Open source intelligence (OSINT) is freely and publicly available information, such as social media profiles, company websites, and news articles, that adversaries gather during the reconnaissance phase of a cyberattack to learn about a target before striking.
Open source intelligence (OSINT) is information anyone can find without breaking into anything. Think social media profiles, public company directories, job postings, news articles, and website footers. None of it is stolen or hacked. It's just sitting out in the open.
In AP Cybersecurity, OSINT lives in the reconnaissance phase of a cyberattack (EK 2.1.C.2). Before an adversary tries to break in, they scope out the target. They figure out who works there, what the network looks like, and which people might be easy to trick. OSINT is the quiet, legal first move that makes the loud, illegal moves later much easier.
OSINT shows up in Unit 2: Securing Spaces, under topic 2.1 Cyber Foundations. It directly supports learning objective AP Cybersecurity 2.1.C, which asks you to describe the phases of a cyberattack. OSINT is the engine of the very first phase, reconnaissance (EK 2.1.C.2). It also connects backward to AP Cybersecurity 2.1.A on social engineering, because the personal details an attacker scrapes through OSINT are exactly what they use to build a believable pretext. If you understand OSINT, you understand why a cyberattack so often starts not with code, but with a Google search.
Keep studying AP Cybersecurity Unit 2
Visual cheatsheet
view gallerySocial Engineering and Pretexting (Unit 2)
OSINT is the ammo; social engineering is the gun. An attacker scrapes your job title and coworkers' names off LinkedIn (OSINT), then uses those details to craft a believable pretext (EK 2.1.A.2) so a phishing email feels legit.
Phases of a Cyberattack (Unit 2)
OSINT belongs to reconnaissance, the first of six attack phases (EK 2.1.C.1). Everything after it, like initial access and lateral movement, gets easier when the attacker already knows the layout from public info.
Likelihood in Risk Assessment (Unit 2)
The more an organization exposes publicly, the more OSINT an attacker can collect, which raises the likelihood that a vulnerability gets exploited (EK 2.1.D.4). Minimizing your public footprint is a real way to lower risk.
Types of Adversaries (Unit 2)
Even low-skilled script kiddies (EK 2.1.B.1) can run OSINT, because it needs no special tools. That's exactly why it's so common: anyone can do it, and it's not illegal to look.
Expect OSINT on multiple-choice questions that describe an attacker doing something passive and public, then ask you to name it. Watch for stems like "an attacker searches public databases, reviews company websites, and examines social media profiles to learn about the target." The correct answers are usually "reconnaissance" (the phase) or "open source intelligence" (the technique). The trap is picking a later attack phase, so anchor on the word "publicly available." If the info was free to find and the attacker hasn't broken in yet, it's OSINT during reconnaissance.
Reconnaissance is the phase (the WHEN). Open source intelligence is one method used during that phase (the HOW). All OSINT happens during reconnaissance, but reconnaissance can also include other information-gathering methods. If a question asks for a phase, answer reconnaissance; if it asks what kind of information the attacker collected, answer OSINT.
Open source intelligence (OSINT) is freely and publicly available information, never anything stolen or hacked.
OSINT happens during the reconnaissance phase, the first phase of a cyberattack (EK 2.1.C.2).
Attackers feed OSINT into social engineering, using your public details to build believable pretexts.
Because OSINT requires no special tools, even low-skilled adversaries like script kiddies can use it.
Limiting an organization's public footprint lowers the likelihood that a vulnerability gets exploited.
It's freely and publicly available information, like social media, company websites, and news articles, that an adversary gathers during the reconnaissance phase to learn about a target before attacking (EK 2.1.C.2).
No. By definition OSINT is public, so simply looking at it isn't hacking and isn't a crime. The illegal part comes later, when the attacker uses that information to break in or trick someone.
Reconnaissance is the attack phase (the first one), and OSINT is a method used inside that phase. Think of reconnaissance as the chapter and OSINT as one of the techniques in it.
Employee LinkedIn profiles, company website directories, job postings that reveal what software a company runs, news articles, and public databases. All of it is free to find.
The personal details an attacker scrapes through OSINT become the believable backstory for a pretext (EK 2.1.A.2). Knowing your manager's name and your project makes a fake email far more convincing.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.