As we continue our series exploring Gemini's reasoning and visualization capabilities, how might it help us understand the various annual global threat assessments published each year by the security services of many nations? Let's see how Gemini can help us explore the Estonian Internal Security Service's Annual Reports, including visualizing its most recent 2025-2026 report as an infographic and then testing Gemini 3's reasoning capabilities by giving it the last five annual reports and asking it to explore how the threats facing Estonia have evolved over the past half-decade.

Let's start with our standard infographic workflow and ask Nano Banana Pro to make an infographic out of the 2025-2026 report:

Create a large illustrated explainer poster designed to be printed on a large-format poster printer and hung up on the wall that narrates the attached briefing as a single large poster that can be printed and hung on a wall that outlines all of the core details. It should cover all of its key details and be in portrait orientation.

Now let's explore a much more complex and interesting problem. Let's provide Gemini 3.1 Pro with the last five annual reports and ask it to explore how the threats facing Estonia have evolved over the past half-decade:

Below are the last five years of the Estonian International Security Service's annual reviews. Deeply read all five and then write a deeply researched 5-6 page analysis that opens with the major overarching themes of each year and then goes into detail about the major trends and themes in how the findings of the reports have changed over the past five years. end by looking into the future and estimating where

https://kapo.ee/sites/default/files/content_page_attachments/annual-review-2025-2026.pdf
https://kapo.ee/sites/default/files/content_page_attachments/annual-review-2024-2025.pdf
https://kapo.ee/sites/default/files/content_page_attachments/annual-review-2023-2024.pdf
https://kapo.ee/sites/default/files/content_page_attachments/Annual%20Review%202022-23_0.pdf
https://kapo.ee/sites/default/files/content_page_attachments/Annual%20Review_2021-22.pdf

The Evolution of Baltic Security: A Deeply Researched Analysis of the Estonian Internal Security Service (KAPO) Annual Reviews (2021/2022 – 2025/2026)

The past half-decade has witnessed tectonic shifts in the European security architecture, arguably the most profound since the collapse of the Soviet Union. As a frontline NATO and EU member state, Estonia has served as both a target and a bulwark against authoritarian aggression. The last five annual reviews published by the Estonian Internal Security Service (KAPO) from 2021-2022 to 2025-2026 provide an unparalleled, deeply researched chronology of this evolution. Reading across these five reports reveals a distinct trajectory: the Russian Federation’s transition from covert geopolitical maneuvering and information warfare to overt military aggression, kinetic sabotage, and "crime as a service."

This analysis will open by establishing the overarching themes of each annual review, trace the detailed thematic shifts in counterintelligence, extremism, and critical infrastructure over the past five years, and conclude with a strategic forecast estimating the future trajectory of these threats.

I. Major Overarching Themes of Each Year

2021-2022: Pre-War Posturing and Pandemic Radicalization
The 2021-2022 review captured a society on the precipice of war[1]. Prior to the February 2022 invasion of Ukraine, Russia heavily weaponized international "human rights" forums—using government-organized NGOs (GONGOs) to fabricate claims of systemic Russophobia in the Baltics to justify its imperialist ambitions[1]. Concurrently, pandemic-induced social isolation and anti-government sentiment fueled a rise in accelerationist right-wing extremism, exemplified by the radicalization of minors through international networks like the Feuerkrieg Division (FKD) and Siege culture[1].

2022-2023: Domestic Resilience and Diplomatic Decoupling
Following Russia's full-scale invasion of Ukraine, KAPO’s focus shifted to managing the immediate domestic fallout and preempting clashes over historical memory[2]. This culminated in the swift, preemptive relocation of Soviet-era monuments, most notably the Narva tank, to defuse Kremlin-engineered flashpoints[2]. The year was also defined by a systematic crackdown on Russian espionage operating under diplomatic cover, resulting in mass expulsions of Russian diplomats, the enforcement of strict diplomatic parity, and the shuttering of Kremlin-controlled media channels operating in Estonia[2].

2023-2024: Escalation of Hybrid Intimidation
As traditional avenues for espionage collapsed, the 2023-2024 review noted that the Russian Federal Security Service (FSB) escalated psychological pressure on border crossers and orchestrated artificial migration crises[3]. The domestic landscape witnessed the first waves of kinetic intimidation, including targeted vandalism against the Estonian Minister of the Interior's vehicle by Kremlin proxies[3]. Ideological lines were sharply drawn with the expulsion of the head of the Moscow Patriarchate’s Estonian branch, Metropolitan Eugene (Valery Reshetnikov), for aligning with Kremlin war narratives[3].

2024-2025: Sabotage, Youth Indoctrination, and Cyber Attribution
Marking KAPO’s 105th anniversary, this review was characterized by the exposure of a GRU-directed kinetic sabotage campaign across Europe[4]. Domestically, KAPO spotlighted Russia's aggressive targeting of youth, such as the illicit deployment of Estonian children to the sanctioned Artek camp in occupied Crimea[4]. Cyber defense reached a milestone with the joint international attribution of destructive WhisperGate cyberattacks to Russia's GRU Unit 29155, alongside high-profile espionage convictions, including that of University of Tartu lecturer Vyacheslav Morozov[4].

2025-2026: "Crime as a Service," AI Manipulation, and Infrastructure Vulnerability
The most recent report underscores the normalization of remote sabotage, detailing how Russian intelligence utilizes platforms like Telegram to hire "one-off" local vandals and petty criminals[5]. It highlights severe infrastructural vulnerabilities—evidenced by the Russian shadow fleet vessel Eagle S damaging the Estlink 2 subsea cable and drone incursions into Estonian airspace[5]. Additionally, the report outlines the increasingly sophisticated soft-power offensives launched by the People's Republic of China and the ongoing legal battles against sanctioned propagandists like Svetlana Burceva[5].

II. The Evolution of Major Trends Over the Half-Decade

A deep reading of the five annual reviews reveals that the threats facing Estonia have not merely increased in volume; they have fundamentally mutated in their methodology.

1. From Information Warfare to Kinetic Hybrid Sabotage ("Crime as a Service")
In 2021 and 2022, Russian influence operations relied heavily on proxy organizations, "compatriot" funds (Pravfond), and state-backed media networks like Sputnik and Baltnews to spread disinformation[1][5]. However, as the EU tightened sanctions and Estonia expelled dozens of Russian spies operating under diplomatic cover[2], Russia’s traditional intelligence architecture in the Baltics was crippled.

By 2024 and 2025, a dramatic shift occurred. Unable to rely on embedded officers, the FSB and GRU transitioned to "Crime as a Service." Russian handlers began using Telegram to recruit cheap, disposable local proxies—often individuals with criminal backgrounds or impressionable minors—to execute kinetic attacks[4][5]. What began as ideological posturing morphed into physical sabotage: vandalizing memorials in Sinimäed, smashing politicians' car windows, and plotting arson[4]. KAPO’s 2025-2026 report notes that these "one-off" operatives are paid minimal sums (often in cryptocurrency) and are instantly abandoned by their handlers upon arrest[5]. This represents a shift from winning hearts and minds to instilling chaos and testing the threshold of NATO's Article 5.

2. The Weaponization of Religion and Historical Memory
The battle over historical memory has been a constant, but its focal points have evolved. In 2022-2023, the physical landscape was the primary battleground, leading to the relocation of Soviet monuments to prevent them from becoming rallying points for Kremlin sympathizers[2]. As physical monuments were removed, the Russian Orthodox Church (ROC) emerged as the Kremlin's primary ideological weapon[4].

The expulsion of Metropolitan Eugene in 2024[3] did not sever the church's ties to Moscow. The 2024-2025 and 2025-2026 reports expose how the Estonian Christian Orthodox Church (ECOC) covertly attempted to bypass sanctions to secure Russian funding (via Rossotrudnichestvo) for the St John of Shanghai and San Francisco private school in Tallinn to indoctrinate local youth[4]. By 2026, KAPO was actively revoking the residence permits of further clergy—such as monks and nuns linked to Russian convents that openly supplied weapons to the Ukrainian frontlines—demonstrating that the Kremlin increasingly uses clerical robes as cover for geopolitical subversion[5].

3. Targeting the Next Generation and the Digital Radicalization Pipeline
As the older, Soviet-nostalgic generation in Estonia naturally declines, Russian intelligence has aggressively pivoted to targeting youth. The 2024-2025 report highlights deeply concerning initiatives like the "Memory Train" and the Artek youth camp in occupied Crimea[4]. By inviting Estonian children to free camps where they are introduced to Wagner Group mercenaries and GRU operatives, Russia seeks to groom a new generation of proxies[4].

Simultaneously, the mechanics of Islamist and far-right radicalization have decentralized. Extremism no longer relies on formal organizations; it is driven by algorithmic echo chambers on TikTok, Telegram, and Discord[4][5]. Young people, isolated by social vulnerabilities or mental health struggles, are easily swept into hybrid ideologies. This pipeline produced the tragic Feuerkrieg Division (FKD) terror plots[1][4], the radicalization of middle-school students planning synagogue attacks[4], and "lone wolf" domestic bombings, such as the Käravete TATP bomb maker[4] and the Ülemiste shopping centre explosion orchestrated by Artur Boiko[5].

4. Cybersecurity and the Siege on Critical Infrastructure
Cyber threats have matured from background espionage to strategic, highly destructive disruption. The 2024-2025 public attribution of the WhisperGate wiper attacks to GRU Unit 29155[4] and the 2025-2026 identification of the "Laundry Bear" (Void Blizzard) threat actor targeting cloud services[5] show a Russia highly capable of infiltrating critical networks.

However, the most alarming trend over the last two years is the physical threat to critical infrastructure. The severing of the Balticconnector gas pipeline in 2023[4] was followed by the December 2024 incident where the Russian shadow fleet cargo ship Eagle S dragged its anchor, damaging the Estlink 2 power cable between Estonia and Finland[5]. Coupled with the increasing frequency of explosive-laden stray drones (such as the Gerbera and FP1 drones) crashing into Estonian territory[5], it is evident that Russia is leveraging plausible deniability to systematically degrade the Baltics' energy and communication lifelines.

5. The Quiet but Aggressive Expansion of Chinese Influence
While Russia presents an immediate kinetic threat, the People's Republic of China (PRC) has quietly expanded its long-term strategic footprint. Early reports focused on academic espionage and technology transfer (e.g., the conviction of Estonian marine scientist Tarmo Kõuts and Gerli Mutso)[3].

By 2025-2026, China's tactics evolved into aggressive "soft power" offensives designed to whitewash its support for Russia's war machine. The Chinese Embassy in Tallinn now routinely funds all-expenses-paid trips for Estonian journalists, municipal politicians, and experts to cities like Nanjing and Suzhou, seeking to buy favorable media coverage[5]. In cyberspace, Chinese intelligence has pivoted heavily to LinkedIn, using fake job advertisements to target Estonian diplomats, tech sector employees, and Defense League members, viewing Estonia’s booming tech sector as a backdoor into EU and NATO innovations[5].

III. Strategic Forecast: Estimating Where the Threats Are Headed

Looking into the future, the security environment for Estonia and the broader Baltic region will remain highly volatile, characterized by an asymmetric, prolonged shadow war. Based on the trajectory of KAPO’s findings, several key estimations can be made:

1. AI-Driven Disinformation and Deepfake Warfare
The propaganda of the past relied on human troll farms and clunky translations. In the near future, generative Artificial Intelligence and Large Language Models (LLMs) will allow hostile actors to flood the Estonian information space with culturally nuanced, grammatically flawless disinformation[4]. Deepfake audio and video will be increasingly deployed during election cycles (such as the 2027 Estonian parliamentary elections) to manufacture scandals, requiring a massive leap in public media literacy and real-time algorithmic threat detection.

2. The Normalization of "Sub-Threshold" Sabotage
Russia will continue to test the boundaries of NATO's Article 5 by remaining deliberately below the threshold of open military conflict. The "Crime as a Service" model will expand. We can expect a steady cadence of low-level arson, vandalism against military logistics, and GPS/aviation jamming orchestrated by anonymous handlers on the dark web or Telegram[5]. This will force internal security services to operate in a state of perpetual high alert, treating petty vandalism not as a local police matter, but as state-sponsored terrorism.

3. Maritime and Airspace Vulnerabilities
The Baltic Sea will remain a primary flashpoint for infrastructural sabotage. Russia's aging "shadow fleet"—utilized primarily to bypass oil sanctions—will likely continue to suffer "accidents" that conveniently sever subsea telecommunications and energy cables[5]. Furthermore, as drone warfare becomes standard, stray or purposely misdirected UAVs crossing into Baltic airspace will increasingly disrupt civil aviation and threaten border communities.

4. Economic De-Risking and the Scrutiny of the "Revolving Door"
As Estonia massively scales up its defense and energy investments to secure independence from the East, the domestic risk of corruption will rise. KAPO will heavily scrutinize the "revolving door" between public defense officials and private military contractors to ensure that fast-tracked procurements are not undermined by conflicts of interest[5]. Simultaneously, strict enforcement of sanctions, particularly concerning dual-use goods and crypto-asset laundering by transit companies, will remain Estonia’s most potent non-military weapon to bleed the Russian war machine[4][5].

Conclusion
The half-decade captured in these KAPO reviews tells the story of a nation under immense pressure, yet highly adaptable. The primary adversary—Russia—has been degraded diplomatically and economically, but has responded like a cornered predator, resorting to sabotage, youth manipulation, and cyber destruction. Moving forward, Estonia’s security will rely not just on military deterrence, but on the psychological resilience of its population, the unmasking of covert funding streams, and the flawless integration of cybersecurity into the fabric of everyday civic life.

And finally, the visualization of this report:

Create a large illustrated explainer poster designed to be printed on a large-format poster printer and hung up on the wall that narrates the attached briefing as a single large poster that can be printed and hung on a wall that outlines all of the core details. It should cover all of its key details and be in portrait orientation.