Investigation Colophon · Methodology · Provenance

About this investigation

Full audit trail of how this report was produced — target identification, analytical techniques applied, tools that ran, gaps recorded, and the schema and skill versions used. Reproducibility is a forensic posture.

Confirmed Target · Type: Org

In-Q-Tel

iqt.org

Independent American not-for-profit venture capital firm that identifies and partners with companies developing advanced technologies for US national security.

Not-for-profit strategic investor for CIA and US Intelligence Community
Founded in 1999, originally called Peleus
Based in Tysons, Virginia
Domain registered February 16, 2003

§ 01

Investigation Metadata

Provenance

Investigation ID: 04020003-574a-40b7-b875-9b1911dc900a
Created: 2026-05-27 15:55:00 UT
Recon Started: —
Recon Completed: 2026-05-27 17:30:00 UT · 95m 0s
Analysis Completed: 2026-05-27 17:02:11 UT · 10m 0s
Total Duration: 105m 0s · within 60-minute walltime budget
Wave Budget: 39 enabled tools × multiplier 5 = 195 tool calls per wave
Stopping Rule M: 4 consecutive empty calls · fired in Wave
Artifact Location: D:/RECON/in-q-tel-iqt-org-040200

§ 02

Analytical Methodology

Structured analytic techniques · ICD 203

KAC Applied

Identity, currency, completeness, source-integrity, and intentionality assumptions stress-tested. Identity assumption is HIGH-confidence (cross-corroborated across RDAP, ARIN, Wikidata, OpenAlex, SEC EDGAR). Currency assumption flagged on legacy prefixes (192.132.59.0/24, 2001:668:112::/47) → fed into kj_007. Completeness assumption is moderate — internal-tooling surface mapped via CT logs but operational-reachability not probed (forbidden by opsec).

ACH Applied

Three thesis-level hypotheses tested: (H1) mature security posture with exposures intentional/low-risk; (H2) mixed posture with uneven business-unit security; (H3) systemic gaps. H1 is the leading hypothesis (lowest weighted-inconsistency total) given DMARC p=reject, Duo zero-trust, internal-ELB-only addressing. H2 retains marginal support from the legacy single-first-name mailbox (linda@iqt.org) and the .ai WHOIS leak — surfaced as kj_003 + r_03 + r_04.

Premortem Applied

Six-month failure modes considered: (1) the legacy prefix is actually live via non-standard routing (kj_007 LOW confidence); (2) the WHOIS leak is incidental rather than systematic (r_04 mitigation is structural); (3) the Duo MFA assumption could fail if phishing-of-MFA primitive is added — bounded kj_003 to moderate confidence.

Red Hat Applied

Org target with non-trivial surface (147 entities, 61 relationships); Red Hat constructed seven vectors (r_01-r_07) prioritized by impact. Highest-impact vector is credential-stuffing the named C-suite (r_01) given the breach-corpus hit rate. Lowest-effort vector is pretexting via the .ai WHOIS leak (r_04).

§ 03

Coverage

Schema v1.0

147

Entities

Relationships

Evidence

Judgments

Timeline

Geo

Confidence Distribution · Key Judgments

4 · High

2 · Moderate

1 · Low

High · multi-source, no surviving alternatives Moderate · KAC stress or ACH margin Low · sparse base or explicit caveat

§ 04

Tools Engaged

39 enabled · 28 fired · 0 gap

certspotter_enumerate 1

cl_search 1

crtsh_search 1

dns_lookup 1

dns_mail_auth 1

federalregister_search 1

github_repo_search 1

govinfo_search 1

greynoise_community 1

hudsonrock_domain 1

hunter_domain_search 1

hunter_email_verifier 4

ipapi_lookup 1

nominatim_search 2

openalex_search 1

proxynova_comb 1

rdap_asn 1

rdap_domain 4

ripestat_prefix_overview 1

sec_edgar_search 1

urlscan_search 2

vt_ip 2

wayback_cdx_search 1

wayback_check 1

wikidata_sparql 2

wikipedia_search 2

wikipedia_summary 9

xposedornot_check_email 2

Integrity Hash

sha256:aefa872dffcd75bb23ca573b49e3a55be5730c6f7345bb36e59294abb8c515bb