In an age where misinformation travels at the speed of a click, the role of human verification in intelligence gathering has never been more crucial. A recent example illustrates this point clearly: on February 17, 2025, reports of an explosion near Kabul International Airport (KBL) quickly began circulating on Afghan media and social platforms. At face value, the event seemed credible – “verified” accounts, video footage, and a high-profile location. But it turned out to be false. What prevented this piece of fake news from becoming a misleading SITREP alert? Human insight. This blog explores why automated monitoring alone isn’t enough and how trained analysts can be the last line of defense against disinformation.
Why Human Insight is Crucial in Threat Intelligence Monitoring
Although misinformation, disinformation, and fake news are not new phenomena, we live in a world where they spread rapidly with just the click of a mouse, thanks to the ubiquity of the internet and the popularity of social media. One of the significant challenges we face in the 21st century is the breakdown of trusted information sources. In a world of “alternative facts” – described as a “maze of claim and counterclaim” – the dizzying pace at which information is spread on social media presents a major challenge, especially for threat analysts using platforms such as X (formerly known as Twitter), Facebook, BlueSky, and Reddit for real-time incident monitoring.
Analysts can gain early warning of security incidents by effectively monitoring social media platforms, tracking threat actors’ activities, and gathering crowdsourced intelligence to better understand and defend against potential risks. However, without careful validation of the information, this process can lead to misguided decisions, wasted resources, and potentially dangerous outcomes for organizations and individuals relying on such intelligence. Social media is frequently a source of misinformation or unverified claims, and reporting these without proper verification carries significant risks for both organizations and the broader cybersecurity ecosystem.
The complexities of the cyber threat landscape make it clear that relying solely on automated social media monitoring is not an all-inclusive solution. As it stands, automated tools lack the necessary contextual understanding to support sound security decisions. When a security incident occurs, the context – understanding the nature of the attack and its potential impact – is vital. Analysts bring this context-rich knowledge, enabling organizations to receive actionable insights. Identifying and communicating the “why” behind an incident helps reduce false positives and misclassification.
This need for context becomes even more critical in dynamic situations where information may be incomplete or conflicting. Such decision-making requires a degree of human intuition, developed through experience, expertise, and awareness that is not only situational but also emotional and cultural. This level of insight is currently difficult, if not impossible, to replicate with algorithms (for now, at least). Human analysts also bring adaptability and creative thinking to the table, especially when verifying breaking news in real time.
A Case Study: The Kabul Airport “Explosion”
On February 17, 2025, various local Afghan media outlets reported an explosion on the road leading to Kabul International Airport (KBL).
At first glance, the reports appeared credible. The location was high-profile, and the sources had apparent legitimacy (e.g. large followings, verified badges). It would have been easy to publish an alert. But Hozint’s analysts chose to verify the facts first. Here’s how they determined the event never occurred:
Step 1: Tracking Down the Primary Source
The analysts traced the original report to a social media account named “Afg Green Trend.” Upon review, the account was found to have a history of strong anti-Taliban rhetoric dating back to 2011, suggesting a potential bias and raising a red flag.
Step 2: Video Verification
All media outlets reporting the explosion shared the same video from the same angle—again sourced from “Afg Green Trend.” In genuine incidents, especially in a public area, multiple angles or additional footage typically surface. The uniformity of the visual evidence cast further doubt.
— ZAMZAM NEWS (@zamzamafg) February 17, 2025
Breaking – An explosion occurred near Kabul’s airport on Monday afternoon, according to local sources.
Footage sent to Amu TV shows the blast took place on the road leading to the airport.
Details about the cause of the explosion or possible casualties remain unclear.
Taliban… pic.twitter.com/ALUZx6UhV0
— Amu TV (@AmuTelevision) February 17, 2025
Step 3: A Bit of Waiting
Rather than rush to issue an alert, analysts waited for further updates. Within minutes, the Kabul Police Command officially denied that an explosion had occurred.
The Takeaway
This case underscores why automated tools should augment, not replace, human analysts. While automation offers speed and data-handling at scale, it cannot replicate human judgment, contextual awareness, and intuition. The most effective threat intelligence model is a hybrid one, where machine efficiency is guided by human expertise.
About the authors
Arko Banerjee is the Editor in Chief at Hozint, where he oversees and coordinates a team of analysts responsible for the Verified Data Feed, ensuring the accuracy and timeliness of every report. In addition to managing the team, Arko also provides training and mentorship to analysts and interns at the start of their intelligence analysis careers at Hozint.
Rushali Saha is the Editor and Team Lead of the Asia Desk, overseeing a team of analysts dedicated to monitoring and analyzing real-time security incidents. She ensures the team provides comprehensive situational awareness, delivering timely and accurate insights on critical security developments as they unfold.
