Paragon Graphite

Paragon Solutions is an Israeli mercenary spyware vendor founded in 2019 by Ehud Schneorson, former commander of Israeli signals intelligence unit 8200. The company’s flagship product, Graphite, is an iOS and Android mercenary spyware platform marketed exclusively to democratic governments. In 2024, Paragon was acquired by AE Industrial Partners, a Florida-based private equity firm, in a transaction valued at approximately 500 million dollars. WhatsApp publicly disclosed in early 2025 that around 90 of its users had been targeted by Graphite.

What it means in practice

Graphite targets specific individuals through zero-click delivery via messaging applications. WhatsApp’s January 2025 disclosure named Paragon as the operator behind infections affecting journalists, civil society members, and other targets in approximately two dozen countries. Citizen Lab’s subsequent forensic work has identified Italian, Canadian, and other European deployments. The targeting profile is consistent with the broader mercenary spyware market: a small number of specific high-value individuals rather than mass surveillance.

Specific things to know

Paragon’s marketing positions the company as the ethical alternative to NSO Group, with public commitments to sell only to democratic governments under defined customer criteria. The 2024 sale to AE Industrial Partners closed a path for US government and US-aligned customer access. Italy’s deployment, documented in February 2025, involved targeting a Mediterranean migrant rescue NGO worker and a journalist, leading to the public termination of the Italian Graphite contract and a parliamentary inquiry. Other documented deployments are still under forensic analysis.

Change today

Keep WhatsApp, Signal, and operating systems updated immediately when patches are released. Enable Lockdown Mode on iOS for any account with plausible targeting risk. Audit linked devices on all messaging apps monthly. The Paragon disclosure proved that messaging applications with strong cryptographic guarantees can still be compromised at the device endpoint through zero-click vulnerabilities in the host operating system or in adjacent applications, and the cryptography is not the relevant layer of defence at that point.

Related articles

See our coverage of WhatsApp’s January 2025 Paragon disclosure, the Italian Graphite revocation, and the commercial spyware acquisition wave.