Fingerprint-analysis programs used by the FBI and thousands of other US law enforcement agencies contain code written by a Russian company with close ties to the Kremlin, according to a new report.

The revelation sparked concerns that Russian hackers can access sensitive biometric information on millions of Americans and even infiltrate the agencies’ computer systems – compromising national security, according to a BuzzFeed report.

A French company inserted the Russian code into the fingerprint software of the FBI and 18,000 other American law enforcement agencies, according to two whistleblowers who are former employees of the company, the report says.

The firm — then a subsidiary of the Paris-based conglomerate Safran — concealed from the feds the fact that it had bought the Russian code in a secret deal, said the whistleblowers, both French nationals who worked in Russia, BuzzFeed reported.

The Russian company whose code ended up in the FBI’s software has connections to the Kremlin that should raise similar national security concerns, the whistleblowers said.

The company, Papillon AO, boasts in its literature about its close cooperation with Russian ministries as well as the Federal Security Service — the successor of the Soviet-era KGB that has been implicated in hacks of US targets.

Cybersecurity experts acknowledged that the dangers of using the Russian-made code couldn’t be determined without examining the code itself.

But “the fact that there were connections to the FSB would make me nervous to use this software,” said Tim Evans, the former head of operational policy for the National Security Agency’s cyberintelligence unit who now helps run cybersecurity firm Adlumin.

The FBI’s overhaul of its fingerprint technology was unveiled in 2011 as part of a larger initiative known as Next Generation Identification, which used biometrics, including face and iris recognition technology.

The TSA also relies on the FBI fingerprint database.

In hopes of winning the FBI contract, the Safran subsidiary Sagem Sécurité — later renamed Morpho — licensed the Papillon technology to improve the performance of its own software, said the whistleblowers, who worked for Morpho, BuzzFeed reported.

Philippe Desbois was the former CEO of the company’s operations in Russia, and Georges Hala worked for the company’s business development team in Russia, the report said.

BuzzFeed reviewed an unsigned copy of the licensing agreement, dated July 2, 2008, between the French and Russian companies, which Desbois and Hala said they had obtained while working for Morpho.

The contract says that to Papillon’s knowledge, its software does not contain any “undisclosed ‘back door,’ ‘time bomb,’ ‘drop dead,’ or other software routine designed to disable the software automatically with the passage of time or under the positive control of any person.”

Desbois said at least three high-level company officials stressed to him that the existence of the agreement had to remain a closely held secret.

Disclosure, he said he was told, might jeopardize contracts in the US market.

“They told me, ‘We will have big problems if the FBI is aware about the origin of the algorithm,’ ” he recalled, according to BuzzFeed.

Neither man was personally involved in the integration of Papillon code into the French company’s products or the sale of the software to the FBI.

But Desbois said several company officials told him the technology sold to the feds contained the Papillon algorithm.

“You know the word omertà?” Desbois said, referencing the Mafia code of silence made famous by the movie “The Godfather.”

“It was always the intonation like we have done something bad that is a secret between us and that we should not repeat it to anybody,” he said.

Hala said Papillon is not an independent company.

“Papillon was an emanation of the Internal Affairs Ministry, so Papillon was always under the control of the ministry,” he said.

But Ivan Shapshal, Papillon’s deputy director for marketing, disputed that.

“We are fully a private company,” he said. “Do we do special tasks for the intelligence agencies of Russia? No, there is no reason for us to do this. It is just a risk. It does not help us make money.”

The Internal Affairs Ministry, the FSB and the Russian embassy in Washington, DC, did not respond to BuzzFeed’s requests for comment.

Neither the FBI nor any of the companies involved directly denied that the fingerprint software used by the bureau contains Russian code.

The FBI declined to answer repeated questions about the software but said in a statement, “As is typical for all commercial software that we operate, appropriate security reviews were completed prior to operational deployment.”

Morpho has since been sold and renamed Idemia. A spokesman for the company said the claims are “old allegations” that have been “rejected” by authorities and the courts.