At the convergence of sensitive data, global exposure, and limited security resources, nonprofits dedicated to serving vulnerable populations face significant cybersecurity challenges. Protect.ngo, based in Geneva and previously known as the CyberPeace Institute, provides essential free cybersecurity support to these organizations, assisting them in navigating increasingly complex threats. As a nonprofit itself, Protect.ngo strives to identify and analyze threats targeting its nearly 700 member organizations—a task that is far more daunting than it initially appears.
Founded in 2018, Protect.ngo’s cybersecurity analysts initially relied on open-source intelligence to keep tabs on publicly reported cyberattacks affecting the nonprofits in their network. The process was labor-intensive, requiring analysts to sift through news outlets, dark web forums, social media, and a variety of other sources. Miles Collins, a cyberthreat analyst at Protect.ngo, noted that many NGOs have a limited digital footprint, complicating the detection of potential threats. “This can make it more difficult to detect whether they have been targeted and to gather enough evidence for technical attribution,” he explained.
The lack of a consolidated view of the cybersecurity landscape facing NGOs and other civil society organizations made the work not only laborious but also inconsistent and inefficient. Analysts struggled to provide real-time insights necessary for effective threat analysis and prioritization. With a diverse group of member organizations operating across various regions, sectors, and environments, the scale of Protect.ngo’s monitoring efforts added to the complexity of the situation.
The consequences of delayed or missed detections could be severe. An attack aimed at one organization within the Protect.ngo network could have far-reaching implications for other NGOs. Furthermore, any lapses in detection could undermine public records used by researchers and policymakers. By March 2025, Protect.ngo analysts had painstakingly documented over 295,000 threats and 1,100 distinct attacks on NGOs, illustrating the ever-worsening threat landscape.
To tackle these mounting challenges, Protect.ngo incorporated artificial intelligence into its operations. In collaboration with Dataminr, the organization implemented an AI-powered threat intelligence platform designed to bolster the capabilities of its human analysts. This innovative platform aggregates information from diverse sources across the public, deep, and dark web, encompassing everything from government advisories to social media and breach reports. It processes a variety of data types, including text, code, images, and videos.
The integration of agentic AI allows for the autonomous analysis and contextualization of data, transforming how incidents are summarized and relationships between cyber activities, threat actors, and targeted organizations are mapped. Each AI-generated intelligence alert is structured, deduplicated, and presented in real-time, complete with source attribution and background on involved threat actors.
Collins emphasized the crucial role of human oversight, stating that analysts at Protect.ngo review and verify all AI-generated alerts to ensure accuracy before determining subsequent actions. “Human analysts are still required when it comes to judging whether those claims are credible or not,” he reiterated, underscoring the importance of maintaining a robust analytical process alongside automated tools.
As the organization expanded its capabilities, the AI-driven intelligence technology also informed Protect.ngo’s public platform, Cyber Tracer. This tool tracks vulnerabilities, threats, and attacks relevant to civil society organizations while aiding research into cyberactivity in conflict zones, including the ongoing Russia-Ukraine war. NGOs, policymakers, and researchers can utilize Cyber Tracer to enhance risk mitigation efforts and bolster cyber resilience.
The operational benefits of agentic AI at Protect.ngo have been substantial. By consolidating disparate threat data into a single, contextualized feed, analysts are now able to invest time in prioritizing and analyzing threats rather than merely collecting information. This AI-enhanced monitoring also affords coverage of channels, such as dark web forums, that resource-constrained organizations often struggle to monitor consistently.
A notable instance in which the AI platform proved invaluable involved a nonprofit participating in Protect.ngo’s The Builders program, which connects corporate cybersecurity volunteers with NGOs needing assistance. An alert surfaced concerning a threat actor who had exfiltrated data from the organization’s environment and published a sample online. Thanks to Dataminr’s early warning, Protect.ngo’s volunteer analysts were able to reach out quickly, offering remediation support before the organization even became aware of the incident.
Since implementing these advanced technologies, Protect.ngo has logged over 878,000 threats, identified more than 1,084 vulnerabilities, and quarantined upwards of 560,000 phishing emails. The organization remains vigilant, recognizing, however, that AI cannot replace fundamental cybersecurity hygiene.
Collins cautioned that smaller organizations lacking dedicated security functions often do not have the essential controls required for utilizing advanced monitoring tools effectively. “Organizations without in-house security staff should focus first on the basics,” he advised, emphasizing the importance of multi-factor authentication, VPNs, strong password management, and timely software updates. For resource-constrained teams, the risk exists that AI could be viewed as a panacea, overshadowing the essential human insight and disciplined practices that underpin effective cybersecurity strategies.
In summary, while Protect.ngo’s experience with AI-driven cybersecurity has been promising, it serves as a reminder that successful cybersecurity must begin with solid foundational practices. As the organization continues to empower NGOs worldwide, it emphasizes that while AI tools offer significant enhancements to threat monitoring and mitigation, they are not substitutes for fundamental cybersecurity vigilance and responsibility.