Does TAO still exist under that name?

The NSA reorganized its directorates in 2016 under the 'NSA21' initiative, folding TAO into a broader Computer Network Operations structure, but the TAO designation remains common in public discussion.

What is the ANT catalog?

A leaked internal NSA catalog of hardware and software implants used by TAO, published by Der Spiegel in December 2013, listing tools for compromising routers, firewalls, servers, and mobile devices.

How does TAO relate to international cyber norms?

Its activities illustrate the gap between state offensive cyber capabilities and the non-binding norms developed through the UN Group of Governmental Experts and Open-Ended Working Group processes.

TAO | Model Diplomat

Tailored Access Operations (TAO) is a unit within the U.S. National Security Agency's Signals Intelligence Directorate, established around 1997, that specializes in offensive cyber operations and computer network exploitation (CNE) against foreign targets. It was publicly renamed "Computer Network Operations" and reorganized under the NSA's 2016 internal restructuring known as "NSA21," though the TAO label remains in widespread use in policy and academic literature.

TAO's mission, as described in declassified and leaked materials, is to identify, monitor, infiltrate, and gather data from foreign computer systems and networks deemed of intelligence value. Targets reportedly have included foreign government ministries, telecommunications providers, energy infrastructure, and individuals of counterterrorism interest. Operators develop and deploy custom implants, exploit zero-day vulnerabilities, and conduct supply-chain interdiction.

Public knowledge of TAO expanded sharply after the 2013 disclosures by former NSA contractor Edward Snowden, and again after the 2016–2017 leaks by the group calling itself the Shadow Brokers, who released TAO-linked exploitation tools. Among these were EternalBlue, an SMB protocol exploit later repurposed in the WannaCry ransomware outbreak of May 2017 and the NotPetya attack of June 2017, both of which caused billions of dollars in global damage and prompted significant debate over government vulnerabilities equities practices.

A 2013 Der Spiegel investigation, drawing on leaked documents, published a catalog of TAO hardware and software implants (the so-called "ANT catalog") targeting routers, firewalls, and servers from major Western vendors. These revelations strained U.S. relations with allies and accelerated demands from countries including Brazil and Germany for data localization and indigenous cryptographic standards.

For MUN and IR researchers, TAO is a useful reference point in debates over:

State responsibility for cyber operations under international law
Norms of responsible state behavior discussed at the UN GGE and OEWG
The vulnerability disclosure vs. stockpiling tradeoff
Attribution challenges in cyber conflict

TAO

Frequently asked questions