Wednesday evening we walked through what the 2026 U.S. Counterterrorism Strategy confirmed. The Muslim Brotherhood designation. ISIS-K’s external operations mandate. Iran’s full proxy architecture. The border as an infiltration mechanism. The cartel-jihad convergence. Every category SDN has been briefing for years, now codified as White House doctrine.

Tonight the question changes asking why Washington didn’t name additional obvious/serious threats.

Tonight I’m joined by Jeff Emde — a 26 year CIA Case Officer — Randy Nantz, a combat-wounded Green Beret who has been inside the threat networks this strategy describes, JJ Carrell a 24 year CBP Special Agent and Khalid Muhammad of CommandEleven Intelligence. We’re going to name what the document left out. The threats Washington’s institutional CT apparatus is either missing, understating, or politically unwilling to put in an official strategy. This is the broadcast the strategy itself can’t give you.

1. THE DOCUMENT IS A FLOOR, NOT A CEILING

The first thing you need to understand about any official government strategy document is what it is and what it isn’t. What it is: a formal acknowledgment of threats that have already cleared the interagency coordination process, survived the political review, and been deemed safe to publish. What it isn’t: a complete picture of the threat environment.

Jeff Emde spent 26 years inside the apparatus that produces documents like this one. He knows what gets left on the floor. Intelligence assessments that are accurate but politically inconvenient. Threat categories that implicate partner nations whose cooperation Washington needs. Domestic vulnerabilities that, if named in an official document, would require a policy response the current bureaucracy isn’t prepared to deliver.

The 2026 CT Strategy is the most honest official counterterrorism document the U.S. government has produced in years. That’s not a small thing. But honest and complete are not the same.

Every strategy document is also a negotiated document. The threats that made it through the process are the threats someone in the interagency was willing to own. The threats that didn’t make it through — those are the ones we’re covering tonight.

🔥 LOCK-IN PRICE. SECURE SUPPLY. STACK VALUE.

Subscribe to CarniVault and get:

✅ Premium protein delivered
✅ 12-month price lock in a volatile market
✅ FREE SDN Guardians membership (real-time intel + alerts)

DISCLOSURE: This post contains affiliate links. If you make a purchase through them, we may earn a small commission at no extra cost to you. This helps keep our work independent. Thank you for your support.

2. WHAT JEFF & KHALID SEE THAT ISN’T IN THE DOCUMENT

A 26-year CIA Case Officer doesn’t speak in hypotheticals. Jeff’s analysis of the CT Strategy’s gaps centers on three categories.

The speed of convergence. The strategy acknowledges collaboration between nation-states, non-state actors, far-left networks, and Islamist organizations. What it understates is how fast that convergence is moving and how operationally mature those relationships already are. The document describes an emerging threat. Jeff’s assessment is that in several of these relationships, the emergence phase is over.

The domestic facilitation infrastructure. The strategy names Iran’s proxy architecture in broad terms. What it doesn’t map is the granular domestic facilitation network — the front businesses, the recruited assets inside diaspora communities, the financial pipelines running through legitimate institutions — that would need to be named specifically to be actionable. That level of specificity didn’t survive the publication process.

The intelligence community’s own blind spots. The strategy was written by the same institutional apparatus that missed or minimized several of the threat categories it’s now confirming. Jeff’s pointed observation: a document that acknowledges the threat doesn’t automatically mean the collection and analysis infrastructure is now oriented to detect the next phase of that threat. The acknowledgment and the capability are not the same thing.

3. WHAT RANDY & JJ SEE ON THE GROUND

Randy Nantz’s and JJ Carrell’s frame is different from Jeff’s. A CIA Case Officer sees the threat through collection and analysis. Front line warrios who’ve been inside the networks see it through the operational patterns — how threat actors move, how they establish logistics, how they probe before they strike.

Randy’s and JJ’s assessment of the CT Strategy’s most significant omission is the one that keeps them up at night: the document doesn’t adequately address what happens when the threat transitions from network-building to kinetic execution inside the American homeland. The strategy describes the threat infrastructure. It doesn’t walk through the operational playbook.

Pre-attack surveillance. The behavioral signatures of a cell that has moved from preparation to targeting will appear in communities months before any attack. Those signatures — the pattern of surveillance passes, the testing of security responses, the logistical pre-positioning — are visible to a trained eye. The CT Strategy doesn’t give the American public the tools to recognize them. Randy does.

The soft-target selection logic. The Moscow concert hall attack was not random. Neither will the next mass-casualty event on American soil be random. The selection logic — maximum casualties, maximum psychological impact, minimum security friction, maximum media saturation — follows a pattern that the CT Strategy acknowledges in broad terms but doesn’t translate into the community-level awareness that would actually change target hardening behavior.

First responder exposure. The strategy is silent on what the CT apparatus’s own modeling shows about first responder capacity in a mass-casualty or multi-vector attack scenario. Randy’s assessment from his operational experience: the gap between the threat level the strategy confirms and the actual response capacity of local law enforcement and EMS in most American cities is wider than any official document will ever say in print.

STAND WITH THE MISSION ...

If you rely on our threat briefings to stay ahead of what’s coming, upgrade to Guardian today. Your support keeps SDN independent and our intelligence flowing, no filters, no sponsors, no censorship.

Get Full Intel Access

4. MORE STUFF KHALID SEES THAT THE STRATEGY DOESN’T NAME

Khalid Muhammad has spent years tracking the networks the CT Strategy describes from an intelligence and analytical vantage point that operates outside the constraints of the interagency process. CommandEleven Intelligence doesn’t have to negotiate what it publishes with a political review board.

Three things Khalid flags as absent or inadequate in the strategy:

The Sunni-Shia operational convergence. The CT Strategy treats Sunni jihadist networks and Iranian Shia proxy networks as parallel tracks. Khalid’s analysis suggests the operational convergence between these historically opposed factions — driven by shared opposition to American power and Israeli existence — is further along than the document implies. When ideological enemies start sharing logistics, the threat calculus changes in ways the strategy’s existing framework doesn’t fully account for.

The domestic propaganda infrastructure. The strategy identifies radicalization as a threat vector. It doesn’t adequately map the institutional infrastructure — the media organizations, the university networks, the legal advocacy groups — that will continue to generate radicalization pipelines regardless of how many FTO designations are issued. You can designate the Brotherhood and still leave the conveyor belt running.

The next-generation recruitment pool. The radicalization pipeline the strategy describes is oriented toward the threat actors it already knows. Khalid’s assessment is that the more dangerous recruitment pool is the one that doesn’t look like any prior threat profile — American-born, non-Muslim background, radicalized through online ecosystems that blend anti-government grievance, apocalyptic framing, and operational fascination into an ideological cocktail that existing detection frameworks weren’t built to find.

5. THE THREE CATEGORIES THE STRATEGY POLITICALLY CANNOT NAME

This is the section where the institutional CT apparatus stops and SDN keeps going.

There are categories of threat that won’t appear in any official U.S. government strategy document — not because the intelligence doesn’t exist, but because naming them creates political and diplomatic consequences that the current system isn’t structured to absorb. We’re naming them tonight.

Partner nation complicity. Several of America’s formal treaty allies and strategic partners will continue to fund, shelter, or provide diplomatic cover to organizations and individuals who appear in the CT Strategy’s threat categories. The strategy can’t name those partners by name without triggering a diplomatic crisis. The threat actors those partners protect will continue operating regardless of what the strategy says about them.

The ideological infrastructure inside American institutions. The CT Strategy can designate foreign terrorist organizations. It cannot, in its current form, map the domestic ideological infrastructure — the think tanks, the advocacy organizations, the academic networks, the media ecosystems — that provide the narrative environment in which radicalization occurs and that actively resist the kind of community-level counterterrorism awareness this broadcast is built on. That infrastructure isn’t in the document because naming it would require a political confrontation the strategy’s authors weren’t authorized to pick.

The grid and infrastructure attack surface. The CT Strategy addresses WMD and mass-casualty threats. It is notably quieter about the specific vulnerabilities in America’s electrical grid, water infrastructure, communications backbone, and financial system that the threat actors it names have already mapped, probed, and in some cases pre-positioned against. The gap between what the government’s own infrastructure vulnerability assessments show and what appears in the public CT strategy is not an accident. It’s a decision.

THE SDN VALUE PROPOSITION

In Part 1 of this special, we established that SDN’s historical analysis aligned with the 2026 CT Strategy at 90 to 95 percent. Three independent AI platforms confirmed it. The government caught up to where SDN was years ago.

Part 2 is why that validation matters but isn’t enough.

The threat doesn’t pause while Washington negotiates what it’s willing to put in writing. The gaps in the strategy — the convergences it understates, the domestic infrastructure it won’t name, the partner nation complicity it can’t acknowledge, the attack surface it won’t fully describe — those gaps represent the operational space that hostile actors will use.

SDN’s job has never been to confirm what the government admits. It’s to be in the gap. To name what the institutional apparatus won’t name. To brief Guardians on what’s moving in the dark before it becomes a strategy document three years from now.

Jeff Emde spent 26 years building the picture. Randy Nantz has been inside the networks it describes. Khalid Muhammad tracks them in real time. SDN is the place where that expertise speaks without a political filter. That’s not a marketing line. That’s the operational reality of what this broadcast is built to do.

LIFETIME GUARDIAN - PAY ONCE, NEVER PAY AGAIN

Permanent access to GUARDIAN content, alerts, archives, and everything added in the future.

• No subscriptions.

• No renewals.

• No recurring charges.

• $599 one-time payment.

You’ve read through the full threat picture. You know the pattern exists and you know the official data pipeline just went dark. This is exactly the threat environment where real-time intel - arriving before the news cycle processes it - is worth more than ever.

One payment locks in permanent access to everything SDN Guardians receives, now and in the future, with zero renewal decisions, zero price hike exposure, and zero monthly mental load. One decision. Done.

GO LIFETIME NOW

Godspeed,
Chris Heaven, CEO
Survival Dispatch

🔒 THE BRIEFING THAT GOES WHERE THE STRATEGY STOPS

SDN Guardians receive nightly real-time intelligence briefings from a panel that includes a 26-year CIA Case Officer, a 24 year CBP Special Agent, a combat-wounded Green Beret, and CommandEleven Intelligence — analysts who speak without the political constraints that shape every official government document.

SDENS emergency alerts. Direct access to our expert panel. The full SDN archive — 37 Insider eMags at $400 retail value, free. Real-time intel when the situation moves.