Has Israel restricted NSO?

Yes — Israel's Defense Export Controls Agency has reduced the list of countries NSO can sell to since 2021, citing concern over reputational and diplomatic costs.

Are there NSO competitors?

Yes — Candiru, Cytrox/Intellexa (Predator), QuaDream, and others sell similar commercial spyware. The market is concentrated in Israel and a few European countries.

NSO Group | Model Diplomat

What It Is

NSO Group is an Israeli cyber-intelligence firm best known for developing the , sold to government clients worldwide. Founded in 2010 by Niv Carmi, Shalev Hulio, and Omri Lavie, NSO develops surveillance technology marketed to government law-enforcement and intelligence agencies.

Its flagship Pegasus spyware has been deployed against journalists, activists, and political opponents in multiple countries — generating extensive controversy and legal exposure.

What Pegasus Does

Pegasus is sophisticated mobile-device spyware that can:

Compromise iOS and Android devices through zero-click exploits requiring no user interaction.
Grant remote access to messages, calls, microphone, camera, location, and stored files.
Operate covertly with sophisticated anti-detection mechanisms.
Be deployed against specific targets through targeted exploit chains.

The technical sophistication is significant. Zero-click exploits — requiring no user error or interaction — are rare and valuable. The capability to compromise current iPhones and Android phones positions Pegasus among the most capable commercial spyware available.

Sales Model and Customer Base

NSO sells Pegasus to government clients only, per the company's claims. Reported customers include:

Saudi Arabia: alleged use against journalist Jamal Khashoggi and his associates.
UAE: alleged use against activists and royal family members.
Mexico: alleged use against journalists and political figures.
India: alleged deployment against opposition politicians, journalists, and activists.
Hungary: alleged use against journalists and opposition.
Morocco: alleged deployment against French diplomats and journalists.
Various other governments confirmed or alleged.

NSO consistently asserts that customer governments — not NSO — control deployment. Critics argue NSO's sales decisions and licensing practices are themselves consequential.

Major Controversies and Legal Exposure

NSO has faced extensive legal and political consequences:

US Commerce Department added NSO to its Entity List in November 2021, restricting NSO's access to US technology. The listing has substantially constrained NSO's commercial relationships.
Apple filed suit against NSO in November 2021, alleging NSO had targeted Apple users with malware in violation of Apple's terms of service.
Meta (then Facebook) won a 2024 California court ruling holding NSO liable for WhatsApp exploit deployments. The ruling found NSO had used WhatsApp's infrastructure to deliver Pegasus to over 1,400 targets.
The 2021 Pegasus Project, a consortium of 17 media organizations led by Forbidden Stories and Amnesty International, exposed widespread use against journalists, activists, lawyers, and political figures including phones associated with French President Macron and journalist Jamal Khashoggi.

Financial Pressure

NSO has faced significant financial pressure:

Reported defaults on debt: NSO has struggled to service debt incurred during expansion.
Sale negotiations: NSO has been in repeated negotiations for acquisition or restructuring.
Israeli government export-license restrictions: following the international backlash, Israel tightened export licensing for surveillance technology.
Departure of co-founder Shalev Hulio in 2022.
Workforce reductions of substantial percentages over 2022–24.

The firm denies wrongdoing and asserts that customer governments — not NSO — control deployment.

Why NSO Matters

NSO has become the most visible test case for commercial spyware accountability. The legal, regulatory, and reputational consequences NSO has faced will shape how governments and courts approach the broader commercial spyware industry.

The industry includes other major firms (Candiru, Cellebrite, Cytrox, Intellexa Consortium, and others) with similar capabilities and similar concerns. NSO's experience is being watched closely by these firms and by their potential customers.

Common Misconceptions

NSO is sometimes assumed to be the only commercial spyware vendor. It is not — the commercial spyware industry includes dozens of firms with various capabilities. NSO is the most prominent and has faced the most public scrutiny but is not unique.

Another misconception is that NSO operates outside Israeli government regulation. It operates under Israeli export-control regulations; the Israeli Ministry of Defense issues export licenses for NSO's sales. The Israeli regulatory has been controversial but is real.

Real-World Examples

The 2021 Pegasus Project disclosures — documenting Pegasus deployment against journalists and activists in multiple countries — was one of the most consequential cyber-investigative journalism collaborations in modern history. The 2024 Meta v. NSO Group ruling is the most consequential litigation outcome to date against a commercial spyware vendor. The post-2021 broader commercial-spyware policy debate — including the Pall Mall Process and US executive-order restrictions — has emerged partly in response to the NSO controversies.

NSO Group