- The U.S. domestic threat landscape is increasingly decentralized and networked, with lone actors and small online-driven cells replacing traditional hierarchical terrorist organizations.
- Online ecosystems play a central role in radicalization, where grievance-based narratives, accelerationist ideology, and past attack glorification enable rapid self-radicalization and real-world violence.
- Financial complexity, foreign influence (including actors such as Hezbollah), and operational constraints within public security systems make detection and response significantly more difficult.
To kick off day two of the event at Homeland Security Today’s 2026 Counterterrorism Summit, a distinguished panel of professionals from diverse backgrounds came together to explore how domestic threats in the United States are rapidly evolving. This panel, moderated by Dr. Mahmut Cengiz, brought together the combined expertise of Jonathan Lewis, Aurora Ortega, Brandon Graham, and David Tyree to discuss the nuances of the U.S. domestic threat landscape in 2026. Each speaker approached the discussion from a distinct angle, bringing a unique perspective to the table. The discussion covered a wide range of timely and important concerns and ultimately emphasized that today’s domestic threat landscape is becoming more decentralized, more digital, more financially complex, and harder to address using traditional counterterrorism approaches.
A consistent theme throughout the discussion was the shift away from traditional hierarchical terrorist organizations toward decentralized, cell-based networks and lone actors. Lewis described how today’s radicalization often occurs online, where graphic content, personal grievances, and tactical guidance circulate freely with few guardrails. In these echo chambers, individuals can self-radicalize and build their own pathways to violence without direct organizational direction.
These digital spaces also play a major role. They foster a sense of belonging, normalize extremist ideas, and, in some cases, desensitize users to violence by repeatedly exposing them to past attacks. Lewis emphasized that ideology is often secondary in this environment, with violence itself or accelerationist thinking becoming the primary motivator. He pointed to historical incidents like the 1991 Oklahoma City bombing as early reference points that continue to inspire copycat behavior, especially in online communities where past attacks are repeatedly studied and repackaged. He also cited the plot to kidnap a Michigan Governor as an example of how quickly these loosely connected individuals can move from online rhetoric to real-world action without any real structure or direction.
Across this evolving landscape, Lewis stressed that the threat is increasingly networked rather than organizational, with online ecosystems enabling the spread of instructions, encouragement, and imitation for future attacks. This creates a persistent challenge, particularly when vulnerable individuals are targeted in these same online spaces.
Ortega added to the discussion by highlighting how Iranian-backed actors, particularly Hezbollah, have demonstrated the ability to inspire or exploit individuals within the United States. She noted that her upcoming publication examines a lesser-known 2015 case involving U.S. citizens who operated on behalf of foreign-linked actors to store materials for operations inside the homeland. Related examples of Hezbollah sleeper-agent activity, including surveillance on U.S. targets, further illustrate how foreign actors can gain access to carry out attacks on U.S. soil. Tyree wrapped up the conversation by explaining the financial aspect of the threat environment, emphasizing that while tracing the money remains critical, it is becoming increasingly difficult. The use of cryptocurrency, informal transfer systems, and money laundering networks, including Chinese operations, presents significant investigative challenges.
One major takeaway is that domestic extremism is increasingly driven by individuals or small, loosely connected networks rather than by structured organizations. In this online space, ideology often serves as “window dressing,” while accelerationist thinking and violence for its own sake are the real drivers of mobilization, as Lewis emphasized. This blend of online rhetoric and offline violence continues to blur the line between online and offline action.
A related pattern is the erosion of clear ideological boundaries. Many of these threat actors no longer fit neatly into traditional frameworks, as grievances, subcultures, and identity often outweigh any coherent political or religious objective. Violence itself can become the goal, driven by visibility, imitation, or disruption rather than by coherent or strategic intent. This creates a threat environment that is less predictable and harder to map.
At the operational level, Graham highlighted that even when threats are identified, real-world responses, especially in mass transit systems, face significant limitations. Chemical, biological, ideological, and nuclear threats must all be considered simultaneously, often under extreme time constraints, pressure, and uncertainty.
Overall, the discussion made it clear that the domestic threat landscape is shifting in ways that don’t fit neatly into the frameworks we’ve relied on in the past. What we’re seeing now is more decentralized, more influenced by online spaces, and more difficult to track or predict than ever before. The overlap between domestic and foreign influence, combined with financial complexity and real-world response limitations, only adds to that challenge. As Tyree emphasized, understanding what actually drives these individuals matters just as much as identifying them. Moving forward, adapting to this environment will require more than great tools; it requires using them effectively.
