Rosita Rijtano is a 2026 Bertha Challenge FellowNo cooperation yet. Israeli spyware company Paragon has not provided any information to Italian judicial authorities trying to shed light on violations involving its Graphite spy software. More than a year after formal requests were submitted to authorities in Tel Aviv, prosecutors are still waiting for responses that could provide technical evidence on the spyware attacks on victims. This is what a Wired Italia investigation has found drawing on qualified sources, official documents, and freedom of information requests that revisit the Paragon case.Publicly, the Israeli company founded in 2019 has repeatedly stated that it is willing to cooperate to clarify alleged abuses involving its products, but Italian authorities are still waiting for a response. The issue, however, goes beyond Paragon and concerns the role played by the Israeli government in shielding companies it considers sensitive.Pegasus, the spyware developed by another major Israeli firm, NSO, has been at the center of scandals over alleged abuses in Poland, Spain, and Hungary. And according to activists, journalists, and lawyers interviewed by Wired Italia for this investigation, the lack of cooperation from Israeli authorities and companies has already hindered efforts to establish accountability.The Paragon case in ItalyParagon came under scrutiny in early 2025. In January, WhatsApp and the University of Toronto’s Citizen Lab said they had identified Graphite on the phones of Italian journalists and activists. Spyware is a highly sophisticated malicious program that can be installed on a device through a zero-click attack, requiring no action from the victim. Once deployed, it can monitor chats on WhatsApp, Signal, and Telegram.The Italian government later admitted that national intelligence services used Graphite against Beppe Caccia and Luca Casarini, co-founders of Mediterranea Saving Humans, a non-governmental organization that rescues migrants in the Mediterranean Sea. At the same time, it has consistently denied targeting journalists Francesco Cancellato and Ciro Pellegrino, respectively editor-in-chief and lead reporter at the outlet Fanpage, who on January 31 and April 29, 2025, were notified by Meta and Apple that they had been targeted by “mercenary spyware” such as Graphite.Paragon could play a key role in clarifying the case. “Paragon is the only one that can investigate Paragon,” a cybersecurity expert who spoke to Wired Italia on condition of anonymity said. The company itself has stated it could help.Italian prosecutors have issued international legal requests, a mechanism whereby the judicial authority of one country (in this case Italy) asks another (Israel) to carry out actions on its behalf. In this case, requesting that Paragon provide information about its software, its clients, and the attribution of attacks, which are particularly complex in such circumstances. According to two qualified sources cited by Wired Italia, however, no meaningful responses have been received so far.Israel’s “shield”“These companies do not want to disclose sensitive information about their software or clients, but they are not independent,” said Eitay Mack, a human rights lawyer who has long fought against abuses involving Israeli spyware abroad. Spyware firms deal in technology considered strategic for Israel’s security and international relations. In 2024, a New York Times investigation showed how NSO was used by Prime Minister Benjamin Netanyahu “to advance the country’s interests worldwide.”According to Mack, this status allows companies in the sector to operate in a sort of “grey area”: while they are private entities, they act on behalf of the government under the supervision of the Israeli Ministry of Defense, which grants export licenses and gives final approval for cooperation with foreign authorities.“With its approval, companies could also be required to cooperate with foreign judicial authorities, but this has never happened because, for Tel Aviv, these firms are not responsible for what happens in their clients’ countries,” Mack added. This is also suggested by official responses to two freedom of information requests obtained by Wired Italia via a source.The first concerns Paragon. On April 9, the ministry led by Israel Katz stated it had reviewed the company’s export activities five times and found no irregularities.The second concerns NSO. After nine inspections, it has never been sanctioned for violating export licenses. Yet its flagship product, Pegasus, has been at the center of the largest spyware abuse scandal in Europe. Alleged violations have been reported in many countries, including Mexico, the United Arab Emirates, and Saudi Arabia. According to Israeli authorities, NSO violated export license rules only once, in 2019, and in relation to marketing activities. The sanction? Just 355,950 shekels, about €91,000 at the time.According to activists, politicians, and journalists, Tel Aviv’s “shield” for spyware producers has already had repercussions across Europe, obstructing justice. In January 2026, Spain’s High Court closed an investigation into the use of Pegasus against several politicians, citing the lack of cooperation from Israeli authorities. Similar issues have arisen in Poland. “NSO has never cooperated with authorities,” said Krzysztof Brejza, a Member of the European Parliament, who was targeted with Pegasus during an election campaign and is still waiting to know who was responsible.There was also an attempt to open a criminal investigation against NSO directly in Tel Aviv. It was initiated by the Hungarian Civil Liberties Union, which represents several Hungarian victims of Pegasus. Investigative journalist Szabolcs Panyi explained: “The organization argued that Israel should not have granted NSO an export license to Hungary.” In that case, the attorney general delegated the matter to the police, which were themselves a client of NSO. The investigation was never opened.A change of course?Founded by former Israeli Prime Minister Ehud Barak and Ehud Schneorson, former commander of Unit 8200, Paragon was sold in 2024 to U.S. cybersecurity firm Red Lattice for more than half a billion dollars. The buyer is controlled by AE Industrial Partners, an investment firm specializing in aerospace, defense, and national security, which works with several U.S. government agencies.From the outset, the company sought to present itself as a more responsible actor in the opaque spyware industry, claiming it only works with “democratic countries” and distancing itself from NSO. In the past two years, however, some of its decisions have been criticized by international human rights organizations. In 2024, Wired first revealed a $2 million contract with ICE, the U.S. immigration agency, which has expanded deportations and surveillance powers since Donald Trump returned to the White House.Natalia Krapiva of Access Now is blunt: “Repeated scandals, including in Europe, show that it is not enough to claim you sell only to democracies.” In June 2025, her organization and others sent Paragon an open letter asking what safeguards it had put in place to detect abuses in real time, what data it collects, where it is stored, who can access it, and whether procedures exist to support victims. “But the company refused any engagement, telling us through intermediaries that it does not speak with us”, Krapiva added.Paragon vs the Italian governmentThe Italian case is a test for Paragon. It began on January 31, 2025, when WhatsApp notified 90 European users that they had been targeted by Graphite. Seven were in Italy. One of them was Francesco Cancellato, editor-in-chief of Fanpage. Others include Beppe Caccia and Luca Casarini (Mediterranea), political consultant Francesco Nicodemo, and, according to IrpiMedia, businessman Francesco Caltagirone.On April 29, 2025, Apple also notified some Italian users that they had been targeted by a “sophisticated attacker”, without specifying how many or whether Paragon was involved. Among them was Fanpage journalist Ciro Pellegrino, who in June 2025 was told by Citizen Lab that traces of Graphite had been found on his phone “with high confidence.”At that point, only two contracts between Paragon and Italian authorities were known, with a total value of €2 million: one with AISI (domestic intelligence) and one with AISE (foreign intelligence). According to a qualified source, the latter is the more significant, as it allows for interception of a larger number of targets, including abroad.Investigators do not rule out that the key to the case may lie in another investigation involving Giuseppe Del Deo, former deputy director of Italy’s intelligence coordination department (DIS). According to prosecutors, Del Deo allegedly used intelligence databases and tools “for private purposes”, and a search warrant dated April 17, 2026 refers to an “Israeli product.”The scandal has triggered an unprecedented blame game between the spyware producer and the Italian state. In a statement published by Haaretz in February 2025, Paragon claimed it had offered Italian authorities a way to verify the events and had terminated its contracts after they refused.Italy’s parliamentary oversight committee (Copasir), however, stated that the decision to end the relationship was mutual and that Paragon’s technical support was not necessary, as verification could be carried out independently.Contradictions, omissions, and “no comment”The committee dismissed Cancellato’s case, stating that he had not been targeted by intelligence services using Graphite, and never addressed Pellegrino’s case. A partial reversal came in February 2026, when technical analyses ordered by prosecutors identified “anomalies compatible with Graphite activity” in WhatsApp databases linked to three Android phones.Investigations into Cancellato’s case are ongoing, while in Pellegrino’s case, no conclusive evidence of Graphite was found on his iPhone.This is precisely where Paragon’s silence is most significant. Experts involved in the analysis noted they could not identify Graphite traces because they lacked information about how the spyware works or what indicators it leaves behind—highlighting the “limited details” provided by Citizen Lab. This is why support from the manufacturer, requested through international legal cooperation, is considered essential.“The Citizen Lab researchers are among the world’s leading experts, and they were clear: my phone was targeted with Graphite,” Pellegrino said, warning: “Today this technology is in the hands of a few, but over time it will become easier to develop. If we don’t set boundaries now, what guarantees do we have that many more people won’t be targeted tomorrow?”Technical findings also suggest another troubling element: anomalies consistent with “post-compromise manipulation,” as if Graphite were designed to erase its own traces.For lawyer Mack, the stalemate ultimately benefits “all actors in this triangle,” who “have an interest in dragging things out: not the Italian government, not the Israeli government, and not the company.”Logo Bertha FoundationRosita Rijtano is a 2026 Bertha Challenge Fellow. This investigation was carried out with the support of the Bertha Challenge Fellowship.You can read the Italian version of the story here.