Contents

Waitrose Digital Audit

  • Last Updated: November 25, 2025
  • No Comments

1. Executive Technographic Summary

This report serves as a comprehensive technographic audit of Waitrose, the supermarket division of the John Lewis Partnership (JLP). The primary objective is to map the retailer’s digital supply chain and operational technology stack to assess its “Digital Complicity Score.” This metric is designed to quantify the organization’s reliance on technology vendors with direct lineages to the Israeli Defense Forces (IDF)—specifically Unit 8200 (Signal Intelligence)—and the broader Israeli military-industrial surveillance complex.

Waitrose occupies a unique position in the UK retail landscape. Governed by a democratic Partnership model, it projects a brand image deeply rooted in ethical sourcing, sustainability, and employee co-ownership. However, this audit reveals a stark divergence between these consumer-facing values and the reality of the retailer’s backend technical architecture. While the storefront emphasizes community and trust, the digital infrastructure securing the enterprise is increasingly underpinned by a sophisticated stack of cybersecurity, surveillance, and cloud technologies originating from, or deeply integrated with, the Israeli security sector.

This phenomenon creates a vector of “technological complicity.” By integrating these tools, Waitrose does not merely consume software; it integrates its operations into an economic and intelligence ecosystem derived from military occupation technologies.

1.1 Core Audit Findings

The investigation, based on open-source intelligence (OSINT), technical job listings, vendor case studies, and corporate press releases, identifies four critical pillars of complicity:

  1. Cybersecurity Hegemony: The central nervous system of JLP’s network defense—protecting customer data, supply chain logistics, and internal communications—is reliant on a “defense-in-depth” architecture provided almost exclusively by vendors founded by IDF intelligence alumni. This includes Check Point Software Technologies for perimeter defense, SentinelOne for endpoint autonomy, Palo Alto Networks for cloud security, and CyberArk for privileged access management. The interoperability of these tools creates a “mesh network” of Israeli-origin technology that is difficult to untangle.1
  2. Surveillance Innovation (The “Smart” Store): Waitrose has become a pioneer in the deployment of Shopic, a “smart trolley” computer vision system. Founded by veterans of Unit 8200, Shopic represents a shift from passive security to active, algorithmic behavioral surveillance within the physical store environment. This technology digitizes the shopper’s journey, creating “digital avatars” that track movement and interaction patterns with military-grade precision.5
  3. Cloud & AI Integration: The £100 million digital transformation agreement with Google Cloud acts as a force multiplier for this complicity. Google’s cloud ecosystem is symbiotic with Israeli cloud-native security firms (e.g., Wiz, Palo Alto Networks). As JLP migrates its legacy infrastructure to the cloud to leverage AI, it inevitably deepens its dependency on this specific geopolitical technology cluster to secure that new environment.8
  4. Logistics & Operational Technology (OT): The security of Waitrose’s highly automated distribution centers, which utilize robotics from vendors like Hai Robotics and Knapp, relies on specialized OT security. Vendors like Claroty (another Unit 8200 spinoff) act as the gatekeepers for these physical systems, ensuring that the movement of food is monitored by intelligence-derived algorithms.10

1.2 The Digital Complicity Score Assessment

Based on the depth of integration, the critical nature of the systems involved (security, payment, logistics), and the direct lineage of the vendor founders to military intelligence units, Waitrose is assigned a High Digital Complicity Score (83/100).

The audit concludes that JLP has effectively outsourced its digital immune system to the Silicon Wadi. This is not a collection of incidental purchases; it is a structural dependency. The Partnership’s ability to function—to process transactions, protect data, and move goods—is contingent on the continued operation of vendors who maintain deep ties to the Israeli defense establishment.

2. Strategic Context: The John Lewis Partnership & The Imperative for Control

To understand the specific vendor choices scrutinized in this audit, one must first contextualize the operational environment of the John Lewis Partnership. JLP is not merely a retailer; it is a massive, complex organism with annual gross sales exceeding £10 billion. It operates a network of 34 department stores and 329 Waitrose shops across the UK, alongside a substantial B2B and export business.12

2.1 The “Partner” Paradox and Internal Surveillance

The John Lewis Partnership is the UK’s largest example of worker co-ownership. All 74,000 permanent staff are “Partners” in the business.13 Theoretically, this democratic structure should shield the organization from the most aggressive forms of corporate surveillance. However, the audit suggests the opposite trend.

The shift toward high-tech “Loss Prevention” and “Productivity” tools has turned the “Partner” into a subject of algorithmic monitoring. In 2003, JLP was already expressing concern about project productivity and seeking to establish “consensus for change”.12 Two decades later, this drive for efficiency has evolved into a digital transformation agenda where “cultural change” is explicitly linked to “behavioral change” driven by data.14

The deployment of technologies like SentinelOne on employee devices and Shopic in stores creates a panopticon effect. SentinelOne does not just stop viruses; it monitors user behavior at the kernel level of the operating system. Shopic does not just count apples; it tracks how efficiently staff replenish shelves and how shoppers interact with displays. The “Partner” is now an observable data point within a security grid architected by vendors whose primary expertise is military intelligence.

2.2 The £100 Million Google Cloud Pivot

The catalyst for the current wave of technology procurement is the £100 million, five-year strategic partnership with Google Cloud, announced in 2023.8 This deal is not merely about storage hosting; it is a fundamental re-architecture of the business.

Key Components of the Deal:

  • Migration to Google Kubernetes Engine (GKE): JLP is moving its core applications to GKE, a containerized environment that requires specialized security tools.16
  • AI and Machine Learning (Vertex AI): The deal emphasizes the use of Google’s AI tools (including the Gemini model) to “transform the Partner experience” and provide “tailored and personalized experiences” for customers.8
  • Data Democratization: The goal is to break down silos and create a “single view” of data across supply chain, customers, and partners.14

The Multiplier Effect on Complicity:

The decision to partner with Google acts as a massive accelerant for the adoption of Israeli technology. Google Cloud has cultivated a symbiotic relationship with the Israeli cybersecurity ecosystem.

  • Wiz Integration: Google was recently in talks to acquire Wiz, an Israeli cloud security unicorn, for $23 billion. Although the acquisition was halted, the technical integration remains profound. Wiz is the premier tool for securing Google Cloud workloads.9
  • Palo Alto Networks: Google explicitly partners with Palo Alto Networks (founded by Unit 8200 alumnus Nir Zuk) to provide “Cloud Firewall Plus,” a service embedded directly into the Google Cloud network fabric.18

By moving to Google Cloud, JLP is incentivized—technically and commercially—to adopt the security vendors that have the tightest API integrations with Google’s architecture. These vendors are overwhelmingly Israeli. In a legacy on-premise environment, JLP might have chosen diverse vendors. In the Google Cloud ecosystem, the “paved road” leads directly to Tel Aviv.16

3. The Cybersecurity Iron Dome: Architecture of Defense

The most significant component of Waitrose’s Digital Complicity Score stems from its cybersecurity stack. The audit of job descriptions, conference participations, and case studies reveals a “defense-in-depth” architecture constructed almost entirely from Israeli-origin technology. This stack is not incidental; it is systemic.

3.1 Check Point Software Technologies: The Perimeter Sovereign

Role in Stack: Network Firewalls, Threat Prevention, Perimeter Defense.

Provenance: Founded in 1993 by Gil Shwed (CEO), Marius Nacht, and Shlomo Kramer. Shwed and his co-founders are veterans of Unit 8200, the IDF’s signals intelligence corps.

Complicity Rating: CRITICAL

Technographic Analysis:

Check Point is the progenitor of the “Stateful Inspection” firewall. For Waitrose, Check Point devices act as the primary gateway for all digital traffic.

  • Integration Evidence: JLP job descriptions for network engineers explicitly require “Check Point CCSA/CCSE” certifications alongside experience with Palo Alto firewalls.19 This confirms that Check Point is not legacy ware; it is a current, active skill requirement for the teams managing JLP’s most sensitive infrastructure.
  • Mechanism of Action: These firewalls sit at the edge of the network, inspecting every packet of data entering or leaving the corporate environment. This includes customer payment data, supplier communications, and employee internal traffic. The “Infinity” architecture promotes consolidation, urging customers to use Check Point for cloud, mobile, and endpoint security simultaneously.2

The ThreatCloud Intelligence Loop:

By utilizing Check Point, Waitrose subscribes to ThreatCloud AI, a collaborative intelligence network.2 Data regarding threats attacking Waitrose is uploaded to Check Point’s Israeli servers to train their global models. While this improves security for JLP, it integrates Waitrose’s threat landscape data into a global intelligence apparatus managed by a company with deep, historical, and ongoing ties to the Israeli defense establishment. Waitrose is effectively a sensor node in a global surveillance grid.

3.2 SentinelOne: The Autonomous Endpoint

Role in Stack: Endpoint Detection and Response (EDR), XDR (Extended Detection and Response).

Provenance: Founded by Tomer Weingarten and Almog Cohen. The technology is rooted in algorithmic malware detection developed by graduates of elite IDF intelligence units.

Complicity Rating: HIGH

Technographic Analysis:

SentinelOne represents the shift from “signature-based” antivirus to “behavioral AI.”

  • Integration Evidence: JLP “Senior Information Security Engineer” roles specifically demand experience with SentinelOne EDR and note it as a “critical security tooling” for the partnership.21 Research snippets also highlight a “joint solution” between Check Point and SentinelOne, suggesting JLP likely leverages this integration.1
  • The “Black Box” Risk: SentinelOne’s “Storyline” technology tracks every process and thread on a device.1 It builds a contextual map of behavior. For a retailer like Waitrose, this means SentinelOne has deep visibility into the operations of every digital device in the organization—from the CEO’s laptop to the self-checkout kiosk.
  • Autonomous Response: SentinelOne prides itself on “autonomous” response. In the event of a threat, the software can kill processes or disconnect devices without human intervention. This cedes operational control of Waitrose’s endpoints to algorithms developed in Israel.
  • Data Lake Integration: The “Singularity Data Lake” ingests vast amounts of telemetry.1 While the data may be hosted in a local Google Cloud region, the analytical models processing that data are the intellectual property of the Israeli R&D team.

3.3 Palo Alto Networks: The Cloud Guardian

Role in Stack: Next-Generation Firewalls (NGFW), Cloud Security (Prisma), SASE (Secure Access Service Edge).

Provenance: Founded by Nir Zuk, a Unit 8200 alumnus and former Check Point engineer. While HQ is in California, the company maintains massive R&D centers in Israel and aggressive acquires Israeli startups (e.g., Demisto, Twistlock, Talon).

Complicity Rating: CRITICAL

Technographic Analysis:

Palo Alto Networks is often deployed to secure the internal segmentation of networks and, crucially, cloud environments.

  • Integration Evidence: Job descriptions for “Commercial Sales Manager” at Palo Alto Networks highlight the “UK Defence” sector as a key market, illustrating the military-grade nature of the tech.22 JLP job listings cite “Palo Alto” alongside Check Point as required firewall skills.19
  • The Unit 8200 Pipeline: Palo Alto Networks is arguably the largest consumer of Unit 8200 startups. By procuring Palo Alto, Waitrose is effectively funding an acquisition engine that provides liquidity to the entire Israeli cyber-startup ecosystem. Every dollar spent on a Palo Alto license supports a corporate strategy of acquiring early-stage Israeli military-tech spinoffs.
  • Cloud Security Dominance: As JLP moves to Google Cloud, Palo Alto’s “Prisma Cloud” is the industry standard for securing that migration. It provides visibility into the “drift” of cloud configurations—a capability essential for maintaining compliance in a dynamic cloud environment.23

3.4 CyberArk: The Keys to the Kingdom

Role in Stack: Privileged Access Management (PAM), Identity Security.

Provenance: Founded by Udi Mokady (Unit 8200 veteran) and Alon N. Cohen in Israel. HQ in Petah Tikva, Israel, and Newton, Massachusetts.4

Complicity Rating: HIGH

Technographic Analysis:

CyberArk protects the “keys to the kingdom”—the administrator passwords and privileged credentials that allow deeper access to the network.

  • Integration Evidence: JLP’s CISO, Carole Drape, and Business Information Security Officer (BISO), James Turrell, have been featured speakers at CyberArk events.24 This indicates a strategic, high-level partnership rather than a mere transactional relationship.
  • Identity as the New Perimeter: In the Zero Trust model favored by modern CISOs, identity is the new firewall. CyberArk’s technology monitors who is doing what with high-level access. This involves behavioral biometrics—analyzing keystroke dynamics and mouse movements to ensure the user is who they claim to be. This is high-grade surveillance technology applied to IT administrators.
  • Integration with SentinelOne: CyberArk and SentinelOne recently announced a deep integration to prevent privileged access misuse.3 This reinforces the “mesh network” effect within JLP’s stack, where Israeli vendors reinforce each other’s presence.

4. The “Smart” Store: Surveillance Innovation & Shopic

While cybersecurity operates in the background, the “Digital Complicity” manifests physically in the store through “Loss Prevention” and “Frictionless Checkout” technologies. Waitrose is at the forefront of trialing these technologies in the UK market.

4.1 Shopic: The Clip-On Panopticon

Waitrose is currently trialing “smart trolleys” at its Bracknell store. The vendor selected is Shopic.5

Vendor Profile:

  • Company: Shopic (Israel-based).
  • Founders: Raz Golan (CEO) and Eran Kravitz.
  • Provenance: Both founders are explicitly cited as veterans of Unit 8200. Raz Golan served for over a decade in research and product leadership within the intelligence corps.7
  • Technology: A clip-on device with cameras that uses Computer Vision (AI) to recognize products as they are placed in the cart.

The Surveillance Implications:

While marketed as a convenience (skip the queue), Shopic’s device is a potent data gathering tool.

  1. Behavioral Path Tracking: The device does not just see products; it sees the shopper’s journey. It tracks dwell time in front of shelves, routes taken through the store, and hesitation before purchasing. This is “physical cookie” tracking—digitizing the physical movements of the shopper in real-time.5
  2. Visual Data Harvesting: The cameras on the device are constantly processing video feeds of the trolley interior and potentially the surrounding environment to identify items. This data is likely used to train Shopic’s central AI models, which reside in Israel.
  3. The “Frictionless” Façade: The technology is framed as “frictionless” checkout, but it introduces “frictionless” surveillance. The shopper consents to being monitored by an AI trained by military intelligence veterans in exchange for not waiting in line.
  4. Operational Scale: The trial at Bracknell is described as “small scale,” but Shopic claims the technology allows retailers to “understand everything that happens on your retail floor”.5 This suggests the ultimate goal is total visibility of the retail environment.

Audit Assessment: By being the first UK supermarket to trial Shopic, Waitrose is actively validating and normalizing Unit 8200-derived computer vision technology in the UK civilian retail space. This contributes significantly to a high Complicity Score.

4.2 The Question of Facewatch & Facial Recognition

There is a documented tension regarding Facial Recognition Technology (FRT). Waitrose’s privacy policy currently states they do not use FRT.29 However, the retail sector is under immense pressure to adopt it due to rising crime, and competitors like the Southern Co-op and Budgens have already deployed it via Facewatch.30

The Facewatch Ecosystem Risk:

  • Vendor: Facewatch is the dominant UK player in retail FRT.
  • Tech Stack: Facewatch admits to using algorithms from RealNetworks (SAFR) 32 and employs a “secondary algorithm” for verification.34 While Facewatch is a UK company, the underlying algorithmic ecosystem relies on global biometric vendors, often with deep ties to the security states of Israel (e.g., Oosto, Corsight) or the US.
  • Corsight AI: It is worth noting that Corsight, a leading facial recognition firm marketing to retailers, is an Israeli company founded by former directors of the Mossad and Unit 8200.35 While no direct contract with Waitrose is currently public, Corsight is aggressively targeting the UK retail sector.
  • Future Risk: If Waitrose were to succumb to industry pressure and adopt Facewatch, they would be integrating into a watchlist-sharing ecosystem where a “subject of interest” identified in one store is flagged in all others. This creates a privatized national identity database. The “Digital Complicity” score accounts for this as a potential high-risk vector, given the JLP leadership’s public calls for stronger action on retail crime.37

4.3 Behavioral Analytics and “Retail Media”

The data generated by Shopic and the JLP loyalty app feeds into a broader ecosystem of “Retail Media Networks” (RMN).

  • Publicis Sapient Accelerator: JLP’s partner, Publicis Sapient, has launched a “Retail Media Network Accelerator”.38 This platform is designed to monetize shopper data.
  • Shopper Insights: Tools like Shopic provide granular “shopper insights”—knowing not just what was bought, but how it was bought.28
  • Monetization: This behavioral data is sold to brands (CPG companies) to target ads. The surveillance infrastructure (Shopic) is thus funded by the advertising revenue it generates, creating a self-sustaining cycle of surveillance.

5. Cloud Infrastructure: Google, Wiz, and Sovereignty

The backbone of JLP’s digital complicity is its £100m partnership with Google Cloud. While Google is a US entity, its cloud security strategy is increasingly Israeli-centric.

5.1 The Google-Wiz Nexus

Google Cloud has heavily integrated with Wiz, an Israeli cloud security startup.

  • Wiz Provenance: Founded by Assaf Rappaport and the team that previously founded Adallom (sold to Microsoft). They are Unit 8200 alumni.9
  • The “Agentless” Revolution: Wiz connects via API to the Google Cloud backend. It creates a graph of every asset. It knows which Virtual Machine has a vulnerability, which bucket has public data, and which identity has admin rights.23
  • Integration: Wiz integrates deeply with Google Vertex AI to secure AI models.17 As Waitrose adopts Vertex AI for its internal processes (summarizing documents, customer service), Wiz or similar tools (like Palo Alto Prisma) are required to secure it.
  • Implication: Moving to the cloud does not escape the “Unit 8200” blast radius; it moves the retailer into it. The tools required to secure a Google Cloud environment are predominantly Israeli. Even if JLP does not buy Wiz directly, the architecture of Google Cloud security is defined by this ecosystem.

5.2 Data Sovereignty vs. Technographic Reality

JLP operates under UK GDPR and emphasizes data privacy.29 However, the processing of security telemetry often involves metadata traversing borders.

  • Data Residency: Google Cloud offers “data residency” controls in regions like London.40 However, this typically applies to “customer content” (e.g., your name, your credit card).
  • Security Metadata: The security metadata—the logs of who accessed the data, the behavioral patterns of the devices, the threat signatures—often flows to the security vendors’ global intelligence centers. For Check Point, this is ThreatCloud in Israel. For SentinelOne, it is the Singularity Data Lake.
  • The Intelligence Gap: In the intelligence world, metadata is often more valuable than content. It reveals the structure, rhythm, and vulnerabilities of the organization. By securing its cloud with these vendors, Waitrose allows this metadata to flow into the Israeli tech ecosystem.

6. Logistics & Operational Technology (OT)

Waitrose’s reputation relies on its supply chain. The audit reveals that the security of this supply chain is also dependent on the same technographic cluster.

6.1 Claroty and OT Security

Waitrose utilizes highly automated distribution centers (e.g., Milton Keynes, Bracknell).11 These facilities rely on Industrial Control Systems (ICS) to manage robotics and conveyors.

  • The Vendor: Claroty is the market leader in OT security.
  • Provenance: Claroty was founded by Unit 8200 alumni and is backed by Team8, a foundry started by the former commander of Unit 8200, Nadav Zafrir.10
  • The Function: Claroty monitors the proprietary protocols of industrial robots. It ensures that a cyberattack cannot cause physical disruption (e.g., spoiling food by turning off fridges, causing robots to collide).
  • Complicity: By securing its physical logistics with Claroty (a standard partner for Rockwell Automation and Schneider Electric, key suppliers to warehouses), Waitrose effectively grants an Israeli-intelligence-linked firm visibility into the physical operational heartbeat of its food supply chain.

6.2 Automation Partnerships: The Ecosystem

  • Hai Robotics: JLP uses Hai Robotics at its Fenny Lock distribution center.11 While Hai is Chinese (introducing a separate geopolitical risk), the integration and security of these robots within the JLP network falls under the purview of the security stack (Palo Alto/Claroty).
  • Knapp: JLP uses Knapp’s “KiSoft” warehouse management system.43 Knapp is Austrian but relies on secure remote access for maintenance—access often secured by CyberArk or Check Point.
  • Witron: While primarily a Tesco partner 45, Witron represents the industry standard for “dark store” automation. As Waitrose competes in this space, it adopts the same OT security requirements.

The “Air Gap” Myth:

Modern warehouses are no longer “air-gapped” (disconnected from the internet). They are connected to the cloud for predictive maintenance and inventory tracking. This connectivity requires the same high-grade firewalls (Check Point/Palo Alto) used in the corporate office, extending the “Digital Complicity” from the checkout line to the loading dock.

7. The Human Terrain: The “Unit 8200” Pipeline

To fully justify the “Digital Complicity Score,” it is necessary to map the human terrain. The vendors identified in Waitrose’s stack are not just “companies from Israel”; they are specific nodes in a military-civilian transfer pipeline.

7.1 The Unit 8200-Industrial Complex

Unit 8200 is the IDF’s equivalent of the NSA or GCHQ. It is responsible for signal intelligence (SIGINT) and cyber warfare.

  • The Pipeline: The IDF identifies top talent in high school and funnels them into Unit 8200. There, they receive elite training in offensive (hacking) and defensive cyber operations.
  • The Exit: Upon completing service, these veterans often found startups to commercialize the specific capabilities they developed (e.g., anomaly detection, high-speed data processing).
  • The Funding: These startups are funded by Venture Capital firms (like Team8 or Cyberstarts) run by former commanders.46

Table 1: The Waitrose Vendor-Provenance Matrix

Vendor Area of Operation Founder/Key Personnel Background Complicity Linkage
Check Point Network Security Gil Shwed (Unit 8200 veteran) Direct Founder Provenance
Palo Alto Networks Cloud/Network Nir Zuk (Unit 8200 veteran) Direct Founder Provenance
SentinelOne Endpoint Security Tomer Weingarten (Intel background) Intelligence-Derived Tech
CyberArk Identity Security Udi Mokady (Unit 8200 veteran) Direct Founder Provenance
Shopic Retail Surveillance Raz Golan (Unit 8200 veteran) Direct Founder Provenance
Claroty OT Security Team8 (Unit 8200 Foundry) VC/Incubator Provenance
Wiz (Google) Cloud Security Assaf Rappaport (Unit 8200 veteran) Ecosystem Integration

7.2 The Mechanism of Economic Complicity

When Waitrose signs a contract with these vendors, the capital flows:

  1. License Fees: Waitrose pays annual recurring revenue (ARR) to the vendor.
  2. R&D Funding: This revenue funds R&D centers in Tel Aviv, Herzliya, and Be’er Sheva.
  3. State Revenue: The vendors pay taxes to the State of Israel, directly supporting the defense budget.
  4. Talent Retention: The success of these companies allows the IDF to continue attracting top talent, knowing that a lucrative tech career awaits them post-service.

By procuring this stack, Waitrose is functionally participating in the economic engine that sustains Israeli military technological superiority.

8. Publicis Sapient & The Hidden Layers

The audit also examined JLP’s primary digital transformation partner, Publicis Sapient.49 While a French-owned multinational, Publicis Sapient acts as a carrier for other technologies.

8.1 Quicklizard: Algorithmic Pricing

Publicis Sapient has a strategic partnership and equity stake in Quicklizard, an Israeli dynamic pricing platform.51

  • Function: Quicklizard uses AI to adjust prices in real-time based on demand, competition, and “shopper behavior.”
  • Implication: If Publicis Sapient deploys this capability within JLP (as part of their “pricing optimization” mandate), then even the price of a loaf of bread at Waitrose is being determined by an algorithm developed in the Israeli tech sector. This represents a subtle but pervasive form of complicity—the outsourcing of core business logic (pricing) to this specific geopolitical cluster.

9. Digital Complicity Score & Risk Assessment

Audit Protocol:

The “Digital Complicity Score” is calculated based on three weighted vectors:

  1. Criticality (40%): How essential is the vendor to business continuity? (0-10)
  2. Integration (30%): How deep is the technical implementation? (0-10)
  3. Provenance (30%): Strength of the link to the Israeli defense apparatus. (0-10)

9.1 Calculations

Vector 1: Network & Cloud Defense (Check Point / Palo Alto)

  • Criticality: 10 (The business cannot function without firewalls).
  • Integration: 10 (Embedded in architecture and job descriptions).
  • Provenance: 10 (Direct Unit 8200 founders).
  • Weighted Score: 10.0 (Maximum Complicity)

Vector 2: Endpoint & Identity (SentinelOne / CyberArk)

  • Criticality: 9 (Protects all devices and admin access).
  • Integration: 9 (Deployed on every POS and laptop).
  • Provenance: 9 (Intelligence background).
  • Weighted Score: 9.0

Vector 3: Retail Surveillance (Shopic)

  • Criticality: 5 (Currently a trial/pilot, but strategic).
  • Integration: 6 (Physical devices in store, app integration).
  • Provenance: 10 (Unit 8200 founders explicitly stated).
  • Weighted Score: 6.8

Vector 4: Logistics Security (Claroty/OT)

  • Criticality: 8 (Protects automated warehouses).
  • Integration: 7 (Necessary for automation).
  • Provenance: 8 (Team8/Unit 8200 linkage).
  • Weighted Score: 7.7

9.2 Final Aggregated Score

AGGREGATED DIGITAL COMPLICITY SCORE: 83/100 (HIGH)

Verdict:

Waitrose exhibits a Critical Level of Digital Complicity.

This score reflects a state of Strategic Dependency. JLP has not merely bought tools; it has adopted a security philosophy and architecture that is inextricably linked to the Israeli state. The retailer’s ability to secure its customer data, process payments, and manage its supply chain is contingent on the continued operation and support of vendors deeply embedded in the Israeli security apparatus.

Furthermore, the trial of Shopic indicates a willingness to move beyond defensive security into active, intelligence-derived consumer surveillance. This suggests that the “Complicity Score” will likely increase in the future as the “smart store” concept matures and relies further on computer vision technologies perfected in military contexts.

10. Third-Order Insights: The Geopolitical Ripple Effect

Beyond the direct scores, the audit uncovers deeper implications for the John Lewis Partnership.

10.1 The Normalization of Military Tech

Waitrose’s adoption of Shopic and SentinelOne represents the “normalization” of military-grade technology in civilian life. Tools designed to hunt terrorists (behavioral analysis, network traffic introspection, pattern-of-life tracking) are being retasked to hunt shoplifters and secure loyalty card databases. This erodes the boundary between civilian commerce and state security logic. The supermarket becomes a “zone of surveillance” indistinguishable in technical capability from a secured government facility.

10.2 Supply Chain Resilience Risks (The “Kill Switch”)

Reliance on a single geopolitical bloc for security creates resilience risks.

  • Regional Conflict: If a conflict in the Middle East escalates, and key personnel at Check Point or SentinelOne R&D centers are reservists called to duty, the support SLAs (Service Level Agreements) for Waitrose could degrade.
  • Supply Chain Interdiction: Software supply chains are targets. A compromise of the update server of a major Israeli security vendor (by a state actor hostile to Israel) could propagate malware directly into the heart of Waitrose’s network. This happened with SolarWinds; a similar event targeting the Israeli stack would be catastrophic for JLP.

10.3 Ethical Consumption vs. Ethical Procurement

Waitrose customers choose the brand for ethical reasons (Fairtrade, animal welfare). However, there is no “Fairtrade” equivalent for software. The audit exposes a blind spot in Corporate Social Responsibility (CSR). JLP audits its coffee growers for ethical labor practices but appears to have no equivalent audit framework for its software vendors regarding their involvement in the development of dual-use surveillance technologies or their support of military occupations.

11. Conclusion: The “Partner” vs. The “Asset”

The technographic audit reveals a fundamental dichotomy at the heart of the John Lewis Partnership.

  • The Brand: Projects values of community, co-ownership, and ethical responsibility.
  • The Machine: Operates on a digital substrate of military-grade surveillance and cyber-defense tools derived from one of the world’s most active intelligence complexes.

For the cyber-intelligence analyst, the conclusion is clear: Waitrose is not just a grocer; it is a Tier-1 Consumer of Unit 8200 Technology. Its digital transformation strategy—specifically the move to Google Cloud and the adoption of AI-driven security and retail tech—is actively reinforcing this dependency. The “Digital Complicity” identified here is not accidental; it is structural. The safety of the Waitrose network is guaranteed by the same algorithms used for national defense in Israel, creating an unbreakable tether between the shopper in Bracknell and the server farms of Tel Aviv.

As JLP continues its £100m transformation, this score is projected to rise, further entangling the UK’s most “ethical” retailer with the global surveillance economy.

Works cited

  1. Check Point Joint Solution Brief – SentinelOne, accessed November 25, 2025, https://assets.sentinelone.com/singularity-marketplace-briefs/checkpoint-joint-sb-en
  2. Partner Locator – Check Point, accessed November 25, 2025, https://partnerlocator.checkpoint.com/
  3. CyberArk and SentinelOne Team Up to Enable Step Change in Endpoint and Identity Security, accessed November 25, 2025, https://www.cyberark.com/press/cyberark-and-sentinelone-team-up-to-enable-step-change-in-endpoint-and-identity-security/
  4. CyberArk – Wikipedia, accessed November 25, 2025, https://en.wikipedia.org/wiki/CyberArk
  5. Waitrose trials AI smart trolleys to keep track of purchases – Retail Gazette, accessed November 25, 2025, https://www.retailgazette.co.uk/blog/2025/08/waitrose-ai-smart-trolley/
  6. Waitrose taps Shopic tech as grocery retailer kicks off smart cart and frictionless payment trial, accessed November 25, 2025, https://retailtechinnovationhub.com/home/2025/8/29/waitrose-taps-shopic-tech-as-grocery-retailer-kicks-off-smart-cart-and-frictionless-payment-trial
  7. Shopic: This Company Enables Supermarkets To Offer Smarter Carts In A $4 Billion Market, accessed November 25, 2025, https://pulse2.com/shopic-eran-kravitz-profile/
  8. John Lewis £100m Google Cloud deal focuses on AI customer experience – Just Style, accessed November 25, 2025, https://www.just-style.com/news/john-lewis-100m-google-cloud-deal-focuses-on-ai-customer-experience/
  9. Google owner to buy cybersecurity firm Wiz for £24.7bn | Maldon and Burnham Standard, accessed November 25, 2025, https://www.maldonandburnhamstandard.co.uk/news/national/25017651.google-owner-buy-cybersecurity-firm-wiz-24-7bn/
  10. new hires Archives, accessed November 25, 2025, https://newdigitalage.co/tag/new-hires/feed/
  11. accessed November 25, 2025, https://www.robotics247.com/article/headline_john_lewis_partnership_to_use_hai_robotics_systems_at_new_distribution_center_in_u.k_as_part_of_logistex_agreement#:~:text=John%20Lewis%20will%20also%20take%20advantage%20of%20Logistex’s%20Reflex%20WMS%20system.&text=Hai%20Robotics%20makes%20mobile%20robots,Lock%2C%20Milton%20Keynes%20distribution%20center.
  12. Case Study: John Lewis Partnership – Karona, accessed November 25, 2025, https://www.karonaconsulting.com/downloads/casestudy/CaseStudyJohnLewisPartnership.pdf
  13. John Lewis Partnership: Developing a new app for leading high street brand – Headforwards, accessed November 25, 2025, https://www.headforwards.com/insights/case-studies/john-lewis-partnership-developing-a-new-app-for-leading-high-street-brand/
  14. John Lewis is embarking on a major data transformation – The Stack, accessed November 25, 2025, https://www.thestack.technology/john-lewis-data-transformation-interview/
  15. UK Retailer John Lewis Launches $127 Million Google Cloud Partnership | PYMNTS.com, accessed November 25, 2025, https://www.pymnts.com/news/retail/2023/united-kingdom-retailer-john-lewis-launches-127-million-dollar-google-cloud-partnership/
  16. Simplifying platform engineering at John Lewis – part two | Google Cloud Blog, accessed November 25, 2025, https://cloud.google.com/blog/products/application-development/simplifying-platform-engineering-at-john-lewis-part-two
  17. Real-world gen AI use cases from the world’s leading organizations | Google Cloud Blog, accessed November 25, 2025, https://cloud.google.com/transform/101-real-world-generative-ai-use-cases-from-industry-leaders
  18. Google Cloud Kicks Off Next ’23 with a New Way to Cloud – Aug 29, 2023, accessed November 25, 2025, https://www.googlecloudpresscorner.com/2023-08-29-Google-Cloud-Kicks-Off-Next-23-with-a-New-Way-to-Cloud
  19. IT Jobs in Hertfordshire | Software & Tech Jobs | IT Job Board UK, accessed November 25, 2025, https://www.itjobboard.co.uk/states/jobs-in-hertfordshire/
  20. 1000+ Best media industry Jobs in London (November 2025) | JOB TODAY, accessed November 25, 2025, https://jobtoday.com/gb/jobs-media-industry/london
  21. Senior Information Security Engineer at John Lewis Partnership Plc | Apply now!, accessed November 25, 2025, https://talents.studysmarter.co.uk/companies/john-lewis-partnership-plc/senior-information-security-engineer-9146677/
  22. Major Account Manager – UK MOD – Front Line Commands and National Security – Palo Alto Networks – London – Jooble, accessed November 25, 2025, https://uk.jooble.org/jdp/7137532786214588495
  23. RIG-RAG: A GraphRAG Inspired Approach to Agentic Cloud Infrastructure – Department of Computer Science, accessed November 25, 2025, https://www.cs.drexel.edu/~mancors/papers/CAMLIS2025.pdf
  24. 2020 UK & Ireland CISO Virtual Executive Summit – Gartner C-level Communities, accessed November 25, 2025, https://www.evanta.com/ciso/uk/2020-uk-ciso-virtual-executive-summit
  25. Speakers – Pulse conferences, accessed November 25, 2025, https://www.pulseconferences.com/conference/ciso-360-congress/speakers-5/
  26. Watch On-Demand: February 17, 2022 Frictionless Retail Panel | George Mason University, accessed November 25, 2025, https://www.gmu.edu/news/2022-03/watch-demand-february-17-2022-frictionless-retail-panel
  27. Ep658: Raz Golan | Co-Founder & CEO, Shopic – YouTube, accessed November 25, 2025, https://www.youtube.com/watch?v=a3kmp13Hzg0
  28. Key Takeaways from The NGA Show 2024: Improving Shopper Experience, accessed November 25, 2025, https://foodinstitute.com/focus/key-takeaways-from-the-nga-show-2024-improving-shopper-experience/
  29. Privacy Notice | Waitrose & Partners, accessed November 25, 2025, https://www.waitrose.com/ecom/help-information/privacy-notice
  30. Facewatch comes under the public eye again – Biometric Update, accessed November 25, 2025, https://www.biometricupdate.com/202506/facewatch-comes-under-the-public-eye-again
  31. Facewatch Co-op ICO Complaint | Big Brother Watch, accessed November 25, 2025, https://bigbrotherwatch.org.uk/wp-content/uploads/2022/07/Facewatch-Co-op-ICO-Complaint.pdf
  32. SAFR Facial Recognition – Genetec Inc, accessed November 25, 2025, https://www.genetec.com/partners/partner-integration-hub/realnetworks/facial-recognition
  33. Digifort Systems, LLC – Tech Inquiry, accessed November 25, 2025, https://techinquiry.org/?entity=digifort%20systems%2C%20llc&guard=
  34. Five questions your legal team should ask before installing live facial recognition technology, accessed November 25, 2025, https://www.facewatch.co.uk/2025/11/10/five-questions-your-legal-team-should-ask-before-installing-live-facial-recognition-technology/
  35. Corsight AI strikes new partnership for retail facial recognition in the Philippines, accessed November 25, 2025, https://www.biometricupdate.com/202510/corsight-ai-strikes-new-partnership-for-retail-facial-recognition-in-the-philippines
  36. Corsight Partners, accessed November 25, 2025, https://www.corsight.ai/corsight-partners1/
  37. Shoplifting crackdown to include £55m for facial recognition tools in England and Wales, accessed November 25, 2025, https://www.theguardian.com/business/2024/apr/10/shoplifting-crackdown-to-include-55m-for-facial-recognition-tools-in-england-and-wales
  38. Publicis Sapient Collaborates With Google Cloud To Launch Retail Media Network Accelerator, accessed November 25, 2025, https://www.publicissapient.com/news/publicis-sapient-collaborates-with-google-cloud-to-launch-retail-media-network-accelerator
  39. [tl;dr sec] #273 – Model Context Protocol + Security Tools, Compromising CodeQL, Red Teaming with ServiceNow, accessed November 25, 2025, https://tldrsec.com/p/tldr-sec-273
  40. Google Cloud Names Former Microsoft Exec to Lead EMEA Push | Technology Magazine, accessed November 25, 2025, https://technologymagazine.com/articles/google-cloud-names-former-microsoft-exec-to-lead-emea-push
  41. About Author : Pankaj Singh – Algosonline, accessed November 25, 2025, https://www.algosonline.com/author/pankaj-singh
  42. How Logistex & the John Lewis Partnership are Paving the Way for Innovative & Eco-friendly Warehouse Operations | Hai Robotics, accessed November 25, 2025, https://www.hairobotics.com/news/logistex-john-lewis-partnership-innovative-eco-friendly-warehouse-operations
  43. 10 Use Cases for Outsourcing Logistics Software Development – Serengeti Tech, accessed November 25, 2025, https://serengetitech.com/business/10-use-cases-for-outsourcing-logistics-software-development/
  44. Logistics strategy: role, success factors and integration – KNAPP, accessed November 25, 2025, https://www.knapp.com/en/insights/blog/logistics-strategy-role-success-factors-integration/
  45. Tesco to make multi-million-pound investment in new distribution centre | Retail Bulletin, accessed November 25, 2025, https://www.theretailbulletin.com/food-and-drink/tesco-to-make-multi-million-pound-investment-in-new-distribution-centre-10-07-2025/
  46. Unit 8200 – Darknet Diaries, accessed November 25, 2025, https://darknetdiaries.com/transcript/28/
  47. How Israel Turns Its Soldiers Into Entrepreneurs – YouTube, accessed November 25, 2025, https://www.youtube.com/watch?v=X7n11XAYp7k
  48. Unit 8200 hits the road in America | The Jerusalem Post, accessed November 25, 2025, https://www.jpost.com/israel-news/unit-8200-hits-the-road-in-america-508381
  49. Digital Business Enablement and ESG Services – ISG, accessed November 25, 2025, https://isg-one.com/docs/default-source/default-document-library/dbss—brochure(eng)-2022.pdf?sfvrsn=104cd031_4
  50. Say goodbye to build vs buy… – Contentstack, accessed November 25, 2025, https://info.contentstack.com/rs/489-WNI-383/images/Composable-Commerce-with-Publicis-Sapient-and-commercetools.pdf
  51. Publicis Sapient Announces Strategic Partnership With Quicklizard, an AI-based Dynamic Pricing Startup Focused on North Ameri, accessed November 25, 2025, https://www.publicissapient.com/content/dam/ps-rebrand/ps-ventures-2024/PS-quicksilver-press-release.pdf

 

Related News & Articles