.png)
This post was originally distributed as a private FLINT report to our customers on 17 June 2026.
Introduction
In October 2025, a United States (US) court ordered the private company NSO Group Technologies Limited, referred to as ‘NSO’ in this report, to stop researching and leveraging vulnerabilities on WhatsApp messaging service, used as a zero-click intrusion vector to install the spyware Pegasus. The decision echoes Apple's lawsuit attempt against the same company in 2021, accusing NSO of using ForceEntry, an exploit on iMessage also enabling zero-click intrusion.
These injunctions are likely to pose a challenge to NSO, and, by extension, to other commercial surveillance vendors (CSVs), to find alternative means of entry to messaging apps, in order to remotely install their spyware.
Among potential alternatives are Advertising-based Intelligence (ADINT), that can be defined as the exploitation of online advertising processes to collect, correlate, and operationalise large-scale data for intelligence purposes. Initially leveraged for profiling and geofencing since at least 2015, AdTech mechanisms have also been used by private actors as offensive vectors of intrusion sold to conduct Computer Network Exploitation (CNE).
This report aims at exploring the development of the use of AdTech mechanisms to collect data for private surveillance solutions, ranging from passive to active and offensive ADINT, and to provide documentation on a few actors known to leverage this technique in their surveillance products.
The weaponisation of AdTech mechanisms for surveillance
Defining Ad-based intelligence (ADINT)
The term ADINT draws its nomenclature from military intelligence vocabulary, though it does not constitute a formally recognised intelligence discipline. The concept was first introduced in 2015 in marketing material published by Rayzone, a US-based surveillance company, and has since established itself as a recurring keyword within the commercial surveillance industry, most notably across Asian markets, as evidenced by its prominent presence in ISS World Forum documentation from 2023 onwards.
The term was subsequently appropriated by academic research to designate the deliberate weaponisation of AdTech mechanisms for intelligence purposes, foregrounding the inherently dual-use nature of advertising infrastructure. In their seminal 2017 study "Exploring ADINT: Using Ad Targeting for Surveillance on a Budget”, researchers Vines, Roesner, and Kohno from the University of Washington formalised the concept, acknowledging both its analytical utility and its definitional limitations.
A distinction must be drawn between ADINT and malvertising. The latter refers to a cybercriminal technique that opportunistically exploits AdTech delivery mechanisms to distribute malicious payloads, prioritising financial gain over target specificity. ADINT, by contrast, denotes the systematic exploitation of online advertising processes to collect, correlate, and operationalise large-scale behavioural data in a targeted and deliberate manner.
This targeting dimension is key. ADINT constitutes a set of espionage techniques oriented toward the identification and surveillance of specific individuals or groups, rather than indiscriminate campaigns optimised for cost-benefit efficiency. It therefore occupies a distinct position at the intersection of intelligence practice and commercial advertising infrastructure.
The exploitation of AdTech mechanisms
ADINT is based on the exploitation of AdTech mechanisms, which are legitimate processes used for online marketing campaigns. In particular, two components of AdTech are likely to be leveraged for surveillance, as they already allow the marketing industry to collect data about users, track their activities and upload content on their devices. These mechanisms are the Real-Time Bidding process, also called RTB, and Software Development Kits, also dubbed SDK.
The Real-Time Bidding process
Real-Time Bidding (RTB) is a programmatic advertising mechanism in which ad inventory is auctioned in milliseconds each time a user loads a webpage containing an advertising space (ad space). The publisher broadcasts a bid request, encapsulating the user's location, device identifiers, and inferred behavioural attributes, to hundreds of competing advertisers simultaneously. The highest bidder wins the impression and serves the ad to the user.
The privacy implications stem directly from this broadcast architecture. Every recipient company obtains the user's data regardless of auction outcome, with no technical obligation to discard it. This creates a structural vector for mass data harvesting: sensitive inferences about health, political views, or sexual behaviour can be derived from browsing patterns and subsequently collected by data brokers, acquired by intelligence agencies, or exploited for political micro-targeting, all without explicit user consent.
RTB therefore operates, in practice, as a large-scale surveillance infrastructure embedded within the commercial advertising ecosystem. Its legality under frameworks such as the GDPR remains actively contested.
The RTB process: main steps and actors
When a user accesses a publisher's application, a bid request is automatically triggered, transmitting user-level data, including IP address, geolocation, and device identifiers, to a Supply-Side Platform (SSP) or Ad Exchange (1, 2). These intermediaries function as open marketplaces, aggregating available inventory and broadcasting bid requests to Demand-Side Platforms (DSPs), which serve as centralised interfaces through which advertisers receive the bid requests and manage their targeting strategies and purchasing decisions.
Upon receiving the bid request, each DSP evaluates the user's profile against its advertisers' targeting criteria (3) and submits a bid accordingly (4). The auction is resolved in milliseconds: the highest-bidding advertiser wins the impression, and their creative is served to the user within the publisher's interface (5).
This architecture is made for highly granular, audience-specific ad delivery, while simultaneously exposing user data to a large number of third-party actors at every auction cycle.
Software Development Kits (SDKs)
Software Development Kits (SDKs) constitute the second major component of the AdTech ecosystem susceptible to intelligence exploitation. SDKs are modular code packages that can be provided by third-party companies to application developers, typically offering turnkey functionalities such as behavioural analytics, crash reporting, or advertising display. In exchange for these capabilities, the integrating developer implicitly consents to allowing the SDK provider to collect user-level data generated within the application, including IP addresses, device identifiers, network information, and usage patterns.
When operated by an external company, these are designated as third-party SDKs. By design, they operate within a sandboxed environment, restricting their access to the broader device filesystem. However, this technical limitation is significantly mitigated by the permissions granted to the host application. If a user has authorised the application to access their geolocation, contact list, microphone, or camera, the embedded third-party SDK inherits those permissions by extension, without requiring independent user consent. This architecture enables SDK providers to substantially expand their data collection capabilities through the host application's permission scope.
This functioning has important implications in terms of surveillance. A single SDK deployed across thousands of applications can aggregate granular behavioural and locational data at population scale, constructing persistent user profiles that extend far beyond the advertising use case. When combined with RTB data streams, this creates a layered surveillance architecture: RTB exposes users at the moment of content delivery, while SDKs enable continuous, passive data extraction throughout the application lifecycle.
Together, these two mechanisms form the operational backbone of advertisement-based intelligence collection.
The categorisation of ADINT usages
The TDR team has proposed three distinct categories to classify these uses:
- Passive ADINT denotes group-level profiling and geolocation patterns;
- Active ADINT refers to near real-time geolocation of a previously identified individual via their MAID;
- Offensive ADINT designates the exploitation of software vulnerabilities through advertising delivery mechanisms to deploy spyware.
Passive ADINT
Passive ADINT constitutes the primary layer of advertisement-based intelligence collection, operating through the systematic harvesting and correlation of metadata emitted during RTB auction cycles. This data is obtained regardless of whether the collecting entity wins the auction, meaning exposure occurs as an inherent structural feature of the broadcast mechanism.
The data transmitted through RTB processes is nominally anonymised, indexed to a Mobile Advertising ID (MAID) rather than directly to an individual. However, through correlation of MAID-linked data, it becomes possible to infer an individual's home address, workplace, daily routines, travel patterns, and social proximity networks, reconstructing a detailed behavioural profile from ostensibly depersonalised identifiers. Commercial platforms already operationalise this capability: Patternz, marketed by the Israeli firm ISA Security, reportedly leverage RTB data to profile billions of users, including real-time location, movement history, and social-proximity networks.
Geolocation represents only one dimension of this collection capability. The advertising industry operates according to a standardised classification framework, the IAB Content Taxonomy, which categorises user interests with considerable granularity. This taxonomy includes specific categories pertaining to “defense Industry” or “aviation Industry”, “space and astronomy”, “government business”, meaning that individuals employed in sensitive sectors are identifiable not only through locational patterns but through the advertising segments they are algorithmically assigned to.
This combination substantially extends the intelligence utility of passive ADINT beyond individual tracking. As demonstrated by investigative reporting from Le Monde, which identified locational patterns associated with personnel at the French presidency, military installations, and strategic defence industries, passive ADINT enables the identification and profiling of entire professional communities, including researchers, government contractors, and employees within sensitive sectors, through the commercial advertising infrastructure to which they are routinely exposed.
Active ADINT
Active ADINT represents an operational shift from broad-based data collection toward targeted, near real-time surveillance of a previously identified individual. Unlike passive ADINT, which surfaces intelligence through retrospective correlation of aggregated datasets, active ADINT presupposes a known target.
It is an individual whose MAID has already been established, whether through prior passive ADINT collection, or conventional intelligence methods. This MAID may also have been extracted through embedded third-party SDKs, which, as previously outlined, continuously harvest device identifiers and behavioural data throughout the application lifecycle, independently of any RTB auction cycle.
The operational mechanism relies on the deliberate configuration of highly specific targeting parameters on the advertiser side during the RTB process, including the target's MAID and geofenced locations of interest. This business model is for instance commercialised through Locate X, a platform sold by the US company Babel Street which allows operators to track a target device by its MAID and geofence locations of interest using data drawn directly from the RTB bidstream.
Rather than indiscriminately harvesting bid request data, the operator constrains the system to surface only signals generated by the target device within defined geographical and temporal boundaries. Each time the configured bid request matches an ad opportunity generated by the target's device, it produces an actionable signal confirming the device's presence at a specific location and time. Crucially, this intelligence output does not require the actual delivery of advertising content, the bid match itself constitutes the collection event.
SDKs can also serve as an active collection instrument in this phase: an operator controlling a third-party SDK embedded within a widely distributed application can directly query the target device for real-time location data, effectively bypassing the RTB infrastructure and retrieving geolocation signals on demand. A documented example is X-Mode (later rebranded Outlogic), a US data broker whose location-collection SDK was embedded in widely distributed applications such as the prayer app Muslim Pro, which collected precise GPS coordinates directly from users' devices, outside the RTB auction.
This capability lends itself to a range of intelligence applications, including physical surveillance support, monitoring of attendance at specific locations or events, and routine validation of a target's movements and patterns. Active ADINT therefore transforms the commercial advertising infrastructure, spanning both RTB mechanisms and SDK-based data pipelines, into a covert geolocation tool, enabling persistent, targeted tracking of individuals through mechanisms that remain largely invisible to both the target and conventional oversight frameworks.
Offensive ADINT
Offensive ADINT constitutes the most technically sophisticated and operationally aggressive dimension of advertisement-based intelligence, repurposing AdTech delivery mechanisms as a vector for malicious payload deployment and device compromise. Rather than passively collecting data or actively tracking a target through bid signals, offensive ADINT weaponises the ad delivery process itself to achieve zero-click device infection, meaning the target device is compromised solely through the display of a malicious advertisement, without requiring any user interaction.
The operational viability of this vector is partly attributable to the increasing legal and technical constraints imposed on conventional spyware infection methods. The 2025 ruling in WhatsApp's lawsuit against NSO, the first instance of a software vendor successfully obtaining judicial sanctions against a CSV, exemplifies the growing legal exposure associated with exploiting messaging application vulnerabilities. Even though this type of court ruling does not necessarily deter NSO from scaling back its activities, as recently reported by Sekoia, it still incentivises CSVs to develop alternatives, of which offensive ADINT represents a credible example.
Two documented cases illustrate the operationalisation of this approach. Intellexa, whose infection vector catalogue was disclosed by Amnesty International, developed a capability designated "Aladdin", which leverages RTB processes to deliver a malicious ad to a target identified by its IP address. Recorded Future further established corporate links between Intellexa and two advertising entities, Pulse Advertise and MorningStar TEC, suggesting deliberate integration into the RTB ecosystem to facilitate ad delivery. In a distinct but related case, Israeli company Insanet developed "Sherlock", an ad-based infection vector subsequently reported by Haaretz in 2023 and identified as bundled with Candiru's DevilsTongue spyware.
Offensive ADINT thus represents how the surveillance industry has exploited the structural openness of programmatic advertising to extend the operational reach of sophisticated commercial spyware.
The development of ADINT in the commercial surveillance industry
The first reported use case of ADINT can be traced back to 2015–2016, when surveillance companies began systematically harvesting and correlating RTB data streams to profile and geolocate groups of individuals sharing common behavioural attributes, such as intelligence personnel clustered around sensitive facilities or cohorts of nuclear scientists.
This capability subsequently evolved to enable near real-time geolocation of specific targets through the correlation of MAIDs, allowing persistent tracking of identified individuals across their ad exposure data.
By the early 2020s, a more aggressive vector emerged: the injection of software exploits through ad content to silently install spyware without user interaction, constituting a zero-click intrusion capability.
2015-2016: Emergence of commercial ADINT-based solutions
The earliest documented use of ADINT involved US-based data brokers systematically harvesting and correlating RTB data streams to profile and geolocate groups of individuals sharing common behavioural attributes. Among the first actors to develop such capabilities were PlanetRisk, Venntel (a subsidiary of Gravy Analytics), Babel Street, and Mobilewalla. Demand was notably driven primarily by US government agencies, which have longstanding procurement relationships with commercial surveillance vendors. These contracts are lawful and documented in open sources, though they have prompted multiple investigations raising concerns about potential misuse.
The legal framework underpinning this dynamic warrants attention. The warrant requirement established in Carpenter v. United States obliges state authorities to obtain judicial authorisation before accessing cellphone location records from service providers. However, Section 702 of the Foreign Intelligence Surveillance Act has been interpreted as enabling agencies to circumvent this requirement by purchasing surveillance products that collect equivalent data through the advertising ecosystem, data which, being indexed to MAIDs rather than directly to individuals, is classified as open-source or commercial information rather than personally identifiable data. Similar legal distinctions apply in other democratic jurisdictions, where data acquired through advertising networks is treated as falling outside the stricter constraints governing the collection of sensitive personal information.
An early documented case of regulatory action in this space concerns InMobi, an Indian company charged by the FTC in 2016 for tracking individuals through AdTech mechanisms without consent. On the operational side, PlanetRisk's product Locomotive, later renamed VISR, illustrates the breadth of passive ADINT applications during this period. Developed in 2016 and drawing on data collected by the data broker UberMedia, Locomotive was used by the US Joint Special Operations Command to monitor the movements of ISIS forces and displaced populations in Syria, ostensibly under the cover of a humanitarian project. Concurrently, the Southern Poverty Law Center purchased the same product to track individuals attending the "Unite the Right" rally in Charlottesville, demonstrating that passive ADINT capabilities were being deployed not only by state military actors but also by civil society organisations.
2019-2023: Market expansion and development of offensive ADINT solutions
Between 2019 and 2023, the ADINT market expanded significantly beyond the United States, with a distinct cluster of Israeli companies emerging as key players. These include Rayzone, Intelos, ISA Security, and Insanet.
Rayzone, listed in the Israel Directory 2018/2019 as a "Cyber Intelligence" provider, developed a solution designated Echo, described as a "Global Virtual SIGINT System" providing surveillance coverage of internet users. The company was initially specialised in exploiting SS7 vulnerabilities, a telecommunications protocol used by phone networks to route calls and SMS messages, for intelligence collection. Its ADINT-related activities were exposed following a significant leak of internal documents in 2021. An hypothesis is that Rayzone turned to AdTech mechanisms partly to reduce its operational dependence on SS7 vulnerabilities, which are becoming increasingly rare as carriers patch legacy infrastructure. Insanet, meanwhile, appeared in 2019 marketing materials associated with the CSV Candiru as the provider of Sherlock, an AdTech-based delivery vector used to deploy the Predator spyware, an early documented instance of offensive ADINT.
Demand for ADINT-based solutions in Israel during this period was further accelerated by the COVID-19 pandemic, which created institutional appetite for technologies capable of monitoring population movements and contact patterns at scale. The Israel Security Agency (Shin Bet) was notably documented employing ad-based intelligence solutions for pandemic tracking purposes. Reporting by Gur Megiddo in TheMarker indicated that Intelos was supplying its product AdHoc to Shin Bet for this purpose, while 404 Media referenced promotional material for Patternz, another ADINT-based surveillance product, framing the technology in the context of pandemic response.
The market also expanded geographically during this period. In Asia, where state agencies have longstanding procurement relationships with commercial surveillance vendors, as evidenced by the 2015 Hacking Team leaks, which identified Malaysia, Thailand, South Korea, Kazakhstan, Azerbaijan, and Uzbekistan as active customers of the RCS spyware, ADINT-based products found a receptive market. ISA Security has marketed Patternz since at least 2021, with commercial support from ARD Security, a business facilitator with reported connections in Singapore. The growing regional relevance of ADINT is further reflected in the Asia ISS World Forum brochures, which have referenced the concept every year since 2023. In parallel, Rayzone began prospecting in Africa as early as 2021, a region where demand for commercial surveillance tools has been rising, with Kaspersky recording a 14% increase in spyware detections among African organisations between 2023 and 2024.
By 2023, cases had emerged of advertising infrastructure being exploited as an active infection vector. Investigations identified entities including Insanet, Patternz, Intelos, and Rayzone as suspected developers of offensive ADINT capabilities. While detailed technical analyses of the precise attack chains remain limited, available evidence suggests these actors leverage DSPs and the RTB process both to collect user data and to deliver malicious payloads to targeted devices.
Advantages and Limitations of ADINT as an intelligence mechanism
ADINT presents several structural advantages that make it an attractive capability for CSVs, while also carrying operational and regulatory limitations that constrain its deployment.
Structural advantages
From an operational standpoint, one of ADINT's primary assets is its ability to exploit the fragmentation of global data privacy legislation. While robust regulatory frameworks exist in certain jurisdictions, notably the European Union's GDPR, California's CCPA, or Japan's Act on Protection of Personal Information, these remain a minority at global scale. In regions lacking equivalent protections, CSVs can harvest user data through AdTech mechanisms without contravening local legislation, effectively leveraging regulatory asymmetry as an operational enabler.
Beyond geographical fragmentation, a structural divergence in consent models further compounds this advantage. Jurisdictions adopting an opt-in framework, as mandated under the GDPR, require explicit, informed user consent prior to any data collection or sharing with third parties. By contrast, opt-out regimes, more prevalent in the United States at the federal level, place the burden of protection on the individual: data collection proceeds by default unless the user takes active steps to withdraw consent.
In practice, the complexity of consent interfaces, the prevalence of dark patterns in cookie banners, and general user inertia mean that effective opt-out rates remain low even where the mechanism formally exists. This asymmetry creates a permissive environment in which large volumes of user data flow through AdTech pipelines with limited friction, irrespective of users' actual privacy preferences.
A second structural advantage lies in the weak nominal anonymisation of AdTech data. Since data transiting through RTB processes is indexed to MAIDs rather than directly to individuals, it is formally classified as commercial rather than personally identifiable information. This distinction has carried significant legal consequences: in the United States, agencies including Customs and Border Protection (CBP), the FBI, and ICE have exploited this classification to acquire MAID-linked datasets without obtaining judicial warrants, thereby circumventing constitutional protections that would otherwise apply, while permitting the easy identification of individuals.
Finally, ADINT's global reach constitutes a decisive operational advantage. As advertising infrastructure is coextensive with internet access, any connected individual worldwide represents a potential collection target. A 2024 Wired investigation illustrated this capability through the case of PlanetRisk, a US company that used active ADINT to enumerate MAIDs located in Aleppo in 2015 and subsequently track the displacement of Syrian refugees across multiple countries.
Operational and regulatory limitations
However, ADINT is not without significant limitations. The precision and reliability of AdTech-derived data varies considerably across vendors and collection methods. While some data brokers capture GPS-grade geolocation, others rely on WiFi or Bluetooth triangulation, introducing meaningful inaccuracies that can undermine operational utility.
Offensive ADINT, in particular, entails substantial resource requirements that extend well beyond technical development. Integration into the RTB ecosystem, whether through DSP registration or proprietary SDK development, demands significant financial investment and the establishment of credibility with industry partners, particularly SSPs, which bear responsibility for auditing ad content and can terminate relationships with actors identified as malicious.
The FTC's 2024 enforcement action against Mobilewalla, a data broker found to have harvested over 500 million unique consumer advertising identifiers paired with precise location data through RTB auctions it did not win, further illustrates how actors exploiting the advertising ecosystem for non-advertising purposes are subject to growing regulatory and legal exposure, a risk that CSVs operating in this space must equally anticipate and mitigate.
Finally, ad-based infection vectors are increasingly subject to export control frameworks applicable to dual-use technologies. Insanet's Sherlock, for instance, requires authorisation from the Israeli Ministry of Defense prior to export, a regulatory constraint that applies independently from the fact that the underlying delivery mechanism, RTB, is a legally sanctioned commercial process. This precedent suggests that offensive ADINT capabilities may face growing scrutiny under international arms control and export regulation regimes.
Conclusion
Advertisement-based intelligence represents a relatively recent but rapidly evolving dimension of the commercial surveillance landscape. Emerging around 2015–2016 through the passive exploitation of RTB data streams for geolocation and behavioural profiling, ADINT has since developed along two additional vectors: the active, targeted use of programmatic advertising infrastructure for near real-time tracking, and, from approximately 2021, the weaponisation of ad delivery mechanisms as zero-click intrusion vectors for the deployment of commercial spyware.
While the documented vendor landscape remains dominated by US- and Israeli-based companies, open-source evidence indicates that ADINT capabilities are being researched and commercialised beyond these ecosystems, notably across Asia. This geographic expansion raises substantive concerns regarding proliferation. The case of Intelos, whose AdHoc solution has maintained a commercial foothold in Hong Kong since 2022, is illustrative in this regard, raising questions about potential technology transfer, industrial espionage, or exploitation of these capabilities by state-aligned actors. More broadly, adversary states may leverage commercially available ADINT datasets to support HUMINT operations targeting high-value individuals, or invest in offensive ADINT research as a component of wider computer network operations.
These developments carry significant implications for both the regulation of AdTech processes and the governance of commercial surveillance capabilities. The structural openness of the programmatic advertising ecosystem, designed for commercial efficiency rather than security, creates systemic vulnerabilities that existing regulatory frameworks have proven insufficient to address. As ADINT capabilities continue to mature and proliferate, the question of responsible use and export control warrants serious consideration within multilateral diplomatic initiatives, including the Pall Mall Process, which has sought to establish shared norms around the development and deployment of commercial intrusion tools.
