We Built an Intelligence Platform for Sweden. Here's What We Can Tell You.
This started as an experiment.
We wanted to know what would happen if you took Sweden's public corporate registry (every company, every director, every address) and started cross-referencing it. Not against one other source. Against everything we could get our hands on. Offshore financial records. Sanctions lists. Court decisions. Police event data. Welfare registrations. Property ownership. All of it, fused into a single system that resolves identities and looks for patterns.
We pointed it at Sweden. It started finding things.
The first results were formation agents. Individuals directing hundreds of Swedish companies simultaneously. Not ten. Not fifty. Hundreds.
One person directs 359 companies. The same person appears in leaked offshore financial records through a Malta corporate registry. Another directs 340, with the same offshore footprint. A third, 269. These aren't anomalies the system was told to look for. They're what emerged when you fuse enough data sources and let the resolution engine connect the dots.
Formation agents are how criminal networks build infrastructure. You need companies to invoice through, to register at addresses you want to control, to create the paper trail that makes dirty money look clean. One person directing 359 companies is not running 359 businesses. That is industrial-scale corporate infrastructure, and the system found it by doing something no single registry or agency can do on its own: looking across all of them at once.
That experiment became Halo.
What Halo is
Halo is a full-spectrum intelligence platform. It ingests data from across corporate, property, welfare, financial, and physical domains, resolves it into a unified ontology, and runs continuous analysis across the entire picture.
The ontology is the core. Every person, company, address, property, and event in the system exists as a resolved entity with relationships to every other entity the system has evidence for. Not a flat database. A living graph of millions of entities and millions of connections, where every relationship carries provenance: where the data came from, when it was collected, how confident the system is in the link.
On top of the ontology sits the fusion layer. This is where single-domain noise becomes multi-domain signal. A company registration alone tells you nothing. But when the system sees that same company registered at a vulnerable-area address, by a director with offshore connections, whose other companies match known shell indicators, near a cluster of addresses with recent extortion-pattern events. That's not noise anymore. That's a target.
The fusion layer runs continuously. It doesn't wait for an analyst to form a hypothesis. It generates intelligence on its own.
What it delivers
Halo produces five categories of output.
Risk scoring. Every entity in the ontology carries a computed risk score. Not a black-box number. A decomposed assessment where every contributing factor is visible and auditable. When the system flags someone, it shows exactly why: which signals contributed, how much weight each carried, and what evidence supports the assessment. An analyst or investigator can examine the reasoning, not just the conclusion.
Pattern detection. The system runs detection models built on Swedish criminal typologies. Målvaktsbolag. Skalbolag. Fakturabruk. Phoenix companies. VAT carousels. Healthcare infiltration. These aren't generic fraud signatures. They're specific to how organized crime operates within the Swedish legal and corporate environment, and the system applies them across the entire ontology continuously.
Network mapping. For any entity, the system can render the full relationship network: who controls what, through which companies, at which addresses, with what connections to other flagged entities. This is how you see the structure behind the activity. Not one company at a time. The whole architecture of a criminal network, laid out.
Predictive intelligence. The system tracks temporal patterns. When it sees an escalation sequence (low-level incidents at an address followed by increasing severity, matching known extortion patterns) it can estimate the probability of further escalation and recommend intervention. Detection tells you what happened. Prediction tells you what's about to.
Evidence packages. When the system identifies a high-confidence finding, it can compile a structured evidence package: every entity involved, every relationship, every data point with full provenance, formatted for handoff to investigators, prosecutors, or regulatory bodies. Court-grade documentation with a complete chain of custody, generated automatically.
Why this matters right now
621 bombings in Sweden in 2025. 317 the year before. 67,500 people connected to criminal networks. An estimated 100–150 billion SEK flowing through the criminal economy annually. The Swedish prime minister called it domestic terrorism. The European Parliament held a debate about it.
Everybody knows the violence. What fewer people understand is the economy behind it. Criminal networks operate through shell companies, infiltrate welfare systems, extort businesses, launder money through property, and recruit children to carry out contract violence. The violence is the visible symptom. The corporate and financial infrastructure is the disease.
The reason it's been so hard to stop is structural. Sweden's intelligence exists in silos. Corporate registries see company data. Property authorities see ownership. Welfare agencies see benefit claims. Police see incidents. Housing companies see disturbances. Security firms see patrol data. Each actor sees their domain. Nobody sees the connections between them.
The criminals operate across every one of these domains simultaneously. That's what makes cross-domain fusion not just useful but necessary. It's the only way to see the network as the network sees itself.
What we're not
We are not Palantir. We respect what Palantir built. But there are structural limitations to deploying an American intelligence platform for Swedish domestic security.
Jurisdiction matters. The CLOUD Act gives the US government potential access to data held by American companies, regardless of where it's stored. For sensitive domestic intelligence, that's not a theoretical concern. It's a legal and operational constraint that limits what Swedish agencies can responsibly put on American-controlled infrastructure.
Halo is sovereign. It runs entirely on European infrastructure, under European jurisdiction. Every component of the stack is either open-source or self-hosted. No foreign vendor dependencies. No SaaS subscriptions that can be revoked. No data leaving European soil.
We chose this architecture before sovereign infrastructure became a policy talking point. Because building intelligence on someone else's platform is a contradiction in terms.
The other difference is autonomy. Palantir is a powerful tool for trained analysts. It helps humans explore data faster. Halo goes further. It generates intelligence autonomously, running detection, scoring risk, identifying emerging patterns, and producing structured output without waiting for someone to ask the right question. The goal isn't a faster analyst. It's a system that thinks.
The engine underneath
Halo is built on Atlas Intelligence, the AI engine at the core of everything Archeron builds. Atlas handles the sensor fusion, entity resolution, threat classification, and autonomous intelligence generation that both of our product lines depend on. Halo is the first full-scale deployment of Atlas against a live, adversarial domain.
That matters because Halo isn't just producing intelligence. It's training the engine.
Every analyst decision, whether confirming a threat or dismissing a false positive, becomes ground truth that sharpens the detection models. Every confirmed bad actor reveals their network: one positive identification cascades through the graph, rescoring hundreds of connected entities and surfacing new leads the system wouldn't have found on its own. Every pattern the system detects and validates gets encoded into the detection library, making the next scan sharper than the last. And when the population being scanned shifts, when criminal networks adapt their methods to evade detection, the system tracks the distributional drift and flags it.
This is not a static tool that degrades as adversaries learn to avoid it. It is a system designed to improve recursively with use. The more it operates, the more it learns. The more analysts interact with it, the better it gets.
And because Atlas sits underneath both product lines, what Halo learns about entity resolution, pattern detection, and adversarial adaptation feeds directly into Argus, our distributed autonomous sensor network for defense and border security. The fusion architecture is the same. The intelligence engine is the same. A breakthrough in how Halo resolves identities across fragmented registries improves how Argus correlates acoustic signatures across a mesh of sensor nodes. They are two surfaces of the same system, and each one sharpens the other.
Where we are
Halo is operational. The ontology is populated with millions of resolved entities and millions of relationships across multiple intelligence domains. The risk scoring works. The entity resolution works. The cross-domain fusion works. The system has already surfaced individuals and network patterns that merit investigation. Not from tips or human intuition, but from the data itself.
We are not announcing a concept. We are not announcing a funding round. We are announcing a working system.
There is significant work ahead. More domains to integrate. Detection models to expand. The recursive loops to close fully. But the hard part is done: building a system that fuses intelligence across domains against live data, produces credible results, and is architected to improve with every interaction.
What's next
We're looking for early partners: government agencies, municipalities, housing companies, and security organizations who understand the problem and want access to the platform.
We're also looking for people who want to build this with us. Engineers who care about sovereignty, who want to work on problems that actually matter, and who have no interest in building another SaaS dashboard.
If that's you: tim@archeron.tech
Archeron Technologies AB. Lund, Sweden.
