What I do is to run the exiftool to strip all the metadata from the image. Next, I check if there are any identifying details in the image like landmarks or background details (e.g. stuff on my whiteboard). And finally I check for the unwanted reflections or for the setup that could be recognised outside the community I share the photo with. Last but not least, I never share a photo in more than one place.
The CIA and NSA were able to remotely access any device or social media account without the owner knowing, all the way back as early as the early 2000’s. Edward Snowden revealed this to an apathetic public. If they could do that back then without AI, I can’t imagine what they can do now.
Probably significantly less actually. Because all the encryption and communication protocols are open source and regularily audited, they have become more and more secure. All sides of this conflict have an interest in these systems being secure because everyone indcluding the feds themselves are using them. From looking at actual cases they have to either wait for a zero day to infiltrate a phone remotely or physically compromise it (airport, etc).
Back when every country was developing its own IT systems, it was different, but now everything is globalized. If Russia/Iran/China is suffering from a 0day, chances are the US is suffering from it aswell.