Encrypted Instant Messaging Intelligence at Scale
IRIS (Instant-Messaging Reconnaissance and Intelligence System) monitors WhatsApp, Telegram, Signal, Discord, and other encrypted platforms using Virtual HUMINT™ avatars with zero-attribution infrastructure. IRIS delivers AI-powered risk scoring, entity extraction, and translation across 10+ languages -- persistent, structured visibility into threat actor communications that passive tools cannot reach.
The Intelligence Gap Is Growing
Threat actors operate in encrypted channels, closed groups, and dark web forums in dozens of languages. Without purpose-built collection, your team sees a fraction of the threat landscape.
Invisible Attack Surface
Threat actors have migrated to encrypted instant messaging platforms, invite-only Telegram groups, and ephemeral dark web forums. These channels generate thousands of messages daily in dozens of languages. Without persistent, automated collection, your team is operating with a fractional view.
Analyst Overload
Even when raw data is available, the volume is paralyzing. Analysts spend 70% or more of their time on triage -- scrolling through untranslated messages, manually correlating identities, and trying to separate signal from noise.
Fragmented Tooling
Most organizations cobble together OSINT scripts, manual browser monitoring, and spreadsheet-based tracking. These approaches break at scale, leave no audit trail, and create single points of failure.
Non-English Blind Spots
The most critical intelligence originates in Arabic, Farsi, Urdu, Pashto, and Russian. Machine translation alone misses context, slang, coded language, and dialect. Without native-speaker validation, assessments carry unacceptable uncertainty.
“Where others see noise, IRIS sees patterns -- across encrypted messaging platforms, in 10+ languages, in real time.”
Six Capabilities. One Platform.
Complete operational coverage from collection through investigation -- every stage enriched, structured, and audit-ready.
Persistent Access to Concealed Sources
IRIS maintains continuous collection across WhatsApp, Telegram, Signal, Discord, and other encrypted instant messaging platforms. Messages, media, member lists, and metadata are captured in real time using specialized Virtual HUMINT™ avatars operating with zero-attribution and full anonymization.
Enrichment Before an Analyst Touches It
Every ingested message passes through an AI enrichment pipeline. Content is automatically translated from 10+ languages including Arabic, Chinese, Russian, and Spanish. Entities are extracted, and each item receives a dynamic risk score (1-10). AI-generated summaries condense high-volume channels into actionable intelligence snapshots.
Actionable on Arrival, Not After Triage
Configure alert rules based on keywords, entities, languages, source groups, risk thresholds, or any combination. When a matching event occurs, IRIS delivers notifications with full context, translation, and risk scoring already applied.
Persistent Profiles Across Platforms and Aliases
IRIS maps relationships between members, groups, aliases, phone numbers, shared media, and forwarded messages as interactive network graphs. Analysts explore connection paths, identify bridging nodes, and detect coordinated activity patterns.
Intelligence in 10+ Languages
Machine translation misses context, slang, coded language, and dialect. IRIS combines AI-powered language processing with native-speaking analysts across Arabic, Farsi, Hebrew, French, Spanish, Russian, Portuguese, and more -- delivering intelligence that preserves meaning, not just words.
Integrate IRIS Into Your Existing Stack
A RESTful API provides access to search, alerting, entity data, and enrichment outputs -- enabling teams to pull IRIS intelligence directly into analyst workbenches, SIEM platforms, TIPs, and custom workflows.
Collect. Analyze. Alert.
Three stages. Fully automated. Every item arrives on your screen enriched, scored, and ready for assessment.
Collect
IRIS continuously collects from deep and dark web sources around the clock. No scheduling gaps, no manual triggers, no missed windows. When your analyst logs in, the data is already there.
Analyze
Before an analyst touches a single item, the enrichment pipeline has translated content, extracted entities, assigned risk scores, and generated AI summaries. What arrives on screen is structured, contextualized intelligence.
Alert
Configured alert rules flag the items that matter most. Critical developments surface immediately. Lower-priority content is scored and queued. Your team spends time on assessment, not manual triage.
[2026-03-14 02:17:43 UTC] ALERT Rule: "WEAPONS_PROCUREMENT" triggered
Source: Telegram / channel_id:4821 / "Al-Sham Marketplace"
Lang: Arabic (Levantine dialect) → EN translation applied
Risk: HIGH (0.91) | Entities: 3 extracted | Geo: Idlib province
Actor: @abu_khalid_92 — linked to 4 known aliases across 12 groups
[2026-03-14 02:17:44 UTC] ACTION Alert dispatched to: dashboard, webhook (SIEM), email (CT-WATCH-LIST)
[2026-03-14 02:17:44 UTC] OK Investigation case #4821 auto-created. Evidence bookmarked.
Intelligence in 10+ Analyst Languages
Machine translation alone misses context, slang, coded language, and dialect. IRIS combines AI-powered translation (Arabic, Chinese, Russian, Spanish, and others) with native-speaking analyst validation to deliver intelligence that preserves meaning -- not just words.
العربية
Arabic
Multiple dialects
עברית
Hebrew
فارسی
Farsi
Dari included
Русский
Russian
Français
French
North African
Español
Spanish
Português
Portuguese
Türkçe
Turkish
Native-Speaker Analyst Validation
Every high-priority translation is validated by native-speaking analysts with regional expertise -- not contractors running content through Google Translate. IRIS employs analysts who grew up speaking Arabic, Farsi, Hebrew, and other target languages. They recognize dialect variations, decode slang and euphemisms used by threat actors, and interpret culturally specific references that machine translation systems consistently miss. This is the difference between automated translation and human intelligence.
Fits Your Existing Workflow
IRIS integrates with existing intelligence management systems, SIEM platforms, and analytical tools via REST API. Data export in standard formats ensures compatibility with your infrastructure.
Export structured threat intelligence in industry-standard STIX format. Ingest directly into your TIP.
Full programmatic access to search, alerting, entity data, and enrichment outputs. Structured JSON responses.
Push IRIS alerts to Slack, Teams, email distribution lists, or ticketing systems like Jira and ServiceNow.
Route IRIS intelligence into Splunk, Sentinel, QRadar, or any SIEM that accepts structured data feeds.
# Search for threat intelligence
curl -X POST https://api.iris26.variableq.com/v2/search \
-H "Authorization: Bearer $IRIS_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"query": "weapons procurement",
"languages": ["ar", "fa", "ur"],
"risk_threshold": 0.7,
"date_range": "last_24h",
"format": "stix"
}'
200 OK | 47 results | 12ms response time
“The most critical intelligence originates in languages most platforms cannot process. IRIS was built to operate where threats actually originate.”
See IRIS in Action
Every day, threat actors coordinate in concealed channels that fall outside the reach of conventional monitoring tools. IRIS was built to close that gap -- giving your team persistent, structured, AI-enriched access to the intelligence that drives informed decisions and faster response.
See the platform. Ask hard questions. Evaluate it against your operational requirements. For IED/CBRN/drone weapons technical intelligence, explore the CODEX platform.