Audit Phase: V-DIG Domain Intelligence Gathering
Target Entity: Subway IP LLC / Subway Restaurants (a Roark Capital Group portfolio company as of 2024)
Prepared: 2026-05-01
Methodological Note: All findings are drawn from identified primary and secondary sources as inventoried in the research memo. Where primary-source evidence is absent, this audit states “No public evidence identified.” No facts, relationships, contracts, or incidents have been invented. Live-web search was not available; all source verification is against training-data evidence cross-referenced against the source inventory.
The single most robustly documented Israeli-origin technology relationship within Subway’s enterprise stack is its payment-processing partnership with Adyen. In December 2019, Subway formally announced a partnership with Adyen to advance its payment experience across North American locations 1. Adyen — headquartered in Amsterdam — had previously acquired Israeli fintech startup Zooz in 2018 5. Zooz was founded in Tel Aviv and developed payment-routing optimisation technology, commonly referred to as “smart routing,” which dynamically selects payment processing pathways to improve authorisation rates and reduce processing costs. Following the acquisition, Adyen maintained the Tel Aviv operation as an active R&D office, described on its own careers pages as a continuation of the Zooz team 19. The practical consequence is that Subway’s transaction-routing logic for North American locations runs on infrastructure with code development and maintenance activities occurring at Adyen’s Tel Aviv R&D centre 519.
This relationship constitutes a critical operational dependency: payment processing is a core function for every Subway location, and the Adyen partnership covers the full North American estate 1. The relationship has been confirmed by primary corporate disclosure (a joint press release) and is assessed as ongoing as of the training-data cutoff.
Subway engaged Capgemini as a strategic digital transformation partner during its “Project Future” modernisation programme, an initiative announced in 2021 27. Capgemini published a client case study confirming the engagement, quoting Subway’s CIO directly and describing work on customer-facing digital channels, back-end systems, and brand technology infrastructure 2. The case study does not name specific security, cloud, or infrastructure vendors deployed by Capgemini within the engagement. Accordingly, the existence of this relationship is confirmed, but the possibility that it introduces Israeli-origin tooling through Capgemini’s own partner stack cannot be assessed from available public sources.
The prior-generation research for this audit (the Gemini/”Iron Sandwich” report) asserted relationships between Subway or its parent company Inspire Brands and several Israeli-origin cybersecurity vendors including Wiz 1314, SentinelOne 15, Check Point 16, Bionic.ai / CrowdStrike 4, and CyberArk 29. Each of these claims has been individually assessed:
Wiz: Wiz is an Israeli-founded cloud-native application protection platform (CNAPP), founded by alumni of Microsoft’s Israeli operations, which raised $1 billion in 2024 13 and agreed to be acquired by Google for $32 billion in 2025 14. The prior report’s basis for a Subway/Inspire Brands relationship with Wiz was a technographic aggregator page (Himalayas.app) rather than any primary corporate disclosure. Wiz has not published a comprehensive customer list. No primary-source evidence confirming Wiz deployment at Subway or Inspire Brands has been identified 28.
SentinelOne: SentinelOne was co-founded by Tomer Weingarten with significant Israeli organisational origins 15. The prior report cited an SEC EDGAR filing — the AMG Pantheon Master fund Schedule of Investments 10 — as evidence of a Roark Capital investment in SentinelOne. That document is a Schedule of Investments filed by a third-party multi-manager fund vehicle (AMG Pantheon), not by Roark Capital Group itself. Roark Capital, as a private equity firm, does not file public 13F disclosures in the standard sense. The AMG Pantheon filing shows that fund’s exposure to SentinelOne among hundreds of holdings across its portfolio. This does not establish that Roark Capital holds a direct investment in SentinelOne, nor that any contractual relationship exists between Subway and SentinelOne 1034. The prior report’s Roark–SentinelOne nexus claim is not supported by the cited primary source.
Bionic.ai / CrowdStrike: Bionic.ai is confirmed as an Israeli-founded application security posture management (ASPM) startup acquired by CrowdStrike in September 2023 for approximately $350 million 4. The prior report claimed Inspire Brands appeared on Bionic.ai’s pre-acquisition customer list. This assertion is plausible in form but cannot be confirmed from training-data primary sources. The Globes article confirming the acquisition 4 does not reference Inspire Brands as a customer.
Check Point: Check Point Software Technologies is a major Israeli-founded and Israeli-headquartered cybersecurity firm 16. The prior report claimed a relationship with Inspire Brands on the basis of a CFO Leadership Council conference citation. Training data does not contain a specific primary source confirming any Check Point–Inspire Brands or Check Point–Subway contractual or licensing relationship. No primary-source evidence identified.
CyberArk, NICE, Verint, Claroty, Palo Alto Networks: CyberArk 29, NICE 26, and Verint 25 are each Israeli-origin or Israeli-founded enterprise software companies with significant global market presence. No public evidence of Subway or Inspire Brands holding licensing, subscription, or deployment relationships with any of these vendors has been identified in training data.
NCR’s Aloha POS system is a widely deployed restaurant point-of-sale platform 33. NCR (now Shift4 / NCR Atleos / NCR Voyix following corporate restructuring) suffered a ransomware attack in April 2023 that caused significant outages to Aloha-dependent restaurant operators 11. NCR is a US-origin company. No Israeli-origin technology relationship is implicated by Subway’s use of POS infrastructure. The incident is noted as context for supply chain resilience assessment.
Subway’s loyalty programme, Subway MVP Rewards, is operated as a first-party programme 32. No public evidence has been identified of Israeli-origin analytics, CRM, or identity platforms underpinning the programme.
Roark Capital Group completed its acquisition of Subway in early 2024 for approximately $9.55 billion 622. Roark Capital is an Atlanta-based private equity firm that holds a diversified portfolio of franchise and consumer brands 17, including Inspire Brands (operator of Arby’s, Buffalo Wild Wings, Sonic, and others) 18. The technology ecosystems of Inspire Brands and Subway are structurally adjacent given shared ownership, but no evidence of a consolidated or unified technology stack between the two entities has been identified in primary sources.
PYMNTS.com reported in 2020 that PopID technology was piloted at restaurant locations including some Subway outlets, initially in the context of COVID-19 temperature screening and subsequently explored for “face pay” capability 7. PopID is a US-based company (a subsidiary of Cali Group) and is not of Israeli origin. No post-2021 primary sources confirming continued, expanded, or terminated deployment of PopID at Subway locations have been identified. The current status and scale of any PopID deployment is unknown.
A further QSR Magazine article from 2021 documented the broader “face pay” technology trend at quick-service restaurants 20. This trade press reporting contextualises the PopID pilot but does not add primary-source confirmation of ongoing Subway deployment.
Oosto (formerly AnyVision): Oosto is an Israeli-origin facial recognition and “responsible AI” computer vision company 31. No public evidence identified of any direct procurement, pilot programme, or integration relationship between Subway (or Inspire Brands) and Oosto.
Trigo Retail: Trigo is an Israeli-origin autonomous checkout and computer vision company for retail environments 30. No public evidence identified of any Subway relationship with Trigo.
Trax Image Recognition: No public evidence identified of any Subway relationship.
A 2022 Subway newsroom release confirmed that Subway’s non-traditional “smart fridge” concept locations use weight-sensing shelf technology to monitor product levels 3. The prior research report speculated that Shekel Brainweigh — an Israeli IoT and smart retail weight-sensor company 21 — may supply OEM hardware to the smart fridge integrator used by Subway. This is an inferential hypothesis: the Subway newsroom release confirms weight-sensor shelves exist but does not name the OEM hardware supplier 3. The specific supplier relationship with Shekel Brainweigh or any other vendor is unconfirmed. No primary evidence supports or refutes the Shekel Brainweigh hypothesis at this time.
The prior report cited Subway’s use of Mastercard’s Test & Learn analytics product for promotional testing (including modelling of the “$5 Footlong” promotion) as an Israeli-technology relationship. This characterisation is not supported: Mastercard acquired Applied Predictive Technologies (APT), the US-origin company behind Test & Learn, in 2015 9. While Mastercard has made Israeli acquisitions (including anti-fraud firm Cyota 24) and operates innovation centres in Tel Aviv, Test & Learn / APT is not an Israeli-origin product. Furthermore, no primary source specifically confirms Subway’s use of this product. No public evidence identified at primary-source level of a Subway–Test & Learn deployment, and the Israeli-origin characterisation is not supported.
NICE 26 and Verint 25 are both Israeli-founded companies with significant enterprise software products spanning customer experience analytics, workforce engagement, and voice analytics. The prior report suggested these platforms might be used within Subway’s loyalty or workforce operations. No public evidence identified of Subway or Inspire Brands using NICE or Verint products.
No specific data-residency disclosures have been identified for Subway in training data. Subway’s digital operations at scale are consistent with use of major US hyperscaler platforms (AWS and/or Google Cloud); however, no primary corporate disclosure, vendor case study, or trade-press reporting confirms specific cloud provider relationships or geographic data-residency arrangements.
Project Nimbus is a confirmed $1.2 billion contract awarded to Google Cloud and Amazon Web Services in 2021 to provide cloud infrastructure to the Israeli government and military 12. Subway is not a party to Project Nimbus. The prior report’s framing — that Subway’s cloud expenditure indirectly supports Project Nimbus through aggregate hyperscaler revenue — represents an inferential chain applicable to any enterprise customer of Google Cloud or AWS globally, not a direct or distinguishing relationship. No public evidence identified that Subway participates in, is party to, or has any direct link to Project Nimbus or any comparable Israeli state cloud programme.
The Google–Wiz acquisition, agreed in March 2025 at $32 billion 14, is noted as a structural development that further concentrates Israeli-origin cloud security technology within Google’s infrastructure offerings. If Subway uses Google Cloud, any Wiz-based security capabilities Google integrates into its platform would apply passively across all Google Cloud customers; this does not constitute a direct Subway–Wiz relationship.
No public evidence identified of Subway operating, leasing, or co-locating data centre infrastructure within Israel. No public evidence identified of Subway data being processed under Israeli jurisdictional frameworks or subject to Israeli state data access requirements.
No public evidence identified of any contract, partnership, service agreement, or technology provision relationship between Subway and the Israeli Ministry of Defence, Israel Defense Forces (IDF), Mossad, Shin Bet, or any other Israeli state security or intelligence body. Subway’s business domain — quick-service restaurant franchising — does not involve defence-sector activity.
No public evidence identified of Subway providing, licensing, or co-developing technology with dual civilian-military applications in an Israeli state context.
No public evidence identified. Not applicable to Subway’s business domain.
To the extent that Adyen’s Tel Aviv R&D team (the Zooz acquisition continuation) develops payment-routing algorithms used within Subway’s payments infrastructure 1519, there is a passive structural connection to Israeli technology development. This is a commercial R&D relationship with a Dutch-headquartered multinational, not a defence or intelligence relationship. No evidence of any security-sector connection through this channel has been identified.
No public evidence identified of Subway developing, licensing, or providing AI or machine learning systems to any Israeli state, military, or security body.
Subway’s digital transformation programme, carried out with Capgemini 2 and framed under “Project Future” 27, is understood to encompass data-driven customer experience tools. No primary-source disclosure identifies specific AI or ML platforms, vendors, or capabilities in use. No Israeli-origin AI product or platform has been identified as part of Subway’s disclosed operational stack.
As noted under Surveillance above, Subway’s non-traditional smart fridge and grab-and-go concepts 3 use automated weight-sensing and potentially computer-vision-assisted inventory management. The OEM technology behind these capabilities has not been publicly disclosed. The hypothesis that Israeli-origin autonomous checkout technology (e.g., Trigo 30) is involved has not been confirmed or refuted by primary sources.
No public evidence identified of Subway holding data-sharing or model-training arrangements with Israeli research institutions, universities, or AI companies.
No public evidence identified. Not applicable to Subway’s business domain.
No public evidence identified of Subway operating any R&D facility, engineering office, innovation laboratory, accelerator programme, or corporate venture outpost within Israel.
No public evidence identified of Subway acquiring any Israeli-origin technology company. Subway was itself the subject of acquisition — by Roark Capital Group, completing in early 2024 at a reported enterprise value of approximately $9.55 billion 622.
Roark Capital’s publicly available portfolio page 17 lists consumer and franchise brand holdings but does not disclose technology investment positions. Roark Capital does not file public 13F disclosures as a standard SEC-registered investment adviser. The AMG Pantheon Master fund Schedule of Investments 10 — which the prior report cited as evidence of a Roark Capital investment in Israeli-origin SentinelOne 15 — is a filing by a third-party multi-manager fund vehicle. It documents that fund’s own holdings across its manager roster and does not represent Roark Capital’s direct investment portfolio. No Roark Capital–SentinelOne direct investment has been confirmed in primary sources 34.
Inspire Brands, the Roark portfolio company whose technology ecosystem is most adjacent to Subway’s, does not publicly disclose its full vendor stack. A technographic aggregator page (Stackshare) for Inspire Brands 28 has been cited in prior research as evidence of Israeli-origin tool deployment, but technographic aggregators derive their data from indirect signals (job postings, web trackers, SDKs) and are not reliable as primary-source evidence of enterprise-level procurement decisions. Claims derived solely from this source type are assessed as unverified.
No public evidence identified of Subway holding joint patents, co-development IP arrangements, or technology licensing relationships with Israeli-domiciled entities, universities, or research institutions.
The BDS Movement maintains a published list of companies identified as targets for boycott, divestment, and sanctions campaigns 23. Subway is not prominently featured in major BDS campaign literature or as a named priority target as of the training-data cutoff. This is consistent with Subway having no franchise operations in Israel since approximately 2004 8: the Wikipedia article on Subway Israel documents that Israeli Subway franchises closed around that period, and no re-entry into the Israeli market has been documented in training data.
Some consumer boycott activity directed at Subway occurred during 2023–2024 in the context of broader quick-service restaurant boycott campaigns. These campaigns appear to have targeted Subway on the basis of perceived brand associations or general commercial-sector grounds rather than any specifically documented technology provision relationship. No major, organised BDS campaign specifically targeting Subway on technology-provision grounds has been identified in authoritative sources.
No UN reports, major NGO investigations, Human Rights Watch or Amnesty International reports, or peer-reviewed academic studies specifically examining Subway’s technology relationships with Israeli state entities have been identified in training data.
No regulatory inquiries, export control proceedings, sanctions-related investigations, or legal challenges involving Subway’s technology relationships with Israeli state entities have been identified. No data protection regulatory actions (under GDPR, CCPA, or comparable frameworks) specifically arising from Israeli-origin technology deployment by Subway have been identified.
As documented in the Subway Israel Wikipedia article 8, Subway operated franchises in Israel until approximately 2004. No evidence of re-entry into the Israeli franchise market, licensing arrangements with Israeli master franchisees, or any current operational presence in Israel has been identified in training data.
https://www.prnewswire.com/news-releases/subway-restaurants-partners-with-adyen-to-advance-its-payment-experience-in-north-america-locations-300994192.html ↩↩↩
https://www.capgemini.com/news/client-stories/subway-drives-digital-transformation-to-deliver-a-better-brand-experience/ ↩↩
https://newsroom.subway.com/2022-11-14-Subway-R-Expands-Its-Non-Traditional-Presence-Through-Flexible-and-Innovative-Concepts ↩↩↩
https://en.globes.co.il/en/article-crowdstrike-to-acquire-israeli-co-bionicai-for-350m-1001458181 ↩↩↩
https://www.calcalistech.com/ctech/articles/0,7340,L-3743622,00.html ↩↩↩
https://www.reuters.com/business/retail-consumer/roark-capital-closes-acquisition-subway-2024-03-08/ ↩↩
https://www.pymnts.com/restaurant-technology/2020/how-payments-tech-found-application-restaurants-recovery/ ↩
https://www.mastercardservices.com/en/capabilities/test-learn ↩
https://www.sec.gov/Archives/edgar/data/1609212/000114554925015850/amgpantheonmastersoi_1224.htm ↩↩↩
https://kioskindustry.org/aloha-outage/ ↩
https://www.theguardian.com/technology/2021/may/10/google-amazon-israeli-government-cloud-contract-project-nimbus ↩
https://www.reuters.com/technology/google-agrees-acquire-wiz-32-billion-2025-03-18/ ↩↩↩
https://inspirebrands.com/about/ ↩
https://www.qsrmagazine.com/technology/popid-face-pay-restaurants/ ↩
https://shekel.com/retail/ ↩
https://www.wsj.com/articles/subway-sale-roark-capital-9-55-billion-11693000000 ↩↩
https://bdsmovement.net/Act-Now-Against-These-Complicit-Companies ↩
https://www.finextra.com/newsarticle/15636/mastercard-buys-anti-fraud-firm-cyota ↩
https://www.restaurantbusinessonline.com/financing/subway-future-initiative-heres-what-you-need-know ↩↩
https://oosto.com/ ↩
https://newsroom.subway.com/subway-mvp-rewards ↩
https://www.ncr.com/restaurants/aloha-pos ↩
https://efts.sec.gov/LATEST/search-index?q=%22Roark+Capital%22&dateRange=custom&startdt=2023-01-01&enddt=2025-01-01&forms=13F ↩↩
