AI-Powered Security vs. Smartphone Spyware in the US

Ronald Deibert doesn’t travel like a typical academic. In April 2025, he left his personal devices at home, flew from Toronto to Illinois, and bought a fresh laptop and iPhone at an Apple Store—basically treating his own electronics as potential liabilities. That’s not paranoia. It’s an operational response to a modern reality: commercial spyware and state-grade surveillance capabilities are now close enough to everyday life that “normal users” and “normal companies” can get caught in the blast radius.

Deibert runs the Citizen Lab at the University of Toronto, a group known for exposing spyware campaigns and digital repression for more than two decades. Their work reads like an incident response report for democracy itself: identify the intrusion, attribute the tooling, document the harm, and force accountability. The uncomfortable twist—especially for US-based teams building SaaS and digital services—is that the same ecosystem that enables large-scale surveillance also powers legitimate security monitoring. The difference is governance, intent, and controls.

This post is part of our AI in Cybersecurity series, and it takes a clear stance: AI has become the frontline defense against spyware and surveillance threats—but without privacy guardrails, AI can also become surveillance’s favorite accelerant.

Spyware isn’t “a journalist problem” anymore

Spyware risk has spread because the market has matured. What used to require custom tradecraft and deep budgets can now be bought, integrated, and operationalized. Citizen Lab’s investigations—like its early “Tracking GhostNet” work uncovering global espionage footprints, and later reporting tied to spyware used against people near Jamal Khashoggi—show a consistent pattern: targets aren’t just “bad actors.” They’re lawyers, journalists, opposition politicians, student organizers, and the people around them.

That matters in the US digital economy for a simple reason: those people use the same consumer devices and mainstream apps everyone else uses.

Why US companies should care (even if they’re not a target)

Most companies get this wrong. They think of spyware as a niche risk—something for diplomats, defense contractors, or investigative reporters. But spyware campaigns routinely exploit:

• Identity and account recovery workflows (SIM swaps, social engineering, MFA fatigue)
• Mobile endpoints (zero-click or low-click exploitation, malicious profiles, credential theft)
• Third-party apps and SDKs (data leakage, overbroad permissions)
• Corporate devices used personally (a common BYOD reality)

If you run a SaaS platform, a fintech product, a healthcare portal, or even a campus app, spyware operators don’t need to compromise your company to harm your users. They can compromise a user’s phone and then impersonate the user everywhere. Your logs will show “valid sessions,” and your support team will see “normal login issues.”

AI-powered cybersecurity is increasingly the only practical way to detect these attacks at scale—because the signal is subtle and the volume is huge.

What Citizen Lab’s work teaches security teams about detection

Citizen Lab is often described as “counterintelligence for civil society,” and that framing is useful for US security leaders. Their research mindset maps cleanly to modern security operations:

• Assume you’re being watched. Deibert’s travel behavior is basically a human version of zero trust.
• Treat surveillance as an ecosystem, not a single exploit. There’s infrastructure, vendors, infection chains, and operational patterns.
• Document patterns so others can defend. Their impact isn’t only catching one campaign—it’s creating repeatable knowledge.

For enterprise teams, the translation is direct: you don’t win spyware defense by waiting for a signature. You win by catching behavior.

The behavioral signals spyware tends to leave behind

Even “quiet” mobile spyware often creates detectable ripples across identity, network, and app layers. Practical signals include:

1. Account anomalies

   • Sudden token refresh patterns across geographies
   • Recovery email/phone changes followed by new device enrollments
   • Unusual API usage sequences that don’t match human flows

2. Device and session inconsistencies

   • Frequent re-authentication from the same device fingerprint
   • “Impossible travel” that still passes MFA (a sign of session theft)
   • Push notification approvals that cluster in time (MFA fatigue)

3. Network and infrastructure clues

   • Connections to newly registered domains or short-lived infrastructure
   • DNS patterns that don’t match the user’s region or ISP norms

None of these guarantee spyware. But together, they form a picture that AI models are good at scoring—especially when combined with rules and analyst review.

Where AI helps most: detection, triage, and fraud-style analytics

AI doesn’t magically “find Pegasus-style spyware” on a phone. What AI does do well is what security teams actually need day to day: detect anomalies across millions of events, reduce noise, and prioritize the few incidents that matter.

1) AI-driven anomaly detection for identity and access

In many spyware scenarios, the attacker’s goal is access: email, cloud storage, messaging, financial accounts, admin consoles. AI-based user and entity behavior analytics (UEBA) can flag:

• Normal user login times vs. new patterns
• Typical device usage vs. sudden device churn
• Usual app features vs. programmatic “scraping-like” behavior

Here’s what works in practice: model the “shape” of a normal session, not just the IP address.

2) Machine learning for alert triage in security operations

Security teams drown in alerts, and spyware-style incidents are exactly the kind that get missed because they look like minor account issues. ML-based triage can:

• Cluster related events into a single incident
• Identify “similar to known-bad” sequences (without requiring exact matches)
• Auto-summarize incident timelines for analysts

I’ve found that this is where teams get the fastest ROI: less time hunting duplicates, more time on the hard cases.

3) AI-based fraud techniques applied to spyware defense

A lot of spyware-adjacent intrusion looks like fraud:

• Account takeover
• Credential stuffing
• SIM swap
• Social engineering against support desks

Fraud teams already use graph analytics (who is connected to whom), device reputation scoring, and velocity checks. Bringing those techniques into security—especially for consumer-facing platforms—helps catch the “soft underbelly” of spyware operations: the identity layer.

The ethical line: AI security monitoring vs. AI surveillance

Deibert’s worry isn’t only technical. It’s institutional: whether watchdogs, researchers, and oversight mechanisms can still operate independently—especially as political pressure rises and funding gets weaponized. That concern should land with US tech leaders because the private sector increasingly runs the “public square” infrastructure.

Here’s the reality: AI-powered cybersecurity requires visibility. Visibility creates power. Power attracts misuse.

Practical guardrails US digital services should adopt

If you’re deploying AI security monitoring in a SaaS product, you need policies and architecture that make abuse hard.

• Data minimization by default: collect what you need to secure accounts, not what you can monetize.
• Purpose limitation: security telemetry shouldn’t become ad targeting or employee performance tracking.
• Role-based access and audit logs: treat internal access to security data like production access.
• Retention limits: keep raw logs for weeks/months, not forever.
• Human review for high-impact actions: automated lockouts, escalations to law enforcement, or content-based inferences should require oversight.

A one-liner worth adopting internally: “Security data is toxic waste—store it carefully, use it carefully, and dispose of it on schedule.”

A practical playbook: reducing spyware risk for teams and users

Spyware defense isn’t a single product. It’s a layered program that spans endpoint hygiene, identity, and response.

For security leaders (SaaS, fintech, healthcare, education)

1. Harden account recovery

   • Require step-up verification for recovery changes
   • Add cooling-off periods for email/phone changes
   • Monitor support tickets for social engineering patterns

2. Treat executives and admins as “high-risk users”

   • Enforce phishing-resistant MFA for privileged roles
   • Separate admin devices from personal devices where possible
   • Monitor for token theft and unusual API calls

3. Instrument mobile and web sessions for behavioral detection

   • Add device attestation where appropriate
   • Detect session replay and abnormal token refresh
   • Correlate identity events with network and device signals

4. Build an escalation path for suspected spyware

   • Clear internal runbooks
   • A privacy-reviewed process for evidence collection
   • A communication template for affected users

For users and employees (simple, realistic steps)

People want a checklist they can actually follow. This one works:

• Update devices quickly (mobile OS and apps)
• Use passkeys or hardware keys where available n- Lock down account recovery (unique email, strong carrier PIN)
• Reduce app permissions (especially messaging, mic, accessibility)
• Restart phones regularly (it’s not a cure-all, but it disrupts some tooling)

Tools like Security Planner-style guidance—personalized, expert-reviewed steps rather than generic advice—are the direction I like for 2026. Users need fewer scary headlines and more “do this next” clarity.

What the next year looks like in US AI cybersecurity

The pressure Deibert describes—on oversight bodies, universities, and independent watchdogs—has a direct parallel in the security product world. Buyers are now asking two questions at once:

1. Can your AI detect threats fast enough to matter?
2. Can you prove your AI won’t become the threat?

That second question is not theoretical. It shows up in procurement language, privacy addenda, vendor risk assessments, and state-level compliance requirements. If you want leads in 2026, build for that reality: privacy-preserving AI security is becoming a buying criterion, not a nice-to-have.

A forward-looking bet: we’ll see more adoption of approaches like on-device analysis, selective telemetry, and models that score behavior without ingesting sensitive content. Not because it’s trendy—because it reduces legal exposure and earns user trust.

The way to win: AI defense with accountability built in

Spyware and targeted surveillance thrive in the gap between “the device is personal” and “the data is everywhere.” Citizen Lab has spent decades dragging that gap into the light. US technology and digital services now have to close it—at scale.

If you’re building or buying AI-powered cybersecurity, focus on two outcomes: catch account takeover and endpoint-driven abuse early, and do it with strong privacy controls. That’s the only sustainable posture when surveillance capabilities are commoditized.

So here’s the question worth sitting with as you plan your 2026 security roadmap: Will your AI security program protect users from spying—without turning your platform into a surveillance system of its own?