CLERINT Fusion · Case study

Running a cross-agency counter-terror cell fully off-grid

A counter-terrorism task force fused GEOINT, SIGINT, HUMINT and financial intelligence from six agencies into one air-gapped knowledge graph — resolved a cell, surfaced its broker, scored the threat on transparent factors, and caught the moment the network reactivated. Not a single byte left the enclave.

0 bytes
Left the perimeter — fully air-gapped deployment
78/100
Threat score on the reactivated broker, fully auditable
6
Agencies fused into one shared operating picture

Background

Counter-terrorism is a fusion problem before it is anything else. The signal that matters almost never lives inside one discipline: it is the location that ties a phone to a face, the transaction that links a report to a vehicle, the pattern that connects a dormant contact to a live one. Each agency holds a fragment; none holds the picture.

The work also carries a constraint most software ignores: at this classification, the data can never touch the internet. Any capability has to run inside a sealed enclave, with no outbound connection of any kind — including for its AI. That single requirement disqualifies the majority of modern tooling before the work even begins.

The challenge

A counter-terrorism task force drew on six agencies, each holding a fragment of the picture in a system that did not talk to the others. The connections that mattered — between a phone, a face, a payment and a place — were buried across the silos, and no one had authority or ability to see them all at once.

The environment was air-gapped by mandate. Whatever tool did the work had to operate entirely offline, with no outbound connection, including for classification, summarisation and scoring.

And it had to be fast. An intelligence picture assembled after the operational window has closed is a history lesson. The task force needed to move from six data sources to one defensible assessment while there was still a decision to make.

Six agencies' intelligence — GEOINT, SIGINT, HUMINT and financial — fused into one knowledge graph, entirely inside the air gap.

The approach

  • Deployed CLERINT Fusion as a one-command offline installation inside the enclave — local model, offline map tiles, no outbound network — so the exact product the team had evaluated in the cloud ran fully isolated, with no reduction in capability.
  • Ingested every source type from the six agencies — call-detail and IPDR records, financial trails, field reports, vehicle and location data — and resolved them into one knowledge graph of people, places, events and communications.
  • Ran nexus analysis to find the shortest paths between subjects and, through centrality, to surface the broker connecting two otherwise-separate groups that neither agency had linked.
  • Flagged a data gap — a missing communications link the pattern expected but the records did not show — and turned it into a concrete collection task routed to the agency that could close it.
  • Computed a 0–100 threat score from the seven weighted, transparent factors, with the full evidence trail attached, so the assessment stood up to command and to oversight alike.
Everything ran inside the vault. We got a cross-agency picture we had never had before, and not one byte left the room to get it.Task-force lead
A 0–100 threat score built from seven weighted factors — every one visible, weighted and traceable to its evidence.

The outcome

For the first time, the six agencies shared a single operating picture. The graph surfaced the broker at the centre of the cell and, when a dormant sub-network resumed contact, the intelligence layer flagged the reactivation and projected the likely next event with a confidence score.

The task force acted inside the operational window on a defensible, 0–100 threat score — 78 on the reactivated broker — with the full evidence trail behind it, so the decision could be explained to command and to oversight.

Every step of that analysis was computed and stored inside the air-gapped enclave. The capability the team gained came with no compromise to the perimeter they were required to hold — the deployment tier was a configuration choice, not a different, weaker product.

Results

  • Six agencies' data fused into one operating picture, entirely offline.
  • A dormant cell's reactivation caught early, with a projected next event.
  • A defensible 78/100 threat score with a complete evidence trail.
  • Zero data egress — the full workflow ran inside the air gap.

Why it matters

The lesson is that sovereignty and capability are not a trade-off. The same fusion, nexus analysis and scoring ran offline as would have run in the cloud — the air gap cost the team nothing but the network.

Reactivation analysis is the quiet hero here. A network that goes dark and lights up again is often the most important thing to catch, and it is invisible to anyone looking at a single moment rather than the shape of the graph over time.

FusionCounter-terrorAir-gappedThreat scoring
Inside the investigation

A frame from the board.

CLERINT FUSION · Case FU-0447 · Air-gappedOffline enclave
brokersubj-Acell-3cell-6subj-Bveh-22cell-11comms-4reactivated
Threat assessment
78/100High
Criminal history
Network position
Activity recency
Comms patterns
Financial
Geographic
Intel flags
Agencies 6Egress 0 bytesScore 78/100Deploy Air-gapped
A frame from the Fusion console: a 78/100 threat score built from seven weighted, auditable factors — computed entirely inside the air gap.

Run CLERINT Fusion against your case.

Bring a real problem to a guided walkthrough — sourced, defensible, and inside your perimeter.