Dr Dennis Desmond

Cyber Threat Intelligence (CTI) is conventionally understood as a defensive capability focused on detecting, analysing, and mitigating adversary activity. This framing is increasingly insufficient in an operational environment characterised by adaptive threat actors, decentralised cybercriminal ecosystems, and the convergence of cyber operations with information and influence activities.

This presentation provides a formal conceptualisation of Offensive Cyber Threat Intelligence (OCTI) as a distinct intelligence discipline operating at the intersection of Offensive Cyber Operations (OCO) and Offensive Counterintelligence (OFCO).

Drawing on doctrinal sources, academic literature, and emerging technical research, including deception-based CTI architectures and agent-based adversarial models, this presentation describes a study proposing a Tradecraft–Intent–Target framework to differentiate OCTI from adjacent domains. The analysis demonstrates that OCTI is best understood as the application of counterintelligence logic within cyber-mediated environments to actively engage, manipulate, and exploit adversary ecosystems.

The presentation further identifies conceptual ambiguities in existing literature, particularly the conflation of intelligence-driven engagement with effects-based cyber operations, and evaluates the legal, ethical, and strategic implications of offensive intelligence practices. The findings provide a structured foundation for future research and operational doctrine development in intelligence-led cyber operations.