The contemporary landscape of global finance is increasingly underpinned by a sophisticated layer of technological infrastructure that transcends simple transactional utility. For a multinational corporation of the scale and influence of American Express (Amex), the selection of digital vendors, cybersecurity protocols, and cloud architectures is a strategic process that inevitably intersects with geopolitical realities. This technographic audit examines the specific technological components of the American Express ecosystem to identify material and ideological links to the Israeli state, its military-intelligence apparatus—specifically Unit 8200—and the broader systems of surveillance and territorial control that characterize the ongoing occupation and militarization in the region. By documenting the “Unit 8200” stack, behavioral biometric implementations, and major digital transformation projects, this report provides the foundational data necessary for evaluating the company’s digital complicity.
The primary vector through which Israeli military-intelligence expertise is integrated into the American Express enterprise is the cybersecurity stack. A significant portion of the critical security vendors utilized by Amex are either headquartered in Israel, founded by veterans of the IDF’s elite Unit 8200, or led by individuals with deep ties to the Israeli national security establishment.1 Unit 8200, responsible for signal intelligence and code decryption, functions as a premier incubator for high-tech firms that monetize military-grade surveillance and defensive techniques for the global market.1
American Express maintains a foundational reliance on CyberArk for its Privileged Access Management (PAM) requirements. The origins of CyberArk are inextricably linked to the Unit 8200 pipeline; its founder, Alon Cohen, conceived the company’s core technology while serving in the unit and later developed it into the industry standard for securing “privileged” or administrative accounts.1 In the context of American Express, CyberArk is deployed to secure high-value administrative credentials across a hybrid environment that includes on-premises servers, cloud workloads, and SaaS applications.4
The implementation of CyberArk at American Express involves a complex architecture designed to manage the entire identity security lifecycle. This includes the deployment of the Secure Digital Vault, which serves as a hardened repository for credentials, and the Central Policy Manager (CPM), which automates the rotation and management of passwords to prevent credential-based attacks.6 The “Identity Security” platform offered by CyberArk has expanded through strategic acquisitions, such as Venafi in late 2024 for $1.54 billion to bolster machine identity management, and Zilla Security in 2025 to enhance modern identity governance.4 For American Express, this means the very architecture of internal trust—determining who has access to the most sensitive financial data—is built upon technology developed within the Israeli intelligence ecosystem.1
| Vendor | Functional Role | Israeli Connection / Unit 8200 Origin | Complicity Indicators |
|---|---|---|---|
| CyberArk | Privileged Access Management (PAM) | Founded by Alon Cohen (Unit 8200) 1 | Core technology developed within military-intelligence framework; recruits 8200 alumni.4 |
| Check Point | Firewall, SASE, Network Security | HQ in Tel Aviv; CEO Nadav Zafrir 9 | Major provider to Israeli Ministry of Defense; founded by 8200 veterans.2 |
| SentinelOne | AI-powered Endpoint Protection (EDR) | Founded by Tomer Weingarten and Almog Cohen (Israel) 10 | Significant R&D in Tel Aviv; protects the “Checkout Line” and retail environments.11 |
| Wiz | Cloud Security Posture Management (CSPM) | Founded by Assaf Rappaport and 8200 team 12 | Rapidly scaling “unicorn” with deep ties to the Israeli defense tech ecosystem.12 |
| Leadspace | Customer Data AI / Analytics | Israeli-founded; raised funds from JVP 13 | Clients include Amex; utilizes AI models forged in the Israeli tech hub.13 |
The network security perimeter of American Express is heavily fortified by Check Point Software Technologies. Check Point is not only an Israeli tech pioneer but also a strategic partner for American Express in maintaining its Payment Card Industry Data Security Standard (PCI-DSS) compliance.14 The 12 primary requirements of the PCI-DSS standard, which American Express co-founded, demand the installation and maintenance of firewall configurations to protect cardholder data.14 In many hosted and enterprise environments, these firewall solutions are powered by Check Point, providing high-performance, enterprise-grade protection that is monitored 24/7 by security engineers.14
Check Point’s CEO, Nadav Zafrir, represents a direct link to the highest levels of the Israeli military-intelligence hierarchy, having served as the head of Unit 8200.9 The company’s “Infinity” portfolio, including its Harmony SASE and Enterprise Browser offerings, is designed to provide unified security across branch offices, data centers, and mobile users.9 By standardizing its security requirements around tools that Check Point provides, American Express facilitates a continuous revenue stream into an organization that is a central pillar of the Israeli defense economy.2 This creates a causal relationship where the financial security of American Express cardholders is inextricably linked to the commercial success of an Israeli defense contractor.9
American Express has integrated SentinelOne into its security stack to provide autonomous, AI-driven endpoint protection, detection, and response (EDR).12 SentinelOne’s Singularity platform is utilized to protect millions of endpoints globally, using machine learning and behavioral analysis to identify and mitigate threats in real-time without human intervention.18 While headquartered in the United States, SentinelOne maintains a dominant presence in the Israeli R&D landscape, with major offices in Tel Aviv that leverage the specialized talent pool emerging from the IDF’s technical units.11
The “Purple AI” and “Singularity Identity” modules are specifically marketed toward large financial institutions and retailers to protect the “checkout line,” a critical area for American Express’s merchant network.12 The company’s growth in high-value customers—those generating over $100,000 in Annual Recurring Revenue—has been significant, reaching over 1,400 customers by early 2025.10 The adoption of SentinelOne by American Express represents a shift toward “autonomous” security models that are inherently reliant on AI training data and methodologies developed in the Israeli tech ecosystem.12
The audit of American Express reveals a sophisticated implementation of biometric and surveillance technologies that go beyond traditional security measures. These tools, largely originating from the Israeli tech sector, focus on the “behavioral” and “cognitive” monitoring of users, creating a persistent layer of digital surveillance.
A critical component of American Express’s fraud prevention strategy is its strategic investment and partnership with BioCatch. Founded in Israel in 2011 by veterans of Unit 8200, BioCatch specializes in behavioral biometrics, a technology that monitors how a user interacts with a device rather than what they know or possess.1 The BioCatch “Fraud & AML Platform” analyzes over 3,000 physical and cognitive behavioral patterns, including mouse movements, typing speed, touch pressure, and even “hesitation” or “segmented typing”.19
This technology is used by American Express and over 30 of the world’s 100 largest banks to create unique identity profiles for 406 million people worldwide.19 The system monitors approximately 10.8 billion user sessions per month, identifying anomalies that might indicate a transaction is being conducted under the influence of a cybercriminal or through a “mule account”.19 The second-order implication of this technology is the normalization of invisible, real-time surveillance of millions of financial consumers. The data used to train these models is often rooted in the same pattern-recognition methodologies used in military signal intelligence to identify “anomalous” human movement in tactical environments.1
American Express Ventures has also invested in EverC (formerly EverCompliant), a Tel Aviv-based firm that provides AI-driven risk management for the e-commerce ecosystem.19 EverC’s primary focus is the detection of “transaction laundering,” where illicit actors use legitimate merchant accounts to funnel illegal funds.19 The company’s MerchantView and MarketView platforms utilize machine learning and a rules engine to scan the deep and dark web, analyzing billions of data points to identify high-risk merchants and illicit products.19
By utilizing and funding EverC, American Express participates in a global digital policing effort that relies on Israeli-developed data-mining and risk-intelligence capabilities. This partnership extends Amex’s reach into the monitoring of the global supply chain and digital marketplaces, ensuring that the “trust” in the Amex network is maintained through a surveillance apparatus that identifies and eliminates “hazardous” or “counterfeit” products before they reach the consumer.19
The “Retail Tech” dimension of American Express’s complicity is evidenced through the relationships between the card issuer, its major merchant partners, and Israeli surveillance firms. AnyVision (now rebranded as Oosto), a Holon-based startup founded by Unit 8200 alumni, has been at the center of controversy for providing facial recognition technology used by the IDF at West Bank checkpoints.20 Despite these reports, AnyVision successfully pivoted to the retail sector, with Macy’s—a significant partner for American Express—installing the system in its New York Herald Square flagship store and 15 other locations to combat organized retail theft.21
While American Express differentiates itself through “strong fraud protection” and “premium customer service,” its ecosystem relies on the stability of these retail environments.22 The use of Oosto’s facial recognition in a “small subset of stores with high incidences of organized retail theft” demonstrates how Israeli-developed surveillance tools, originally designed for military checkpoints, are repurposed for civilian “loss prevention” in the very spaces where Amex transactions occur.12 The alignment of Amex’s security interests with these surveillance-heavy retail environments indicates a high degree of indirect complicity in the proliferation of Israeli-originated biometrics.5
American Express is currently undergoing a multi-year digital transformation project, internally referred to as a “Project Future” initiative, which focuses on the total automation of its B2B payments and expense management systems. This project is characterized by an “extractive” model of innovation, where American Express acquires Israeli technical talent and IP to build its global platforms.
In early 2023, American Express reached an agreement to acquire Nipendo, an Israeli-based B2B payments automation firm.23 Nipendo’s cloud-based platform utilizes artificial intelligence, machine learning, and robotic process automation (RPA) to make source-to-pay processes “touch-free and error-free”.23 The platform was designed to work alongside existing systems, allowing customers to maintain their current payments infrastructure while benefiting from increased automation in accounts payable and receivable.24
American Express initially set up an “Amex Israel” R&D center based on the Nipendo team in Herzliya to integrate this technology into its global business payments network.23 However, by July 2025, American Express shuttered the local operation and laid off the entire workforce, estimated at several dozen employees, after the technology integration was deemed complete.25 This move reflects a strategic decision to harvest the technological expertise developed in Israel and internalize it into the US-based American Express ecosystem. The automated B2B payment rails that now drive Amex’s “differentiated offerings for businesses” are fundamentally built on Israeli code.23
Following the Nipendo integration, American Express completed the acquisition of “Center” in April 2025, a software company focused on modernizing expense management for small to medium-sized businesses.26 This acquisition aims to integrate Center’s expense management technology with Amex’s corporate and small business cards to deliver a “seamless card-based expense management platform”.26 This move is part of a broader strategy to create an “end-to-end B2B platform” that automates the entire process from program setup to point of spend and accounting.23
To execute these digital transformation projects, American Express partners with global integrators like Publicis Sapient and Adobe. Publicis Sapient, positioned as a “marketing transformation and digital business transformation” partner, helps Amex create “personalization at scale”.27 This involves the launch of solutions like “The Pact, Powered by Epsilon,” which guarantees digital marketing results based on performance indicators and optimizes solutions for credit and risk migration.27
The partnership between Publicis Sapient and Adobe is also significant for Amex’s “Amex Offers Digital Media” platform, which leverages extensive first-party data and Real-Time Customer Data Platform (CDP) collaboration.28 These partnerships enable American Express to operationalize the data insights generated by its Israeli-linked security and behavioral analytics stacks, turning surveillance data into “personalized engagement” and “measurable business outcomes”.29
The foundational layer of American Express’s digital presence is provided by the world’s largest cloud services: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. These companies are not only the primary cloud providers for American Express but also the key contractors for the Israeli government’s Project Nimbus.31
Project Nimbus is a $1.2 billion contract designed to move the Israeli government’s computational infrastructure onto the cloud servers of Google and Amazon.31 This project allows Israeli government agencies, security services, and military units to store and process vast quantities of data within local data centers built specifically for this purpose in Israel.31 The contract includes a “winking mechanism” (or “special compensation”), which requires the tech giants to send coded payments to the Israeli government if they are compelled by a foreign court to share data and are barred from revealing that action by a gag order.31
Furthermore, the Nimbus contract contractually forbids Google and Amazon from denying service to any Israeli government entity, including the military, even if company policies change or if the use of the technology violates their terms of service regarding human rights.31 The Israeli military has confirmed extensive use of the infrastructure set up through Nimbus, including the use of Google Cloud’s AI tools for automated image categorization and object tracking—tools that have been used to increase surveillance of Palestinians.31
The relationship between American Express and these cloud providers means that its global data operations are conducted through a shared infrastructure with the Israeli defense establishment. The “Pax Silica” partnership, a 2026 strategic framework between the US and Israel, further formalizes this integration.35 The partnership focuses on “securing critical technology frontiers” and integrating Israel’s research ecosystem as a “secure Pax Silica node”.35 This initiative involves joint research in AI, advanced computing, and semiconductors, aimed at enhancing security through technological superiority.35
For American Express, the implications of Pax Silica and Project Nimbus are clear: its cloud-based operations are part of a global regime where “corporate sovereignty” is subordinated to the strategic demands of the Israeli state.33 The data centers that house Amex’s financial records are built to the same strict security guidelines as those housing the IDF’s intelligence databases, creating a condition of structural complicity in the Israeli “data colonialism” project.33
Beyond technological procurement, American Express demonstrates complicity through its operational and financial policies, which often mirror the political and security objectives of the Israeli state.
In 2018 and 2020, American Express, alongside Visa and Mastercard, shut down online credit card donations for several Palestinian NGOs, including Al-Haq, the Union of Agricultural Work Committees (UAWC), and Samidoun.37 These actions were the result of intense lobbying by groups such as UK Lawyers for Israel (UKLFI) and the International Legal Forum, which presented evidence from reports released by the Israeli Ministry of Strategic Affairs.38
The “Terrorists in Suits” report, released by the Ministry of Strategic Affairs and Public Diplomacy in 2019, identified these NGOs as fronts for the Popular Front for the Liberation of Palestine (PFLP), a designated terror group in the US and Israel.38 By complying with these designations, American Express acts as a financial enforcer of the Israeli Ministry of Defense’s (IMOD) political strategies. This alignment shows how the Amex payment rail is used to isolate organizations that document human rights violations in the occupied territories, effectively silencing them through financial de-platforming.37
The presence of American Express in the domestic Israeli market is facilitated through “Poalim American Express,” a partnership with Bank Hapoalim.42 Bank Hapoalim is one of Israel’s largest banks and has been frequently targeted by the Boycott, Divestment, Sanctions (BDS) movement for its extensive financing of Israeli settlements in the West Bank.43 The bank provides the financial architecture for settlement construction, mortgages, and infrastructure development in occupied territory.43
Furthermore, Bank Hapoalim’s leadership has included individuals who simultaneously serve on the boards of American Express subsidiaries, such as Poalim American Express Ltd. and Isracard Ltd..42 This institutional overlap ensures that American Express’s brand and services are deeply integrated into the settlement economy. The revenue generated through Amex transactions in Israel flows through a bank that is a primary driver of territorial expansion, creating a high degree of material complicity in the maintenance of the occupation.43
The following table synthesizes the Core Intelligence Requirements investigated during this audit, documenting the specific technologies and partners that contribute to American Express’s digital complicity.
| Core Intelligence Requirement | Specific Entities / Projects | Mechanism of Complicity |
|---|---|---|
| The “Unit 8200” Stack | CyberArk, Check Point, Wiz, SentinelOne, Leadspace | Integration of military-origin security code and 8200 alumni leadership into core Amex infrastructure.1 |
| Surveillance & Biometrics | BioCatch, EverC, Oosto (AnyVision), Macy’s retail tech | Implementation of cognitive and behavioral biometrics for persistent user monitoring and alignment with physical surveillance.1 |
| Project Future | Nipendo, Center, Publicis Sapient, Adobe | Extractive acquisition of Israeli B2B payments IP and digitalization of financial transactions through Israeli R&D.23 |
| Cloud & Data Sovereignty | Project Nimbus (AWS/GCP), Pax Silica, Azure | Use of cloud infrastructure shared with the Israeli military and participation in US-Israel strategic AI frameworks.31 |
| Operational Policy | IMOD NGO De-platforming, Bank Hapoalim partnership | Enforcement of Israeli state designations on civil society and deep institutional links to settlement financing.38 |
The technographic audit of American Express reveals a fundamental paradox: the very technologies that ensure the security and efficiency of the global financial system are often the same tools used to maintain regimes of surveillance and territorial control. For American Express, the “Unit 8200” stack provides the industry’s most advanced defensive capabilities precisely because these tools were forged in the high-stakes environment of signal intelligence and cyber-warfare.1
However, this reliance creates a structural dependency that transcends simple procurement. By standardizing on CyberArk, Check Point, and SentinelOne, American Express becomes a principal financier of the Israeli defense-tech ecosystem.2 By acquiring Nipendo and setting up local R&D centers, it harvests the human capital generated by the Israeli military.23 And by aligning its financial enforcements with the directives of the IMOD, it participates in the geopolitical isolation of those who oppose the occupation.38
