INDEX / DIRECTORY / KFC / DIGITAL

KFC DIGITAL

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-14
Digital Score 0.00 /10 D KFC - BDS-1000 351
Digital 0.00

Evidence-only forensic audit. Scoring happens downstream - see the main dossier for the composite assessment.

Digital Audit: KFC (Yum! Brands, Inc.)

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: KFC, a brand of Yum! Brands, Inc. (NYSE: YUM) Registered Address: 1441 Gardiner Lane, Louisville, Kentucky 40213, United States Audit Date: June 2026 Evidence Base: Published corporate disclosures and press releases, SEC filings, vendor and trade/technology press, NGO research databases, and security-incident reporting. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Yum!/KFC acquiring or procuring technology of Israeli origin - is recorded explicitly as inbound (Yum! as acquirer/customer) and is weighted far lower than provision. No transitive guilt is imputed: an acquired company’s other history, its founders’ backgrounds, or a separately listed franchisee’s activities are not attributed to KFC. US-entity relationships (e.g. Microsoft, Baidu, Alibaba/Ant) are not Israeli-origin. A cyberattack suffered by the company is recorded as an event done to it, not as provision.

Enterprise Technology Stack & Vendor Relationships

Core Digital Architecture (Direction: Yum! as builder/owner)

Yum! Brands - KFC’s parent - has pursued a strategy of building and owning its technology stack in-house rather than relying on named external platform vendors. Since 2021 this has been branded a “Digital Flywheel,” and in February 2025 Yum! consolidated its proprietary products under a single platform, Byte by Yum!, described as a collection of proprietary Software-as-a-Service AI-driven products spanning online/app ordering, point of sale, kitchen and delivery optimisation, menu management, and inventory/labour management.12 Yum! stated Byte by Yum! products were in use across approximately 25,000 of its restaurants globally and that the launch phased out legacy internal product names including Poseidon, Yum! Commerce Platform, Tracks, and SuperApp.1 Trade reporting frames the strategy as Yum! “owning the tech stack.”3

Israeli-Origin Technology Acquired by Yum! (Direction: Yum! as acquirer)

Two of the four technology companies Yum! acquired in 2021 have material Israeli origins. In both cases the direction is Yum! acquiring an Israeli-origin company, not Yum! providing technology to any Israeli entity. Detail on each acquisition is in the Technology Ecosystem & R&D Footprint and AI sections below; in summary, Dragontail Systems (ASX-listed, with employees primarily in Israel, the US and Australia) and Tictuk Technologies (Tel Aviv-based) were both absorbed and their technology integrated into Yum!‘s platform.4567

Cybersecurity Vendor Stack

No public evidence was identified that KFC or Yum! Brands holds a verified licensing, subscription, or integration relationship with any Israeli-origin cybersecurity vendor - including Check Point Software, Wiz, SentinelOne, CyberArk, NICE Systems, Verint, or Claroty. Reporting on the January 2023 ransomware incident (below) did not name the security tooling deployed, the vulnerability exploited, or the remediation vendors engaged.89 This is an evidence gap rather than a confirmed absence: Yum! does not publicly itemise its security vendor relationships.

Systems Integrators & Procurement

No public evidence was identified of named systems integrators mandating or deploying Israeli-origin technology within Yum!‘s or KFC’s programmes. The platform is described as executed primarily through Yum!‘s internal technology organisation and its wholly owned acquired entities.13

Surveillance, Biometrics & Retail Technology

Facial Recognition - KFC China (Direction: Chinese-origin tech, separate listed entity)

The most substantively documented facial-recognition deployment in any KFC-branded environment is in KFC China, operated by Yum China Holdings, Inc. - a separately listed company (NYSE: YUMC) spun off from Yum! Brands on 1 November 2016, which licenses the KFC, Pizza Hut and Taco Bell brands in mainland China under a master licence agreement.10 Yum! Brands does not own or control Yum China.

Both deployments involve Chinese-origin technology operated by a separate corporate entity. Neither involves Israeli-origin technology.

Israeli-Origin Biometric / Surveillance Vendors

No public evidence was identified that KFC or Yum! Brands has deployed facial-recognition, biometric, gait-analysis, or in-store behavioural-analytics technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax) at any location globally. No public evidence identified.

Computer-Vision in the Kitchen - Dragontail “QT AI” Camera (Direction: acquired Israeli-origin tech)

Dragontail Systems, acquired by Yum! (below), brought a patented “QT AI” computer-vision camera system that monitors food preparation and cooking in the kitchen - checking ingredient quality and accuracy and food temperature, and (in pandemic-era enhancements) detecting gloves/masks and sanitation practices.1415 This is an operational kitchen quality-control system, not a customer-surveillance or public biometric system; it is recorded here because it is computer-vision technology of partly Israeli origin now owned by Yum!. No public evidence was identified of this system being repurposed for any security, law-enforcement, or state-surveillance application.

Predictive Analytics, Workforce Monitoring & Social-Media Surveillance

No public evidence was identified of KFC or Yum! Brands using Israeli-origin predictive-policing, sentiment-analysis, social-media-monitoring, or workforce-surveillance tools.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data-Centre Operations in Israel

No public evidence was identified that KFC or Yum! Brands operates, leases, or co-locates data-centre infrastructure within the State of Israel. KFC outlets in Israel are operated by local franchise holders (see Economic), not by Yum! Brands directly.16

Project Nimbus & Israeli State Cloud Infrastructure

Not applicable. Project Nimbus is the Israeli-government cloud contract awarded to Google Cloud and Amazon Web Services. No public evidence was identified of KFC or Yum! Brands participating in Project Nimbus or any comparable Israeli state-backed digital-infrastructure or sovereign-cloud programme. Yum! is a quick-service restaurant franchisor and does not operate as a cloud-service provider to any state body. No public evidence identified.

Data-Sovereignty or Resilience Services to Israeli State Institutions

No public evidence identified. Yum! does not operate as a technology or cloud-service provider to any government, Israeli or otherwise.

Israeli Franchise Digital-Infrastructure Overlap

KFC operates franchise stores in Israel via local franchise partners (see Economic). Whether these franchises run on central Yum! IT systems, the Byte by Yum! platform, or customer-data infrastructure shared with Yum! Brands is not publicly documented. This is recorded as an unresolved indirect-exposure question, not a finding. No public evidence identified.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, memorandum of understanding, or service agreement between KFC/Yum! Brands and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies (Mossad, Shin Bet, or Unit 8200-linked commercial entities).

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of KFC or Yum! Brands providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. The documented end-uses of all Yum! technology (Dragontail kitchen/delivery optimisation, Tictuk chat ordering, Byte by Yum! operations) are commercial restaurant functions.145 No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of any KFC or Yum! commercially deployed technology being reported or confirmed as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories.

Offensive Cyber Capability

No public evidence identified. KFC/Yum! does not develop, license, or sell offensive cyber capability. Yum! Brands was itself the victim of a ransomware attack on 13 January 2023, which forced the temporary one-day closure of approximately 300 restaurants in the United Kingdom and exfiltrated personal information primarily of US employees (names, driver’s-licence numbers, and identification-card numbers); the company stated it had no indication customer information was impacted and began notifying affected individuals in April 2023.8917 This incident was done to Yum! and has no nexus to the provision of technology to Israel; it is recorded here as factual digital context only.

AI, Algorithmic & Autonomous Systems

AI Capabilities Derived from Israeli-Origin Acquisitions (Direction: Yum! as acquirer)

AI/ML Provision to Israeli State Bodies

No public evidence was identified of KFC or Yum! Brands providing AI, machine-learning, computer-vision, or autonomous decision-support systems to any Israeli state body, military unit, or security agency. The documented deployment contexts for all of the above are commercial restaurant operations.145 No public evidence identified.

Training Data & Sensitive Dataset Exposure

No public evidence was identified of Yum! Brands’ AI models being trained on civilian-population data, intercepted communications, or surveillance-derived datasets associated with Israeli state activity or operations in occupied territories.

Autonomous Systems & Lethality

No public evidence identified. Yum!‘s documented AI and algorithmic systems are scoped to food-service logistics and consumer ordering; Dragontail’s pre-acquisition pilots extended to autonomous delivery drones for food delivery, with no lethality application identified.20

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

Through its 2021 acquisition of Dragontail Systems, Yum! absorbed an engineering workforce that was, at acquisition, “primarily located in Israel, the U.S. and Australia.”4 Tictuk Technologies was, at acquisition, a Tel Aviv-based company.5 Yum! has not publicly disclosed whether it continues to operate standalone R&D facilities, engineering offices, or innovation labs in Israel following these acquisitions, or the current scale/location of the absorbed Israeli teams; this is a material evidence gap. No public evidence was identified of any separately established (non-acquired) Yum!/KFC R&D facility in Israel.

Acquisitions & Investments in Israeli Technology Companies

The two Israeli-origin acquisitions are confirmed from Yum! primary disclosures:

Both are inbound acquisitions (Yum! as acquirer); neither involves Yum! supplying technology to any Israeli entity.

Patents & IP Co-Development with Israeli Institutions

Dragontail held patents covering its “Algo” dispatch algorithm and “QT AI” computer-vision quality system; these IP rights transferred to Yum! on completion of the acquisition and may include IP originally developed in Israel, but the patent register details (filing jurisdictions, current assignee status) have not been publicly itemised in post-acquisition disclosures.414 No public evidence was identified of patent, licensing, or co-development arrangements between Yum!/KFC and Israeli research institutions (Technion, Hebrew University, Weizmann Institute).

Supplier Code of Conduct - Technology Supply-Chain Provisions

No public evidence was identified of a Yum!/KFC technology-supply-chain due-diligence framework specifically governing the national origin or geopolitical exposure of technology vendors, software suppliers, or digital-infrastructure providers. No public evidence identified.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

The Who Profits Research Center company database does not list Yum! Brands, KFC, Pizza Hut, Taco Bell, Dragontail, or Tictuk among its documented subjects on the entries reviewed.21 The AFSC “Investigate” database maintains a page on Yum! Brands, but it flags the company exclusively on US prison-labour (“convict leasing”) grounds arising from a December 2023 class action - not for any Israel/occupation-related technology relationship.22 No UN report or peer-reviewed academic study addressing KFC/Yum!‘s technology relationships with Israeli state entities was identified.

BDS & Consumer Boycott Campaigns

KFC is not listed on the BDS National Committee’s official boycott target list.23 KFC has nonetheless been the subject of consumer boycott calls in several Muslim-majority markets since the escalation of the Gaza conflict from October 2023, generally framed around US corporate brand-origin sentiment; reporting notes that some activists also cited Yum!‘s investment in an Israeli startup.2425 In Malaysia, franchisee QSR Brands temporarily closed more than 100 of around 600 KFC outlets in 2024 amid the boycott.2425 These campaigns are not documented as targeting Yum!‘s technology provision to the Israeli state.

Cybersecurity Regulatory & Legal Actions

The January 2023 ransomware attack generated the most significant recent technology-governance activity: approximately 300 UK restaurants closed for a day; an SEC 8-K disclosure was filed in January 2023; employee data exposure was confirmed and breach-notification letters issued from April 2023; and multiple US employee class-action suits followed.891726 These actions concern Yum!‘s posture as the victim of an attack and are unrelated to any Israeli-origin technology relationship.

Export Controls & Sanctions Authorities

No public evidence was identified of any action by export-control authorities, financial-sanctions bodies, or equivalent regulators relating to KFC/Yum! technology sales, services, software exports, or data transfers to Israeli state entities or in occupied territories. No public evidence identified.

End Notes

Footnotes

  1. https://investors.yum.com/news-events/financial-releases/news-details/2025/Introducing-Byte-by-Yum-an-AI-Driven-Restaurant-Technology-Platform-Powering-Customer-and-Team-Member-Experiences-Worldwide/default.aspx 2 3 4 5 6

  2. https://www.businesswire.com/news/home/20250206765566/en/Introducing-Byte-by-Yum-an-AI-Driven-Restaurant-Technology-Platform-Powering-Customer-and-Team-Member-Experiences-Worldwide

  3. https://www.qsrmagazine.com/operations/fast-food/why-owning-the-tech-stack-is-the-key-to-yums-future/ 2

  4. https://investors.yum.com/news-events/financial-releases/news-details/2021/Yum-Brands-Completes-Acquisition-of-Dragontail-Systems-an-Innovator-in-Kitchen-Order-Management-and-Delivery-Technology/default.aspx 2 3 4 5 6 7 8 9

  5. https://investors.yum.com/news-events/financial-releases/news-details/2021/Yum-Brands-to-Acquire-Leading-Omnichannel-Ordering-and-Marketing-Platform-Company/ 2 3 4 5 6

  6. https://www.thestreet.com/investing/yum-acquires-israeli-online-ordering-startup-tictuk 2 3

  7. https://www.marketingdive.com/news/yum-brands-acquires-tictuk-to-deepen-commerce-capabilities-for-social-media/597245/ 2 3

  8. https://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/ 2 3

  9. https://www.restaurantbusinessonline.com/financing/ransomware-shuts-300-yum-brands-restaurants-uk 2 3

  10. https://www.seattletimes.com/business/kfc-owner-yum-brands-completes-spinoff-of-china-business/

  11. https://www.cnbc.com/2017/09/04/alibaba-launches-smile-to-pay-facial-recognition-system-at-kfc-china.html

  12. https://money.cnn.com/2017/09/01/technology/china-alipay-kfc-facial-recognition/index.html

  13. https://www.vice.com/en/article/a-kfc-uses-facial-recognition-technology-to-tell-you-what-to-order-based-on-your-age-and-gender/

  14. https://www.prnewswire.com/news-releases/dragontail-systems-enters-us-market-launches-covid-19-enhancements-to-its-patented-qt-ai-camera-to-monitor-food-preparation-in-the-foodservice-industry-301045638.html 2 3

  15. https://restauranttechnologynews.com/2020/04/dragontails-computer-vision-quality-management-system-expands-in-response-to-pandemic-to-detect-restaurant-cleanliness-and-sanitation-practices/

  16. https://en.wikipedia.org/wiki/KFC_Israel

  17. https://www.sec.gov/Archives/edgar/data/0001041061/000110465923004769/tm233852d1_8k.htm 2

  18. https://www.restaurantdive.com/news/yum-to-acquire-ai-based-company-dragontail-systems-for-723m/600911/ 2

  19. https://investors.yum.com/news-events/financial-releases/news-details/2021/Yum-Brands-to-Acquire-Kvantums-Leading-Artificial-Intelligence-Based-Consumer-Insights-and-Marketing-Performance-Analytics-Business/default.aspx

  20. https://www.prnewswire.com/news-releases/dragontail-systems-deploys-autonomous-drones-to-assist-food-deliveries-301210450.html

  21. https://www.whoprofits.org/companies/all

  22. https://investigate.afsc.org/company/yum-brands

  23. https://bdsmovement.net/

  24. https://www.middleeasteye.net/news/kfc-malaysia-closes-over-100-outlets-amid-gaza-boycott 2

  25. https://time.com/6972603/pro-palestinian-boycotts-fast-food-chains-israel-muslim-countries/ 2

  26. https://www.cybersecuritydive.com/news/yum-brands-class-action-suits-employees-ransomware/650394/