This Insight is published to coincide with Global Media and Information Literacy Week to highlight positive interventionist technology tools in the P/CVE sphere.
Terrorist groups are increasingly using digital assets to move money outside traditional financial oversight. These same channels – blockchain networks, stablecoins, and encrypted apps – now underpin a wider illicit economy that spans cybercrime, sanctions evasion, and elite capital movement. Together, they form a shadow financial infrastructure that operates at a scale and velocity traditional enforcement cannot match.
As regulators struggle to keep pace, artificial intelligence (AI) is emerging as a force multiplier. From clustering wallets and detecting laundering networks to automating early detection, AI is transforming how investigators detect, map, and disrupt illicit flows. Yet technology alone cannot solve the problem. Effective countermeasures require human analysis and strategic framing – linking the rise of digital liquidity systems to the broader financial ecosystems that sustain both criminal and terrorist actors. This Insight will explore emerging regulatory and technological trends aimed at closing the global enforcement gap – showing how AI-enabled enforcement, systemic liquidity mapping, and multi-domain synthesis can shift counter-terrorist financing from reactive disruption toward proactive resilience.
Figure 1: The three-tiered liquidity framework.
Understanding the Problem: A Three-Tiered Approach
The challenge today is not simply that terrorists seek money beyond regulatory and enforcement oversight, but that the methods they use to mobilise funds converge with a broader set of illicit and semi-licit flows. The rise of blockchain and digital currency ecosystems has provided bad actors with faster, cheaper, and less traceable means of moving value globally. These value transfer mechanisms, combined with encrypted messaging apps, offer the ability to move vast sums outside the global banking system, thus representing a structural alternative to it.
Terrorists are not alone. A much larger global criminal ecosystem – spanning cyber fraud, state-linked sanctions evasion, and elite capital flight – exploits the same digital corridors. On 14 October, U.S. authorities seized over $14 billion USD worth of Bitcoin tied to Cambodia-based and Hong Kong-registered Prince Group, which provided laundering services to Southeast Asia’s vast cybercrime industrial complex. It was the largest Bitcoin seizure in history, underscoring the scope of these illicit systems. These systems represent a financial substrate where actors with varied goals and ideological motives can rely on the same facilitators, which become more pervasive with each transaction.
The three-tiered liquidity framework explains this new paradigm. At the top, Tier 1 captures elite flows – shadow banks, high-net-worth individuals, and state-adjacent funds that seed the system – generally manifesting as capital outflows, although at times taking the form of strategic inflows in specific contexts. Tier 2 is the facilitation layer, comprising over-the-counter (OTC) brokers, underregulated exchanges, and laundering platforms that have grown from Tier 1 flows. These entities now rent their services to anyone with the means to access them. Tier 3 is where threats surface, as extremists and criminal groups exploit the same intermediaries to move money through unregulated corridors. By mapping this cascade, we see how funds that leave states at the top can ultimately end up financing terrorism and criminality at the bottom – with Tier 2 serving as the connective tissue with none of the accountability of regulated financial systems.
Tier 2 intermediaries take many forms, but Huione Guarantee in Cambodia, Garantex in Russia/Dubai, and Iran’s Derakhshan/ Alivand shadow banking network all show how digital asset facilitators operate at the intersection of offshore capital and terrorist finance. Huione’s illicit marketplace evolved into a laundering channel for ethnic Chinese criminal networks across Southeast Asia, with clear evidence of participation by Hong Kong facilitators – strongly suggesting its use by Chinese elites to evade domestic capital controls. U.S. authorities also flagged Huione for laundering $39 million USD tied to the Houthis, a clear example of terrorist financial usage. Evidence also suggests that Myanmar-based militant groups have accessed Huione and comparable networks, further illustrating how such financial ecosystems enable militant and terrorist funding structures.
Meanwhile, U.S. and European regulators sanctioned the Moscow-based crypto exchange Garantex for enabling Russian sanctions evasion and elite capital flows, as well as for processing transactions linked to Palestinian Islamic Jihad. Further analysis has also revealed that funds from Garantex flowed into wallets controlled by the Islamic State Khorasan Province (ISKP). Finally, in Iran, the Derakhshan/ Alivand shadow banking network operated as a crypto-enabled extension of the regime’s sanctions evasion architecture, moving billions through front companies and exchange houses. U.S. Treasury designations also show the network provided financial services to Hezbollah funding corridors, again demonstrating a clear cascade between Tier 1, 2, and 3 flows.
While the three-tiered framework currently captures only some terrorist organisations, groups such as those associated with the Islamic State and al-Qaeda also rely on intermediaries to move and launder funds on the blockchain. As these networks become more digitally sophisticated and financially liquid through their exploitation of high-value trades – including commodities such as gold and timber as well as narcotics trafficking – it is likely that they too will engage Tier 2 facilitators, further expanding their global financial reach and resilience.
Disrupting only the Tier 3 terrorist groups is insufficient, as these actors are symptomatic of broader systems. The real leverage lies in targeting the Tier 2 facilitators who profit from servicing everyone – oligarchs, sanctioned states, and militant/ terrorist groups alike. A strategy of networked disruption must therefore neutralise the brokers, platforms, and exchanges that systematically connect these flows. By constraining Tier 2, regulators and investigators can structurally disrupt the cascade before funds reach Tier 3, cutting off not just individual plots, but the infrastructure that makes global illicit liquidity possible. Although this challenge remains enormous in scope, new regulatory and technology-based solutions have begun to tip the scales in favour of global enforcement.
Regulatory Reforms and AI Advances
Emerging regulatory frameworks are bringing digital assets under formal oversight. In the U.S., the GENIUS Act would pull the issuers of and intermediaries behind stablecoins – the current lifeblood of large-scale illicit financial flows – into the existing anti-money laundering and combating the financing of terrorism (AML/CFT) system. In the European Union, the Markets in Crypto-Assets regulation (MiCA) sets harmonised standards for licensing and disclosure across the bloc. Financial hubs such as Hong Kong and Singapore, as well as Southeast Asian jurisdictions such as the Philippines, are also moving to regulate exchanges, OTC brokers, and other intermediaries. Together, these measures mark a decisive shift: digital assets are no longer a lawless frontier, with governments actively working to close the gaps that criminals, sanctioned states, and violent extremists exploit.
However, tens of billions of dollars move each year through the informal systems described above, and human analysts alone cannot keep pace with flows of this magnitude and velocity. Without advanced tools and coordinated enforcement, new regulatory frameworks risk becoming outmanoeuvred by the actors they seek to constrain. Recent AI advances increasingly address this enforcement gap – not by replacing human analysis, but by amplifying it through pattern recognition at scale. Leading blockchain analytics firms have already begun layering AI into their products in ways that concretely boost detection, attribution, and investigation speed.
Blockchain analytics platforms currently use machine learning to cluster addresses that belong to the same actor, trace funds that are deliberately split and rerouted to hide their origin, and flag unusual transaction patterns that suggest illicit flows. Some systems go further, automating the first level of triage, presenting investigators with likely leads rather than raw data. Others use advanced models to sift through vast webs of wallet interactions and highlight networks that resemble known money-laundering structures. While private analytics firms rarely disclose which AI modules are employed in specific investigations, recent rollouts of AI-enabled triage, clustering, and typology-detection tools suggest that such technologies are increasingly embedded in live enforcement workflows.
The effect on investigations is simple: machines take on the role of scanning and sorting, allowing human investigators to focus on context, judgment, and strategy. The combination makes it increasingly possible to confront illicit flows at volumes that have long exceeded the limits of manual enforcement. But the technology is still developing, coverage remains uneven, and determined actors continue to find ways to exploit the gaps. What AI offers today is not a finished solution, but an evolving opportunity to narrow the enforcement gap at the scale currently required.
Advances in AI disruption do not end with the private sector. The U.S. Military’s Defense Advanced Research Projects Agency (DARPA) has been developing a new programme called Anticipatory and Adaptive Anti-Money Laundering (A3ML). According to DARPA, the programme seeks to transform anti-money laundering from “manual, reactive, and expensive analytic practices” into a system that can proactively identify illicit financial activity by analysing transaction data at machine speed. The initiative aims to build adaptive models capable of detecting complex laundering behaviours and evolving with new threat patterns across global financial networks. In a recent interview, A3ML programme manager David Dewhurst claimed the goal of the project is to “raise the cost of money laundering so high that it becomes unsustainable.”
If realised, A3ML would represent a significant step toward closing the enforcement gap that today’s regulators and investigators struggle to manage in the realm of terrorist and illicit finance. Given DARPA’s 60-year track record of pioneering AI technology, as well as the core technologies behind the Internet itself, the fact that the agency is promoting A3ML publicly signals its potential as an emerging game-changer in countering terrorist finance and illicit liquidity networks as a whole.
Recommendations: Building Human–Machine Fusion Across the Enforcement Chain
Artificial intelligence will not replace human financial investigators; it will demand a new generation of them. As enforcement agencies integrate AI tools into financial investigations, the limiting factor will not be processing power but strategic judgment – the ability to interpret machine-generated signals in context. AI excels at pattern recognition, but it cannot discern intent, geopolitical linkage, or systemic consequence. These require human synthesis based on deep contextual understanding.
Three priorities follow from this reality:
1. Invest in human-machine fusion: Regulators, tech firms, and research institutions should prioritise training analysts who can interpret algorithmic outputs, question model assumptions, and integrate AI findings into broader geopolitical and financial-systems analysis.
2. Expand interdisciplinary research: The convergence of digital assets, sanctions evasion, and terrorist finance demands a research agenda that unites data science, economics, finance, criminology, strategic studies, and more. Understanding illicit liquidity networks at scale requires systems-level mapping and cross-domain synthesis, not siloed expertise.
3. Institutionalise feedback loops: AI detection models improve only when informed by real investigative experience and extensive research. Private firms and research institutions should create channels for case-based learning and publication, ensuring that enforcement outcomes continuously refine analytical models.
Additional priorities for technology platforms to consider:
4. Integrate financial signal detection into trust and safety operations: Social media, messaging, and other platforms are uniquely positioned to identify the early stages of extremist financing. Embedding financial intelligence cues such as patterns of wallet sharing, donation link reuse, or coordinated in-app transfers into existing moderation systems would enable early intervention without compromising privacy.
5. Create secure interoperability between financial and content-moderation ecosystems: Platforms can pilot controlled data-exchange frameworks that allow vetted enforcement partners and blockchain analytics firms to cross-reference on-chain data with online behavioural indicators. This would help surface the connective tissue between propaganda distribution, recruitment, and funding pipelines that rely on digital payment rails.
6. Promote collaboration on typology discovery: Major platforms can co-fund shared typology libraries that describe emerging laundering and fundraising behaviours across digital ecosystems. Building upon the precedent set by GIFCT’s hash-sharing database and other collaborative frameworks, as well as existing typology reporting by FATF and the Egmont Group, a complementary repository for financial signals could integrate structured input from public and private stakeholders, including blockchain analytics firms at the forefront of these trends. This would create a unified typology framework – linking regulatory, platform, and investigative perspectives – and provide a common analytical language for identifying new threats while ensuring that emerging AI models across companies learn from consistent signal categories.
AI is reshaping financial intelligence, but its success will depend on the people who wield it – analysts capable of seeing the system, not just individual outcomes. For the technology companies that host, route, and monetise digital interactions, this means examining how digital economies can be co-opted by illicit liquidity systems and disrupting them when possible. The next frontier in counter-terrorist finance will belong to those who can bridge the gap between computation and comprehension – between safeguarding platforms and preserving the integrity of the digital economy.
—
Adam Rousselle is a researcher focused on threat finance, weapons technology, macroeconomics, and geopolitics. His work has been cited by the Financial Action Task Force (FATF), the United States Senate, the U.S. Department of Defense, and leading policy journals. He has been published by GNET, the Hudson Institute, Nikkei Asia, Small Wars Journal, the New Lines Institute, the Jamestown Foundation, and The Diplomat, and is the founder of www.btl-research.com.
—
Are you a tech company interested in strengthening your capacity to counter terrorist and violent extremist activity online? Apply for GIFCT membership to join over 30 other tech platforms working together to prevent terrorists and violent extremists from exploiting online platforms by leveraging technology, expertise, and cross-sector partnerships.