Cybercrime Atlas Launches Cosmos Open-Source Threat Map

The Cybercrime Atlas initiative has released Cosmos, an open-source platform designed to map global cybercrime networks and expose the relationships between criminal groups, tools, and infrastructure.

Hosted by the World Economic Forum's Centre for Cybersecurity, the platform aims to address a persistent problem in cybercrime disruption: fragmented terminology, isolated investigations, and inconsistent reporting structures across borders.

According to the Digital Watch Observatory announcement, the first version of Cosmos contains nine core categories, 229 identified cybercrime-related elements, and 849 mapped connections showing how criminal networks, tools, and services interact.

The dataset is designed to expand as the wider community contributes new intelligence. This matters because cybercrime increasingly functions as an interconnected ecosystem, with specialised groups, tools, infrastructure providers, and illicit services supporting one another across borders.

Orange Cyberdefense leads the development effort, with contributions from Banco Santander, Universitat de Girona, Scitum, and TrendAI. The broader initiative also involves Fortinet, Binance, Microsoft, PayPal, TNO, Trend Micro, Interpol, and FIT VUT (Faculty of Information Technology at Brno University of Technology).

The project launched in 2023 under the auspices of the World Economic Forum. According to last year's annual report, findings gathered by the Cybercrime Atlas project in 2024–2025 were utilized in four major international campaigns aimed at disrupting cybercrime networks.

Cosmos links cybercriminal groups, tools, infrastructure, markets, and services in an interactive framework. The initiative aims to standardise definitions, organise threat intelligence into a shared structure, and help different actors coordinate more effectively across borders (a problem that has plagued investigators for years, frankly).

From a technical standpoint, the platform represents a shift from isolated incident response towards more coordinated disruption of criminal networks. A shared map of those relationships could give investigators and policymakers a clearer view of how digital crime is organised.

Researchers at FIT VUT note that cryptocurrencies and tokens have been widely exploited by cybercriminals due to their characteristics: nearly instantaneous settlement, cryptographic security preventing forgery, pseudonymous addresses, and the absence of a centralized regulator.

The open-source nature of Cosmos means the dataset will evolve as contributors add intelligence. This collaborative approach mirrors how threat intelligence has developed in other sectors, though the scale and cross-border coordination requirements are notably higher here.

Whether this actually changes outcomes remains to be seen. Criminal networks adapt quickly, and a public map could theoretically help them identify gaps in coverage. The real test will be whether law enforcement agencies actually use the data to coordinate takedowns, or whether it becomes another well-intentioned repository that sits gathering dust.

For now, the platform is live and the community can start contributing. Whether that translates into fewer successful attacks or just better documentation is the question nobody can answer yet.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn