Hacked data from the Department of Homeland Security’s technology incubator shows it funding a variety of companies that would expand its surveillance capabilities with artificial intelligence, the Guardian can reveal.

The projects at the Office of Industry Partnership (OIP) include automated surveillance in airports; adapters allowing agents to use phones for biometric scanning; and an AI platform that ingests all 911 call data nationally and builds “geospatial heat maps” to “predict incident trends”, which appears to be a form of predictive policing.

The data throws new light on the department’s surveillance ambitions in the wake of the agency’s unprecedented $165bn funding boost in last year’s tax and spending bill, and controversies over agents’ apparent gathering of visual and biometric data on protesters in Minneapolis.

The data was gathered by a pseudonymous “cyber-hacktivist”, and provided to reporters by transparency nonprofit Distributed Denial of Secrets.

Although some of the data was already publicly available, the leak also exposed more than 6,000 companies that bid with the agency – not all of whom were funded for their projects – offering a window on the full scope of the private sector’s appetite for homeland security work, and the technologies the DHS considered but did not pursue.

Those parts of the data that were already public match the data provided in the leak.

The Guardian emailed the department a detailed request for comment. The Guardian also emailed the hacktivist for comment using an email included with the materials.

Jeramie Scott, a senior counsel and director of the Surveillance Oversight Project at the Electronic Privacy Information Center, said: “It very much feels like sometimes these people are watching dystopian science fiction movies and thinking, ‘Oh, that looks good!’”

He added: “That’s not the lesson from dystopian science fiction. They’re taking the wrong lesson from it.”

The data

The OIP sits within DHS’s Science and Technology Directorate, managing programs including the Small Business Innovation Research (SBIR) initiative, which funnels federal money to small-to-medium enterprises to develop prototypes addressing specific technology needs.

The data as supplied to the Guardian consists of two structured databases: a registry of more than 6,800 companies that have bid with OIP, and a separate database of more than 1,400 funded contracts. Each contract record includes a proposal abstract written by the company, describing the technology it pitched to the DHS.

The SBIR program, mandated by Congress in 1982 and reauthorized in 2022, requires that proposals be evaluated in part on their “potential for commercial application”. The program was designed to ensure that publicly funded R&D produces self-sustaining businesses rather than one-off prototypes.

Contracts typically begin as phase I proof-of-concept awards of around $100,000-$175,000 before graduating to phase II prototype funding of $1m or more. The leaked data spans two decades of this pipeline, from 2004 to late 2025, covering more than 1,400 awarded contracts worth a combined $845m.

Biometrics

Contracts issued since Trump’s inauguration include several focused on enabling agents to harvest biometric data using cellphones.

On 7 May 2025, three contracts were issued for the development of these technologies, and all three promised to make them available beyond DHS.

Idea Mind LLC received $174,464 for a technology it calls Vibe, an adapter that connects fingerprint and iris scanners to phones via USB-C or Lightning, offering “plug-and-play compatibility with Android and iOS devices without requiring custom drivers”.

Intellisense Systems received $174,990 for its similar Flow device designed so that a phone and biometric scanner can be “handheld effectively as a single unit,” supporting “handheld fingerprint (4 slap) and iris peripherals, and face and contactless fingerprint capture using the phone’s camera”. Integrated Biometrics received $167,627 for Bios Link, and wrote that its technology would serve “DHS components, interagency stakeholders, non-federal entities, the intelligence community, and international mission partners”.

Intellisense was spun off from Physical Optics Corporation in 2018. Together the two companies have received 59 DHS research contracts worth more than $17m since 2004, according to the leaked data. Intellisense alone received three contracts on 7 May, including Flow and two other projects involving airport surveillance AI and video deepfake prevention. Like Intellisense, Integrated Biometrics, based in Spartanburg, South Carolina, is an established government contractor that manufactures FBI-certified fingerprint sensors and similar devices for law enforcement, military and government clients around the world.

Idea Mind LLC, based in a suburb of Columbus, Ohio, had no previous DHS contracting history.

ICE and CBP agents’ harvesting of biometric data and use of facial recognition technologies came into focus during DHS’s January “surge” into the city, after rightwing influencers highlighted longstanding allegations of childcare fraud in the city.

The Guardian contacted all three companies for comment.

Airport surveillance

Four further contracts awarded on 7 May, totaling $699,000, funded technologies for surveilling passengers approaching TSA airport security checkpoints.

All four use AI to analyze existing airport CCTV feeds and automatically catalog passengers’ physical characteristics. Intellisense’s Ossca system would “detect and track individuals; identify anthropometric characteristics, clothing articles, shoe types, and visible accessories” and which agencies can use to “automatically alert operators with flags and detailed reports for adjudication”.

Its proposal listed commercial applications including “retail analytics, and public space surveillance.” Synthetik Applied Technologies proposed deep learning algorithms “optimized for real-time processing on existing CCTV video streams at pre-checkpoint zones” that will be “deployed on commercial off-the-shelf hardware”. AnalyticalAI received $174,639 and Toyon Research Corporation $175,000 for similar systems.

The leaked data shows all four are established DHS contractors. Synthetik, based in Pierre, South Dakota, has received $2.8m over seven OIP contracts, mostly for explosives detection. AnalyticalAI, based in Birmingham, Alabama, already works on AI-enabled airport screening. Toyon Research Corporation, based in Goleta, California, has held 12 DHS contracts since 2005, including work on a “Southern Border Surveillance System”.

The Guardian contacted all of the firms for comment.

DHS has a troubled history with airport behavioral screening. The TSA’s Screening of Passengers by Observation Techniques (Spot) program, which deployed more than 3,000 human “behavior detection officers” at 176 airports, cost over $900m from 2007. A 2013 GAO review found the ability to identify deceptive behavior from physical cues was “the same as or slightly better than chance”.

A follow-up GAO report in 2017 found TSA could not produce valid evidence for 28 of 36 behavioral indicators and that 98% of the sources it cited in support didn’t provide valid evidence, and included “news articles, opinion pieces, presentations created by law enforcement entities and industry groups, and screen shots of online medical websites.”

The standalone behavior detection officer role was quietly eliminated in 2016-2017. An ACLU investigation found the program had been used for racial profiling at airports including Newark and Chicago.

DHS’s own earlier attempt at technology-assisted behavioral screening, the Fast program was quietly wound down in the wake of EPIC’s disclosures.

On Fast and its apparent successors, Scott, the EPIC counsel, said “not only is it highly unlikely to work, but there are issues in terms of the risk it creates, in its disproportionate impacts, in turning the state apparatus on people who haven’t done anything wrong, in the waste of money, and in the potential for those tools to be used to undermine democracy.”

Predictive Policing

Also on 7 May, three contracts totaling $524,000 were awarded for AI platforms that would ingest 911 call data, with one apparently promising to identify and predict crime patterns.

All three were awarded under the same DHS topic seeking tools to centralise and analyse data from the nation’s 5,000-plus 911 call centres.

The most far-reaching is Cimas, the Consolidated Incident Management Analytics System, built by a newly-registered firm, Cassius LLC.

Its proposal describes “a high-availability data lake integrated with AI-driven analytics” that would collect and anonymise 911 call and incident data from public safety answering points nationwide, generating “geospatial heat maps” and using AI models to “predict incident trends” and “deliver actionable insights to responders.”

Cassius LLC, based in Bangor, Maine has no previous DHS contracting history. Cassius’s website describes it as a utility IT consulting firm; it names no team members, and its “our team” page is non-functional.

The Brennan Center for Justice has described predictive policing as “tech-washing” that “gives racially biased policing methods the appearance of objectivity, simply because a computer or an algorithm seems to replace human judgment.” Leading police departments including Los Angeles and Chicago abandoned their predictive policing programs in 2019-20.

The Guardian emailed Cassius and Zachary Canders, listed as the firm’s partner in DHS documents and Maine company filings for further clarification of the proposed technology.

In an email response, Canders wrote to The Guardian: “Hey, that’s really great” adding: “Could you do me a favor? Let’s write a story about me taking your mom out to dinner. We have an amazing seafood buffet. Lots of laughs lots of hugs probably a few kisses, then I never call her back.”