How a leak exposed the US AI-powered surveillance machine
The relationship between national security and artificial intelligence has never been as exposed as it is right now. A targeted hack on the Office of Industry Partnership, also known as OIP, which serves as the tech incubator for the US Department of Homeland Security (DHS), brought to light a massive trove of information detailing multimillion-dollar contracts signed with private technology companies. The transparency collective Distributed Denial of Secrets was responsible for passing this data along to the press, and the revealed content is, to say the least, alarming for anyone following debates around privacy and civil liberties.
The data was obtained by a hacktivist identified only by a pseudonym, and while some of this information was already publicly available, the leak also exposed more than 6,000 companies that participated in bidding processes with the agency. Not all of them received funding, but the collection offers a rare window into the private sector’s appetite for homeland security contracts and the technologies the DHS considered adopting but ultimately passed on.
The numbers are staggering on their own: more than 1,400 funded contracts, roughly 6,800 companies registered within the OIP ecosystem, and a total investment exceeding $845 million accumulated over two decades, from 2004 through the end of 2025. These projects cover a broad spectrum of applications, from biometric systems integrated into smartphones to automated surveillance systems at airports and predictive policing platforms that feed on 911 emergency calls.
The picture becomes even more significant when you consider that the DHS recently received a record budget of $165 billion, approved as part of the Trump administration’s tax and spending package, and is already facing serious controversies involving the apparent collection of visual and biometric data from protesters in Minneapolis.
Jeramie Scott, senior counsel and director of the Surveillance Oversight Project at the Electronic Privacy Information Center (EPIC), summed up the feeling pretty well after reviewing the documents: he said it seems like these people watch dystopian sci-fi movies and think that looks like a good idea. He added that this is not the lesson from dystopian movies and that they are taking the wrong lesson.
The SBIR program and how the funding works
The OIP sits within the DHS Science and Technology Directorate and manages programs like the Small Business Innovation Research program, or SBIR. This program channels federal money to small and mid-sized businesses with the goal of developing prototypes that address specific technology needs of the department.
Created by a congressional mandate in 1982 and reauthorized in 2022, the SBIR requires that proposals be evaluated in part based on their commercial application potential. The program was designed to ensure that publicly funded research and development generates self-sustaining businesses, not just prototypes that end up collecting dust on a shelf.
In practice, contracts typically start as Phase I awards focused on proof of concept, with values between $100,000 and $175,000. They can then advance to Phase II prototyping, with funding of $1 million or more. The leaked data covers two full decades of this pipeline, revealing the scale and continuity of these investments.
Mobile biometrics and the reach of digital identification
Among the most detailed projects in the leaked documents are initiatives focused on mobile biometrics. Contracts issued after Trump took office include several aimed at enabling agents to collect biometric data using regular cell phones.
On May 7, 2025, three contracts were issued specifically for the development of these technologies, and all three promised to make their solutions available beyond just the DHS.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
The company Idea Mind LLC received $174,464 for a technology called Vibe, an adapter that connects fingerprint and iris scanners to cell phones via USB-C or Lightning, offering plug-and-play compatibility with Android and iOS devices without the need for custom drivers. The company, based in a suburb of Columbus, Ohio, had no prior history of contracts with the DHS.
Intellisense Systems received $174,990 for its Flow device, designed so that the phone and the biometric scanner can effectively be operated as a single unit in the agent’s hands. The system supports fingerprint peripherals, iris capture, and contactless facial and fingerprint recognition using the phone’s own camera. Intellisense was spun off from Physical Optics Corporation in 2018, and together the two companies have accumulated 59 research contracts with the DHS since 2004, totaling more than $17 million, according to the leaked data. On May 7 alone, Intellisense received three different contracts, including Flow and two other projects involving airport surveillance AI and deepfake video prevention.
Integrated Biometrics, in turn, received $167,627 for the Bios Link project. In its proposal, the company stated that the technology would serve DHS components, interagency stakeholders, non-federal entities, the intelligence community, and international mission partners. Based in Spartanburg, South Carolina, Integrated Biometrics is already an established government contractor that manufactures FBI-certified fingerprint sensors for public safety clients, armed forces, and governments around the world.
The collection of biometric data by ICE and CBP agents and the use of facial recognition technologies gained prominence during the DHS’s so-called large-scale operation in Minneapolis in January, after right-wing influencers highlighted long-standing allegations of childcare services fraud in the city.
Digital privacy experts point out that the expansion of mobile biometrics creates a real risk of normalizing compulsory identification. When the technology is this simple and cheap to access, the temptation to use it broadly and without clear guidelines increases proportionally. The Minneapolis case serves as a concrete example of how this technology can be directed toward purposes that go beyond conventional public safety.
Another point worth paying attention to is the integration of these biometric solutions with existing federal databases. The documents indicate that several DHS-funded projects seek to build bridges between local, state, and federal identification systems, forming a unified recognition network. This means that an identification made by a municipal agent could, in theory, cross-reference information with immigration databases, federal criminal records, and intelligence agency watchlists.
AI-powered automated surveillance at airports
Four other contracts also awarded on May 7, totaling $699,000, funded technologies to monitor passengers approaching TSA security checkpoints at airports.
All four projects use artificial intelligence to analyze existing airport security camera feeds and automatically catalog passengers’ physical characteristics. The Ossca system from Intellisense, for example, detects and tracks individuals, identifies anthropometric features, clothing items, footwear types, and visible accessories, and can automatically alert operators with flags and detailed reports. The company’s proposal listed commercial applications including retail analytics and public space surveillance.
Synthetik Applied Technologies, based in Pierre, South Dakota, proposed deep learning algorithms optimized for real-time processing of existing CCTV video streams in pre-checkpoint zones, deployed on commercial off-the-shelf hardware. The company has already received $2.8 million across seven contracts with the OIP, most focused on explosives detection.
AnalyticalAI received $174,639 and Toyon Research Corporation received $175,000 for similar systems. AnalyticalAI, based in Birmingham, Alabama, already works on AI-enabled airport screening. Toyon, from Goleta, California, has accumulated 12 contracts with the DHS since 2005, including work on a southern border surveillance system.
The troubled history of behavioral analysis at airports
The DHS has a rocky track record with behavioral screening programs at airports. The TSA’s SPOT program, which stands for Screening of Passengers by Observation Techniques, employed more than 3,000 behavioral detection officers at 176 airports, at a cost exceeding $900 million since 2007.
A 2013 review by the GAO, the Government Accountability Office, concluded that the ability to identify deceptive behavior from physical cues was equal to or only slightly better than chance. A 2017 follow-up GAO report found that the TSA could not provide valid evidence for 28 of 36 behavioral indicators and that 98% of the cited sources did not provide valid evidence, including news articles, opinion pieces, law enforcement presentations, and screenshots from medical websites.
The behavioral detection officer role as a standalone position was quietly eliminated between 2016 and 2017. An ACLU investigation found evidence that the program had been used for racial profiling at airports such as Newark and Chicago.
The DHS’s previous attempt to implement technology-assisted behavioral screening, the FAST program, was also quietly discontinued after disclosures by EPIC.
Regarding FAST and its apparent successors, Jeramie Scott from EPIC said it is not only highly unlikely to work, but that there are problems in terms of the risk it creates, its disproportionate impacts, directing the state apparatus against people who have done nothing wrong, the waste of money, and the potential for these tools to be used to undermine democracy.
Predictive policing powered by artificial intelligence
Perhaps the most controversial aspect revealed by the leak is the extent of investments in predictive policing. Also on May 7, three contracts totaling $524,000 were awarded for AI platforms that ingest 911 call data, with one of them apparently promising to identify and predict criminal patterns.
All three were awarded under the same DHS topic seeking tools to centralize and analyze data from more than 5,000 911 call centers across the United States.
The most comprehensive is Cimas, the Consolidated Incident Management Analytics System, developed by a newly registered company called Cassius LLC. Its proposal describes a high-availability data lake integrated with AI-driven analytics that would collect and anonymize 911 call and incident data from public safety answering points nationwide. The system would generate geospatial heat maps and use AI models to predict incident trends and deliver actionable insights for first responders.
Cassius LLC, based in Bangor, Maine, has no prior history of contracts with the DHS. Its website describes it as an IT consulting firm for utilities, lists no team members, and its team page does not work.
The Brennan Center for Justice has previously described predictive policing as a technological whitewash that gives racially biased policing methods an appearance of objectivity, simply because a computer or algorithm seems to replace human judgment. Major police departments, including Los Angeles and Chicago, abandoned their predictive policing programs between 2019 and 2020.
Independent research conducted by universities and civil rights organizations in the United States has already demonstrated that predictive policing platforms tend to reproduce and amplify racial and socioeconomic biases present in the historical data feeding their algorithms. If certain neighborhoods were historically over-policed, the data will reflect a higher concentration of incidents in those areas, and the system will recommend even more policing there, creating a self-reinforcing cycle.
Rather than offering a neutral and objective view of crime, artificial intelligence ends up functioning as a distorted mirror that reinforces existing inequalities.
What the DHS documents show is that, despite this evidence, federal investment in this type of technology is not only continuing but expanding. The concern from digital rights organizations is that this technological evolution is happening without a corresponding evolution in oversight, transparency, and accountability mechanisms.
The debate over transparency and the limits of surveillance
The leak itself is, paradoxically, a demonstration that the DHS’s own security systems are not as robust as one might assume. If the department responsible for protecting the critical infrastructure of the United States cannot shield its own internal data, the natural question is: how can we be sure that the biometric and personal data of millions of citizens collected by these technologies is actually secure?
This is a question that cybersecurity experts have been raising for years, and it now takes on an extra layer of urgency. Public trust in the government’s ability to manage sensitive information takes a hit every time an incident like this happens, and that directly impacts the legitimacy of large-scale surveillance programs.
Privacy advocates argue that the real problem is not just the existence of these technologies but the near-total absence of public debate about their implementation. Many of these contracts were signed without civil rights impact assessments and without clear mechanisms for independent auditing. The combination of advanced biometrics, predictive policing, and record budgets creates a monitoring infrastructure that, once established, is extremely difficult to dismantle.
The Guardian reported that it sent the DHS a detailed request for comment, as well as reached out to all of the companies mentioned in the contracts. It also contacted the hacktivist responsible for the leak using an email included in the materials. Zachary Canders, listed as a partner at Cassius LLC in DHS documents and Maine business records, responded to the Guardian in a joking manner without addressing the questions raised about the company’s proposed technology.
The scenario exposed by this leak serves as an important reminder that the intersection of artificial intelligence and public safety demands constant attention from civil society, researchers, and lawmakers. This is not about being against using technology to protect people, but about ensuring that adoption happens with transparency, clear boundaries, and respect for fundamental rights. Technology is advancing at breakneck speed, while legislation and ethical debate are moving at a snail’s pace 🐢
The volume of investment revealed, combined with the diversity of projects and the number of companies involved, shows that we are looking at a surveillance ecosystem far larger and more sophisticated than most people realize. And the longer this debate takes to happen out in the open, the harder it will be to put effective guardrails on what is already fully up and running.
