even fix them [53].

3.3.5 Reduction of human errors

An often overlooked but highly valuable advantage is that AI-based cybersecurity solutions can significantly reduce the risk of human error. They can scan the network and its systems, monitor user and program behaviours, analyse all incoming and outgoing traffic, and automate tedious processes. In this way, AI solutions can up the ante on cyber defences and prevent experts from making mistakes due to fatigue. However, there are also limitations and risks of using AI in cybersecurity. Artificial intelligence is not everything. The use of AI in cybersecurity poses specific risks [54]. 

Artificial intelligence can improve the defences against all cyber attacks, from malware to hacking attempts. However, just as security experts can use AI to strengthen their defences, cybercriminals can also use it to enhance their attacks. Criminals can harness the power of AI technology to modify malware and make it more resistant to the defences [53]. For example, they can use AI to create more believable phishing scams or deepfake videos for ransomware attacks. They can use it to find ways to shield malware from detection and make it easier for it to infect and corrupt the files. Once the files get corrupted or lost after a malware attack that an AI-based antivirus program has not stopped, the system owner incurs costs to recover the files [51].

The entire discussion above is summarised in the following table.

3.4 Research Gaps in Research on Practical Implementation

As per the third objective identified in this study, this section is organised to analyse the state of the art of AI and OSINT with a specific focus on implementation and identify potential research gaps that can be used to make recommendations for future research in this field. As discussed earlier, AI and OSINT have spread to various industries and have gained a foothold in different fields; therefore, the practical applications are diverse. Hence, this section retrieves information from diverse studies which focus on the implementation of AI and OSINT and provides current research following the research gap in each area. 

3.4.1 Leveraging AI and Machine Learning to Improve Security

One of the areas of implementation for AI and OSINT is security improvements. A review of recent studies shows that the digital age is ever-evolving, and organisations (both commercial and non-commercial) are facing innumerable challenges in security, which are credible threats to their survival. Integrating AI and ML into security measures can be a vital protection against threats [51]. The majority of the studies discuss the way these technologies have automated the process of detecting potential risks. There are also studies focusing on how AI based on security measures such as OSINT are able to learn and adapt to emerging threats with more agility than traditional processes [42]. The ML can react and trigger countermeasures when a threat is detected [44]. For instance, AI and ML can enable OSINT to automatically isolate infected segments of the network and prevent malware from spreading to the entire system. In this area, the central joint research gap identified in studies is the need for more research on the efficacy of AI-powered OSINT in blocking diverse threats.

However, the authors also identify that there are research gaps. In this area, one of the joint research gaps is the need for more research on how cybercriminals are countering security measures. There is also a need to research how AI can improve OSINT in monitoring the evolution of security attacks. 

3.4.2 Predictive threat analysis

Another typical implementation of AI in cybersecurity is the potential of algorithms to handle large data sets (which humans cannot handle) for prediction and identification of potential breaches in security [43]. For instance, AI-enabled systems are able to monitor traffic in the network on a timely basis and flag abnormal patterns, which could be a cyber attack(s) such as a distributed denial of service (DDoS) [36]. The central research gap in this area is in the use of sophisticated algorithms and large data sets. As the amount of data grows, there will be ample research opportunities to find new insights and predictive models.

3.4.3 Behavioral Analysis

User behaviour analyses are also standard in research studies. Researchers show that AI can detect anomalies and make suggestions about compromised security mechanisms [51]. For instance, if one of the authenticated users accesses the system from an unusual location, AI-based OSINT can detect the incidence and impose additional measures for authentication [45]. The research gap in this area is to evaluate the effectiveness of different additional measures for authentication to ultimately find the most effective measure(s).

3.4.4 Intelligent Threat Hunting and Improved Incident Response

AI using ML algorithms can uncover hidden threats and thus enable a proactive approach to threat hunting. This is in line with analysing large datasets where threats are more accessible to hide [38]. For instance, AI-based OSINT is able to identify subtle and persistent threats that may evade basic security mechanisms [46]. The potential research area in this field is conducting experiments on virtual systems with mock hidden threats and training algorithms for practical purposes. 

Incidence response is also a common research area for AI-based OSINT tools. These tools aim to assist in the agility of incident response as they can analyse the causes of a breach faster and suggest standardised, automated solutions and evidence-based courses of action [55]. Ultimately, the downtime will be reduced [47]. In this aspect, the research gaps identified include evaluating downtime periods, evaluating agility, and measuring success rates of algorithms. 

3.4.5 Security Orchestration

Unlike humans, AI can coordinate simultaneously with multiple security tools and use them in unison, thus streamlining response against threats [37]. This can be visualised as a symphony which is produced by an orchestra using different instruments in harmony [57]. So, AI can be an orchestra that creates a symphony of security mechanisms to counter threats [48]. The research gap in this context is related to developing sophisticated algorithms that can manipulate mechanisms and test them against known threats. 

In the dynamic world of cybersecurity, incorporating OSINT threat intelligence into security operations is not only beneficial but also imperative for the survival of technology users [56]. This integration allows organisations to proactively identify, assess, and mitigate potential threats before they can impact business operations [32]. By leveraging data-driven insights, security teams can shift from a reactive to a proactive stance, adapting their defence mechanisms to the ever-evolving threat landscape [48]. A number of studies have focused on the potential of OSINT in this aspect of cyber security and identified various opportunities for more research.

3.4.6 Contextual awareness for Real-time threat analysis

OSINT can improve detection capabilities by adding context to raw data. This could involve correlating threat data with internal logs to identify suspicious patterns [49]. For example, a threat intelligence feed indicates an increase in phishing attempts targeting a specific industry. In that case, security operations can increase scrutiny of incoming emails and educate employees accordingly [50]. In this context, the researchers have the opportunity to conduct research on different industries and provide generic and customised solutions. OSINT can use threat feeds in real-time to analyse potential threats before and during they emerge. For instance, if a new malware variant is reported, security operations can immediately check their systems for related indicators of compromise (IoCs) and take preventative action [49]. In this regard, researchers have designed IoCs and recommend research to improve current and develop new IoCs.

3.4.7 Strategic Planning and Collaborative Defence

AI uses ML and historical threat intelligence to inform strategic security planning. Analysing past incidents and trends can help predict future attacks and guide the development of solid security policies [33]. For example, if data breaches in an industry are often related to weak authentication protocols, implementing multi-factor authentication becomes a priority [51]. Similar to previous research gaps, there are opportunities to find standard and industry-specific weak policies and make relevant suggestions. Unlike humans, AI has the potential to participate in large, complex information-sharing platforms with other organisations to gain a collective defence advantage [48]. When a similar company encounters a new attack vector, sharing this information allows organisations to strengthen their defences against similar tactics [38]. Similarly, AI can integrate threat intelligence with security automation tools to enable a rapid response to identified threats. Automation can speed up the quarantine of affected systems, as seen when a ransomware attack is detected, minimising potential damage [52].

Based on the discussion above, this category and relevant themes are presented in the following table.

3.5 Potential Solutions and Research Directions as per Future Industrial Trends 

Based on the discussion of various research gaps in the previous section, it is clear that there are diverse opportunities for OSINT researchers to conduct more studies. However, in the last section, research gaps and research opportunities were based on an analysis of the implementation of AI-powered OSINT. In this section, the research opportunities are presented within the context of future trends in security threat intelligence as an industry. In the ever-evolving realm of cybersecurity, staying ahead of potential threats is not just a matter of strategy but of survival; businesses are constantly vulnerable, particularly if they have limited resources to allocate to security. The threat intelligence landscape is changing, with advances in technology and shifts in attacker tactics driving new trends that businesses need to be aware of to safeguard their future.

3.5.1 Automation and Machine Learning

A significant trend in the OSINT industry is that cyber threats will continue to become increasingly sophisticated, and the use of automated systems and machine learning algorithms for detection and response to threats will also spread by leaps and bounds [42]. For instance, anomaly detection systems will be developed to identify abnormal patterns that may indicate a breach [39]. Machine learning will be helpful in predicting and preventing zero-day attacks as it can analyse large data sets and recognise potential vulnerabilities before cyber criminals can exploit them [52]. Therefore, it is recommended that researchers focus on these areas and design new ways of automation using machine learning and integrating OSINT in these systems.

3.5.2 Threat Intelligence Platforms (TIPs)

Tips are also a significant trend in this industry. These platforms are becoming more user-friendly and increasingly integrated to allow organisations to leverage intelligence from shared information accumulated from various sources [34]. A TIP can correlate data from diverse sources, offering a more comprehensive perspective of the threat landscape [46]. For instance, a company can use TIP to combine threat data specific to the industry and compare it with global threat intelligence to formulate a tailored security response [53]. This is an essential trend in the future of this industry, and hence, researchers are encouraged to endeavour creative ideas and innovative methods to design new TIPs.

3.5.3 Collaborative Security and Insider Threat

As discussed earlier, collaborative security is an essential feature of the future vision of the OSINT industry. In the future, there will be an increase in collaborative efforts by organisations, even their competitors, who will be sharing threat intelligence for mutual benefit [36]. This collective strategy for defence can be seen in various sectors already, including but not limited to financial services, where business organisations are sharing indicators of compromise (IoCs) to fight widespread fraud [54]. A relevant trend to regulatory compliance is insider threat detection using AI-based OSINT. As remote work becomes the norm, the risk of insider threats increases. Organisations will need to invest in solutions that monitor user behaviour and access patterns to identify potential insider threats [47]. For example, an employee accessing sensitive data outside of regular business hours could trigger an alert for further investigation [56]. There is scant literature on this trend, but rigorous research is required to integrate psychology, behaviour, and cyber technology. 

3.5.4 Cloud security

With the shift to cloud services, organisations need to focus on securing their cloud infrastructure. This includes using cloud-native security tools that provide visibility into cloud environments and protect against misconfigurations, which are a common cause of cloud data breaches [57]. In this area, researchers need to realise that there is scant evidence about the integration of OSINT in cloud security, and compatibility issues are frequent. There are ample research opportunities in this regard.

3.5.5 Regulatory Compliance

The regulatory environment is evolving, and regulations such as GDPR and CCPA are emerging, with strict guidelines and rigorous data protection requirements being imposed [43]. The organisations foresee the need to align their systems for threat intelligence with legal requirements [41]. This compliance is aimed not only at protecting customer data but also to make sure that threat intelligence systems comply with privacy laws [55]. In this area, the foremost research opportunity lies in collaboration with legal experts and defining rules for compliance during the design of OSINT.

The table below summarises the discussion of themes and relevant suggestions in this category.

3.6 Chapter Summary 

Based on the analyses above, there is ample research about the state of implementation and application of AI and OSINT in cybersecurity and a diverse set of tools and techniques have been developed. Each of these tools and techniques has unique strengths and limitations which are applicable in specific contexts. The main strength identified in the discussion above is the ability of AI and OSINT to handle large datasets, automate, and have faster speed than humans. The main limitation is that these tools and techniques are still evolving, and therefore, more research and experiments are required. Another standard limitation is that with the evolution of security measures, counter-security and cyber attacks are also evolving. Based on the discussion of strengths and limitations, by harnessing the power of AI and machine learning, organisations can not only strengthen their defences but also gain a strategic advantage in the threat landscape. The key lies in intelligently layering these technologies within their security infrastructure to create a resilient and responsive system. As these technologies continue to mature, they will become indispensable tools in the arsenal of any startup looking to navigate the treacherous waters of cyber threats.

Furthermore, based on a discussion of future trends for research, by integrating these elements into the fabric of security operations, organisations can not only navigate but also anticipate the threat landscape, turning intelligence into a powerful tool for cyber resilience. The key is not just to gather intelligence but to integrate it in a way that improves the overall security posture, making the organisation not only aware but prepared and responsive to the threats it faces. By understanding the trends in the OSINT industry, organisations and researchers can develop proactive and dynamic approaches to security threat intelligence, ensuring they are prepared for the cyber threat challenges of tomorrow. The key is not just to embrace new technologies but to foster a culture of security awareness and collaboration that can adapt to the changing tides of the digital world.

4. Discussion

4.1 Introduction 

This study aimed to assess the efficacy of AI-driven OSINT approaches in cybersecurity. The purpose of the review was to focus on identifying gaps in the current literature and to evaluate how these tools can be optimised for enhanced real-time threat detection. In order to achieve this aim, this study identified various objectives and conducted a comprehensive review of the literature to accomplish each of these objectives individually, as presented in the previous chapter. This chapter presents a discussion of the results and shows how these objectives have been achieved, referring to the results and interpreting the implications of the results. Similar to the results chapter, this chapter is also organised in accordance with the research objectives and starts with a discussion on the results of the first objective, followed by a discussion of the second objective, and ends with a summary of the debate. 

4.2 Discussion 

The results of the first objective (see section 4.2) show that the application of AI in OSINT in cybersecurity has demonstrated significant advances and has also raised critical concerns. The results showed that AI-powered tools such as OSINT can help improve network security, simulate cybersecurity scenarios, and promote cybersecurity education [58]. However, this same capability can be exploited by cybercriminals to develop malicious software, create fake websites, and carry out more sophisticated social engineering attacks. This duality is mentioned in various research [59] where it is highlighted that AI in OSINT can be exploited to distribute false information on social media and manipulate public opinion, increasing cybersecurity challenges [60].

The results also show that AI in OSINT approaches can reproduce real scenarios, facilitating the development of advanced tools to detect zero-day vulnerabilities and perform pen-testing. However, human oversight remains essential to ensure accuracy and address false positives and negatives [61]. Additionally, the increasing sophistication of AI in OSINT in creating ransomware [62], as well as phishing scams and deepfakes, poses a significant challenge, as conventional detection techniques are becoming obsolete, as discussed in [63]. Furthermore, the ability of AI in OSINT to analyse malicious code and detect malicious behaviours and characteristics, even when employing obfuscation and encryption techniques, is a promising application [64]. AI in OSINT can also automatically generate new security vulnerabilities and attack scenarios, facilitating simulation and improving defence and response capabilities [65].

The results related to the second objective (see section 4.3) focus on the strengths and limitations of applications and techniques. The results show that the applications of AI in OSINT in cybersecurity are varied and promising. According to the review, using text and code analysis and generation capabilities, automatic encryption and secure transmission of information can be achieved [66]. Furthermore, OSINT tools can analyse large volumes of threat intelligence data, helping to anticipate future threats to network security [67]. 

AI-powered OSINTs enable faster identification of vulnerabilities and automation of test scenario generation, reducing the need for manual intervention and enabling more thorough assessment [68]. It can simulate the behaviour of real attackers by learning from patterns and adapting to new tactics, providing a more realistic understanding of how adversaries may act [70].

Malware identification has been improved by research methodologies based on Generative Adversarial Networks. Various tools mentioned in the reviewed studies provide automated network security, malware protection, and privacy compliance monitoring services [71]. OSINTs are also used to generate email messages that trick scammers, wasting their resources and prolonging their interaction with them. Generative AI can analyse large amounts of data to identify patterns and anomalies that indicate the presence of threats, generating reports and alerts based on these analyses [72]. AI in OSINT enables defenders to accelerate and automate the incident response process, analyse cybersecurity incidents, generate reports on incidents and threats, and make strategic recommendations [73]. Generating persuasive honeypots to lure attackers and analyse their methods is another significant application of AI in OSINT [74].

However, the review also shows that there are significant risks and limitations. The implementation of Generative Artificial Intelligence in cybersecurity faces numerous ethical challenges, risks, and limitations. The exposure of personal information and threats to social security are critical concerns. Generative models can increase the risks of information and political manipulation, affecting electoral processes [75]. The use of AI in OSINT raises ethical and legal issues, including the possibility of biased results if models are trained with non-representative data, which can lead to unfair test scenarios or failure to detect specific vulnerabilities [76].

In addition, the use of large amounts of data to train AI models raises concerns about privacy and data security, as sensitive information can be exposed. Collecting large volumes of data to train AI models raises concerns as sensitive information can be exposed. AI systems require a large amount of computational resources, which can have an adverse effect on the ecosystem. Challenges also include the possibility of adversaries injecting perturbations into the input data to replicate models or impair performance [77]. Privacy concerns include model theft and poisoning, as well as the persistence of biases present in training data. Lack of transparency and control by companies and users is also a significant challenge, which can result in unfair or discriminatory decisions. Large-scale language models (LLMs) present several challenges and limitations in cybersecurity. These models focus on generating responses but do not always prioritise accuracy, which can result in the generation of incorrect or misleading responses, known as "hallucinations" [78].

Protecting Personally Identifiable Information and other sensitive data is vital to maintaining user security and trust. Finally, researchers, developers, and policymakers must work together to address these challenges and ensure the integrity and security of AI-based systems. The implementation of emerging AI security frameworks guides security teams on best practices, controls, recommendations, and procedures [79].

This review is an extensive and comprehensive evaluation of the literature and shows the state of generative artificial intelligence-based approaches for OSINTs in cybersecurity. Although previous studies [systematic reviews] have conducted thorough reviews, these have focused exclusively on the security and privacy of generative AI. Other studies, such as [80], have focused on specific tools such as ChatGPT. In contrast, research such as [81] has explored applications in particular fields, such as cybersecurity threats, pen testing, ransomware, and digital forensics [82]. This research covers a broader perspective, providing a comprehensive overview of the applications, techniques, ethical challenges, risks, and limitations of generative AI in cybersecurity. This work is limited to answering the research questions posed, providing an overview of the current state, applications, techniques, ethical challenges, risks, and limitations of generative AI in cybersecurity and presenting research gaps. However, there are particular areas where generative AI is at its peak, such as the Internet of Things (IoT), network physical layer, pen-testing, ransomware, and digital forensics, which have yet to be explored in depth in this review.

In the third objective, the main requirement was to identify critical gaps in the literature with a specific focus on the implementation of AI-powered OSINTs. A significant trend identified in OSINT is security improvements [83]. Based on the review, the main research gaps and opportunities are to increase research attempts focusing on analysing and countering the security measures of cyber criminals. It is further asserted that there is a need to investigate the way AI can make improvements in OSINT in terms of monitoring and understanding the trends in security attacks.

One of the standard implementation aspects of AI and OSINT in cybersecurity is using algorithms to handle massive data sets that are beyond the capacity of humans [84]. The algorithms can predict and identify potential sources of breaches and suggest improvements in security [85]. In this area, the central research gap is in conducting studies that can apply very sophisticated algorithms to handle large data sets. The amount of digital data will continue to grow, offering ample opportunities for researchers to use predictive models and find new insights [86]. The researchers can apply AI and ML to enable the security system to react and trigger countermeasures based on their analysis of hidden threats in the data [87]. Similarly, a research gap has also been identified in these types of current studies. More research is needed to evaluate the efficacy of AI-powered OSINT in blocking diverse threats.

Another significant stream of literature identified from the review is studies focusing on user behaviour [88]. These studies have contributed comprehensive scientific evidence, but there is a gap in this area that there needs to be more evaluation of the effectiveness of additional measures that OSINT trigger to enhance authentication mechanisms and compare them with other security measure(s) [89]. One of the purposes of AI-based OSINT is to detect and uncover hidden threats and design and implement a proactive system to manage threats [90]. There is a potential research opportunity in this field that only scant studies are available experimenting with virtual systems and using mock hidden threats to train algorithms and then deploy them in practical scenarios. Another common trend in OSINT studies is the studies on Incidence response [91]. Potential research opportunities in this aspect are to evaluate changes in downtime periods, agility, and success rates of OSINT and AI algorithms.

AI can aid humans in cybersecurity because they are able to simultaneously coordinate with multiple tools for security and manage them in unison [92]. This way, OSINT can streamline response against threats [93]. Based on the review, there is a research gap in this context, so they can develop practical algorithms and manipulate security mechanisms while testing them against known threats. There are also studies which use OSINT to analyse threat feeds in real-time and assess potential threats in real-time [94]. The studies in this regard designed IoCs but also acknowledge that improvements are needed in current IoCs. 

Another stream of OSINT literature is focused on improving detection capabilities from large raw datasets. The studies in this context are generic and theoretical and lack practical case studies [95]. Therefore, the gap in this regard is in conducting industry-specific case studies and offering customised and tailored solutions. Some studies focus on strategic security planning and the use of AI and ML to analyse historical threat intelligence [96]. The research gap in this context is similar to the previously mentioned lack of case studies, which industry-specific case studies can fill.

The fourth objective of this study was to propose solutions and suggest future research opportunities focusing on major trends in the OSINT industry. Based on the review, it can be observed that a vital industry trend is that the sophistication of cyber threats and criminals will likely increase in response to developments in the security industry. The reports on industry trends also show that there will be an increase in the automation of systems and machine learning algorithms with the aim of detecting and countering threats [98]. Hence, researchers are encouraged to focus on this trend and develop creative new designs for automation.

A significant trend is the emergence and likely strong foothold in TIPs. Recent studies show that these platforms have improved in terms of user-friendliness and are welcome to be integrated into existing security systems. The organisations welcoming TIPs aim to leverage the intelligence platforms by sharing information and gaining mutual benefits. It is also a critical future trend in this industry and, therefore, presents ample research opportunities where researchers can use their creative ideas to design new innovative methods in TIPs. 

The review also showed that one of the future trends is the increase in collaborative efforts. Disparate organisations will share disparate information input data sets for security OSINTs, and this sharing will provide mutual benefits. Researchers can explore the ways in which information can be shared, filtered, and protected to encourage collaborative efforts. Another important trend in this industry will have a significant effect on the development of the regulatory environment and regulations (recent examples are CCPA and GDPR). It is expected that stricter guidelines and data protection regulations will be created across the globe at the regional and state level. Hence, the primary research opportunity in this regard is for researchers to collaborate with legal experts to understand and define how AI-based OSINTs can ensure compliance. There is also the risk factor that as remote working becomes the new normal, the insider threat risk will increase [98]. There are only limited studies on insider threat management using AI and OSINT. Therefore, rigorous research is needed to address this concern and apply AI and OSINT to this area of cybersecurity.

4.3 Summary 

This study has conducted a systematic literature review on the current state of the art in the application of generative artificial intelligence in the cybersecurity field, providing a comprehensive overview of the current state, promising applications, ethical challenges, risks and associated limitations. The main findings highlight that AI in OSINT is being used both in the implementation of defensive strategies and in the execution of offensive actions in the cybersecurity field. Its ability to generate complex content improves the simulation of security scenarios and the detection of vulnerabilities. Still, cybercriminals can also exploit it to develop advanced social engineering techniques and generate malicious code, increasing privacy and data security risks. This review and elaborated research contribute to the understanding of how AI in OSINT can transform the cybersecurity field. By addressing both beneficial applications and risks and challenges, a solid foundation is provided for future research that can explore more specific areas and develop theoretical and normative frameworks for the responsible use of AI. There are various streams of literature, but the common aim is to apply AI and OSINTs in the cybersecurity area and make improvements. The studies in this area are very diverse in terms of aims and methodologies, and therefore, there are ample research opportunities in each stream, as discussed in this chapter. Thus, researchers are encouraged to use this review to identify research gaps and essential trends in this study industry and apply their skills and creativity to contribute towards literature as well as practical implementation.

References

1. Ö. Aslan, S. Authors, and A. N. Others, “A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions,” Electronics, vol. 12, no. 6, p. 1333, 2023.
2. L. J. B. Amaro, S. Authors, and A. N. Others, "Methodological framework to collect, process, analyse and visualise cyber threat intelligence data," Applied Sciences, vol. 12, no. 3, p. 1205, 2022. 
3. Y. Zhang, “Uncovering threats from the surface web and darknet: A qualitative analysis of content relating to cybersecurity and critical infrastructure,” M.S. thesis, 2022.
4. A. Adel and M. Norouzifard, “Weaponisation of the growing cybercrimes inside the dark net: The question of detection and application,” Big Data and Cognitive Computing, vol. 8, no. 8, p. 91, 2024.
5. H. Q. Vo, "Utilising intelligence preparation of the operational environment to design an operational cyber intelligence framework," Ph.D. dissertation, Macquarie University, 2021.
6. S. R. Sindiramutty, “Autonomous threat hunting: A future paradigm for AI-driven threat intelligence,” arXiv preprint arXiv:2401.00286, 2023.
7. V. V. Vegesna and A. Adepu, “Leveraging artificial intelligence for predictive cyber threat intelligence,” Int. J. Creative Res. Comput. Technol. Design, vol. 6, no. 6, pp. 1–19, 2024.
8. J. Puleri, “Law enforcement and open source intelligence: Evolution, technologies, and privacy issues,” M.S. thesis, Utica College, 2021.
9. P. Balasubramanian, S. Authors, and A. N. Others, “TSTEM: A cognitive platform for collecting cyber threat intelligence in the wild,” arXiv preprint arXiv:2402.09973, 2024.
10. P. K. Mallick, “Artificial intelligence, national security and the future of warfare,” in *Artificial Intelligence, Ethics and the Future of Warfare*, Routledge India, 2024, pp. 30–70.
11. Ghioni, Riccardo, Mariarosaria Taddeo, and Luciano Floridi. "Open source intelligence and AI: a systematic review of the GELSI literature." AI & society 39.4 (2024): 1827-1842.
12. M. Saunders, and P. Tosey, "Research Design." 2012. pp. 15-30
13. H. A. Mohamed Shaffril, S. F. Samsuddin, and A. Abu Samah, “The ABC of systematic literature review: the basic methodological guidance for beginners.” Quality & Quantity. Vol. 55, no.13p.19-46, Aug 2021.
14. A. Booth, M. S. James, M. Clowes, A. Sutton, “Systematic approaches to a successful literature review.”. 2021. p.1-100 
15. E. Purssell, and N. McCrae, “How to perform a systematic literature review: a guide for healthcare researchers, practitioners and students.” Springer Nature; 2020, p.65.
16. J. Bettany-Saltikov, and R. McSherry, “How to do a Systematic Literature Review in Nursing: A Step-by-Step Guide, 3/e.” 2024. 
17. C. Hamel, A. Michaud, M. Thuku, B. Skidmore, A. Stevens, B. Nussbaumer-Streit, and C. Garritty, “Defining rapid reviews: a systematic scoping review and thematic analysis of definitions and defining characteristics of rapid reviews.” Journal of Clinical Epidemiology. Vol. 129, p.74-85, Jan 2021.
18. G. Lame, “Systematic literature reviews: An introduction. InProceedings of the design society”. International conference on engineering. Cambridge University Press. 2019 Jul pp. 1633-1642. 
19. A. Davies, “Carrying out systematic literature reviews: an introduction.” British Journal of Nursing. 2019 Aug pp.1008-14.
20. E. Ahn, and H. Kang, “Introduction to systematic review and meta-analysis.” Korean journal of anesthesiology. Vol 71, no.2, p.103-12, Apr 2018.
21. D. Pati, and L. N. Lorusso, “How to write a systematic review of the literature.” Health Environments Research & Design Journal. Vol 11, no.l, p.15-30. Jan 2018 
22. N. A. Hassan and R. Hijazi. “Open source intelligence methods and tools”. New York, NY: Apress; 2018.
23. Evangelista JR, Sassi RJ, Romero M, Napolitano D. Systematic literature review to investigate the application of open source intelligence (osint) with artificial intelligence. Journal of Applied Security Research, vol(16), no. 3, p.345-69, Jul. 2021
24. M. Sarfraz, editor. “Cybersecurity Threats with New Perspectives”. BoD–Books on Demand, Dec. 2021.
25. marketresearchfuture.com. “Open Source Intelligence (OSINT) Market Overview”. [online] https://www.marketresearchfuture.com/reports/open-source-intelligence-market-4545 Accessed 7th Oct 2024
26. R. Prasad, V. Rohokale, R. Prasad, and V. Rohokale, “Artificial intelligence and machine learning in cyber security. Cyber security: the lifeline of information and communication technology”. pp-231-47, 2020.
27. J. Chae, D. Graham, A. Henderson, M. Matthews, J. Orcutt, M. S. Song, “A system approach for evaluating current and emerging army open-source intelligence tools”. In2019 IEEE International Systems Conference (SysCon) pp. 1-5). Apr 2019. 
28. W. Tounsi, and H, Rais. “A survey on technical threat intelligence in the age of sophisticated cyber attacks.” Computers & security. Vol (1), no. 72, p.212-33, Jan. 2018.
29. A. Ramsdale, S. Shiaeles, N. Kolokotronis, “A comparative analysis of cyber-threat intelligence sources, formats and languages.” Electronics. Vol (16), no. 9(5), p.824, May. 2020.
30. B. H. Miller. “Open source intelligence (OSINT): an oxymoron?.” International Journal of Intelligence and CounterIntelligence. vol 31, no.4. pp.702-19, Oct. 2018.
31. M. S. Abu, S. R. Selamat, A. Ariffin, R. Yusof, “Cyber threat intelligence–issue and challenges.” Indonesian Journal of Electrical Engineering and Computer Science. Vol(10), no.1, pp.371-9, Apr. 2018.
32. A. Kanta, I. Coisel, M, Scanlon, “A survey exploring open source Intelligence for smarter password cracking.” Forensic Science International: Digital Investigation. Vol(35), no.3. ---pp.1075, Dec. 2020.
33. S. Mittal, A. Joshi, T. Finin, “Cyber-all-intel: An ai for security related threat intelligence.” arXiv preprint arXiv:1905.02895. May. 2019.
34. M. Ficco, and F, Palmieri, “Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios.” Journal of Systems Architecture. Vol (97), no.1 pp.107-29, Aug. 2019.
35. J. Pastor-Galindo, P. Nespoli, F. G. Mármol, and G. M. Pérez, “The not yet exploited goldmine of OSINT: Opportunities, open challenges and future trends.” IEEE access. Vol (9) no.8, p.10282-304, Jan. 2020.
36. Y. Ghazi, Z. Anwar, R. Mumtaz, S. Saleem, and A. Tahir, “A supervised machine learning based approach for automatically extracting high-level threat intelligence from unstructured sources.” In2018 International Conference on Frontiers of Information Technology (FIT) pp. 129-134, Dec. 2018 
37. P. Ranade, A. Piplai, S. Mittal, A. Joshi, T. Finin, “Generating fake cyber threat intelligence using transformer-based models.” In2021 International Joint Conference on Neural Networks (IJCNN) Jul 18 2021, pp. 1-9
38. F. Alves, A. Bettini, P. M. Ferreira, and A. Bessani, “Processing tweets for cybersecurity threat awareness.” Information Systems.Vol (95), no.10, p.1586, Jan. 2021.
39. T. Riebe, J. Bäumler, M. A. Kaufhold, and C. Reuter, “Values and value conflicts in the context of OSINT technologies for cybersecurity incident response: A value sensitive design perspective.” Computer Supported Cooperative Work (CSCW). Vol (33), no. 2, pp.205-51, Jun. 2024.
40. K. Bezas, and F, Filippidou. “Comparative analysis of open source security information & event management systems (SIEMs).” The Indonesian Journal of Computer Science. Vol (12) no. 2, pp.443-68, Apr. 2023.
41. N. Khurana, S. Mittal, A. Piplai, and A. Joshi, “Preventing poisoning attacks on AI-based threat intelligence systems.” In2019 IEEE 29th International Workshop on Machine Learning for Signal Processing (MLSP) Oct. 2019 pp. 1-6
42. J. R. Evangelista, R. J. Sassi, M. Romero, D. Napolitano, “Systematic literature review to investigate the application of open source intelligence (osint) with artificial intelligence.” Journal of Applied Security Research. Vol 16, no. 3. Pp.345-69, Jul 2021.
43. V. V. Vegesna and A. Adepu, “Leveraging Artificial Intelligence for Predictive Cyber Threat Intelligence.” International Journal of Creative Research In Computer Technology and Design. Vol 6, no. 6, pp.1-9, Jul 2024 
44. I. H. Sarker, “Introduction to AI-Driven Cybersecurity and Threat Intelligence. InAI-Driven Cybersecurity and Threat Intelligence: Cyber Automation, Intelligent Decision-Making and Explainability” Cham: Springer Nature Switzerland, 2024, pp. 3-19.
45. M. Martineau, E. Spiridon, M. Aiken, “A comprehensive framework for cyber behavioral analysis based on a systematic review of cyber profiling literature.” Forensic Sciences. Vol 3, no. 3. pp.452-77, Jul 2023.
46. M. Aragonés Lozano, I. Pérez Llopis, and M. Esteve Domingo, “Threat hunting architecture using a machine learning approach for critical infrastructures protection.” Big data and cognitive computing. Vol 7 no. 2, p.65, Mar 2023 
47. T. Riebe, “Values and Value Conflicts in the Context of OSINT Technologies for Cybersecurity Incident Response.” InTechnology Assessment of Dual-Use ICTs: How to Assess Diffusion, Governance and Design. Wiesbaden: Springer Fachmedien Wiesbaden. 2023 pp. 157-190
48. A. Rodriguez, and K. Okamura, “Enhancing data quality in real-time threat intelligence systems using machine learning.” Social Network Analysis and Mining. Vol 10, no. 1. p.91, Dec 2020 
49. S. S. Chen, R. H. Hwang, A. Ali, Y. D. Lin, Y. C. Wei, and T. W. Pai, “Improving quality of indicators of compromise using STIX graphs.” Computers & Security. Vol 144, p.103972, Sep 2024.
50. F. Pavanello, S. Virtanen, J. Isoaho, M. Giaimo, S. Cagol, “OSINT-based Email Analyser for Phishing Detection.”
51. D. Petrović, and M. Jovanović, “Synergistic Potential of Supercomputing and AI in Shaping Secure Digital Environments.” Quarterly Journal of Emerging Technologies and Innovations. Vol 9, no. 1. p.61-76, Jan 2024.
52. J. R. Evangelista, R. J. Sassi, M. Romero, and D. Napolitano, “Systematic literature review to investigate the application of open source intelligence (OSINT) with artificial intelligence.” Journal of Applied Security Research. Vol 16, no.3. p.345-69. Jul 2021 
53. A. E. Torres, F. Torres, and A. T. Budgud, “Cyber Threat Intelligence Methodologies: Hunting Cyber Threats with Threat Intelligence Platforms and Deception Techniques.” In2nd EAI International Conference on Smart Technology 2022. Cham: Springer International Publishing. Dec 15 pp. 15-37
54. E. Iturbe, E. Rios, A. Rego, and N. Toledo, “Artificial Intelligence for next generation cybersecurity: The AI4CYBER framework.” In Proceedings of the 18th International Conference on Availability, Reliability and Security. 2023 Aug 29. pp. 1-8.
55. M. Kamal, “Legal Implications of AI-Driven OSINT: Insider Threats and Data Leaks in Egypt and the European Union.” 2023.
56. C. Song, J. Zhang, L. Ma, X. Hu, J. Zheng, and L. Yang, “Insider Threat Defense Strategies: Survey and Knowledge Integration.” In International Conference on Knowledge Science, Engineering and Management. Singapore: Springer Nature Singapore. Jul 2024 pp. 106-122. 
57. I. H. Sarker, M. H. Furhad, R. Nowrozy, “Ai-driven cybersecurity: an overview, security intelligence modeling and research directions.” SN Computer Science. Vol 2, no.3. p.173. May 2021 
58. N. A. Hassan, and R. Hijazi, “Open source intelligence methods and tools.” New York, NY: Apress; 2018.
59. M. Hernández, C. Hernández, D. Díaz-López, J. C. Garcia, and R. A. Pinto, “Open source intelligence (OSINT) as Support of Cybersecurity Operations: Use of OSINT in a Colombian Context and Sentiment Analysis.” Revista Vínculos Ciencia, tecnología y sociedad. Vol 15, no.2, 2018
60. O. Yılmaz, “Cyber Security and Open Source Intelligence Techniques. InApplying Methods of Scientific Inquiry”. Intelligence, Security, and Counterterrorism pp. 68-86. IGI Global. 2019
61. N. A. Hassan, R. Hijazi, N. A. Hassan, and R. Hijazi, “The evolution of open source intelligence. Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence.”p.1-20. 2018
62. D. R. Hayes, and F. Cappa, “Open-source intelligence for risk assessment.” Business Horizons. Vol 61, no. 5, p.689-97. Sep 2018 
63. F. Tabatabaei, and D. Wells, “OSINT in the Context of Cyber-Security. Open Source Intelligence Investigation: From Strategy to Implementation.” p.213-31. Jan 2017 
64. B. Akhgar, P. S. Bayerl, and F. Sampson, “Open source intelligence investigation: from strategy to implementation.” Springer. 2017.
65. I. P. Pratama, and A. A. Wiradarma, “Open source intelligence testing using the owasp version 4 framework at the information gathering stage (case study: X company).” International Journal of Computer Network and Information Security. Vol. 11, no. 7, p.8-12. 2019
66. A. Staniforth, “Open source intelligence and the protection of national security.” Open Source Intelligence Investigation: From Strategy to Implementation. Jan 2017. pp. 11-19. Cham: Springer International Publishing.
67. B. H. Miller, “Open source intelligence (OSINT): an oxymoron?.” International Journal of Intelligence and CounterIntelligence. Vol 31, no. 4, pp-702-19. Oct 2018 
68. A. Keliris, C. Konstantinou, M. Sazos, and M. Maniatakos, “Open source intelligence for energy sector cyberattacks. Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies.” pp-261-81. 2019.
69. H. J. Williams, and I. Blum, “Defining second generation open source intelligence (OSINT) for the defense enterprise.” Santa Monica: Rand Corporation. 2018.
70. A. Yeboah-Ofori, and A. Brimicombe, “Cyber intelligence and OSINT: Developing mitigation techniques against cybercrime threats on social media.” International Journal of Cyber-Security and Digital Forensics (IJCSDF). Vol 7, no. 1. pp-87-98. 2018
71. S. Young, “Open-source intelligence (OSINT).” Handbook of SCADA/Control Systems Security CRC Press. 2016 May, p. 289. 
72. K. Li, H. Wen, H. Li, H. Zhu, and L. Sun, “Security OSIF: Toward automatic discovery and analysis of event-based cyber threat intelligence.” IEEE SmartWorld. IEEE. pp. 741-747. 2018 Oct
73. D. Lande, and E. Shnurko-Tabakova, “OSINT as a part of cyber defense system.” Theoretical and Applied Cybersecurity. Vol 1, no. 1, May 2019 
74. N. R. Dionísio, “Improving cyberthreat discovery in open source intelligence using deep learning techniques” Doctoral dissertation.
75. X. Liao, K. Yuan, X. Wang, Z. Li, L. Xing, and R. Beyah, “Acing the ioc game: Toward automatic discovery and analysis of open-source cyber threat intelligence.” Proceedings of the 2016 ACM SIGSAC conference on computer and communications security 2016 Oct pp. 755-766
76. D. Quick, and K. K. Choo, “Digital forensic intelligence: Data subsets and Open Source Intelligence (DFINT+ OSINT): A timely and cohesive mix.” Future Generation Computer Systems. Vol 1, no. 78, pp-558-67, Jan 2018
77. P. Casanovas, “Cyber warfare and organised crime. A regulatory model and meta-model for open source intelligence (OSINT).” Ethics and Policies for Cyber Operations: A NATO Cooperative Cyber Defence Centre of Excellence Initiative. pp-139-67, 2017.
78. G. Settanni Y. Shovgenya, F. Skopik, R. Graf, M. Wurzenberger, R. Fiedler, “Acquiring cyber threat intelligence through security information correlation.” 3rd IEEE International Conference on Cybernetics (CYBCONF) 2017 Jun pp-1-7
79. R. Trifonov, O. Nakov, and V. Mladenov, “Artificial intelligence in cyber threats intelligence.” international conference on intelligent and innovative computing applications (ICONIC) pp-1-4, Dec 2018. 
80. M. H. Tsai, M. H. Wang, W. C. Yang, and C. L. Lei, “Uncovering Internal Threats Based on Open-Source Intelligence.” New Trends in Computer Technologies and Applications: 23rd International Computer Symposium, ICS 2018, Yunlin, Taiwan, pp-20–22, 2018. Springer Singapore.
81. S. R. Vadapalli, G. Hsieh, and K. S. Nauer, “Twitterosint: automated cybersecurity threat intelligence collection and analysis using twitter data.” Proceedings of the International Conference on Security and Management (SAM). 2018 pp. 220-226
82. M. S. Abu, S. R. Selamat, A. Ariffin, and R. Yusof, “Cyber threat intelligence–issue and challenges.” Indonesian Journal of Electrical Engineering and Computer Science. Vol 10, no. 1, pp-371-9. Apr 2018 
83. T. J. Marlin, Detecting Fake News by Combining Cybersecurity, Open-source Intelligence, and Data Science (Master's thesis, Utica College). 2019.
84. J. A. Young, K. N. Campbell, A. N. Fanti, A. Alicea, M. V. Weiss, J. R. Burkhart, and M. R. Braasch, “The development of an open source intelligence gathering exercise for teaching information security & privacy.”
85. Y. Ghazi, Z. Anwar, R. Mumtaz, S. Saleem, and A. Tahir, “A supervised machine learning based approach for automatically extracting high-level threat intelligence from unstructured sources.” International Conference on Frontiers of Information Technology (FIT). 2018 Dec pp. 129-134.
86. J. W. Johnsen, and K. Franke, “The impact of preprocessing in natural language for open source intelligence and criminal investigation.” IEEE International Conference on Big Data (Big Data) 2019 Dec pp. 4248-4254.
87. J. Chae, D. Graham, A. Henderson, M. Matthews, J. Orcutt, M. S. Song, “A system approach for evaluating current and emerging army open-source intelligence tools.” IEEE International Systems Conference (SysCon) 2019 Apr, pp. 1-5.
88. W. Tounsi, and H. Rais, “A survey on technical threat intelligence in the age of sophisticated cyber attacks.” Computers & security. Vol. 1, no. 72, pp-212-33. Jan 2018 
89. L. dall'Acqua, “Scientific Intelligence, Decision Making, and Cyber-Security.” Forecasting and Managing Risk in the Health and Safety Sectors, 2019, pp. 21-51.
90. J. Mtsweni, and M. Mutemwa, “Technical Guidelines for Evaluating and Selecting Data Sources for Cybersecurity Threat Intelligence.” Proceedings of the ECCWS 2019 18th European Conference on Cyber Warfare and Security 2019 Jul 1 pp. 305-313.
91. G. Grossel, A. Lyon, M. Nunn, “Opensource intelligence gathering and openanalysis intelligence for biosecurity.” Invasive Species: Risk Assessment and Management. Vol. 8, pp-84-92. Jun 2017 
92. R. Azevedo, I. Medeiros, and A. Bessani, “PURE: Generating quality threat intelligence by clustering and correlating OSINT.” 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) 2019 Aug pp. 483-490.
93. S. Suriadi, E. Foo, and J. Smith, “Enhancing privacy to defeat open source intelligence.” Automating Open Source Intelligence 2016 Jan pp. 61-78.
94. J. S. Mtsweni, N. A. Shozi, K. Matenche, M. Mutemwa, N. Mkhonto, and J. Jansen van Vuuren, “Development of a semantic-enabled cybersecurity threat intelligence sharing model.”
95. N. Kim, S. Lee, H. Cho, B. I. Kim, and M. Jun, “Design of a cyber threat information collection system for cyber attack correlation.” International Conference on Platform Technology and Service (PlatCon), 2018 Jan pp. 1-6.
96. A. Lyle, “Legal considerations for using open source intelligence in the context of cybercrime and cyberterrorism.” Open Source Intelligence Investigation: From Strategy to Implementation 2017 Jan pp. 277-294.
97. S. A. Sokolov, T. B. Iliev, and I. S. Stoyanov, “Analysis of cybersecurity threats in cloud applications using deep learning techniques.” 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO) 2019 May pp. 441-446.
98. M. Faiella, G. G. Granadillo, I. Medeiros, R. Azevedo, S. G. Zarzosa, “Enriching Threat Intelligence Platforms Capabilities.” ICETE 2019 Jul pp. 37-48.