NSO is a spyware-as-a-service company. How else would they provide that service, if not by having a list of all the phones their clients need spied on?
Or are we debating whether or not that part is even true?
If they are not a SaaS platform, then I would agree with you, but so far everything I've seen claims that they are, so by that nature the customer would have to put their use case data into NSO's platform, would they not?
NSO is a spyware-as-a-service company. How else would they provide that service, if not by having a list of all the phones their clients need spied on?