Online threats don’t respect platform boundaries. While malicious actors seamlessly exploit vulnerabilities across the digital landscape, Trust & Safety (T&S) teams often operate in isolated silos, unable to fully share intelligence or coordinate responses with counterparts fighting the same fights at other platforms. Additionally, teams at individual platforms may only see part of a larger problem. This fragmentation causes critical gaps that threat actors can–and do–exploit. However, there is a T&S industry-wide push towards a more open, equitable, and transparent Trust & Safety ecosystem, signalling a broader shift toward collaborative defense.
At TrustCon 2025, Eric Davis from Institute for Security and Technology (IST) and Kristen Murdock from Twitch will co-host a roundtable dedicated to addressing precisely this issue. Our session, Defragging Trust & Safety: Advancing Cross-Platform Threat Intelligence and Collaboration, aims to bridge these divides and establish pathways toward meaningful, practical cooperation.
Cross-Platform Intel is a Force Multiplier
Every T&S practitioner knows the frustration of uncovering critical findings during investigations, such as email addresses, IPs, or usernames–findings that, if shared swiftly, could be instrumental in stopping harm across multiple services. Equally familiar is that gut feeling, during other investigations, that a limited vantage point obscures the bigger picture. Threats such as account takeovers (ATOs), financial scams, and coordinated harassment thrive when platforms operate in isolation.
ATOs in particular, have become dangerously effective, spanning financial loss to reputational destruction. ATO actors typically fall into three categories: botnet-powered credential-stuffers who overwhelm login systems en masse; brute-force operators who systematically test password combinations; and targeted exploiters who combine profiling with credential reuse to mine specific demographic or sensitive information.
These tactics don’t necessarily operate in isolation, and threat actors do not confine themselves to one lane. In 2024, one threat actor group blended ATOs, SIM swapping, and swatting into a coordinated campaign aimed at promoting white supremacist ideology and targeting victims across platforms.
Such tactics thrive on weak authentication systems as well as the lack of signal sharing across services, such as reused credentials, IP patterns, or login anomalies. Collaborative detection of shared indicators can significantly enhance early detection and disruption of these widespread threats, as well as help highlight whether they’re part of a broader, multi-vector threat campaign.
However, effective collaboration requires more than simply exchanging or pooling structured data. Building relationships, trading ideas, and problem-solving in real time are vital to a successful cooperation. These kinds of open-ended engagements help us spot patterns, think long-term, and plan for the future, not unlike the conversations we engage in at TrustCon.
Concrete examples of successful collaborative models already exist. Lantern by the Technology Coalition enables over 20 leading companies—including Google, Meta, Discord, and Twitch—to securely share machine-readable signals related to child exploitation. Since its launch in 2023, Lantern has significantly enhanced platform defenses, resulting in the rapid disruption of tens of thousands of harmful accounts. Similarly, the Global Internet Forum to Counter Terrorism (GIFCT) manages a hash-sharing database that has become an industry-standard model, facilitating the removal of over one million instances of terrorist content through privacy-conscious, secure signal-sharing. The Tech Against Scams Coalition (TASC), another notable initiative, facilitates intelligence sharing specifically targeting financial scams, helping platforms collectively tackle fraud and exploitation. There is compelling proof that collaborative approaches not only work but are critical in scaling defensive successes across the broader digital landscape.
What We’ll Achieve Together at TrustCon
At the roundtable, Eric and Kristen will facilitate a candid, solutions-oriented dialogue. Our conversation will prioritize high-impact signals, starting with ATOs and other priorities shared by roundtable participants where trusted relationships and cross-platform collaboration can yield immediate, tangible benefits. We will openly address the legal and operational barriers that typically hinder cooperation, such as data privacy considerations, regulatory perceptions, and resource constraints, to jointly identify practical solutions. Drawing inspiration from cybersecurity Information Sharing and Analysis Centers (ISACs), our goal is to establish concrete next steps, such as creating shared taxonomies, informal coordination networks, or pilot tabletop exercises, to foster ongoing and meaningful collaboration beyond TrustCon.
Join the Conversation
Whether you’re managing risks at a major tech firm, moderating smaller community platforms, or developing tools for safer online spaces, your insights are crucial. Join us on Wednesday, July 23, 2025 at TrustCon, as we sit down to discuss strategies around shared challenges, build meaningful connections, and contribute to an actionable blueprint for Trust & Safety collaboration across platforms. Trustcon attendees looking for more information on collaboration in the Trust & Safety ecosystem should attend the “Joint investigations in Trust & Safety? Exploring operational cooperation to advance eco-system risk mitigation efforts,” a workshop by Henry Adams (Resolver) and Skip Gilmour (GIFCT) on Monday, July 21.
If you’re unable to attend in person but want to get involved, please reach out to [email protected] to learn more and contribute to future initiatives.
