LIVE · BALTIC SEA

Real-time grey-zone maritime threat detection for the Baltic.

AIS · Sentinel-1 SAR · OSINT fused into a single analyst console. Dark vessels, loitering, and anomalous behaviour near subsea cables and critical infrastructure — with provenance for every alert.

View the live console Contact the team

Baltic Sea — subsea cables, pipelines, critical infraOpen + commercial data only · no classified

The problem

Four major incidents. Two years. One shipping lane.

Grey-zone attacks against Baltic subsea infrastructure have moved from isolated events to a pattern. Each one left a public trail of AIS gaps, satellite passes, and news reporting — fusion work that today happens manually, after the fact.

26 Sep 2022

Gas pipeline rupture

Nord Stream 1 & 2 sabotage

Four pipeline ruptures in Swedish + Danish EEZs. Subject of national investigations in Sweden, Denmark and Germany.

Wikipedia ↗

7–8 Oct 2023

Gas pipeline + telecom damage

Balticconnector + telecom cables

Newnew Polar Bear (implicated)

Balticconnector gas pipeline (FI–EE) and two telecom cables severed. Finnish NBI investigation focused on the Chinese vessel's track.

Wikipedia ↗Yle ↗

17–18 Nov 2024

Two subsea cables severed

C-Lion1 & BCS East-West

Yi Peng 3 (investigated)

BCS East-West (SE–LT) and C-Lion1 (FI–DE) severed within 18 hours. The bulk carrier's anchor was dragged across both cables.

Wikipedia — Yi Peng 3 ↗Wikipedia — C-Lion1 ↗

25 Dec 2024

Power + telecom cables severed

Estlink 2 + telecom cables

Eagle S (investigated)

Estlink 2 (FI–EE) HVDC link + four subsea telecom cables cut. Finnish authorities boarded and detained the tanker.

Wikipedia — Eagle S ↗Wikipedia — Estlink 2 ↗

What it does

One analyst console, four fusion layers.

Tidewatch is deliberately narrow: Baltic Sea, subsea-cable + suspicious-vessel threat model. Everything runs on open or commercially licensable data — fully defensible provenance for every alert we raise.

Live AIS fusion

Real-time vessel positions from AISStream over the full Baltic AOI. Normalised, deduped, spatially indexed, rendered < 5 s after broadcast.

SAR dark-vessel detection

Sentinel-1 Process API → CFAR amplitude detection → fusion with AIS. Anything the satellite sees but isn't broadcasting surfaces as a dark-vessel alert.

Anomaly detectors

Loitering near cables, AIS-off-inside-zone, route deviation, rendezvous. All explainable, all score-ranked, deduplicated so the feed stays quiet.

Natural-language analyst

Evidence-grounded answers over alerts, vessel history, and OSINT. Every claim links back to a raw data ID — no hallucinated vessel names.

How it works

Ingest, fuse, detect, explain.

Three sensor streams converge in a single spatiotemporal index. Anomaly detectors run on rolling windows; a fusion reconciler matches SAR detections to AIS; the analyst console reads from the same index and only over structured tools — no hallucinated vessel data possible.

AIS

AISStream WebSocket

Sentinel-1 SAR

Copernicus Process API

OSINT

GDELT + curated RSS

PostgreSQL + PostGIS + pgvector

tracks · detections · infra · alerts · osint

Anomaly workers

loitering · AIS-off · rendezvous

Fusion reconciler

SAR × AIS → dark vessel

LLM analyst

RAG over typed tools

Analyst console

MapLibre · deck.gl · evidence-grounded UI

Decision superiority

What Tidewatch addresses — and what's still ahead.

The capabilities analysts and decision-makers ask for in grey-zone maritime operations, mapped to what Tidewatch does today. The two items we don't yet address are Phase 2 — honest framing beats over-claiming.

Capability

Today

How Tidewatch addresses it

Multi-source fusion of ISR

AIS + Sentinel-1 SAR + OSINT in a single spatiotemporal index.

Anomaly detection

AIS-off, loitering, course deviation, rendezvous detectors with scoring.

Leverage commercial + open-source data

Copernicus, AISStream, GDELT, public cable maps — fully open pipeline.

Natural-language analyst interaction

LLM-backed console — "what's happening near Estlink 2 today?"

Course-of-action analysis

CoA generator with time-to-intercept + coverage + escalation scoring.

Targeting support workflows

Intercept option ranking feeds targeting cells (downstream work).

Scenario preparation / wargaming context

Historical replay mode seeds scenarios from real incidents.

Agent-based red/blue simulation

Phase 2. Tracked in the roadmap.

Reinforcement learning for course-of-action

Phase 2. The current ranker is analytical and fully explainable.

Roadmap

Narrow today. Theatre-wide platform later.

Phased by design: prove the pipeline on a constrained AOI first, earn operational pilots second, expand the theatre later. Scope discipline is the single biggest predictor of delivery.

Phase 1

current

Baltic operational stack

Live AIS + SAR fusion pipeline
Anomaly detectors: loitering, AIS-off, dark-vessel
Natural-language analyst console with evidence grounding
Historical replay of public Baltic incidents
Exportable incident reports

Phase 2

Partner pilots + simulation

Red/blue agent-based wargaming
Reinforcement learning for course-of-action ranking
Pilots with cable operators and coastal agencies
Allied platform integration pathways

Phase 3

Beyond the Baltic

North Sea, Eastern Mediterranean, Black Sea
Edge deployment on patrol assets
Multi-tenant org + role-based access
Mobile companion for maritime operators

Built by

Alex Bobes — CTO, 16+ years across AI, security, and cloud

Tidewatch is built by Alex Bobes, a Romanian technology leader based in Bucharest. CTO across eight companies in 16+ years, with deep work in AI systems (RAG, LLMs, agents), cybersecurity (infrastructure hardening, compliance, penetration testing), and technical SEO. Tech investor and published author on Amazon, HackerNoon, and Authority Magazine.

Founder of Asociatia Taxi Gratis, Romania’s free medical-transport NGO — 12+ years, 30,000+ km/year, 400+ people helped annually. Recognised with the JCI Ten Outstanding Young Persons award (2019) and operating support from Pro TV and OSCAR Downstream.

16+: Years in tech
8: Companies led
65+: Articles published
400+: People helped / year (NGO)

alexbobes.com LinkedIn HackerNoon Authority Magazine

Tidewatch’s technical posture follows the same principles Alex applies elsewhere: hardened infrastructure, open-source data only (no classified inputs), explainable rules-based detectors before ML, and reproducible incident reports. The build doc, the full source, and the data sources are public.