Why Digital Intelligence Now Shapes National Event Security

Republic Day 2026 concluded without disruption, but behind the scenes, security planners are reassessing how threats are identified and neutralised in an increasingly digital-first world. While physical deployments remain essential, experts say the earliest indicators of modern threats now emerge online, often weeks before they materialise on the ground.

To understand how India is adapting to this shift, CiOL spoke with Kaushal Bheda, Director, Pelorus Technology, on the evolving role of OSINT, cyber threat intelligence, and AI-led forensics in national security preparedness.

Bheda discussed India’s strengths in intelligence collection, shaped by a challenging geopolitical environment, while also pointing to structural blind spots created by siloed data systems. He explained why real-time fusion of OSINT, cyber intelligence, and digital forensics remains difficult, and why on-ground action, not intelligence alone, ultimately prevents incidents.

The conversation also explored the growing risks posed by deepfakes and synthetic media during live national moments, the fine line between democratic dissent and coordinated influence operations, and why AI-driven forensics must remain a decision-support tool rather than a legal authority. According to Bheda, embedding digital intelligence into traditional policing and emergency response, without over-centralising systems, is critical to building a resilient national security framework.

Interview Excerpts:

As national security planning increasingly shifts into the digital realm, what are the earliest online indicators that typically precede physical-world threats around high-visibility events like Republic Day?

Answer: Even before the internet era, in the months leading up to the tragic 9/11 attacks in the US, intelligence agencies were picking up telephonic chatter that indicated a conspiracy. Whether it’s the 9/11 or 26/11 attacks in India, there are almost always a few stray leads which are difficult to organise and analyse. It results in a lack of actionable intelligence on date, time and method. Whether high-visibility events like Republic Day or high-security areas like vital military installations, the earliest online indicators are subtle and can easily be misconstrued as innocent chatter. There is usually no explicit threat over the phone, email or online platforms. Reconnaissance chatter and coordinated low signal activities signal that something is brewing in the physical world. Symbolic dates, speaking in codewords, bulk account creation or identical phrasing can indicate to a trained eye that a threat is on the horizon. National security planning is about collating the subtle cues and forming a big-picture analysis of what the threat points to.

How mature is India’s current capability to fuse OSINT, cyber threat intelligence, and digital forensics into real-time decision-making for event security, and where do the biggest blind spots still exist?

India’s current capability to fuse OSINT, cyber threat intelligence and digital forensics is mature because of an adversarial neighbourhood that necessitates state-of-the-art intelligence gathering and analysis along with cyber deterrence. The success was visible when India prevented a major catastrophe in the recent Delhi car blast. India collects intelligence well, but siloed capabilities across OSINT, cyber intel and telecom data limit the ability for real-time fusion that can trigger a field-level action immediately. Digital intelligence rarely results in direct actionable input, but it’s action on the ground that prevents a tragedy.

With misinformation, deepfakes, and synthetic media becoming more sophisticated, how realistic is real-time detection during live national moments, and what trade-offs exist between speed, accuracy, and false positives?

Real-time detection during live events like the Republic Day Parade, the Independence Day speech and the PM’s address to the nation is realistic and important to prevent misinformation. In times of national crisis, the adversary may fuel a deepfake war to create internal chaos. A real-time detection ecosystem penetrating mainstream media and social media platforms can prevent deepfake attacks from turning into mass psychosis. A smart approach with frequency-based sampling and faster detection is a net positive because the stakes are high, especially in conflict zones and sensitive border areas.

From an intelligence perspective, how should agencies distinguish between legitimate online dissent, coordinated influence operations, and genuine threat vectors without overreaching into surveillance?

It’s a tricky situation in any democracy because the line between legitimate online dissent and a coordinated influence operation to subvert a country is very thin. Often, the terror sympathisers, Naxalites and extremist activities cloak themselves under the garb of democratic institutions to achieve their anti-democratic goals. Intelligence agencies have a tough job of synthesising unless the influence operations are synchronised with those of banned organisations or foreign terror groups. Genuine threat vectors like independently operating organisations without foreign funding or support are harder to charge without being accused of overreach. I think the key distinguishing element should be the source of resources, the coordination with non-state actors and the content of the narrative. As long as an action and funding aren’t planned and executed from overseas and the content isn’t threatening Indian geopolitical interests or sovereignty, it is within the norms of democracy.

As AI-driven forensic tools become central to early-warning systems, what governance frameworks are needed to ensure evidentiary integrity, auditability, and legal admissibility in high-stakes security scenarios?

AI intelligence will fail in court unless there are end-to-end audit logs and a chain of custody of the evidence being presented. Integrity of the data and legal admissibility is key in high-stakes security scenarios involving Indian citizens because the state and the court system have a duty to ensure no innocent person is punished unfairly. AI must remain an early-warning system for decision support rather than being an authority that governs the outcome.

Looking ahead, should early digital intelligence be treated as a standalone national security function or embedded deeply into traditional policing, intelligence, and emergency response structures, and what risks emerge if this integration is delayed?

Digital intelligence shouldn’t be treated as a standalone national security function because in the real world, standalone units fail. Embedded intelligence wins because of its ability to bring disparate elements together in ensuring a timely emergency response. If the integration is complete, it poses a centralisation risk where vulnerability in one system can be exploited to breach the entire structure. It’s risky if one software glitch can bring down the entire national security framework. It’s riskier if integration is delayed because intelligence should be quickly passed down the hierarchy on a need-to-know basis so that productive countermeasures can be taken. There should be higher integration in routine low-impact activities like policing, while sensitive national security functions should have multiple nodes that keep the overall structure intact even when facing cyber threats.