An AI investigative tool called Cybercheck has been used by law enforcement agencies in cases ranging from drive-by shootings to decades-old homicides. Its maker, Global Intelligence, says the system can use open source data and more than 700 algorithms to place a person’s “cyber profile” at a location in real time or at a specific moment in the past.
But a WIRED review of Cybercheck-related investigations from California to New York found a more complicated picture. In several high-profile cases, the reports produced by the system were either demonstrably incorrect or could not be verified by other means. In Ohio, prosecutors ultimately decided not to use Cybercheck reports as evidence in several murder cases, including the case of Phillip Mendoza.
How Cybercheck entered a stalled Akron murder case
The Akron case began just after 9 pm on an August night in 2020. Kimberly Thompson and Brian James pulled into a driveway in Akron, Ohio, and were shot in the legs after stepping out of the car. They survived, but Thompson’s 20-month-old grandson, Tyree Halsell, was shot in the head while still sitting in the car and was mortally wounded.
Police collected neighborhood video and asked the public to help identify two men seen approaching the victims, firing, and fleeing in a truck. Detectives later focused on Phillip Mendoza and obtained a search warrant for his cell phone location data from Sprint, according to court records. They also served a geofence warrant on Google for devices whose GPS, Wi-Fi, or Bluetooth records placed them near the scene.
Neither warrant produced evidence locating Mendoza or his devices on the 1200 block of Fifth Avenue, where the shooting happened, that night. The investigation stalled until August 2022, when Akron police received a three-page report from Global Intelligence.
The report claimed to provide what earlier warrants had not: evidence connecting Mendoza’s cyber profile to wireless internet devices near 1228 Fifth Avenue after 9 pm.
What Global Intelligence says Cybercheck can do
Global Intelligence has described Cybercheck as a system that relies only on open source data, meaning public information that does not require a warrant. The company says its algorithms can detect wireless networks and access points that a person’s cyber profile has interacted with.
Adam Mosher, the company’s founder, has testified under oath that the process is entirely automated. According to that testimony, an investigator enters basic case details into the Cybercheck portal, and the system produces a report identifying a suspect and location without human intervention.
If the tool works as described, the implications are significant. WIRED wrote that police departments would be buying previously unknown surveillance capabilities for as little as $309 a case. But the article also reported that open source intelligence experts questioned whether the data in Cybercheck reports could actually be obtained using only open source methods.
Stephen Coulthart, director of the Open Source Intelligence Laboratory at the State University of New York at Albany, reviewed Cybercheck reports and transcripts of Mosher’s testimony at WIRED’s request. His assessment was blunt: “Either they’re somehow doing the Minority Report now, or somehow it’s just BS,” he told WIRED.
The numbers behind Cybercheck’s law enforcement reach
Cybercheck has not been a niche experiment, according to testimony cited by WIRED. During a November 2022 trial, Mosher testified that 345 different law enforcement agencies had used the system to conduct approximately 24,000 searches since 2017.
WIRED identified more than a dozen cases involving Cybercheck. That included 13 cases in which prosecutors intended to use Cybercheck reports as trial evidence. Two cases where courts allowed the reports to be admitted as trial evidence resulted in murder convictions.
The agencies identified by WIRED ranged from small suburban police departments to county sheriffs and state police. The alleged crimes included child sexual abuse material, drive-by shootings, and cold cases that had haunted communities for decades.
In one New York State Police case, a man was arrested for murder after Cybercheck evidence allegedly placed his cell phone at key locations on the night of a homicide roughly 20 years ago, according to the indictment. That case is scheduled to go to trial in 2025.
Why the Mendoza report raised serious questions
The Mendoza case illustrates the central concern: whether Cybercheck’s confident-looking outputs can withstand close review. In 2022, more than two years after Halsell was killed, Cybercheck claimed that Mendoza’s cyber profile had pinged two wireless internet devices near 1228 Fifth Avenue after 9 pm.
Mosher has testified that a cyber profile is an amalgamation of names, aliases, emails, phone numbers, IP addresses, Google IDs, and other online identifiers that combine to create a person’s unique digital fingerprint.
Summit County prosecutors charged Mendoza with murder. But his defense attorney, Donald Malarcik, found that the information entered into Cybercheck’s system allegedly contained a mistake. The police department employee had asked whether the system could locate Mendoza at the scene on August 20, 2020. The shooting occurred on August 2.
Cybercheck still claimed to locate Mendoza at 1228 Fifth Avenue with 93.13 percent accuracy, even though the date was wrong. Later, another report appeared. WIRED reported that it was identical to the first report in the MAC addresses, time of day, alleged pings, and accuracy rating, except that it used the correct date of the shooting.
That created a striking conflict. Sprint and Google warrants had not produced evidence that Mendoza’s devices or accounts were at the scene. Cybercheck’s automated reports, however, placed the same cyber profile at the same location, at the same time of day, for the same amount of time, pinging the same wireless networks, 18 days apart.
An unnamed Cybercheck employee told WIRED that the company stood by both Mendoza reports, writing, “It is not uncommon to have the same cyber profile with the same device at a location on a different date.”
The larger problem for AI evidence
The Cybercheck controversy is not just about one company or one report. It shows what happens when automated systems enter criminal cases with technical claims that courts, defense teams, and the public may struggle to inspect.
Global Intelligence did not answer WIRED’s questions about who designed Cybercheck’s algorithms or what data was used to train them. When asked how the tool could determine that a cyber profile had pinged a particular wireless network, sometimes years after the incident, an unnamed employee wrote: “There is no specific single source of information with regard to wireless network interactions.”
For prosecutors, police, and courts, that opacity matters. A report can look precise, especially when it includes exact locations, times, MAC addresses, and an accuracy rating. But if the path from source data to conclusion cannot be explained or verified, the report becomes difficult to test.
In the cases described by WIRED, that difficulty has already changed outcomes. Prosecutors in Ohio ultimately decided not to use Cybercheck reports as evidence in several murder cases. The broader question is whether other cases built around Cybercheck reports can be meaningfully reviewed before they reach trial, or after they have already helped shape convictions.