How Early Digital Intelligence Is Reshaping National Event Security

Republic Day 2026 concluded without disruption, but security planners are quietly re-examining how threats are detected and addressed in an increasingly networked environment. While physical deployments and ground-level vigilance remain central to event security, experts say early warning signals today can surface both online and on the ground, often well before an incident materialises.

From low-visibility social media chatter and coordinated online activity to reconnaissance inputs and human intelligence, early indicators of real-world threats now span multiple domains. When high-profile events such as Republic Day pass without incident, it does not imply reduced risk but reflects how timely intelligence, combined with rapid on-ground response, can help disrupt threats before they escalate.

To understand how India is adapting to this evolving threat landscape, CiOL spoke with Kaushal Bheda, Director at Pelorus Technology, on the role of OSINT, cyber threat intelligence, and AI-led forensics in national security preparedness.

Bheda highlighted India’s strengths in intelligence collection, shaped by a complex geopolitical environment, while also pointing to structural blind spots created by siloed systems and limited real-time fusion. He emphasised that intelligence alone does not prevent incidents; effective outcomes depend on how quickly insights are translated into action at the operational edge.

The conversation also explored the growing risks posed by deepfakes and synthetic media during live national moments, the challenge of distinguishing democratic dissent from coordinated influence operations, and why AI-driven forensics must remain a decision-support capability rather than a legal authority. According to Bheda, embedding digital intelligence across traditional policing and emergency response—without over-centralising systems—is key to building a resilient national security framework

Interview Excerpts:

As national security planning increasingly shifts into the digital realm, what are the earliest online indicators that typically precede physical-world threats around high-visibility events like Republic Day?

Approximately three weeks before the Red Fort terror blast, physical posters attributed to Jaish-e-Mohammed appeared in Bunpora and Nowgam and led investigators to a broader terror module linked to the Delhi blast. Follow-up vigilance and investigation based on these early indicators helped disrupt further planning and prevented a potentially larger tragedy. In the 2019 Christchurch shootings, the attacker posted a detailed manifesto online and live-streamed the event.

Early indicators may surface on the ground or online. On the ground, these can include reconnaissance activity or HUMINT inputs. Online, they can include hostile chatter or propaganda releases. However, the absence of visible indicators is not treated as an absence of threat. Security planning for high-visibility events such as Republic Day is based on the working assumption that adversaries already have the intent and capability to carry out an attack.

How mature is India’s current capability to fuse OSINT, cyber threat intelligence, and digital forensics into real-time decision-making for event security, and where do the biggest blind spots still exist?

India possesses mature capabilities in digital forensics at both technical and human levels. However, the critical challenge lies in intelligence fusion across tools. Specifically, integrating digital indicators from individual sources into a cohesive strategic picture remains an area for improvement.

With misinformation, deepfakes, and synthetic media becoming more sophisticated, how realistic is real-time detection during live national moments, and what trade-offs exist between speed, accuracy, and false positives?

Full real-time forensic certainty during live national events is operationally impractical. The realistic objective is fast detection and faster response. India already demonstrates this approach effectively. Automated tools can flag suspected deepfakes and coordinated misinformation quickly based on media artefacts, source inconsistencies, and propaganda spread patterns. Agencies such as PIB Fact Check respond rapidly with clarifications and counter-narratives.

From an intelligence perspective, how should agencies distinguish between legitimate online dissent, coordinated influence operations, and genuine threat vectors without overreaching into surveillance?

In general, Indian law enforcement agencies operate strictly within the framework of law, with defined legal powers, approvals, and oversight mechanisms. Operationally, agencies do not have the bandwidth or mandate for indiscriminate monitoring at population scale, and India is not structured as a mass-surveillance model like some other countries.

Narratives alleging surveillance overreach are often part of adversarial disinformation operations. Such narratives are designed to weaken confidence in lawful security processes, discourage public cooperation, and create friction around legitimate intelligence work.

As AI-driven forensic tools become central to early-warning systems, what governance frameworks are needed to ensure evidentiary integrity, auditability, and legal admissibility in high-stakes security scenarios?

We already have a strong governance foundation. The Bharatiya Nyaya Sanhita, Bharatiya Nagarik Suraksha Sanhita, and Bharatiya Sakshya Adhiniyam clearly define evidentiary standards, chain of custody, and admissibility for digital evidence. We do not need new frameworks for these tools. It is the other way around: AI tools must align with our systems through documented models, reproducible outputs, and complete audit trails. The technology must conform to existing legal processes rather than creating new ones.

Looking ahead, should early digital intelligence be treated as a standalone national security function or embedded deeply into traditional policing, intelligence, and emergency response structures, and what risks emerge if this integration is delayed?

Digital intelligence should be embedded across the length and breadth of law enforcement, not treated as a standalone function. Its value lies in being available at the operational edge, where preventive action actually happens. For example, a beat constable could benefit from a simple app that provides real-time social media or threat alerts specific to his patrol area.

If digital intelligence remains centralised and disconnected from ground-level operations, response suffers from delay. This creates latency in decision-making and keeps security posture reactive instead of preventive.