Terrorist Organizations - Presentation Demo¶
Aletheia is a GraphRAG solution based on the concept of knowledge graphs and ontologies.
It provides the following capabilities:
- Data Ingestion
- Schema inference mechanisms based on LLMs and Ontologies
- Entities and Relationships Extraction, normalization and deduplication
- Hybrid search: Graph traversal plus semantic embeddings
- Temporal relationships
- Context Retrieval for LLMs to answer
- MCP server
A. Why Counter-Terrorism Analysts Need Connected Intelligence¶
The Network Evolution Problem¶
Terrorist organizations aren't static entries in a list — they're living networks that constantly transform:
- Rebrand: GSPC became AQIM, Ansar Bayt al-Maqdis became ISIS-Sinai Province
- Fragment: IRA → Real IRA → New IRA → Continuity IRA
- Affiliate: Regional groups pledge allegiance to global networks (al-Qaeda, ISIS)
- Use aliases: Lashkar-e-Taiba operates as LeT, Al Muhammadia Students, Milli Muslim League
A simple database lookup fails when the name changes but the threat persists.
┌─────────────┐
│ GSPC │
│ (1998) │
└──────┬──────┘
│ rebrands
▼
┌─────────────┐
│ AQIM │──────► al-Qaeda Network
│ (2006) │
└─────────────┘
The Multi-Jurisdictional Maze¶
The same organization may be:
- Designated differently: "Hizballah" (US) vs "Hezbollah" (UK) vs "Hizbollah" (Australia)
- Listed by some, not others: National Action (UK only), Tren de Aragua (US only)
- Under different legal frameworks: FTO (US), Proscribed (UK), Listed (Australia)
Compliance teams and analysts must cross-reference three separate authority lists — each with different naming conventions, alias handling, and designation criteria.
The Sanctions Screening Challenge¶
Beyond designation lists, financial institutions and corporations must screen against multiple overlapping sanctions regimes:
| Authority | List | Scope |
|---|---|---|
| US OFAC | SDN List | Financial sanctions |
| US State Dept | FTO List | Terrorist designations |
| EU | Consolidated List | EU-wide sanctions |
| UN Security Council | Consolidated List | Global sanctions |
| UK/AU/National | Various | Jurisdiction-specific |
The problem: The same organization appears under different names across lists. If your screening system doesn't understand that:
PKK = Kurdistan Workers Party = Partiya Karkeren Kurdistan = Kongra-Gel
...you'll miss a match.
| Outcome | Consequence |
|---|---|
| False negative | Regulatory fines, criminal liability, reputational damage |
| False positive | Operational friction, customer delays, lost business |
Why GraphRAG helps:
- Resolves aliases to canonical entities
- Traces organizational relationships (is this supplier connected to a sanctioned entity?)
- Provides explainable matches for compliance documentation
B. Why GraphRAG and not RAG?¶
RAG (Vector stores) allow AI to find conceptually similar information through embeddings: keyword search on steroids. Vector search measures proximity in semantic meaning, not structure or causality.
RAG is fast, scalable, and excellent for recall, but it doesn't understand relationships. RAG can tell you what looks alike, not what belongs together.
The Need for Structure
To move beyond pure semantic retrieval, AI needs a structured representation of meaning.
A way to connect facts, follow relationships, and reason across them.
That's where Knowledge Graphs come in.
The Limitation of Vector Search¶
A vector search for "Hezbollah sanctions" returns documents that mention Hezbollah. But it can't:
- Trace that Hezbollah → Iran's IRGC → Kata'ib Hezbollah (Iraq) share connections
- Know that "Hizballah" in one document is the same entity as "Hezbollah" in another
- Follow the designation chain: Organization → Sanction → Authority → Program
What Knowledge Graphs Add¶
| Capability | Vector Search | GraphRAG |
|---|---|---|
| Find similar documents | ✓ | ✓ |
| Resolve aliases | ✗ | ✓ |
| Trace organizational evolution | ✗ | ✓ |
| Cross-reference jurisdictions | ✗ | ✓ |
| Explain why entities are connected | ✗ | ✓ |
Example¶
"Is this supplier connected to any designated organization?"
- RAG: Searches for supplier name in sanctions documents
- GraphRAG: Traverses relationships — supplier → parent company → beneficial owner → organization → designation
C. Introducing OpenSanctions and FollowTheMoney¶
OpenSanctions¶
OpenSanctions is an open-source database that aggregates sanctions lists, watchlists, and politically exposed persons (PEPs) from multiple authorities worldwide.
It provides:
- Consolidated data from 100+ sources (OFAC, EU, UN, national authorities)
- Entity resolution across datasets (same person/org, different names)
- Regular updates tracking designation changes
- Open license (CC BY-NC 4.0) for research and non-commercial use
FollowTheMoney: An Investigative Ontology¶
FollowTheMoney (FTM) is more than a data format — it's a formal ontology designed for investigative journalism and anti-corruption research. Originally developed by OCCRP (Organized Crime and Corruption Reporting Project), it defines:
| Component | Purpose |
|---|---|
| Entity Types | What things exist (people, organizations, assets) |
| Properties | Attributes of entities (names, aliases, dates) |
| Relationships | How entities connect to each other |
| Inheritance | Type hierarchies (Company → Organization → LegalEntity) |
Core Entity Types¶
| Entity | Description | Properties |
|---|---|---|
Organization | Any group — terror orgs, NGOs, militias | name, alias, topics, programId |
Person | Individuals | name, birthDate, nationality |
Sanction | A designation record linking entity to authority | program, startDate, reason |
PublicBody | Designating authority | name, jurisdiction, country |
Company | Corporate entity (subclass of Organization + Asset) | registrationNumber, jurisdiction |
Key Relationships¶
| Relationship | Connects | Example |
|---|---|---|
Sanction.entity | Sanction → Organization | "US FTO designation targets Hamas" |
Sanction.authority | Sanction → PublicBody | "Issued by US State Department" |
Ownership | LegalEntity → Asset | "Front company owned by organization" |
Membership | Person → Organization | "Operative is member of cell" |
Family | Person → Person | Kinship relationships |
Associate | Person → Person | Non-family associations |
Ontology Hierarchy¶
Thing
├── LegalEntity
│ ├── Person
│ └── Organization
│ ├── Company
│ └── PublicBody
├── Asset
│ ├── BankAccount
│ └── Company (also an Asset — can be owned)
└── Interval
├── Sanction
├── Ownership
└── Membership
This ontology enables Aletheia to understand that a Sanction is not just text — it's a relationship between an Organization and a PublicBody, with temporal properties and cross-references.
D. Multi-Authority Dataset¶
This use case combines terrorist organization designations from three major Western authorities:
Data Sources¶
| Authority | Dataset | Jurisdiction | Legal Framework |
|---|---|---|---|
| US State Department | Foreign Terrorist Organizations | United States | Immigration and Nationality Act |
| UK Home Office | Proscribed Organisations | United Kingdom | Terrorism Act 2000 |
| Australia Home Affairs | Listed Terrorist Organisations | Australia | Criminal Code Act 1995 |
All three datasets are sourced from OpenSanctions in FollowTheMoney format.
Dataset Statistics¶
| Entity Type | Count | Description |
|---|---|---|
| Organization | ~285 | Designated terrorist organizations |
| Sanction | ~181 | Individual designation records |
| PublicBody | 4 | Designating authorities |
| Total Nodes | ~300 |
What Makes This Dataset Interesting¶
| Characteristic | Why It Matters |
|---|---|
| Overlapping designations | Hamas designated by all three; National Action by UK only |
| Alias variations | Same org, different spellings across authorities |
| Organizational evolution | GSPC → AQIM, Real IRA → New IRA |
| Cross-references | Links to OFAC, EU, UN databases |
| No parametric knowledge | LLMs don't know specific FTO program IDs or designation dates |
Sample Entity¶
| Field | Value |
|---|---|
| Name | Lashkar-e-Taiba |
| Aliases | LeT, Al Muhammadia Students, Milli Muslim League, Tehrik-e-Tahafuz Qibla Awwal |
| Topics | sanction, crime.terror |
| Program ID | US-FTO219 |
| Designated By | US, UK, Australia |
E. The Challenge¶
The challenge for Aletheia is to answer queries that span multiple authorities, resolve aliases, and trace organizational relationships — all from unstructured designation data.
Data Challenges¶
| Aspect | Challenge |
|---|---|
| Naming inconsistency | "Hizballah" vs "Hezbollah" vs "Hizbollah" across authorities |
| Alias proliferation | One organization may have 5-10 known aliases |
| Transliteration variance | Arabic/Urdu names transliterated differently (Lashkar-e-Taiba vs Lashkar-e-Tayyiba) |
| Organizational evolution | Historical names, mergers, splinter groups |
| Cross-references | IDs pointing to OFAC, EU, UN — not human-readable names |
Query Challenges¶
| Query Type | Difficulty |
|---|---|
| Alias resolution | "What organization is also known as LTTE?" |
| Cross-jurisdiction | "Is Hamas designated by both US and Australia?" |
| Organizational genealogy | "What was AQIM called before?" |
| Authority-specific | "What Irish groups are proscribed in the UK?" |
| Pattern matching | "What organizations have 'ISIS' in their name?" |
Extending the Ontology: From Properties to Relationships¶
A key capability demonstrated in this use case is ontology extension — starting from a curated, well-known ontology (FTM) and extending it to meet specific analytical needs.
The Problem with FTM's Alias Handling
In the standard FTM ontology, aliases are stored as properties on entities:
This works for data storage, but doesn't enable graph traversal. You can't write a query like:
The Aletheia Extension
We extended FTM by adding a HAS_ALIAS relationship type that reifies the alias relationship:
ftm:HasAlias a rdfs:Class ;
rdfs:label "Has Alias" ;
rdfs:comment "Links an entity to an alternative name or identifier." ;
rdfs:subClassOf ftm:Interval .
ftm:HasAlias:entity → The canonical entity
ftm:HasAlias:alias → The alternative name
ftm:HasAlias:authority → Which authority uses this alias
This enables:
| Capability | Without Extension | With Extension |
|---|---|---|
| Find entity by alias | Property search only | Graph traversal |
| Multi-hop alias resolution | ✗ | ✓ |
| Authority-specific aliases | ✗ | ✓ (UK calls it X, US calls it Y) |
| Alias-to-alias connections | ✗ | ✓ |
Why This Matters
Real-world ontologies rarely fit perfectly. The ability to extend without forking — adding use-case-specific relationships while preserving compatibility with the upstream standard — is critical for practical deployments.
Example Query¶
"What authorities have designated Hamas as a terrorist organization?"
The system must:
- Resolve "Hamas" to the canonical entity (despite spelling variations)
- Find all Sanction records linked to that entity
- Traverse to PublicBody for each sanction
- Aggregate authorities: US State Department, UK Home Office, Australia Home Affairs
| Step | Action |
|---|---|
| 1 | Entity lookup: "Hamas" → Organization:Hamas |
| 2 | Relationship traversal: Hamas ← Sanction |
| 3 | Relationship traversal: Sanction → PublicBody |
| 4 | Return: US, UK, Australia |
F. Aletheia in Action¶
Claude must answer a set of questions relying on Aletheia's MCP connection to the terrorist organizations knowledge graph.
Demo Questions¶
-
Jurisdictional gap analysis (set difference) "Name an organization proscribed by the UK but NOT designated by the US"
-
Network affiliation traversal "What al-Qaeda affiliated organizations are designated as FTOs?"
-
Front organization detection (multi-hop) "What is the connection between Tehreek-e-Azadi-e-Kashmir and Lashkar-e-Taiba?"
-
Multi-alias resolution "What are all the known aliases for Lashkar-e-Taiba?"
-
Cross-jurisdiction query "What authorities have designated Hamas as a terrorist organization?"
-
Organizational genealogy (3-hop) "Trace the evolution: What was AQIM called before, and what network is it part of?"
-
Pattern matching "What organizations have 'Islamic State' or 'ISIS' in their name?"
-
Historical name "What was the New Irish Republican Army previously known as?"
-
Multilingual query (Spanish) "¿Hay alguna organización designada por Australia que no esté en la lista estadounidense?"
-
Compliance screening simulation (multi-hop) "If a company transacts with 'Al Muhammadia Students', would they trigger sanctions in the US, UK, or Australia?"
Capabilities Challenged¶
| Capability | Description |
|---|---|
| Set operations / gap analysis | Reasoning about what's in one list but absent from another |
| Network affiliation | Finding related organizations within terror networks |
| Front org / alias detection | Tracing connections through aliases and front organizations |
| Cross-jurisdiction aggregation | Combining designations from multiple authorities |
| Multi-hop genealogy | Following organizational evolution chains |
| Pattern matching | Finding entities by name patterns |
| Historical tracing | Understanding previous names and transformations |
| Multilingual understanding | Processing queries in different languages |
| Compliance use case | End-to-end sanctions screening simulation |
Claude Desktop Demo¶
Disclaimer
The answers produced during this demonstration are accurate and precise. However, the current MCP server capabilities do not yet expose the full power of the underlying GraphRAG engine.
This demo validates the data model and semantic search quality. Full GraphRAG capabilities await MCP interface enhancements.
Current MCP Capabilities¶
What Works Today:
- Semantic search over nodes — find organizations, authorities, sanctions by natural language similarity
- Semantic search over facts/edges — retrieve relationships between entities
- Entity type filtering — limit searches to specific node types
MCP Tools Explained:
| Aspect | search_nodes | search_memory_facts |
|---|---|---|
| Returns | Entity nodes (vertices) | Edges/relationships between entities |
| Data | name, summary, labels, attributes | Semantic facts connecting two entities |
| Use case | "Find entities matching X" | "Find relationships/facts about X" |
In Graphiti's knowledge graph model:
- Nodes are entities (e.g., "Hamas", "US State Department", "Lashkar-e-Taiba")
- Facts/Edges are relationships between entities (e.g., "Hamas designated by US", "LeT is alias for Lashkar-e-Taiba")
When to use each tool
- "What is Hamas?" →
search_nodesfinds the entity - "What authorities designated Hamas?" →
search_memory_factsfinds relationships connecting Hamas to authorities
What's Coming:
- Hybrid semantic + structural queries
- Multi-hop graph traversal
The limitation is in the MCP tooling layer, not in Aletheia itself.
G. Terrorist Organizations Knowledge Graph¶
The knowledge graph connects designated organizations across three jurisdictions, capturing aliases, sanctions, and authority relationships.
Aletheia Capabilities¶
Build a Graph:
- Extract organizations, sanctions, and authorities from FTM data
- Resolve aliases to canonical entities using the HAS_ALIAS extension
- Link organizations to multiple designation authorities
- Capture cross-references to external sanctions databases (OFAC, UN, EU)
Build a RAG:
- Create semantic embeddings for organizations and relationships
- Enable natural language queries across jurisdictional boundaries
Knowledge Graph Visualization¶
Graph Statistics¶
Entities:
| Type | Count |
|---|---|
| Organization | ~285 |
| Sanction | ~181 |
| PublicBody | 4 |
| Alias | ~500+ |
| Total Nodes | ~970 |
Relationships:
| Relationship | Description |
|---|---|
| HAS_ALIAS | Organization → Alias name |
| DESIGNATED_BY | Organization → Sanction |
| ISSUED_BY | Sanction → PublicBody |
| CROSS_REFERENCE | Organization → External database ID |
| AFFILIATED_WITH | Organization → Network (al-Qaeda, ISIS) |
Entity Distribution by Authority¶
| Authority | Organizations | Unique to Authority |
|---|---|---|
| US State Department | ~75 | ~20 |
| UK Home Office | ~96 | ~40 |
| Australia Home Affairs | ~30 | ~5 |
| Overlap (2+ authorities) | ~45 | — |
FalkorDB Graph Explorer¶
H. Building the Knowledge Graph¶
When ingesting FTM data, Aletheia must map the FollowTheMoney schema to a knowledge graph structure optimized for traversal and search.
Why Schema Matters¶
FTM provides a rich data model, but direct ingestion creates challenges:
| Challenge | Problem | Solution |
|---|---|---|
| Aliases as properties | Can't traverse to find "who is LeT?" | Reify as HAS_ALIAS relationships |
| Sanctions as separate entities | Organization ↔ Sanction ↔ Authority chain | Explicit DESIGNATED_BY and ISSUED_BY edges |
| Cross-references as IDs | ofac-7140 is opaque | Resolve to human-readable names where possible |
Schema Inference with Ontology Extension¶
Aletheia uses graph-hybrid schema mode:
- Load base FTM ontology into graph
- Apply Aletheia extensions (HAS_ALIAS relationship)
- LLM-assisted extraction aligned to extended schema
- Semantic matching for entity deduplication
Inferred Schema¶
Knowledge Graph: terrorist_orgs
✅ Entity types: 4
- Organization
- Sanction
- PublicBody
- Alias
✅ Relationship types: 5
- HAS_ALIAS
- DESIGNATED_BY
- ISSUED_BY
- AFFILIATED_WITH
- PREVIOUSLY_KNOWN_AS
Ingestion Pipeline¶
FTM JSON Lines
│
▼
┌─────────────────┐
│ Parse FTM │ → Extract Organization, Sanction, PublicBody
└─────────────────┘
│
▼
┌─────────────────┐
│ Reify Aliases │ → Convert alias properties to HAS_ALIAS edges
└─────────────────┘
│
▼
┌─────────────────┐
│ Link Sanctions │ → Organization → Sanction → Authority
└─────────────────┘
│
▼
┌─────────────────┐
│ Deduplicate │ → Merge same org across US/UK/AU datasets
└─────────────────┘
│
▼
Knowledge Graph
Ingestion Process¶
I. FollowTheMoney Ontology Graph¶
The FollowTheMoney ontology provides the structural foundation for entity extraction and relationship mapping.
Ontology as Schema Blueprint¶
| Component | FTM Provides | Aletheia Uses For |
|---|---|---|
| Entity Types | Organization, Person, Sanction, PublicBody | Type-constrained extraction |
| Properties | name, alias, topics, programId | Attribute mapping |
| Relationships | entity, authority, owner | Edge type vocabulary |
| Hierarchy | Company → Organization → LegalEntity | Inheritance-aware matching |
The Extension Pattern¶
Standard FTM wasn't designed for graph traversal. Aletheia extends it:
┌──────────────────────────────────────────────────────┐
│ FTM Base Ontology │
│ Organization, Person, Sanction, PublicBody, ... │
└──────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────┐
│ Aletheia Extensions │
│ HAS_ALIAS (reified), AFFILIATED_WITH, ... │
└──────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────┐
│ Extended Ontology Graph │
│ Loaded into FalkorDB for semantic alignment │
└──────────────────────────────────────────────────────┘
Why This Matters¶
| Without Ontology Graph | With Ontology Graph |
|---|---|
| LLM invents entity types | Types aligned to FTM vocabulary |
| Inconsistent relationship names | Standardized edge types |
| No alias traversal | HAS_ALIAS enables graph queries |
| Schema drift over ingestions | Consistent schema enforcement |
Ontology Graph in FalkorDB¶
The ontology graph is built before the knowledge graph:
# 1. Build ontology graph (once)
aletheia build-ontology-graph \
--use-case terrorist_orgs \
--knowledge-graph terrorist_orgs_ontology
# 2. Build knowledge graph with ontology reference
aletheia build-knowledge-graph \
--use-case terrorist_orgs \
--knowledge-graph terrorist_orgs \
--schema-mode graph-hybrid \
--ontology-graph terrorist_orgs_ontology
During ingestion, when the LLM detects an "Organization" entity, Aletheia queries the ontology graph to confirm it matches the FTM Organization class and retrieves its expected properties.