Part I introduced the four pillars of Synthetic HUMINT: behavioral profiling, probing, consistency testing, and attribution. Part II built the baseline the stable habits that make up a model's behavioral signature. Part III showed what happens when you stop observing that baseline and start pressuring it, and why the resulting contradictions are diagnostic rather than incidental. This is the piece that closes the loop.
Attribution is where the other three pillars pay off and it's also the pillar most likely to be misunderstood, because people assume it ends where it actually begins.
Identifying which AI you're facing is not the finish line. It's the starting point.
🔹 Why "which model" is only step one
Knowing that a given system, deployment, or fine-tune is behind an operation tells you something but on its own, it's closer to knowing which knife was used than knowing who held it. A model identity narrows the field of possible tooling. It doesn't tell you who deployed it, why, or against whom. Treating model identification as the end of attribution is the same mistake as treating malware family identification as the end of an intrusion investigation. It's a starting coordinate, not a conclusion.
🔹 The TTP layer: borrowed tradecraft as a compass
Here's where Part III's finding becomes useful rather than just interesting. For at least the next two to three years, AI-driven attacks are going to rely overwhelmingly on borrowed TTPs — tradecraft pulled from historical attacks rather than originated from nothing. That dependency, which I described as a vulnerability in Part III, becomes a tool here.
A model's borrowed-TTP profile isn't random. It reflects what the system was exposed to, trained on, or fine-tuned around. When you map which historical playbooks a given AI keeps reaching for which industries, which attack chains, which operational habits — you're not just profiling the model. You're getting a read on the knowledge domains and threat models that most shaped its behavior. That's a real narrowing signal. It won't hand you a name, but it will hand you a lineage: this system's behavior looks like it was built around ransomware operational patterns, or around credential-access tradecraft, or around a specific industry's attack surface. That lineage narrows the field of who plausibly built or fine-tuned it, and toward what purpose.
This is attribution by inheritance. The model didn't invent its playbook it absorbed one. Finding whose playbook it absorbed is real investigative ground, even without operational detail on how you'd extract it.
🔹 The harder, more important layer: motive
But TTP lineage only gets you so far, and this is the part I think matters most.
An AI does not have its own motive to attack company X or target Y. It has no independent reason to prefer one objective over another. Whatever motive appears to be driving an operation belongs to the human behind the system the one who selected the target, defined the objective, and, in many cases, fed the AI a reason coherent enough to operate on.
That absence of native motive is exactly what makes motive the most durable attribution signal available. Techniques can be borrowed, mutated, or eventually as models approach AGI originated independently. Motive can't be manufactured the same way. If an operation is targeting a specific sector, in a specific order, with a specific tolerance for collateral exposure, that pattern reflects a human decision sitting upstream of the AI, not a preference the AI generated on its own. Read the motive, and you're no longer attributing a model. You're attributing the operator who gave the model a reason to act.
This is the same principle that closed out Part III technique changes, motive doesn't — but attribution is where that principle becomes actionable rather than just reassuring. When the technical signal (borrowed TTPs, behavioral tells, consistency breaks) narrows the field partway, motive is what closes the remaining distance, because motive belongs to the human, not the machine.
🔹 Putting the pillars together
This is why attribution sits last in the methodology and depends on everything before it:
Profiling (Part II) gives you the baseline what the system does by default. Consistency testing (Part III) gives you the stress fractures where the system breaks and what that reveals about borrowed technique versus absent reasoning. Attribution takes both and asks two questions in sequence: whose tradecraft does this behavior most resemble, and whose motive does this targeting most reflect. The first question narrows the field of tooling and lineage. The second narrows the field of people.
Neither question alone is sufficient. A TTP-lineage match without a motive match tells you a system was probably built or trained around certain patterns, but not who's driving it today. A motive read without a TTP lineage tells you what an operator wants, but not what they're using to get it. Together, they're what actually lets you say something meaningful about an AI-driven threat — not just "this looks automated," but "this looks like this kind of borrowed tradecraft, deployed toward this kind of objective, which points toward this kind of actor."
🔹 Where this leaves the methodology, for now
For the next two to three years, I expect this to remain the shape of the problem: AI systems drawing on inherited TTPs, operating with human-supplied or human-approved motive, leaving both a technical seam and a motivational seam to work from. That won't last indefinitely Part III already named the horizon where models begin generating and mutating their own tradecraft, and motive-injection will likely get subtler as operators learn that motive is the more durable tell. But right now, both seams are readable, and both are worth reading.
That's the full arc of sHUMINT as I've laid it out across four parts: profile the baseline, stress it to find where it breaks, and use both the borrowed technique and the absent-then-supplied motive to narrow from "an AI did this" to "someone specific had a reason for this AI to do this." The machine is the instrument. The attribution, in the end, is still about the person.
To be clear about scope: this analysis addresses non-state threat actors. I assess that a small number of states have already developed AGI-level capability internally, and the dynamics described here particularly around borrowed tradecraft don't necessarily hold at that tier.
Analytical assessment for educational and situational-awareness purposes only. This post discusses behavioral and attribution analysis concepts at a conceptual level and contains no operational guidance, attack methodology, or instructions for offensive use. No specific systems, groups, or individuals are named. Views are my own.