Solutions
Narrative Attacks Are Now a Security Function
Coordinated attacks target your organisation's reputation, executives, and stakeholders - your brand and your stakeholders. Detect them before the damage compounds, attribute them to source, and predict where they're heading. Powered by the European built Havel platform - the same AI used by NATO and European governments.
Trusted by
Research delivered to NATO StratCom COE · European Parliament · Government institutions in Lithuania, Moldova, Germany, Romania
The Problem
Narrative Attacks Have Crossed Into Security Territory
A narrative attack used to be a communications problem. A bad story would run, a PR team would respond, and the cycle would move on. That model is obsolete.
Today's narrative attacks are operationalised. They are coordinated across platforms simultaneously, use bot networks to manufacture the appearance of organic outrage, target executives by name, and seed false claims through legitimate-looking outlets. By the time a conventional monitoring tool flags the volume spike, the damage is already structural.
Security teams, crisis communications leads, and executive protection analysts need something different: not more mentions, but forensic intelligence. Who is behind the attack, how it is structured, and where it is heading - before it peaks, not after.
Havel delivers this capability. The same AI engine that detects foreign information operations for European defence institutions, applied to the threats targeting your organisation.
$30B
Enterprise spend on combating mis- and disinformation by 2028. The narrative threat is now a budget line.
— Gartner
1 GLOBAL RISK
Narrative manipulation and misinformation ranked the top short-term risk two years running
— World Economic Forum 2024, 20253 DAYS
Lead time Havel provided before a coordinated attack reached mainstream media in the Kapčiamiestis FIMI case.
— Lithuania, 2024 
Use cases
European-Built for Organisations Under Attack
Coordinated Attack Detection & Early Warning
Coordinated narrative attacks leave structural fingerprints before they leave volume spikes. Havel detects them at the infrastructure level - synchronised posting patterns, duplicate content distributed across coordinated source clusters, and cross-platform amplification chains from fringe to mainstream. When these signals converge, the platform issues a forensic early warning, typically days before content volume alone would trigger a conventional alert.
The difference matters. Three days of lead time is a response window. Three days of retrospective reporting is damage limitation. Havel detected the Kapčiamiestis FIMI operation at its earliest amplification stage - identifying coordination across Telegram and TikTok in two languages - three days before mainstream media and two weeks before full escalation.
Attribution & Forensic Intelligence
Knowing an attack exists is not enough for security teams, legal counsel, or executive leadership. Havel provides attribution at the source cluster level: which accounts and channels are distributing the same content, what the posting synchronisation patterns reveal about coordination, and which nodes are origin points versus amplifiers. Content DNA analysis tracks how narratives mutate as they travel, identifying the original seeding point even when the story has been reframed.
This is forensic evidence - suitable for internal briefings, legal review, and strategic response planning. The same methodology Repsense used to attribute Russian information operations for NATO StratCom COE, mapping 3.2 million pieces of content to coordinating source clusters, is available to enterprise security teams through Havel.
Predictive Escalation Modelling
Havel tracks narrative clusters continuously, scoring each for growth velocity, coordination intensity, and structural behaviour. When a cluster's amplification pattern matches the signature of an operation in its early escalation phase - high coordination, unusual synchronisation, cross-platform seeding - the system generates a predictive alert with a projected trajectory: estimated time to mainstream visibility, likely amplification channels, and predicted impact score at mass distribution.
These models were trained on real information operations and validated against datasets spanning twelve million pieces of content. Prediction is not speculation. It is pattern recognition at scale, trained on how real attacks behave before they peak.
Executive & Stakeholder Targeting Intelligence
Narrative attacks increasingly target individuals - executives, board members, spokespersons. Havel monitors the full information environment around named individuals across broadcast, social media, video platforms, and messaging channels. The platform detects coordinated negative amplification, distinguishes organic criticism from manufactured campaigns, and flags impersonation patterns.
When an executive becomes a target, Havel identifies the campaign structure: where it originated, which networks are amplifying it, and what its likely trajectory is. For security teams managing executive protection, this is the difference between knowing a campaign exists and understanding whether it is an opportunistic story or a structured operation.
How it works
From Threat Signal to Actionable Intelligence
DEFINE
Scope your threat environment. Your organisation, executive names, product lines, adversary watchlists - known threat actors, competing interests, state media sources. Havel sets up continuous collection from millions of sources in 75+ languages, fine-tuned to your specific threat surface.
DETECT
Havel ingests and clusters content continuously across text, broadcast, social, and video. Narrative threads are formed regardless of platform or language. Each cluster is scored for growth velocity, coordination, and structural behaviour. Analysts see a prioritised threat landscape, not a feed of undifferentiated mentions - including video content conventional tools cannot read.
TRACK
Three layers run simultaneously: emerging narrative detection flags new threat clusters as they form; coordination analysis identifies organised amplification and attributes it to source clusters; predictive alerts fire when a narrative's structural behaviour indicates escalation is imminent, projecting its trajectory forward before volume-based tools would trigger.
ACT
Generate threat assessment reports from any detected cluster: source attribution, coordination evidence, network maps, predicted trajectory, and response options. Ready to present to security teams, general counsel, and executive leadership. Export for integration into existing security and crisis management workflows. A complete threat briefing from Havel is ready in minutes.
Evidence
Operational Proof, Not Promises
Lithuania — Coordinated FIMI Targeting Military Infrastructure, Detected 3 Days Early
In 2024, Havel detected a coordinated FIMI campaign targeting the planned military base at Kapčiamiestis at its earliest amplification stage - three days before mainstream media and two weeks before full escalation. Content volume was below conventional alert thresholds. But the coordination pattern was unmistakable: identical narratives seeded across Telegram and repackaged as TikTok videos in two languages. Havel attributed the operation to a cluster of synchronised sources and issued a predictive early warning with enough lead time for a response, not a reaction.
Financial Institution — Fraud Narrative Detection
Repsense detected narratives alleging fraudulent practices at a major bank before they reached the customer base at scale. The platform tracked propagation and provided a structured briefing — enabling a proactive response before the claims could drive customer attrition.
NATO StratCom COE — Mapping Russia's Adaptive Propaganda System
Repsense conducted research for the NATO Strategic Communications Centre of Excellence, mapping the structure and mechanics of Russia's information operations apparatus across 3.2 million pieces of content. The research identified the structural architecture of the propaganda system - how it responds to setbacks, adapts messaging, and distributes coordinated content - and pinpointed structural vulnerabilities with direct operational relevance for StratCom and enterprise security teams facing similar coordinated threats.
Platform research delivered to: NATO StratCom COE · European Parliament · Multiple European election monitoring deployments · Lithuanian, Moldovan, German, Romanian, and Armenian government institutions
Why repsense
What Sets Havel Apart for Narrative Threat Intelligence
-
Havel detects threats by coordination pattern, not volume spike. Synchronisation signals, duplicate content ratios, and amplification architecture are identified early - typically days before a conventional alert would fire. This is how Havel detected Kapčiamiestis before the operation peaked.
-
Source-level forensics with evidence suitable for briefing rooms and, if required, legal review: duplicate content ratios near 1.0, posting synchronisation timestamps, and network maps showing who is behind the attack - including what is being said.
-
Coordinated attacks increasingly live in video. Havel performs full content analysis of TikTok, YouTube, Reels, and broadcast - speech-to-text, narrative classification, coordination detection — across platforms and languages at scale. If your current tools cannot read the video attacking your organisation, you have a blind spot.
-
Havel projects narrative trajectories forward. When structural behaviour indicates escalation, the system issues a warning with a projected timeline. The Kapčiamiestis case delivered three days of lead time. Three days is a response window, not a damage report.
-
The coordination detection that identifies FIMI campaigns for European governments is the same detection inside Havel for enterprise security teams. This is not a social listening tool with a security layer added - it is a threat intelligence platform proven in the most demanding information environments in the world.
-
European data sovereignty from the ground up. GDPR-compliant data handling, European hosting, and deep understanding of EU regulatory and legal environments - built in, not retrofitted.
Know the Threat Before It Knows You
Request a threat assessment to see how Havel detects, attributes, and predicts coordinated narrative attacks targeting your organisation - including the video content your current tools cannot read.