In a 48-hour window in April 2026, Sam Altman's San Francisco home was attacked twice. The first incident — a Molotov cocktail thrown at the gate by a 20-year-old who had traveled from Texas. The second — gunshots fired from a passing car, hours into Sunday morning. Three suspects across two incidents. Multiple firearms recovered. No prior public threats had been disclosed.
That last detail matters most. The protective intelligence question isn't "did anyone threaten Sam Altman?" — it's "would anyone have known if they had?"
Modern protective intelligence programs don't guarantee prevention — no security system does. But they monitor the digital landscape for the fixation, ideation, and approach behaviors that increasingly precede physical action. They give security teams the lead time to harden posture, brief detail, and prepare for scenarios most principals never see coming. An unpredictable Sunday morning becomes a planned-for risk.
The Coverage Gap
The Altman case is not an outlier. The U.S. Secret Service protects approximately thirty principals — sitting and former Presidents, the Vice President, presidential candidates, foreign heads of state visiting the U.S., and their immediate families. Every other prominent figure in America — from CEOs to celebrities, federal judges to family-office principals — is responsible for arranging their own protection.
Most of that protection focuses on the physical: secure transport, advance work, venue sweeps, principal access control. The digital threat surface — where modern attackers form their ideologies, articulate their motives, and signal their approach — is largely unwatched. Even firms that monitor social media often do so manually, intermittently, and without a behavioral framework to separate noise from credible threat.
The Foundation
Modern protective intelligence has a foundation. In 1998, the U.S. Secret Service and the National Institute of Justice published Protective Intelligence and Threat Assessment Investigations, codifying the Exceptional Case Study Project — a five-year examination of all 83 individuals who attacked or came close to attacking prominent American public figures between 1949 and 1996.
The document — authored by Secret Service psychologist Robert Fein and Deputy Special Agent in Charge Bryan Vossekuil — remains the most empirically grounded framework for predicting targeted violence available. Three of its findings reshaped the field:
First, attackers don't snap — they plan. Attacks are the product of organized thinking and observable behavior.
Second, attacks are means to a goal. Eight identifiable motives drive targeted violence; most attackers operate on multiple simultaneously.
Third, direct threats are rare. Third-party signals are not. Attackers seldom warn their target or law enforcement. They tell friends, family, coworkers — and, increasingly, the public internet.
Twenty-eight years later, the framework remains unchanged. The environment in which it operates has transformed.
What Changed Since 1998
Four shifts define the modern threat landscape.
Social media made the third-party signal public. What attackers once told friends and coworkers now happens on X, Reddit, Substack, Telegram, and a hundred forums in between. The signal the ECSP framework identified as predictive is no longer hidden — it is scannable at scale.
Anonymity and reach decoupled fixation from geography. A pseudonymous account in Romania can fixate on a Los Angeles executive as easily as a local neighbor. Coordinated harassment and inspiration networks scale a single actor into thousands of pressure points.
Mobilization compressed. The 1998 study tracked attackers whose path from idea to action took months or years. Today that timeline can collapse to weeks.
The digital footprint became the most reliable warning system — when watched. Luigi Mangione, charged in the December 2024 killing of UnitedHealthcare CEO Brian Thompson, left a public trail — Reddit posts, a Goodreads review of Kaczynski's manifesto — before going dark in July 2024. His family reported him missing in November. Thompson was shot on December 4. That withdrawal pattern is precisely what ECSP identifies as predictive — and it played out in public view.
What a Modern Protective Intelligence Program Looks Like
A modern protective intelligence program operationalizes the ECSP framework with current technology. Six functions define the model:
1. Principal threat profiling. Before monitoring begins, the principal's exposure surface must be understood: identity, controversies, family, residences, regular venues, prior incidents, existing security, and what keeps the CSO up at night. This profile becomes the lens for every observation that follows.
2. Platform coverage architecture. Different threat actor populations live on different platforms. X and Reddit are foundational. Substack, Instagram, and YouTube reach the next layer. Telegram, 4chan, and niche forums host the more committed. Coverage scales to the principal's specific risk profile.
3. Detection at machine scale. Twenty-four-hour monitoring across multiple platforms generates volumes no human team can review manually. AI-driven classification — keyword sweeps, context-aware prefiltering, large language model assessment — separates noise from signal in near real time.
4. Behavioral assessment. Flagged items are scored against eight ECSP-derived domains: motivation, fixation, threat communication, research and planning, approach and proximity, capability, destabilizers, and persistence. Content earns a rating; actors earn a tier.
5. Escalation aligned with law enforcement. The FBI-aligned model — LOW, MEDIUM, HIGH, CRITICAL — keeps protective intelligence speaking the same language as the agencies that may eventually receive a referral. Human-in-the-loop review remains mandatory for any escalation above MEDIUM.
6. Case management and law enforcement coordination. Persons of Interest are documented in case files modeled on Secret Service protocols. When escalation is warranted, the file is ready for handoff — preserving evidence, articulating threat in defensible language, supporting criminal justice response.
The Quiet Edge
Protective intelligence done well is invisible. The work is constant; the wins are events that never happened.
The framework that protects the President is twenty-eight years old. The tools to apply it at scale to the executives, founders, and public figures who build modern industry are two years old. The work has been waiting for both to come together.
The next attack on a prominent figure will not be a surprise to anyone watching.
The only question is who is watching.