This Spyware Company Accidentally Published Its Surveillance Dashboard on LinkedIn

What Was Exposed

The screenshots, briefly visible on a LinkedIn profile associated with Paragon Solutions, showed what appeared to be a fully operational control panel for the company's Graphite spyware platform. The images revealed active interception logs, interfaces for monitoring encrypted messaging applications including WhatsApp, and what researchers identified as a zero click exploit deployment console.

Among the most alarming details was a Czech phone number visible in the leaked data, suggesting active surveillance of a target in the Czech Republic. Security researchers who captured the screenshots before they were removed noted that the dashboard displayed real time session data, indicating the system was not a demo environment but a live operational tool.

The posts were taken down within hours, but not before multiple researchers and journalists had archived the images. Paragon has not publicly commented on the incident or confirmed the authenticity of the screenshots.

What Is Paragon Graphite

Paragon Solutions is an Israeli surveillance technology company founded in 2019. Its flagship product, Graphite, is a spyware platform designed to infiltrate smartphones and extract data from encrypted applications. Unlike traditional wiretapping, which intercepts communications in transit, Graphite operates by compromising the device itself, giving operators access to messages, calls, photos, and location data before encryption is applied.

Graphite is widely considered a direct competitor to Pegasus, the notorious spyware developed by NSO Group. Both tools use zero click exploits, meaning they can infect a target's device without the user clicking a link, opening a file, or taking any action at all. The spyware is delivered silently, often through a specially crafted message or network packet that exploits vulnerabilities in the device's operating system.

Paragon has marketed itself as a more responsible alternative to NSO Group, claiming stricter controls over which governments can purchase its technology. But the leaked dashboard raises questions about how effectively those controls are enforced in practice.

Who Uses It

Paragon sells Graphite exclusively to government agencies, positioning the tool as a lawful interception platform for combating terrorism and serious crime. The company has secured contracts with multiple governments, though the full list of clients remains confidential. Reports have linked Paragon's technology to intelligence agencies in the United States, Europe, and the Middle East.

Paragon also counts US based investors among its backers, which has drawn scrutiny from privacy advocates who argue that American capital is funding tools used to surveil journalists and dissidents abroad. The company's presence in the US market complicates regulatory efforts, since spyware firms operating with American investment can claim a degree of legitimacy that purely foreign operations cannot.

The WhatsApp Connection

In January 2025, WhatsApp notified approximately 90 users across multiple countries that their devices had been targeted by Paragon's Graphite spyware. The notification marked the first time a major platform had publicly linked Paragon to active surveillance operations against its users.

Among those notified were journalists, human rights activists, and members of civil society organizations. The Italian government launched an investigation after several Italian journalists confirmed they had received WhatsApp's warning. The Italian probe is ongoing and has raised questions about whether European governments are using Paragon's tools against their own citizens.

The leaked LinkedIn screenshots showing WhatsApp monitoring interfaces add a new dimension to these concerns. If Graphite's dashboard includes dedicated tools for intercepting WhatsApp communications, it suggests that targeting encrypted messaging platforms is a core capability, not an incidental feature.

The Growing Commercial Spyware Market

The Paragon leak is the latest in a series of incidents exposing the commercial spyware industry's operations. NSO Group's Pegasus was documented targeting journalists and heads of state. Intellexa's Predator spyware was sanctioned by the US government. Candiru's tools were found on the devices of political activists across multiple continents.

What makes the Paragon incident unique is the accidental nature of the exposure. Previous revelations about spyware companies came through investigative journalism, forensic analysis of infected devices, or government disclosures. This time, the company itself published evidence of its capabilities on a professional networking site, apparently by mistake.

The commercial spyware market is estimated to be worth several billion dollars globally. Despite growing regulatory pressure, including export controls and sanctions, new firms continue to enter the market, often staffed by former intelligence officers from Israel, the United States, and Europe.

What This Means

The accidental LinkedIn leak reveals something that security researchers have long argued: the commercial spyware industry operates with a level of secrecy that is fundamentally incompatible with accountability. When a spyware company can accidentally publish its operational dashboard and face no immediate consequences, it suggests that oversight mechanisms are either absent or ineffective.

For individuals who may be targets of state sponsored surveillance, the leak confirms that tools like Graphite are actively monitoring encrypted communications in real time. The presence of a Czech phone number in the leaked data means that someone, somewhere, was being watched at that exact moment.

The commercial spyware industry continues to grow despite sanctions, export controls, and public outrage. Until governments impose binding regulations with meaningful enforcement, companies like Paragon will continue selling surveillance capabilities to the highest bidder, occasionally fumbling their own secrecy along the way.