On March 9 Iranian state television reported that the new supreme leader, Mujtaba, was injured in an attack. Within 24 hours the Islamic Revolutionary Guard Corps’ intelligence arm said it had detained at least ten alleged spies and, more broadly, that recent investigations had uncovered some 30 people accused of working for the United States and Israel — a public admission of a penetration problem Tehran has long denied to foreign audiences.
Chinese outlet Phoenix Military and Iranian state media have since curated a highly detailed inventory of alleged collaborators dated from 2020 to early 2026. The list names six individual operatives who were, the coverage says, recruited by Israel’s Mossad and later executed after conviction, and two broader organisations described as deep penetrations of Iran’s security apparatus. The narratives combine criminal case summaries, operational allegations and a diagnosis of institutional weakness.
The individuals cited range from a motorcycle-riding coordinator who allegedly organised networks and helped facilitate a 2022 assassination, to a social-media operator accused of running online campaigns, to technicians and students who are said to have photographed bases and copied classified files. Reported execution dates run from April 2025 through January 2026, underscoring Tehran’s punitive response even as it publicly acknowledges the depth of the problem.
Phoenix Military’s account also revisits two more consequential networks. One is the cell implicated in the 2020 killing of nuclear scientist Mohsen Fakhrizadeh, which investigators say consisted of insiders able to track a subject’s movements and security details. The other is an alleged group led by a former IRG intelligence official, accused of recruiting more than 20 insiders placed across counterintelligence and security posts and blamed for leaks tied to the strikes that killed Qassem Soleimani and damaged key nuclear sites.
The reporting frames Iranian vulnerability along two fault-lines. On one axis are broad, grassroots “face‑like” penetrations: low-profile civilians with intermittent access to sensitive sites, who can be cheaply bought or persuaded and whose oversight is thin. On the other are “point” penetrations: targeted reversals of high‑level officials and military insiders whose access to top secrets makes their betrayal exponentially more damaging.
That bifurcation matters because it shows the limits of technical fixes. Hardening perimeters and encrypting data can blunt some risks, but human access — a contractor’s badge, a serviceman’s handset, a security aide’s knowledge of a convoy route — remains the vector through which strategic surprises have been achieved. The balance of incentives, oversight gaps and morale problems in Tehran’s institutions is therefore central to any effective response.
For Iran’s immediate deterrence, the implications are stark. Leaks of nuclear and missile-related data reduce the time and uncertainty an adversary needs to plan strikes; the exposure of leadership movements raises the political and operational costs of protecting senior figures; and penetration into counterintelligence channels undermines trust inside the security services. Regionally, the episode reinforces the utility of targeted human intelligence for states prepared to accept escalation risks.
But the public cataloguing of traitors also risks self-inflicted harm. A heavy-handed internal purge could further hollow out expertise, breed paranoia inside the IRG and drive more skilled personnel to conceal activities or defect. Expect tighter vetting, more compartmentalisation and show trials — steps that may make operations harder in the short term but will not remove the underlying human incentives that foreign services exploit.