At the RSA Conference, members of the international Counter Ransomware Initiative (CRI) coalition, including the U.S., Germany, Italy, Canada, Czech Republic, Israel, UAE, Netherlands, and others, convened to discuss establishing trust, exchanging information, and collaborating on the Crystal Ball Platform for collective defense and global resiliency under the CRI.
At present, more than 30 nations, including U.S. through the FBI, CISA, Department of Treasury, Singapore, UAE, Germany, Albania, Israel, Belgium, Spain, and others, are actively using and sharing on the Crystal Ball Platform. About 15 nations are actively considering near onboarding. The goal is to reach 50 connected nations by the end of the year.
To encourage utilization and build confidence and trust, in April UAE CSC and INCD conducted International CRYSTAL BALL CYBER DRILL: NATIONS UNITE. The drill provides a unique opportunity to the CRI partners to engage with real-world threats, foster international collaboration, and leverage the Crystal Ball Platform recently announced capabilities.
During RSAC, the new integrations and partnerships were showcased to demonstrate the collaborative and threat sharing capabilities of the Crystal Ball Platform, including the integration with blockchain intelligence firm Chainalysis, which offers insights into the risks associated with cryptocurrency.
The CRI is currently recognized as the largest international cybersecurity collaboration partnership for combating cybercrime at state level and addressing ransomware. The CRI lead chair has increased its partners from 35 in 2022 to 72 as of the 30th of april 2025, and continues to expand.
Over the past three years, the UAE Cyber Security Council (CSC), Israel National Cyber Directorate (INCD) and Microsoft have developed “Crystal Ball,” an AI threat intelligence platform for the CRI coalition. It is based on the values of Attribution, Deterrence, and Culture, powered by GenAI at the core.
Another notable example is integration with Microsoft Security Copilot – a generative AI-powered security solution that provides a natural language, assistive copilot experience to support security professionals in incident response, threat hunting, intelligence gathering, and posture management also showcased in the event integrations of the platform with Malware Information Sharing Platform (MISP), NIST, and MITRE ATT&CK.
“As we enter the third year of the Crystal Ball international partnership, I am truly proud of the remarkable progress we’ve achieved. With over 30 nations now actively adopting and utilizing the platform and many more nations are planning to onboard, this initiative has demonstrated its global relevance, success, and impact,” Mohamed Al Kuwaiti, Head of the Cyber Security Council, The United Arab Emirates, said in a Tuesday statement published by the Israel National Cyber Directorate. “Building on this momentum, we are now planning to expand the scope of our partnership and deepen system integration. Our goal is to enhance the platform’s resilience and robustness, ensuring it can effectively meet the growing demands of cyber deterrence and combat the evolving threats posed by cybercrime worldwide.”
“As part of the first multinational cybersecurity drill on Crystal Ball, participating CRI countries engaged in a coordinated drill and shared cyber threat intelligence to collectively investigate, contain, and remediate complex cyber incidents,” Nitzan Amar, deputy director general of the INCD, executive director for defense, stated after the Drill. “The drill not only demonstrated the platform’s capacity to enable trusted, cross-border information exchange, but also underscored the transformative role of AI in strengthening international cyber cooperation and resilience.”
He added that CRI countries now have an operational and secure platform to collaborate effectively, share timely information, and jointly combat cybercrime with greater speed, coordination, and resilience.
“The Crystal Ball Initiative is a visionary project that exemplifies forward-thinking in cybersecurity,” said Vasu Jakkal, corporate vice president for Microsoft Security. “We are proud of the way it harnesses the power of AI and international collaboration for current threats, and importantly, future challenges. We continue to invest with the aim of enhancing threat actor attribution to combat cybercrime more effectively.”
