Beyond 10,000 URLs: A TCAP Milestone That Demands Immediate Action

Tech Against Terrorism reached a major milestone: identifying and alerting tech platforms to 10,000 URLs hosting verified terrorist content in a 30-day period.

This unprecedented volume represents more than an operational success; it is a demonstration of a troubling threat landscape that demands urgent action from governments and tech platforms worldwide.

Our aim was to answer a fundamental question: Is there an upper limit to how much terrorist content we can detect and report in a month? The answer was clear and profoundly concerning. There is no maximum. 

With focused effort and lean resourcing, our small team easily identified 10,000 pieces of terrorist propaganda across major tech platforms in just 30 days. The ease and speed with which we located this content expose the scale of the challenge and the alarming gaps that remain.

If a team our size can identify 10,000 URLs in a month, the question facing the global counterterrorism community is unavoidable: What could be achieved with meaningful government investment and genuine platform cooperation?

How We Did It 

Our threat intelligence team continuously monitors terrorist activity across the internet, tracking how these threat actors create, disseminate, and migrate their content across a diverse range of platforms.

Crucially, this detection work is not complex. Using strategic keyword searches, our specialists systematically located content across major platforms. By combining these search methods with expert verification, we identified 10,000 URLs in just 30 days.

This simplicity underscores a troubling reality: terrorist content is not often hidden deep in the dark web or obscured behind encrypted layers. It is readily discoverable using elementary search techniques on platforms that operate on the open internet. 

Once the content was identified and submitted, our Terrorist Content Analytics Platform (TCAP) automatically generated email alerts to the relevant tech platforms, providing them with specific URLs and verified information about the terrorist content hosted on their services.

Key Insights

Analysis of the submitted URLs provides key insights into both content persistence and platform concentration. Figure 01 shows the status of URLs submitted by TAT’s internal Threat Intelligence Team via TCAP during this period. Notably, 26.3% of these URLs remained online at the time of writing, underscoring the continued challenges in ensuring timely removal even after platforms were directly alerted.

 

Figure 01: The online or offline status of URLs submitted to the TCAP by TAT’s Threat Intelligence Analysts between 15 Oct 25 and 15 Nov 25. 

Platform concentration is equally significant. TAT observed that social media and archiving platforms were the two primary types of platforms on which terrorist and violent extremist content (TVEC) was identified (Figure 02). The prevalence of such material on mainstream social media, rather than isolated fringe platforms, demonstrates the extent to which terrorist actors continue to exploit widely used services to reach broad audiences if content moderation standards do not improve.

 

Figure 02: Alerts categorised by platform type submitted to the TCAP by TAT’s Threat Intelligence Analysts between 15 Oct 25 and 15 Nov 25. 

What This Means

Our team is small. Our budget is modest. Our resources are limited. Yet we identified and alerted 10,000 URLs of terrorist content in the span of 30 days. This is not because we possess unique technological capabilities that others lack; our methodology relies on open-source intelligence, expert analysis, and straightforward search techniques. Instead, this achievement demonstrates what focused effort can accomplish. The critical question is not whether more can be done - it is how much more could be achieved with scaled resources and genuine multi-stakeholder collaboration.

With government backing: Law enforcement agencies, intelligence services, and dedicated counterterrorism units could dramatically expand OSINT capacity. Additional personnel allows continuous 24/7 monitoring, deeper investigation into terrorist networks, and more comprehensive tracking of content migration patterns.

With platform cooperation: Tech platforms possess content moderation infrastructure, user reporting systems, and data analytics capabilities that far exceed our own. If platforms prioritised terrorist content removal, invested in early-stage detection, and provided appropriate data access to verified counterterrorism researchers, the speed and scale of identification and removal could increase exponentially.

Together, these elements could result in tens of thousands of terrorist URLs alerted and removed monthly, if not more. Such a capability would represent a fundamental shift in the balance between terrorist actors and those working to disrupt them online.

A Strategic Imperative 

The 10,000 URLs identified by our small team represent both a success and a warning. We have proven it is possible to systematically identify terrorist content at scale using current methods and resources. But our success illuminates the scale of the challenge: if a small team can find 10,000 pieces of terrorist content, how much more remains undetected?

The international community now faces a strategic choice: Continue with fragmented, under-resourced efforts, or commit to the coordinated infrastructure and investment required to meet the scale of the threat.

We call on governments to fund expanded OSINT capacity, on tech platforms to prioritise terrorism prevention, and on international organisations to lead the global coordination this issue demands.