Cyber intelligence rarely evolves through consensus. Real transformation begins at the margins — among analysts who quietly recognize the limitations of their tools, or within small engineering teams who see the fault lines long before the rest of the industry notices. For years, those insiders understood a truth the OSINT world seemed unwilling to confront: the individuals who pose the greatest long-term risks almost never reveal themselves through explicit signals. They don’t broadcast. They drift. Slowly. Subtly. The real “signature” of emerging risk is not a keyword or a flagged post, but the gradual erosion of coherence inside someone’s digital behavior. That long-horizon drift is the foundation of what intelligence practitioners call soft-signal intelligence, a discipline long discussed behind closed doors and now emerging as operational technology.
One of the most compelling attempts to industrialize this idea comes from a small two-year-old company operating between Tel Aviv and London: RealEye.ai. On paper, RealEye looks too early, too lean, and too underfunded to threaten legacy vendors. Yet structurally, its trajectory mirrors a pattern intelligence veterans know well. Before Palantir became a geopolitical instrument, it was a contrarian outsider — born inside the intelligence community, backed by a government-linked innovation arm, ignored by markets, embraced quietly by analysts. RealEye is not Palantir. But the rhyming architecture is unmistakable: an intelligence-native origin, early traction within agencies, support from a state-affiliated innovation program, and a willingness to challenge OSINT orthodoxy. If the next Palantir is going to ignite somewhere unexpected, Tel Aviv — with its dense national-security DNA — is one of the few plausible ignition points. And RealEye is among the rare early-stage ventures aligned with that archetype.
Where RealEye diverges sharply from legacy OSINT vendors is in its rejection of surveillance as the foundation of modern threat detection. Traditional systems still assume risk reveals itself in explicit artifacts — suspicious posts, metadata anomalies, flagged keywords. But the modern threat landscape does not behave that way. Individuals with intent adapt, sanitize, camouflage, and mimic normalcy. Their signals appear not in headlines but in micro-patterns: emotional oscillation, tightening ideological tone, narrative contradiction, shifts in worldview cadence. These soft signals rarely trigger legacy detectors, but they are the earliest indicators of escalation. RealEye’s core platform, Fortress, is engineered precisely to read these underlying evolutions.
Kevin Cohen, RealEye’s CEO and founder, expresses the paradigm shift with a clarity that functions almost as a thesis statement for the next era of intelligence:
“Surveillance shows you what a person did. Soft-signal intelligence shows you who they’re becoming. That difference is everything.”
Fortress does not care about a user’s volume of posts. It cares about the direction of their identity — how their worldview, temperament, ideology, and emotional behavior shift across months or years.
To operationalize this, RealEye built SAMS — Semi-Active Monitoring Systems. Rather than scraping everything continuously and overwhelming analysts, SAMS remains dormant unless a person begins to drift off baseline. Most digital identities remain stable; those who don’t leave faint but measurable traces. When a persona’s emotional, linguistic, or ideological patterns begin to shift, SAMS activates not to collect more, but to interpret more deeply. It approaches individuals as narratives — long arcs whose deviations matter far more than their raw content.
Cohen frames the dysfunction in the current intelligence ecosystem succinctly:
“Agencies aren’t drowning in threat; they’re drowning in noise. The real crisis isn’t data shortage — it’s meaning shortage.”
That meaning lies in the trajectory of identity — not in isolated posts. And that trajectory manifests through sentiment, language, worldview, and even the person’s relationship to geopolitical events. Soft signals surface when individuals reinterpret the world around them: shifts in tone toward political actors, conflicts, ideological movements, or polarizing events. Fortress monitors these changes with the same precision it applies to linguistic cadence or emotional volatility. The system examines how a person’s attitudes toward geopolitical tensions evolve — whether their moral framing hardens, whether sympathy toward certain factions intensifies, whether commentary on conflicts becomes more absolutist, or whether their worldview begins orbiting extreme religious interpretations or radical belief systems. These subtle, cumulative changes in worldview and attitude often precede explicit behavior by months or years. By reading the evolution of sentiment rather than the surface of statements, RealEye can surface anomalies long before legacy OSINT tools realize a shift has occurred.
Soft signals also reveal themselves through affiliations and associations — the digital company a person keeps, the ideological ecosystems they drift toward, the communities they begin orbiting. Fortress reads affiliation as a dynamic construct, mapping how individuals reposition themselves within networks, movements, or ideological groupings. The direction of association — not the mere presence of it — often exposes risk patterns invisible to traditional systems.
Hard identifiers, by contrast, are trivial to mask. Devices can be rotated. Metadata spoofed. VPNs abused. Histories disinfected. But identity drift leaks through narrative, tone, and sentiment. Fortress is designed to detect the cracks before the collapse.
RealEye’s use of large language models differs fundamentally from Silicon Valley’s chatbot paradigm. Fortress uses LLMs as analytical readers, not conversational layers. The system instructs the model to compare who a person appears to be today with who they were months or years ago — probing inconsistencies, emotional deviations, ideological shifts. It is trained not on generic internet text but on intelligence heuristics. The output resembles the beginning of an analyst brief, not a timestamped scan.
This interpretive clarity is exactly what national-security units lack today. Collection is abundant; comprehension is scarce. Intelligence units do not need more data — they need tools capable of identifying which individuals are quietly trending into high-risk trajectories.
Cohen distills the intelligence truth at the core of RealEye’s thesis:
“People can hide metadata, rotate devices, delete posts. But they can’t hide narrative drift. Identity cracks before it collapses, and that crack is what Fortress is built to detect.”
That line captures the essence of soft-signal intelligence: intent reveals itself in narrative before it reveals itself in action.
RealEye’s early adoption pattern reinforces the Palantir parallel — not in scale, but in sequence. The company emerged from within the intelligence community, not the startup world. Its first traction was with government agencies. Its early funding came from a state-affiliated innovation program focused on homeland-security capabilities. This is precisely the phase Palantir once occupied — pre-scale, pre-commercial, solving problems legacy vendors ignored.
That relevance is already appearing publicly. A recent New York Post investigation — “Robots to AI: The Technology Behind Trump’s Plan to Seal the Southern Border” — examined the new generation of homeland-security technologies and referenced RealEye’s growing role in long-horizon behavioral assessment and transnational threat detection.
Cohen is clear-eyed about RealEye’s stage:
“We’re not trying to imitate Palantir’s scale. We’re playing the stage before scale exists — the stage where clarity beats volume and precision outperforms brute force.”
Soft-signal intelligence is not a product category — it is a reorientation of the discipline. It argues that the decisive risk indicators of the next decade will come from identity evolution, ideological drift, network realignment, sentiment arcs, and worldview shifts — not from scraping deeper or surveilling more aggressively. It aligns with democratic constraints: Fortress never intrudes on private data, never hacks, never intercepts. It analyzes only what individuals willingly publish — and interprets its evolution rather than its volume.
:::info
This article is published under HackerNoon’s Business Blogging program.
:::
