Israeli Startup Radiant Builds Advanced Zero-Click Spyware Infrastructure for Western Intelligence

An Israeli startup, Radiant Research Labs, has quickly become a pivotal force in the global offensive cyber market, providing highly advanced zero-click surveillance tools to Western intelligence agencies. Founded by veterans of Israeli military intelligence and NSO Group, the company focuses on creating the core technical infrastructure—or the “engine”—for cyber operations that require no interaction from the target user. This development comes amid an intensifying international debate over the ethics and accountability of commercial spyware, yet the company’s tools have already played a crucial role in real-world crises, notably by assisting the IDF in tracking the location of Israeli hostages following the events of October 7th.

The Rise of Radiant: Expertise from Unit 8200 and NSO

Radiant Research Labs was established in May 2023, but its roots run deep into Israel's elite intelligence and cyber defense ecosystem. The company is led by founder and CEO Tal Slomka and Head of Marketing Tzvika Moschkowitz, both of whom carry extensive experience from the Israeli Defense Forces (IDF) intelligence. Slomka served in the Air Force and Unit 8200, specializing in technology for monitoring air threats, before moving to the controversial spyware firm NSO Group as an analysis manager. Moschkowitz also served in IDF intelligence and the Prime Minister's Office before transitioning to NSO for analysis and market development.

The firm's immediate ability to produce about ten major cyber tools since its founding highlights the deep well of talent it draws from, specifically leveraging the expertise of graduates from Israeli military cyber units.

The 'Engine' Strategy: Differentiating from the Spyware Giants

Radiant has been careful to distinguish its business model from firms like NSO and Paragon, which are known for delivering complete, end-to-end spyware solutions to clients. Radiant officials describe their work as building the technical engine—the core capability—rather than the final vehicle used in the field. This strategic positioning suggests the company focuses on creating highly classified, foundational exploits and vulnerabilities that can be integrated into a client's own cyber infrastructure. This emphasis on core technical infrastructure over the end-product may be a method to navigate the increasing legal and ethical scrutiny faced by the commercial surveillance industry.

How Zero-Click Exploits Work: The Invisible Threat

The most powerful and alarming aspect of Radiant’s technology is its zero-click nature. Unlike traditional phishing, which relies on a victim clicking a malicious link (a one-click exploit), a zero-click attack compromises a device without any user interaction whatsoever.

This infiltration is typically achieved by exploiting previously unknown and unpatched vulnerabilities—known as zero-day vulnerabilities—in applications that automatically process incoming data. Messaging and voice-calling apps, such as iMessage, WhatsApp, and Outlook, are frequent targets because they must interpret data (like images, texts, or service packets) from untrusted sources to generate a notification or a preview.

An attacker sends a specially crafted, malicious data packet (e.g., an image file or a missed call notification) that exploits a memory corruption flaw in the receiving app’s code. This allows the attacker to silently execute code and install spyware deep within the device's software framework. Because the attack leaves minimal traces and is self-deleting or invisible, it is exceptionally difficult for a target to detect.

Ethical Guardrails and Geopolitical Clients

The landscape of offensive cyber tools is defined by intense ethical and regulatory controversy, with the United States having previously sanctioned companies like NSO and Intellexa over allegations of their tools being misused against journalists and activists.

Radiant’s strategy aims to address this by focusing its efforts on “Western and international intelligence services,” and claims to work almost exclusively with democratic countries. Company officials assert that this selective approach, guided by the Israeli Ministry of Defence’s strategy, “ensures a basic level of ethical standards” for tool usage. Despite these assurances, the sale of potent zero-click tools to governments keeps the industry at the center of a complex debate, where democratic oversight mechanisms struggle to keep pace with the rapidly evolving technology.

Real-World Utility in Crisis: The Hostage Tracking

The efficacy and dual-use nature of the technology were highlighted shortly after the October 7th attacks. Radiant was one of the companies that provided technical tools to IDF intelligence, which were reportedly used to help track the location of a number of Israeli hostages. This direct, immediate application in a critical national security and humanitarian context underscores the high value that advanced cyber intelligence tools offer to state security services.

Practical Takeaways: Defending Against the Invisible Threat

For the average user or a high-risk individual (like a journalist, activist, or government official), defending against a zero-click exploit is a significant challenge because the threat is invisible and bypasses all user action. However, security experts recommend a few proactive steps: