New revelations suggest that Intellexa — already sanctioned by the U.S. — had more intrusive involvement in government-led spyware operations than previously believed. A leaked training video shows company staff using remote desktop tools to access live customer surveillance dashboards belonging to Intellexa’s “Predator” system, including personal photos, messages and other sensitive data from real targets. Independent researchers leading the “Intellexa Leaks” investigation say the footage confirms actual deployments (not demos), indicating that Intellexa could monitor the spying performed by its clients — undermining earlier claims that they hands-off once the sale is complete.
Sources: SecurityLab, Hacker News
Key Takeaways
– Intellexa staff reportedly had remote live access — via tools like TeamViewer — to the electronic surveillance dashboards of its government clients, giving them visibility into the personal data of individuals infected with the Predator spyware.
– The leaked materials, including internal docs, marketing slides and training videos, support the view that this was real-world spying, not a sandbox demo — raising new questions about third-party oversight in commercial spyware operations.
– The new evidence adds weight to broader investigations showing that Intellexa continues to deploy zero-day exploits worldwide through its “Predator” spyware, implicating the firm in surveillance abuses across multiple countries.
In-Depth
The latest disclosures surrounding Intellexa paint a troubling picture of how deeply embedded commercial spyware firms remain in real-world intelligence operations — even after being sanctioned. According to a December 2025 report by Amnesty International and corroborated by multiple media outlets, leaked internal training videos reveal that employees at Intellexa routinely accessed live surveillance dashboards belonging to their government clients. Through remote-access tools like TeamViewer, company staff could view sensitive data harvested from targeted phones: photos, messages, location logs — all in real time. This stands in stark contrast to the public posture many spyware vendors maintained, which asserted that once a sale was made, they had no control over how governments used the tools.
The significance of this revelation cannot be understated. The “Intellexa Leaks” investigation — built on confidential documents, sales material, and training footage — argues that the examples shown were not simulated; rather, the video itself includes distinct details linking to real victims: infection URLs, IP addresses, phone model and OS version. One staffer in the video even asked if the footage showed a real system; the instructor reportedly confirmed that it was live. That raises serious ethical and legal concerns about control and accountability. If a private firm retains direct access to a customer’s spying operations, the lines between vendor and operator blur — potentially allowing misuse, data leaks, or surveillance of civilians beyond what governments themselves might disclose.
More troubling is that this access may still be part of ongoing operations. Other recent analyses show that Intellexa continues to exploit zero-day vulnerabilities — undisclosed software flaws — to infect mobile devices worldwide. The company’s flagship product, Predator, is said to be still actively deployed, using evolving attack vectors, including so-called “Aladdin” ads-based methods, making infections stealthier and harder to defend against. In some reported cases, victims have included lawyers, journalists, dissidents, and human-rights defenders in countries like Pakistan and Egypt.
These developments come despite earlier efforts — including sanctions imposed by the U.S. Treasury Department in 2024 — intended to restrict Intellexa’s operations. The sanctions barred U.S. persons and businesses from dealing with Intellexa and its founders over evidence that Predator had been used against U.S. citizens, including government officials and journalists. Yet the leaks and continued threat activity suggest those measures did not fully sever Intellexa’s global influence.
From a broader standpoint, what’s unfolding signals a systemic problem in the commercial spyware industry: when firms don’t just sell their tools but also maintain backend access to them, true accountability becomes nearly impossible. Democracies and human-rights organizations have long warned about the danger of such technology — and yet the persistence of spyware operations like those by Intellexa shows how difficult it is to regulate, monitor, and ultimately curtail their use.
In the end, this isn’t just about one company or one spyware product. It’s part of a global struggle over who controls digital surveillance — governments, private firms, or the public — and whether those capabilities can ever be reconciled with privacy and civil liberties.