Securing the World Cup Amid Geopolitical Conflict
When FIFA World Cup 2026 kicks off in June, it will do so in a new world of geopolitical risk.
The global threat landscape looked a lot different in 2018, when the United States, Canada, and Mexico had their united bid accepted at the annual FIFA Congress. The most pivotal change: On 28 February, the United States and Israel launched combat operations against Iran.
That conflict adds to an already volatile geopolitical environment and arrives at the threshold of what’s arguably the world’s largest sporting event. The 2026 edition of the quadrennial World Cup is expected to draw millions of stadium spectators and a massive audience across media platforms. FIFA, the governing body of world soccer, estimated that the 2022 World Cup final attracted 1.41 billion viewers.
That level of visibility offers a global stage for adversaries plotting attacks for symbolic impact. Even the threat of an attack could prove disruptive if tournament attendance declines and the event takes an economic hit.
Against this backdrop, security professionals face the task of protecting teams, spectators, and venues located in 16 cities across the three host nations. The surrounding metropolitan areas and regions, along with the transportation networks connecting them, are also part of the potential attack surface. In addition, this year’s expanded World Cup format makes security all the more challenging. The tournament field has increased from 32 to 48 teams, pushing the number of matches from 64 to 104. That’s more players, fans, hotels, and games to protect.
A robust threat intelligence strategy, however, can help security teams deal with this demanding environment. Key aspects include the effective use of open-source intelligence (OSINT) and the ability to collect, analyze, and act upon large amounts of data.
Geopolitics and the New Threat Environment
The higher profile of geopolitical risk marks the most significant shift in the threat landscape since 2018. Eight years ago, geopolitics wasn’t a top consideration: Holding the event in North America created an aura of protection through geographical isolation from active conflict areas.
Terrorism, of course, remained a threat, but the primary focus was on lone-wolf attacks. Those attacks can do mass harm, but the geopolitical resurgence increases the potential for more damaging attacks.
Iran, for instance, has the ability to conduct sophisticated attacks directly or through its state-sponsored proxy networks. Cyberattacks and the activation of sleeper cells are also viable risks. An alleged Iranian plot to assassinate the Israeli ambassador to Mexico, which was reportedly foiled in 2025, suggested the possibility of threat actors operating in North America.
An Iranian attack at a World Cup event is a logical potential development, given the nation’s ongoing conflict with the United States. Lone-wolf events might also surface. The 1 March shooting at an Austin, Texas, bar appears to fit that profile. The shooter killed three people and injured more than a dozen, and the attack is being investigated as a potential terrorist act. World Cup venues in the United States should consider the geopolitical weight of an Iranian attack, whether direct or sponsored.
Security teams in Mexico and Canada shouldn’t discount that threat, but they will also need to face local concerns. In Mexico, drug cartel activity provides a prominent example. The World Cup’s tourist influx opens a major business opportunity for the cartels. The opportunity to maximize profits would increase crime yet might not lead to more serious disruptions.
However, an event such as the Mexican military operation in February that killed Nemesio Oseguera Cervantes, the Jalisco New Generation Cartel (CJNG) leader known as El Mencho, could spark a violent upheaval. The killing of the cartel boss led, at the time, to a multiday wave of retaliation affecting some 20 Mexican states. A rogue cartel faction set on revenge or a power grab could find the soccer tournament a prime opportunity to inflict damage in front of a global audience.
Transportation safety is another factor. Hundreds of miles of highways link World Cup venues in Guadalajara, Mexico City, and Monterrey. Teams, vendors, and a multitude of tourists will travel through cartel territory going from one venue to another. Guadalajara is the largest city in Jalisco state, CJNG’s home base. In the Monterrey region, the Northeast Cartel is among several active drug trafficking organizations. Such groups already frequently extort or rob truck drivers. World Cup travelers could potentially be subject to that threat, although the Mexican federal government recently discussed a security plan designed to manage security risks.
Risk Mitigation Challenges
While intelligence is a core component of threat mitigation, teams managing World Cup security—whether for venues, nearby cities and infrastructure, or teams traveling to or attending events—face several challenges in sourcing, interpreting, and applying intelligence.
Intelligence sourcing is a key issue in terms of global threats. Security organizations tend to emphasize well-established threats such as petty crime, cybersecurity incidents, and lone-wolf attacks. That approach, which relies primarily on local intelligence gathering, neglects the reality of geopolitical threats.
The local focus has degraded security organizations’ ability to connect with sources that provide information at the accuracy levels that their operations now require. They are operating with outdated intelligence models that prioritize cybersecurity over physical security in an obsolete security environment.
The recent conflict in Iran provides a key example of how geopolitical risk events occurring in a foreign theater have caught many organizations by surprise. These entities were more focused on nefarious events and threat actors targeting their networks and did not recognize early on how this international incident could rapidly impact their supply chains, physical security, and operational safety. Being able to anticipate potential threats and impacts would have enabled them to proactively implement threat reduction procedures. For such groups, the geopolitical dimension is a black hole.
The method of intelligence gathering is also problematic. Organizations that scour the Internet to investigate threats will find themselves mired in the old way of doing things. Updated models of corporate intelligence incorporate artificial intelligence (AI) capabilities that efficiently scrape information at scale and collect large datasets for analysis.
Without AI to automate the intelligence process, security teams will spend more time collecting information. That means less time devoted to interpreting data for effective decision-making.
The Importance of Open-Source Intelligence
The information collection and analysis task revolves around open-source intelligence. Some of the security organizations attached to venues or teams might have access to classified information, but most will be entirely dependent on OSINT. As a result, OSINT will play a central role in determining security risks and threats, planning for them, and responding to incidents before and during the World Cup.
OSINT provides a wealth of information for security teams. The explosion in the types of social media as well as widespread access to those platforms generate enormous amounts of data for sentiment analysis and threat detection. OSINT can also supply data on weather conditions and transportation hazards. Security planners should take into account the vast layers of information available and expand the scope of their intelligence gathering accordingly.
Second, OSINT helps security teams become more self-reliant as they move beyond traditional intelligence sources. In the past, a security team might have depended on police departments to provide threat information. The limitations of this approach become clear in the case of transportation safety. Local law enforcement agencies will provide information within their immediate jurisdiction, but they typically don’t communicate about those threats along the routes between cities. The upshot: Security professionals aren’t getting the complete intelligence picture for logistical planning and threat response.
However, OSINT lets security teams pinpoint areas between venues needing a higher level of security and plan for alternative routes. For example, if there are protests being planned against a soccer team and OSINT identifies this, the intelligence platform is able to alert the security unit looking after a soccer team, enabling that unit to proactively take the necessary action to manage risks and ensure the safety of the team. Tapping OSINT provides direct access to actionable threat intelligence and reduces a team’s reliance on sources with narrower perspectives.
Beyond Alerting
When security teams automate intelligence, they often adopt technologies that focus on alerting: An event occurs, and the system basically flags a trouble spot. That method lacks contextual depth and offers little more than widely available news push notifications.
Alerts fail to offer the “So what?” insight, which is what matters most to a security team. What’s really needed is not a flashing red light but information on how to address the event. The intelligence delivered to World Cup security decision-makers must include the critical next steps to pursue.
With that in mind, organizations should consider updating their intelligence processes to include AI capabilities. AI’s ability to recognize patterns provides contextual details that go beyond a simple alert. Based on that contextual understanding, AI creates recommendations for the security team.
Dealing with Voluminous Data
The vast amount of intelligence information OSINT generates can prove a challenge as well as an advantage. The World Cup, with its three countries and multiple venues, will create a flood of information. Security teams must contend with local, regional, and geopolitical threats simultaneously.
AI helps handle the influx of incoming data, making searches for relevant data more precise. Older methods that use keyword logic can bog down analysts with information overload. For example, a search for information on “Guadalajara” would pull together information on the half dozen geographic locations in Mexico called Guadalajara, as well as places with that name to be found elsewhere in Latin America.
AI, used properly, can be tailored to focus on what’s important, reel in key facts, and cut through the noise. Overall, AI provides contextual understanding and in-depth analysis—critical qualities for a sophisticated threat environment.
Facilitating Incident Response
AI-driven OSINT can help security teams plan their response to a critical incident. A team can input its existing security plan into an AI model, which can then update it for the World Cup context and event-specific parameters.
Law enforcement and hospital security plans can also be fed into the AI model to update the team’s security document.
The collection and analysis of OSINT, meanwhile, provides threat reporting that teams can use to test a plan. If a particular threat event activates a critical trigger, as defined by the security team, the AI model will suggest a series of steps for the team to pursue. Recently, the buildup to the war in Iran provided key indicators and warnings for security and risk management decision-making in all organizations potentially directly and indirectly impacted. For example, reporting in January and February showed that Iran was deploying its ballistic missile force across the country, which is a key indicator of heightened military posture. This should have served as a signal for U.S. and other businesses in the region that they would likely face specific risk and security threats and that they should take the necessary hazard mitigation steps.
AI increases a security team’s efficiency and speeds up the task of building a security plan. That said, human oversight remains important. AI can recommend actions, but security professionals still need to interpret the data and execute decisions.
Preparing for the World Cup
In the lead-up to the World Cup, security organizations charged with team and venue security should focus on creating a threat baseline. OSINT and data analysis will produce a rundown of the possible threats, identify the threats security personnel will most likely face, and highlight the most dangerous ones.
The baseline helps security teams determine whether an event might be considered routine or suggests a bigger problem requiring a stronger response. OSINT establishes what normal looks like by constantly monitoring key intelligence requirements, which can include internal data, various external anomalies, and focus on events demanding immediate action to avoid panic and negative media attention.
Ideally, security teams should test their OSINT capabilities before the World Cup begins. That way, security practitioners can understand their operating parameters. What are the key procedures, constraints, and trigger thresholds? Does anything need to be adjusted?
Many organizations may still not know whether their security plans meet the World Cup’s complicated threat templates. The tournament begins 11 June, so the time to act is now.
Stefano Ritondale is the chief intelligence officer at Artorias, a global provider of actionable real-time risk and threat intelligence to clients in the public and private sectors. He had a distinguished career in the U.S. Army with significant intelligence experience. Artorias’s proprietary solutions enable clients to identify and manage threats and risks so they can protect people, reputations, and assets. Contact Ritondale at [email protected].
