Nonprofits serving weak populations sit on the uncomfortable intersection of delicate knowledge, international publicity and restricted safety sources.
Geneva-based Defend.ngo, previously the CyberPeace Institute, helps nonprofit and nongovernmental organizations (NGOs) navigate these challenges with free cybersecurity help. To satisfy its mission, Defend.ngo, itself a nonprofit, should regularly determine and analyze the threats that concentrate on its almost 700 member organizations — far simpler stated than achieved.
The issue: When handbook monitoring is not sufficient
When Defend.ngo began in 2018, its cybersecurity analysts relied on open supply intelligence abilities to trace publicly reported cyberattacks towards the nonprofits in its community. The method concerned manually checking information shops, darkish net boards, social media and different sources.
“Many [NGOs] have a smaller digital footprint,” stated Miles Collins, a cyberthreat analyst at Defend.ngo. “This may make it tougher to detect whether or not they have been focused and to collect sufficient proof for technical attribution.”
With no unified view of the menace panorama dealing with NGOs and different civil society organizations, the work was time-consuming, inconsistent and unwieldy. The outcomes additionally failed to provide Defend.ngo analysts the real-time insights they wanted to correctly analyze and prioritize rising and ongoing safety threats. The size of Defend.ngo’s monitoring actions compounded the problem, with a whole bunch of member organizations spanning completely different areas, sectors and working environments.
These challenges however, it was important that analysts detect assaults shortly and constantly, each for instantly affected organizations and their friends. A menace surfacing in a single nook of the Defend.ngo community may have implications for numerous different NGOs. Plus, any missed or delayed detections may create gaps within the public information upon which researchers and policymakers rely.
By March 2025, Defend.ngo analysts had manually documented greater than 295,000 threats, 760 vulnerabilities and 1,100 distinct assaults on NGOs — and the menace panorama was solely worsening.
The repair: AI joins the trigger
Across the identical time, Defend.ngo turned to AI to help the efforts of its human analysts. The group deployed Dataminr’s AI-powered menace intelligence platform, which has the next capabilities.
Aggregates data from various sources throughout the general public, deep and darkish net, together with authorities advisories, social media, cyber menace boards, darkish net boards, information shops, vulnerability disclosures, breach experiences and menace intelligence feeds.
Ingests and analyzes textual content, code, picture and video knowledge.
Makes use of agentic AI and huge language fashions to autonomously analyze, enrich and contextualize knowledge. The AI brokers summarize incidents; correlate adversarial exercise; determine patterns; and map relationships between cyber incidents, menace actors and focused organizations.
Presents deduped, structured and contextualized intelligence alerts and briefs to human analysts in actual time. Alerts embody detailed supply attribution, screenshots and background on menace actors concerned.
Based on Collins, he and his fellow analysts at Defend.ngo overview and confirm all AI-driven alert and intelligence knowledge, making certain its accuracy and reliability earlier than figuring out subsequent steps.
“Human analysts are nonetheless required relating to judging whether or not these claims are credible or not,” Collins added. “As a part of our methodological course of, we at all times have an analyst reviewing AI output.”
Human analysts are nonetheless required relating to judging whether or not these claims are credible or not. Miles CollinsCyber menace analyst, Defend.ngo
Along with supercharging cyberattack and menace monitoring for Defend.ngo’s consumer organizations, Dataminr’s AI menace intelligence know-how informs the nonprofit’s Cyber Tracer. The general public platform tracks vulnerabilities, threats and assaults related to civil society organizations and helps ongoing analysis on conflict-zone cyberactivity, together with the Russia-Ukraine warfare. NGOs, policymakers and researchers can use Cyber Tracer — which additionally contains structured, domain-specific knowledge from third-party companions Cloudflare, Bitsight and Kaduu — to higher mitigate threat and enhance cyber resilience.
The outcomes: Consolidated and contextualized menace intelligence knowledge
At Defend.ngo, Collins stated the core operational good thing about agentic AI menace intelligence has been the consolidation of various and far-flung occasion, menace and threat knowledge. A single, deduped and contextualized feed means analysts spend much less time amassing and organizing data and extra time analyzing and prioritizing it.
AI-driven monitoring additionally extends protection into channels that analysts at resource-constrained organizations hardly ever have the capability to look at constantly, corresponding to darkish net boards the place ransomware teams publish claims towards victims that may not seem in typical information sources.
The primary alert on an exfiltrated database
The agentic menace intelligence workflow was initially examined throughout an incident involving a nonprofit in Defend.ngo’s The Builders program, a matchmaking initiative that connects company cybersecurity volunteers with NGOs that want help.
On this occasion, a menace actor claimed to have exfiltrated knowledge from the group’s surroundings and printed a pattern of the database on-line. Dataminr surfaced the alert earlier than Defend.ngo volunteer analysts recognized it by way of another channel, Collins stated, enabling them to shortly contact the group with remediation help.
So far, Defend.ngo has recorded greater than 878,000 threats, detected 1,084 vulnerabilities throughout NGOs, recognized greater than 2,000 assaults, quarantined greater than 560,000 phishing emails and detected greater than 315,000 uncovered credentials.
A caveat: AI will not make up for poor cybersecurity hygiene
Regardless of Defend.ngo’s constructive expertise with the AI menace intelligence platform, Collins warned that smaller organizations with out devoted safety features usually lack the baseline controls that make such monitoring instruments helpful within the first place.
Organizations with out in-house safety workers ought to focus first on the fundamentals — MFA, VPNs, sturdy password administration and software program updates. “Keep away from getting any advanced instruments earlier than the foundational operational safety is in place,” he stated.
As soon as that basis exists, AI instruments change into a sensible possibility. For resource-constrained groups, nevertheless, the chance then turns into treating AI as an alternative to human reasoning, perception and judgment, and the self-discipline that makes such instruments significant.
“It’s at all times vital to needless to say AI could make errors and once more, primary safety practices stay an important to implement,” Collins stated.
Sean Michael Kerner is an IT advisor, know-how fanatic and tinkerer. He has pulled Token Ring, configured NetWare and been recognized to compile his personal Linux kernel. He consults with business and media organizations on know-how points.
![How creators and entrepreneurs are utilizing AI to hurry up & succeed [data]](https://blog.aimactgrow.com/wp-content/uploads/2025/06/Untitled20design-Apr-07-2023-08-24-35-4586-PM-120x86.png)
