AI at the (Federal Security) Service
The Russian state security service — FSB — has been trying to implement AI in its anti-opposition operations for at least two years. IStories investigated how the development of the Pauk (“Spider”) system went — and why it was stopped (at least for now)
Доступно на русскомThe FSB’s Second Service, or The Service for Defense of the Constitutional Order and Combating Terrorism, which is combating internet access for Russians and thereby harming Russia’s IT sector, began integrating AI into its routine work at least two years ago. This challenging task was entrusted to Mikord, a company based in Kazan (Russia’s Tatarstan republic capital — Ed.)
In December 2025, an anonymous hacker group breached Mikord’s infrastructure and obtained the documents on its other then-upcoming project, a digital military registry. The group passed the documents to Get Lost, an organization helping Russians evade conscription, who shared the data with IStories. Due to this leak, we have been able to publish investigations on the military registry work, as well as on other classified systems of the Russian Ministry of Defense.
We have also learned how, over a year and a half, Mikord worked on the Pauk (“Spider”) project commissioned to them by the FSB’s Second Service. The FSB was supposed to use Pauk to combine information from the media and FSB’s own databases to create a neural network assistant for intelligence officers.
Who commissioned the project
In the spring of 2024, a little-known Kazan-based company called Mikord was commissioned to create a new service for the FSB. Around the same time, the company was unexpectedly entrusted with the development of a military registry — one of the Russian Ministry of Defense’s largest projects which would consolidate dozens of data sources on millions of Russians in a single location.
The Second Service is the main FSB unit responsible for suppressing opposition. Officers from this unit were involved in the poisonings of Alexei Navalny and Vladimir Kara-Murza, and they had been tailing Boris Nemtsov before he was assassinated. The Second Service also persecuted those who participated in the 2019 protests in Moscow and Eduard Limonov’s National Bolshevik Party activists.
The Second Service is also responsible for the North-Caucasus region of Russia, where it deals, among other issues, with Chechnya and Islamic extremism. This is where Igor Girkin (Strelkov) had worked before he became the leader of the so-called “Donetsk People’s Republic” armed forces. Senior officers of the Second Service helped Viktor Yanukovych, the then Ukrainian President, suppress the 2014 Euromaidan protests. They also supervised Russia's annexation of Crimea.
The same service oversees the education and culture spheres in Russia. For example, it approves university professors appointments and keeps an eye on theaters and stand-up comedians.
As previously reported by IStories, Mikord’s success at the federal level may be linked to Nikolai Nikiforov, a Tatarstan native and former Minister of Communications of Russia. The families of Nikiforov and the Mikord founder Alexander Nikolaev had been in business together for a long time.
The contract for the Pauk system development listed Military Unit 43753 (the FSB’s Center for Information Protection and Special Communications) as main customer and the Kvant Research Institute as the contractor. In turn, Kvant contracted Mikord to carry out the work.
The Kvant Research Institute was established in the late 1970s and specialized in developing the first supercomputers to solve cryptographic problems for the Soviet Union’s special services. In the 1990s, the institute began collaborating with the FSB — they opened a satellite branch of the Institute of Cryptography, Communications, and Informatics Department of the FSB Academy at Kvant.
In 2007, the institute came under the jurisdiction of the FSB. In 2015, it was revealed that the institute had been paying for a license to use the Remote Control System spyware (RCS, a program developed by an Italian company HackingTeam) for several years. Once deployed on a target device, RCS gained access to its files, microphones, cameras, messages and passwords. HackingTeam’s Russian clients confirmed that they had purchased their malware, but claimed they only did it for the purpose of learning and “enhancing their expertise.”
On the Kvant website, the company has listed its 2010s achievements as "a voice command recognition system for the FEDOR space robot" and "machine learning and artificial intelligence research" projects.
Some of those research project details became public after a hacker group called Digital Revolution breached Kvant’s servers. We now know that in 2017, the institute looked into using machine learning models to analyze public opinion online. The authors of the research paper proposed monitoring Instagram, VK and other social media posts to identify protest sentiments and combat the so-called “disinformation campaigns.”
After the cyberattack, the institute continued to develop its AI-based tools. Among its latest creations are facial recognition tools, software allowing to restore text in low-resolution images, and a program for online content popularity estimations.
An equally important direction of Kvant’s work is cybersecurity: protection against power grid eavesdropping, open sources cyberthreats detection and software backdoors tracking.
In the documents, this project is referred to as the “Portal for Analytics and Usage of Contents,” or, shortly, Pauk (“Spider”). A “spider,” or a crawler, is a term used for bots that scan webpages and automatically collect information from them.
It is likely that the Second Service of the FSB was intended to be Pauk’s end user, even though it did not commission the work formally. The Service staff were to participate in the key stages of the new service’s development and implementation, and the work schedule had to be coordinated with the Second Service as well. The ZKSibST abbreviation (short for “Defense of the Constitutional Order and Combating Terrorism” in Russian) used in the titles of project documents and the news content Mikord received to be used in the system at the development stage also suggest the Second Service’s involvement.
The development contract between Kvant and the main customer, military unit 43753, was signed on May 30, 2025, as part of the state defense order. Mikord was supposed to carry out the work in two phases and complete it in October 2026.
The tests of the system were to be conducted at the address of the “operating organization”: 12 Vernadsky Prospekt, Building 4, Moscow. This is the address of the Priboi facility where the FSB’s Second Service (military unit 36391) is located. References to the service appear several times in the work schedule described in the contract.
For example, “logged actions list, data format, file types for log files and data import and export as well as data transfer format” had to be coordinated with both the Center for Information Protection and Special Communications (military unit 43753) and the Second Service (military unit 36391).
Representatives from both those FSB military units were also required to participate in the software installation at the facility, as well as in the set-up and adjustment work.
The Second Service is listed as the sole body possessing a number of formal approvals authorizing the Pauk use. Ultimately, the work schedule itself had to be approved by a representative of the Second Service — N. N. Belyaev, the deputy commander of military unit 36391.
How the FSB intended to use the AI system
Pauk was supposed to automate the operations of a situation center presumably created within the FSB’s Second Service. As seen in the project documentation, the center’s shift staff monitor Russian and foreign media news on a daily basis. Every day they compile a news digest which is then sent to FSB leadership.
The web crawler was supposed to automatically collect all the news stories of interest to the FSB. These stories would then be published on an internal news portal, where the officer on duty could select which stories to include in the daily digest.
The compiled digests would be stored within Pauk’s closed (i.e. not connected to the Internet) network, where they could be viewed by the staff on duty as well as other FSB employees. Users would be able to search the reports for the information about specific people or events. Via an LLM and a chatbot interface, the users from FSB would also be able to work with “various closed sources information.” This required Pauk to receive information from certain “third-party data banks” and “data from text sources,” i.e. reports, scans, and the FSB’s own records.
The documentation does not reveal which specific classified sources the security service intended to use. According to an IStories source familiar with the FSB’s operations, the agency already has a similar data source — the Central Operational Database (COD). It can be accessed by the FSB headquarters staff. Rumors, reports, and criminal cases information are stored in this database.
Additionally, a separate database containing information on Russian citizens has been created within the Second Service, Alexander Fedotov, a former FSB officer, previously told The Insider in an interview. This database contains activists' and protesters' personal data: their names, photos, and phone numbers.
The envisioned AI assistant could significantly simplify the security officers’ work concerning large volumes of unstructured information and an operational database on activists.
The project documentation also listed the types of data that the AI assistant’s response to a “persons of interest” query might contain: their full name, date of birth, region, phone number, license plate number, and car brand. It is possible that the FSB has begun considering the use of AI in its routine operational work.
The Mikord documents contain correspondence between the project manager and an FSB supervisor, identified by the “A.G.” initials. In response to one of the developers’ questions, the FSB representative stated that the system would serve “30 main department users,” but its user load could eventually grow up to 400 people.
How the FSB tracks the media
The FSB project supervisors provided the Mikord team with a set of real news digests compiled by the Second Service from January 2024 to June 2025. The developers analyzed them to narrow down the websites and Telegram channels source list for Pauk to the most popular ones.
Mikord used the June 2024 digests set to test an LLM in order to figure out how the chatbot would respond to a security service officer's potential questions. IStories examined the documents metadata and discovered that Ilya Oputin, a programmer at Ozon (a major Russian online marketplace — Ed.) who is believed to have graduated from the FSB Academy, might have worked on them. Oputin did not respond to the journalists’ questions.
The metadata contains all the June digests’ author's name: Ilya Alexandrovich Oputin. IStories examined the available data leaks and found only one person with the exact same full name. That person turned out to be Ilya Oputin, an Ozon marketplace developer.
One of Oputin’s most recent registered addresses was 10k2, Vernadsky Prospekt in Moscow, a house built for the FSO (Russian Federal Security Service) needs. It is just a few minutes’ walk from the aforementioned Priboi Research Institute where the Second Service of the FSB is located.
According to the leaks, for nearly five years (October 2013 to July 2018), Oputin was officially registered as a resident at 1/3, Bolshaya Lubyanka Street in Moscow. The National Coordination Center for Computer Incidents (NCCCI), an FSB unit created to prevent critical infrastructure hacker attacks, is located at this address.
For a year after that, Oputin lived in the Moscow region with Andrei Babaev, who had been registered at the Bolshaya Lubyanka address during the same period as Oputin.
Oputin and Babaev both used another address — 70 Michurinsky Prospekt, Moscow — for various marketplace purchases. The FSB Academy is located at this address, which is where, according to leaked information, they both studied from 2008 to 2013 (five years is the standard training period at the Academy, which is enough for, e.g., completing a degree program at its Institute of Cryptography, Communications, and Informatics).
Just like Oputin, Babaev began his career in IT and landed a job at Yandex. His name appears in a 2020 Roskomsvoboda project article titled “Aura Neural Networks Under FSB Control.” The article referred to the Aura social network launched by Yandex, a Russian digital giant, which had been included in the registry of information distributors and therefore legally required to disclose its users' correspondence to the security services.
The article, however, doesn’t refer to Babaev, a 1.5% Aura shareholder, as an ex-FSB official. Meanwhile, just two years before the Aura launch he had listed military unit 78705, which is considered part of the FSB, as his place of work. By August 2020, the social media platform had already been shut down.
Each digest is divided into two sections: Russian and international news. Several documents contain the following introductory paragraph: “As a result of monitoring online media on April 10, 2024, the following significant incidents and events were identified as those of interest in terms of defending the constitutional order and combating terrorism.”
We have compiled the news into a unified calendar: there, you can view a specific day report, find a random news item, or search one by keyword. The calendar is available in the Russian version of the text.
It is unknown what criteria the FSB used to select the news items. In the same digest, a news item titled “Parliament Proposes Designating the Ukrainian Armed Forces, the Security Service of Ukraine, and the Defense Intelligence of Ukraine as Terrorists” may appear alongside a note about a Khabarovsk Krai village headman video appealing to Vladimir Putin.
Many of the news items in the digests are copying the FSB’s own press releases and statements, such as the news titled “The FSB Reports an Ivanovo Resident Detained For Financing the Ukrainian Armed Forces” or “FSB Chief Speaks About Kyiv Recruiting Migrants to Commit Crimes in Russia.”
We analyzed nearly 5,000 news items from FSB reports and grouped them into themed categories. Many of them are consistent with the Second Service’s traditional activities: combating Islamists, spying on the opposition and carrying out political assassinations. From these same digests, we learned that the service closely monitors news about pressure on migrants in Russia, strikes and protests abroad, and ethnic conflicts in Europe. A detailed analysis of the FSB’s Second Service news digests can be found here (in Russian).
Independent outlets have become some of the key sources of information about what's going on in Russia for the Second Service. According to our calculations, in the first six months of 2025, three of them — Activatica, RusNews, and Govorit NeMoskva — were among the five top cited media outlets in the FSB digests.
Activatica — an outlet covering civic activism and repressions in Russia — tops this ranking by a wide margin. In the first six months of 2025, 244 of their news stories appeared in the FSB digests. Activatica was the source of one in every six news items in the Second Service’s reports.
Sometimes the digests are almost completely shaped by Activatica’s news items. The June 26 2024 report contained three Activatica stories: the protests against rising utility rates in Ufa; Moscow’s Mitino residents’ video appeal to Putin asking him not to build a packaging plant; daily protests in Arkhangelsk Oblast’s Yarensk, where residents opposed the decision to move the emergency medical services station 200 km from the village.
Overall, between January 2024 and June 2025, more than 550 articles from the uncensored outlets (mostly those operating in exile due to the official persecution on behalf of the government, e.g. being designated as “foreign agents” — Ed.) appeared in the FSB’s news digests — that’s more than 10% of all the news items included. Among others, the officers cited such outlets as OVD-Info, 7x7, Sirena and Meduza.
Independent media outlets’ reports about the FSB itself are also of interest to the security service. For example, a Meduza article about Sergei Dubov, a Second Service employee, made its way into a digest for the FSB high-ranking officials that very same day.
Overall, in a year and a half the FSB’s Second Service monitored more than a thousand information sources: Russian federal and regional media websites, independent media outlets in exile, anonymous Telegram channels, VK news communities and YouTube channels.
It is impossible to manually monitor such a wide range of sources on a daily basis. There are several references in the digests indicating that the Second Service is already using a solution similar to Pauk (made by a Russian company called Kribrum) to search and filter news. Kribrum is a service for monitoring media and social networks launched 15 years ago by Igor Ashmanov and Natalia Kaspersky.
Ashmanov, a member of Russia’s Human Rights Council, constantly comes up with some new restrictive proposals. For example, he has proposed establishing a military censorship body in Russia as well as creating a “toxic content” registry. At a 2015 Kribrum presentation Ashmanov shared that the system analyzed 19 thousand media outlets and classified them into “liberal,” “neutral,” or “patriotic” ones.
It is likely that the Second Service had planned to replace the third-party solution with its own one. According to an IStories source close to the FSB, the Service’s units can create such solutions for their own use if they secure the necessary budget. Media monitoring, in particular, had previously been handled by the Department of Operational Information — a unit of the FSB’s Fifth Service responsible for intelligence in CIS countries (Commonwealth of Independent States, a regional organisation of post-soviet states — Ed.).
What the prototype looks like
The Mikord document archive reveals a detailed description of how Pauk was supposed to work. In addition, IStories have found the design layouts of the project, which have been shared publicly and, at the time of publication, are still available to anyone interested. Using the data, we’ve recreated a clickable Pauk prototype: follow the link to try out the role of an FSB Second Service official.
While working on the confidential FSB service, Mikord used foreign technologies and products. For example, the latest Pauk interfaces were stored in Figma, an American service. A US-made framework, LlamaIndex, was to be used for processing news reports and other classified documents.
The Llama 2 LLM by Meta (it’s worth noting that the company is designated as an “extremist organization” in Russia — Ed.) was supposed to respond to the security service officials’ requests. The dialogue sessions between the FSB officers and the AI assistant were to be stored in a MongoDB database (meanwhile its developers had declared they support Ukraine and had ceased operations in Russia).
The work was supposed to look like this: an FSB officer on duty supervises the list of sources whose news items get into the Pauk feed. At the same stage the user can edit the news items, rate them on a one-to-five scale, and comment. Selected news items make it into the daily digest for the higher-ranking officials.
Each news item is assigned a category and a list of tags, keywords, and personalities mentioned. FSB officers can use these to search.
The Second Service officer on duty can also set up Telegram notifications for incidents of interest. The technical document provides a scenario for using such notifications: “for example, all news stories mentioning ‘a demonstration near the embassy’ or ‘a fight between migrants in Kazan.’”
It is likely that the FSB had intended to use this tool to quickly respond to certain events in Russia among other things. “There was also an idea that if a selected news item contains words like ‘URGENT,’ ‘FLASH,’ and so on, we could choose to use it as an alert notification criteria,” — the FSB project supervisor identified as A.G. told a Mikord staff member. Another comment from the supervisor suggests that the news notifications were to be sent via a Telegram bot the officers were supposed to subscribe to.
Only the approved news items would enter the Pauk's closed environment where an FSB officer could compile a daily or monthly digest in a built-in editing tool. In addition, the same service was supposed to incorporate a CRM system to assign and track monitoring tasks. The FSB high officials would be able to order a report on a topic of interest directly within the Pauk system.
***
According to the plan, the first phase of Pauk’s development was to be completed by the autumn of 2025. That’s roughly when, after nearly a year and a half of work, a manager commented in Mikord's task tracker that the development of the project was suspended. “Goodbye, project…,” another employee replied.
A source familiar with the development process told IStories that Mikord simply couldn’t deliver on this government contract. The company was not able to launch the service on time, which is why the work was shut down.
The Mikord team likely lacked both the development experience and the necessary expertise to work with language models, an IT specialist interviewed by IStories suggested upon reviewing the project documentation, Mikord’s task tracker entries and other data.