100 COUNTRIES NOW HAVE CYBER INTRUSION SOFTWARE

According to UK intelligence officials, the proliferation of commercial spyware represents a growing security threat. Pegasus, the NSO Group's flagship surveillance tool, exemplifies the type of software now accessible to state actors across the globe. The assessment suggests that barriers to obtaining such technology have eroded significantly. What once required substantial technical expertise and resources is now available through commercial channels, lowering the threshold for nation states seeking cyber capabilities. Pegasus gained international attention following revelations about its use against journalists, human rights activists, and political figures. The software exploits mobile device vulnerabilities to extract data, capture communications, and activate device cameras and microphones. The GCHQ's estimate reflects broader concerns about the militarization of cyber tools. As more countries obtain intrusion software, the potential for coordinated attacks, espionage campaigns, and destabilization efforts increases. Intelligence agencies worldwide have flagged the concentration of such capabilities among state and non-state actors. The proliferation has prompted calls for stricter regulation of the commercial surveillance industry. Several countries have already restricted or banned the export of cyber intrusion technology, though enforcement remains inconsistent. With approximately 195 nation states in existence, GCHQ's figure indicates that roughly half have acquired such capabilities. The estimate underscores the dual-use nature of cybersecurity tools—technologies developed for defensive purposes increasingly serve offensive applications. The spread of these tools complicates international cyber governance and raises questions about attribution in cyberattacks. When intrusion software becomes widely available, determining which state actor conducted an operation becomes significantly more difficult.