Modern sociotechnical systems depend on external components — third-party scripts, content delivery networks, identity providers, SaaS integrations, mobile application stores, and supply-chain dependencies — that exist outside the system's telemetry boundary. This structural dependency creates a class of failures that internal instrumentation is architecturally incapable of detecting: failures that occur before requests reach the system, after responses leave it, or inside external dependencies the organization does not control. This paper introduces Boundary Intelligence, a diagnostic methodology that applies Open Source Intelligence (OSINT) instruments as external boundary telemetry to detect what this paper terms negative-space failures — failures detectable only by their absence, leaving no internal logs, no alerts, and no telemetry traces. The methodology is organized around five boundary classes — External Dependency, Client-Side Execution, Identity, Integration, and Supply-Chain — and introduces a diagnostic inversion as its methodological core. A review of published OSINT methodologies confirms that existing frameworks position OSINT exclusively as an adversarial visibility instrument: organizations use OSINT to discover what attackers can see about their infrastructure. Boundary Intelligence inverts this vantage point entirely, applying the same instruments to map systemic blindness rather than adversarial visibility. Ten canonical case studies demonstrate OSINT instrument chains across all five boundary classes, yielding fifteen reusable diagnostic patterns codified in a Pattern Glossary. The methodology includes a formal operator workflow, a boundary taxonomy, a negative-space failure theory, a governance layer applicable to organizational resilience programs, and a transmission layer defining the generative protocol for extending the discipline. This work establishes Boundary Intelligence as a named discipline distinct from threat intelligence, with no current methodology equivalent in the published literature. The methodology is particularly critical for resource-constrained organizations — small and mid-sized businesses, nonprofits, and care-based institutions — that cannot afford enterprise monitoring stacks but bear the same dependency exposure as larger organizations.
Narnaiezzsshaa Truong (Wed,) studied this question.