Screenshot 2026-04-04 at 03.30.43257×253 12 KB

Paragon Solutions is an Israeli spyware company.[1] Paragon has tried to market itself as more responsible than other spyware vendors as competitors like NSO Group and Intellexa have been involved in scandals.[2]

https://en.wikipedia.org/wiki/Paragon_Solutions

Paragon was founded in 2019 by former commander of Unit 8200 Ehud Schneorson as well as Idan Nurick, Igor Bogudlov, Liad Avraham, and Ehud Barak.[3]

In July 2021, Forbes reported that Battery Ventures had invested between $5 and $10 million in Paragon.[3]

According to the Financial Times, after the discovery of Pegasus on the phones of associates of Jamal Khashoggi, “Paragon declined Israeli government requests to replace Pegasus with Graphite in the Saudi armoury.”[4]

In 2023, US president Joe Biden signed Executive Order 14093 which was “seen by experts as targeting NSO, while carving out a space for companies like Paragon to continue selling similar spyware, but only to the closest of US allies.”[4] However, the Biden administration subsequently banned the governmental purchase of Paragon software, because of its use for illegal purposes.[5]

In 2024, RED Lattice, a US cybersecurity firm owned by AE Industrial Partners, reportedly acquired Paragon for over half a billion dollars.[6][7]

In 2025, WhatsApp claimed to have disrupted a campaign by Paragon targeting around ninety users, including journalists and members of civil society.[8][9][10]

Graphite

According to Citizen Lab, Graphite is a spyware tool sold by Paragon which allows “access to the instant messaging applications on a device, rather than taking complete control of everything on a phone.”[1] Software which Graphite is capable of accessing include WhatsApp, Facebook Messenger, and Signal.[11]

Customers

Italy

Targets of the Italian government have reportedly included Francesco Cancellato, the editor in chief of Fanpage.it, Luca Casarini, the founder of Mediterranea Saving Humans, Husam El Gomati, who has been a vocal critic of Italy and its dealings in Libya, and Father Mattia Ferrari, an Italian priest who had a close relationship with Pope Francis.[12][13][14][15]

In February 2025, Paragon reportedly cut ties with the Italian government after determining that the Italian government had broken “the terms of service and ethical framework it had agreed under its Paragon contract.”[16][17]

In June 2025, an Italian parliamentary committee confirmed that the Italian government had used Graphite to hack the smartphones of activists advocating for immigrant rights, including Luca Casarini, Giuseppe Caccia, and David Yambio, while denying that Italy had hacked the smartphone of Francesco Cancellato.[18] Later the same month, Citizen Lab revealed that Ciro Pellegrino, a colleague of Cancellato and the head of the Naples bureau of Fanpage.it, had also been targeted using Graphite, though it was unclear who was behind the targeting.[19]

States

Paragon sells to the United States government.[20] The New York Times reported that the Biden administration allowed the Drug Enforcement Administration to use Graphite.[21] Paragon reportedly hired WestExec Advisors in 2019, as well as Holland & Knight in 2023, to advise it on remaining in the US government’s good graces.[4][22]

In March of 2023, President Joe Biden issued Executive Order 14093, banning “operational use by the United States Government of commercial spyware that poses risks to national security or has been misused by foreign actors to enable human rights abuses around the world.”[23][24][25]

In 2024, a $2 million contract with US Immigration and Customs Enforcement (ICE)[26] was reportedly paused and placed under compliance review, “to review and verify compliance with Executive Order 14093.” According to Wired, experts said that “the level of seriousness with which the US government approaches the compliance review of the Paragon contract will influence international trust in the executive order.”[27]

Following the January 2025 inauguration of President Donald Trump, the second Trump administration reversed or circumvented the Biden-era ban, and began acquiring phone-hacking spyware (notably Paragon Solutions’ Graphite.[28][29]). In 2025, Trump lifted the pause, allowing ICE to use Paragon’s spyware tools.[30]

Late September, 2025, Trump labeled “Antifa” a “domestic terrorist organization,” and issued an executive order to all federal agencies to investigate it. ICE acting director, Todd Lyons, said in an interview that ICE will investigate anti-ICE protester networks, “to track the money. We are going to track these ringleaders… and… professional agitators.” In October 2025, reporter Rachel Maddow warned that ICE’s new surveillance resources — including their spyware, which she said can be covertly inserted into anyone’s phone from a drone hovering over a protest — can be used to target and spy on anyone without a warrant, including any political opposition.[31] Former government officials, Democratic politicians, and civil rights advocates, have complained that ICE is now being permitted and empowered to engage in sweeping surveillance and tracking of Americans engaging in constitutionally permissible political action.[32][31][28][29][26]

Other customers

Citizen Lab “identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore” and “surfaced potential links between Paragon Solutions and the Canadian Ontario Provincial Police.”[1]

https://citizenlab.ca/research/a-first-look-at-paragons-proliferating-spyware-operations/

Paragon Parent Inc.

According to corporate records, on December 13, 2024, all shares in Paragon Israel were transferred to a US company, Paragon Parent Inc. This deal was reportedly worth $500 million upfront, with an additional $400 million payable if Paragon Israel reached set performance targets.

Paragon Parent Inc. was registered in Delaware on October 7, 2024. Shareholder information for Paragon Parent is not publicly available, though reporting suggests that US private equity firm AE Industrial Partners (AEI) acquired Paragon Israel with the intention of merging it with US cybersecurity company, REDLattice Inc.1 The reported merger further bolsters Paragon’s high-ranking intelligence and military connections. According to recent SEC filings, board members of the REDLattice company, REDL Ultimate Holdings (a company linked to RedLattice according to corporate records), include Andrew Boyd, a former senior executive at the CIA and US Air Force, and James McConville, the former Chief of Staff of the US Army.

Paragon’s US Business

While the specific nature of the relationship between Paragon Solutions (US) Ltd. and Paragon Parent Inc. are hard to discern, the presence of Paragon Solutions in the US marketplace is noteworthy. In 2022, the New York Times reported that the Drug Enforcement Administration (DEA) had used Paragon’s Graphite spyware. On the other hand, recent contracting between Immigration and Customs Enforcement (ICE) and Paragon Solutions was reportedly paused under White House review at the end of 2024. Notably, at least 36 civil society organizations expressed concern and called for transparency after this contract was first reported by Wired . The status of that contract is currently unknown.

Paragon US’s senior leadership

John Finbarr Fleming

(https://www.linkedin.com/in/john-finbarr-fleming-a494aa126/)

CIA Leadership (Ret)

Bethesda, Maryland, United States

CIA Leadership (Ret)

Bethesda, Maryland, United States

About

Former senior CIA leader with five years experience in leadership roles in the private sector in both defensive and offensive cyber. Most recently I was Executive Chairman at Paragon US until December of 2024, when Paragon was acquired by REDLattice through AE Industrial Partners. I am now out on my own with my company Finbarr Unlimited, LLC.

Chief Executive Officer

Finbarr Unlimited, LLC · Self-employed

Jan 2025 - Present · 1 yr 4 mos

United States · On-site

Starting a new chapter with my own company.

Board Member
Sunshine Projects · Part-time
Jan 2024 - Present · 2 yrs 4 mos
United States · Hybrid

Sunshine Projects is a public 501 (c) (3) non-profit organization dedicated to serving individuals of all abilities within the intellectual and developmental disabilities. Sunshine Projects provides exceptional enrichment and leadership development opportunities to young adults in the greater DC area. We offer an opportunity to create and mold their own unique experiences through our wide range of educational and creative programs and activities. We see the true power that individuals with intellectual disabilities hold, and we have made it our mission to inspire them to become more creative, confident and independent

Executive Chairman

Paragon Solutions US, Inc. · Full-time

Jan 2024 - Feb 2026 · 2 yrs 2 mos

United States · On-site

Paragon US’s senior leadership

Geoff (“GT”) Tokajer

(https://www.linkedin.com/in/geofftokajer/)

Director, Growth at REDLattice. Bringing cyber to a gunfight. | U.S. Marine Veteran | Former Sensitive Activities Program Director Supporting U.S. Navy SEALs, JSOC & SOCOM | Ex-Twitter

McLean, Virginia, United State

About

I lead strategic growth for high-end operational cyber capabilities at REDLattice, supporting U.S. Department of War customers operating in sensitive and classified environments. My focus is aligning advanced technical capability with real mission requirements and driving programs from engagement to execution.

I led from the Pentagon as a GS-15 Global Cyber Identity Intelligence/Counterintelligence Program Director after more than two decades supporting the U.S. Navy SEALs, JSOC, and SOCOM in Sensitive Activity Programs. Earlier, I served as a United States Marine in combat arms, intelligence, and military law.

I also led teams at Twitter and McChrystal Group, gaining private-sector experience managing large-scale enterprise risk.

I specialize in translating complex cyber capabilities into operational advantage, engaging senior leaders, and navigating the realities of federal acquisition in high-consequence mission spaces.

Director, Growth. SOF/DoD (Paragon acquired by REDLattice Dec 2024)

Paragon Solutions US, Inc. · Full-time

Aug 2024 - Present · 1 yr 9 mos

Washington DC-Baltimore Area · On-site

REDLattice, Inc.

https://www.linkedin.com/company/redlattice/about/

Research. Engineering. Development.

Software Development

Chantilly, VA

7K followers

Overview

At REDLattice, we’re redefining the rules of the cyber game. Our mission goes beyond protecting critical infrastructure—we’re aggressively architecting cyber strategies that determine who controls tomorrow’s digital battlefield.

With cutting-edge tech and brilliant minds, we stay ahead of the curve, identifying and neutralizing threats before they strike. In the fast-paced world of cybersecurity, REDLattice is your innovative partner, using creativity and expertise to outsmart adversaries and keep the digital world safe and sound.

AE Industrial

https://www.aeroequity.com/about/

https://www.aeroequity.com/team/

Investments

REDLattice

https://www.aeroequity.com/investments/

Andrew G. Boyd

(https://www.linkedin.com/in/andrew-g-boyd-12194673/)

Cyber Threat and Geopolitical Risk Thought Leader/Former Senior CIA Officer/Board Member

Arlington, Virginia, United States

About

Former senior executive with 30+ years of Federal Government leadership experience at CIA and the U.S. Air Force. Led CIA’s thousands strong cyber work force responsible for intelligence collection, analysis and operations focused on foreign cyber threats to U.S. interests. Deep experience leading global intelligence operations. In-depth knowledge of geopolitics, cyber operations and policy, and security practices and risk mitigation.

Operating Partner
AE Industrial Partners, LP · Full-time
Mar 2025 - Present · 1 yr 2 mos

REDLattice, Inc.
2 yrs 7 mos
Washington DC-Baltimore Area

• 
  Chief Executive Officer
  Full-time
  Aug 2025 - Present · 9 mos
  On-site
  

• 
  Member, Board of Directors
  Part-time
  Oct 2023 - Present · 2 yrs 7 mos
  Hybrid
  

REDLattice is a software engineering firm focused on customer’s business challenges. Expertise is in cyber research and development, vulnerability research, reverse engineering and malware analysis.

https://citizenlab.ca/research/a-first-look-at-paragons-proliferating-spyware-operations/

Identifying a Possible Canadian Paragon Customer. Our investigation surfaced potential links between Paragon Solutions and the Canadian Ontario Provincial Police, and found evidence of a growing ecosystem of spyware capability among Ontario-based police services.

Canadian Law Enforcement’s History with Surveillance

The OPP has previously been linked to other instances involving the procurement or use of controversial surveillance technologies. In 2019, the Toronto Star reported that for several years the OPP was the only police service in Canada to procure cell site simulator technology (i.e., “Stingray” equipment) which can be used to intercept private communications. In 2020, The Citizen Lab reported that the OPP developed and deployed technology to scrape communications from private, password-protected online chatrooms without obtaining judicial authorization for the mass interceptions.

In 2022, the Royal Canadian Mounted Police (RCMP), Canada’s national police force, disclosed that the RCMP had been using spyware from an unnamed vendor. The RCMP referred to the spyware as an “On-Device Investigative Tool” (ODIT)4, and said it had used ODITs in 32 investigations between 2017 and 2022. The RCMP did not consult with the public, or the Privacy Commissioner of Canada on its use of ODITs. Canada’s Public Safety Minister refused to disclose which vendors supplied RCMP with ODITs, and did not deny that other government agencies might also use ODITs.

Public records obtained and reviewed by The Citizen Lab suggest there is a growing ecosystem of spyware capability among Ontario-based police services. According to public court records obtained by The Citizen Lab, the OPP used the RCMP’s ODITs in the course of a 2019 investigation to infect a mobile phone for remote interception of private communications. A 2023 judgment from the Superior Court of Justice in Toronto describes a joint investigation between the Toronto Police Service and the York Regional Police Service where investigators had considered the use of an ODIT. The Citizen Lab also obtained an additional public court record (a 2023 search warrant application) prepared by the Toronto Police Service (TPS), which reveals that the TPS has independently obtained ODIT software from an unknown source. The application sought authorization to use ODIT software to remotely intercept cellular communications sent through encrypted instant messaging applications.

In the course of the preparation of this report, we have also learned through informal consultations of other cases that have been–or currently are–before the courts in Ontario involving other police services that now also possess or have sought authorization to deploy ODITs, including the OPP, York Regional Police Service, Hamilton Police Service, and Peel Regional Police Service. The apparent expansion of spyware capabilities to potentially multiple police services across Ontario reflects a widening gap in public awareness surrounding the extent to which mercenary spyware is being deployed in Canada.

Catherine Gray

(https://www.linkedin.com/in/catherine-gray-10a9234/)

Director of Contracts

Sterling, Virginia, United State

About

Experienced Director of Contracts and Procurement with a demonstrated history of working in various aspects of government contracting. Skilled in Finance, Defense Contracting, Government Procurement and U.S. Department of Defense.

Director of Operations

Paragon Solutions US, Inc. · Full-time

Jun 2024 - Sep 2025 · 1 yr 4 mos

Mission first!