NSO Group, the Israeli company that created the Pegasus spyware platform, said it had agreed to be sold to a group of U.S. investors in a deal that represents a new chapter for one of the world’s most contentious surveillance vendors. Israel’s Calcalist wrote that the buying group is headed by Hollywood filmmaker Robert Simonds and said the transaction was valued in the tens of millions.
NSO claimed that the company will remain under Israeli jurisdiction, saying that “The NSO Group’s headquarters and development center remain in Israel and are under the Ministry of Defense’s supervision.” The investors weren’t fully identified, and local reporting suggested that co-founder and executive chairman Omri Lavie would be leaving as part of the deal.
What The Deal Alters And What It Doesn’t
In the flush of U.S. capital, NSO could have runway to restructure and refocus after years of legal, regulatory and reputational pressure. But the company says the deal does not change its regulatory obligations in Israel, where exports of offensive cyber tools require government approval and continuing compliance reviews.
NSO has long described Pegasus as a tool for vetted government agencies to fight terrorism and serious crime. The company says it conducts strict client due diligence, maintains geofencing and “kill switch” controls and refuses sales to certain jurisdictions, although critics say those safeguards have failed in practice again and again.
The Compliance and Sanctions Puzzle for NSO Group
NSO is still on the U.S. Commerce Department’s Entity List, which means American companies cannot sell goods and services to it without a license. A transfer of ownership does not automatically lift those restrictions; only U.S. authorities can do so. Any route back to normalized U.S. business will depend on export-control decisions and the company’s ability to prove reform over time.
The company is also caught up in a number of headline-grabbing lawsuits. WhatsApp owner Meta and Apple have sued NSO in American courts for violating their platforms, and a major ruling had previously denied the company’s claims of sovereign immunity, enabling at least one case to move forward. Federal agencies, on the other hand, have implemented harsher policies against use of commercial spyware that the government determines falls under security or human rights risks.
Pragmatically, U.S. ownership may be a coping mechanism for NSO vis-à-vis Western compliance demands, but it raises the stakes of accountability while also increasing legal risk and reputational baggage for buyers — as well as an Entity List designee’s constraints on technology sourcing and business relationships.
Track Record and Human Rights Checks on Pegasus Use
Investigations by Citizen Lab at the University of Toronto, Amnesty International’s Security Lab and a global media consortium known as the Pegasus Project have cataloged widespread misuse of NSO’s tools. You might have heard about this happening in other countries, where Pegasus-based infections are believed to have been discovered on the devices of journalists, lawyers, opposition politicians and human rights defenders in Mexico, Morocco, Hungary, Poland, Saudi Arabia and the United Arab Emirates.
NSO says its systems prevent the targeting of U.S. country-code phone numbers and that sales are terminated once abuses have been proven.
However, independent researchers said that more than one U.S. government official had been targeted when using non-U.S. numbers overseas, increasing questions in Washington about the national security consequences of commercial spyware.
What U.S. Ownership Might Mean for NSO Group
Investors might attempt to rehabilitate NSO by imposing tighter governance on the company: outside oversight boards, smaller lists of customers, real-time auditability and rapid shutdown mechanisms for suspect deployments. They also might demand more transparency reporting and third-party verification of controls — a structure we’re more accustomed to seeing with regulated defense suppliers.
Civil society groups are skeptical. Note: There’s also a fear among researchers — one voiced by the Citizen Lab’s John Scott-Railton — that moving NSO closer to U.S. capital could normalize high-risk surveillance in domestic markets, especially if local police agencies become targets for sales. The crucial question is whether a new cap table will lead to new behavior — particularly around client vetting, human rights due diligence processes, and meaningful remedies when violations are discovered.
A Firm Accustomed to Changing Hands and Owners
(NSO was co-founded by Shalev Hulio and Omri Lavie along with a partner named Niv, and has had multiple other owners and proprietors at various stages.) It had been owned by an American private equity firm, then reclaimed by the founders with support from a European fund, and managed by a restructuring adviser before returning to founder-led control. The new deal constitutes yet another twist in a lengthy ownership merry-go-round.
The company says its solutions have helped prevent kidnappings and terror attacks, and advertises life-saving success stories from dozens of government clients in more than 40 countries. Human rights groups argue that the damage from improper surveillance is systemic and chilling. The incoming owners now have a difficult decision in front of them: reform NSO into a tightly regulated, narrowly defined vendor — or risk continuing the cycle of backlash (and blacklisting) and courtroom fights.
Bottom line: U.S. investors are betting that they can de-risk an essentially contentious category of technology. Regulators, judges and independent researchers will be the ones to conclude whether that bet pays off in true reform or just a fresh round of promises leading to more of the same.
