In December 2024, a $500 million private-equity deal quietly transferred one of the world’s most advanced spyware tools from Israeli military-intelligence roots to American ownership.

Paragon Solutions, developer of Graphite—the zero-click software that extracts encrypted messages from Signal, WhatsApp, Telegram and others—was acquired by AE Industrial Partners.

The official narrative: ethical innovation for democratic governments. The emerging reality: another incremental step toward normalizing mass-capability intrusion tools inside the U.S. surveillance architecture—elite composition polished with a sheen of credibility.

Although AE Industrial acquired Paragon Solutions for $500 million, potential earn-outs elevate the total value to $900 million.

The transaction required approvals from U.S. authorities and Israel’s Ministry of Defense Export Controls Agency (DECA), which designates spyware like Graphite as a weapon. Lobbying support came from WestExec Advisors, the firm co-founded by Michèle Flournoy and Antony Blinken, staffed with former generals, diplomats, congressional operatives and intelligence officials—the quiet machinery of Washington’s revolving door.

The deal was predicated on a Cyprus-based share reshuffling mechanism orchestrated by a businesswoman named Nansia Koutsou, who was the “trustee of choice” of the Intellexa Consortium according to Intelligence Online and open-source corporate registries.

Run by Tal Dilian, the former commander of Israel’s Unit 81, Intellexa and its Predator spyware fueled a scandal known as Predatorgate, that almost took down the Greek government. The consortium came under further scrutiny after a Lighthouse Reports story detailed how Intellexa sold Predator to the RSF in 2022 on a tarmac in Khartoum.

Nansia Koutsou held high-level positions at both Brack Capital Properties NV (BCP) and its parent company, Brack Capital Real Estate (BCRE), as a non-executive board member and co-CEO respectively. She is a director at the firm, Comform Global Services, based in Limassol, Cyprus, through which she has managed sensitive Israeli cyber companies registered in Cyprus.

AE Industrial merged Paragon with its Virginia-based portfolio company, REDLattice, a provider of cyber capabilities to U.S. national security clients. This transaction shifts ownership of Paragon’s Graphite and advanced hacking tools from the international companies, Intellexa and NSO Group, to American hands, clearing the optics slate while maintaining its potential to expand its role in U.S. intelligence operations and internal surveillance of loosely defined domestic terrorists.

While Paragon’s primary mission would be to assist intel agencies and law enforcement in catching bad guys, its potential for abuse is tethered to the protean complex of the spyware underworld.

Paragon is no stranger to U.S. missions. ICE signed a contract with Paragon in September 2024. The Biden administration paused the contract under a “stop-work order” in October 2024, due to potential conflicts with executive orders restricting the use of spyware. The Trump administration lifted the Paragon stop-work order on August 30, 2025.

The Biden administration sanctioned two prominent spyware developers which, intentionally or not, cleared a path for a U.S.-addressed company to participate in the broader data collection and consolidation paradigm, spearheaded by Palantir under a Trump mandate to eliminate information silos.

The U.S. Department of Commerce added the Israeli spyware firm NSO Group to its Entity List (blacklist) in November 2021 for “malicious cyber activities.”

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the Intellexa Consortium in July 2023, along with other associated entities and persons. The list included Sara Aleksandra Fayssal Hamou, previously with Trident Trust, cited as an offshoring specialist and integral player in designing the misdirection game of shell companies and under-regulated offshore business deals. An investigation by the European Parliament called her a “central figure in the business network of Intellexa.”

Small World

Public records link Nansia Koutsou to Dilian-founded companies, including Passitora, Circles Technologies, and Global Hubcom. Through her firm, Comform Services, she handled the mundane structuring and directorships that allowed Dilian’s operations to function from Cyprus and Greece to the British Virgin Islands.

Her fiduciary positions helped obscure direct ownership, termed “smokescreen tactics” by the ICIJ Cyprus Confidential investigation. Her reputation for discreetly handling sensitive equity transfers within this grey zone industry is likely what brought her to the attention of Paragon for the share reshuffling.

In December 2025, the Trump administration removed Intellexa players Sara Hamou, Andrea Gambazzi, and Merom Harpaz from the SDN (Specially Designated Nationals) list, citing Petitions for Reconsideration and a demonstrated effort to distance themselves from Intellexa activities.

However, a search of Open Corporates reveals companies directed independently by Hamou and Dilian share a residential Cyprus address.

The Dilian/Hamou rabbit hole of corporate entities and shell companies matters in this Paragon context because Nansia Koutsou, the woman reported as a key figure in the Paragon share reshuffle, played a significant role as a trustee for Dilian. Of note, there are no direct links between Intellexa and Paragon.

Paragon’s founders and primary players share a history in Israeli defense and intelligence. The most prominent is board member and former Prime Minister Ehud Barak, involved in the emergency-call platform Carbyne, in which he invested initial funds through a partnership with Jeffrey Epstein.

Barak co-founded Toka, which develops intrusion tools for IoT devices, or “smart objects” like cameras and vehicles. The controversy surrounding Toka stems from the company’s purported ability to access live-feed CCTVs and to alter prior video images.

Other Paragon Solutions founders include executive chairman Ehud Schneorson, former commander of Israel’s Unit 8200—similar to the NSA in the U.S.—along with Idan Nurick, Igor Bogudlov, and Liad Avraham.

The Italian Job

Paragon sells itself as an ethical alternative to companies like NSO, claiming they only sell to democratic governments. But what happens when a democratic government abuses its privileges?

In February 2025, a story broke regarding Italian journalists whose devices had been infected with Graphite. Among 90 users targeted via WhatsApp was the editor-in-chief of Fanpage, Francesco Cancellato. The infiltration linked journalists and activists to investigations into government, organized crime and migrant issues.

The Europe representative of the Committee to Protect Journalists (CJP) said, “the repeated targeting of fanpage.it journalists suggest a pattern of surveillance aimed at intimidating and silencing investigative reporting—a chilling signal to journalists in Italy.” Both the Italian government, which denied any involvement, as well as Paragon, claimed to have cancelled the contract. That point is irrelevant compared with the larger takeaway: even safe, ethical, democratic governments can succumb to the temptation to abuse the tool.

Citizen Labs 2025 forensic analyses discovered the targeting of other Italian journalists, such as Ciro Pellegrino. Sources, strategies and potential leaks were exposed; every email and private message laid bare in a digital interrogation room, concrete walls and two-way mirrors.

Though no current contracts have been made public, Paragon’s Graphite would complement existing tracking, sorting and targeting tools that Palantir developed for law enforcement and the military. Much of Palantir’s repertoire is currently live-tested in battle zones in Gaza and Ukraine and possibly Sudan, vis-à-vis their relationship with the UAE Ministry of Defense.

ICE uses the Enhanced Leads Identification and Targeting for Enforcement, known by the acronym ELITE, a target locator and mapping tool developed by Palantir for ICE that allows agents to view digital maps to locate and analyze potential immigration targets or target-rich locations, likely in tandem with other Palantir platforms, such as Gotham, for data analysis.

ELITE generates “confidence scores” that determine the likelihood of a person being at a specific location, or the likelihood that persons from a particular group may be in a target zone within a city. ICE can argue that the system is more efficient, and that is likely, but the implications for government overreach are obvious.

Palantir developed Gotham, a B2G (business-to-government) platform, to integrate, manage and analyze massive datasets from disparate sources. It will be a primary integration platform to facilitate Palantir’s mandate to consolidate datasets from government operations.

Gotham is a multi-modal integration platform, capable of fusing structured and unstructured data that include satellite imagery, audio and video into a unified ontology, i.e., showing military, intel and law enforcement agencies how the properties of disparate data relate to one another. Palantir execs have repeatedly denied that they are building out a national database, but fusing and analyzing multi-sourced data through one platform amounts to something that walks like a duck.

ELITE aggregates information from various sources, including HHS, to help map neighborhoods for immigration enforcement. Several hospital and state health-care institutions use Palantir’s Foundry, a B2B (business-to-business) platform, to collect and manage health data from individuals.

The extent of the data shared varies among customers; however, Palantir can use this data by implementing what is known as a third-party doctrine. So even though HIPAA laws do not permit the sharing of personal health information, if it is given legally to Palantir to provide a service with that data, then Palantir can possibly share it with Gotham to build out a more robust database for immigrant, and later mass, surveillance.

Graphite is a powerful tool that can access not only your phone’s data but turn on your camera and microphone, essentially turning your device into a bug for anyone with access to the spyware. It has been used successfully by the DEA.

ICE could merge this mobile-access capability with ELITE and zero in on specific targets through the device’s GPS. They could read a target’s messages about movements or safe houses. Great for catching coyotes and saving victims of human trafficking, but not so great when the victim is an activist or indie journalist.

A Paragon-Palantir integration makes sense. The “Americanization” of Paragon, despite misgivings by DECA, reframes Graphite as an American tool that potentially bypasses foreign spyware restrictions. Critics of the deal, such as Citizen Lab and Access Now, frame this as a bureaucratic dodge of safeguards, enabling more widespread government use.

Adding Graphite to the ICE toolbox creates a stack where Graphite could feed zero-click mobile data (messages, contacts, locations) into Palantir’s analytical powerhouse.

Through Palantir, the Trump administration is merging data streams beyond what the USA PATRIOT Act accomplished. In 2013, then-Director of National Intelligence James Clapper lied to Congress about the NSA’s collection of phone data. Tools like Graphite give Clapper’s successors even deeper access.

Palantir has built in plausible deniability by stating that it is a processor, not a controller. Its customers decide which data get ingested. But given that Alex Karp has admitted its products are “used on occasion to kill people,” surely Palantir understands the implications of spyware that could turn inward on the general population.

The pitch book for Graphite will be fine-grained, targeted tracking of human traffickers, gun runners, terrorists, kidnappers and missing persons. It is all high-tech Wyatt Earp and Pat Garrett, so long as the Constitution is followed and judicial, not administrative, warrants ride shotgun with the posses.

The problem will arise as the government turns catching criminals into catching them before they act. The predictive-policing models are already in place. Iris-recognition algorithms, gait trackers and other behavioral biometrics monitor physical habits.

Your keystrokes, mouse interactions and device-handling develop patterns of behavior that include the locations you frequent. Voice and speech prints are commonplace. It is all sold as frictionless, so you no longer need to remember passwords or carry an ID card, all integrated with your social media posts.

The algorithm does not require criminal intent; it simply needs to spot anomalies in your patterns, or a slight change in your appearance, a twisted ankle that changes your gait or colored contacts that tell the algorithm you are trying to confuse it.

Inadvertently linger in a target zone, make last-minute travel plans, access the internet at unusual hours, search sensitive topics, frequent a coffee shop that you have not before and you are a potential threat because of what is termed “baseline drift.”

Graphite gives even greater access to the mobile identity package we all carry. It can locate you, track you, and develop a psychological profile of you and the people with whom you associate. We have become accustomed to this because of targeted ads based on our searches and buying habits; what we are not yet inured to is the government creating similar profiles.

It all seems dystopian until you look at something as innocuous as jaywalking in Beijing. By the time you hit the other sidewalk, one of the estimated 400 to 700 million facial-recognition cameras in the country has identified you, your fine has been deducted from your bank account, and your social credit score has taken a hit.

China’s SkyNet and Sharp Eyes programs aim to cover 100% of public spaces and home activities. The goal is to inculcate self-policing and suppress dissent through fear.

But that is China. We are different, perhaps. Google’s Eric Schmidt had unusual influence on the Biden White House, encouraging him to embrace artificial intelligence (AI) for national security and the military.

President Trump has often used the word “illegal” to describe coverage of him or comments about him that he does not like. He has stated it should be illegal to criticize judges who rule in his favor. He has referred to his domestic political opponents as the enemy within and he has signed executive orders to sever federal ties with law firms that have represented those who would pursue cases against him.

Palantir’s Gotham platform scans social ties and arrest records to flag individuals as likely future offenders. A SETA report cited civil liberties advocates as stating that Palantir’s systems do not just track threats but enable “deportation by algorithm.” Palantir’s insinuation into domestic law enforcement has helped create lists of likely or chronic offenders.

It is sold as precision policing, but Palantir and Paragon have deep roots in the CIA and Israel’s Unit 8200. Spyware is legally within our borders now. Big Brother is not just coming soon; he knows you are reading this.

---

CovertAction Magazine is made possible by subscriptions, orders and donations from readers like you.

Blow the Whistle on U.S. Imperialism

Click the whistle and donate

When you donate to CovertAction Magazine, you are supporting investigative journalism. Your contributions go directly to supporting the development, production, editing, and dissemination of the Magazine.

CovertAction Magazine does not receive corporate or government sponsorship. Yet, we hold a steadfast commitment to providing compensation for writers, editorial and technical support. Your support helps facilitate this compensation as well as increase the caliber of this work.

Please make a donation by clicking on the donate logo above and enter the amount and your credit or debit card information.

CovertAction Institute, Inc. (CAI) is a 501(c)(3) non-profit organization and your gift is tax-deductible for federal income purposes. CAI’s tax-exempt ID number is 87-2461683.

We sincerely thank you for your support.

---

Disclaimer: The contents of this article are the sole responsibility of the author(s). CovertAction Institute, Inc. (CAI), including its Board of Directors (BD), Editorial Board (EB), Advisory Board (AB), staff, volunteers and its projects (including CovertAction Magazine) are not responsible for any inaccurate or incorrect statement in this article. This article also does not necessarily represent the views the BD, the EB, the AB, staff, volunteers, or any members of its projects.

Differing viewpoints: CAM publishes articles with differing viewpoints in an effort to nurture vibrant debate and thoughtful critical analysis. Feel free to comment on the articles in the comment section and/or send your letters to the Editors, which we will publish in the Letters column.

Copyrighted Material: This web site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. As a not-for-profit charitable organization incorporated in the State of New York, we are making such material available in an effort to advance the understanding of humanity’s problems and hopefully to help find solutions for those problems. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. You can read more about ‘fair use’ and US Copyright Law at the Legal Information Institute of Cornell Law School.

Republishing: CovertAction Magazine (CAM) grants permission to cross-post CAM articles on not-for-profit community internet sites as long as the source is acknowledged together with a hyperlink to the original CovertAction Magazine article. Also, kindly let us know at info@CovertActionMagazine.com. For publication of CAM articles in print or other forms including commercial internet sites, contact: info@CovertActionMagazine.com.

By using this site, you agree to these terms above.

---

About the Author