Check facts

AI at the (Federal Security) Service

The Russian state security service — FSB — has been trying to implement AI in its anti-opposition operations for at least two years. IStories investigated how the development of the Pauk (“Spider”) system went — and why it was stopped (at least for now)

Доступно на русском

The FSB’s Second Service, or The Service for Defense of the Constitutional Order and Combating Terrorism, which is combating internet access for Russians and thereby harming Russia’s IT sector, began integrating AI into its routine work at least two years ago. This challenging task was entrusted to Mikord, a company based in Kazan (Russia’s Tatarstan republic capital — Ed.)

In December 2025, an anonymous hacker group breached Mikord’s infrastructure and obtained the documents on its other then-upcoming project, a digital military registry. The group passed the documents to Get Lost, an organization helping Russians evade conscription, who shared the data with IStories. Due to this leak, we have been able to publish investigations on the military registry work, as well as on other classified systems of the Russian Ministry of Defense.

We have also learned how, over a year and a half, Mikord worked on the Pauk (“Spider”) project commissioned to them by the FSB’s Second Service. The FSB was supposed to use Pauk to combine information from the media and FSB’s own databases to create a neural network assistant for intelligence officers.

Who commissioned the project

In the spring of 2024, a little-known Kazan-based company called Mikord was commissioned to create a new service for the FSB. Around the same time, the company was unexpectedly entrusted with the development of a military registry — one of the Russian Ministry of Defense’s largest projects which would consolidate dozens of data sources on millions of Russians in a single location.

As previously reported by IStories, Mikord’s success at the federal level may be linked to Nikolai Nikiforov, a Tatarstan native and former Minister of Communications of Russia. The families of Nikiforov and the Mikord founder Alexander Nikolaev had been in business together for a long time.

The contract for the Pauk system development listed Military Unit 43753 (the FSB’s Center for Information Protection and Special Communications) as main customer and the Kvant Research Institute as the contractor. In turn, Kvant contracted Mikord to carry out the work.

In the documents, this project is referred to as the “Portal for Analytics and Usage of Contents,” or, shortly, Pauk (“Spider”). A “spider,” or a crawler, is a term used for bots that scan webpages and automatically collect information from them.

It is likely that the Second Service of the FSB was intended to be Pauk’s end user, even though it did not commission the work formally. The Service staff were to participate in the key stages of the new service’s development and implementation, and the work schedule had to be coordinated with the Second Service as well. The ZKSibST abbreviation (short for “Defense of the Constitutional Order and Combating Terrorism” in Russian) used in the titles of project documents and the news content Mikord received to be used in the system at the development stage also suggest the Second Service’s involvement.

How the FSB intended to use the AI system

Pauk was supposed to automate the operations of a situation center presumably created within the FSB’s Second Service. As seen in the project documentation, the center’s shift staff monitor Russian and foreign media news on a daily basis. Every day they compile a news digest which is then sent to FSB leadership.

The web crawler was supposed to automatically collect all the news stories of interest to the FSB. These stories would then be published on an internal news portal, where the officer on duty could select which stories to include in the daily digest.

The compiled digests would be stored within Pauk’s closed (i.e. not connected to the Internet) network, where they could be viewed by the staff on duty as well as other FSB employees. Users would be able to search the reports for the information about specific people or events. Via an LLM and a chatbot interface, the users from FSB would also be able to work with “various closed sources information.” This required Pauk to receive information from certain “third-party data banks” and “data from text sources,” i.e. reports, scans, and the FSB’s own records.

Pauk’s architecture design
Source: the leaked data

The documentation does not reveal which specific classified sources the security service intended to use. According to an IStories source familiar with the FSB’s operations, the agency already has a similar data source — the Central Operational Database (COD). It can be accessed by the FSB headquarters staff. Rumors, reports, and criminal cases information are stored in this database. 

Additionally, a separate database containing information on Russian citizens has been created within the Second Service, Alexander Fedotov, a former FSB officer, previously told The Insider in an interview. This database contains activists' and protesters' personal data: their names, photos, and phone numbers.

The envisioned AI assistant could significantly simplify the security officers’ work concerning large volumes of unstructured information and an operational database on activists. 

The project documentation also listed the types of data that the AI assistant’s response to a “persons of interest” query might contain: their full name, date of birth, region, phone number, license plate number, and car brand. It is possible that the FSB has begun considering the use of AI in its routine operational work.

The Mikord documents contain correspondence between the project manager and an FSB supervisor, identified by the “A.G.” initials. In response to one of the developers’ questions, the FSB representative stated that the system would serve “30 main department users,” but its user load could eventually grow up to 400 people.

How the FSB tracks the media

The FSB project supervisors provided the Mikord team with a set of real news digests compiled by the Second Service from January 2024 to June 2025. The developers analyzed them to narrow down the websites and Telegram channels source list for Pauk to the most popular ones. 

 

Mikord used the June 2024 digests set to test an LLM in order to figure out how the chatbot would respond to a security service officer's potential questions. IStories examined the documents metadata and discovered that Ilya Oputin, a programmer at Ozon (a major Russian online marketplace — Ed.) who is believed to have graduated from the FSB Academy, might have worked on them. Oputin did not respond to the journalists’ questions.

Each digest is divided into two sections: Russian and international news. Several documents contain the following introductory paragraph: “As a result of monitoring online media on April 10, 2024, the following significant incidents and events were identified as those of interest in terms of defending the constitutional order and combating terrorism.” 

We have compiled the news into a unified calendar: there, you can view a specific day report, find a random news item, or search one by keyword. The calendar is available in the Russian version of the text.

It is unknown what criteria the FSB used to select the news items. In the same digest, a news item titled “Parliament Proposes Designating the Ukrainian Armed Forces, the Security Service of Ukraine, and the Defense Intelligence of Ukraine as Terrorists” may appear alongside a note about a Khabarovsk Krai village headman video appealing to Vladimir Putin. 

Many of the news items in the digests are copying the FSB’s own press releases and statements, such as the news titled “The FSB Reports an Ivanovo Resident Detained For Financing the Ukrainian Armed Forces” or “FSB Chief Speaks About Kyiv Recruiting Migrants to Commit Crimes in Russia.” 

We analyzed nearly 5,000 news items from FSB reports and grouped them into themed categories. Many of them are consistent with the Second Service’s traditional activities: combating Islamists, spying on the opposition and carrying out political assassinations. From these same digests, we learned that the service closely monitors news about pressure on migrants in Russia, strikes and protests abroad, and ethnic conflicts in Europe. A detailed analysis of the FSB’s Second Service news digests can be found here (in Russian).

Independent outlets have become some of the key sources of information about what's going on in Russia for the Second Service. According to our calculations, in the first six months of 2025, three of them — Activatica, RusNews, and Govorit NeMoskva — were among the five top cited media outlets in the FSB digests. 

Activatica — an outlet covering civic activism and repressions in Russia — tops this ranking by a wide margin. In the first six months of 2025, 244 of their news stories appeared in the FSB digests. Activatica was the source of one in every six news items in the Second Service’s reports.

Sometimes the digests are almost completely shaped by Activatica’s news items. The June 26 2024 report contained three Activatica stories: the protests against rising utility rates in Ufa; Moscow’s Mitino residents’ video appeal to Putin asking him not to build a packaging plant; daily protests in Arkhangelsk Oblast’s Yarensk, where residents opposed the decision to move the emergency medical services station 200 km from the village.

Overall, between January 2024 and June 2025, more than 550 articles from the uncensored outlets (mostly those operating in exile due to the official persecution on behalf of the government, e.g. being designated as “foreign agents” — Ed.) appeared in the FSB’s news digests — that’s more than 10% of all the news items included. Among others, the officers cited such outlets as OVD-Info, 7x7, Sirena and Meduza.

Independent media outlets’ reports about the FSB itself are also of interest to the security service. For example, a Meduza article about Sergei Dubov, a Second Service employee, made its way into a digest for the FSB high-ranking officials that very same day. 

Overall, in a year and a half the FSB’s Second Service monitored more than a thousand information sources: Russian federal and regional media websites, independent media outlets in exile, anonymous Telegram channels, VK news communities and YouTube channels. 

It is impossible to manually monitor such a wide range of sources on a daily basis. There are several references in the digests indicating that the Second Service is already using a solution similar to Pauk (made by a Russian company called Kribrum) to search and filter news. Kribrum is a service for monitoring media and social networks launched 15 years ago by Igor Ashmanov and Natalia Kaspersky. 

Ashmanov, a member of Russia’s Human Rights Council, constantly comes up with some new restrictive proposals. For example, he has proposed establishing a military censorship body in Russia as well as creating a “toxic content” registry. At a 2015 Kribrum presentation Ashmanov shared that the system analyzed 19 thousand media outlets and classified them into “liberal,” “neutral,” or “patriotic” ones.

It is likely that the Second Service had planned to replace the third-party solution with its own one. According to an IStories source close to the FSB, the Service’s units can create such solutions for their own use if they secure the necessary budget. Media monitoring, in particular, had previously been handled by the Department of Operational Information — a unit of the FSB’s Fifth Service responsible for intelligence in CIS countries (Commonwealth of Independent States, a regional organisation of post-soviet states — Ed.). 

What the prototype looks like

The Mikord document archive reveals a detailed description of how Pauk was supposed to work. In addition, IStories have found the design layouts of the project, which have been shared publicly and, at the time of publication, are still available to anyone interested. Using the data, we’ve recreated a clickable Pauk prototype: follow the link to try out the role of an FSB Second Service official. 

While working on the confidential FSB service, Mikord used foreign technologies and products. For example, the latest Pauk interfaces were stored in Figma, an American service. A US-made framework, LlamaIndex, was to be used for processing news reports and other classified documents.

The AI assistant workflow overview
Source: the leaked data

The Llama 2 LLM by Meta (it’s worth noting that the company is designated as an “extremist organization” in Russia — Ed.) was supposed to respond to the security service officials’ requests. The dialogue sessions between the FSB officers and the AI assistant were to be stored in a MongoDB database (meanwhile its developers had declared they support Ukraine and had ceased operations in Russia).

The work was supposed to look like this: an FSB officer on duty supervises the list of sources whose news items get into the Pauk feed. At the same stage the user can edit the news items, rate them on a one-to-five scale, and comment. Selected news items make it into the daily digest for the higher-ranking officials.

Pauk interface reference as seen by the customer. An FSB officer leaves a comment: ‘Take note for future action’
Source: the leaked data

Each news item is assigned a category and a list of tags, keywords, and personalities mentioned. FSB officers can use these to search. 

The Second Service officer on duty can also set up Telegram notifications for incidents of interest. The technical document provides a scenario for using such notifications: “for example, all news stories mentioning ‘a demonstration near the embassy’ or ‘a fight between migrants in Kazan.’” 

It is likely that the FSB had intended to use this tool to quickly respond to certain events in Russia among other things. “There was also an idea that if a selected news item contains words like ‘URGENT,’ ‘FLASH,’ and so on, we could choose to use it as an alert notification criteria,” — the FSB project supervisor identified as A.G. told a Mikord staff member. Another comment from the supervisor suggests that the news notifications were to be sent via a Telegram bot the officers were supposed to subscribe to.

Only the approved news items would enter the Pauk's closed environment where an FSB officer could compile a daily or monthly digest in a built-in editing tool. In addition, the same service was supposed to incorporate a CRM system to assign and track monitoring tasks. The FSB high officials would be able to order a report on a topic of interest directly within the Pauk system.

***

According to the plan, the first phase of Pauk’s development was to be completed by the autumn of 2025. That’s roughly when, after nearly a year and a half of work, a manager commented in Mikord's task tracker that the development of the project was suspended. “Goodbye, project…,” another employee replied. 

A source familiar with the development process told IStories that Mikord simply couldn’t deliver on this government contract. The company was not able to launch the service on time, which is why the work was shut down. 

The Mikord team likely lacked both the development experience and the necessary expertise to work with language models, an IT specialist interviewed by IStories suggested upon reviewing the project documentation, Mikord’s task tracker entries and other data.

Share

Tags

The mistake message has been sent. Thank you!