techcrunch.com
Lorenzo Franceschi-Bicchierai
11:15 AM PST · January 8, 2026
The infamous spyware maker released a new transparency report claiming to be a responsible spyware maker, without providing insight into how the company dealt with problematic customers in the past.
NSO Group, one of the most well-known and controversial makers of government spyware, released a new transparency report on Wednesday, as the company enters what it described as “a new phase of accountability.”
But the report, unlike NSO’s previous annual disclosures, lacks details about how many customers the company rejected, investigated, suspended, or terminated due to human rights abuses involving its surveillance tools. While the report contains promises to respect human rights and have controls to demand its customers do the same, the report provides no concrete evidence supporting either.
Experts and critics who have followed NSO and the spyware market for years believe the report is part of an effort and campaign by the company to get the U.S. government to remove the company from a blocklist — technically called the Entity List — as it hopes to enter the U.S. market with new financial backers and executives at the helm.
Last year, a group of U.S. investors acquired the company, and since then, NSO has been undergoing a transition that included high-profile personnel changes: former Trump official David Friedman was appointed the new executive chairman; CEO Yaron Shohat stepped down; and Omri Lavie, the last remaining founder who was still involved in the company, also left, as Israeli newspaper Haaretz reported.
“When NSO’s products are in the right hands within the right countries, the world is a far safer place. That will always be our overriding mission,” Friedman wrote in the report, which does not mention any country where NSO operates.
Natalia Krapiva, the senior tech-legal counsel at Access Now, a digital rights organization that investigates spyware abuses, told TechCrunch: “NSO is clearly on a campaign to get removed from the U.S. Entity List and one of the key things they need to show is that they have dramatically changed as a company since they were listed.”
“Changing the leadership is one part and this transparency report is another,” said Krapiva.
“However, we have seen this before with NSO and other spyware companies over the years where they change names and leadership and publish empty transparency or ethics reports but the abuses continue.”
“This is nothing but another attempt at window dressing and the U.S. government should not be taken for a fool,” said Krapiva.
Ever since the Biden administration added NSO to the Entity List, the company has lobbied to have its restrictions lifted. After President Donald Trump took office again last year, NSO intensified these efforts. But, as of May last year, NSO had failed to sway the new administration.
In late December, the Trump administration lifted sanctions against three executives tied to the Intellexa spyware consortium, in what some saw as a sign of a shift in the administration’s attitude toward spyware makers.
A lack of details
This year’s transparency report, which covers 2025, has fewer details than reports from previous years.
In an earlier transparency report covering 2024, for example, NSO said it opened three investigations of potential misuse. Without naming the customers, the company said it cut ties with one, and imposed on another customer “alternative remediation measures,” including mandating human rights training, monitoring the customer activities, and requesting more information about how the customer uses the system. NSO did not provide any information about the third investigation.
NSO also said that during 2024, the company rejected more than $20 million “in new business opportunities due to human rights concerns.”
In the transparency report published the prior year, covering 2022 and 2023, NSO said it suspended or terminated six government customers, without naming them, claiming these actions resulted in a revenue loss of $57 million.
In 2021, NSO said it had “disconnected” the systems of five customers since 2016 following an investigation of misuse, resulting in more than $100 million in “estimated loss of revenue,” and it also said that it “discontinued engagements” with five customers due to “concerns regarding human rights.”
NSO’s newest transparency report does not include the total number of customers NSO has, statistics that have been consistently present in previous reports.
TechCrunch asked NSO spokesperson Gil Lanier to provide similar statistics and figures, but did not receive answers by press time.
John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses for more than a decade, criticized NSO.
“I was expecting information, numbers,” Scott-Railton told TechCrunch. “Nothing in this document allows outsiders to verify NSO’s claims, which is business as usual from a company that has a decade-long history of making claims that later turned out to be misrepresentation.”
Spyware maker NSO Group will have to pay more than $167 million in damages to WhatsApp for a 2019 hacking campaign against more than 1,400 users.
On Tuesday, after a five-year legal battle, a jury ruled that NSO Group must pay $167,254,000 in punitive damages and around $444,719 in compensatory damages.
This is a huge legal win for WhatsApp, which had asked for more than $400,000 in compensatory damages, based on the time its employees had to dedicate to remediate the attacks, investigate them, and push fixes to patch the vulnerability abused by NSO Group, as well as unspecified punitive damages.
WhatsApp’s spokesperson Zade Alsawah said in a statement that “our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone.”
Alsawah said the ruling “is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone. Today, the jury’s decision to force NSO, a notorious foreign spyware merchant, to pay damages is a critical deterrent to this malicious industry against their illegal acts aimed at American companies and the privacy and security of the people we serve.”
NSO Group’s spokesperson Gil Lainer left the door open for an appeal.
“We will carefully examine the verdict’s details and pursue appropriate legal remedies, including further proceedings and an appeal,” Lainer said in a statement.
The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used by various governments worldwide.
Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
We’re sharing an update on suspected state-backed attacker APT29 and the use of exploits identical to those used by Intellexa and NSO.
Documents reveal how Israel seized files, suppressed information related to WhatsApp’s lawsuit against Pegasus spyware vendor NSO
Shalev Hulio is remaking his image but is still involved in a web of cybersecurity ventures with his old colleagues from NSO Group.
A joint investigation by civil society and independent researchers has uncovered hacking of Armenia spyware victims with NSO Group's Pegasus spyware.
Apple has fixed the three exploits used to deploy the Pegasus spyware, which did not require any interaction from the target.
One widely publicized case of disappearances relevant to this case of spyware infection occurred in September 2015 when a group of 43 students at a teacher
An employee of cyberweapon manufacturer, NSO Group, tried to sell advanced malware to unauthorized parties for $50-Million, according to an Israeli indictment unsealed last week against the individual in question. About two years ago, Herzliya-based NSO Group developed a powerful cyberweapon called Pegasus, which operated as malware that exploited three previously unknown vulnerabilities in iPhones […]
A 500-page document reviewed by WIRED shows Corellium engaged with several controversial companies, including spyware maker NSO Group.
The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
A series of reports into how the Israeli police spied on their own citizens has finally grabbed everyone’s attention – and nowhere more so than among Benjamin Netanyahu’s loyal followers
