Governments around the world are increasingly enhancing their digital monitoring capabilities. The integration of AI-driven surveillance, biometric data collection, and commercial spyware is fundamentally altering how states observe both citizens and visitors. This shift is becoming a focal point for security experts and human rights advocates globally.
An extensive study examining 193 countries reveals that digital surveillance by governments poses a high or very high risk in 31 nations. State authorities are leveraging telecommunications infrastructure, deploying commercial spyware, and utilizing AI technologies to monitor foreign nationals, often with minimal legal oversight. In addition, 55 countries classified as medium-risk are employing surveillance against political adversaries, journalists, and activists.
Escalating Threats from AI Surveillance
Recorded Future analysts have identified five primary categories of surveillance capabilities: network interception, endpoint compromise, platform-level access, public space surveillance, and data aggregation. The Insikt Group underscores that the potential for misuse is significantly higher in nations lacking independent oversight.
For foreign nationals and business travelers, the risks are particularly pronounced in high-risk regions. The potential threats include theft of sensitive corporate information, loss of intellectual property, reputational harm, and in severe cases, physical detention due to intelligence gathered digitally. Insikt Group highlights that unprepared travelers entering certain countries could endanger themselves and their organizations.
Biometric Data and Predictive Policing
The proliferation of commercial spyware, AI technologies, and expanding biometric databases is intensifying the threat landscape. By April 2026, the United Kingdom reported that approximately 100 countries had acquired commercial spyware, indicating a significant reduction in barriers to state-level intrusion. Without robust global oversight, individuals and organizations remain increasingly vulnerable.
AI-driven public surveillance has become a cornerstone of governmental monitoring in authoritarian regimes. Numerous Safe City projects, primarily constructed with equipment from Chinese tech companies, integrate facial recognition and license plate scanning across cities in Africa, Central Asia, and Eastern Europe. Following protests in Turkey in March 2025, authorities utilized AI facial recognition to identify and arrest demonstrators shortly after the events.
Commercial Spyware and Device Compromise
Governments are also employing endpoint tools that directly compromise personal devices. Between 2024 and 2026, Insikt Group discovered that at least 16 countries used Predator or Candiru spyware against journalists and civil society members. In February 2026, Amnesty International confirmed that Predator targeted an Angolan journalist, marking the first forensically verified case against Angolan civil society.
Custom state-developed malware presents additional challenges due to its stealth. Leaked data from Chinese company Knownsec exposed GhostX, a Windows-based remote access trojan capable of screen monitoring, keystroke logging, and password extraction. Belarus’s KGB has been associated with ResidentBat, active since at least 2021, used to extract call logs and stored files from detained activists.
To mitigate exposure, Insikt Group advises travelers to very high-risk nations to use only sterile devices enclosed in a Faraday bag. For high-risk areas, they recommend employing a VPN, performing pre-departure firmware updates, and utilizing end-to-end encrypted applications. In medium-risk regions, maintaining updated applications, avoiding politically sensitive content, and enabling strict social media privacy settings offer a solid foundation for protection.
