Have you ever considered the sheer weight of being the person whose job it is to watch the people who are watching us? It is a bit of a hall of mirrors situation. Today's prompt from Daniel is about the world of counterintelligence, specifically what it takes to be a great spy-catcher in twenty twenty-six. It is a timely question because, if you have been watching the news lately, the traditional image of the trench-coat-wearing operative is being replaced by something much more technical and, frankly, much more fragile. We are seeing a massive paradox right now: the threat from state-sponsored actors is at an all-time high, yet the very institutions designed to protect us are being hollowed out from within.
It is the perfect time to dig into this, Corn. Just in the last few weeks, we have seen this massive split in how western nations are handling their counterintelligence functions. You have the United Kingdom making these high-profile arrests of Chinese operatives under their new National Security Act, and then on the other side of the Atlantic, you have a massive institutional shake-up at the Federal Bureau of Investigation that is raising a lot of eyebrows in the intelligence community. Herman Poppleberry here, by the way, and I have been diving into the mechanics of these recent cases. The shift we are seeing is not just about who is getting caught, but about how the agencies themselves are being structured—or in some cases, deconstructed. The tension is palpable. On March third, twenty twenty-six, we saw the firing of the C-I-twelve unit in the United States, and then just twenty-four hours later, the U-K police arrested three men for spying for China. It is a tale of two very different trajectories.
It is interesting you bring up the structure, because counterintelligence often gets lumped in with general espionage, but they are very different disciplines. In our previous episodes, we have talked about what makes a great spy—the ability to blend in, to recruit, to extract. But a spy-catcher? That feels like a different personality type entirely. It is less about being a chameleon and more about being a forensic accountant mixed with a hunter. We need to define what we are actually talking about here. Counterintelligence is not just about catching a guy with a briefcase full of cash in a park. In twenty twenty-six, it is about risk management, denial of information, and managing state-sponsored influence operations that look like legitimate business.
That is a great way to frame it. If espionage is the art of the theft, counterintelligence is the science of the audit. In twenty twenty-six, a great spy-catcher has to manage what we call the three pillars: technical surveillance, behavioral analysis, and network preservation. The problem we are seeing right now, particularly with the recent news out of the United States, is that you can have all the high-tech surveillance in the world, but if you lose the institutional memory and the human networks, the whole system starts to blind itself. A modern C-I officer has to be comfortable in the gray zone. They are looking at academic exchanges, business partnerships, and lobbying efforts. They are asking: is this a legitimate researcher, or is this a colonel in the People's Liberation Army using a university lab as a collection point?
You are talking about the situation with Director Kash Patel and the C-I-twelve unit, right? For those who missed the headlines earlier this month, the Federal Bureau of Investigation director fired a dozen senior agents from this specific squad—the one responsible for tracking foreign spies on United States soil. And the timing was... well, let us just say it was notable, coming right before the military strikes against Iran. This was not just a routine personnel change. These agents had worked on the Mar-a-Lago classified documents investigation, and their removal is being seen by many as a retaliatory purge that has left a massive hole in our domestic defense.
Notable is one word for it. Devastating is the word I am hearing from my sources in the beltway. C-I-twelve is not just any unit; they are the frontline for Iranian and Russian operations within the United States. When you fire twelve senior agents who each have twenty years of experience, you are not just losing twelve bodies. You are losing a century of combined relationships with confidential informants. In counterintelligence, those informants are everything. You cannot just hand a post-it note with a phone number to a new recruit and expect the informant to keep talking. These are relationships built on trust, often over decades. If you are an Iranian dissident providing tips on assassination plots in northern Virginia, you are not talking to the Bureau; you are talking to Agent Smith, the person who has kept you safe for ten years. When Agent Smith is fired, that data stream dies instantly.
I think that is a nuance a lot of people miss. They assume the intelligence is all in a database somewhere. But if I am an informant risking my life, I am not talking to an agency. I am talking to a person. This brings us to the "Institutional Memory" crisis. We have seen approximately three hundred agents working on national security leave the Bureau since January twenty twenty-five. Forty-five of those were fired outright. Herman, how does a loss of that scale affect the technical tradecraft? We are talking about fusing signals intelligence—S-I-G-I-N-T—with human intelligence, or H-U-M-I-N-T.
It breaks the fusion process entirely. S-I-G-I-N-T can tell you that a specific encrypted device moved from a Russian consulate to a coffee shop in Georgetown. It can tell you that a bank account in the Cayman Islands just received fifty thousand dollars. But it cannot tell you the "why" or the "who" without the H-U-M-I-N-T to provide context. A great spy-catcher uses technical tools to find anomalies, but they use human networks to verify them. When you lose the human side, you are left with a mountain of data and no one who knows how to read the patterns. This is where the "Mole Hunt" methodology comes in. To find an internal threat, you have to look for behavioral red flags: sudden unexplained wealth, frequent foreign travel that was not reported, or a sudden change in personality.
Let us talk about those red flags, because that feels like the core of the tradecraft. We have the classic cases like Robert Hanssen and Aldrich Ames. Hanssen was an F-B-I agent who spied for the Soviets and Russians for over twenty years. Ames was a C-I-A officer doing the same. They were the ultimate "insider threats." How does a modern spy-catcher identify a threat like that today, especially when the adversary is being so sophisticated?
The baseline for internal threat detection has not changed as much as you might think, but the tools have. In the case of Krobein Schultz—the army intelligence analyst who was sentenced to seven years last April—it was a classic case of greed. He was accepting bribes to transmit national defense information to China. He received about sixty-five thousand dollars in total. A great spy-catcher looks at the intersection of access and motive. Schultz was looking at documents regarding Taiwan and high-tech weaponry when his actual job was focused on logistics in Europe. That is a technical tripwire. If an analyst is accessing files outside their "need-to-know" or "compartmentalization," the system should flag it. But again, you need a human to look at that flag and say, "Wait, why is the logistics guy obsessed with Taiwan's missile defense?"
But you need the staff to actually monitor those tripwires. If you have lost half the staff in the Department of Justice's National Security Division, who is actually looking at the logs? It feels like we are creating a target-rich environment for foreign agencies because our own internal guardrails are being dismantled for political reasons. It is a self-inflicted wound. We are seeing a thirty-five percent increase in counterintelligence arrests in twenty twenty-five, which suggests the threat is growing, but our capacity to handle it is shrinking.
And while the United States is struggling with internal stability, the United Kingdom is moving in the opposite direction. They passed the National Security Act of twenty twenty-three, which gave them a lot more teeth to actually prosecute these cases. Before that law, it was surprisingly difficult to charge someone for assisting a foreign intelligence service if they were not handing over classified military secrets. The law created specific offenses for foreign interference and for assisting a foreign intelligence service in ways that were previously legal or at least hard to prosecute. The March fourth, twenty twenty-six arrests we just saw—the three men accused of spying for China, including the husband of a Member of Parliament—were a direct result of that new legal framework.
That is a huge deal. It shows that the threat is moving into the very heart of the legislative branch. It is not just about stealing blueprints; it is about influence. And this brings us to the rise of "proxy networks." I was reading about the Bulgarian spy ring in London—the ones the prosecutors called "The Minions." That was a wild case from March twenty twenty-five.
The Minions case is the perfect example of the industrialization of espionage. These were not elite officers from the Russian S-V-R. They were three Bulgarian nationals living in the United Kingdom who were acting as a decentralized surveillance hub. They were conducting surveillance on Kremlin opponents, journalists, and Ukrainian troops across Europe. This is the gig economy version of spying. Russia pays a criminal syndicate or a group of motivated individuals to do the dirty work, which gives the Kremlin plausible deniability. They are using "clean" individuals—people with no prior links to intelligence services—to conduct operations. This makes the spy-catcher's job a nightmare because these people do not show up on any traditional watchlists.
It also complicates attribution. If the person you are watching is not an official diplomat and does not have a direct link to a foreign embassy, how do you even start the investigation? You are basically looking at a group of people who look like ordinary immigrants or business owners. How does a C-I officer in twenty twenty-six bridge that gap?
You have to follow the money and the digital footprint. In the Minions case, it was about the scale. They were operating on an industrial level. A great spy-catcher has to be able to connect those dots across borders. This is where the technical side comes in—using signal intelligence and financial monitoring to find the common thread that leads back to Moscow or Beijing. But again, you need the human intelligence to interpret that data. You need the agent who knows the Bulgarian community or the person who can flip one of the lower-level players. This is what M-I-five calls the "human sensor" concept. Every confidential informant is a remote sensor. When Director Patel fires the agents who manage those sensors, the sensors stop sending data. It is like cutting the wires to a security camera. The camera is still there, but the screen in the control room just goes black.
And we are seeing the consequences of that in real-time. M-I-five has said they have responded to twenty potentially lethal Iran-linked plots since twenty twenty-two. Investigations into state threats surged by forty-eight percent in twenty twenty-five alone. If the threat is increasing by fifty percent and your staff is decreasing by fifty percent, the math just does not work. You are going to miss things. And the timing of the C-I-twelve firings—just days before military strikes against Iran—is particularly chilling. If Iran decided to activate sleeper cells or proxy networks in the United States as retaliation for those strikes, the very unit responsible for tracking them had just been gutted.
It is a security risk, plain and simple. When you purge the people who know how to protect the nation's secrets, you are essentially telling the adversaries that the doors are unlocked. Russia and China are not looking at our internal politics and thinking, "Oh, we should give them a break while they sort this out." They are looking at it and thinking, "This is our window of opportunity." They are scaling up their recruitment. They are increasing their cyber-attacks. They are moving their people into positions of influence while we are busy firing our own experts. We even saw this with Portia Anyamba, the former Oak Ridge National Laboratory specialist who pled guilty last year to acting as an agent of South Africa. It is a reminder that it is not just the "Big Three"—Russia, China, and Iran. Everyone is playing the game.
The Anyamba case is a great example of the diversification of the threat. South Africa might not be the first country you think of when you think of espionage against the United States, but if you have access to sensitive nuclear research or high-end technology, someone is going to be interested. The tradecraft she used was relatively simple, but it was effective because it was unexpected. A great spy-catcher has to be agnostic about where the threat comes from. You cannot just look at the people with Russian accents. You have to look at the behavior, regardless of the nationality.
So, if we are looking at the job description for a great spy-catcher in twenty twenty-six, what are the core competencies? We have talked about behavioral analysis and technical literacy. But you also need a deep understanding of the legal landscape. As we saw with the United Kingdom's National Security Act, the law is a tool. You need to know how to build a case that survives the discovery process in a courtroom. You also need an incredible amount of patience. Some of these operations take years to unfold. You might be watching a target for three years before they finally make the mistake that allows you to move in. And finally, you need that institutional support. You need to know that if you follow a lead that leads somewhere politically inconvenient, your bosses will have your back.
That last point feels like the biggest hurdle right now. If the intelligence apparatus becomes a political football, the spy-catchers become the targets. Firing the people who understand the mechanics of classified document mishandling is a massive self-inflicted wound. It reminds me of that quote about how the best way to destroy a country is from the inside out. If you can degrade the counterintelligence capacity of your rival without firing a single shot, you have won the biggest battle of the century.
And it is not just about the theft of secrets. It is about the corruption of institutions. If a foreign power can influence a member of parliament or a policy analyst, they can change the direction of a whole country. That is why the U-K's move to target influence operations is so smart. They are recognizing that the goal of modern espionage is not always to steal a blueprint; sometimes it is to steal a vote or a policy decision. They are using the law to go after the people who are helping China or Russia build networks of influence within the government.
We have talked a lot about the institutional side, but what about the technical side? How is A-I changing the game for the spy-catcher? Can an algorithm replace the gut feeling of a C-I-twelve agent?
A-I is a powerful tool for pattern recognition. It can scan through millions of financial transactions or travel records to find the anomalies that a human might miss. It can flag the person who traveled to Istanbul three times in a year on a modest salary. But it cannot do the interview. It cannot look someone in the eye and tell if they are lying or if they are just nervous. A-I can give you a lead, but it takes a human to close the case. The danger is that we rely too much on the tech because we have fired all the humans who know how to use it. It is the same problem we see in other fields. The tool is only as good as the person holding it. If you have a state-of-the-art radar system but no one in the control room who knows what a stealth bomber looks like on the screen, the radar is useless.
It is a sobering thought. We are living through this moment where the threats are escalating at an unprecedented rate, and yet our primary defense mechanism is being compromised from within. It is like trying to fight a fire while someone is dismantling the fire truck. I think we need to look at the practical takeaways here, because this is not just a high-level government problem. This affects anyone working in sensitive sectors—tech, finance, research. Herman, what should our listeners be looking for in their own professional environments?
The first thing is to understand your own baseline. If you are working on a project that has national security implications or high-value intellectual property, you are a target. Period. You need to be aware of how recruitment happens. It usually starts small—a request for a public document, an invitation to a conference, a small payment for a consulting gig. It is the "frog in the boiling water" strategy. By the time you realize you are in trouble, they already have leverage over you. You also need to be aware of the "insider threat" red flags we discussed: sudden wealth, unauthorized access, and unexplained foreign contacts.
And from a management perspective, it is about creating a culture where security is not seen as a burden but as a collective responsibility. If someone on your team is acting weird or has sudden wealth, that is not something to ignore. It is not about being a snitch; it is about protecting the work and the people involved. Behavioral monitoring is key, but it has to be done ethically and transparently. If you have clear policies about reporting foreign contacts or unusual financial situations, it makes it much harder for a spy to operate.
The goal of counterintelligence at the corporate or academic level is to make the environment as inhospitable as possible for an adversary. You want them to look at your organization and decide it is too much effort to infiltrate. It is about raising the cost of doing business for the other side. If we make it easy for them by gutting our own agencies and ignoring the warning signs in our own companies, we are basically subsidizing their intelligence operations. We are making it cheap for them. And when it is cheap, they do more of it.
This brings us to the future of counterintelligence. If we are sitting here in twenty thirty, what do you think the landscape looks like? Are we going to see a complete shift toward decentralized, A-I-driven C-I, or are we going to see a return to the classic H-U-M-I-N-T models?
I think we will see a hybrid, but the nations that succeed will be the ones that double down on the human element. You cannot automate trust. You cannot automate the recruitment of a double agent. The future of counterintelligence will belong to the agencies that can fuse the high-tech data with the old-school tradecraft. But that requires stability. It requires a government that views its intelligence professionals as assets to be protected, not as enemies to be purged. The U-K arrests this month and the F-B-I firings are two sides of the same coin. They both show us that counterintelligence is the foundation of national security. If that foundation is weak, everything else—the military, the economy, the diplomacy—is at risk.
I think we have covered a lot of ground today. We started with the idea of the spy-catcher and ended with the fragility of the state itself. It is a reminder that the work these people do—the ones in C-I-twelve, the ones in M-I-five—is often invisible until it stops working. And by then, it might be too late. The tragedy of counterintelligence is that your greatest successes are the things that never happen. You do not get a parade for the spy you caught before they could hand over the secrets. You only get the headlines when something goes wrong. We need to start valuing the prevention as much as we value the response.
Well said, Corn. Before we go, let us look at some practical takeaways for the listeners. If you are in a sensitive sector, remember that you are a sensor. Your awareness is part of the defense. Do not be afraid to trust your gut. If a professional relationship feels like it is moving too fast or if someone is asking for information they do not need, step back. Report it. It is much better to have an awkward conversation with your security officer than a conversation with a prosecutor three years later.
Also, keep an eye on the legal developments. The National Security Act in the U-K is a blueprint for how western democracies might handle these threats in the future. If you are an international business, you need to know how these laws affect your operations and your employees. Finally, recognize that institutional memory is a strategic asset. Whether you are in a government agency or a tech startup, the people who know the history and the networks are your best defense. Do not let that knowledge walk out the door.
Great points. This has been a fascinating deep dive. Daniel, thanks for the prompt—it really pushed us to look at the intersection of tradecraft and institutional stability in a way we have not before. If you enjoyed this, I highly recommend checking out episode thirteen sixteen where we talked about the gig economy spy. It connects perfectly with what we discussed today regarding the Bulgarian spy ring and proxy networks.
And if you want to go even further back, episode ten eighteen on the reality of human intelligence beyond the James Bond myth is a great companion piece for understanding why the human element is so hard to replace. Before we sign off, we have to give a huge thanks to our producer, Hilbert Flumingtop, for keeping everything running smoothly behind the scenes.
And a big thanks to Modal for providing the G-P-U credits that power this show. We literally could not do this without them. This has been My Weird Prompts. If you are enjoying the show, a quick review on your podcast app really helps us reach new listeners who are looking for this kind of deep dive.
You can find us at myweirdprompts dot com for the full archive and all the ways to subscribe. We will be back next time with another prompt from Daniel.
Stay curious, and keep an eye on the sensors.
Goodbye.
Goodbye.
