Israeli spyware firm NSO Group has rolled out its latest Transparency and Responsibility Report for 2025, touting a “new phase of accountability” as it lobbies hard for access to the lucrative U.S. market. But critics aren’t buying it, slamming the document as a superficial PR stunt that lacks the concrete data needed to back up its claims of ethical reform.
Key Points:
- NSO’s report emphasizes commitments to human rights but omits key metrics like the number of clients rejected or terminated for abuses, a stark contrast to prior editions.
- The release coincides with NSO’s push to be removed from the U.S. Entity List, amid leadership shakeups and new U.S. investors.
- Experts from groups like Access Now and The Citizen Lab argue it’s just window dressing, with no verifiable evidence of change.
- While NSO insists its tools enhance global safety when used responsibly, ongoing revelations of Pegasus misuse continue to fuel skepticism.
- The move highlights broader tensions in the spyware industry, where transparency often clashes with secretive government dealings.
The report, NSO’s first in over a year, arrives at a pivotal moment for the company best known for its Pegasus spyware, a powerful tool capable of infiltrating smartphones with zero-click exploits. Pegasus has been linked to the surveillance of journalists, activists, and politicians worldwide, leading to NSO’s blacklisting by the U.S. Commerce Department in 2021. Now, under new executive chairman David Friedman, a former U.S. ambassador to Israel during the Trump era, NSO is signaling a reboot. Friedman, in a statement, underscored that “when NSO’s products are used responsibly by the right authorities, global safety is enhanced,” positioning the firm as a reformed player ready for U.S. business.
Yet, the document itself offers little in the way of specifics. Unlike earlier reports that detailed rejected deals worth millions or terminated client relationships, this one vaguely references “enhanced research and due diligence” without numbers. It mentions commissioning independent reviews for investigations but stops short of disclosing outcomes or even the total number of clients, details that were included in past iterations. NSO has also undergone an ownership shift to U.S. investors and seen key resignations, including CEO Yaron Shohat and co-founder Omri Lavie, which the company frames as steps toward greater accountability.
Critics, however, see it as more of the same. Natalia Krapiva, tech legal counsel at Access Now, told reporters that the report is “just another superficial gesture,” pointing out that spyware firms like NSO have a history of rebranding without substantive change. “We’ve seen this playbook before, new names, new leaders, and vague ethics reports, but the abuses persist,” she said. Similarly, John Scott-Railton from The Citizen Lab at the University of Toronto expressed disappointment: “I expected data and specifics. There’s nothing here that allows outsiders to verify NSO’s claims.” These voices echo broader concerns in the human rights community, where NSO’s tools have been implicated in high-profile cases, from the targeting of Jamal Khashoggi’s associates to surveillance of dissidents in multiple countries.
This push comes amid a shifting political landscape. With the return of a Trump administration, NSO has ramped up lobbying efforts to lift Entity List restrictions, which bar U.S. companies from doing business with it. Recent actions, like the lifting of sanctions on executives from rival spyware firm Intellexa in December 2025, suggest a more permissive environment for such technologies. Still, lawsuits persist: A U.S. court in October 2025 ordered NSO to cease targeting WhatsApp and pay reduced damages to Meta, underscoring ongoing legal battles.
For now, NSO maintains that its spyware is sold only to vetted governments for combating crime and terrorism, rejecting over $300 million in opportunities historically due to human rights risks. But without granular transparency, skeptics argue, it’s hard to take those claims at face value. As the spyware market evolves, with competitors like Intellexa and Cytrox facing similar scrutiny, NSO’s latest effort may test whether words alone can open doors in Washington.
Critics are sharply dismissing NSO Group’s latest Transparency and Responsibility Report for 2025 as little more than a calculated PR maneuver, especially as the Israeli spyware vendor intensifies its campaign to re-enter the U.S. market after years of blacklisting and scandals. Released amid leadership transitions and fresh U.S. investment, the report proclaims a “new phase of accountability” for NSO, the creator of the notorious Pegasus spyware, but it falls short on the hard data that would substantiate such bold assertions, according to human rights advocates and cybersecurity experts.
The document, the NSO’s first transparency update in over a year, reiterates the company’s commitment to human rights standards and ethical sales practices. Yet, it conspicuously avoids providing specific figures on clients rejected, investigated, suspended, or terminated for potential abuses, metrics that were front and center in previous reports. Instead, it vaguely alludes to “independent reviews” and “enhanced due diligence” without disclosing outcomes, client counts, or even the countries where its tools are deployed, leaving observers to question the depth of its self-proclaimed reforms.
Also Read: Cybersecurity Workers Plead Guilty to Running Ransomware Attacks
This opacity stands in stark contrast to NSO’s earlier transparency efforts. For instance, the 2024 report detailed three client investigations, resulting in one termination and corrective measures like human rights training for another, alongside turning down over $20 million in business opportunities flagged for risks. The 2022-2023 disclosures went further, noting six client suspensions or terminations that cost $57 million in revenue. Back in 2021, NSO claimed to have disconnected five clients since 2016 due to misuse, losing $100 million, and ended relationships with five others over broader human rights concerns, figures that built at least a semblance of credibility at the time. The 2025 edition, however, strips away such granularity, prompting accusations that NSO is prioritizing image rehabilitation over genuine oversight as it eyes U.S. opportunities.
The timing of the report is no coincidence. NSO, which was added to the U.S. Commerce Department’s Entity List in 2021 under the Biden administration for enabling human rights abuses, is actively lobbying for delisting amid a more favorable political climate following Donald Trump’s return to office. Recent signals, such as the Trump administration’s decision in December 2025 to lift sanctions on three executives from rival spyware firm Intellexa, have fueled optimism within the industry that restrictions on surveillance tech providers could ease.
NSO’s own overhaul includes a buyout by U.S. investors and significant leadership changes: David Friedman, former U.S. ambassador to Israel and a Trump ally, stepped in as executive chairman, while CEO Yaron Shohat and co-founder Omri Lavie exited the company. In accompanying statements, Friedman emphasized NSO’s mission: “When NSO’s products are used responsibly by the right authorities, global safety is enhanced. This remains our central mission.” Yet, these shifts haven’t quelled doubts, with critics viewing them as cosmetic attempts to curry favor in Washington rather than address core issues.
Human rights organizations and researchers have been particularly vocal in their rebuke. Natalia Krapiva, tech legal counsel at Access Now, described the report as part of a familiar “playbook” employed by spyware vendors: “NSO is clearly working to be removed from the U.S. Entity List, and they need to demonstrate significant change since being added. Leadership changes are one step, and this transparency report is another. We’ve seen similar moves from NSO and other spyware companies before, new names, new leaders, and vague transparency or ethics reports, but the abuses persist.
This is just another superficial gesture, and the U.S. government should not be deceived.” John Scott-Railton, a senior researcher at The Citizen Lab, which has extensively documented Pegasus deployments. echoed this sentiment: “I expected data and specifics. There’s nothing here that allows outsiders to verify NSO’s claims, which is typical for a company with a long history of making statements that later prove misleading.” These critiques underscore a persistent pattern: despite NSO’s assertions that it sells exclusively to “authorized governments” for countering terror and crime, Pegasus has been repeatedly tied to illicit surveillance. Notable cases include the targeting of associates of slain journalist Jamal Khashoggi, opposition figures in Poland and Hungary, and even U.S. diplomats, prompting international outcry and legal actions.
NSO’s history amplifies the skepticism. Founded in 2010, the company has long claimed rigorous vetting processes, rejecting deals worth over $300 million historically due to human rights risks, as per its 2021 report. But revelations from groups like Amnesty International and Forbidden Stories in the 2021 Pegasus Project exposed widespread misuse, leading to NSO’s U.S. blacklisting and a barrage of lawsuits. In May 2025, a U.S. court awarded Meta (WhatsApp’s parent) nearly $170 million in damages against NSO for hacking exploits, later reduced to $15 million plus fees, while ordering NSO to halt targeting WhatsApp users. Despite these setbacks, NSO persists in portraying itself as a reformed entity, with the 2025 report highlighting internal investigations but withholding details that could invite external scrutiny.
The broader spyware industry context adds layers to this saga. Competitors like Intellexa and Cytrox have faced similar sanctions, with the global market for surveillance tools estimated to be worth billions, often operating in shadows that prioritize national security over individual rights. Reports from think tanks like the Atlantic Council warn of “mythical beasts” in this space, vendors contributing to journalist and civil society targeting without adequate governance. NSO’s U.S. ambitions could set a precedent: If successful in delisting, it might encourage other firms to follow suit with minimal reforms, potentially eroding efforts to regulate “hack-for-hire” technologies. Conversely, sustained criticism could pressure policymakers to maintain barriers, as seen in ongoing debates over export controls and international spyware norms.
