Sectors
We support organizations of all sizes and sectors, from municipalities and CSOs addressing emerging threats to multinational enterprises managing complex, multi-jurisdictional risks.
Our approach ensures intelligence is tailored to your operational reality, not forced into a one-size-fits-all package. Whether you need a focused investigation, ongoing monitoring, or full-spectrum data services, we meet you where you are.
-
Online Safety
-
Cybersecurity
-
Counter Terrorism
-
International Security
-
Organised Crime
-
Disinfo & Influence Ops.
-
Financial Crime
-
Regulation & Compliance
Platform Integrity
Trust & Safety.
Adversarial networks coordinate globally and across platforms. Activity occurs in spaces that other detection tools cannot reach. Classifiers and hashes catch content. We map the behaviours and networks behind it.
Revontulet gives your trust & safety, security, legal, and policy teams a shared view of the adversarial landscape targeting and abusing your services. We map organisational structures, off-platform coordination, financial flows, and real-world connections. The result: enforcement that disrupts networks at the root, not at the content level.
The regulatory stakes are rising fast. The DSA demands systemic risk assessments. TCO mandates the rapid removal of terrorist content. NIS2 classifies digital infrastructure and platforms as essential. Our intelligence products are built for regulatory compliance, designed to demonstrate that your platform understands the threats it faces and empower you to act proactively to protect your reputation, users, and company.
We have a track record of working with some of the world's largest technology platforms. We know how platforms work, and where external intelligence fills the gap.
CTI
Cyber Threat Intelligence
Traditional cyber threat intelligence focuses on technical indicators, malware signatures, and compromised infrastructure, often reacting to past threats. Revontulet enables you to anticipate threats by mapping how adversarial networks plan, finance, and execute cyber operations. This proactive approach supports preventative action before harm occurs.
Our unified graph database connects cybercrime infrastructure with organised crime groups, state-backed actors, terrorist organisations, fraud operations, and disinformation campaigns. This cross-domain approach uncovers connections that siloed tools miss.
Our dynamic network modelling tracks how threat actors adapt, regroup, and form new alliances in near-real time. You receive advance warning of emerging threats before they appear on public indicator lists or sanctions databases. All insights are human-validated for accuracy and relevance.
We provide intelligence in the formats your organisation needs, including API-integrated threat feeds for your security operations centre, executive briefings that translate complex threats into strategic risk context for leadership, evidence-grade investigation reports for legal and regulatory requirements, and ongoing monitoring tailored to your exposure.
We deliver intelligence in the formats your organisation needs: API-integrated threat feeds for your security operations centre, executive briefings that translate complex threat dynamics into strategic risk context for leadership, evidence-grade investigation reports for legal proceedings and regulatory compliance, and ongoing monitoring tailored to your specific exposure.
Whether you are defending enterprise infrastructure, meeting NIS2 obligations, or building a case for law enforcement cooperation, our intelligence is tailored to your teams’ workflows.
Critical Infrastructure
Critical infrastructure faces escalating threats, including remote breaches of dams, sabotage of subsea cables, and attacks on energy grids, transport networks, and telecoms. These threats come from multiple sources.
Threat actors are complex and defy simple categorization. A state-sponsored group targeting OT systems may also run influence operations, fund itself through cybercrime, and work with organized crime. Traditional security tools detect intrusions but do not reveal perpetrators, their networks, or future risks. We provide that insight.
Revontulet maps adversarial networks targeting infrastructure, connecting cyber campaigns to state actors, criminal organizations, and hybrid operators. We provide continuous monitoring, supply chain threat visibility, and early warnings of emerging campaigns. Our intelligence is human-validated and actionable.
The regulatory landscape is evolving rapidly. NIS2 will include 300,000 European entities, and Norway's Security Act will apply to 5,000 organizations from July 2026. The total defence doctrine integrates civilian operators into national resilience.
Protective Intelligence
In recent years, credible threats and violent attacks against public figures, journalists, activists, leaders, researchers, politicians, and others in the public eye have increased.
We offer protective intelligence services to individuals at increased risk of violence, hate, harm, or harassment, both online and offline, due to their role, position, research, or public exposure.
Women, marginalized groups, and those already at risk face significant challenges that too often force them to withdraw from public life.
At Revontulet, we are committed to helping individuals protect themselves and their right to participate safely in public discourse and political processes.
Fraud and AML/CFT Detection
Financial Intelligence & Compliance
We transform compliance from a checkbox exercise into effective threat detection. Despite significant investment, over 95% of alerts are false positives, and less than 1% of illicit flows are detected. Existing tools fall short because they are not built to identify the networks behind financial crime. Revontulet is designed for this purpose.
We operate at the network layer, beyond the capabilities of traditional screening tools. Our multi-domain graph intelligence uncovers how money laundering, terrorist financing, sanctions evasion, organised crime, cybercrime, and state-aligned actors connect. Transaction screening alone does not capture these threats.
This is more than improved intelligence; it is a stronger business case. Pre-contextualised network analysis reduces investigation time, while cross-domain detection addresses compliance blind spots. Each product is built for regulatory use, delivering investigation reports, risk assessments, and network maps that provide a clear understanding of your exposure, not just software usage.
AMLA is now in effect. The EU AML Single Rulebook will be implemented in July 2027. DORA requires threat-led testing. Regulators expect a comprehensive understanding of threats, not just checklist compliance. With Revontulet, you can meet these expectations.
Tourism and Hospitality
Hotels, conferences, casinos, concert venues, and tourism destinations are designed to welcome the public, which makes them attractive targets. These venues are vulnerable to terrorism, cybercrime, and money laundering, and are susceptible to reputational damage that can impact revenue for years. A single incident may result in losses of hundreds of millions, and recovery can take years. A proactive approach is essential.
These threats are interconnected, a fact often overlooked by security providers. Revontulet takes a comprehensive approach.
We provide threat intelligence across multiple domains, including terrorism, cybercrime, financial crime, and reputational risk. Our services include data-driven venue and event threat intelligence, continuous monitoring tailored to your properties and guests, intelligence to prevent financial crime, and screening support for high-risk bookings and events. Our intelligence safeguards your guests, operations, and revenue.
Revontulet enables you to identify threats before they materialise, ensuring your venues remain open and secure on your terms.
Elections & Democracy
We collaborate with global partners to monitor, gather data, and analyze election-related information and threats. Our work ensures information integrity, addresses toxicity and hate speech, and maps extremist, inauthentic, and foreign influence networks targeting democratic processes, infrastructure, and elections.
Elections increasingly serve as opportunities for antidemocratic actors to promote polarization and undermine political processes and institutions. Rising toxicity, hate speech, and polarization create a hostile environment for marginalized groups, Indigenous communities, women, and others, restricting their participation in political discourse and elections. For these communities, such conditions threaten freedom of expression and the integrity of democratic institutions and due process.
Revontulet’s analytic and data capabilities enable us to monitor and map threats to democratic institutions, processes, and elections. This empowers communities to take preemptive action to protect infrastructure, candidates, and inclusive participation in democratic processes.
