Most people using AI for open-source intelligence are doing it completely backwards. They open ChatGPT or Claude, type "find everything on this email," and hope. The model produces something that looks confident, reads well, and is often dead wrong—no sourcing, no verification, no idea what it actually checked. The problem isn't the model itself. It's the missing process behind the prompt. A language model with no structure will fill gaps with plausible text. An investigation is the opposite of that: it's the discipline of separating what you know from what you assume. That's exactly why developer Tommaso published a method and five OSINT templates on DEV.to that work in any AI assistant today, assuming you're working with authorized public sources only.
The Five-Phase Framework
Good investigations follow the same backbone regardless of target: scope -> collect -> pivot -> verify -> document. A model can help in every phase, but only if your prompt tells it which phase it's operating in. "Investigate this" gets you a guess. "You are in the scoping phase, output only the plan" gets you something useful. The five templates cover each phase: a scoping prompt to run first and stop chasing wrong targets; an email seed prompt for pivoting from contact info into profiles and domains; a username cross-platform mapping template that rates confidence levels instead of claiming certainty; a domain and infrastructure checklist covering WHOIS, DNS records, passive DNS, certificates, and ASN data; and finally a verify-and-report prompt that classifies every finding as confirmed, probable, or assumption before producing a reproducible output.
The Critical Gap: Models Reason, They Don't Fetch
Here's what the article doesn't let you forget—chat models alone cannot see live WHOIS, current DNS records, or whether an account actually exists right now. They reason; they don't fetch. That's why every template keeps flagging "anything that requires live data I still need to pull." The prompts are structured checklists for human analysts with real tools in hand, not autonomous investigation bots.
Closing the Loop With OpenOSINT
To actually connect AI reasoning to real data sources, Tommaso points to OpenOSINT—a free, open-source OSINT agent and MCP server that lets models plan investigations then call actual tools. The tool handles DNS lookups, WHOIS queries, account discovery, IP intelligence, and more so answers come from data instead of the model's imagination. It runs as an interactive REPL, CLI, MCP server, or small web UI and works with Claude or local Ollama models. Install it via pip install openosint and grab the repo at github.com/OpenOSINT/OpenOSINT.
Key Takeaways
- AI OSINT fails without process—structure your prompts around investigation phases, not vague queries
- The five-phase method (scope/collect/pivot/verify/document) applies to any target type
- Every template forces the model to distinguish known facts from inferences with confidence ratings
- Chat models don't fetch live data—you need tools like OpenOSINT for real infrastructure lookups
- Handle reuse across platforms is not identity proof—always flag assumptions as assumptions
The Bottom Line
These templates aren't magic—they're discipline enforcement for a process most people skip because it feels slower than just asking. But an investigation that can't be reproduced isn't intelligence, it's noise. Pair these prompts with OpenOSINT and you've got something closer to actual tradecraft.