Structured Threat Information Expression (STIX)

Structured Threat Information Expression (STIX) is an open-source standard developed for sharing cyber threat intelligence (CTI). Originally designed for cybersecurity, STIX is now being adapted to tackle Foreign Information Manipulation and Interference (FIMI) – providing a structured way to track, analyze, and respond to disinformation threats.

​

Key Benefits of STIX for Disinformation Analysis:

• Standardized Language – Enables clear and structured communication of disinformation threats.

• Data Interoperability – Ensures compatibility across various tools and organizations.

• Threat Attribution – Links actors, narratives, and tactics to broader disinformation operations.

• Scalability – Supports large-scale data analysis and automation in threat intelligence workflows.

​

Disinformation and influence operations are increasingly sophisticated, requiring structured intelligence models to ensure:

• Consistency in Data Collection – Aligning different organizations to track disinformation using a unified structure.

• Threat Contextualization – Connecting disinformation actors, narratives, and tactics with broader geopolitical or cyber threats.

• Collaboration & Information Sharing – Allowing fact-checkers, researchers, and security analysts to contribute insights in a compatible format.

​

By using STIX, organizations can not only detect disinformation campaigns but also map their evolution, impact, and spread over time.