Graphite and Gotham
Paragon Solutions and the Inquisition of Privacy
Dateline: Rome, January 2025
The downdrafts from the Apennines feed the city winds. Lightning skitters across the darkening sky, a massive, glitching screen. A light rain speckles the cobblestones. As the storm approaches, Italian journalist, Francesco Cancellato, pulls his sweater higher, typing in the lamp light. Focused on his work, he is startled by his phone buzzing on the metal side table. A friend who needs a dinner companion? A scoop? No – a chilling WhatsApp warning, “your device is compromised.” Two fears strike at once: the journalist, his sources and stories revealed; and the man, his private conversations exposed through a silent vector. He flicks off the lamp, sneaking a look out the window at an ancient city ablaze with electronic eyes. A million cellular spies. But who is watching him?
It wasn’t just the wind shaking his window. It was something far colder. State-crafted code had silently penetrated his life. The culprit was his own government, deploying spyware to infiltrate Cancellato’s mobile device, digital eyes that don’t just peer through windows but slip into your mind. As Fanpage’s editor, he wasn’t a threat to national security. He was a threat to national comfort – exposing the secrets of Italy’s elite. Yet this invisible intruder stole his most guarded thoughts, texts to his lawyer, fears shared with a friend laid bare by Paragon Solutions’ spyware, developed in Israel. He poured a glass of wine and then wondered what would come next as he shut down his phone. This wasn’t a lingering glance; it was a mind invaded, the final wall of digital privacy brought down with a binary wrecking ball. Citizen Lab’s June 2025 report, with confirmed attacks on 90 users, named the nightmare: Graphite – Paragon’s premier entry into the pernicious world of offensive spyware.
Graphite’s zero-click demon exploits the fissures in your device’s operating systems, or those in encrypted apps such as WhatsApp and Signal – and in doing so, can target journalists like Cancellato, his colleagues, and activists Luca Casarini and Beppe Caccia. Graphite doesn’t need a reason to come for you. It just needs your signal.
The internet has given tech magnates access to our lives in ways we couldn’t imagine a generation ago. The agents of hi-tech commerce have become peeping toms, expressionless men standing on our porches, peering in at our lives, recording what we read, watch, and eat. It’s bothersome and filthy, but we’ve all participated in its expansion. The government works in the gray to appropriate the data we’ve so carelessly given up. In exchange for access, it has given the tech billionaires wealth beyond comprehension.
“Everything is a lie and all they have is stolen.” - Nietzsche
The worst of it is here now and soon to be set upon a lax populi distracted by streaming drama and doom-scrolling. “Give them bread and circuses, and they will never revolt.” - Juvenal
We’ve become accustomed to advertising that reflects conversations had near our devices. But the final level of entry compromises our private lives, our secret thoughts, our last place to hide. It can make you afraid to book a therapist or confide in a friend. It’s Hanibal Lecter getting into the head of Agent Starling with his fondling observations and manipulative taunts. It’s a technology impossible to defend against, and it puts our families in danger of losing the precious security of the home, the omertà of familial bonds. This penetrating level of intrusion is known as spyware, a malicious, predatory software that can be inserted in your mobile devices without your knowledge. It leaves almost no trace and disappears when you look for it.
No longer can you protect yourself by avoiding sketchy emails or suspect links. The operators of this type of software can get in your phones just by knowing your number… zero-click. Once they’re in your phones, they’re in your head, reading the private messages you share with lovers, loved ones, or medical professionals. They know your fears, desires, affairs, medications, and sensitive conversations, so long as you enter them in your phone in a note, a text, or a direct message, regardless of encryption. The software can turn on your camera and microphone, recording private conversations. They can use this information to manipulate and control you, to question your loyalty to the state, to record even distant affiliations with unpopular political movements, to arrest you for crimes you haven’t yet committed and label you a subversive for what you say, ‘like’ or watch, ostracizing you from society, denying you and your children healthcare, deducting fines from your linked bank accounts, deducting points from your social credit scores, denying access to education or freedom of movement and ultimately stripping away your protection under the law, stateless and branded. It all sounds dystopian, but it already exists. It’s coming to your front door, all dressed up as a patriotic partnership between tech companies and the faceless men in dark suits.
A Pending Catastrophe
Paragon Solutions emerged in 2019, a cyber-attack predator born from minds trained by the IDF’s elite Unit 8200. The Database of Israeli Military and Security Export (DIMSE) chronicled its rise. Its founders, comprising former Israeli PM Ehud Barak, Unit 8200 commander Ehud Schneorson, and operatives Idan Nurick, Igor Bogudlov, and Liad Avraham, are backed by Battery Ventures and Red Dot Capital Partners. Red Dot’s sole investor, Singapore’s Temasek Holdings, a sovereign wealth fund, fueled this union, rooted in a secret 1965 Israel-Singapore defense pact that persists today, though openly. Red Dot’s founders, Yaniv Stern (ex-McKinsey, intelligence) and Yoram Oron (Yom Kippur vet, VC), saw Paragon as a natural extension of Israel-Southeast Asia tech growth. From Temasek’s shadow to Unit 8200’s forge, Paragon’s inception was no accident – like Dr. Lecter plotting in silence, Jean Sibelius gently playing in the background.
In a newsworthy deal, AE Industrial Partners of Boca Raton, Florida bought Paragon for $500 million in December 2024, giving the Israeli company an American face. Other considerations and milestones value the company at $900M. Not bad for a venture with less than $30M in publicly announced US contracts. To be fair, Paragon (Israel) has numerous contracts in multiple countries already in existence, most of which are secret. Why the seemingly high valuation? I’ll get you there. More on this later.
The initial $500M will be divided among the 400+ employees, the five founders and the investors including Red Dot and Battery Ventures. If AE Industrial is pumping in $500M just for the acquisition, a few things must be true. For one, there is more money available for expanding the employee base in the US, unless they plan on running the existing Israeli operation from Chantilly, VA, where Paragon set up a home base, according to their Linked In page. The Israel Linked In page for Paragon claims 575 employees, which would indicate a strong contract base to fund an operation of that size, one that requires employees with specific cyber-related skillsets. Given Paragon’s connections in the US, including an existing contract with ICE, they are positioned for success.
Note: according to Calcalistech “However, three days after the deal was revealed, Israel’s Ministry of Defense announced that a request to approve the sale had never been submitted and that the deal had not been approved, as required by the Israeli Defense Export Controls Agency (DECA).”
The issue is that Israel considers this type of offensive spyware to be a weapon and as such, must be cleared for sale by DECA. The pending approval or disapproval, will have a major impact on both the sale and the industry. However, The Globe has cited sources claiming the procedures for completing deal followed existing laws. It’s unclear from the article if the sources were from Paragon or the Israeli government.
Paragon needed a sponsor to vouch for their membership in the military industrial circle jerk of lobbying, contracts, bribes, legislation, wars, power and around again. Who could be hired to champion the insertion of Paragon into the apparatus working with defense tech to expand the surveillance state? They would need a well-connected DC firm with strong ties to the kinds of sectors Paragon could work among. Enter WestExec Advisors, whose advisors page is a who’s who in the MIC, the Blob, State, and Congress, including intelligence puff master, John Brennan, former CIA Director, a man who has inspired countless DC insiders to drink themselves stupid after getting involved with him.
WestExec Advisors’ Role with Paragon Solutions
WestExec’s Profile:
WestExec, launched in 2017 by Antony Blinken (U.S. Secretary of State and Netanyahu spox), Michèle Flournoy (former Under Secretary of Defense), and Jeremy Bash (ex-CIA Chief of Staff), is a strategic advisory firm bridging government and corporate worlds, per its site (westexec.com). Its team includes heavyweights like James Stavridis (ex-NATO Supreme Allied Commander) and other former admirals and generals. The firm advises defense giants (e.g., Lockheed Martin, Raytheon) and tech firms like Palantir, raising surveillance concerns due to tracking and data integration.
Involvement with Paragon:
Timeline: WestExec advised Paragon in 2019, shortly after its founding with Ehud Barak as an investor, per The Financial Times. This aligned with Paragon’s early funding ($5-10 million from Red Dot Capital, Battery Ventures, Blumberg Capital), per Forbes 2021.
Role: WestExec likely facilitated Paragon’s U.S. market entry, securing its 2021 DEA contract and 2024 ICE deal $2 million tax-payer dollars. Blinken’s State Department ties and Flournoy’s defense expertise suggest lobbying for regulatory approval, per Intelligence Online (2020). The December 2024 acquisition by AE Industrial Partners ($450-500 million, potentially $900 million) followed this guidance, per Reuters, December 16, 2024.
WestExec is clearly working with Paragon, as detailed in this TechCrunch article mentioning that a WestExec spox responded to media inquiries made to Paragon regarding the Italy debacle.
We simply cannot believe what we read or hear from corporate media. The true agenda of the state lies buried beneath a transparency veneer –ironic, given the oxymoron –masquerading as a public-private partnership, your tax dollars at work. This fusion unmasks a hidden agenda, or what might be termed verum agendi fascism, a phrase Mussolini, with his flair for Latin grandeur, might have appreciated. On the surface, it’s draped in patriotism, promising the protection of the American people, but the reality is mass surveillance – a creeping control where government operations hide behind oligarchic allies in private enterprise. Paragon Solutions’ Graphite spyware, to be merged with AEI’s REDLattice, exemplifies this - its zero-click exploits feeding a panopticon beyond mere security. Think of Peter Thiel’s Palantir, Elon Musk’s SpaceX, Mark Zuckerberg’s Meta, and Larry Ellison’s Oracle. The companies of these billionaires soared with CIA and In-Q-Tel backing, notably Palantir’s early DoD contracts (Wired, 2013) and SpaceX’s 2025 NSA ties. This is the textbook Mussolini model, where state and corporate power merge to dominate. It didn’t end well for him. History looms in his hanged shadow.
The Businesswoman
Paragon has enlisted what Intelligence Online reported was a businesswoman to structure a share reshuffling as part of the process of packaging Paragon Solutions for an acquisition by AE Industrial. The woman they chose to facilitate this process is Nansia Koutsou, a Cypriot/American who runs a business services company called Comform Global Solutions. She is a former co-CEO and CFO of Brack Capital. Why Paragon would need to go to Cyprus for this reshuffling may have to do with the rather weak regulations and oversight regarding business transactions on the island.
The more curious aspect of this is the particular businesswoman they chose. Nansia Koutsou has ties to Tal Dilian, Sara Aleksandra Hamou and the Intellexa Consortium, purveyors of Predator spyware, as well as NSO Group (Pegasus) through affiliated companies in Bulgaria. Both companies and their principals are sanctioned by the US Treasury, OFAC.
Tal Dilian is a former commander in Israel’s highly secretive Unit 81, specializing in developing and providing cutting-edge technological solutions for intel and Spec Ops. It’s part of the Military Intelligence Directorate (AMAN). Unit 81 is Israel’s version of James Bond’s ‘Q’ and their graduates carry a unique “81 DNA” which gives them Carte Blanche in the tech sector, worldwide. NSO’s Pegasus is infamous in these circles and there will be much more on these two enterprises in upcoming articles.
Intelligence Online (Nov24) “In early November, Paragon opened up its capital to new shareholders, one of whom is Nansia Koutsou. The Cypriot businesswoman has experience in carrying out capital operations for Israeli cyber companies. Koutsou heads the Limassol-based company Comform Services and worked for many years as the trustee of choice for Tal Dilian, the former head of Israel's technical intelligence agency, Unit 8200.”
Note: The Israeli news organization, Haaretz, has reported that Dilian was a Commander of Unit 81, not 8200, as reported by IO. Dilian claims on his website to have left the unit with honors and still maintains strong relationships with members. However, there are reports that he left the unit due to mismanaged funds.
Why Nansia Koutsou?
Paragon Solutions isn’t just any tech company, they’re in the cyber-surveillance game, selling tools like Graphite spyware, which has already been linked to abuses against journalists and activists in places like Italy. Their founders have a unique list of contacts worldwide. So, why choose Koutsou, a woman with a documented history tied to controversial figures like Tal Dilian and his partner, Sara Hamou, listed in her sanctions as a corporate offshoring specialist, who together have peddled spyware to dictators and cartels? The answer isn’t simple, but it’s rooted in the gritty reality of their industry. Hamou cut her teeth at Trident Trust, a company mentioned in the ICIJ Investigation known as the Panama Papers.
Her Connections Are the Point
In the world of surveillance tech, connections to shady characters aren’t a flaw, they’re a strength. Koutsou’s past isn’t a secret Paragon overlooked; it’s likely why they chose her. She’s been a key player in the shadows, acting as a trustee of choice for Dilian, managing his incorporation records while he built Intellexa, a spyware empire that sold Predator to groups like Sudan’s Rapid Support Forces, accused of war crimes. Koutsou’s network ties back to Cyprus, a hub for offshore dealings, and includes links to sanctioned individuals and rogue states. For Paragon, this isn’t a liability, it’s a goldmine.
Access to Markets: Koutsou has been tied to operators who know potential clients: governments, militias, or others who need spyware and don’t care about ethics. These are markets Paragon can’t tap through squeaky-clean investors. And yes, Paragon has insisted they will only deal with vetted, ethical governments, but this company is the progeny of spies who are in the deception business. Draw your own conclusions.
Navigating the Gray Zone: Her experience with multiple layers of international companies, much like the tainted Hamou, makes her appear as a fixer, someone who can keep the wheels turning behind the scenes, were she charged to do so. I’m not suggesting she’s a wizard behind a grand scheme, nor am I implying that she has done anything at all criminal, but it’s important to note how these people intersect with one another.
It’s About Power, Not Profit
Sure, financial incentives matter. Koutsou (Sometimes spelled Koytsoy) might bring cash or investment muscle, via her connections as Interim co-CEO of Brack Capital Real Estate, another international firm with ties to Israel. But this goes deeper. Paragon’s playing a power game where influence trumps optics. Paragon’s involvement in the sphere signals they’re not afraid to double down on the NSO Group model: sell to democracies with a wink, claim it’s for “security,” then cash in when rogue players buy in. Was Nansia Koutsou directly involved with NSO? There’s no evidence of that. But she was deeply involved with Tal Dilian, who founded Circles Technologies, which eventually, was merged with NSO Group in a deal with Francisco Partners worth $130M. That’s the short version of the story but I’ll take a deeper dive in my article about NSO Group, who remember, sells the Pegasus spyware connected to murders of journalists, but in this space, that’s not a deal-breaker.
The companies that link Nansia Koutsou and her Comform Services are detailed in this 194-page, five-year European Parliament investigation into Pegasus, known as PEGA. Formally, Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware.
Buried in the Amendments on pages 191-194 is this:
142 a. As outlined in the chapter on Cyprus, Tal Dilian’s company Circles Technologies was sold to former private equity firm Francisco Partners and later on it was merged with NSO Group1a . NSO Group has several subsidiaries registered in Israel, the UK, Luxembourg, the USA, Cyprus and Bulgaria. The Bulgarian subsidiaries of NSO Group provide the Cypriot subsidiaries of research and developments services and export network products to governments1b…
142 a. As outlined in the chapter on Cyprus, Tal Dilian’s company Circles Technologies was sold to former private equity firm Francisco Partners and later on it was merged with NSO Group. NSO Group has several subsidiaries registered in Israel, the UK, Luxembourg, the USA, Cyprus and Bulgaria. The Bulgarian subsidiaries of NSO Group provide the Cypriot subsidiaries of research and developments services and export network 142 a. Investigations related to the use of Pegasus spyware were launched by the Prosecutor’s Office in Sofia in February 2022 and are currently ongoing.
142 b. As of April 2014, a subsidiary under the name of Magnet Bulgaria EOOD was launched in Sofia with the Cypriot MS Magnet Solutions Ltd. as parent company. The main business activities of Magnet Bulgaria are “Development and distribution of software and hardware; consultancy and product development for private, governmental and non-governmental organisations in the field of computer technology and software and telecommunications; integration of software and telecommunications products; marketing and management; information services; internal and external trade; transport and forwarding activities in the country and abroad; participation in other commercial companies; transactions with intellectual property rights; real estate transactions; rental; and all other activities not prohibited by law.”
After reading this, I checked FCC Filings for MS Magnet Solutions, where I found an application for something called a PiXcell Smallcell Wi-Fi Router, among others. Both the FCC filings and the Device Report list Comform and Andreas Koutsos (Koutsou’s business partner) for applications and certifications. Those names are also in the Test Report.
The Illusion of Cleanliness
Paragon isn’t trying to be ethical; they’re trying to look ethical. Koutsou’s role as a shareholder, especially during their 2024 Cyprus reshuffle before the AE Industrial Partners buyout, suggests a calculated move. On paper, she’s a legitimate stakeholder; in practice, she’s a bridge to a network. Could they be sanitizing their image while keeping the playbook intact? It’s cynical, but it fits the pattern of an industry where profit and power often outweigh principles.
Why Not Someone Else?
With all their Unit 8200 connections, Paragon could have picked a less controversial figure. But a “clean” shareholder might not deliver what Koutsou does: insider knowledge, a proven track record in the spyware underworld, and the ability to operate where others can’t. In a competitive, high-stakes market, her baggage is an asset, not a burden. The ethical rot begins to waft off the pages as the research deepens. Paragon’s choice reflects a broader truth: in cyber-surveillance, the line between innovation and exploitation is razor-thin, and they’ve picked a side. If there’s a missing piece, it’s the lack of accountability. No one’s stopping them, certainly not the US State Dept, whose recent contribution to ethical oversight has been to recommend that the IDF investigate its own war crimes.
To button this down…Koutsou was formerly listed as a director of several companies set up by Dilian, including Passitora, Circles Technologies, MS Magnet Solutions and Global Hubcom. Comform Services's collaboration with these companies links them to Intellexa. Another name that appears often related to these companies is Anthony Levy, as Director, often with Hamou. I’ll lay out the convoluted Intellexa Consortium another time. It’s head-spinning.
Although there are online reports that her associations with most or all of these companies have come to an end, what hasn’t come to an end for Nansia Koutsou is her connections to this cyber-security community. It’s not as though Paragon execs did a Google search for “women who are good at reshuffling.” Someone knew she was the right person for the job, and her access to shares rather than a fee, gives her skin in the game. IO – “In addition to Koutsou, Paragon has also opened up its capital to Anat Bensaid-Peleg, Alon Yehoshua - a close associate of Tzahi Nahmias who heads the Discount Investment Corp group - Sharon Silvi Hachmon Dror and Elkabest Investments fund, owned by Shimon Elkabetz who is the director of the cyber firm Accenture Israel.”
The Chair and CEO of Accenture is Julie Sweet, active in the WEF. She also serves on the board of trustees for The Center for Strategic and International Studies CSIS, which lists major funding from defense contractors such as Northrop Grumman, Lockheed Martin, Boeing, General Dynamics, Raytheon Company and General Atomics.
Paragon Solutions is a company that operates in the murky waters of cyber-surveillance. Tools like Graphite spyware are touted as the “ethical solution” to NSO and like companies. Paragon is about optics, not ethics. Their connections in the industry are not just incidental; they're strategic. Koutsou's ties to Tal Dilian and her role as a shareholder in Paragon, are crucial.
There will be much more about Dilian and Predator in a forthcoming article but for reference, check out this article. This network isn't just about business; it's about power and influence. It’s about a ruthless strategy, a step ahead, not of the bad guys as they’d like you to believe, but of the competition.
The Citizen Lab's investigation into Paragon reveals a web of infrastructure tied to government customers across multiple continents. This company isn’t operating in isolation; it's deeply embedded in a global network of surveillance technology. The fact that Paragon's spyware has been used against journalists and civil society members, as reported by The Guardian and TechCrunch, shows that their tools are not always used exclusively for catching criminals and terrorists, as they advertise. NSO has cried the same foul in their objections to sanctions, claiming they can’t be held responsible for their client’s violation of policies. But who runs the servers? Where are they located?
The US government's involvement adds another layer. Despite an executive order restricting the use of commercial spyware, the DEA continues to use Paragon's Graphite. This suggests a complex relationship where legality and ethics are blurred, or ignored. The acquisition of Paragon by AE Industrial Partners, further complicates the picture, potentially merging it with US cybersecurity interests and a broader mass-surveillance strategy.
Paragon's founders bring a military-grade expertise to the table. This isn't just about technological primacy; it's about strategic positioning in a market where the lines between defense and offense are often indistinct. The company's claim of being more ethical than competitors like NSO Group rings hollow when their spyware is used against civilians.
In essence, Paragon's connections are more than just business relationships; they're a web of influence that allows them to operate with relative impunity. The company's ability to navigate legal and ethical gray areas, while maintaining a facade of legitimacy, is what keeps it in the game. Yes, this is about power and control, but also the willingness to operate in the shadows.
The use of spyware against journalists and activists is a direct threat to freedom of expression and the right to privacy. It's not just a matter of corporate ethics; it's a question of fundamental human rights. The involvement of investment firms like AE Industrial Partners suggests significant financial interest in the spyware industry, potentially driving the expansion of these technologies, as well as complementary technologies that can sift and analyze data collected from our mobile devices, drawing conclusions and making decisions about which data are actionable. You have to wonder why a company with a portfolio like AEI’s would by a spyware firm. Bigger plans are afoot.
Paragon Solutions is more than just another tech company. Graphite spyware that can infiltrate phones and siphon off data with military precision. Graphite extracts data from iCloud or other backups, sidestepping encryption, and can activate microphones/cameras.
The Citizen Lab’s investigation mapped out Paragon’s infrastructure. It’s a global network, tied to government customers across continents. It’s embedded in a surveillance ecosystem that spans the planet. And let’s not kid ourselves, their spyware isn’t just for catching bad guys. The reports documenting that spyware has been used against journalists, activists, political opposition, and dissidents, is not collateral damage; it’s the game. It’s a race for dominance, and AEI wants the pole position.
The fact that the DEA is still using Paragon’s Graphite is not an oversight. The lines between legal and ethical are so blurred here, it’s like trying to read blue ink on black paper. And when AE Industrial Partners, a US investment group, swoops in to acquire Paragon, it’s a business deal that merges interests that tie this whole thing to US cybersecurity, read ‘surveillance’ ambitions.
Paragon’s founders aren’t your average tech bros. They’re war-tested. They’re veterans of a crew that doesn’t just build software; they build weapons. More than innovation; it’s about positioning in a market where the difference between defense and offense is a matter of perspective.
Paragon cut ties with Italy only after the whole thing blew up in public. That’s damage control, not principles. Note: Italy says it was the government who ended the contract, not Paragon. The disagreement is spelled out here in Euractiv.
In the bigger picture, every time spyware like Graphite gets used against journalists or activists, it’s a direct hit on free speech and privacy. This cuts a clear path to a human rights crisis. The fact that suitcase firms like AE Industrial are pouring money onto this kindling makes it seem like much more than just financial interest; it’s fuel for a larger fire.
How Does Paragon’s Graphite Work - A Recap of Graphite’s Capabilities
Graphite, developed by Paragon Solutions, is a mercenary spyware platform designed for covert surveillance, marketed as a lawful intercept tool for intelligence and law enforcement. Its capabilities, pieced together from various reports, include:
Data Extraction: It can steal messages, contacts, call logs, location data, photos, and activate cameras/microphones on compromised devices – sort of a digital vacuum cleaner for personal info.
Modular Design: The platform uses a delivery module for initial infection, a persistence module for long-term control (e.g., root or jailbreak access), and a data extraction module to siphon data, making it adaptable to different targets.
Stealth Operation: It leaves minimal traces, often evading user detection, which is a hallmark of its sophistication, perfect for staying under the radar.
Infiltration Methods:
Graphite’s primary infiltration method is a zero-click exploit, meaning it doesn’t require user interaction like clicking a malicious link. Here’s how it works:
iOS Zero-Click: Forensic evidence from Citizen Lab 2025 confirms Graphite exploited a zero-day vulnerability, CVE-2025-43200, in iOS 18.2.1’s iMessage. Attackers used an account labeled “ATTACKER1” to send crafted media via iCloud Links, triggering remote code execution without the victim opening it.
WhatsApp Targeting: Reports also link Graphite to zero-click attacks on WhatsApp, exploiting undisclosed vulnerabilities to install spyware silently, confirmed for Francesco Cancellato, though forensic proof is pending due to Android log limits.
Stealth Delivery: The lack of visible signs (e.g., no pop-ups) makes it a ghost in the machine, targeting journalists as noted in multiple analyses.
Some spyware relies on SS7 Network Exploitation. What about Graphite? There’s no direct evidence that Graphite exploits the SS7 network, which is a cellular signaling system vulnerable to interception (e.g., location tracking, call rerouting).
Other Israeli spyware, like Circles (Dilian’s old firm), has been tied to SS7 exploitation, but Graphite’s modular approach leans on app-layer attacks (iOS, Android), not network-layer breaches. Its persistence module achieves device-level access without needing SS7’s backdoor. Graphite’s focus on zero-day app exploits suggests a newer, more direct infiltration method.
The Global Web: Government Ties and Infrastructure
The Citizen Lab’s investigations peel back the gauze, exposing how Paragon’s connections extend globally. They’ve mapped out a sprawling infrastructure linked to government clients across continents, in Southeast Asia, the Middle East, and beyond. Companies like this aren’t cold-calling for customers; rather there’s an embedded surveillance ecosystem where deals are brokered through back channels and nods from the right people. Those Unit 8200 ties likely open doors to intelligence communities, while operators with a past like Dilian’s grease the wheels with regimes that don’t flinch at using spyware to silence dissent.
The U.S. Angle: Blurred Lines and Big Money
The U.S. is a tangle of contradictions. An executive order bans commercial spyware that threatens national security, yet the DEA still uses Paragon’s Graphite. How does that work? Connections. Paragon’s ties – whether through founders, investors, or backroom handshakes – give it leverage to navigate these legal cracks. The DEA doesn’t just stumble into this; someone’s vouching for Paragon, keeping it in the fold despite the prohibition.
AE’s involvement ties Paragon to American cybersecurity interests, blending private profit with national agendas. Think about it: a firm with deep pockets and political clout doesn’t buy into a spyware outfit without seeing the strings it can pull – access to government contracts, influence in policy circles, or a seat at the table where defense and surveillance overlap. That acquisition amplifies Paragon’s reach, letting it operate under a US superstructure while still feeding off its global web.
The Playbook: Power, Not Principles
Here’s how the strings get pulled: Paragon’s connections aren’t just about who they know, they’re about what those ties enable. Dilian’s legacy and Koutsou’s role signal to clients – especially the less scrupulous ones – that Paragon is in the club. The Unit 8200 pedigree ensures the tech is top-tier and the mindset is ruthless. Government deals, like Italy’s, show the network delivers results quietly, until it doesn’t. And the US link, via the DEA, WestExec, and AEI, keeps Paragon untouchable, weaving it into a system where legality bends and ethics are optional.
The Bigger Picture
Behind the scenes, these connections are active levers. They open markets, shield Paragon from scrutiny, and keep the cash flowing from investors like AEI who see surveillance as the next gold rush. It’s a cycle: influence begets clients, clients beget profits, profits beget more influence. And at the center? A company that thrives in the shadows, pulling strings through a web that’s as deliberate as it is opaque.
The current website for Paragon is nothing but a placeholder. No information is listed, including an address. However, the $2M Homeland Security/ICE contract for Paragon, detailed here, has an address for Paragon of 14900 Conference Center Drive, Suite 280 in Chantilly, VA. The city of Chantilly is the seat of numerous tech/defense contractors. In fact, over a recent twenty-year span, defense contractors based in Chantilly were awarded $64,328,983,352 in TPD’s, aka taxpayer dollars. That’s a fine place to set up shop for Paragon.
It should be noted though that the address listed for Paragon Solutions on the government contract might be a shared office space, not an actual functioning HQ for Paragon. 14900 Conference Center Drive is known as The Ridgeview at Westfields campus, managed by COPT Defense Properties. It’s a multi-tenant hub hosting defense firms like Peraton and Ampcus Cyber. I found no public records tagging Suite 280 to a single tenant unlike other listings on the campus. Chantilly’s proximity to virtual office providers (e.g., Regus, Metro Offices) and its defense contractor density (FBI, CIA affiliates) suggest the address is a good place for an Israeli company to establish a US presence and a foothold in the industry.
As I stated, contrary to the infamous Predator and Pegasus spywares, Paragon sells itself and its signature product, Graphite, as the ethical alternative to spyware malefactors. It’s not a blunt tool for smashing into the phones targeted by anyone who can pony-up the seven-figures for a license; it’s a scalpel for the scrubbed surgeons of law enforcement to extirpate the messages and tactics of the bad guys. This is not to suggest that Intellexa and NSO Group, the respective owners of Predator and Pegasus, are unsophisticated. They’re anything but. The founders are smart, highly trained, well-funded and well-connected to intel agencies, incorporation specialists, militaries, governments, arms merchants, and defense-tech contractors. They all claim to work only with the good guys and respect all international standards of human rights and privacy. The truth is, they are all part of an ecosystem of shell corporations, holding companies, shares transfers, secret deals, hidden identities and manufactured facades of legitimacy.
Case in point: The Rome revelations. Italy is a liberal western democracy that matches the character of the type of government entity to whom Paragon would exclusively cater. Yet despite claims of helping to fight terrorism, Italy’s hacks exposed a darker reality: journalists and migrant rescuers, not jihadists or cartel bosses, were the prey, their innermost lives laid bare under a criminal pretext.
The Insertion Point
If the agreement between Paragon Solutions and AE Industrial Partners goes ahead, the Israeli-born company will likely merge with REDLattice, another cyber-security firm in the AEI portfolio, acquired by AEI in January of 2023.
REDLattice Incorporated, founded in 2012 and headquartered in Chantilly, Virginia, is a cybersecurity firm specializing in offensive cyber capabilities, vulnerability research (VR), reverse engineering (RE), malware analysis, tool development, and advanced operational solutions. It serves the U.S. national security, defense, and commercial communities, with a significant focus on government contracts. In the Marvel lexicon, the term Red Lattice refers to a dimensional highway connecting magical realms. Given the reported history of Marvel/CIA collabs, the company name is a curious choice. Core activities for the US Government:
Offensive Cybersecurity and Computer Network Operations (CNO):
Provides full-spectrum cyber capabilities for Offensive Cyberspace Operations (OCO), including developing and deploying tools to exploit vulnerabilities in target systems. This involves:
Vulnerability Research (VR): Identifying weaknesses in systems (e.g., software, networks) to enable preemptive strikes or intelligence gathering.
Tool Development: Creating custom cyber tools, such as exploits or payloads, for U.S. agencies like the Department of Defense (DoD) or U.S. Cyber Command.
AI-Assisted Solutions: Leveraging artificial intelligence to enhance vulnerability-detection and threat prioritization, enabling proactive cyber operations.
Example: REDLattice researchers hosted a virtual workshop at AvengerCon VIII (organized by the 780th MI Brigade for U.S. Cyber Command), training DoD personnel on firmware extraction and modification using U-Boot, a common embedded bootloader, indicating direct support for military cyber operations.
REDLattice specializes in malware analysis and reverse engineering to dissect adversarial software and develop countermeasures, supporting agencies like the NSA or FBI in understanding and neutralizing threats. This is precisely the capability that gives the Israeli Defense Ministry concerns about having tech like Graphite leave their borders, and their control.
Advanced Operational Capabilities:
REDLattice delivers solutions for complex expeditionary challenges, providing specialized support in operational environments (e.g., battlefield or intelligence missions). Its subject matter experts (SMEs) navigate security, political, and cultural dynamics to ensure mission success.
Cyber Tool Development for DoD and Intelligence:
REDLattice develops proprietary tools for U.S. national security and defense communities, including the DoD, U.S. Army, and intelligence agencies. This includes:
Payload Test Ranges: Testing cyber payloads for reliability and impact.
Cross-Platform Expertise: Supporting Windows, Linux, macOS, iOS, Android, and database systems.
The company contributes to U.S. government cyber capabilities through training, such as the AvengerCon VIII workshop for U.S. Cyber Command, sharing expertise in embedded systems and firmware manipulation.
I asked a simple question of Google’s AI: What cyber tools are used by REDLattice? The following is the AI response:
REDLattice, a company focused on digital resilience, utilizes a range of cyber tools including those for penetration testing, vulnerability scanning, and network security monitoring. They employ tools like Metasploit, Wireshark, and Nessus, along with techniques like SQL injection and cross-site scripting, to simulate attacks and identify vulnerabilities. Here's a more detailed breakdown:
Penetration Testing Tools:
Metasploit: A framework for developing and executing exploit code, used to simulate real-world attacks.
Burp Suite: A web application security testing tool for identifying vulnerabilities in web applications.
Nmap: A network scanning tool for discovering hosts and services on a network.
SQLMap: A tool for automating the detection and exploitation of SQL injection flaws.
Vulnerability Scanning:
Nessus: A vulnerability scanner that identifies security weaknesses in systems and applications.
OpenVAS: Another popular open-source vulnerability scanner.
Network Security Monitoring:
Wireshark: A network packet analyzer used to examine network traffic and identify security issues.
Snort: An intrusion detection system (IDS) that analyzes network traffic for malicious activity.
Other Tools and Techniques:
· HackTheBox: A platform for practicing penetration testing and cybersecurity skills.
Kali Linux: A Linux distribution designed for penetration testing and digital forensics, often used with other tools.
Social Engineering: Techniques like phishing are used to uncover security flaws by exploiting human behavior.
Continuous Security Testing: Platforms like Rootshell and Randori offer "Red Team as a Service" to simulate cyber attacks throughout the attack lifecycle, according to Springboard.
-End of AI response
Merger with Paragon’s U.S. Unit:
The integration of Paragon’s Graphite’s zero-click spyware into REDLattice’s portfolio, expands its offerings to U.S. agencies like the DEA or ICE, which were Paragon clients.
Graphite’s capabilities (accessing encrypted communications, location, cameras, microphones) enhance REDLattice’s CNO tools, potentially used for intelligence or law enforcement missions.
While exact client names are not always disclosed due to classified contracts, REDLattice’s activities plausibly suggest:
Department of Defense (DoD): Via U.S. Cyber Command and the 780th MI Brigade, as evidenced by AvengerCon training.
Intelligence Community: Likely includes NSA, CIA, or FBI, given REDLattice’s focus on VR, RE, and malware analysis for national security.
DEA/ICE: Post-merger with Paragon’s U.S. unit, REDLattice likely inherited contracts for Graphite deployment.
Leadership: John Ayers (Founder/CEO) and Kevin Rummel (President/COO) remain post-acquisition, ensuring continuity
Based on their respective services, the synergy between Paragon's and REDLattice's offerings could be substantial:
Vulnerability Research and Offensive Capabilities: REDLattice excels in vulnerability research, reverse engineering, tool development, malware analysis, and advanced offensive cyber capabilities, enabling them to identify and anticipate threats. Paragon, on the other hand, provides tools, teams, and insights to address these threats. This creates a potent combination for identifying vulnerabilities and developing tools and strategies to counter them. But as I must reiterate, although there are legitimate uses for these capabilities, the potential for abuse is not just present but documented.
Expansion in the "Clean" Offensive Cyber Market: Paragon emerged after the Pegasus scandal, aiming to distance itself from misuse associated with other spyware firms, and the acquisition could further cement its position as a clean company in the offensive cyber market. This merger, therefore, could provide an avenue for both companies to thrive in a market where the ethical development and deployment of cyber tools are increasingly valued. However, they seem to only be valued in private industry, protecting paying clients. How deeply the international intel apparatus is concerned with ethics is clearly open to debate. Remember, the ecosystem of spyware purveyors is built on connections among all the players in the industry, many of whom have an almost psychopathic indifference to who buys or abuses their tech.
Graphite's Fusion and Dystopian Potential
The Creeping Fascism Beneath the Deal.
The word fascism conjures images of jackbooted dictators and military juntas, a historical ghost that shuts down conversation as hyperbolic. But let’s reframe it – not as the cartoonish tyranny of a Mussolini balcony speech, but as the subtler, more insidious model he pioneered: a fusion of private enterprise and public power, where corporations and state interests merge to control society under the guise of security. The Paragon-AEI deal, merging Graphite spyware with REDLattice’s cyber arsenal and potentially Palantir’s Gotham AI, embodies this creeping fascism, a cyberpunk evolution where the sprawl’s neon glow masks a corporate-state stranglehold.
Governments no longer need tanks in the streets to manifest power because data is the ammunition of control. Mussolini’s Italy saw industrial giants like Fiat align with the state to bolster nationalism. Today, AE Industrial Partners (AEI), with its $6.2 billion war chest, and Palantir, embedded in DoD and ICE contracts, partner with US agencies ostensibly to “protect” democratic processes, and for the record, I don’t trust Alex Karp, the self-idealized caped crusader running Palantir, who named one of Palantir’s platforms Gotham.
The December 2024 acquisition of Paragon wasn’t just a business deal; it was a handshake between Ehud Barak’s Unit 8200 roots and AEI’s defense empire, sanctioned by Trump’s 2025 executive order mandating federal data-sharing. This policy, amplifying Palantir’s reach, mirrors Mussolini’s corporatism, where private firms gain state-backed monopolies armed with surveillance tech. In a cyberpunk dystopian realm, which I’ll get to, Palantir is the controlling megacorp, perhaps I’ll rename it.
Consider the evidence: Paragon’s Graphite operates under an ethical sheen while serving DEA and ICE, agencies who are becoming notorious for deportations and profiling (Wired). AEI’s portfolio – Redwire’s VLEO satellites, Edge Autonomy’s drones – could plausibly feed data to Palantir’s Gotham, which predicts dissent with AI precision, a tool USCYBERCOM’s Cyber Mission Force (CMF) and ARCYBER’s Task Force Dagger wield against perceived threats.
But this is more than defense; it’s preemption, a fascist tactic where state and corporate interests suppress freedom under the weighted blanket of national security. The US takeover of Israel’s cyber sector post-NSO’s Biden-era woes, turbocharged by Trump’s deregulation, further entrenches this. Private firms like AEI could export Graphite globally, from Canada to Singapore to unmonitored allies, echoing Mussolini’s export of industrial might to cement power. Not long ago, US defense contractor L3Harris tried to acquire NSO Group, makers of the notorious Pegasus spyware, but the deal was scuttled.
Then there’s this. In April this year, the talentless son of Donald Trump, Don Jr, went to the ethically dubious Bulgaria on an invitation from a crypto company. Per IO (Apr 25) “The country's former prime minister and a media mogul see his visit as an opportunity to remove sanctions.” Quid pro quo, anyone? The sanction lifting could metastasize to include the sanctioned NSO Group, through its affiliation with Circles Bulgaria. More on the courting of junior in a later piece.
Gotham’s Amplification: From Thoughts to Targets
Although there’s no public record of any planned collaborations or joint operations between AEI and Palantir, the latter has been on a consolidation run, so it might be worth considering the plausibility in the context of mass surveillance and oligarchic fascism.
Palantir’s Gotham, named with a Batman flair that belies its menace, is the surveillance state’s brain. It fuses data – texts, GPS, bank records – into real-time intelligence, used in the Pentagon’s $795M Maven contract and ICE’s $30 million deportation tracking. Imagine Graphite’s haul from Cancellato’s phone, his fears and contacts fed into Gotham’s AI. It could map his life, linking a text to his editor to a meeting with an activist, branding him a “threat.”
No evidence ties Gotham directly to Italy’s hacks, but NATO’s 2025 Maven adoption and Five Eyes data-sharing make it plausible. Paragon’s merger with REDLattice, a SOSSEC cyber firm, hints at a pipeline to Gotham, especially under SOSSEC’s $2.5 billion OTA (2023). This is where the Hannibal Lecter analogy chills: Graphite doesn’t just read your thoughts; Gotham weaponizes them, turning private moments into public risks. With Trump’s March 2025 data-sharing order and Stephen Miller’s Palantir ties, the line between foreign hacks and domestic surveillance blurs. Italy’s journalists learned how scary it is to have their minds exposed. America’s reporters could be next, particularly the indies who have shallow legal pockets.
In order to understand Paragon’s Graphite, we need to take a quick look at Palantir’s platforms and then tie Graphite’s capabilities into Palantir to develop a model of mass surveillance.
Palantir: A Broad Overview
Palantir Technologies is a US-based, publicly traded tech company that runs data integration and analytics platforms for large-scale decision-making. Founded in 2003 by Peter Thiel, Alex Karp (CEO), Joe Lonsdale, Stephen Cohen, and Nathan Gettings, it was originally funded in part by the CIA’s venture arm, In-Q-Tel. It retains deep ties to US and allied intelligence and defense sectors.
Palantir’s core operations help organizations integrate, analyze, and act on data; often from disparate, complex, and sensitive sources. Its platforms are widely used in government (especially defense, intelligence, law enforcement), healthcare, finance, energy; manufacturing and supply chain logistics. It’s the “acting on data” part that scares me.
Palantir’s business is built from separate but complementary platforms:
Gotham – Primarily for government and defense/intelligence clients.
Foundry – Commercial and enterprise platform for business analytics and operations.
Apollo – Infrastructure tool that powers the deployment and continuous delivery of Gotham and Foundry in any environment.
AIP (Artificial Intelligence Platform) – A recent initiative to integrate LLMs and AI agents into operations, leveraging existing data pipelines.
MetaConstellation – A newer offering, often tied to geospatial intelligence (GEOINT) and satellite data management.
Edge AI / Palantir Edge – For deploying AI models on edge devices in tactical and field environments.
Origins and Purpose
Gotham is Palantir's chief software platform built with counterterrorism, intelligence, and law enforcement agencies in mind. It integrates, analyzes, and visualizes large volumes of disparate data, helping users uncover hidden patterns and make operational decisions – often in real-time.
Gotham turns massive, siloed data sets into a graph of relationships, timelines, behaviors, and identities.
Gotham was conceived in the post-9/11 context, when U.S. intelligence and law enforcement agencies were being criticized for failing to share information before the attacks.
The 9/11 Commission Report, flawed as it was, exposed deep flaws in data sharing across FBI, CIA, NSA, and others.
There was no unified view of intelligence, and data was often stored in incompatible formats or guarded behind inter-agency walls.
Palantir solved a systemic problem: it gave analysts the ability to ingest and connect highly sensitive data across agencies, all while maintaining security, access controls, and audit trails.
The company received early funding and strategic direction from In-Q-Tel, the CIA’s venture arm. Its analysts shared operational needs.
How Gotham Works (Essentially)
Palantir Foundry: What It Is and Why It Matters
Foundry is a commercial data integration and operations platform designed for enterprise clients – from pharma to finance to manufacturing. Gotham was made for government intelligence; Foundry was designed for industrial and business intelligence.
In simple terms:
Gotham = targeting people/events (e.g., suspects, terror cells)
Foundry = optimizing systems/processes (e.g., supply chains, R&D, logistics)
Foundry brings together siloed data from across a company to create a unified operating picture — enabling decision-making, simulation, automation, and AI-assisted workflows.
How Foundry Works (synthesized from multiple AI sources and earnings calls)
Foundry is built around a modular, object-based data model, where every piece of data (from spreadsheets to real-time sensors) becomes a data asset. Those assets can be tagged, versioned, transformed, and shared with fine-grained permissions. Foundry is not a traditional dashboard. Rather, it’s a total operational stack that ties data to automation and ultimately to action.
Key capabilities:
Gotham and Foundry Work Together
They are increasingly merging at the infrastructure level, so while Gotham and Foundry serve different user groups, they are built on similar backend infrastructure:
Both use Apollo for deployment and continuous delivery.
Both rely on graph-based data representations.
Both enforce role-based access controls and data lineage tracking.
Foundry’s “Ontology” concept mirrors Gotham’s entity modeling. The ontology model enables consistent data interpretation and interoperability across systems.
Both are being linked via the AIP (Artificial Intelligence Platform), which acts as a shared large-language model (LLM) layer for interacting with both platforms.
Palantir has hinted in earnings calls and demos that Gotham and Foundry are converging, especially under:
Military-industrial use cases, where Foundry is used to manage logistics, and Gotham is used to analyze threats.
AI integrations, where LLMs (via AIP) query across both platforms seamlessly.
Example: A defense agency using Gotham to track adversary behavior and Foundry to simulate supply chain disruptions. Both fed into the same AI model via AIP.
Foundry in the Real World
Some high-profile Foundry use cases:
NHS (UK) – Pandemic response, PPE tracking, hospital load forecasting
BP & Shell – Oilfield optimization, emissions tracking, digital twins
Airbus & Ferrari – Manufacturing optimization, parts tracking
Chrysler (Stellantis) – Logistics and supplier risk management
Merck – Drug discovery workflows and R&D data fusion
Implications for Surveillance
While Foundry is marketed as “enterprise software,” its power to integrate, simulate, and operationalize data at scale makes it just as potent in a surveillance context, especially when combined with Gotham:
Imagine fusing financial, biometric, geolocation, health, and social graph data.
Apply an AI model to detect anomalies or simulate population behavior.
Feed alerts or recommended actions into automated operational tools.
If Paragon provides the bridge between government contracts and commercial datasets (say, from healthcare or cloud providers), the line between public safety and total visibility could quickly blur. Graphite’s device-level intel, analyzed by Foundry, made actionable by Gotham, all watched over by the caped crusader, Palantir, from deep in the Karp Kave.
Gotham vs. Foundry – Think of Gotham as B2G and Foundry as B2B
Shared DNA and Integration Points
Both platforms are built on Palantir’s graph-based backend and secured via the same access control frameworks.
Apollo is the deployment infrastructure for both, enabling continuous updates across cloud, on-premise, and edge.
AIP (Artificial Intelligence Platform) provides a unifying AI layer, allowing users to query, simulate, and act across both systems with LLM interfaces.
OK, I get it. There’s a lot here. But here’s why this matters for the potential surveillance state
The combination of Gotham and Foundry joined through AIP, enables a full-spectrum operational intelligence system:
Gotham identifies people or behaviors of interest (e.g., suspected activists, migrants, political actors).
Foundry models the consequences or responses (e.g., optimize police presence, reroute resources, simulate disruption).
AIP coordinates the process through LLM-driven automation, possibly with minimal human oversight.
In the Gaza onslaught, based upon reporting by 972Magazine, and other reports here, and here, and here as well. The parameters for identifying a target can be loosened, allowing less substantiated targets to filter through. Over time, operators rely more and more on the AI to call the kill, pulling the human conscience out of the decision-making process. In terms of surveillance and labeling, this has dangerous, dystopian, long-term implications. If Paragon is plugged in as a systems integrator or solutions provider, this system could be scaled rapidly from war zones to cities.
Countries Currently Using Graphite
Public data on Graphite’s users is patchy, likely by design, as spyware firms like Paragon guard client lists to avoid scrutiny, especially after scandals. Here’s what I could piece together:
Italy: The most documented case is Italy, where Citizen Lab’s June 2025 report confirmed Graphite’s use by AISE and AISI against 90 targets, including journalists like Francesco Cancellato (Fanpage) and activists, following WhatsApp alerts in January 2025. Paragon’s April 2025 contract cancellation after the government’s refusal to investigate, suggests active use until then, though the fallout may have paused it.
United States: The $2 million ICE contract (signed September 27, 2024, paused under EO 14093) indicates US interest, likely for immigration enforcement, but its suspension leaves usage unconfirmed. DEA involvement was uncovered through FOIA requests made by Muckrock.
Australia and Cyprus: Intelligence Online (November 29, 2024) and X chatter suggest Graphite’s deployment in these countries, possibly via intelligence-sharing agreements, though specifics (e.g., agencies, targets) are absent.
Valuation Justification
AE’s $500-$900 million valuation (announced December 2024) for Paragon hinges on more than public contracts, which are sparse, perhaps purposely.
The valuation seems inflated when propped up against public data unless AEI has banked on secret contracts or anticipates a surveillance surge. There exists the possibility of a tactical overpayment to secure the tech within US borders, for US control. The MIC (e.g., WestExec’s influence) likely played a role, leveraging Paragon’s Chantilly address to pitch Graphite as a strategic asset, despite its scandals. The incredible potential with future contracts in a surveillance state is a compelling narrative. Graphite’s ability to breach devices, paired with Gotham’s analytics, fits a growing trend.
The administration might tout this as innovation, but the leap from $2 million to $900 million screams speculative betting on a surveillance boom, or an overbid to be sure this critical technology lands in the US. The founders got a substantial payday to vote yes on the deal.
The Machinery of Control: Gotham, Foundry, and the Coming Fusion
For years, Palantir Technologies has maintained the illusion of separation. Two platforms. Two markets. Two missions.
On one side: Gotham – the black box humming in the nerve centers of the security state. Born from the wreckage of 9/11, it was built to hunt patterns in the digital static: phone records, passport scans, intercepted messages, the crumbs left behind by lives in motion. It doesn't just log what people do, it models who they are, who they know, and what they might do next. To Gotham, a human being is just a node in a behavioral graph, waiting to be lit up.
On the other side: Foundry, clean-cut and corporate. The “ethical twin,” according to the marketing deck. It speaks in the language of logistics, KPIs, and digital transformation. But the bones are the same. It ingests data, models systems, and recommends interventions. For a shipping company, that might mean rerouting containers. For a hospital system, it might mean reallocating ventilators. For a government, it could mean locking down a city block before the protest even happens (predictive policing, aka pre-crime).
Both platforms run on the same skeletal architecture, Apollo, Palantir’s deployment engine. They are increasingly controlled through the same AI interface: AIP. In practice, they’re two faces of the same machine, engineered for full-spectrum dominance of both people and systems. Gotham isolates the target; Foundry moves the levers; AIP decides when to pull them.
And now the walls between them are dissolving.
Palantir has begun threading Gotham and Foundry together in real-world deployments such as security, logistics, public health, and emergency management, all blurring into a single operational picture. The result is something more dangerous than surveillance: predictive governance, where choices are made before they're consciously acted on, justified by graphs and simulations the public can’t see. Our Congress has increasingly worded spending bills to make it almost impossible to see exactly where the tax money goes, often hidden behind national security imperatives.
If Gotham is the eye, and Foundry is the hand, then Paragon could be the unseen touch that connects them to the human face – silently, surgically, and without consent.
The fusion of these platforms won’t be announced with press releases. It will happen in darkened procurement offices, under national security exemptions, behind NDAs. And one day, people may wake up inside a system that doesn’t just watch them, it acts upon them, not because anyone told it to, but because the model predicted they might.
This is speculative but certainly not fantasy. Palantir has publicly stated that AIP is being piloted with US Special Operations Command (SOCOM), DHS, and multiple NATO members. Graphite has been deployed on the tactical edge, and Palantir's border contracts with ICE and CBP go back over a decade.
The addition of AIP turns human decision-making into a software-mediated process, where every choice is informed (or nudged) by algorithmic logic. With enough integration, it’s not just an assistant, it’s an invisible command structure, deciding where attention goes and who gets flagged.
This is where a potential Paragon Graphite integration becomes especially potent and troubling, based on the types of data that could be collected, then filtered through AIP or piped into Foundry/Gotham later:
Paragon currently has well over 400 employees, depending on which source is checked. Regardless of the specificity, it seems like a large work force to only be working on device penetration. The outlandish valuation could be because AEI has insider knowledge of additional, future Graphite capabilities. For example, they could potentially run lightweight machine-learning (ML) models directly on devices or local field equipment. This allows for autonomous anomaly detection even in disconnected environments. For clarity, a lightweight ML model is optimized to operate efficiently on devices with limited computational resources, like many IoT devices. Sidebar: The oft-mentioned Ehud Barak is also involved with a company called Toka, which can infiltrate IoT devices. Think the Jason Bourne’s trackers tapping into all the CCTVs in Waterloo Station. Take a break and watch it here. Yeah, it’s coming.
Why This Is Powerful and Dangerous
This system can operate proactively: not waiting for human direction but automatically flagging anomalies, feeding them into Foundry for simulation, and into Gotham for network analysis. Once flagged, a person can be tracked, investigated, detained, or entered into a predictive model...all without them doing anything illegal, only unexpected. Is it all doom and gloom? No, but that’s not the point. This article is about education and vigilance, keeping an eye on the state so they don’t keep eyes on you. Let’s experiment…
Part 1: Dramatized Field Scenario (Pro-Paragon Use Case)
“Echo Dropped” – A Tactical Win Enabled by Paragon & Graphite
Location: Arizona Border Sector, 14 miles east of Douglas
Time: 03:26 AM
System: Palantir Graphite + Paragon-integrated surveillance feeds + AIP
The Alert Comes Quietly.
On the Graphite-enabled rugged tablet strapped to the wrist of a Border Tactical Response officer, a soft vibration interrupts the early-morning silence. The AIP-generated summary reads:
ALERT: DEVICE DROP DETECTED
"Subject Echo-4 deviated from expected route. No motion detected for 12 minutes.
Comm silence for 4 hours. Power spike + SIM change.
Risk Level: Elevated. Possible compromise or surrender."
Agent Diaz scans the Sonoran Desert ridge. Echo-4 was a high-value asset: a cartel courier turned informant, embedded with a smuggling group. The device was standard issue: equipped with Graphite AI at the edge, tracking biometric data, location, call metadata, and physical handling patterns.
Through Palantir-integrated systems, the alert immediately pulls Echo-4’s known contacts from federal databases. A preconfigured Foundry workflow simulates possible extraction zones based on terrain, patrol routes, and historical interdiction successes.
AIP outputs three prioritized options. No time to waste. Diaz selects Option 2: a rapid-response drone launch with thermal imaging and two-person retrieval crew on standby.
Within 19 minutes, they find the device, half-buried under scrub, casing cracked, battery intact. Echo-4 is gone.
But the AI has already done its job. The courier’s last known contact pings a tower just west of the highway. Surveillance teams are redirected. A live intercept is now in play, not reactive, but preemptive.
This is the version Paragon would pitch in the room:
Faster decisions, lower risk to personnel, predictive operations with minimal analyst load. AI does the grunt work. Humans step in only when needed. Cool right? Hang on…
Part 2: The Algorithm is Never Wrong – Until It Is
Now flip the script.
Different ridge. Different subject. Same platform.
She’s not a cartel courier. She’s a journalist.
Name scrubbed from the system, device locked down, burner route through Tucson to avoid being pinged on smart checkpoints.
Her Graphite-wrapped phone slipped from her bag during a checkpoint bypass. It hit the ground, battery popped, screen went dark. To her, it was a fumble. To the system, it was a flag.
“Device anomaly. Known user off-route.
Movement history inconsistent with prior routine.
Comm silence.
Threat score: 72.9. Alert routing: civil disruption queue.”
Within seconds, Palantir’s backend integration layer pings her metadata into federated DHS systems, an ICE traffic report from 2021, an anti-surveillance talk she gave at a university in 2022, a social media post geo-tagged near a protest zone.
Foundry simulates population flow disruption if she’s detained. Gotham maps her contacts. AIP weighs outcomes.
And suddenly she’s not a person anymore. She’s a variable.
A pattern deviation. A decision node.
Surveillance isn’t deployed. It’s already watching.
She just triggered the next frame in the model.
Ooph!
What happens when “anomalous movement” isn’t a cartel signal, or a journalist, but a single, scared woman traveling out of state for a medical procedure at a woman’s clinic, or a man attending a mosque under surveillance? What if Graphite’s behavioral thresholds are tuned much too tightly, flagging not just true threats, but those who diverge from algorithmically defined norms? Who decides what those norms are?
Palantir’s role – connecting federal databases, biometric watchlists, and legacy law enforcement systems – becomes the very reason such abuse is scalable and everyone – every one of us – is carrying a device that can be compromised. Without strong oversight, their integration tools can link disparate datasets that were never intended to be merged or to retroactively profile subjects using historical behavior scraped from unrelated interactions or simply enable automated flagging for opaque, protean reasons, with no path for appeal.
And when AI acts as the first responder, it becomes nearly impossible to separate false positives from legitimate threats before action is taken. Then you reverse American juris prudence. You’re put in a position of proving your innocence rather than the state proving your guilt. I mean, after all, why would the state target you if you weren’t up to something?
The TLDR: In the field, Graphite & Paragon can save lives and enhance mission speed, especially in dangerous, time-critical ops. But in civil society, that same infrastructure can become a permanent layer of silent enforcement, applied unequally, often invisibly, and without consent. The systems don’t need to be re-coded for abuse – they need only be re-aimed.
Here’s the thing, default logic is the quiet engine behind surveillance systems. It's not the tech itself that's malevolent, it's the assumptions it encodes, the patterns it favors, and the fact that once it decides you're an outlier, everything else moves fast and without friction. That default logic is optimized for control, allergic to ambiguity, and utterly incapable of empathy. Sound familiar?
Think it’s all fantasy? Think again…It’s already in use
Biometric flagging escalation refers to the automated or semi-automated process of increasing surveillance or enforcement response based on biometric data (like face, fingerprint, iris, or gait recognition) that has been matched against a watchlist, deemed anomalous or deceptive, or could be plausibly linked to escalating patterns of other flagged behavior.
In systems like those supported by Palantir platforms and (potentially) a Paragon integration, this could happen almost invisibly and across agencies. Here's how it breaks down:
Initial Biometric Input
A face scan at an airport kiosk, a fingerprint at a border crossing, or even gait analysis from a smart city surveillance feed.Match or Anomaly Detected
· Partial match to a known subject in a federal or commercial watchlist.
· Inconsistency with previous biometric records (e.g., iris drift, liveness failure).
· Biometric cloaking attempts (masking, spoofing).
Escalation Triggered – Based on policies or ML thresholds, the system escalates:
· Tier 1: Passive flag, log event, enhance monitoring.
· Tier 2: Real-time alert to an analyst or automated system (e.g., Gotham node triggers query).
· Tier 3: Active escalation – detain, deny access, or cross-reference other surveillance feeds.
Real-World Analogues
TSA’s Quiet Skies program: passengers flagged for behavior plus biometric signatures, monitored without consent.
China’s “Sharp Eyes” system: gait plus facial scans plus database fusion used to escalate individuals for preemptive detention.
Some US border kiosks have backend systems capable of behavioral scoring based on biometric readings plus travel history.
Why It’s Dangerous
False positives can trigger travel bans, detentions, or social penalties.
Individuals may never know they’ve been flagged, or why (it happened to Tulsi).
Escalation policies are often opaque, buried in system rules or machine learning logic with no accountability.
If integrated across agencies, a single scan can cascade across law enforcement, immigration, finance, and healthcare sectors. Remember how this administration is tying all the databases together for convenience?
Let’s Talk
In the US, there’s been a flood of commentary expressing fears that the US government’s use of Palantir to create a national database will gut our First, Fourth, and Fifth Amendment rights. If Graphite can read thoughts, what happens when its data feeds Palantir’s Gotham, a platform that turns secrets into weapons? Italy’s scandal isn’t just a violation. It’s a warning of a surveillance state that knows you at least as well as you know yourself.
The conversations around mass surveillance tend to mention the big dog, Palantir, but it’s their Gotham platform that is worrisome. Palantir’s Gotham platform integrates data for intelligence and defense agencies, not just those in the US. Gotham is Palantir’s core data-fusion platform, used for intelligence (CIA, NSA) and civilian applications (ICE, NYPD).
Harvard has published a thorough but technical analysis of Palantir’s capabilities, here.
The authors highlighted a quote from the CEO of Palantir, Eric Karp. He said, “We understand that all technology, including ours, is dangerous, and that software can be used as a weapon. Lives have been saved and taken as a result of our products.”
Surveillance Risk: Gotham’s “darkly cool” Batman branding hides its dystopian potential. If Graphite targets critics abroad, Gotham could enable similar abuses in the US, especially under Trump’s March 2025 data-sharing Executive Order. Back in 2016, Gizmodo reported on how Palantir was “taking over NYC.” It described Palantir as CIA-backed (fact-check – true) and said, “Co-founded in 2004 by Peter Thiel and Alex Karp, Palantir’s inner workings remain shrouded in secrecy.” Under contracts awarded by Mayors Bloomberg and DeBlasio, Palantir’s Gotham became and remains, an integral part of NYC’s law enforcement and political enterprise.
Closing Riff
Ben Franklin said that those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety. Will Munny said, “deserves got nothin’ to do with it.” Munny was probably right, but we do lose a little of both when choices are made for us by people whose professional ambitions don’t align with our personal concerns.
You really want to close the blinds and load that 9mm? Take a look at what the Special Collection Service does, although our government denies they exist.
In recent weeks the internet has been bubbling over with discussions about mass surveillance in connection with ICE arrests, No-Kings demonstrations, and legitimate Constitutional concerns about the US slowly becoming a surveillance state working hand-in-glove with Palantir. People are beginning to notice that Palantir is amassing enormous data sets and using their systems, for example, to help the IDF acquire targets in its genocide in Gaza and the war in Ukraine. Yes, very much involved in Ukraine. Curiously, Palantir and the Ministry of Digital Transformation in Ukraine have established a partnership for the reconstruction of Ukraine’s infrastructure, yet the war rages on. The best part is, the deal was struck two years ago in the spring of 2023. They help execute the war then they assist in the rebuilding. Palantir is the Halliburton of war tech. They have been tasked by the current administration with combining data on Americans from all federal government agencies and departments yet somehow claim they aren’t making a national database.
In a recent conversation on America This Week, Matt Taibbi and Walter Kirn discussed Joseph Heller’s Catch 22. Speaking of the main character, Captain Yossarian, Kirn says, “As Yossarian keeps saying. The enemy is anyone who wants to kill you. It doesn’t matter if it’s your side or their side.” Americans need to remember that anyone who wants to spy on you, who wants to control you, who wants to police your thoughts, is the enemy. It doesn’t matter if it’s a foreign power or your own government. Freedom of thought and expression are fundamental human rights, without which we are slaves. Some of the greatest stories ever written are in some way a lashing out against tyranny and control. Whether it’s The Confessions of Nat Turner, or Spartacus, or Farenheit 451 or The Hunger Games.
Human beings by their very agency, by their existence among other people in cities and families, have a right under natural law, codified under international law, to revolt against those who wish to enslave them. You have the legal, human right to stand in defiance while the slave masters try to make you afraid to speak and think as you wish. The revolt needn’t be violent. Violence will be used as an excuse for further tyranny. But it needs to be more than a dream. It needs to be real and it requires action, in whatever manner you can muster within the law.
It’s dangerous when taxpayer dollars fund a system that could turn inward, unchecked by democratic oversight. Power corrupts. Unchecked power metastasizes into a caner that consumes personal liberty.
“The truth is that all men having power ought to be mistrusted.” James Madison, chief architect of the US Constitution. He might as well have said that ten minutes ago. Nothing has changed.
Together we can make sure our Batmen are watching out for us, not spying on us.
