OSINT gathers publicly available data to uncover potential risks, such as exposed credentials or insider threats.