Artificial intelligence, once envisioned as a force for good, has rapidly evolved into the backbone of global surveillance and espionage networks. This report presents a relentless, forensic examination of how AI is being brazenly manipulated for control—exposing the abuses and unchecked power dynamics fueling its proliferation in the surveillance landscape. At the heart of this shadowy industrial complex lies a profit model built on the erosion of human rights and democratic principles.
The commercial spyware sector, a key pillar of this system, has grown into a lucrative global market valued at approximately $12 billion in 2025 and growing. Dominated by a small number of powerful vendors, this industry operates in secrecy, largely unregulated, and often aligned with authoritarian interests.
“The $12 Billion Shadow Market”
The Architects of Digital Oppression: Key Players and Their Financial Motives
Prominent players in this market include NSO Group, notorious for its Pegasus spyware; the Intellexa Alliance, known for Predator; Cytrox; RCS Labs, producer of Hermit spyware; and Candiru, among others. Google’s Threat Analysis Group alone tracks “40 commercial spyware vendors,” highlighting the extensive reach of this ecosystem. These companies operate by selling “off-the-shelf” products or offering “as-a-service” models, which are designed to penetrate or disrupt computer systems for financial gain. The Intellexa Consortium, for instance, functions as a marketing label for various offensive cyber companies, actively selling Predator spyware globally, including to “authoritarian regimes”.
The financial backing for these entities reveals a disturbing pattern. NSO Group, for example, received early funding from Genesis Partners and was later acquired by the U.S.-based private equity firm Francisco Partners. In 2019, NSO co-founders, supported by European private equity fund Novalpina Capital, bought a majority stake, valuing the company at approximately $1 billion. Notably, Novalpina Capital explicitly specializes in investments in “controversial companies”. This involvement of private equity firms, some with an explicit focus on “controversial companies,” demonstrates a financial ecosystem that prioritizes aggressive returns over ethical considerations and human rights.
A direct link exists between financial pressure and the increased likelihood of human rights abuses. When NSO Group faced “perilous financial straits,” its CEO reportedly suggested selling products to “high-risk customers previously deemed unacceptable” to improve their financial standing. This pursuit of high returns inherently incentivizes sales to regimes willing to pay, regardless of their human rights records, creating a self-perpetuating cycle of digital oppression. The business model of the commercial spyware industry is built on creating and exploiting digital weaknesses, which inevitably leads to widespread human rights violations when sold to repressive regimes.
“The Profit-Driven Cycle of Abuse”
The Human Cost: Spyware as a Tool of Repression
Commercial spyware is often deceptively framed as a “legitimate law enforcement and intelligence tool”. However, its “as-a-service” model and heavy reliance on zero-day exploits expose a more sinister reality. These tools are fundamentally “designed to penetrate or disrupt computer systems for financial gain”. The thriving market for vulnerabilities fuels a dangerous arms race in cyber capabilities, where companies profit from discovering and selling flaws that can then be weaponized by anyone, including “nefarious actors”.
The capabilities of spyware like NSO Group’s Pegasus are extensive: it can be covertly and remotely installed on mobile phones, allowing operators to read text messages, snoop on calls, collect passwords, track location, access the device’s microphone and camera, and harvest information from apps. These capabilities effectively transform personal devices into comprehensive surveillance platforms, monitoring virtually every aspect of an individual’s digital and physical activity.
Despite NSO Group marketing Pegasus for fighting crime and terrorism, governments worldwide have routinely used it to surveil journalists, lawyers, political dissidents, and human rights activists. The “Pegasus Project” investigation in July 2021 revealed a leaked list of 50,000 phone numbers reportedly selected for targeting by Pegasus customers, demonstrating its deployment for mass surveillance against civil society and political opposition. The Intellexa alliance’s products are linked to undermining human rights, press freedom, and social movements in at least 25 countries. The scale of this adoption is alarming: at least 80 countries worldwide are known to have procured spyware from commercial vendors.
“Pegasus Spyware: How Your Phone Becomes a Spy”
Catastrophic Failure: Why Regulation Has Lagged Behind
The “Predator Files” investigation starkly reveals a “catastrophic failure to regulate surveillance trade”. This failure stems from systemic weaknesses and deliberate exploitation of regulatory gaps. The Intellexa alliance, despite its products being linked to human rights abuses in at least 25 countries, brazenly claims to be an “EU-based and regulated company,” which is a “damning indictment of how EU member states and institutions have failed”.
The EU Dual Use Regulation, intended to prevent human rights harms through export controls, has proven ineffective, with regulators “unable or unwilling to control and prevent human rights harms”. “Regulatory fragmentation” across EU member states results in weak and inconsistent implementation of controls, allowing subsidiary companies to exploit loopholes like “end-use and end-user differentiation, obscure legislation, and export country oversight to bypass EU export regulations”. The Wassenaar Arrangement, a key international export control regime, is criticized for not prioritizing human rights and lacking transparency.
Even significant U.S. actions, such as blacklisting NSO in November 2021 and imposing export restrictions, have not addressed global proliferation. Companies like Hacking Team (now Memento Labs srl) continued operations despite license revocation, demonstrating the limited efficacy of such controls. Vendors actively “jurisdiction hop” to exploit inconsistencies in national laws and regulatory supervision.
A fundamental lack of comprehensive, accessible, and verified corporate registries and beneficial ownership transparency makes it incredibly difficult for policymakers and researchers to track vendors, their shifting identities, and complex corporate structures, thereby impeding effective regulatory oversight and due diligence. Strategic Lawsuits Against Public Participation (SLAPP) suits are also used to suppress crucial public interest reporting on the opaque spyware market.
A critical “legitimization loophole” is NSO Group’s tactic of using government export licenses as proof of lawfulness. This creates a perverse incentive structure where companies claim legitimacy due to licensing, while governments avoid accountability by pointing to their “licensing process” without truly addressing end-use abuses. The UN Special Rapporteur notes that the global export control framework is “inadequate for regulating surveillance technology or accounting for human rights impacts”. This flawed international system enables the industry, often prioritizing geo-political or economic interests over fundamental human rights.
Table: The Global Commercial Spyware Ecosystem: Key Players and Regulatory Failures
| Company Name | Primary Product/Service | Country of Origin | Known Customers/Targeted Groups (with documented abuse examples) | Noted Regulatory Failures/Loopholes Exploited |
| NSO Group | Pegasus | Israel | Journalists, activists, human rights lawyers in Serbia, Jordan, 50+ countries | Licensing used as cover for abuse, lack of beneficial ownership transparency, “high-risk customer” sales |
| Intellexa Alliance | Predator | EU (e.g., Cyprus, Greece) | Civil society in Serbia, 25 countries (Europe, Asia, Middle East, Africa) | Regulatory fragmentation, jurisdiction hopping, obscure legislation |
| RCS Labs | Hermit | Italy | Android/iOS users, implicated in Greek political hacking | – |
| Cytrox | Predator | North Macedonia | Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, Serbia | Export restrictions ineffective |
| Hacking Team (now Memento Labs) | Spyware | Italy | Ethiopia, Bahrain, Egypt, Russia, Turkey | Continued operation despite license revocation |
Conclusion: The Unseen Chains of Algorithmic Control
The $12 billion commercial spyware market, operating as a shadow economy, thrives on exploiting digital vulnerabilities and regulatory fragmentation. Its financial models actively incentivize sales to “high-risk customers,” directly turning profit into a driver of human rights abuses. Despite global outcry and sanctions, regulatory efforts have catastrophically failed, creating a “regulatory maze” that companies deftly navigate, often using government licenses as a perverse shield for their actions.
This investigation underscores that the AI surveillance industrial complex operates with insufficient oversight, inadequate transparency, and minimal accountability mechanisms. The consequences are profound: a systematic erosion of individual rights and freedoms, leading to a pervasive “climate of fear and (self-)censorship)”.
The time for transparency, accountability, and stringent regulation of spyware AI and surveillance exports is not merely urgent; it is long overdue. Without such action, the proliferation of these technologies will continue to undermine the foundations of democratic society and enable authoritarian regimes to expand their oppressive capabilities both domestically and internationally.