In the months before Brian Thompson was shot in Midtown Manhattan in December 2024, the elements that made the attack possible were already public.

The corporate event he was traveling to had been scheduled in advance. The venue — a Hilton in Midtown — was knowable. The time was knowable. The CEO’s likeness was in the press kit and across years of business media. None of it was secret. None of it had to be.

The attack was not the product of insider access or sophisticated surveillance. It was the product of planning and publicly available information — the same kind of information that exists, right now, around almost every prominent figure in American public life.

This is the asymmetry at the heart of executive risk. Every attacker begins with reconnaissance. Most principals have never run the same exercise against themselves.

Reconnaissance Is the First Move

The U.S. Secret Service Exceptional Case Study Project — the 1998 examination of every individual who attacked or came close to attacking a prominent American public figure across nearly fifty years — produced a finding that reshaped protective work: attackers research and plan.

Targeted violence is not impulsive. The 83 cases the ECSP examined showed a consistent pattern of organized thinking and observable preparation. Attackers chose their target deliberately, gathered information about that target, considered the practical questions of when and where, and rehearsed — sometimes for weeks, sometimes for years.

In 1998, that reconnaissance happened at the public library, through magazine archives, by driving past the principal’s house. Today it happens through a phone. The mechanics changed; the behavior did not.

Modern protective intelligence therefore begins not by scanning the world for threats, but by mapping the principal — exactly as a competent attacker would.

What a Principal Threat Profile Actually Contains

A principal threat profile is not a biography. It is a structured map of everything a determined adversary could learn about the principal without breaking any law.

A complete profile covers, at minimum:

Identity and visibility. Names, aliases, public titles, the photographs that surface first in image search, the interviews and conference appearances that fix a recognizable likeness in public memory.

Family and proximity network. Spouse, children, parents, siblings, longtime staff. The attack vector is rarely the principal alone — it is whoever in the network is least careful with their own footprint. A teenager’s geotagged post can expose what a corporate security policy spent years protecting.

Residences and frequent venues. Property records, county assessor data, real-estate journalism, neighborhood newsletters, gym memberships, regular restaurants, religious institutions, school pickup routines. Every location the principal returns to predictably is a planning advantage to an attacker.

Schedule exposure. Investor days, conferences, speaking engagements, charity galas, court appearances, board meetings — anything calendared in public. The most dangerous schedule item is the one announced weeks in advance to a wide audience.

Controversies and grievance surface. Lawsuits, layoffs, regulatory actions, public disputes, ideological positions, communities the principal has angered. ECSP enumerated eight motives that drive targeted attacks; avenging a perceived wrong — grievance — is among them, and is one of the most commonly documented. The grievances against a principal can usually be enumerated before any individual threat actor names themselves.

Prior incidents. Past threats, stalkers, fixated individuals, security breaches, doxxing campaigns. Persistence is itself a risk factor — anyone who has previously fixated remains on the list.

Existing security posture. What protection already exists, where its gaps are, what the principal and their organization have declined. This is for the protective team to know; the gaps must be assumed visible to a motivated attacker.

The profile becomes the lens through which every subsequent observation is read. Without it, monitoring produces noise. With it, monitoring produces signal.

Red-Team the Principal

The most effective threat profile is not assembled by a sympathetic analyst working from a CV. It is assembled by treating the principal as the target of a hostile OSINT investigation.

The methodology is straightforward and uncomfortable:

  • Begin with the principal’s name in a search engine and follow the path a curious stranger would. Note what surfaces in the first ten results.
  • Cross-reference property records, voter records, business filings, court records, and donation databases. Most are public; many are aggregated by commercial data brokers.
  • Pull the social media footprints of the principal’s spouse, adult children, household staff, and assistants. Geotagged content, vacation photos, and “throwback” posts frequently reveal residences, routines, and family relationships the principal believed were private.
  • Examine prior media interviews for incidental disclosures: the room the principal was filmed in, the view from the window, the route to the venue, the name of the favorite restaurant.
  • Map regular venues — gym, school, religious institution, recurring travel destinations — and identify where the principal is most predictable and least protected.
  • Identify the grievance communities most likely to fixate. Read what they actually say about the principal. Note the language, the platforms, the recurring claims.

The output is a written assessment of the principal’s exposure surface, prioritized by what an attacker could exploit fastest with the least skill.

This is not paranoia. It is preparation. Every item on the surface that can be removed, hardened, or monitored becomes one fewer free reconnaissance gift to a future attacker.

The Amplification Layer

ECSP identified a second pattern that matters even more in 2026: most attackers do not invent their grievance from scratch. They adopt one already in circulation.

The 1998 study cataloged “interest in assassination” as one of the central behaviors of concern — including emulating prior attackers, studying past cases, and identifying with violence that had already been done. The broader targeted-violence literature has expanded on this finding consistently: a grievance that already has cultural momentum is easier to adopt than one constructed alone. A target who has already been demonized by a public narrative is easier to act against than one who has not.

This is the amplification layer modern protective intelligence has to read. A principal threat profile must include not only the principal’s own footprint, but the narratives circulating about the principal in the communities most likely to act:

  • What is the dominant framing of the principal in adversarial subreddits, forums, and Telegram channels?
  • Which prior public figures are being held up as exemplars — or as martyrs — of the same cause?
  • What rhetorical templates (“CEOs deserve what they get,” “the system protects no one”) are being used to license action?
  • Where are the copycat signals — language that mirrors a previous attacker, references to a prior case as inspiration, glorification of past violence?

These are not threats in the legal sense. They are the cultural conditions under which threats form. A protective intelligence program that cannot read the conditions will be late to the threats they produce.

From Profile to Coverage

Once the principal is mapped — exposure, network, grievance surface, amplification narratives — the profile drives every downstream decision in the program.

It determines which platforms are monitored. It generates the keywords and behavioral patterns the AI sweeps look for. It populates the initial watchlist of Persons of Interest. It tells the protective team where to expect the next attempt to surface, and what it will sound like before it does.

The profile is also a living document. Principals change. Controversies evolve. Family members come of age and develop their own footprints. Profiles that are not revisited become inaccurate, and inaccurate profiles produce false confidence — the most dangerous outcome in protective work.

The Quiet Edge

The principal is already mapped. The only question is whether the protective team or the attacker mapped first.

A modern protective intelligence program assumes the attacker has done the work. It does the same work, faster, on behalf of the principal — and then it watches the surface it has just discovered.

You cannot defend what you have not mapped.

Sources

  • Brian Thompson killing details: Encyclopedia Britannica — Luigi Mangione
  • Fein, R. A., & Vossekuil, B. (1998). Protective Intelligence and Threat Assessment Investigations: A Guide for State and Local Law Enforcement Officials. U.S. Department of Justice, Office of Justice Programs, National Institute of Justice. NCJ 170612.

Aegis Research Group is a security consulting firm that merges physical protection with cyber and digital intelligence. We build and operate protective intelligence programs for executives, founders, and high-profile principals — modeled on Secret Service methodology, executed with modern AI.

This is Part 2 of a series on modern protective intelligence.