Within the HIPSTER project, L3CE carried out independent scientific research focused on the analysis of hybrid, information, psychological and influence threats. The result is a structured methodological and analytical foundation framework that combines layered threat analysis, risk indicators, ontology-oriented modelling, future-oriented architecture, and real-user analytical scenarios. These results were designed to support current and emerging needs in OSINT, SocMINT, strategic communication, public safety, defence, and AI-supported security analysis.
DESCRIPTION
The security environment in which public authorities, defence institutions, strategic communication teams, and analytical centres operate is becoming more complex every year. Hybrid threats, information manipulation, psychological influence, coordinated narrative operations, radicalisation dynamics, and hostile ecosystem behaviour rarely appear as isolated signals. Instead, they unfold across platforms, communities, time horizons, and layers of interpretation. This creates a clear need for analytical frameworks that move beyond simple monitoring and towards structured, explainable, multi-layered understanding.
Within the HIPSTER project, L3CE’s role was to produce independent scientific research results that could define how such phenomena should be analysed methodologically and how future systems should be designed to respond to them. The work did not focus on presenting a finished commercial software product, it produced a coherent body of scientific and methodological outputs that can support future technology development, prototyping, validation, and broader public-sector or market-oriented application.The first layer of this work was conceptual and research-oriented. L3CE developed a general research methodology for the analysis of hybrid threats, information operations, and psychological influence phenomena, integrating empirical case reconstruction, comparative assessment of existing solutions, state-of-the-art review, ontological modelling, and indicator-based analytical logic. This created a structured pathway from problem definition to operationally relevant analytical models. Starting with literature review and a state-of-the-art analysis covering OSINT, SocMINT, NLP, hybrid threat intelligence, and AI-enabled analytical approaches. These studies showed that many current solutions remain fragmented: they may be strong in content analytics, monitoring, or platform coverage, but they rarely provide a unified reasoning structure capable of connecting narratives, actors, indicators, behaviour, escalation patterns, and governance implications into a single analytical environment. Farver on L3CE examined historical and contemporary use cases to better understand how hostile information and influence environments evolve in practice. This study provided evidence that effective threat analysis requires more than isolated keyword or sentiment monitoring, – the ability to reconstruct context, detect weak signals, identify behavioural patterns, and link observable activity to broader operational logic. Continuing, L3CE developed a unified reference methodology that integrates technical, informational, cognitive, and governance dimensions into one analytical structure as hybrid threat phenomena often move across these layers: a signal may begin as content, evolve into a narrative, spread through communities, shape perceptions, and eventually influence behaviour, public trust, or institutional resilience. The layered model helps analysts interpret such dynamics in a more coherent and operationally meaningful way. Also, instead of stopping at common analytical features such as sentiment, toxicity, or hate speech detection, the HIPSTER research significantly expanded the indicator logic towards more complex domains. The framework covers ideology-related signals, conspiracy dynamics, fifth-column style activity, radicalisation indicators across different analytical objects, and other phenomena relevant to hostile influence and hybrid operations. Indicators are organised in a structured and implementation-oriented way, including different abstraction levels and system requirements, which makes them suitable not only for conceptual analysis but also for future machine-assisted and human-led analytical workflows.
In parallel, L3CE developed a future-oriented architectural vision for how such analytical capabilities could be embedded into a next-generation system. This included an ontology-driven architecture, logic for indicator-based reasoning, alignment with the JDL data fusion model, and the concept of an analytical co-pilot that would support structured “talk-to-the-data” interaction. The purpose of this work is not to present generic AI enthusiasm, but to define how AI and advanced analytics can be integrated in a controlled, explainable, analyst-centred way. Research also explored how these models relate to operational decision-making environments. Work on MDMP specialist functions and AI integration, as well as the Information Environment Assessment matrix, linked the scientific outputs to real analytical and planning roles in defence and security contexts. This matters because modern analytical systems must serve actual users with different mandates, workflows, and information needs. To support that, L3CE also developed analytical personas describing typical users across law enforcement, military intelligence, strategic communication, counter-intelligence, hybrid threat analysis, and related domains. Together, these outputs help ensure that future implementations remain grounded in realistic operational contexts rather than abstract system design alone.
An important validation-oriented element of the work was the ontology experiment use case. This experimental scenario showed how complex escalation patterns, such as demonisation and hatred escalation in a conflict-related information environment, can be formally represented through ontology classes, behavioural patterns, indicator families, target logic, and queryable analytical structures. The importance of this result lies in its demonstration that qualitative analyst judgement can be translated into a reproducible, machine-assisted semantic structure. That confirms that the HIPSTER research outputs are not only conceptual but also practically actionable as a basis for future analytical systems.
KEY FINDINGS AND RESULTS:
The essence of the HIPSTER results produced by L3CE is the creation of a structured analytical threats and risks indicators model for understanding and modelling complex hybrid, information, psychological and influence threats. Rather than delivering a narrow monitoring tool or a single-purpose technical component, the research produced a reusable package of methodology, indicators, ontological logic, architecture, validation scenarios, and user-oriented analytical models.
- A structured research methodology was developed for analysing hybrid threats, information operations, and psychological influence phenomena.
- A unified layered methodology was created to connect technical, informational, cognitive, and governance dimensions of threat analysis.
- A broad, implementation-oriented risk indicator framework was developed, covering ideology, conspiracy, fifth-column activity, and radicalisation-related patterns.
- Comparative market and state-of-the-art analysis identified major capability gaps in current OSINT, threat intelligence, and hybrid-threat solutions.
- A future-oriented analytical architecture was defined, including ontology-driven reasoning and an AI-assisted analytical co-pilot concept.
- Experimental ontology validation showed that complex hostile information patterns can be represented as formal, queryable analytical structures.
- Analytical personas were developed to connect research outputs with realistic end-user roles across law enforcement, defence, intelligence, and strategic communication.
- An Information Environment Assessment matrix was prepared to align the research with real operational and doctrinal analytical needs.
FILES TO PUBLISH:
State-of-the-Art Review
Description: Summarises the current state of practice and highlights why a more integrated ontology-driven framework is needed.
Market and Solution Analysis
Description: Reviews commercial, institutional, and high-TRL solutions relevant to hybrid threat detection and identifies capability gaps addressed by the HIPSTER research.
Layered Methodology for Hybrid and Information Threat Analysis
Description: Presents the core layered methodology linking technical, informational, cognitive, and governance dimensions in a single analytical framework.
Risk Indicators Framework
Description: Provides a structured risk indicator system for detecting and interpreting complex hostile patterns beyond basic sentiment or hate speech analysis.
Future Analytical Architecture
Description: Outlines the future-oriented architecture of an ontology-driven analytical environment, including the analytical co-pilot concept.
Ontology Validation Use Case
Description: Demonstrates how a complex influence-escalation scenario can be represented through ontology-based analytical logic and queryable structures.
Public label: Analytical Personas
Description: Defines representative user roles and operational scenarios to support user-centred design and practical application of the research outputs.
Information Environment Assessment Matrix
Description: Provides a structured matrix for assessing information environment dynamics, actors, tasks, products, and specialist responsibilities.
TAGS:
Hybrid Threats, Information Threats, Psychological Operations, Influence Operations, OSINT, SocMINT, Strategic Communication, Ontology, Risk Indicators, AI for Security, Information Environment Assessment, Cognitive Defence
