The Principal as Attack Surface

When the perimeter starts long before the door

Before Munich, I wrote that 2026 was shaping up to be more transactional, more coercive, more trust-poor. I wrote it at 35,000 feet, looking down at a world that still looked calm from that altitude. A week later, the Dutch intelligence and security services, AIVD and MIVD, published their joint assessment confirming what many in this field had been sensing on the ground for some time: hybrid activity is escalating, it is becoming more physical, and Russia is increasingly relying on unwitting local proxies recruited through nothing more sophisticated than a Telegram message and a cash payment (AIVD and MIVD, 2026). People who had no idea they were working for a foreign intelligence service. People who thought they were just running an errand. That detail stayed with me.

Not because it was surprising. But because it is structurally identical to something I wrote about a few months ago, Beyond the Firehose. A principal's daughter, alone in Ibiza, being catfished by someone who didn't exist. A fabricated identity, a carefully constructed relationship, and a young woman who had no reason to be suspicious because nothing about it felt like a threat. It felt like attention. It felt like connection. The operational mechanic is the same whether the target is a logistics route or a person who happens to share a last name with someone worth knowing. The threat didn't start at the perimeter. It started weeks earlier, in open source, on a screen. That is what I mean when I say the principal is the attack surface.

We spend a significant amount of professional energy thinking about access points. Who gets close. What routes are predictable. Where the exposure is physical and immediate. That thinking is necessary and the physical security is paramount, but not sufficient. Because in the environment we are now operating in, the most consequential vulnerabilities are often not physical at all. They are relational. They are informational. They are built from the digital residue that a principal and everyone around them leaves behind simply by living a visible life.

A high-value principal is, almost by definition, a high-visibility principal. They speak at conferences. They publish opinions. They maintain a professional brand because their organization requires it and their industry rewards it. That visibility is an asset. It is also a systematic intelligence gift to anyone patient enough to use it. Every public appearance maps a schedule. Every tagged photograph locates a network. Every opinion piece signals a worldview, and worldviews have pressure points. This is not hypothetical. It is methodology. And it is available to anyone.

I have been in this profession long enough to remember when the threat model was simpler. You assessed the physical environment, you controlled access, if you lucky you got some intel, you moved the principal efficiently and without pattern. The cognitive and informational dimensions of the work existed, but they sat at the edges. Operational security was largely physical security. That model is not wrong. It is just incomplete.

What the current environment has done is collapse the distance between the information domain and the physical one. The AIVD and MIVD noted it explicitly in their February 2026 assessment: hybrid activity has shifted from screens to the physical living environment. That shift did not happen suddenly (AIVD and MIVD, 2026). It happened gradually, then all at once, and the protection community has not fully caught up with what it means for how we work.

What it means, practically, is this: the decision to target someone, and the preparation required to act on that decision, now happens almost entirely in a domain that traditional protective security does not systematically monitor. By the time a threat becomes physical, the adversary has already spent weeks or months inside the principal's information environment. They know the family structure. They know the travel rhythm. They know who the assistant is, who the driver is, who the daughter is, and where she spends her summers.

They know because it was there to be known.

What Open Source Already Knows

Today, a meaningful targeting package on a high-net-worth principal can be assembled from open sources in an afternoon. LinkedIn maps the professional network and the organizational hierarchy. Instagram, TikTok, and Snapchat locate the family, the lifestyle, and the physical routines. But the layer that most protective teams underestimate is the metadata beneath the surface. Geotagged images carry embedded location data that reconstructs travel patterns with precision (Wheeler, 2012). Strava and fitness tracking apps have publicly exposed the running routes and morning schedules of executives and their family members in cities where they maintain residences. Flight tracking platforms like FlightAware or ADS-B Exchange log private aviation movements in real time (Milmo, 2022). Company filings, beneficial ownership registries, and property records in multiple jurisdictions map the asset structure and the legal exposure (ICIJ, 2021). Conference attendance lists and speaker bios establish the relationship network and the ideological positioning. Combine those layers and you don't have fragments. You have a life, legible to anyone willing to spend the time.

The Strava reference is particularly worth keeping. In 2018 Strava's global heatmap inadvertently revealed the patrol routes and base layouts of military personnel in conflict zones because soldiers were running with fitness trackers (Hern, 2018). That incident is documented, well known in intelligence circles, and makes the point concretely: the exposure is not hypothetical and it does not require malicious intent to be dangerous. The data simply exists, and existence is enough.

The question I find myself returning to is not whether an adversary can build this profile. They can. The question is whether the protective team is building it first, and whether they are maintaining it with the same discipline they apply to physical threat assessment. In my experience, the honest answer is usually no. Not because the capability doesn't exist, but because the solo operator carrying physical, logistical, and intelligence responsibilities simultaneously is structurally unable to sustain that kind of parallel analytical effort. I wrote about this before. One man is no man. The attention that goes into a sustained digital exposure audit is attention that cannot simultaneously go into the room. And so the exposure accumulates, quietly, in a domain that feels less urgent until the moment it isn't.

The Ibiza case is the clearest illustration I have of what happens when that gap is left unmanaged. The principal's daughter was not targeted because she was strategically significant in her own right. She was targeted because she was accessible, and because her accessibility created proximity to someone who was. The adversary did not need to breach a physical perimeter. They needed a name, a platform, and enough patience to construct something that felt real.

What concerns me most about that case is not what happened. It is what it represents as a model. Because if a principal's family member is a viable entry point, then the attack surface is not an individual. It is a network. And networks are exponentially harder to protect than perimeters.

Everyone in regular proximity to a principal carries some degree of exposure. The executive assistant whose email is publicly listed on the company website. The driver whose face appears in the background of a dozen event photographs. The business partner whose relationship to the principal is documented in three years of conference panels. Each of these connections is a potential vector. Each of them can be researched, approached, manipulated, or compromised without anyone in the protective structure being aware that it is happening.

This is the architecture of the modern threat. It is patient, it is largely invisible, and it operates at a level of sophistication that has outpaced the frameworks most protective teams are still using.

Part two of this piece will examine what a dedicated protective intelligence function actually looks like inside larger teams and corporate security structures, and what the solo operator can realistically do in its absence.

References and further reading

Hern, A. (2018) 'Fitness tracking app Strava gives away location of secret US army bases', The Guardian, 28 January. Available at: https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases

ICIJ (2021) Pandora Papers. International Consortium of Investigative Journalists. Available at: https://www.icij.org/investigations/pandora-papers

Milmo, D. (2022) 'Elon Musk asks college student to stop tracking his private jet', The Guardian, 14 November. Available at: https://www.theguardian.com/technology/2022/nov/14/elon-musk-asks-college-student-stop-tracking-private-jet-elonjet

Wheeler, M. (2012) 'Vice magazine reveals John McAfee hideout via iPhone metadata', Wired, 3 December. Available at: https://www.wired.com/2012/12/vice-john-mcafee-iphone-metadata

AIVD & MIVD (2026) Tussen vrede en oorlog: De oorlog in Oekraïne en de Russische dreiging in Europa. The Hague: Algemene Inlichtingen- en Veiligheidsdienst / Militaire Inlichtingen- en Veiligheidsdienst. Available at: https://open.overheid.nl/documenten/a3e008b2-5923-45b0-9f30-1d9ef7a2ffe5/file

References and further reading are available on the Resources page.