- Call: 0203 427 3507
- Email: innovation@clustre.net
“Companies have spent years hardening their digital defences. Meanwhile, a different class of threat — physical, hybrid, and devastatingly real — has been quietly growing in the shadows”. Robert Baldock, MD Clustre
Ask any board to name their top security risk and the answer is almost always the same: Cyber-attack. Ransomware. A data breach. A compromised supply chain.
These are real and serious threats. The NCSC recorded 204 ‘severe-consequence cyber incidents’ in the year to August 2025, more than double the 84 reported the year before. Boards are right to be worried.
But here is the uncomfortable truth that rarely reaches the boardroom: whilst we have been hardening our digital perimeters, a different class of adversary has been watching, probing, and positioning. Not through code, but in person. On foot. In car parks and service roads and at the edges of our physical infrastructure.
The most sophisticated threat actors – state-affiliated groups, organised criminal networks, and hostile intelligence services – do not simply send a phishing email and hope for the worst. They conduct hostile reconnaissance. They walk your sites. They identify your vulnerabilities in the physical world before taking malicious action – digital, kinetic, or often both. And most organisations have absolutely no knowledge of this happening.
Consider what has happened in Europe in recent months. DHL depot fires across multiple countries. Infrastructure disruptions near critical transport hubs. These are not random events. They are a reminder that physical attacks – whether acts of state-sponsored sabotage, organised criminality, or coordinated disruption – remain potent and frequently underestimated vectors.
We are living through a period of converging risks. The boundary between the digital and the physical has effectively dissolved. A sophisticated adversary plans across both domains simultaneously, exploiting whichever is weakest. Yet most organisations have built their security posture as if the two exist in separate worlds – a CISO responsible for one, a head of physical security responsible for the other. The gap between them is rarely examined.
“State actors and sophisticated criminal groups routinely conduct physical hostile reconnaissance ahead of both cyber and kinetic attacks. Most organisations are blind-sided by such tactics.”
The traditional security model is reactive by design. You detect a breach, you respond to an incident, you work hard to restore order, you investigate after the fact. For lower-stake threats in a fairly benign environment, this has – perhaps – been sufficient. But no longer.
The organisations best placed to protect themselves in the current threat environment share a common characteristic: they have moved from detection to anticipation. They know who is likely to target them, why, and what form that threat is likely to take – before anything happens. And when something begins to unfold, they respond in real time, without depending on a single analyst to spot the signal in the noise.
This is not a theoretical ambition. It is now operationally possible and vital. Platforms exist today that automate the NATO intelligence collection and dissemination cycle…
OpenHorizon, for example, was created by senior Norwegian Intelligence officers. Adopting state-level security protocols, it provides threat assessments that are tailored to the unique risk profile of every major client. Real-time dashboards instantly reveal their risk exposure across the entire global threat landscape.
Similarly, Vantiq was created by veterans from the database and distributed apps world. They use edge computing to create mission-critical security solutions. Integrating data streams from any source – IoT, mobile devices, enterprise systems and people – they deliver real-time applications at unprecedented speed.
These industry leaders can process hundreds of open-source intelligence feeds – grading them for credibility, mapping them against thousands of active threat actor groups, and generating a personalised threat profile for each client organisation. If a state-affiliated group with a history of targeting energy infrastructure begins to direct attention towards organisations of your type, in your geography, you are told. You receive a realistic attack scenario. You have something concrete to act on.
In the most advanced deployments, the intelligence goes further still. Signals intelligence capabilities can detect the physical presence of known threat actors in the vicinity of your assets. This is not a vague ‘state actors may be interested in facilities like yours,’ warning. It is a very specific alert: ‘there is a vehicle associated with a person of interest in the car park of your facility, right now’. This is an entirely different order of threat warning.
Intelligence without action is merely anxiety with data. The other half of the equation is what happens when a threat is identified. This is where agentic AI is changing the game in ways that most European organisations have been slow to recognise.
The rest of the world has not been so hesitant. Japan has already deployed Vantiq’s unique agentic AI decision-making system for national disaster management. It orchestrates responses across multiple agencies simultaneously.
In Saudi Arabia, 11,000 cameras across 95 buildings have been integrated into a single real-time orchestration layer – managing crowd dynamics, tracking individuals of concern, and detecting threatening language in public spaces.
In the US, hospital networks use the same class of technology to manage everything from medication verification to perimeter security across hundreds of facilities.
What makes this significant is the architecture. Processing happens at the edge, at or near the device, in real time, without routing data to a central cloud. Response times are measured in milliseconds. The system does not wait for a human to notice something on a monitor. It acts – alerting, locking, and redirecting – whilst humans are blissfully unaware of an issue.
Critically, this does not require ripping out existing infrastructure. Modern platforms connect to legacy cameras, sensors, and access control systems through hundreds of standard connectors. The intelligence that was always there, dormant in your existing estate, is simply activated.
The capabilities described above are not experimental. They are deployed at scale, in real environments, protecting real assets. So why are so few European organisations using them?
The honest answer involves a combination of cultural risk aversion, constrained budgets, and – most fundamentally – a lack of sufficiently acute motivation. Nations in the Middle East and Asia Pacific face existential threats that are immediate and undeniable. That urgency drives adoption. In Europe, the threat has felt somewhat abstract… until recently.
Suddenly, it has ceased to be an abstraction. The conflict on Europe’s eastern border, the documented campaign of Russian sabotage operations across the continent, the targeting of undersea cables, pipelines and transport infrastructures – this is the new reality. These threats are no longer hypothetical. They are existential. And organisations that continue to treat security as a compliance exercise rather than a strategic imperative are taking unacceptable risks.
“The boundary between the digital and the physical has dissolved. A sophisticated adversary plans across both domains. Most organisations have built their security as if the two exist in separate worlds.”
You don’t have to be targeted to have a problem. The absence of a known incident is not evidence of immunity. It may simply mean that you have not yet been attacked… or that you have already been attacked without your knowledge.
The question worth putting to your board, your security leadership, and your risk committee, is a simple one: if a state-affiliated threat actor were conducting reconnaissance against our assets, right now, would we know?
If the honest answer is ‘no’, then it is worth understanding what is now possible. Because the technology exists. The intelligence frameworks exist. The integration pathways into existing infrastructure exist. The only things missing are the acceptance of a major security gap and the collective will to close the chasm.
Clustre has brought together a unique capability. Specialist firms with intelligence community backgrounds, military-grade systems experience, and proven expertise in national-scale deployment. To help you explore threat intelligence, physical security, and AI agentic response capabilities, we would be delighted to introduce you.
The threat actors may be in your car park, right now. They are certainly not waiting. Neither should you.
| Find out more Contact Robert Baldock at Clustre to facilitate introductions to Open Horizon (threat intelligence platform, Norway) and Vantiq (agentic AI orchestration, USA). We can help you frame the right questions for your security leadership. Robert.baldock@clustre.net |
