How alerts form.

What Triggers an Alert

Every item ingested by the desk is tested against a library of more than 200 tripwire keyword patterns. These patterns cover geopolitical hotspots, commodity-linked actors, and operational terms that signal breaking developments. Examples include Iran, Hormuz, sanctions, nuclear, drone strike, IRGC, and dozens of regional variants in transliterated Farsi, Arabic, and Russian.

A keyword match alone does not generate an alert. The system runs a secondary check: does the matched item have any connection to a tracked portfolio exposure? If a headline mentions Hormuz, the system flags it for subscribers holding positions in Brent, LNG shipping, or Gulf-state equities. Items with no portfolio nexus are kept in the feed but do not trigger a notification.

Items that pass both the keyword and exposure checks enter the confidence scoring pipeline. The system assigns an initial score based on source tier (wire services score higher than anonymous Telegram channels), keyword density, and the presence of named officials or verifiable entities.

How It Filters

Before an item can accumulate confidence, it must survive deduplication. The desk computes Jaccard similarity between every incoming item and every item seen in the previous two-hour window. Any pair with a similarity coefficient above 0.45 is flagged as a duplicate. The newer item is merged into the existing cluster rather than spawning a separate alert.

Junk filtering runs in parallel. Items that consist entirely of hashtags, forwarded boilerplate, or bot-generated content are scored down to zero and suppressed from the alert pipeline. They remain in the raw feed for audit purposes but never surface as notifications.

Items that survive deduplication and junk filtering enter the relevance scoring model. This model evaluates six dimensions:

Each dimension is scored on a 0-to-100 scale, then combined into a weighted composite. The weights are tuned quarterly based on historical hit rates.

When It Gets Confirmed

An item advances from DEVELOPING to CONFIRMED when two conditions are met. First, at least two independent sources must report the same core claim. Independence is enforced at the tier level: two Telegram channels reposting the same Fars News wire do not count as independent. The system requires cross-tier corroboration, meaning the second source must come from a different feed category (for example, a wire service plus a government statement, or a social media post plus a satellite imagery service).

Second, the system builds a verification chain with timestamps. Every source that corroborates the original claim is logged with the exact time of detection, the source tier, and the degree of match against the original item. This chain is visible to subscribers on the alert detail view.

As corroborating sources accumulate, the confidence score escalates. A single-source item typically starts at 30 to 50 points. A second independent source can push it past the 75-point threshold for CONFIRMED status. Three or more independent sources with consistent details can push the score above 90, which triggers a CRITICAL classification and portfolio-specific notifications.

Why Some Downgrade

Not every alert escalates. The system actively monitors for contradiction signals. If a source publishes a denial that directly opposes the original claim, the alert is flagged for review. State media denials receive special handling: because state media outlets (such as IRNA, Tasnim, or TASS) have a documented pattern of issuing denials for political reasons, a state media denial does not automatically downgrade an alert. Instead, it shifts the status to CONTESTED, which tells the subscriber that the claim is actively disputed by an official source.

Single-source items face a stricter test. If an item has only one source and no corroboration arrives within four hours, the system automatically fades the item. Its confidence score decays by a fixed amount per hour, and after four hours without corroboration, the alert drops below the notification threshold. It remains in the archive as a low-confidence item, but it no longer surfaces in the active feed.

This decay mechanism is deliberate. It prevents the desk from amplifying unverified rumors that gain no traction. A story that only one source reports and nobody else picks up is, by definition, unconfirmed. The desk treats it accordingly.

Latest Alert Chain

The most recent alert chain processed by the desk is shown below. This is pulled live from the monitoring infrastructure when available. If the API is unreachable, a static example is displayed instead.