Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
International Cyber Digest Profile picture
@IntCyberDigest
Feb 19 3 tweets 2 min read Read on X
‼️ BREAKING: Researchers have uncovered secret AI surveillance projects linked to KYC provider Persona and OpenAI, sending user data to the US government.

Code references include intelligence program codenames "Project SHADOW" and "Project LEGION."

Analysis of source code revealed OpenAI's user verification systems includes biometric tracking, facial scanning, political screening, and intelligence reporting.

Researchers also discovered ONYX on Persona's government server — matching ICE's $4.2M AI surveillance tool — which scrapes social media and the dark web, builds digital footprints, tracks emotional sentiment, assigns risk scores across 300+ platforms and 28B+ data points, and flags individuals for "violent tendencies."

None of it was hidden. It was all internet-facing.Image
Image
Here is a list of some of Persona's customers:
- OpenAI (ChatGPT)
- Discord
- LinkedIn
- DoorDash
- Etsy
- Brex
- Coursera
- Carahsoft
- Swan Bitcoin
- Mercury
- Wealthsimple
- Branch
- WeTravel
- Grailed
- Eaze
- Stifel Financial Corp
- First Republic
- Fire & Flower Holdings
- Serviap Global
The researchers writeup can be found here: vmfunc.re/blog/persona

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with International Cyber Digest

International Cyber Digest Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @IntCyberDigest

International Cyber Digest Profile picture
Feb 1
‼️ Meet the personal hacker who worked for Epstein

His name was redacted, but based on what was previously known:
👉 Sold his company to CrowdStrike in 2017
👉 Took a VP role at the company after the acquisition
👉 Born in Calabria

We can now confirm he is Vincenzo Iozzo. Image
Image
His LinkedIn shows his company "Iperlane" was sold to CrowdStrike and that he was also a board member of Black Hat, hence he invited Jeffrey to join him at Black Hat.

He is currently CEO of SlashID and likes to post about Shinyhunters on LinkedIn. Image
Image
Image
Image
He is also one of the authors of iOS Hacker's Handbook. Image
Read 4 tweets
International Cyber Digest Profile picture
Jan 23
‼️A security researcher from Australia built a mass surveillance tool by scraping Waze reports and tracking the users behind them

He successfully linked usernames to real-world identities, allowing him to pinpoint where individuals live and work.

Waze has since responded by removing the feature that exposed usernames.Image
Image
Image
Image
He was able to deanonymize custom usernames by using OSINT tools.Image
Image
After he has a username he can plot it on a map an see where that user has been it's entire lifetime. Leading to the disclosure of:
- The general area where they likely live (cluster of morning reports.
- The area where they likely work (cluster of daytime reports)
- Their regular commute routes
- Their approximate scheduleImage
Read 4 tweets
International Cyber Digest Profile picture
Jan 2
‼️A German hacker known as "Martha Root" dressed as a pink Power Ranger and deleted a white supremacist dating website live onstage

This happened during the recent CCC conference.

Martha had infiltrated the site, ran her own AI chatbot to extract as much information from users as possible, and downloaded every profile. She also uncovered the owner of the site. She has published all of the data.
I found this video of “Marta Root” on her YouTube channel explaining what she did.
A chart showing where users of the white supremacist dating site come from. Image
Read 7 tweets
International Cyber Digest Profile picture
Dec 7, 2025
❗️On 11 July 2024, Belgian police found a dead body on a forest trail.

Initially, they thought it was suicide, but forensic investigation indicated homicide.

The suspected murderer was arrested and later released. He was using a GrapheneOS phone, which he claims did not work as intended.

He says he gave the duress PIN, but the device did not wipe itself, allowing law enforcement to access his data.Image
One year later, the suspect is summoned to appear at the police station in Antwerp, Belgium, on suspicion of premeditated murder. Image
Using the dates of the premeditated murder in the document he shared, we were able to find and confirm that this is the case. Image
Read 12 tweets
International Cyber Digest Profile picture
Dec 5, 2025
‼️🇮🇱 Smartphones worldwide were silently infected with Israeli malware via malicious ads

Simply viewing their ads was enough to get infected.

Surveillance company Intellexa gained full access to cameras, microphones, chat apps, emails, GPS locations, photos, files, and browsing activity.Image
Internal leaked company documents, sales and marketing materials, as well as training videos from the “Intellexa Leaks” investigation provide a never-before-seen glimpse into the internal operations of a mercenary spyware company focused on exploiting vulnerabilities in mobile devices to enable targeted surveillance attacks on human rights defenders, journalists, and members of civil society.Image
In an attempt to hide the spyware operator's identity, all data is relayed through a chain of anonymization servers called the “CNC Anonymization Network.”

Since the spyware relies on browser exploits, the operator must trick the victim into opening the malicious link; if the link is not opened, infection fails.

Each time a one-click attack link is sent, it risks exposing the operator, as a suspicious target may share it with forensic experts, revealing the attack and potentially the operator.Image
Read 8 tweets
International Cyber Digest Profile picture
Dec 4, 2025
‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities.

He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.
He wanders around the web sending messages to people like "I’d like to offer your an opportunity that I think could be interesting.".. Turns out @MauroEldritch likes opportunities. Image
Aaron then asks the "legit" worker to download AnyDesk.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(