Related project:
EU-HYBNET
No matter how far back we look, war has always accompanied humanity. In recent decades, Europe experienced a period of relative peace, which may have lulled our vigilance. But we now know all too well that those calm times are over. What’s more, pressure is no longer applied solely through conventional means and heavy weaponry — hybrid threats are playing an increasingly significant role.
Table Of Contents
Current battles on the frontline are not only conducted with conventional methods and heavy weapons, another threat is playing a more prominent role – the hybrid one.
Along with technological developments, the spectrum of threats for countries and societies to protect against has increased. War in the XXI. century includes a gamut of techniques and is not only based on the use of classical weapons. Aggressors use hybrid actions, combining military and non-military methods to tackle an enemy. Additionally, the lines between ‘war-like’ interference and actual war are blurred.
The roles of spies, intelligence services and propaganda have been significant in former conflicts and tensions between nations. Yet, the rise of a digital world and interconnected societies exacerbates the challenges. We weren’t prepared for the wave of additional threats a modern nation face. However, European countries are working together to build resilience against hybrid threats, and one of the actions taken is the EU-HYBNET project.
Examples of hybrid threats are not far to seek. In recent years, we have witnessed, among other things, the Russian invasion of Ukraine based on military action proceeded by and now entwining disinformation and propaganda activities. Influences in the US presidential elections, interference fuelling tensions and divides in Brexit and even the Rohingya genocide in Myanmar.
Raising awareness about hybrid threats is necessary to improve security. While there is no one-size-fits-all remedy for modern interference, cooperation, especially at the information level, is a step towards building resilience.
The Polish Platform for Homeland Security is one of the EU-HYBNET partners, which is why we decided to write about the changes in the way of exerting political pressure and the problems resulting from the development of advanced technologies. In the article, we explain, among other things, what constitutes a hybrid threat, who is vulnerable to them and how to increase defensive capabilities.
Threat Recognition
The basic feature of hybrid threats is their diverse nature. It is a wide catalogue of hidden and covert activities below the threshold of war in its classical sense, combining both armed attacks and non-military pressure.
The main purpose of hybrid attacks is to destabilise the structure of the state, erode public trust in civil society and the foundations of democracy, as well as weaken the opponent at the local, regional, state or institutional level through interference by political and non-state actors.
As NATO’s “A Strategic Communications Perspective” report emphasises, the defining characteristics of hybrid threats is their deliberate ambiguity. Such actions are often difficult to identify or attribute clearly, as the responsible actors and their intentions are obscured or hidden. The effects of these threats are frequently dispersed and may only become visible gradually, complicating the task of timely recognition and response.
It is almost impossible to present all examples of hybrid threats, because their range is constantly expanding. A division into categories was introduced, including:
- diplomatic,
- informational,
- psychological,
- cybernetic,
- technological,
- energy-related,
- military (below the threshold of war).
Activities specific to different categories are carried out in parallel, often for a long time.
Importantly, most hybrid activities take place precisely below the threshold of open warfare, exploiting the so-called "grey zone" between peace and armed conflict. Although hybrid threats and hybrid warfare are closely connected, it is essential to distinguish between their scope and character.
Hybrid threats and hybrid warfare
Hybrid threats refer to the broad potential posed by state or non-state actors using a coordinated mix of conventional and unconventional tactics, such as disinformation, cyberattacks, economic pressure, and political interference. These actions remain below the threshold of open conflict, exploiting societal and institutional vulnerabilities.
Hybrid warfare, on the other hand, is the active operationalisation of these tactics during a conflict. It involves the strategic use of both military force and non-military methods—such as cyber operations, propaganda, and irregular forces—to achieve specific objectives. Where hybrid threats represent an ongoing latent danger, hybrid warfare marks their deliberate and often escalatory implementation in a more direct confrontation.
| Aspect | Hybrid threats | Hybrid Warfare |
|---|---|---|
| Definition | Potential or actual use of blended, coordinated harmful activities | The operational use of blended tactics in a coordinated campaign |
| Scope | Broad: includes all forms of malign activities below and up to warfare | Narrower: focuses on active conflict using both conventional and unconventional means |
| Means used | Information, cyber, economic, political, covert, or military threats | Combination of military force with cyber, disinformation, irregulars, etc. |
| Objective | Undermine, destabilize, influence, or coerce | Achieve strategic/military objectives, often through conflict |
| War threshold | Usually below open warfare; may never escalate to war | Can include open warfare; blurs line between war and peace |
You might also be interested in this article:
Critical Infrastructure Threats – The Basics for Businesses
Vulnerability to potential attacks
Hybrid actions are aimed at the most sensitive points of the attacked state. Unstable countries, torn by internal conflicts and divisions, often resulting from weakening governments, are much more vulnerable. In addition, insufficient media literacy and spreading disinformation intensify public distrust towards civil society. Weakness in the area of cybercrime and energy dependence or economic pressures also increase vulnerability.
One of the most effective methods of building resilience is joint development of universal methods of dealing with hybrid attacks. Despite cooperation in various European projects, hybrid operations continue to pose a threat to EU and NATO member states. The case of Russian pressure using the position of economic and energy power can be indicated as a good example of exploiting the “weak point” of the attacked. To implement its policy, Russia has used a number of cyber and disinformation activities related to raising concerns about economic and energy stability. In some countries of the Alliance (Germany, Turkey, Poland, Great Britain, the United States and Ukraine), complex cyberattacks were detected, which were indirectly intended to interrupt natural gas supplies. More information can be found on NATO’s website.
Ukraine was and is the hardest hit by the Russian attacks. The neighbour country of the aggressor experienced interruptions in the supply of natural material and cyberattacks on power plants, which led to power outages. There was also the illegal annexation of Crimea, not to mention the current situation – hybrid war in the full sense of the term.
In some countries of the Alliance (Germany, Turkey, Poland, Great Britain, the United States and Ukraine), complex cyberattacks were detected, which were indirectly intended to interrupt natural gas supplies.
Hybrid threats – examples
The individual categories mentioned earlier can be assigned to the so-called “kinetic” or “non-kinetic” operations. As examples of kinetic attacks, we can mention the seizure of territory by unmarked soldiers, cyberattacks on critical infrastructure (e.g. interruption of GSM communication) or the organisation of a coup. Non-kinetic activities, in turn, are various disinformation and propaganda activities, sponsoring radical political movements, applying economic pressure or covert activities aimed at contributing to the growing political crisis in other countries.
The issue of psychological and informational threats should be given special attention. A highly significant role in destabilising the internal situation is causing unrest and clear social divisions. Nowadays, with the rise of the social media age, information manipulation and propaganda activities are easy to carry out both for political and ruling groups, as well as for non-state actors.
As you can see in the diagram below, information-level threats take many forms. This is a wide range of actions taken to weaken trust and increase social conflicts from the bottom up. In a democratic system where citizens have an indirect influence on political decisions, a polarised society is not conducive to building a secure and resilient system. It can be concluded that spreading fake news and interfering with the information space are among the most frequently used methods of destabilising the structure of the state.
Diagram 1. Types of manipulation of information space (adaptation from original work) Source: K. Kumalski, „Sztuczna inteligencja jako instrument intensyfikacji zagrożeń hybrydowych w domenie informacyjnej”.
Development of Artificial Intelligence – Asset or Flaw?
Despite the growing awareness of hybrid activities and the ever-widened range of methods of dealing with them, the threats are still increasing – so there is no ability to be prepared for all possible scenarios. An important change in the way political pressure is exerted is the intensification of threats in the information domain with the use of Artificial Intelligence (AI).
The use of artificial intelligence in hybrid activities is primarily to automate the spread of disinformation. The dynamic development and the increasing availability of AI are not conducive to building resistance to information attacks. Artificial intelligence uses many possibilities, from introducing erroneous messages into the media stream, to advanced methods of creating fake news using deep-fake technology (see: Diagram 1.).
Another aspect of the dangers arising from the development of AI are the issues of costs. These tools are available to corporations and non-state actors with the funds needed to access and maintain the technology. This poses a threat to countries with less financial potential, which may experience not only information attacks, but also economic pressure. The diagram of threats resulting from the availability of AI is presented in Diagram 2.
Diagram 2. Transnational corporations as potential source of hybrid threats (adaptation from original work) Source: K. Kumalski, „Sztuczna inteligencja jako instrument intensyfikacji zagrożeń hybrydowych w domenie informacyjnej”.
It is possible that authoritarian states will use access to AI to undermine the foundations of democracy: free elections or access to independent media (through, for example, attempts to subvert sources of reliable information). On the other hand, countries with a democratic system, being aware of this threat, can take preventive and defensive measures also using AI. The technology itself still needs to be refined, but even with its limitations, its availability both increases resilience to hybrid threats and the dangers that result from them.
Addressing Hybrid Threats
One of the most important factors influencing the level of resilience is international cooperation. Both NATO and EU member states strive to jointly develop methods of defence. As part of these efforts, the European Commission has undertaken analyses of Russian and Chinese strategic thinking to foster a shared understanding of hybrid threats among stakeholders and to support the development of effective policies and responses. Separately, it also introduced the Joint Framework on Countering Hybrid Threats, aiming to strengthen the EU’s ability to prevent, detect, and respond to hybrid threats through improved situational awareness, enhanced resilience, coordinated response measures, and close cooperation with NATO. Another European initiative, aimed at combining the capabilities of many institutions, is EU-HYBNET. The partners of the project include both non-governmental organisations, representatives of state services and scientific institutions.
EU-HYBNET Project Scope and Results
While protection against economic, energy or military pressures remains in the hands of state and EU institutions, the fight against disinformation and building psychological resilience can also be a part of local activities. This 5-year project promoted countering hybrid threats at various levels. Some examples of workshops included:
- “Counteracting disinformation – resilient citizens” organised in Wrocław by the PPHS together with the Regional Representation of the European Commission.
- A meeting for young people devoted to media education and critical thinking, organised by the Poznań Youth City Council and PPHS.
- Innovation and Standardisation Workshop (ISW) in Brussels, focused on presenting and evaluating innovative tools, such as crisis communication platforms, media monitoring systems, citizen reporting apps, and disinformation countermeasures.
The EU-HYBNET project, concluding in April 2025, has successfully strengthened Europe’s ability to counter hybrid threats through network-building, innovation, and strategic coordination. Over its five-year run, the project built a robust community of 133 organisations across 26 countries, including practitioners, academic institutions, NGOs, and SMEs. This broad and diverse network became the foundation for collaborative knowledge exchange, joint problem-solving, and long-term resilience building against hybrid threats.
A central output of the project was the formulation of actionable recommendations aimed at increasing innovation uptake and standardisation. Among these, four standout solutions were identified:
- Mobile Reporting Application – A citizen-facing mobile app designed to report incidents of harassment and violence, both in the physical and digital space, enabling early detection of hybrid threat signals and supporting the role of citizens in security ecosystems.
- AI-Enhanced Emergency Communications – A communication system leveraging artificial intelligence to secure and streamline information exchange between authorities and the public during crises, with an emphasis on resilience and functionality across platforms.
- Media Pluralism Monitor – A tool for assessing national vulnerabilities to foreign information manipulation and interference (FIMI), aiding governments in safeguarding media diversity and democratic integrity.
- Starlight Disinformation-Misinformation Toolset – A suite of tools developed within the Starlight project, geared towards law enforcement needs in identifying, analysing, and countering FIMI activities.
These innovations were discussed, refined, and promoted through EU-HYBNET events, particularly the 3rd Innovation Standardisation Workshop, which brought together stakeholders from policy, academia, industry, and civil society. The project also provided recommendations for industrialisation and standardisation to ensure the long-term sustainability and broader adoption of these tools across the EU.
The network will continue under the stewardship of the European Centre of Excellence for Countering Hybrid Threats (Hybrid CoE). Hence, the continuity and further development of current achievements is secured.
