# Grayline Intelligence — Gray Zone Threat Intelligence Platform

> Structured OSINT dataset tracking threats to U.S. interests arising from geopolitical escalation and gray zone activity. **Grayline Intelligence** is a product of Spectra Intel Group (SIG).

## About

Grayline Intelligence identifies, classifies, and analyzes threats to U.S. interests through systematic OSINT monitoring, AI-assisted extraction, and analyst-reviewed classification. Source articles are submitted as URLs; a large language model extracts structured data fields; records are stored in a relational database and displayed publicly.

**Organization:** Spectra Intel Group
**Contact:** [pending]
**Data access:** Public (read). Write access requires authentication.

## Pages

- [https://graylineintel.com/tracker/](Incident database) — Full list of tracked incidents with structured attributes, source links, and confidence scores.
- [https://graylineintel.com/tracker/map/](Map & Analysis) — Interactive Leaflet map of geocoded incidents and AI-generated pattern analysis (geographic clustering, ideology, methods).
- [https://graylineintel.com/tracker/methodology/](Methodology) — How incidents are identified, extracted, classified, and documented.

## Data API

The incident database is available as a machine-readable JSON endpoint:

**GET** `https://graylineintel.com/tracker/api/entries/`

Returns a JSON array of all incidents with confirmed geocoordinates. Each object includes:

```json
{
  "id": 1,
  "name": "Short descriptive incident name",
  "date": "YYYY-MM-DD",
  "location": "City, State",
  "method": "Primary attack method",
  "threat_type": "terrorism | criminal | hybrid | unknown",
  "classification": "Confirmed | Under Investigation | Thwarted",
  "killed": 0,
  "injured": 0,
  "intent": "mass_casualty | targeted | symbolic | unknown",
  "confidence": 0.85,
  "lat": 32.7767,
  "lng": -96.7970,
  "threat_level": "CRITICAL | HIGH | MEDIUM | LOW"
}
```

**Threat level logic:**
- CRITICAL: confidence ≥ 0.92 AND intent = mass_casualty
- HIGH: confidence ≥ 0.80 OR intent = mass_casualty
- MEDIUM: confidence ≥ 0.60
- LOW: all other cases

## Data Schema

Each incident record includes the following fields:

| Field | Type | Description |
|-------|------|-------------|
| date | ISO 8601 date | Date of the incident or disruption |
| name | string | Concise descriptive label (max 80 chars) |
| location | string | City, State — specific venue if known |
| method | string | Primary attack method |
| attribution | string | Ideological group or affiliation |
| classification | enum | Confirmed / Under Investigation / Thwarted |
| killed | integer | Confirmed fatalities |
| injured | integer | Confirmed injuries |
| source_type | enum | Government / Media / Government + Media / Academic |
| threat_type | enum | terrorism / criminal / hybrid / unknown |
| target_type | enum | crowd / campus / religious / government / infrastructure / commercial / residential |
| intent | enum | mass_casualty / targeted / symbolic / unknown |
| success | enum | completed / failed / thwarted / unknown |
| confidence | float 0–1 | Source quality score |
| notes | string[] | Key factual points from source |
| sources | object[] | Source URLs with labels |
| lat / lng | float | Decimal-degree coordinates |

## Methodology Notes

- All data is OSINT-derived. Records should be treated as open-source research, not finished intelligence assessments.
- Confidence scores reflect source quality (government press releases → ~0.90+, single media outlets → 0.60–0.84).
- Attribution reflects open-source reporting only. Legal conclusions may change as investigations develop.
- Pattern analysis is regenerated by an LLM after every database write.