Here's the prompt that landed this morning — a media report claims the Pentagon raised Israel to the highest tier on its counterintelligence threat assessment. The Israeli embassy immediately called it fake news, though some US sources seemed to corroborate it early on. And the question Daniel's asking isn't really about whether that specific document leaked. It's bigger: do counterintelligence agencies actually rank threats from specific nations? If so, how high would you expect an ally to land? And honestly — if allies spy on each other all the time, does the word "ally" even mean anything in intelligence, or is the whole concept just diplomatic theater?
That last question is the one that makes this episode. Because the answer — spoiler — is that "ally" in intelligence is about as binding as a handshake at a poker table. But let's start with the mechanics, because the leak itself is almost a distraction.
So step back from the headline. What actually is a counterintelligence threat assessment?
It's the process by which an agency evaluates the risk that a foreign entity will conduct espionage, influence operations, or sabotage against them. And it's not some vague gesturing — these are structured, tiered frameworks. Typically you'll see levels like low, moderate, high, critical. The Defense Counterintelligence and Security Agency, the DCSA, manages background checks and threat assessments for over one point five million cleared personnel in the US. They don't guess.
Score on what?
Three main axes: capability, intent, and historical activity. Capability means — do they have the technical and human assets to pull something off? Intent means — is their strategic posture such that they'd want to? And historical activity means — have they done it before? That third one is where allies get into trouble, because the record is long.
Capability plus intent plus track record. And diplomatic relations aren't in the formula.
And that's the core misunderstanding most people have. They assume "ally" — which is a diplomatic and sometimes military label — translates to "low threat" in counterintelligence. It doesn't. In fact, allies often score higher on capability and opportunity precisely because they have access. You invite them into your facilities. You share your signals intelligence. You co-locate personnel. That access is the very thing that makes the threat elevated.
Because the fox isn't just near the henhouse — you gave it a keycard.
And Israel is a textbook case. Mossad is consistently ranked among the top three intelligence agencies globally in capability, alongside the CIA and MI6. Shin Bet handles domestic security at a level that most Western agencies envy. Aman, their military intelligence directorate, is deeply embedded in operational planning. So on the capability axis, Israel scores near the top. On intent — well, Israel has strategic interests that sometimes diverge from American ones, particularly around Iran policy, Palestinian issues, technology transfer. And on historical activity, we have receipts.
Let's go there.
Nineteen eighty-five. Pollard was a US Navy intelligence analyst. He passed thousands of classified documents to Israel — satellite imagery, technical manuals, assessments of Soviet air defenses. He was caught, convicted, sentenced to life in prison. Served thirty years before release on parole. And the scale of what he handed over was enormous — reportedly enough material to fill a small room.
The Israelis initially claimed he was part of a rogue operation, then later acknowledged him, granted him citizenship, lobbied for his release for decades.
Which sends a very specific signal to counterintelligence analysts. It says: the operation may have been embarrassing, but the state ultimately embraced the asset. That's not how you convince a threat assessor to lower your score. And Pollard wasn't a one-off. Ben-Ami Kadish in the nineteen eighties — another American who passed nuclear and military secrets to Israel. More recently, there have been allegations of Israeli intelligence gathering on US deliberations around the Iran nuclear deal.
The twenty fifteen negotiations.
When the Obama administration was negotiating the JCPOA, Israeli intelligence reportedly spiked its collection efforts against US negotiating positions. And this gets to something structural — when an ally disagrees with you on a high-stakes policy issue, the incentive to spy skyrockets. Not to harm you, but to gain leverage. To know what you're going to say before you say it.
Which is still espionage.
Which is still espionage. And it's not just Israel. The Snowden disclosures in twenty thirteen revealed the NSA monitored German Chancellor Angela Merkel's personal phone. Germany — a NATO ally, one of America's closest European partners. And the US wasn't just listening in on her conversations; they were targeting her personally.
That one caused a genuine diplomatic crisis. Merkel said — and I remember this line — "spying among friends is never acceptable.
She said that publicly. Privately, German intelligence almost certainly does the same thing. The BND, Germany's foreign intelligence agency, has been caught targeting friendly governments. In twenty fifteen, it came out that the BND had spied on French officials, the European Commission, and even the Vatican — all at the NSA's request in some cases. So the line between ally and target is porous in both directions.
There's a phrase I've heard you use — "the ally myth.
And I want to be precise about what I mean. The myth isn't that alliances exist. The Five Eyes exists. Joint military exercises happen. Intelligence sharing happens. The myth is that "ally" is a binary — you either are one or you aren't — and that being an ally means you're exempt from counterintelligence scrutiny. Neither is true.
Unpack the binary point.
Alliance in intelligence is a spectrum. It's compartmentalized. Even within Five Eyes — the US, UK, Canada, Australia, New Zealand — there are tiers of access. The US doesn't share nuclear submarine propulsion technology with any of them. The UK doesn't share certain GCHQ sources with Canada. Australia has its own red lines around signals intelligence from Southeast Asia. So even inside the world's most integrated intelligence alliance, there are no-go zones.
Five Eyes has a formal no-spy agreement, doesn't it?
The UKUSA Agreement, originally signed in nineteen forty-six, includes a provision that the parties won't spy on each other. But — and this is where it gets interesting — that agreement has been violated in practice. In two thousand nine, during the G20 summit in London, the UK's GCHQ monitored the communications of allied delegations. And they did it at the request of the United States.
The US asked the UK to spy on allies at a summit the UK was hosting?
The targets included Turkey and South Africa — both NATO partners or close allies in other frameworks. The operation involved keylogging software, intercepting phone calls, monitoring email traffic. And it was all done under the umbrella of "we're not spying on each other, we're just helping our ally spy on our other allies.
That's a beautiful piece of legalism. "We're not spying on you. Our friend is spying on you through us.
This is why the threat assessment framework matters. Because a counterintelligence analyst looking at the G20 operation wouldn't say "well, the UK and US are allies, so this doesn't count." They'd log it as evidence of capability and intent. They'd note that GCHQ has the technical means to intercept allied communications at scale. They'd note that the US was willing to route collection through a partner to maintain deniability. Those data points feed the threat score.
Let's talk about how these scores are actually built. You mentioned the DCSA. What's the actual process?
The FBI's Counterintelligence Division and the DCSA work together on this. They pull from multiple streams — signals intelligence, human intelligence, open-source analysis, and liaison reporting. Liaison reporting is the tricky one, because it's intelligence shared by partner agencies. If Mossad shares a report with the CIA about, say, Hezbollah activity, that's liaison reporting. But the counterintelligence analyst has to ask: is this report complete? Is there something Mossad is holding back? Is there a parallel Israeli operation they're not telling us about?
The same channel that makes them an ally — intelligence sharing — is also a vector for counterintelligence concern.
Trust but verify. Except in intelligence, the "verify" part is a full-time job for thousands of people. And the verification itself can look like spying. If the US runs a surveillance operation to confirm that Israel isn't running an undisclosed operation on US soil, that's counterintelligence. From Israel's perspective, it might look like the US is spying on an ally. Both perspectives are correct.
Let's go back to the Pollard case for a minute, because I think it illustrates something about how threat assessments aren't static.
They're dynamic. That's key. After Pollard was caught in nineteen eighty-five, you can bet Israel's counterintelligence threat score spiked. But it didn't stay there permanently. Over time, as both governments implemented new safeguards — and as the strategic relationship deepened — the score likely moderated. Then something else happens — say, allegations of Israeli intelligence gathering on Iran negotiations — and it ticks up again.
The current leak, if it reflects anything real, might be a snapshot. A temporary elevation, not a permanent reclassification.
That's my read. And the Israeli embassy's denial is interesting in this context. Even if the specific document is fabricated, the fact that it's plausible tells you something. The US almost certainly has a threat assessment for Israel. It's almost certainly higher than the public would assume. The denial isn't really about whether such an assessment exists — it's about the diplomatic embarrassment of it leaking.
The denial is itself a signal.
It says: "We know this system exists, we know we're in it, and we need our relationship with the US to appear frictionless." That's not a denial of the underlying reality. It's a denial of the framing.
There's another dimension here that I want to pull on.
The twenty twenty-one Pegasus scandal is a perfect case study in how allied counterintelligence threats have evolved. NSO Group, an Israeli company, developed spyware that could infect a phone without the user clicking anything — zero-click exploits. Their tools were sold to multiple governments, some of which used them to target US diplomats, journalists, and human rights activists.
The Israeli government's role?
NSO is a private company, but its exports are regulated by Israel's Ministry of Defense. The government knew who was buying Pegasus and broadly what it could do. So from a US counterintelligence perspective, you have an ally whose domestic industry is producing tools that are being used against your personnel. That's not a traditional state-on-state espionage threat, but it absolutely factors into the threat assessment.
Because the capability is Israeli, even if the end user is, say, a Gulf state.
And this blurs the line between state and non-state threats in a way that makes counterintelligence harder. If Morocco uses Pegasus to spy on a French official, is that a Moroccan threat, an Israeli threat, or both? The answer is: the threat assessor has to account for all of it.
I want to pivot to something the prompt raises implicitly. If allies spy on each other routinely — and we've established they do — is the term "ally" in intelligence just a polite fiction?
I don't think it's a fiction. I think it's a different category than what diplomats mean. In diplomacy, an ally is a country with which you have formal mutual defense commitments and broadly aligned interests. In intelligence, an ally is a country with which you have structured sharing agreements and some degree of mutual trust. But that trust is always bounded. It's always contingent.
Bounded and contingent. So what's the boundary?
Intelligence alliances exist because they're useful. The Five Eyes exists because five countries decided they'd get more value from pooling signals intelligence than from hoarding it separately. But each member retains a veto over sharing their own intelligence. And each member runs counterintelligence operations against the others — defensively, to verify that the sharing agreements aren't being abused.
It's not "I trust you." It's "I trust that it's in your interest to cooperate with me.
And the moment that calculus changes — the moment a partner decides it's more in their interest to withhold, to deceive, or to collect unilaterally — the alliance framework doesn't prevent that. It just makes it more embarrassing when it comes out.
Which brings us to the question of how the public should interpret these leaks. Because the cycle is predictable. A document leaks. A government denies it. The media reports "competing claims." And everyone moves on without asking what the leak reveals about the system.
There's a heuristic I find useful. Call it the plausibility heuristic. When an intelligence-related leak surfaces, don't just ask "is this specific document real?" Ask "could this be true, given what we know about how these agencies operate?" If the answer is yes — and in this case, given the Pollard history, the Pegasus situation, the Snowden revelations about Merkel, the G20 operation — the answer is absolutely yes — then the leak has informational value even if the document itself is forged.
Because the system it describes is real.
A fake document describing a real system is still revealing. It tells you what the forger thought was plausible. And if the forger is good — if they understand the institutional logic — their fake will track reality closely.
The best disinformation is true in every detail except the one that matters.
That's why threat assessments themselves are so sensitive. They're not just bureaucratic paperwork. They're a map of where an agency sees vulnerability. If that map leaks, it tells adversaries — and allies — exactly where the gaps are.
Let's talk about the Israel-specific dynamics a bit more. You mentioned Mossad's capability. What makes them so effective?
A few things. They have a culture of operational risk-taking that most Western agencies don't. They have deep human intelligence networks throughout the Middle East and North Africa. They benefit from a highly technically educated population and close ties between the intelligence community and the tech sector — Unit 8200, their signals intelligence unit, is basically a feeder for Israeli startups. And they have a very clear sense of national priorities. Collecting against Iran's nuclear program, for example, is an existential mission in a way that most Western intelligence targets aren't.
Israel's intent to collect against the United States is not symmetrical to, say, China's or Russia's. China wants to steal technology and shift the global balance of power. Russia wants to undermine American influence and exploit divisions. Israel wants specific things — insight into US policy on Iran, on arms sales to Arab states, on diplomatic initiatives that affect Israeli security. The intent is narrower, but it's real.
The historical activity is documented.
Beyond Pollard and Kadish, there was the Franklin affair in two thousand four — a Pentagon analyst who passed classified information on Iran to two pro-Israel lobbyists, who then shared it with an Israeli diplomat. There have been allegations of Israeli industrial espionage targeting US defense contractors. There was a case in twenty nineteen where a former US Navy engineer was caught trying to sell nuclear submarine secrets — and the FBI's counterintelligence operation in that case involved a fake foreign agent, which tells you how these threat assessments drive operational responses.
If I'm an analyst at the DCSA or the FBI's Counterintelligence Division, and I'm looking at Israel, I'm seeing high capability, moderate but focused intent, and a documented history of collection against US targets. That's not a low-threat profile.
It's not. And again, that doesn't mean Israel is an enemy. It means the analyst is doing their job. The threat level reflects the risk, not the relationship.
Which is a distinction most public discourse completely misses.
Because most public discourse treats "threat" as a synonym for "enemy." In counterintelligence, a threat is just a risk vector. Your friendly neighbor who leaves his door unlocked is a threat to your home security — not because he's going to rob you, but because his negligence makes your house more vulnerable. Allies are threats because their access makes you more vulnerable. It's not a value judgment.
Although sometimes it is. The Merkel phone tap wasn't just access — it was deliberate collection against a friendly head of state.
That's where the value judgment creeps in. When the NSA targeted Merkel, they made a calculation: the intelligence value of her communications outweighed the diplomatic cost if it were discovered. That's a cold, instrumental calculation. It treats an ally as a target. And that's exactly what counterintelligence threat assessments are designed to anticipate — not just from adversaries, but from anyone with the means and motive.
The counterintelligence analyst has to think like a spy, but also like a diplomat, and also like a game theorist.
They have to update constantly. Threat levels aren't static. An election changes a country's leadership, and suddenly the intent calculus shifts. A new technology — like Pegasus — creates a capability that didn't exist before. A diplomatic crisis raises the incentive to collect. The assessment is a living document.
Which is why the leak, if it reflects a real elevation, might be tied to something specific. A recent operation that was detected. A policy disagreement that raised tensions. A new Israeli collection capability that US counterintelligence became aware of.
Or it could be a routine update that looks dramatic out of context. If Israel moved from "moderate-high" to "high" on some subcategory, and someone leaked that without the nuance, it reads as a crisis. When in reality, these assessments are adjusted all the time.
The bureaucracy of threat assessment is less exciting than the headline.
But it's also more important, because it's the bureaucracy that drives resource allocation. If Israel's threat level goes up, more counterintelligence resources get directed at Israeli liaison channels. More scrutiny on dual-citizen personnel. More monitoring of Israeli diplomatic personnel in the US. These are real operational consequences.
The Israelis know this — which is why they denied the leak so forcefully. It's not just about embarrassment. A elevated threat level has practical costs for them.
It affects how freely their intelligence officers can operate in the US. It affects how much access they get to US facilities and personnel. It affects the tone of liaison meetings. The denial is damage control.
Let's widen the lens. If the US and Israel — two countries with an extraordinarily close intelligence relationship — can't fully trust each other, what does that say about the broader alliance system?
It says that "ally" in intelligence is always transactional. The question isn't "do we trust them?" The question is "what is the basis for our cooperation, and what are the limits?" For the Five Eyes, the basis is shared signals intelligence and a common language, literally and culturally. The limits are national caveats and domestic legal constraints. For Israel and the US, the basis is shared strategic interests in the Middle East. The limits are diverging views on Iran, on Palestinian statehood, on technology transfer.
The alliance is real, but it's contingent. It's not a marriage. It's a series of transactions.
A marriage with a prenup that gets renegotiated constantly.
Both sides have private investigators on retainer.
And I think this is where the public conversation tends to get stuck. People want alliances to be either sacred or meaningless. The reality is neither. They're functional. They work until they don't. And counterintelligence threat assessments are one of the tools that help agencies figure out when "until they don't" might be approaching.
What should someone in tech or policy take away from this, practically?
First, understand that threat assessments are operational tools, not political statements. If you see a leak showing an ally at a high threat level, don't read it as "the US thinks Israel is an enemy." Read it as "the counterintelligence apparatus has identified specific risk factors and is allocating resources accordingly." That's the agency doing its job.
Second takeaway — when you see a denial, ask what's being denied. The Israeli embassy said the leak was fake news. But are they denying that the US has a threat assessment for Israel at all? Almost certainly not, because that would be absurd. They're likely denying the specific tier, or the framing, or the fact of the leak itself. The denial is narrow, even if it sounds broad.
Third — pay attention to the gap between diplomatic rhetoric and intelligence reality. Governments say "unshakeable alliance" in press conferences while their agencies are running collection operations against each other. Both things can be true. The rhetoric serves one function — public reassurance, deterrence, alliance management. The operations serve another — information advantage, risk mitigation, leverage. They're different games with different rules.
The press conference is the trailer. The operations are the movie.
Counterintelligence threat assessments are the studio notes.
That's a good line. So where does this go in the future? You mentioned AI-powered intelligence analysis earlier.
This is the next frontier. As intelligence agencies adopt machine learning tools for threat assessment, the process becomes more granular and more dynamic. Instead of quarterly or annual updates to threat levels, you could have near-real-time adjustments based on signals — a detected anomaly in liaison reporting, a spike in suspicious travel patterns, a change in the behavior of known foreign intelligence officers.
Which sounds like it would make allied espionage easier to detect.
In theory, yes. Pattern recognition at scale should catch anomalies faster. But it also creates a new problem — diplomatic management. If an AI system flags an ally's behavior as threatening in real time, and that triggers an operational response, and then it turns out to be a false positive, you've just damaged an alliance over a machine learning artifact. The speed of detection might outpace the speed of diplomatic judgment.
The technology amplifies both the capability and the risk.
It makes the threat assessments themselves more volatile. Imagine a dashboard where an ally's threat score fluctuates day to day based on incoming data. That's useful for operators, but it's a diplomatic nightmare if it leaks. Which it will.
Everything leaks eventually.
Which is why the plausibility heuristic matters. The next time you see a leaked intelligence document — and there will be a next time — the question isn't "is this real?" It's "what system does this reveal, and what does it tell us about how these agencies think?
The leak is the story. But the system is the story behind the story.
That system, for all its flaws, is doing something essential. It's trying to map risk in a world where the line between friend and foe is never as clean as the speeches suggest.
Where does that leave us on the original question? Is "ally" in intelligence a myth?
I'd say it's not a myth — it's a tier. A set of permissions and constraints. An ally in intelligence is a country you've decided to trust in specific ways, for specific purposes, with specific safeguards. It's not a blank check. It's not a friendship bracelet. It's a structured relationship built on mutual self-interest, and it's always subject to verification.
The verification looks an awful lot like spying.
Because sometimes it is.
The next time a government says "we don't spy on our allies," the accurate translation is "we don't call it spying when we do it to our allies.
Or "we don't call them allies when we're spying on them." The label shifts to fit the operation.
That's a chilling way to end, but it's also probably the most honest.
Intelligence isn't a warm business.
And now: Hilbert's daily fun fact.
Hilbert: In the eighteen-tens, a French naturalist's manuscript on the mollusks of West Africa contained a hand-drawn footnote describing a seamount snail found only on a single submerged peak off the coast of what is now Niger — despite Niger being entirely landlocked. The snail, the author speculated, had been carried inland by a bird and dropped in the manuscript itself as a specimen, glued to the page with tree resin. The snail is still there.
The snail is in the book. But not in Niger.
Which is probably for the best, given the geography.
This has been My Weird Prompts. Our producer is Hilbert Flumingtop. If you want more episodes, you can find us at myweirdprompts dot com or wherever you get your podcasts. We'll be back next week.
