Open-source grey zone intelligence  ·  Two platforms

Mapping hostile activity.
Ground to orbit.

Track, attribute and analyse grey zone conflict and hostile orbital activity — from hybrid warfare on Earth to satellite proximity operations in space. Open intelligence. Structured data. Built in public.

GreyZone Watch + GreyZone Orbit
In active development — open to feedback & shaping now

Both platforms currently display curated historical demonstration data

Why this matters

Modern conflict lives in the grey zone

Grey zone conflict — the space between peace and open war — is where most modern aggression happens. Satellite stalking, proxy wars, GPS jamming, maritime harassment, disinformation, cyber intrusions. Most of it goes untracked, underreported and under-attributed.

GreyZone is building open infrastructure to change that. Structured, accessible intelligence on the incidents that define modern conflict — from coastal waters to geostationary orbit.

6+
Grey zone domains tracked: hybrid, maritime, EW, cyber, proxy & more
5+
Orbital threat categories: ASAT, RPO, space-EW, cyber & dual-use
28+
Space security incidents documented with attribution & NORAD IDs
2
Platforms in active development — open to feedback now

The platforms

Built for analysts. Open to everyone.

Two distinct products with a shared architecture — designed to become the most comprehensive open-source grey zone intelligence resource available.

🌍

GreyZone Watch

Grey zone conflict.
On the map.

A live incident tracker for irregular, hybrid and grey zone activity across land, sea and cyberspace. GreyZone Watch surfaces the operations that are designed to be deniable, ambiguous and hard to attribute — the modern face of geopolitical aggression.

  • Live map interface — incidents plotted geographically with domain colour-coding and severity indicators
  • Attribution tracking — adversary identification with confidence levels from Suspected through Confirmed
  • Multi-domain coverage — Maritime, EW/Jamming, Cyber, Proxy operations, Disinformation and HUMINT
  • Research & analysis dashboard — historical pattern analysis, trend detection and domain breakdowns
  • Verified sourcing — every incident linked to primary source material with credibility flags
Alpha · In development
🛰️

GreyZone Orbit

Space security.
In three dimensions.

The first open-source space security incident tracker with a live 3D orbital globe. GreyZone Orbit maps hostile activity in orbital space — from anti-satellite weapons tests to satellite proximity operations and space-based electronic warfare.

  • 3D orbital globe — WebGL globe with LEO, MEO and GEO shell rings, incident arcs and attribution mapping
  • Satellite-centric data model — actor satellite, target satellite, NORAD IDs and full orbital parameters
  • Full attribution chain — from Cosmos-2543 stalking KH-11 to GPS jamming campaigns, nation-level attribution
  • Orbital domain coverage — RPO, ASAT, EW, Cyber, Debris generation and Dual-use operations
  • Live satellite tracking — NORAD ID links to real-time positional data via n2yo.com integration
Alpha · In development

How it works

From incident to intelligence

Step 01

Collect & Verify

Incidents are sourced from open reporting, government statements, academic publications and verified journalist investigations. Every entry carries a primary source link. Confidence levels reflect the quality of available attribution evidence — from Suspected through to Confirmed.

Step 02

Structure & Attribute

Each incident is structured with domain classification, adversary attribution, severity scoring and — in Orbit — full orbital parameters including actor/target NORAD IDs and orbital regime. The data model is designed to support analysis, not just display.

Step 03

Visualise & Analyse

Live maps, 3D orbital globes, trend charts and domain breakdowns give analysts and researchers the tools to understand patterns, identify escalation signals and track adversary behaviour across time and domain.

What we track

Coverage across every domain

Current and planned coverage spans the full spectrum of grey zone activity — from terrestrial hybrid operations to counter-space capabilities in geostationary orbit.

Hybrid Warfare

Proxy operations, deniable military action and covert force employment below the threshold of open conflict

Electronic Warfare

GPS jamming, communications spoofing and spectrum denial operations against military and civilian targets

Maritime Grey Zone

Coast guard harassment, fishing fleet operations, subsea cable interference and port coercion

Cyber Operations

State-attributed cyber attacks on critical infrastructure, government networks and defence systems

RPO / Satellite Stalking

Rendezvous & proximity operations — inspector satellites shadowing high-value national intelligence assets

ASAT Weapons

Direct-ascent and co-orbital anti-satellite weapons tests, intercepts and capability demonstrations

Space-based EW

Jamming and spoofing of satellite communications, navigation signals and ground uplinks from orbit

Dual-Use & Debris

Weapons-capable platforms disguised as civil missions and deliberate debris-generating events

Where we are

Honest about the roadmap

Both platforms are in active development. Core functionality is live. We're building in public and shaping the roadmap with feedback from analysts, researchers and domain experts.

Demonstration Data

Both platforms currently display curated historical data to demonstrate functionality. The incidents shown are real, sourced from open reporting, and representative of the data model — but this is not yet a live feed. Automated ingestion and verified real-time data are on the roadmap. We're sharing this early so the architecture and approach can be shaped with input from the community.

GreyZone Watch Alpha
  • Live incident map — interactive geographic view with domain filtering and severity
    ✓ Shipped
  • Research & analysis dashboard — activity charts, domain breakdowns and trend analysis
    ✓ Shipped
  • Incident database expansion — broadening coverage depth and geographic range
    In progress
  • Automated ingest pipeline — structured ingestion from verified open-source news feeds
    Planned
  • API access — structured data export for integration with analyst toolchains
    Planned
GreyZone Orbit Alpha
  • 3D orbital globe — WebGL globe with orbital shell visualisation and incident arcs
    ✓ Shipped
  • Satellite data model — actor/target satellites, NORAD IDs and full orbital parameters
    ✓ Shipped
  • Incident dataset expansion — full spectrum of documented counter-space activity
    In progress
  • Live TLE integration — real-time satellite position data from Space-Track.org
    Planned
  • Conjunction analysis — proximity alerts and close-approach detection for tracked objects
    Planned

Shape what we build

We're building in public.
Your input shapes the roadmap.

Both platforms are in active development and we want to hear from analysts, researchers, journalists and defence professionals. What domains are we missing? What would make this more useful to your work? What data matters most to you?

Send Feedback Follow on Bluesky Request Early Access

No account needed — a plain email works perfectly  ·  info@evodefence.uk