Random but Memorable Everything you need to know about OSINT with Kolina Koltai from Bellingcat
18 snips
Mar 3, 2026 Kolina Koltai, an investigator at Bellingcat who tracks disinformation and online scams. She explains OSINT as digital detective work using maps, social media, and public records. Conversation covers geolocation tricks, underused sources and tools, how scammers leave traceable breadcrumbs, and spotting AI-generated profiles and influencer scams.
AI Snips
Chapters
Transcript
Episode notes
Agent Skills Can Become An Attack Surface
- OpenClaw skills are often simple markdown files but can embed executable scripts, meaning community skills may bypass structured safety protocols.
- That design makes agent skills both powerful and a potential new attack surface for privilege misuse or malicious workflows.
Scope Agent Permissions And Log Actions
- Demand clear permissioning, scoped credentials, and visibility before granting AI agents access to apps or calendars.
- Limit tokens and require strong authentication and audit logs to reduce blast radius when agents act on your behalf.
OSINT Is Public Clues Stitched Into Evidence
- OSINT means collecting and analysing publicly available information to understand people, organisations, or events without hacking.
- Sources include social posts, public records, breach data, metadata, maps and news—small clues stitched together reveal bigger truths.