The Cipher Brief

Sir Alex Younger died earlier this week at the age of 62. He had been fighting cancer for some time.

Alex was Chief of the Secret Intelligence Service (SIS, more popularly MI6) from 2014 to 2020. For most past and present MI6 officers, he was the best-loved Chief anyone had known.

One reason for this was that Alex had risen through the ranks. A good MI6 head does not need to have done so. But there is an undoubted advantage in a humint service to have a leader like Alex who has spent years operating under alias and diplomatic cover, who has had gritty operational discussions with a bewildering variety of foreign liaison services. Who has done his time as a desk officer in Century House and Vauxhall Cross, managing the egos of superiors, colleagues and officers in stations overseas. Who knows what it’s like waiting under alias in the hotel of some god-forsaken place, wishing he was back in Britain with his beloved wife and family.

A second reason was that Alex was a thinker. He had a strong set of values and beliefs and was happy to talk about them. He was a believer in the Enlightenment – the ideas circulating in Europe and elsewhere in the 18th century, advocating reason, challenging superstition and prejudice. He believed that these ideas had brought humanity to a better place and would continue to do so; that those who resisted reason and enlightenment should be challenged and never yielded to. I suspect as a young man he left the army to join MI6 because he could better – and more enjoyably – fight that fight.

But he also thought about national security and where it needed to be in the twenty first century. For him MI6 could not just dig itself into a humint trench, carrying on as before, on the assumption that all that mattered was people. A humint service that was not engaged with science and technology, threats and opportunities, was going to become a museum piece, and a rarely visited one at that.

A speech he gave as Chief 8 years ago at his old university, St Andrews in Scotland, showed he had been thinking deeply about AI – now on everyone’s minds. He was clear that a modern humint service had to engage with technology and the nature of hybrid conflict. “We and our allies face a battle to make sure technology works to our advantage, not to that of our opponents,” he said. “Liberal democracies should approach this with confidence”.

The third reason was that Alex was an unusually likeable human being. He was a spy. When an agent is going to accept tasking from an intelligence officer, the agent needs first and foremost to trust the officer: their competence and integrity. After that, the agent is looking for someone he or she likes: someone who has a good sense of humour, who understands you, convinces you this is the right thing to do. Alex was unusually strong in all these respects. He was a fine case officer.

And these strengths translated to the increasingly demanding leadership roles he took on: head of station in Kabul, Director Counter-Terrorism, Director-General Operations and finally, Chief. Alex was well known for walking the corridors, talking to staff of all grades. This meant that people across the organisation felt valued. They could say whatever they wanted to him, the franker the better. It meant that Alex, as leader, learned stuff that perhaps his immediate leadership team had not shared with him. He knew what everyone working for him did and what they needed to do it. He was the most approachable of people. He did not set out to intimidate or impress you with how busy or important he was. Noone had greater humility. It was a different, but entirely successful, type of leadership.

Alex also believed in partnership. Relationships with the rest of the British intelligence community – with MI5 and GCHQ – were made deeper and broader. So were relationships with the police, military and other government departments. Strategic cooperation with foreign liaison partners was strengthened. Of particular importance to Alex was the relationship with the US. Operational cooperation with the CIA had been important for much of his career, and he valued the unique intelligence sharing and cooperation between the two countries. It was in the US that Alex sought a possible solution to his last illness, and in the US that he passed away.

Alex’s wisdom and foreign affairs experience were highly valued by a succession of British prime ministers – Cameron, May, Johnson. After retiring from public life, he built up quite a following in Britain of people impressed by his occasional media appearances, providing unique insights into the increasingly bewildering international landscape. Friends would ask me if I’d heard “what that Alex Younger had to say on the telly last night”. He talked sense.

He apparently nicknamed his cancer “Putin”.

For the time being, all that family, friends and colleagues – including secret agents – can do is mourn the painfully premature passing of – to use an old-fashioned term – a true gentleman. Longer term, Alex’s memory must inspire people to believe in and defend liberal democracy.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Remembering Alex Younger: The Intelligence Chief Who Shaped a Generation

I don't want to write about Sir Alex Younger, my predecessor as Chief of SIS.

I want to write about my friend.

I had known about Alex's cancer from the outset, while I was still Chief. He treated it with his customary irreverence and wit. He nicknamed his tumour "Putin". At one stage he took to sporting a lapel badge bearing the words "I'm not dead yet". Sarah, his wife, persuaded him not to wear it to the memorial service of a former agent.

I knew he had become dangerously ill in Boston last week. Even so, it still came as a shock to step off a twelve-hour flight to Singapore on Thursday morning and learn that he had died. My immediate thoughts were for Sarah and the family. They had already endured more than any family should when they lost their son Sam in 2019.

Alex and I were almost exact contemporaries. He was a little less than two months younger than me. We spent much of our professional lives travelling along parallel tracks.

We really came to know one another after 9/11, when we were appointed to our first Head of Station jobs. Alex pipped me to the post to get Dubai. I got Kuala Lumpur as a consolation prize.

As it happened, both stations became important nodes in the effort to understand and dismantle the proliferation network established by A.Q. Khan. Working closely with CIA colleagues, Alex and I found ourselves cooperating on one of the most important intelligence operations of that era.

It was during that period that I came to appreciate the characteristics that would define him throughout his career.

Alex was intensely collaborative. He was competitive too, but his competitive instincts were directed entirely towards the mission and the adversary rather than towards colleagues. Underpinning that was a generosity of spirit and a quiet confidence that came from being entirely comfortable in his own skin.

That combination earned him enormous affection.

The wider public came to appreciate Alex through his media appearances after he left SIS. Those of us who had worked with him recognised immediately the qualities the wider public was now seeing: clarity of thought, economy of language and a gift for making complex issues intelligible without oversimplifying them. Few words were wasted. He also possessed a wonderfully dry sense of humour and a gift for the perfectly judged bon mot.

Yet beneath the outward affability was a private man. In many respects Alex was an introvert. His confidence came not from external validation but from self-knowledge. He did not need to dominate a room or win every argument. He knew how and when to delegate. The result was a calm authority that people trusted and wanted to follow.

Those qualities served him exceptionally well during one of the most consequential periods in the modern history of SIS.

As Chief, Alex oversaw a significant reorientation of SIS's counterterrorism effort to confront the rise of ISIS and the threat it posed to the United Kingdom and our allies. The challenge was made all the more acute by the appalling terrorist attacks suffered by the United Kingdom in 2017.

At the same time, he recognised earlier than many that the hostile-state threat had returned. Alongside CIA colleagues, he invested heavily in developing the capabilities of Ukrainian intelligence and security partners years before Russia's full-scale invasion brought the importance of that work into public view.

The attempted murder of Sergei and Yulia Skripal in Salisbury, and the death of Dawn Sturgess, presented another defining challenge. Alex led the intelligence response that helped drive the expulsion of hundreds of Russian intelligence officers operating under diplomatic cover across Europe and beyond, imposing a significant and lasting setback on Russian intelligence operations.

He also ensured that SIS's intelligence relationships with European partners emerged intact from Britain's decision to leave the European Union. At a time when political relationships were often under strain, intelligence cooperation remained strong.

The relationship with the United States occupied a special place in his thinking.

Alex believed deeply in the Anglo-American intelligence partnership and worked closely with John Brennan, Mike Pompeo and Gina Haspel during his tenure. Together with John, he instituted annual gatherings of the senior leadership teams of SIS and CIA, recognising that institutional trust is ultimately built through personal relationships.

He was, however, equally committed to ensuring that the relationship remained a genuine partnership. On the rare occasions when he sensed a tendency in Langley to regard SIS as a particularly capable vetted unit rather than as a strategic partner, he would gently but unmistakably correct the impression.

Alex also recognised earlier than many how profoundly technology would shape intelligence work. The computer science graduate from St Andrews was never far beneath the surface. He understood that operations officers needed to become digitally literate - not only to recognise threats to their operations but also to understand how technology could protect agents and enhance operational effectiveness.

His final major challenge as Chief was Covid. Intelligence services could not simply close their doors and work from home. Operations still had to be run, agents protected and intelligence delivered. The pandemic required a wholesale re-engineering of how SIS functioned while continuing to do its job. Alex led the Service through that period with clarity and compassion.

Looking back now, what I remember most are not the operations, the crises or the offices he held. I remember the humour, the kindness, the judgement and the friendship.

Alex made a profound contribution to SIS and to the country's security. But for those of us fortunate enough to know him personally, the loss feels rather simpler than that.

We have lost a friend.

Watch The Cipher Brief’s Interview with Sir Alex Younger explaining the urgency of the threats facing democracies today in the plain language described by Sir Richard Moore. We are sending our condolences to the Younger Family and to Alex’s broader IC family as well.

Can the Pentagon’s New Innovation System Deliver?

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

On January 12, 2026, Secretary Hegseth's office published a memo that ought to be hanging in every PEO's office: "No longer a loose federation. They are the Office of the Secretary of War's innovation operating system." The memo took six previously-warring fiefdoms, Defense Innovation Unit (DIU), Strategic Capabilities Office (SCO), Chief Digital and AI Office (CDAO), Defense Advanced Research Projects Agency (DARPA), Office of Strategic Capital (OSC), and the Test Resource Management Center (TRMC), and stacked them under a single DoW CTO. The DIU and SCO were redesignated Department Field Activities. Owen West, a Marine with two decades experience at Goldman Sachs and a former Assistant Secretary of Defense (ASD) for Special Operations, took over as Director of DIU. Cameron Stanley, former chief of Project Maven, is now head of the CDAO. The press wrote the whole thing up as a reorganization. Five months later, that read is the wrong one. This was an operating-system upgrade. An operating system that hasn't booted is just another memo. The urgent question now is which one we have, and Beijing, Riyadh, and Kyiv are not waiting around for the answer.

From Loose Federation to Operating System

For anyone who hasn't been tracking, the structural change is bigger than it looks. Six execution organizations now sit under one CTO, Emil Michael. The Defense Innovation Steering Group, the Defense Innovation Working Group, and the old CTO Council were dissolved and replaced by a single Action Group. Field Activity designation gives DIU and SCO faster contracting and personnel authorities than their predecessor organizational structures allowed.

This is the reform the Iron Triangle has been asking for. The old federation produced parallel pitches into competing fiefdoms. The same vendor would brief DIU on Monday, SCO on Wednesday, and CDAO on Friday, while the program offices that actually buy at scale received no shared signal back. DIU built a portfolio. SCO built a portfolio. CDAO built a portfolio. DARPA built a portfolio. Each was a victory lap for the individual office and a logistics burden for the warfighter, who eventually inherited four nearly-identical autonomy stacks that didn't talk to each other.

The Action Group is the first credible attempt at unified intake. It takes the political cost of saying no to a vendor, historically the binding constraint that kept the federation porous, and concentrates it in one place. The CTO can quickly route capabilities across all six execution organizations. Whether the building actually uses the routing layer is the open question.

Five Months In: What Booted, What Didn't

The good news first. Owen West was confirmed and is operationally active; his March 2 ceremony at Fort Benning was a signal that the Marine Corps and the special operations community have a seat at the head of the DIU table. Within weeks he told the building that he intends to narrow DIU's investment priorities, a signal investors should read carefully because it suggests fewer, deeper bets. Cameron Stanley has the CDAO chair and a mandate that includes AI compute on military installations, data-asset unlock across the department, and the GenAI.mil platform. These are accountable people running accountable shops, and they are issuing memos with their names on them.

The bad news. The OSC, the most consequential of the execution organizations for investors, has not released an FY26 investment strategy as of June 1. The FY26 NDAA appropriated $97.8 million for OSC's capital assistance pilot, enough to subsidize up to $4.4 billion in loans and guarantees, but the deployment cadence is opaque. The Action Group itself has not published outcomes against measurable targets. Six months from now, we should be able to count program offices that have routed capability needs through the Action Group, OSC term sheets executed, and CDAO-led integrations into contracts. Today, most of those dashboard lights are still amber.

The OSC Question

The OSC angle deserves its own section because it is the answer the May issue of this column was implicitly asking for. A Bridge Too Small argued that $49 billion in private capital cannot bridge a $1.5 trillion budget without serious structural reform. The OSC is one of the structural reforms; a loan-guarantee instrument designed to leverage private capital into national-security priorities at a multiple. The April FY27 budget request put $20 billion-plus on the table for the Strategic Capital loan program, up from under $1.5 billion in FY26. That is an order-of-magnitude scaling and a serious procurement-architecture commitment.

The proof that OSC can deliver already exists. Last year, OSC executed a $150 million loan to MP Materials for heavy rare-earth separation capacity at Mountain Pass, California. No venture fund underwrites that kind of paper. No SBIR ceiling reaches that kind of scale. The transaction does more for the neodymium and brushless-motor chokepoint I warned about in April than any number of Blue UAS compliance memos, and it is the kind of instrument the trifecta has been demanding.

What scales now matters. OSC has built out a Credit Program covering 31 Covered Technology Categories. Individual loans run from $10 million to $150 million. The total FY26 loan ceiling sits at $984 million. The FY27 request makes the program ten-times that. For procurement officers, OSC is the only DoW instrument that bridges directly to private debt. For investors, OSC's underwriting standards will eventually price the floor of the defense-tech market. For policy wonks, OSC is either the most important Treasury-style instrument the building has ever held, or it is a slide deck with appropriations attached. The next six months will decide which.

The View from Beijing, Riyadh, and Kyiv

The Innovation Operating System is not only a domestic procurement story. It is a foreign policy instrument, and the external clock is running faster than the internal one.

Beijing has spent the past eighteen months building its own version of an innovation operating system, optimized for export rather than for internal acquisition. The March 2026 deal between Aviation Industry Corporation of China and Saudi Arabia's General Authority for Military Industries set up local production of forty-eight Wing Loong-3 unmanned combat air vehicles per year in Jeddah, with a Riyadh acting as a logistics hub explicitly designed to serve other Gulf Cooperation Council (GCC) customers. The four-billion-dollar Pakistan-Libya JF-17 deal that closed in spring extends the same model further. China is exporting state-coordinated industrial capacity to allies that previously purchased primarily American. If the Action Group cannot route US capability into those markets at competitive speed, the substitution will continue, with maintenance contracts, training pipelines, and next-platform decisions following the initial procurement.

Riyadh is the harder case because it activated the Pakistan-Saudi mutual defense pact in May, generating combat-credible deployments inside ninety days of trigger: eight thousand troops, sixteen Chinese-built JF-17s, an HQ-9 air defense battery, and two squadrons of drones. Foreign Military Sales economics for US primes have assumed the Gulf as a baseline customer since the Carter administration. That baseline is moving. Investors holding GCC (Foreign Military Sales) FMS exposure should be repricing it. Procurement officers running F-15EX, MQ-9, and Patriot pipelines should be running the dependency map.

Kyiv has demonstrated the procurement-velocity standard the building is now implicitly trying to match. Ukrainian manufacturers produced roughly four million drones in 2025 and are targeting seven million in 2026, with the Brave1 marketplace routing capability needs from frontline units to certified manufacturers in days. The Innovation Operating System is, in part, an attempt to import the Brave1 effect inside an institution whose default cycle is the opposite of distributed and rapid. The Pentagon does not need to copy Brave1 exactly. It does need to demonstrate, by the end of the year, that the Action Group can produce a signal-and-response loop on a US scale. If it cannot, allies will keep studying Kyiv for the template and looking elsewhere for the systems.

Hegseth's memo bought the building time. Whether the building uses that time determines more than acquisition outcomes. It determines whether the next decade of alliance procurement runs through Washington or around it.

What the Trifecta Should Do Tomorrow

This is the reform that does not require an act of Congress, and the trifecta has more agency in it than the powerpoint slides suggest. Three concrete moves.

Procurement officers: stop pitching vendors against your individual program. Start pitching capability needs into the Action Group's intake so the CTO can route across DIU, SCO, CDAO, DARPA, and OSC. DIU's $99 million Obviant prototype award for an AI platform that consolidates DoW acquisition, contracting, and budgeting data is DIU paying for the data layer that the reorganization needs at the institutional layer. Use both.

There is a deeper move underneath the routing layer and the data layer, and it is an identity shift. The traditional procurement officer is rewarded for stovepipe wins: my program, on time, on budget. The new model rewards capability gaps closed across multiple execution organizations, with capability other PEOs can leverage. That is portfolio thinking, not program shepherding. The FY26 NDAA reform language and the Hegseth memos are pushing every PEO toward this shift. The ones who lean in will define the next decade of acquisition. The ones who don't will be measured against them.

Investors: treat OSC as a real instrument. Get on a call with DIU and CDAO. If you are holding portfolio companies with critical-technology exposure, OSC's loan guarantees are the leverage instrument you have been asking the federal government for since the SBIR program was conceived. Underwrite accordingly. MP Materials should not be a one-off. And read the FMS pipeline with foreign-policy realism: the Gulf customer base is being reshaped, and OSC's onshoring bets are partly a hedge against that erosion.

Policy wonks: push for OSC investment-strategy publication and Action Group outcome metrics. The reorganization either produces visible procurement velocity within six months or it does not. There is no middle ground, and there will be no excuse if Q4 2026 looks like Q4 2025. The foreign policy clock will not wait for FY28.

Conclusion: Boot or Be Dismissed

The Innovation Operating System will either reach sustained throughput by the end of 2026 or it will be unwound by the next administration. West and Stanley are accountable people running accountable shops. Emil Michael owns the CTO function and the political cover that comes with it. The trifecta has spent a decade complaining about a loose federation. The memo dissolved the federation. The question that should keep procurement officers up at night, that should be on every investor's diligence checklist, and that every policy wonk should be asking is the same: can a machine that has never run end-to-end deliver capability at the speed Beijing, Riyadh, and Kyiv are now setting? The Iron Triangle will be watching the dashboard for the next six months. So should you.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the U.S. Cannot Afford to Lose Intelligence Partners

THE BLUF: Working with partners is a key intelligence tool. While the US has one of the best if not the best intelligence organizations in the world, it still cannot collect and analyze all global trends. The US sets intelligence priorities based on threats against the nation and the American people. Trends and anomalies in areas that may not have a direct impact on the US are of a lesser priority. Other countries do the same. If we share our analysis and collection among allies and partners, we are able to retain our focus without missing trends that could end up as a major issue down the road. If we are not a stable and trustworthy partner, we will miss out on potentially important intelligence that could affect our nation.

The US intelligence community has worked hard to develop strong relationships with its allies and partners. For the last 10 years, the US has led intelligence in NATO as the Assistant Secretary General for Intelligence and Security. The Defense Intelligence Agency (DIA) has put in place a Deputy Director for the Commonwealth. Allies have offices in the Pentagon to be better able to share intelligence. Many of the Combatant Commands have partners and allies sitting in their intelligence units. Two successful examples of close intelligence sharing are:

·Operation Gallant Phoenix (OGP): an intelligence fusion center established in 2013 in Jordan. It is made up of over twenty countries with representatives from a variety of agencies, including law enforcement, military and civilian intelligence. OGP focuses on response to current, evolving and future violent extremist threats - regardless of threat ideology. Gallant Phoenix allows nations not only to share intelligence on the foreign fighter threat, but also to get that information back to their law enforcement and homeland security agencies.

BICES: Battlefield Information Collection & Exploitation Systems (BICES) links intelligence between a range of partner nations. The system originally centered on NATO, but today's version goes beyond that. It delivers technical capability to provide multinational intelligence and information-sharing capabilities.

The importance of these types of intelligence sharing constructs is seen in how intelligence sharing has saved lives. In 2025, intelligence sharing thwarted attacks against US allies.

·In July 2025, the CIA said that it helped Germany foil a Russian plot to assassinate the head of a German arms manufacturer that produced weapons for Ukraine.

·In August 2025, the CIA said it provided intelligence to Austrian authorities that allowed them to disrupt a plan, allegedly inspired by the Islamic State group.

Allies and partners, however, are raising concerns about sharing intelligence with the US. They have given a host of reasons for that concern that largely reflect unease about intelligence being leaked to adversaries, either unwittingly or for political reasons. Some partners have raised issues with how their intelligence is being used by the US. The Danish Defense Intelligence Service, one of Denmark’s key spy agencies, has described the U.S. as a potential security risk, saying in a 2025 report that the United States is increasingly prioritizing its own interests and “now using its economic and technological strength as a tool of power, also toward allies and partners.”

These concerns continue to grow with two staunch allies declaring that they are either completely halting or are curtailing intelligence sharing with the US:

·Colombia: Through the early 2000s Colombia became a close partner with the US in combatting drug cartels and left wing insurgent groups. The close intelligence relationship contributed to the operation to rescue US hostages in Colombia and the demise of the FARC narco-terrorist group. Under leftist Colombian President Gustavo Petro, the intelligence relationship faltered with Petro completely halting it as a result of the current US counter drug policy. We will see what a new Colombian President will decide vis a vis the US intelligence relationship.

·UK: The intelligence sharing relationship between the US and the UK is one of the strongest ones the US has. Because of UK concerns about the legality of US maritime strikes against alleged drug runners, the UK has announced last year that it would curtail its intelligence sharing with the US on cartel related issues.

This trend comes at a time when Europe is rethinking its future intelligence organization. The US’s influence on that organization could lessen if our long-time partners believe that they cannot count on us to keep their secrets, share our intelligence, and use their intelligence for legal purposes.

These recent events should raise larger strategic concerns as the US relooks the future of its intelligence community. With new technologies that help us collect and analyze open source data, sharing intelligence should be easier. If we start with open source and commercially available information that AI can curate, we are starting in a place that is unclassified and thus easily sharable. The ability to share and its importance married with using the latest technologies is why the US needs to build a new open source center that feeds into each of the intelligence community components. This center would have as part of its organization, partners and allies who would bring their open source information to the table—much like Operation Gallant Phoenix but with a global threat based problem set. This is where the US and the world would see the first trends of a new global pandemic, watch out for signs of instability in countries that normally are not first tier priorities for the US, and understand how climate change might be affecting global economies that could result in unrest or regime change.

This is not the time to go it alone in the intelligence community. In order to keep our nation safe in a cost effective way, we need to continue to work closely with partners and share intelligence and intelligence operations. We can only do this if our partners and allies see the US intelligence community as strong, effective, apolitical, and leading in sharing with its partners.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Radical Empathy: The Counterintuitive Skill That Made Me Better at Everything Else

There's a moment in every intelligence officer's career when they realize something uncomfortable: to be effective at their job, they must genuinely connect with people whose values, beliefs, or actions they might find repugnant. Not pretend to connect. Not manipulate. Actually connect.

This realization runs counter to everything we typically believe about empathy. We're taught that empathy flows naturally toward people we like, people who share our values, people who we think of as "good." But in the world of human intelligence, that comfortable version of empathy is nearly useless. What matters is something far more difficult, and far more powerful.

I call it radical empathy: the disciplined capacity to temporarily suspend moral judgment in order to genuinely understand another human being at their deepest level. Not to excuse them. Not to agree with them. But to see them with such clarity that you understand why their choices make perfect sense from inside their own experience.

This skill changed how I operate professionally. It changed how I lead. It changed my relationships. And I believe it's one of the most underdeveloped yet universally applicable capabilities in leadership, business, and life.

The Paradox at the Heart of Intelligence Work

Here's something most people don't understand about recruiting human sources: it's not about deception in the way movies portray it.

Yes, intelligence officers operate under cover. Yes, there are secrets and compartmented truths. But the actual relationship between a case officer and their asset? That has to be real. Authentic. Built on genuine understanding.

Why? Because you're asking someone to do something extraordinarily difficult and potentially dangerous. You're asking them to betray their country, their employer, their colleagues, perhaps even their family. You're asking them to live with secrets that could get them imprisoned or killed.

No one does that for someone they don't trust. Few people will take that risk for a relationship that feels transactional or manipulative (though there have been high-profile espionage cases where money was everything for the spy).

The intelligence officers who succeed at recruitment aren't the ones who are best at lying. They're the ones who are best at understanding. They develop an almost preternatural ability to see the world through another person's eyes, to discover what motivates them at the deepest level, and to position themselves as someone who genuinely meets that need.

This creates a paradox that took me years to fully appreciate: the profession that operates in shadows and secrets requires, at its core, one of the most authentic forms of human connection imaginable.

Finding Humanity in Uncomfortable Places

As a young officer, this was once put to the test when I was working against a major narcotics-trafficking rebel group and recruited one of its members as my source. We had precious little in common, a girl from Northern California and an armed fighter moving opium and heroin into the international market. But we found a way to connect. I learned about his own circumstances, the limited opportunities, the pressures of an armed militia that occupied his hometown, and his desire to do something more, better, with his life.

That experience taught me something I've remembered ever since: every human being, regardless of what they've done, has at least one redeeming quality. Some kernel of humanity that can serve as the foundation for genuine connection. A corrupt official might be a devoted father who would do anything for his children's future.

A disillusioned bureaucrat might be an idealist who once believed deeply in something and now feels betrayed by the system he serves. A person working for an adversarial government might hold private doubts about the direction her country is taking. The skill isn't in inventing these qualities. It's in uncovering them. They're always there. The question is whether you're willing to look past the surface, past your own judgments and assumptions, to discover them.

This is what I mean by radical empathy. It is neither soft nor naive. It’s not about investing my own emotional energy in another person at some supernatural level. It's a disciplined practice of psychological discovery that requires you to temporarily set aside your own moral framework in order to understand someone else's. The term radical empathy could just as well be radical understanding.

The Internal Work Most People Skip

Here's what makes radical empathy difficult: it requires confronting your own judgments, biases, and emotional reactions before you can genuinely see another person.

Most of us don't do this. We don't even realize we're not doing it.

We enter conversations with people already filtered through our assumptions about who they are, what they believe, and what they deserve. We listen for confirmation of what we already think. We interpret their words through our own frameworks. And we call this "understanding." It's not. It's projection dressed up as empathy.

True radical empathy requires a different thought process: First, acknowledge your judgments. Don't pretend you don't have them. If you're meeting with someone whose politics you find abhorrent, whose business practices you consider unethical, or whose personality rubs you the wrong way… acknowledge it. To yourself. Clearly. You can't set aside what you don't recognize. Second, summon genuine curiosity about their internal logic. This is the key move. Ask yourself: What would have to be true for this person's choices to make perfect sense? Not sense by your standards, sense by their standards, given their experiences, their information, their pressures, their fears, their aspirations. Dig deep to understand the other person’s “why” or sense of purpose. Everyone is the hero of their own story. Everyone's choices feel rational from inside their own experience. When you can't understand why someone does what they do, the limitation is usually in your own understanding, not in their rationality. Third, find the universal human element. Beneath the surface differences, what basic human needs are they trying to meet? Security? Recognition? Belonging? Purpose? These needs are universal even when the cultural context or strategies for meeting them diverge radically.

Finally, let genuine connection emerge. When you've done this work, something changes. The person in front of you stops being a caricature or a problem to be solved and becomes a full human being. Connection is truly possible, not because you've manipulated it, but because you've created the conditions for it. Your own curiosity and open mind promote trust, and trust is the foundation of real connection.

Why This Feels Uncomfortable

I've shared these ideas with others over the years, and occasionally encountered resistance. The concern usually sounds something like this: "If I empathize with someone whose behavior is harmful, aren't I excusing or enabling that behavior? Doesn't understanding become complicity?" This is an important question, and the answer is no, but only if you understand what radical empathy actually is. Radical empathy is not agreement. It's not approval. It's not moral relativism. And it’s not, again, pouring all of your own emotional energy into the other person.

It’s about understanding. You can fully understand why someone made a destructive choice and hold them accountable for it. You can genuinely empathize with the pressures that led someone to act unethically and still insist on consequences. You can see the humanity in someone and oppose everything they stand for. In fact, I'd argue that empathy strengthens your ability to respond effectively. When you truly understand someone's motivations, you're better positioned to influence them, negotiate with them, counter them, or help them adapt their behavior. You're operating with full information rather than fighting a caricature. The intelligence world taught me this viscerally. We weren't in the business of excusing bad actors. We were in the business of understanding them so well that we could anticipate their moves, identify their vulnerabilities, and, when possible, recruit them or change their behavior.

Understanding is not endorsement. It's power.

The Shift That Changes Everything

I remember another moment from late in my career when I sat across the dinner table from a former communist insurgent who had since risen to some prominence in his government. Decades earlier, we would have been committed adversaries. He still harbored deep animosity for the United States and, by extension, me as our government’s representative.

The conversation was tense and stilted at first, but shifted over time as we spoke about our families, our mutual desire for equality in our countries, our values of independence, self-reliance, and patriotism. He realized that I sought understanding, not judgment, and that changed everything. It ended up being one of the most fascinating dinner conversations I had enjoyed in years.

What I've learned is that radical empathy creates a particular kind of shift in how other people experience you. When someone feels genuinely seen, not judged or evaluated, not managed, but actually understood at some level, something in them opens. Defenses lower. Authentic communication becomes possible. Trust builds faster than it otherwise would. This isn't mystical. It's psychological. Humans are fundamentally wired to respond to being understood. We crave it. And we can tell the difference between someone who's performing and someone who actually gets us. Intelligence officers become skilled at creating this experience for others because recruitment depends on it. But the skill needs to be real to work. The curiosity must be sincere, and your humanity must be felt.

Beyond the Shadows: Where Radical Empathy Transforms Results

For years, I cultivated this capability in classified contexts, assuming it was specialized, something unique to the peculiar demands of intelligence work. Obviously, that’s not the case. Radical empathy is a master skill that amplifies effectiveness in virtually every domain that involves human beings.

Leadership and Management

The leaders I most respect share a common trait: they understand their people at depth, and they can set aside judgment as they seek to build that understanding. They can appreciate someone else’s skills and performance, but also their aspirations, pressures, and private struggles.

This understanding doesn't make them soft. It makes them effective. They can deliver hard feedback in ways that the other person can receive because they've earned trust through genuine connection. They can motivate individuals differently based on what actually drives each person. Radical empathy allows you to lead people as they actually are, not as you assume them to be.

The "Likeability" Trap Leaders Must Escape

Here's a leadership mistake I have seen repeatedly over my long career. Too many leaders fall into the trap of filtering their teams through the lens of personal likeability. They gravitate toward employees they find pleasant. They invest more energy in people who are affable, who share their communication style, who feel easy to deal with. And they unconsciously distance themselves from those they find difficult, abrasive, awkward, or simply different. This is a fundamental leadership failure, and radical empathy is the antidote.

Bottom line? You don't have to like everyone you lead. It’s not a friendship. It isn't a marriage. It's work. The question isn't whether someone's personality delights you; it's whether you can understand them well enough to connect, build trust, and lead effectively. Some of the most valuable people I've worked with were not people I would have chosen as friends. They were prickly, or intense, or operated on a wavelength different from mine. Early in my career, I might have kept them at arm's length, managing them transactionally rather than leading them fully. That would have been my loss, and the organization's loss. Because frankly, genius does not always come in convenient packages. Radical empathy strips away the likeability filter. It asks a different question: Can I understand this person deeply enough to lead them well? The answer is almost always yes, if you're willing to do the work.

This becomes especially critical when you're leading people from outside your own field of expertise. If you're a business leader managing engineers, or a military officer leading intelligence professionals, or an executive suddenly responsible for a function you've never worked in, you can't rely on shared professional language or common technical background to create connection. You have to build it another way.

That way is radical empathy. It begins with genuine curiosity and an open mind. It requires you to ask questions you don't know the answers to, to listen without feigning expertise you don't have, and to understand what drives people whose work you may never fully comprehend. When you do this, something interesting happens: people forgive your lack of specialized expertise in their field. They trust you anyway. Because what they really need from a leader isn't someone who understands their work better than they do. It's someone who understands them. Connection precedes credibility. And connection begins with empathy.

Negotiation and Conflict Resolution

Every negotiation book talks about "understanding the other side's interests." Radical empathy takes this further. It's not just understanding what they want, it's understanding why they want it, what fears drive their positions, what pressures they face, and what success looks like from inside their world.

When you achieve this level of understanding, creative solutions emerge. You see trades that weren't visible before. You can frame proposals in language that resonates with their values rather than yours. You can anticipate objections and address them before they surface.

I've watched negotiations transform when one party makes the effort to genuinely understand the other. The shift is palpable. Suddenly, the conversation moves from positional warfare to joint problem-solving.

Sales and Client Relationships

The best salespeople I know aren't persuaders in the traditional sense. They're understanders. They invest time in genuinely comprehending their client's world… the pressures they face, the internal politics they navigate, the fears that keep them up at night, the outcomes that would make them heroes within their own organization.

From this understanding, they don't have to "sell" in the pushy sense. They simply present solutions that genuinely fit. The client feels understood rather than manipulated, and trust builds accordingly.

This is exactly what intelligence officers do with potential sources. We seek to understand their world so thoroughly that when we finally present an opportunity, it feels like the natural answer to their problem, because often it is.

Cross-Cultural and International Contexts

Radical empathy becomes even more critical when operating across cultural boundaries. Different cultures have different frameworks for understanding the world. Very different assumptions about hierarchy, relationships, time, honor, and obligation.

Effective cross-cultural engagement requires the ability to temporarily adopt another cultural framework, to see the world as your counterpart sees it, and to communicate in ways that make sense within their context rather than your own.

This was the daily work for intelligence officers working abroad. But it's equally essential for global business leaders, international negotiators, diplomats, and anyone working across cultural lines in our increasingly connected world.

Healthcare, Counseling, and Helping Professions

Professionals who work with people in crisis (doctors, therapists, social workers, counselors) depend on the ability to understand without judgment. A physician who can truly understand a patient's fears and lifestyle constraints will be more effective at encouraging treatment compliance. A therapist who can enter a client's frame of reference can facilitate change that would otherwise be impossible.

The radical empathy developed in intelligence work is structurally identical to the "unconditional positive regard" that therapists cultivate. Both require the capacity to understand without judgment, to see the logic in choices that might otherwise seem irrational or self-destructive.

Politics, Policy, and Civic Life

In an era of intense polarization, radical empathy offers something our public discourse desperately needs: the ability to understand positions with which we disagree without portraying counterparts as caricatures.

This doesn't mean abandoning your principles or treating all positions as equally valid. It means understanding why people on the other side believe what they believe. What experiences, fears, and values drive their positions.

From this understanding, persuasion becomes possible. Common ground becomes visible. And even where agreement is impossible, respectful coexistence becomes more achievable.

The Practice: How to Develop Radical Empathy

Like any skill, radical empathy can be developed. Here's how I'd suggest approaching it: Start with low-stakes practice. Before attempting this with someone who triggers strong reactions, practice with neutral encounters. The barista who seems rude. The colleague whose communication style irritates you. The family member whose choices confuse you. Ask yourself: What would have to be true for their behavior to make perfect sense?

Notice your judgments without fighting them. You don't need to eliminate your moral reactions. You need to notice them clearly enough that they don't unconsciously drive your behavior. Judgment observed is judgment that can be temporarily set aside. Ask questions you don't think you need answered. The most powerful understanding often comes from exploring areas where you think you already know the answer. You probably don't. So, ask anyway. Listen for what's underneath the surface. When someone expresses a position, seek to understand what need it serves. When they describe a behavior, think about what fear or aspiration drives it. Keep digging beneath the presenting content.

Practice with people you disagree with. This is where the growth happens. Find opportunities to genuinely understand (not debate, not convince, just understand) people whose views differ from your own. This is uncomfortable and becoming increasingly rare in our polarized political climate. Do it anyway. Debrief yourself. After important conversations, reflect: Did I genuinely understand this person's perspective, or did I project my own assumptions? What did I miss? What would I do differently?

The Person You Become

Here's what I didn't expect when I began developing this capacity: it changed me.

Radical empathy doesn't just make you better at understanding others. It makes you more aware of your own biases, assumptions, and blind spots. It develops your intellectual humility and a kind of cognitive flexibility, or the ability to hold multiple perspectives simultaneously, to see situations from different angles, to resist the allure of your own certainty.

It also, somewhat paradoxically, makes you more secure in your own values. When you've genuinely understood perspectives different from your own and chosen to maintain your positions anyway, those positions are no longer defaults. They are consciously chosen. And that's a different kind of conviction.

This focus on empathy is something our country desperately needs more of today. It’s core to the work I conduct on Mind Sovereignty™, since the collapse of civic empathy is so closely tied to filter bubbles, algorithmic amplification, and the resulting affective polarization we see in society. But empathy can be rebuilt, and it starts at the individual level.

An Invitation

We live in a time when understanding across divides feels increasingly rare. Political polarization, social media echo chambers, and the pace of modern life all conspire against the slow, patient work of genuinely seeing another person.

And yet this capacity has never been more valuable. In leadership, in business, in diplomacy, in life… the ability to understand without judgment, to see without agreeing, to connect across differences, remains the master skill that amplifies all others.

I was fortunate to develop this capability in an unusual crucible. But the skill itself isn't classified tradecraft. It's available to anyone willing to do the internal work.

The question is whether we're willing to set aside our own sense of certainty (and often, moral superiority) long enough to actually see the person sitting across from us.

In my experience, what we find when we do so is almost always more interesting (and more human) than what we assumed.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

China’s Uneasy Partnerships With Russia and North Korea

China’s summit with Russia last month and the reported likely upcoming visit of President Xi Jinping to North Korea are tactical moves that ignore the historical tensions between China, Russia and North Korea.

That tension threatens a meaningful strategic partnership.

The meeting between Mr. Xi and Russian ruler Vladimir Putin, convened immediately after President Trump’s summit with Mr. Xi, resulted in a joint statement highlighting a strategic partnership between Russia and China. Meanwhile, it criticized the current “law of the jungle” — a not-so-subtle dig at the U.S.

The 1991 Treaty of Good Neighborliness and Friendly Cooperation between Russia and China was extended for another five years, memorializing the quasi-alliance between these two countries.

The summit’s message was clear: China and Russia will continue to strengthen their strategic partnership and pursue a multipolar world opposed to unilateralism. That is another not-so-subtle criticism of the U.S.

Despite Russia’s efforts, China did not agree to the Power of Siberia 2 pipeline, which would carry roughly 1.8 trillion cubic feet of Russian gas annually from western Siberia through Mongolia into China. This is an important project for Russia, owing to Europe’s sharply reduced purchases of Russian gas because of its invasion of Ukraine.

Given the loss of European revenue, Russia hoped to redirect gas eastward to China. China, however, has been cautious, not wanting to become overly dependent on Russia, while pressing for lower prices and more favorable financing terms.

Also of concern to Russia is China’s inroads into Siberia and Russia’s Far East. The country is concerned about Chinese nationals migrating to Siberia in search of economic opportunities.

There are powerful historical reasons why Beijing and Moscow will always be wary of each other. These include the 1969 border clashes on the Ussuri River and Russia’s threat during that decade to launch nuclear strikes against Chinese nuclear sites. They also point to deeper historical wounds, such as Russia’s 1860 seizure of Vladivostok from the Qing Dynasty under the Treaty of Peking — one of the “unequal treaties” imposed on China. Decades later, Beijing retaliated by providing military support to Afghan fighters resisting the 1979 Soviet invasion.

Pro-Kremlin Russia Today expert Alexey Martynov argued in a recent commentary piece that China can no longer treat Moscow as a junior partner. He wrote, “Beijing behaves as though it can preserve a carefully managed partnership in which China remains the senior partner while minimizing its own obligations.”

A no-limits strategic partnership between a revanchist Russian Federation — a pariah state because of its invasion of Ukraine — and a China determined to be a model world leader is a partnership that will not endure.

North Korea is China’s only ally. More than 90% of North Korea’s trade is with China, and more than 90% of North Korea’s crude oil imports come from China. China is North Korea’s economic lifeline.

Yet historical distrust of China is still deeply embedded in North Korean strategic thinking. Korea has a long history in the Chinese tributary system. For centuries, Korean dynasties operated within the Sinocentric regional order, with imperial China as the dominant power.

Many Korean nationalists viewed this as unequal and humiliating. Former North Korean leader Kim Il-sung balanced between Moscow and Beijing during the Cold War to avoid subordination to either, though North Korea depended on China economically.

North Korea will always be concerned about Chinese influence and its ability to pressure North Korea economically or support reforms like China’s. China is concerned with North Korean nuclear brinkmanship and potential refugee flows in the event of instability in North Korea.

Most important, if there is instability or war on the Korean Peninsula, China would be concerned that the U.S. would be there for its ally, South Korea.

After North Korean leader Kim Jong-un took power in 2011, he kept his distance from China and did not show the respect China expected. In September 2025, however, Mr. Xi invited Mr. Kim to Beijing to stand with Messrs. Xi and Putin at Beijing’s Victory Day parade, commemorating the end of World War II.

If Mr. Xi visits Pyongyang in the next few weeks, it will be obvious that China is working hard to improve relations with North Korea.

North Korea’s new allied relationship and mutual defense treaty with Russia and its military aid to Russia for the war with Ukraine have no doubt motivated China to be more energetic in bringing North Korea back into the fold.

Despite visits and joint statements, China’s relations with Russia and North Korea remain fragile. A strategic partnership will not endure.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

This story appeared in The Washington Times and is republished here with permission.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

From Terror Networks to Hybrid Threats: A Partner Approach to a Growing Threat

The hybrid threat challenge facing Europe today is reminiscent of the terrorist threat challenge of the post-9/11 Global War on Terrorism (GWOT) era. Because of that similarity, the alliance should adapt the counterterrorism cooperation model developed over the last twenty years.

As European security partners grapple with Russia’s gray-zone activities—operations conducted below the threshold of war to create confusion and hesitation—the recently released U.S. counterterrorism strategy makes a notable acknowledgment. In the final sentence of its subsection on Europe, the strategy commits to working with European partners to counter covert state actions, including sabotage and assassination plots, categorized as “hybrid threats.” The inclusion of the term is both appropriate and significant because Russian intelligence services have demonstrated how state power can be projected through irregular means.

After all, even a cursory glance at some of the activities being perpetrated by Russian and Iranian proxies throughout Europe demonstrates that what we are actually talking about looks a lot like the FBI’s definition of international terrorism— “Violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations (state-sponsored).”

Since the Russian invasion of Ukraine, Western intelligence services have been tracking a troubling evolution in Russian tradecraft: the emergence of proxy recruitment at scale, enabled by digital platforms and designed to blur the lines between espionage, sabotage campaigns, and terrorism.

Through the use of so-called “disposable agents,” both Moscow and Tehran have convinced individuals living in the West to commit violent, criminal acts, sometimes for small sums of money, other times encouraging attackers with ideological inspiration. If these were Sunni jihadists linked to al-Qaeda or the Islamic State, the incidents would be labeled as terrorist attacks, and those responsible would be called homegrown violent extremists who were radicalized and recruited online. Russia has worked through its intelligence services, while also cultivating a network of willing recruits throughout Europe.

Recent investigations reveal the scale and intentionality behind this approach. A 2025 exposé uncovered a Russian military intelligence (GRU)-linked recruitment campaign using Telegram bots and viral propaganda videos to solicit volunteers abroad. The messaging was deliberately broad—appealing to nationalism, grievance, or simple curiosity—and funneled interested individuals into automated recruitment pipelines. These systems lowered the barrier to entry: a single click, message, or expression of interest could place a user into a pipeline for tasking.

Iran has followed suit, relying on one of its many proxy groups—Kataib Hezbollah, an Iraqi Shia militia—to orchestrate a shadowy hybrid campaign under the banner of Harakat Ashab al-Yamin al-Islamia (HAYI). HAYI has already claimed responsibility for a series of attacks across Europe, spanning the United Kingdom, the Netherlands, Belgium, and France. Similarly, Russian hybrid attacks in Europe know no borders and have occurred in the UK, France, Germany, Estonia, Georgia, Moldova, and elsewhere. Just last week, Russian drones crashed through an apartment block in Romania, a NATO member.

The key to successfully countering hybrid threats is working by, with, and through allies to leverage each other's strengths in a shared effort to identify threat networks, map their structures, penetrate their operations, and dismantle them. This requires not just unity of effort within countries, but a coordinated approach across law enforcement, intelligence agencies, security services, and special operations forces.

In some ways, perhaps, the U.S. and its allies are a victim of their own success. The Global War on Terrorism—while not without its faults—was successful in combating al-Qaeda and the Islamic State, decapitating their leadership and driving them from safe havens in the Levant and Pakistan's tribal areas. Of course, the terrorist threat has not vanished, though it has morphed into a more decentralized network of regional affiliates and franchise groups that still wreak havoc from the Sahel to Central Asia.

For more than two decades after 9/11, the United States and our European allies were bound together by a clear and urgent mission: to disrupt terrorist networks, prevent attacks, and dismantle organizations such as al-Qaeda and ISIS. That shared mission forced us to innovate. It drove unprecedented cooperation across intelligence services, law enforcement, counterintelligence and with special operations forces. Barriers – silos – that once slowed us were broken down, and in doing so, countless lives were saved.

But the strategic environment has dramatically changed.

Compared to the two decades that followed the al-Qaeda attacks of September 11, 2001, terrorism has become a back-burner issue, relegated to a focus on great power competition, which manifests in the shadows through hybrid threats. And while there has been a NATO strategy to counter hybrid threats since 2015 (and it has also developed a Center of Excellence to analyze the issue), the discussion is typically less coalition and mission-focused than counterterrorism operations were, say, during the peak of the Islamic State's caliphate and amidst the mass movement of foreign fighters between Western countries and the Middle East.

One of the issues is that, as a concept, hybrid threats—while not a new term—suffer from definitional ambiguity and are not widely agreed upon in the lexicon. The term itself is used interchangeably with 'gray zone warfare' and is at times mistaken for or confused with asymmetric warfare, political warfare, irregular warfare, and/or unconventional warfare.

Still, the 2026 strategy does characterize certain states as behaving like terrorist enablers—or as part of the terrorist threat environment—when they sponsor, support, equip, or facilitate terrorist organizations, rather than treating terrorism solely as a non-state actor phenomenon. While not explicitly calling out Russia, that framing is useful and is a departure point for a more aggressive Western strategy for countering this phenomenon.

Terminology and labeling aside, what is clear is that sabotage, cyber operations, and the use of disposable agents by Russia, Iran, and other Western adversaries are wreaking havoc and destabilizing society in many countries. And because state actors are involved, there is an additional element they alone can bring—scale. This means using professional intelligence services, financial resources, sophisticated cyber capabilities, diplomatic cover, and complex logistical support in transportation, communications, and other crucial areas.

As such, the only way that states can hope to be successful in countering hybrid threats is by massing their own state-based capabilities and cooperating through pooled resources and intelligence sharing.

Another idea gaining traction in the event of escalation in Europe, is resurrecting Cold War–era like-stay-behind structures for government continuity: a legally grounded resistance architecture that’s in place—distributed, resilient, and capable of sustaining state continuity from the first moment of disruption. It is almost shocking to process the idea that hybrid threats from Russia are causing some NATO countries to institutionalize “total defense” models designed to absorb shock and sustain governance under pressure. But the threat landscape demands such contingencies.

In this new threat paradigm, resilience and resolve—not caution—is the center of gravity.

Only a more aggressive stance in pushing back against those actors deploying hybrid capabilities can be effective. One thing is for certain: a tepid, half-hearted response—or worse, no response—will only continue to embolden Moscow, Tehran, and Beijing. Hybrid threats, by their very nature, pose a cross-border challenge. The shots may be called in the Kremlin, but the operations take place in London, and may involve intermediaries scattered across the globe, providing various forms of active and passive support to the perpetrators of the attack.

To blunt these offensives requires integrating and partner-sharing of world-class intelligence – like the way Western intelligence services dealt with jihadi threats - and an unprecedented willingness to elevate aggressive offensive counterintelligence to a strategic capability among partners nations.

Countering hybrid warfare requires far deeper intelligence integration among allies. Intelligence sharing can no longer remain confined to elite classified exchanges between a handful of services. Governments must create real-time intelligence fusion across cyber defense agencies, financial regulators, military commands, law enforcement, border security organizations, and private-sector infrastructure operators. This is particularly urgent because critical infrastructure is now the frontline of modern conflict.

If the Western nations remain integrated, vigilant, and forward-leaning, they will not simply compete in this space—they will shape it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Put the Next Generation to Work: Digital Transformation Has Only Just Begun

Put the Next Generation to Work: Digital Transformation Has Only Just Begun

We are witnessing a historic bottleneck in the technology sector. According to recent data, unemployment among new computer science graduates has climbed to 6.1%. While many point to AI as the singular cause of this displacement, the reality is more nuanced: the industry has stopped hiring "apprentices" because it has temporarily lost sight of the value of human-led systems integration.

We are currently operating under a dangerous fallacy: that because AI can generate code and simulate reasoning, the "entry-level" phase of a technology career is no longer necessary.

This is wrong. Digital transformation has only just begun.

The "Stagnant Workflow" Crisis

If you look past the high-tech bubble, the American economy is still defined by millions of archaic, bureaucratic, and manual workflows. These are the processes—in supply chains, logistics, municipal services, and industrial infrastructure—that were never digitally transformed because they were too complex or too niche to justify traditional, high-cost software engineering.

We have spent decades ignoring this "long-tail" of technical debt. Now, we finally possess the intelligence to solve it. But instead of mobilizing our newest engineers to tackle these systems, we are benching them. We are letting an entire generation of talent go to waste while our infrastructure continues to operate on decades-old, manual processes.

The Trap of the Probabilistic Agent

There is a temptation today to simply hand these workflows over to probabilistic, agentic AI. It is an enticing shortcut: the agent "learns" the process, makes decisions, and clears the backlog.

But this is only a temporary fix.

Probabilistic agents are useful for discovery, classification, and reasoning through ambiguity, but they are not a replacement for high-integrity automation. They are "black boxes" of probability. For mission-critical workflows, we cannot afford to gamble on a result that changes with every iteration.

The ultimate goal is not "agentic" automation—it is deterministic automation.

The most effective systems are those where AI acts as the architect, helping our engineers map and generate the robust, deterministic code that replaces the manual friction. We need our next generation to use AI to build systems that are predictable, auditable, and repeatable. We must move beyond the "agent in the loop" and toward the "code-governed system"—where AI generates the logic, but humans define the constraints, ensuring the system functions with the precision of a clock.

The New Digital Transformers

The role of the "entry-level" hire is not dead—it has been promoted. We no longer need junior developers to write boilerplate code; we need Digital Transformers who understand this distinction.

These are the systems thinkers who will:

Audit the Bureaucracy: These engineers must be capable of navigating the non-automatic, messy reality of our nation’s businesses. They will act as "process anthropologists," going into legacy environments to document the hidden bottlenecks that current automated tools cannot see. By doing so, they provide the necessary data and context that are essential for any meaningful digital intervention.

Orchestrate the AI: Instead of merely using AI to generate snippets, these transformers will use frontier models to synthesize complex processes and then codify those processes into deterministic, high-reliability systems. This requires a shift from prompt-based experimentation to a rigorous engineering mindset where the AI is treated as a component in a larger, stable architecture. They will build the "connective tissue" between legacy databases and modern AI-driven decision engines, ensuring the output is not just plausible, but structurally sound.

Bridge the Domain Gap: Learning the nuance of a business's operations is a feat that AI cannot accomplish without human context. These graduates will be tasked with understanding the "why" behind the workflows—the regulatory constraints, the unique company culture, and the operational trade-offs—that an LLM will never inherently know. This domain literacy ensures that the technology we deploy is not just efficient, but actually improves the business's core performance.

It’s Time to Hire

This is a direct call to the leaders of our frontier AI companies and major industrial enterprises.

You have the capital and the mandate to lead. If you are building the future of intelligence, you have a responsibility to underwrite the deployment of this generation. Stop treating entry-level talent as a cost center to be minimized. Start treating them as your Technical Debt Task Force.

Provide the Infrastructure: Underwrite the compute and the platforms they need to work. This investment should be viewed as a "Research and Development" tax on innovation, where the return on investment is a more resilient and modern industrial base. By providing these credits, frontier AI companies create a massive, decentralized lab for testing their models on real-world, high-stakes industrial friction.
Open the Sandboxes: Give them access to the legacy "impossible" problems that no one else has had the time to fix. These are the workflows that currently exist outside of the "high-margin" software bubble, serving as the perfect, low-risk, high-reward testing ground for junior architects. Solving these neglected problems provides an immediate, measurable boost to operational efficiency while shielding the company's core products from experimental risks.
Deploy the Talent: Shift the focus from automating away the junior role to deploying that role to modernize our country’s industrial foundation. By placing these graduates into cross-functional teams, you create a new management paradigm that prioritizes "orchestration" over "maintenance." This transition creates a clear path to leadership for the new hire while ensuring that the organization is actively clearing its backlog of technical debt every single quarter.

A Mission for the Next Generation

When a young graduate uses AI to re-engineer a failing production line or automate the synthesis of experimental data, they aren't just completing a task—they are building the digital architecture of the next fifty years. They are learning systems design, stakeholder management, and domain expertise in the most intensive way possible: by building, testing, and iterating in the real world.

We have the human capital. We have the technology. We have an economy that is crying out for modernization.

The era of digital transformation didn't end with the launch of the latest large language model; it is only now reaching the point where we can finally apply it to the hard, unglamorous problems of our physical and industrial world.

The work is ready. The team is waiting. It is time to hire.

Follow Mark Munsell on LinkedInThe Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Invisible Conflict: Defending Against Hybrid Non-Kinetic Warfare

War doesn’t always look like war anymore. Hybrid non-kinetic warfare is an increasingly popular means for threat actors to orchestrate prolonged campaigns aimed at achieving political and security objectives by destabilizing the adversary, eroding its strength and social cohesion, while avoiding the creation of a pretext for military retaliation. The goal is to wreak chaos with invisible hands from an anonymous cloak, absent a military, uniforms or declaration of war.

The Iranian conflict is a real-time case study in how warfare is being reshaped. In recent weeks, Iran-linked hackers have targeted critical infrastructure in the US, disrupting multiple oil, gas and water facilities. Tehran-linked hackers likewise disrupted operations at a major US medical device maker – among other things, they hacked into an emergency system that first responders use to communicate patient data to hospitals. A high-ranking US security official saw his personal email hacked and exposed by Iranian affiliates. Iranian hacktivists celebrated efforts like this with – of all things – Lego propaganda.

Hybrid non-kinetic warfare is not confined to the physical battlefield and has no regard for borders. Hybrid tactics are low-cost, low-risk and hard to trace. These tactics are effective where traditional firepower isn’t, and they’re quietly reshaping the future of conflict.

They’re also exposing how unprepared many governments remain for threats that don’t arrive with missiles or tanks. Modern warfare and defense preparedness hinges on our ability to adapt to the new realities of hybrid non-kinetic warfare. The technologies used to combat these threats must likewise adapt.

AN AMORPHOUS ARSENAL

The tools of hybrid non-kinetic warfare are varied and very dangerous in and of themselves – especially so when applied in concert.

High-impact sabotage operations are a frequent, favored tactic. Russia, for example, is known to target civilian infrastructure via hybrid pressure campaigns intended to influence Ukraine war outcomes. In Poland, these attacks include an arson attack on a massive shopping center that gutted 1,400 shops, and more recently, an orchestrated railway explosion. Dozens of these vandalism, arson and sabotage attacks have been mounted and documented since the February 2022 Russian invasion into Ukraine.

Disinformation and propaganda are likewise commonly employed. We see this in coordinated campaigns – online and offline – to spread false narratives, divide societies and support politicians who align with the attackers’ goals. Sounding the alarm, Italy’s Defense Minister has urged the European community to protect itself from Russian disinformation tactics seen recently in Italy.

“We are under attack, and the hybrid bombs keep falling,” he said.

Cyberattacks play a role too. These can target critical infrastructure – power grids, hospitals, transportation systems, government websites – and they’re often timed to sow confusion or weaken public trust.

In a recent twist, cyberattacks have been blended with traditional warfare – investigations have uncovered Iran’s use of "cyber-enabled kinetic targeting" before and after real-world missile attacks against ships and land infrastructure. By hacking into CCTV cameras, among other methods, Iranian advanced persistent threat (APT) groups have successfully gathered intelligence on real-world targets.

Irregular or engineered migration is increasingly employed in hybrid non-kinetic campaigns. In some cases, governments deliberately funnel large numbers of migrants toward their adversary’s borders – not to help the migrants, but to overwhelm border systems and create political tension. We’ve seen this tactic used at the Belarus-Poland border, and between Russia and Finland, and it works because it creates pressure from every direction – on border patrols, on social services, on local communities and governments and beyond.

Political interference is another established tactic that’s gained new relevance in contemporary hybrid non-kinetic warfare. Russia’s known interference in the states of Ukraine, Georgia and Moldova is aimed at preventing them from shifting allegiances toward the West. This interference often peaks during election seasons.

These tactics on their own are often regarded as isolated threats. In combination, they comprise a potent, long-term war campaign – a strategy to reshape a community or region without ever sending in troops.

THE ART OF HYBRID WAR

Hybrid non-kinetic warfare looks disorganized on its surface, but there’s a logic behind it – a playbook. In plain terms, these are the core principles.

Be flexible and move fast. These operations are constantly evolving. If threat actors see an opportunity – like a protest, an election, a scandal – they join the fray and make it worse. The goal is to stir the pot, to cause unrest.

Destabilize from within. These attackers seek to weaken the glue that holds communities and countries together – trust, unity, stability. They want people to feel divided, unsafe and unsupported.

Use every tool available – military and civilian. Physical sabotage, cyberattacks, media campaigns, migrant flows and financial pressures are all part of the hybrid non-kinetic playbook. Shadowy attacks spur dark rumors that metastasize into fear. Anything that causes confusion or disruption is fair game.

Think long-term. These aren’t one-off attacks. They’re slow, strategic campaigns – sometimes unfolding over months or years. They’re designed to wear a country down, applying constant stress.

Make it hard to know what’s really happening. There are no uniforms, no flags, no announcements to make sense of – just a series of “incidents” that seem disconnected – until you step back and connect the dots.

HOW TO CONNECT THE DOTS

Combatting hybrid non-kinetic warfare requires closer security and intelligence collaboration, and a coordinated, systematic, multi-agency response that extends across borders. It requires a fresh approach to defense spending that prioritizes continuous intelligence monitoring and analysis in parallel with conventional battlefield weaponry.

Resilience doesn’t just come from defense. It comes from understanding, and this clarity can only be achieved with a holistic view of the threat landscape and the ability to surface patterns from the chaos.

At the technology layer, homeland security and intelligence organizations will benefit from a centralized architecture that unites border protection, financial investigations, tactical operations and cyber intelligence in a single cohesive view. The advent of data fusion technology, AI investigative analytics and decision intelligence automation makes it possible to sift mountains of disparate data streams to gain immediate, actionable insights.

Warfare is no longer measured in terms of physical destruction and territorial command because the boundaries of warfare are blurring. Acts of hybrid non-kinetic warfare may look like random crimes and provocations to the untrained eye – their amorphous nature is what makes them so insidious and effective.

To help investigators understand how and why these seemingly random acts intersect and identify the proxy groups responsible, it’s essential to employ an early warning system that invites and unites intelligence from diverse disciplines and geographies. In this way, we can equip intelligence agencies to recognize acts of hybrid non-kinetic warfare in real-time and anticipate them before they happen again.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Deterrence Is Not Enough in the Age of Synthetic Asymmetry

Events have moved faster than doctrine. Part 1 of this series diagnosed the rise of synthetic asymmetry, an era where technological convergence allows small actors to impose disproportionate costs on states and institutions. Unlike the guerrillas of the past, today's asymmetric threats are engineered by design. This essay asks the harder question: How should democracies respond to a threat that is diffuse, deniable, and constantly mutating?

The Failure of Traditional Deterrence

The foundational flaw in applying Cold War security strategies to synthetic asymmetry is the breakdown of attribution and retaliation. Deterrence requires a clear threat of punishment against a visible state actor. Synthetic attackers thrive in gray zones: non-state groups, state proxies, or anonymous cyber operators whose acts are plausibly deniable, and whose tools can blur or obscure attribution by design.

When ransomware shuts down a critical pipeline, the target state faces a genuine conundrum. Is this an act of war demanding a kinetic response? Or a crime demanding law enforcement? That ambiguity makes the nuclear-era playbook obsolete. The attacker's goal is often strategic paralysis: erode trust, impose economic costs far exceeding the effort required to launch the operation.

The costs of these attacks, typically low-cost, remote, and cross-border, are negligible compared to the billions required for a proportional kinetic response. Traditional punitive deterrence buckles under that math.

The answer is to supplement deterrence with a doctrine of synthetic resilience: the capacity of democratic societies to absorb, adapt to, and recover from engineered multi-domain disruption before it produces strategic paralysis or loss of legitimacy. A powerful kinetic threat must remain, but democracies must also assume they will be attacked across multiple domains simultaneously. Survival depends on absorbing disruption, adapting rapidly, and ensuring the continuity of core societal functions and political legitimacy.

What the intervening period has clarified is that this assumption is no longer theoretical. Advanced AI and synthetic media are turning this from a theoretical concern into a systemic global risk (the World Economic Forum and allied intelligence communities have reached this conclusion independently) with opportunistic actors exploiting psychological profiling and emotional triggers to manipulate public perception at scale. The threat environment Part 1 described has accelerated.

The predictable objection is that synthetic resilience sounds resource-intensive and risks replicating the bureaucratic complexity it claims to replace. The cost-of-failure data argues otherwise. The 2021 Colonial Pipeline attack cost the company $4.4 million in ransom, but the downstream economic disruption across the eastern United States ran into the billions. The 2024 CrowdStrike outage, which involved no adversary at all, produced an estimated $10 billion in global losses from a single software update. The NotPetya campaign of 2017 caused over $10 billion in damage across multiple sectors and countries from a single piece of malware. Against those losses, resilience is not a fiscal luxury. It is actuarially rational. The question is never whether democracies can afford to build it. It is whether they can afford not to.

Principles of a New Doctrine

A coherent strategy cannot be built on isolated, domain-specific efforts. It must rest on three integrated principles, Alignment, Adaptation, and Agility, woven into national security planning, budgetary decisions, and interagency cooperation.

1. Alignment over Silos

Defense planners have historically treated cyber, space, and economic security as separate verticals, managed by different agencies with distinct budgets and legal authorities. Adversaries operate horizontally, leveraging convergence to create effects greater than the sum of their parts. A modern influence campaign is simultaneously a cyber attack (to steal data), a financial operation (to fund bot networks via crypto), and a kinetic risk (to incite real-world violence), often without a shot fired.

Nations must respond in kind. That means permanent interagency teams pulling together financial regulators, public health officials, and economic ministers alongside military and national security planners, trained together on synthetic asymmetry scenarios that force convergence. It also means a national risk framework that maps cascading dependencies: how a cyber attack on a single grain futures exchange could trigger a financial crisis, which enables a cognitive influence campaign built on food scarcity fears. The unit of analysis must shift from individual assets to systemic functions.

Recent events illustrate why. Rapid, uncoordinated changes to critical IT infrastructure, where operational decisions bypass standard security review, create systemic confusion between authorized and unauthorized system changes. When the mechanisms for coordination and attribution are themselves disrupted, adversaries inherit a structural advantage at no cost. This is a doctrinal vulnerability, not just an operational one.

2. Adaptation over Retaliation

The priority must shift from punishment to continuity. Against a deniable actor, resilience ensures the adversary gains nothing even if an attack succeeds (the same logic by which the internet routes around failures regardless of cause).

This requires reallocating resources toward the "invisible victory" of hardened defense over the more politically visible power projection of offense. The practical mechanism is hardening-in-depth: mandatory standards for redundancy, self-healing networks, and decentralized systems across the grid, finance, and logistics. Resilience cannot stop at government networks. It must be built into the economy itself, with strategic national reserves of critical goods and supply chains diversified enough that no single political event can halt production of essential materials.

The lesson is direct. When critical cybersecurity functions, including incident reporting oversight, real-time vulnerability monitoring, and analytical data systems, are degraded during periods of institutional restructuring, recovery timelines run into adversary windows. Denying adversaries strategic impact requires institutional capacity to be intact when the attack arrives.

3. Agility over Bureaucracy

Threats emerge at machine speed, powered by generative and agentic AI and automated reconnaissance. Acquisition cycles and regulatory processes measured in years are becoming strategically untenable.

The solution is defense architecture built around interchangeable, open-source, and rapidly updateable components. The Modular Open Systems Approach offers a workable template: technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, can compress the path from lab to deployment substantially.

The goal is simple: evolve as fast as the threat. That requires institutional depth to sustain capabilities across political transitions. Agility without continuity is a vulnerability, not a strategy.

Putting the Doctrine to Work

The three-principle framework only has force if it connects to concrete action. What follows is not a comprehensive policy platform. It is an illustration of how Alignment, Adaptation, and Agility translate into operational commitments across the domains where synthetic asymmetry is already active.

Alignment: Interagency Teams, Systemic Risk Mapping, Private-Sector Crisis Agreements

Alignment means building the interagency connective tissue that adversaries already assume democracies lack. Every national security council should maintain a standing synthetic-asymmetry cell with authority to convene defense, finance, health, energy, intelligence, and private-sector infrastructure leaders before a crisis begins. A national risk framework that maps cascading dependencies, such as how a cyber attack on a grain futures exchange could enable a food-scarcity influence campaign, shifts the unit of analysis from individual assets to systemic functions.

The private sector belongs inside this framework, not adjacent to it. Corporations are no longer adjacent to national security conflict, they are participants in it, operating on infrastructure adversaries deliberately target. Legally robust agreements with critical technology and infrastructure providers, covering roles, responsibilities, and pre-agreed crisis protocols, are the mechanism. These agreements must be written to survive leadership transitions. Tax benefits and procurement preference tied to resilience standards convert security from a state-imposed cost into a financially rational business position.

Adaptation: Infrastructure Redundancy, Cognitive Inoculation, Public Health Surge Capacity

Adaptation means building systems that deny adversaries strategic effect even when attacks succeed. For physical infrastructure, that requires legally mandated geographical diversity, making single-point failure structurally impossible, and jointly funded international rapid-response capacity targeting repair times measured in days, not weeks. On space systems, rapid reconstitution matters more than norms compliance: pre-negotiated commercial surge contracts for replacement satellite launches, hardened ground stations continuously monitored for intrusion. A jammed satellite is a setback. A seized ground station is a disaster.

In the cognitive domain, adaptation means inoculation before manipulation takes hold, not crisis management after. Sweden’s model is the operational benchmark: psychological defense embedded within total defense doctrine, with a dedicated national agency running continuous environmental monitoring. Several NATO allies are already looking closely at this model. Digital provenance, verifiable watermarks and metadata on all AI-generated or heavily altered content, must become a global standard. Without it, citizens and news organizations cannot reliably distinguish reality from synthetic manipulation. An allied intelligence-sharing entity focused exclusively on influence operations would allow attribution data on foreign manipulation tactics to move across borders before the manipulation has time to work.

Public health resilience belongs in this category too. The democratization of tools like CRISPR means engineered pathogen capability is no longer exclusive to state WMD programs. Permanently maintained, distributed vaccine manufacturing facilities and stockpiles of broad-spectrum antivirals represent the same logic as military pre-positioning: make the local response fast enough that the epidemic phase never gains traction. International agreements must move beyond bans toward regulating access, with mandatory safeguards on DNA synthesis services and flagging of suspicious orders, before the capability is in widespread use.

Agility: Modular Systems, Regulatory Sandboxes, Commercial Surge Capacity

Agility means closing the gap between threat speed and response speed. Defense architecture built around interchangeable, open-source, rapidly updateable components, along the lines of the Modular Open Systems Approach, enables technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, compress the path from lab to deployment. The financial domain requires the same logic: cooperative regulatory frameworks for crypto and DeFi across allied jurisdictions create a unified digital perimeter that forces transparency on illicit cross-border flows, closing the sanctions-evasion channel that currently funds a significant share of adversary low-cost operations.

Democracies hold one structural advantage that agility can amplify but authoritarians cannot replicate: decentralized command cultures that empower local actors to respond faster than centralized systems allow. The spontaneous, bottom-up innovation visible in Ukraine’s use of commercial technology is the template, capability flowing upward from the edge, not downward from the center. Alliances provide redundancy and burden-sharing no single state can match. A vulnerability in one ally’s financial system can be compensated by the strength of another. Allied nations that have invested in psychological defense, infrastructure redundancy, and cross-border intelligence sharing are likely better positioned today. That gap is widening. Maintaining trust and legitimacy under attack is the ultimate measure of democratic power. A democracy that comes through a crisis with its institutions functional and trusted has, in the most consequential sense, won.

The Path Forward

Synthetic asymmetry is not a temporary challenge. The period since this series began has confirmed that it is already shaping outcomes.

The choice before democracies has sharpened. The question is no longer simply whether they will update Cold War playbooks. It is whether they will recognize that the preconditions for synthetic resilience, including institutional depth, continuity of expertise, and coordinated capability, are themselves potential targets and must be treated as strategic assets accordingly.

Resilience infrastructure is not self-sustaining. It must be actively maintained, resourced, and insulated from the same political volatility it is designed to help societies weather. When incident reporting mechanisms, real-time vulnerability monitoring, and the talent pipelines that sustain them are degraded for any reason, the recovery timeline runs into adversary windows. The "invisible victory" of hardened defense becomes invisible in a different and more dangerous sense: it disappears precisely when it is most needed.

Synthetic resilience cannot be built after the disruption arrives. It must exist before.

Governments that adapt now will be better positioned to survive and to operate from strength. Those that inadvertently erode the institutional foundations of resilience while pursuing other priorities risk watching synthetic asymmetry become not just an adversary's tool but a permanent feature of global order.

Nuclear weapons reshaped the strategic logic of the 20th century. Synthetic asymmetry may do the same for the 21st. The choice is clear: write the doctrine of synthetic resilience, resource it, protect it, or be overtaken by disruption engineered to exploit the void.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How America’s Adversaries Compete Across Peace and War

Author’s Note: This article does not introduce “Endless Warfare” as another term in an already crowded national security lexicon. It examines an increasingly visible pattern in which U.S. adversaries pursue persistent strategic advantage both below and above the threshold of open conflict. The aim is not to argue terminology, but to clarify the character of the competition we are already in.

This article is also not about “endless wars” as a critique of U.S. interventions over the past two decades; that debate belongs elsewhere. Here, “Endless Warfare” describes how our adversaries wage continuous, long-term competition and conflict against the United States across peace and war.

Endless Warfare – Part I

How Gray-Zone Tactics, Cognitive Warfare, and Asymmetric Strategies Are Reshaping Global Conflict

On 28 February, the United States and Israel began a campaign against Iran. The strikes were precise, lethal, and decisive from a conventional standpoint. Despite these destructive attacks and Iran’s significantly weakened military capabilities, it did not surrender or collapse; Iran is fighting a different war.

Iran’s objectives are not to win on the battlefield—an impossible outcome against the U.S. and Israel—but to ensure the survival of the regime; create regional and global political, diplomatic, and economic chaos that shapes U.S. decision-making; and end the war on terms favorable to Tehran. Iran views this as an opportunity to turn these attacks into a long-term strategic advantage.

Iran’s arsenal of terrorist surrogates and partners, drones and missiles as weapons of coercion in the Strait of Hormuz and elsewhere, cyber capabilities, cognitive warfare, an empowered and battle-hardened IRGC, and transactional relationships with Russia and China have allowed it to believe it can still achieve these goals—improbable as they seemed in the early days after the U.S. and Israeli strikes.

Ultimately, Iran may not succeed, but it has already shaped the war in ways that complicate U.S. strategy. Much as we are learning from Ukraine’s adaptive, asymmetric resistance to Russia’s invasion, we are likewise drawing lessons from the clash with Iran. Changes in modern warfare aren’t just academic issues; they are playing out in real time.

This is not conventional war for Iran; it is a continuum of full-spectrum pressure and attacks both above and below the threshold of open conflict. For Iran, this is about pursuing regional dominance through surrogate networks and control of vital resources and sea lanes. Even when this round of fighting ends, Iran will almost certainly resume its gray zone campaign and its long war against the U.S. and its partners.

In Washington, where “forever wars” are a political liability, U.S. leaders tend to see engagements with Iran as finite in time and objectives where conventional military power ultimately prevails.

In contrast, Iran sees its struggle against the U.S. as existential and unending, where winning is measured less by battlefield victory than by political, economic, and coercive leverage and the ability to shape the decision space of its adversaries.

For Iran, this is about securing freedom of action regionally and globally, constraining adversaries, and expanding political, economic, and military advantage. Iran’s gray zone and asymmetric posture reflect this strategy. Iran has been preparing for this moment for decades. For Tehran, this is Endless Warfare.

Endless Warfare

For the purposes of this article, Endless Warfare refers to a calculated and persistent state of confrontation that operates both below and above the level of open warfare in which preparation for the next conflict is always underway. It is never formally declared, has no clear starting or end points, and provides our adversaries viable alternatives to conventional warfare.

At its core, Endless Warfare is a long-term strategy to prevail through cumulative gains and exhausting the strategic resolve of an adversary.

Navigating the Threshold.

Below the threshold of open conflict, the gray zone is a space of ambiguity, plausible and implausible deniability, and persistent, incremental aggression where weaknesses and gaps are identified and exploited. The gray zone—and gray warfare—allow adversaries to conduct operations to advance their own national interests, attack and undermine their adversaries, and set the conditions for a future war without triggering a military response. Preparation and setting conditions in the gray zone enable asymmetric warfare and fuel an endless cycle of conflict.

Above the threshold of open conflict, asymmetric warfare becomes the counterpart to gray warfare for militarily outmatched countries, such as Iran. The tools are the same. For Iran, asymmetric warfare is not a desperate last resort but a long‑planned survival strategy: a deliberate way to impose costs, buy time, and pursue broader regional objectives against a militarily superior United States and Israel.

Beyond countries like Iran, Endless Warfare is also the strategy for Russia and China. Although their strategic approaches differ, both countries are engaged in a continuum of full-spectrum pressure and attacks against the U.S. Their goal is the slow erosion of American relative power, autonomy, and influence across multiple domains and reshaping the existing world order in their favor.

China’s Approach to Endless Warfare

For China, patience is a strategic weapon. While Beijing does not use the term “Endless Warfare,” its doctrine of protracted, whole-of-society warfare that can last decades or generations reflects that it emphatically embraces the underlying thinking. For example:

Mao Zedong emphasized wearing down a stronger adversary through time, space, and political mobilization rather than seeking decisive battles.

Unrestricted Warfare, the influential 1999 doctrinal work by PLA colonels Qiao Liang and Wang Xiangsui, calls for extending conflict beyond traditional military operations into economic, technological, legal, psychological, cyber, space, and information domains. In this framework, “war” is reframed as permanent competition across all instruments of national power.

China’s official “Three Warfares” doctrine—public opinion, psychological, and legal warfare—formalized in 2003, focuses on shaping the battlefield before and often instead of kinetic conflict.

As Elizabeth Economy details in Foreign Affairs, “China is executing a patient, multi-decade campaign to dominate the “new frontiers of power”—deep seabed, Arctic routes, space, cyber protocols, and financial infrastructure. This is not episodic aggression but a continuous effort to set conditions, rewrite rules, and erode U.S. advantages below the threshold of open conflict.”

Michael Pillsbury also persuasively argues in The Hundred-Year Marathon that China’s approach centers on a long-term strategy of “winning without fighting” — drawing on traditions of extreme patience over decades or generations, inducing complacency in competitors, and pursuing the patient displacement of American primacy over decades or generations.

China’s activities in the South China Sea, cyber pre-positioning in critical infrastructure, and expansion of global port access reflect a strategy focused less on immediate confrontation and more on a persistent approach to reshape power and influence order in China’s favor. In short, Beijing’s strategy is built for a marathon of protracted competition to weaken American primacy and expand China’s own political, economic, technological, and military influence.

Russia’s approach to Endless Warfare:

In contrast to China’s patient, multi-decade campaign, Russia is a committed global disrupter on a permanent war footing against the West.

This posture is driven, in part, by Russia’s long-standing obsession with defending the homeland—a besieged fortress mentality—the conviction that Russia is existentially threatened and surrounded by enemies seeking its destruction. Russia considers the U.S. and NATO first among those enemies.

According to CEPA, Russia sees warfare as “continuous and ubiquitous” and believes that true lasting peace with the West is impossible—only temporary pauses in confrontation exist. This worldview and deeply embedded ideology of Endless Warfare by other names have resulted in persistent and evolving gray zone attacks against the West across political, economic, cyber, informational, and social domains.

Russia often appears less concerned about the success or failure of individual operations than with generating disruption, uncertainty, cognitive impact, and strategic effects over time.

As RAND has noted, “All of the many thousands of hostile and often costly interactions between Western and Soviet states or Russia since the 1917 revolution have taken place in the so-called gray zone short of war.” This long-standing reality makes the gray zone a continuous challenge…” This reflects that Endless Warfare by other names is long-standing Russian strategy.

Mechanisms of Endless Warfare

Persistent Gray Zone Attacks:

The gray zone is where great power competition increasingly plays out every day—below the threshold of open conflict and often below the threshold of credible deterrence.

Russia and China employ persistent gray-zone attacks because they have calculated that the strategic gains outweigh the risks and that the likelihood of provoking decisive retaliation remains low.

As argued in earlier work on China’s Gray War on America, strategic defeat in the gray zone—or through gray warfare—emerges not through decisive military power, but through the cumulative loss of relative power, autonomy, and influence across multiple domains of national power.

Russia and China’s gray zone attacks against the United States reflect this strategy. Their objective is not necessarily to directly confront and defeat America through conventional military power, at least not as a primary strategy, but to decisively, even patiently, weaken American at home and abroad over the long term—the framework of Endless Warfare.

Russia’s gray-zone campaign in Europe illustrates this approach. Russia seeks to disrupt and dissuade support for Ukraine while weakening and fracturing NATO—a combination of immediate operational goals and long-standing strategic objectives. For decades, Russia has penetrated institutions, organizations, and networks across Europe, shaping conditions for future conflict. This access provides Russia with the leverage, reach, and insight necessary to conduct a broad spectrum of persistent disruptive activities over the long-term below the threshold of war.

The same approach increasingly extends to the United States. Russia has conducted cyber intrusions; penetrated critical infrastructure; stolen sensitive government, corporate, and personal information; cultivated strategic access, and employed influence operations and other gray zone tools intended to impose costs and create long-term strategic advantage.

Russia’s broader efforts to confront U.S. actions globally through disruption in Syria, across Africa, in the Arctic, and throughout other contested regions—while compelling the United States to respond across multiple theaters and placing sustained stress on allied unity—reflect an approach intended not to engage the United States militarily, but to gradually erode America’s capacity to sustain long-term global competition.

China’s gray zone campaign against the United States has included the penetration of critical infrastructure networks, industrial-scale theft of intellectual property, the compromise of sensitive personal data on millions of Americans, persistent cyber espionage directed at government, defense, and commercial sectors, and influence operations intended to exploit social and political divisions and erode confidence in American institutions. These activities are designed not merely to achieve immediate impact but to gain an advantage over time that will be difficult to reverse.

Cognitive warfare:

The most pervasive adversary activity in the gray zone—and one of the central drivers of Endless Warfare—is cognitive warfare. Our adversaries use cognitive warfare to influence individuals, groups, and societies at the cognitive level—not only through traditional information and influence activities, but also through political, economic, technological, and societal pressures that can influence or disrupt cognition itself.

We should not see cognitive warfare as merely another challenge in the information domain; we should recognize it as a new frontier of power—a deliberate effort to subvert how free societies know, deliberate, and decide.

The ultimate objective of cognitive warfare is to undermine America’s decision autonomy—our ability to accurately perceive global events, to trust the knowledge we have and the information we receive, and to make confident, independent decisions free from external manipulation or coercion.

Adversaries use persuasive disinformation, weaponized narratives, AI-enabled deepfakes, synthetic realities, coercion, intimidation, and other evolving tools to erode trust in institutions, amplify social and political division, manipulate public perception, and increase uncertainty at every level of society: private citizens, business leaders, military commanders, and policymakers.

In the cognitive domain, truth is a strategic asset—precious, powerful, and fragile, and cognitive warfare is a contest for that truth and knowledge.

Cognitive warfare does not need to result in major actions or decisions that directly benefit an adversary to be effective. It succeeds when our decisions become slower, more hesitant, more internally contested, or result in inaction or false choices due to erosion of resolve, coercion, or intimidation.

Proxies and Surrogates

The use of proxies and surrogates offers countries options to the potentially devastating consequences of direct conflict. Proxies and surrogates add essential capability, deflect attribution, and externalize the burden and consequences of Endless Warfare.

Iran has built one of the most developed proxy and surrogate networks in modern conflict. This network allowed Iran to indirectly attack Israel, intimidate regional states, serve as a spoiler in Syria, attack U.S. forces in Iraq, and disrupt international shipping—all while largely keeping itself at arm’s distance. This network also served as a defensive shield, helping dissuade attacks from Israel or the West, and advanced Iranian strategic interests for decades.

Yet surrogacy in Endless Warfare is evolving as modern conflict evolves.

In Endless Warfare, surrogacy is increasingly defined not by the hierarchy or control associated with traditional surrogate relationships, but by the persistent pursuit of strategic outcomes by multiple actors against a common adversary.

In this evolving form of pragmatic surrogacy, adversaries do not necessarily need formal coordination if their independent actions against a common adversary are mutually beneficial.

For example, China and Russia do not share identical strategic objectives. Russia is not a traditional surrogate, but it is also not an equal partner in the relationship. China provides economic, diplomatic, and broader strategic support that helps Russia sustain its war in Ukraine. In turn, Russia takes action to impose costs on the U.S. and it allies and that generates strategic outcomes that benefit China’s broader Gray War against America—consuming U.S. war reserves and resources, diverting attention from the Indo-Pacific and other global priorities, stressing domestic and allied resolve, and exposing potential military vulnerabilities.

Similar dynamics are visible in the Middle East. Iran pursues its own regional ambitions and is not subordinate to either Moscow or Beijing. Yet Iran’s persistent confrontation with the United States can benefit both Russia and China—including increased Russian fossil fuel revenue, discounted energy flows to China, strategic observations relevant to Taiwan, depletion of U.S. military reserves, diversion of U.S. strategic attention, and challenges to U.S. influence in the Middle East.

Russia and China may also benefit from pragmatic surrogate behavior by a much broader range of countries. Rather than build surrogate structures, both countries increasingly persuade, incentivize, induce, or coerce states into actions that strengthen their broader competitive position against the United States. Continuous purchases of Russian energy, participation in alternative financial systems, diplomatic shielding, sanctions evasion, strategic infrastructure access, or agreements providing future military utility can all favor Russia and China while disadvantaging the United States.

Because much of Endless Warfare occurs in ambiguous spaces below the threshold of traditional war, this pragmatic surrogacy may become one of the most effective and scalable mechanisms available to America’s adversaries.

Weaponizing Negotiations.

Negotiations do not necessarily represent the end of conflict; in Endless Warfare they often represent the continuation of it by other means—a new phase where strategic advantage can still be lost or gained.

It is a mistake to assume that entering negotiations means that an adversary will approach them in good faith to seek genuine resolution.

In their negotiations with the U.S., Russia and Iran both posture to seek concessions in advance, set maximalist demands they know are unacceptable, slow diplomatic processes, complicate U.S. decision-making, and erode allied political will and resolve. Most importantly—our adversaries use negotiations to gain time to reconstitute, make adjustments on the battlefield or in the gray zone, and strengthen their overall political and military position.

Russia’s approach under Vladimir Putin particularly reflects a negotiations strategy that is not a bridge to peace, but another instrument of conflict and Endless Warfare.

This pattern was clearly visible after the 2008 war with Georgia. The six-point ceasefire agreement brokered by French President Sarkozy was meant to restore peace and secure Russian withdrawal. Instead, Moscow used the negotiations to consolidate control over Abkhazia and South Ossetia, formally recognize their “independence,” establish permanent military bases, and evade full compliance with the deal.

The same playbook was repeated in the Minsk process after the 2014 intervention in eastern Ukraine. Russia exploited agreements designed to reduce hostilities to freeze the conflict on terms favorable to Russia, preserve leverage, buy time for rearmament, and weaken Western cohesion.

Today, Russia engages in talks to end the war with Ukraine while maintaining military pressure on Ukraine, insisting on maximalist demands, and using the process to weaken Western unity and improve its battlefield position. For Putin, negotiations are rarely about ending the conflict—they are about advancing it by other means.

In the logic of Endless Warfare, negotiations are less about compromise and resolution than about deception, gaining time, shaping perception, extracting concessions, and improving strategic position for the next phase of conflict. An agreement by an adversary to participate in negotiations may not be a diplomatic victory; just a new phase of conflict.

This article has focused on defining Endless Warfare and how our adversaries employ it. Part II will discuss approaches to countering this emerging reality of modern conflict.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Your AI Isn’t My AI: The Quiet Splintering Ahead

One of the most consequential geopolitical and technological races underway is the competition to shape the future of large language models. For a moment, it looked like a race to build one dominant cognitive operating system for humanity. But that is not what the next five to ten years will look like. Three forces will define the LLM landscape of the next decade: fragmentation across countries and cultures, the shift from chatbots to autonomous agents, and a quiet transformation in how each of us receives, interprets and shares information.

Search engines organize our information. Social media channels figure out how to grab and keep our attention. Large language models now shape our interpretation.

The first two layers concentrated power. The LLM layer, by contrast, is decentralizing along political, cultural and commercial lines.

Almost overnight, LLMs have become the front door to knowledge. Increasingly, they do not simply retrieve information; they interpret it for us. We consult them as experts, rely on them as filters for decision-making, and use them to help make sense of our world. In the process, we are outsourcing judgement to machines we have never met and never will.

This should not surprise us. Humans naturally apply social rules and expectations to computers – a phenomenon described by Byron Reeves and Clifford Nass in their “Computers are Social Actors” (CASA) framework in The Media Equation (1996). If a machine can communicate fluently, express emotion and simulate empathy, our social instincts engage almost automatically. That tendency will become far more consequential as LLMs continue to evolve.

Fragmentation — many models, many worldviews

Every LLM embeds assumptions.The key question for any model is not whether it is biased. It is “what are its biases and how transparent are they?” Each LLM can embed its own historical framing, level of censorship, moral assumptions, geopolitical narratives and definitions of what is acceptable. There is no globally accepted governance framework that consistently defines these boundaries across models. Rather, it can be different for each LLM today.

This challenge becomes even more complex across languages.Biases in Hindi, Mandarin, Arabic, Portuguese, Bahasa Indonesia, Russian and Spanish may receive far less international scrutiny than English-language outputs.The world may therefore experience not one AI ecosystem, but several competing cognitive ecosystems.

Fragmentation and Sovereign AI

A major structural shift underway is the rise of sovereign AI.

Countries increasingly want domestic models, local compute infrastructure, regulatory control, cultural alignment, and strategic independence.

China already operates a distinct AI sphere through systems such as DeepSeek, Qwen, ERNIE, and Hunyuan. India is pursuing Sarvam and Indus. France backs Mistral.Canada’s Cohere and Germany’s Aleph Alpha are in a planned merger to create a transatlantic sovereign AI vendor. UAE has Falcon and Jais through TII and G42. Singapore’s AI Singapore program backs SEA-LION, a national open-source LLM family. Saudi Arabia’s Public Investment Fund backs HUMAIN, a sovereign AI company focused on Arabic-language models.

It is logical that each of these LLMs will be influenced by language, regulation, compute access, procurement ecosystems, and cognitive alignment.

Open-weight models and asymmetric power

Another major development is the rapid spread of open-weight models.Techniques such as Low-Rank Adaptation (LoRA) allow organizations or individuals to fine-tune powerful models cheaply and quickly. Models can be modified for specialized capability, ideological alignment, style adaptation, or the removal of alignment and safety constraints.

Many open-weight ecosystems contain uncensored variants, often available on platforms, such as Hugging Face, a central hub for open-source AI models. This creates a strategic asymmetry. Advanced AI capabilities are no longer confined to major state actors or frontier labs. Adversaries, extremist groups, criminal organizations and foreign influence operations increasingly have access to highly capable systems.

The Rise of Agentic Systems

While the world fragments into competing models, a second transformation is changing what those models actually do. Today, we still think about AI as chatbots, but that framing is already becoming outdated. LLMs are evolving into agentic systems that call APIs, execute code, coordinate workflows, verify outputs, and operate semi-autonomously. In practical terms, agents will book the travel, draft the contract, monitor the competitor, screen the resumes, reconcile the invoices, prepare the briefing and flag what changed overnight — often calling other agents along the way.

Within five years, much of the information arriving at our desks will likely have been gathered, filtered and summarized by an agent before we read a word of it.The interface shifts from “asking questions” to “delegating objectives.” In this sense, the LLM itself disappears into the background — much like relational databases disappeared into modern computing infrastructure.

The Battle Over Cognitive Infrastructure

Put these two forces together and the picture changes for every leader, every citizen, every reader.

How we receive information. Each of us will increasingly see the world through whichever LLM sits between us and it. That model carries its own training data, its own guardrails, its own omissions. Two colleagues asking the same question of two different systems may get two materially different answers — and neither will know what was left out.

How we interpret information. Agents will not deliver raw material. They will deliver conclusions, summaries, and recommendations. The intermediate steps — the sources weighed, the alternatives discarded — will happen out of sight. We will be tempted to accept what arrives, because the cost of checking will be high and the appearance of competence will be persuasive.

How we share information. Increasingly, the message I send is drafted by my agent and read by yours. Provenance gets murky. Tone gets averaged. Persuasion runs through systems neither of us fully controls. Citizens can gradually lose trust in institutions, experts and media altogether – and societies with weakened shared trust become far more vulnerable to manipulation, polarization and coercion.

For intelligence services, this represents a shift in who controls the collection, preprocessing and interpretation layers that sit between raw data and national-level judgement.

What this asks of us

The United States currently retains major advantages (frontier research, semiconductor ecosystems, hyperscale cloud infrastructure, venture capital, and global platform reach), but the strategic environment is changing quickly. American developers increasingly use Chinese open-weight models because of cost-performance advantages. Open-weight models are publicly available, allowing anyone to run, modify, fine-tune or adapt them to their liking. The visible layer of perhaps dozens of major frontier models understates the true landscape. The real surface area lies in the derivatives, adapters and localized systems proliferating worldwide. The battle over AI and LLMs is not simply about economic advantage or technology leadership. It is about who will shape the cognitive architecture through which billions of people understand truth, authority, identity and reality.

The defining question of the next decade may be “Which system do we collectively trust — and what do we still insist on judging for ourselves”. Because whichever systems mediate knowledge, memory, interpretation, persuasion, and trust will increasingly shape the operating system of human society itself. The good news is the infrastructure is being built, the rules and guidelines are yet to be formalized, governance is an emerging topic and major consolidation has not yet taken place. Our future depends on who preserves human judgement, freedom and trust as our world is transformed by technological advance.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Before Funding a Record Defense Budget, Congress Should Demand Answers on Iran

As I listened to Defense Secretary Hegseth testify about the proposed $1.5 Trillion defense budget, the quote from Robert Heinlein, the science fiction writer, kept running through my mind: “The most expensive thing in the world is a second-best military establishment, good but not good enough to win.”

The U.S. military has no peer. U.S. military personnel are a stunningly impressive group, the best trained and equipped to ever fight a war. But despite continued tactical excellence, and the highest tech and the (already) most expensive military in the world, the U.S. has had a hard time turning that into durable strategic outcomes.

The War in Afghanistan ended in a collapse of its government and U.S. withdrawal. Getting Iraq to a fragile, deeply sectarian, often-Iranian-dominated, and corrupt democracy, took years, thousands of U.S. lives, many multiples of that of Iraqi lives, and billions of dollars. And the current Iran war seems likely to end in a way that is neither beneficial for U.S. security nor a successful escalation beyond what can be accomplished with coercive diplomacy—as of right now, the war did not remove the Iranian regime, its highly enriched uranium nor Iran’s capacity to shut down the Strait of Hormuz at will. As a bonus, we likely have confirmed the view among nations that the only real way to ensure that no one will attack you is to acquire a nuclear weapon. These three wars are not a track record of strategic wins.

While Congress considers authorizing and appropriating the largest defense budget since World War II, they should undertake a formal, concerted effort to understand why this disconnect exists. In the case of Afghanistan, such an effort is well underway with the Afghanistan War Commission. But a myriad of questions, ranging from the purely tactical to the political and strategic, need to be answered in the case of the Iran War. While the Administration will certainly argue that it’s too soon for a commission like the one for the Afghanistan War to be contemplated, that should not stop Congress from seeking answers on its own as it determines whether, and how, to provide the requested defense spending.

Congress should demand to know why the U.S. military was underprepared for the threat of Iranian drones, which killed U.S. servicemembers, destroyed aircraft, damaged U.S. facilities across the Gulf, and damaged commercial facilities in multiple countries. This seeming under-preparedness is despite the ubiquity of Iranian-supplied drones in the Russia-Ukraine war. Congress should seek to determine if the intelligence on Iran’s drone programs was accurate and, if so, was DOD unprepared? Or, alternately, did DOD determine this level of damage was an acceptable risk—after all, one rarely fights wars without losses. But it’s equally likely, perhaps much more likely, that we overestimated our capacity and that of our allies to suppress drone launches and intercept airborne drone attacks.

Similar questions relate to Iran’s missile capability, which has done damage all over the region. Again, those authorizing and carrying out the war would have strong insight into Iran’s capacity to conduct such strikes. And the U.S. may have understood, assuming media reports are correct, that Iran could rebuild these capabilities reasonably quickly. But Congress should ask about this and the capabilities and decision-making given the costs that have been imposed. Would the systems that would be funded in this year’s budget request fix that problem? Or do we need to do something else?

Iran has been, as noted, able to close the Strait of Hormuz. Did DOD develop workable options for this foreseeable possibility? If not, why not given that such a closure has been contemplated in many, many war games and written about publicly for years? Bad planning? Or did DOD assume they had the capability to deal with the Iranian systems? If so, why was that wrong and what do we need to do to ensure that this can’t happen in the future, for example in the Strait of Malacca or the South China Sea?

Congress should also ask hard questions about military planning. The Department of Defense is extremely defensive about sharing details of war plans with Congress, for understandable reasons, but the Secretary of Defense and Chairman of the Joint Chiefs have not been shy about broadcasting, for example, the number of targets hit and ships sunk. How did the planners envision striking these targets in those numbers would achieve strategic goals, whatever they were?

The largest problems appear to come from confused and wildly over-optimistic goals and misaligned strategies between allies. And one cannot envision the Administration agreeing to answer questions about how the President made the decision to attack or why he made that decision when he did. But Congress can and should press the Department and the Intelligence Community on what options were presented and how risks and benefits were presented. The Executive Branch will resist this, but also cannot be trusted to grade its own homework. And the country deserves to have some faith in the process by which the President is presented and weighs strategic options and risk even if the President resists explaining how he came to make those decisions.

It would be ideal if Congress would conduct these inquiries publicly. But given the political environment, that seems likely to break down in partisan infighting. Instead, Congress, through the Armed Services Committees and to a lesser extent the Intelligence Committees, could simply explore these questions through a series of closed-door briefings, hearings, and interviews. Responsible members, and the Chairman and Ranking Members on both Armed Services committees are in that category, can agree to lock arms and work together to understand what happened—the Senate Select Committee on Intelligence investigation into Russia’s attempts to interfere in the 2016 election provides a good example of just this kind of effort (full disclosure—I was the Minority Staff Director on SSCI during this time). Such effort may not fully satisfy anyone, will irritate partisans on both sides of the aisle, and will certainly provoke conflict between the branches. But such checks and balances are essential to war fighting by a democratic state. We need to understand why we’ve failed in the past if we want to win in the future and avoid Heinlein’s curse.

All views, positions, and conclusions expressed in this publication should be understood to be solely those of the author.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Anonymous Wikipedia Editors Influence Global Narratives — and AI Systems

OPINION -- If you ask Google what Al Jazeera is, the answer you receive draws heavily on Wikipedia. The same is true if you ask ChatGPT, Perplexity or many other large language models. Wikipedia has become the working baseline of public knowledge, whether for reporters, students or congressional staffers.

Look up Al Jazeera on Wikipedia today and the encyclopedia describes it as “a Qatari news media organization” that is “a statutory private foundation for public benefit” “primarily funded by the government of Qatar.” Its flagship article assures readers that Al Jazeera was “launched with a mandate of independence,” was “noted for its journalistic professionalism,” and is recognized by scholars as having driven a democratizing “Al Jazeera effect” across the Arab world. This is the conventional wisdom hundreds of millions of people now casually believe.

It is also, in many important respects, wrong.

The ground truth is that Al Jazeera is a state-owned broadcaster of an absolute monarchy, funded and effectively controlled by the ruling Al Thani family of Qatar. The network's own former director general told the BBC in 2017 that “90% maybe” of its budget comes from the Qatari government. Its founding chairman has been Sheikh Hamad bin Thamer Al Thani, a member of the royal house. Qatari law makes criticism of the Emir, his family or his policies a punishable offense, and Reporters Without Borders ranks the country among the world's least free for journalism.

The U.S. Department of Justice has determined Al Jazeera to be “controlled and funded by the government of Qatar” and has ordered its U.S.-targeted digital outlet, AJ+, to register as a foreign agent — an order it has refused to comply with. Israel banned the network in 2024. Four neighboring Arab states demanded its closure as a condition of restoring relations with Qatar in 2017. By every functional measure that matters, Al Jazeera is a state influence enterprise. That is not the picture Wikipedia paints. And it is not an accident.

Wikipedia, the fifth-most-visited website in the world, is written by anonymous volunteers. Anyone with an internet connection can edit nearly any article, and editors are under no obligation to disclose their real identity. The platform's paid-editing rules require editors who are compensated by clients to declare it on their user page, but enforcement depends entirely on volunteer detection. Articles on contentious topics, like the Israel-Palestine conflict, can be placed under so-called “Extended Confirmed Protection,” restricting edits to established accounts. But within those restrictions, the system runs on the assumption of good faith. Once an account passes the threshold for tenure, it can shape any article it chooses, in any direction, behind whatever username it likes.

One user dominates Wikipedia's coverage of Al Jazeera. Originally registered as Gsgdd in November 2022 and later renamed Cinaroot, the account is now responsible for more than 40 percent of the current text on the main Al Jazeera Media Network article (nearly quadruple the second most active editor), more than 27 percent on Al Jazeera English (triple the next editor), and 68.2 percent on Al Jazeera effect, the entry that explains the network's broader significance (five times greater than the second most active editor).

Who is Cinaroot? Honestly, no one outside Wikipedia's internal moderators knows. The account presents no biographical information, lists no affiliations, and has renamed itself twice — from Gsgdd to Astropulse in mid-2024, then to Cinaroot in early 2025 — making earlier activity harder to trace. There is no public evidence directly linking the account to the Qatari government, to Al Jazeera, or to any contractor working for either. What can be established is the pattern of edits, their volume, their direction, their timing, and the institutional environment in which the work is taking place. Whether Cinaroot is one person, a team operating from Doha's information ministry, or a contractor compensated by a third party can only be inferred. The inference is strong. The proof of who sits at the keyboard remains, by design, out of reach.

What can be analyzed is the account's behavior, and it would interest any analyst of influence operations. Cinaroot was registered on Nov. 12, 2022, ten days before Qatar opened the 2022 World Cup — the centerpiece of more than a decade of Qatari soft-power spending and an event Doha treated as the small Gulf monarchy's arrival as a global actor. The account made a handful of minor, unrelated edits and then, for nine months, fell silent. That itself is unusual. Most organic users' activity fluctuates, but rarely do they go fully dormant for months. Most important is when the account “woke up.”

On Oct. 25, 2023, eighteen days after Hamas's attack on Israel, Cinaroot's first substantive act was a political statement. The edit was a post on the Talk page of the October 7 attacks article, where editors discuss (and often fight over) changes. The account, citing UN Secretary-General António Guterres, asserted that the massacre of 1,200 people in Israel “did not happen in a vacuum,” and enumerated alleged Israeli responsibilities for the violence.

Two days later, the account began what would become a years-long campaign focused on Al Jazeera. But what it did first would set the template for everything that followed.

In 2017, Saudi Arabia, the United Arab Emirates, Bahrain and Egypt severed relations with Qatar, blockaded its borders, and demanded the closure of Al Jazeera as one of thirteen conditions for restoring them. Four Arab governments — Qatar's closest neighbors and the states that had lived with the network's regional role for two decades — had judged Al Jazeera consequential enough that its shutdown was a key demand. That fact sat in the lead section of the Al Jazeera Arabic Wikipedia entry, the first thing a reader would see — and as damaging a claim as any for an organization trying to manage its credibility.

Cinaroot, an account that, at the time, had almost no recorded experience on the platform, swiftly moved the statement out of the lead and into a controversies section further down, where fewer readers would encounter it. In its place, favorable language about the network's journalism went in at the top. The same kind of move would be repeated across the cluster for the next two and a half years: critical material relocated, compressed or contained; favorable material elevated; disputes about Qatari control reframed as procedural questions about sourcing and balance.

Examples accumulated. In November 2023, Cinaroot removed the names of senior Qatari figures — including the network's chairman, a member of the Al Thani royal house — from the lead of the Al Jazeera Media Network article, visually distancing the network from its royal leadership at the top of the page. The same month, the account rewrote the article's account of the U.S. foreign-agent ruling to apply only to the subsidiary AJ+, isolating the legal classification from the parent organization. In June 2024, Cinaroot removed Al Jazeera English's “state media” categorization tag from its Wikipedia infobox, arguing in the edit summary that “partial funding by Qatar govt itself is not enough for categorization.” In September 2025, when another editor proposed describing the network as “essentially state media,” Cinaroot reverted them with the justification: “essentially is not enough, legally is what matters.” On a single day in January 2026, the account deleted 39,544 bytes — roughly 6,500 words, or a month of accumulated work by another editor — covering the network's funding, governance and editorial policy.

Cinaroot has not gone uncontested. Another editor, operating under the Arabic-language username Ghawwas Al-Ilm — “diver of knowledge” — has spent years expanding the same pages with sourced material on Al Jazeera's funding, leadership and operational ties to the Qatari state. That material is the substance Cinaroot has repeatedly removed. The pattern across the cluster is one of expansion by Ghawwas, then constraint by Cinaroot — additions accumulate over weeks; one structural edit erases them. Because Cinaroot has the higher tempo and the procedural fluency, the constraint side has, over time, prevailed.

The cumulative effect, edit by edit, is more than a sanitized story. It is a Wikipedia certification of Al Jazeera as independent — the most valuable endorsement the network could ask from any platform. That certification flows outward. It feeds Google's answer panels, trains the major large language models, and shapes the first paragraph of countless news stories, term papers and policy memos. The result is one of the most consequential acts of historical revision in the digital age.

Al Jazeera's 1996 founding, originally rooted in the 1995 palace coup that brought Sheikh Hamad bin Khalifa Al Thani to power — and that produced a satellite broadcaster to project his new government's voice almost immediately — has been stripped of that political context. The phrase “primarily funded by Qatar,” used in earlier versions of the article, has been softened. In reality, the network's funding, launched reportedly with more than $1 billion, mostly from the Emir of Qatar himself, has not changed.

The most striking work is on the Al Jazeera effect article — a page that does not simply describe the network but theorizes it as a democratizing political-science phenomenon. The article today asserts in its own voice that there is a “broad consensus that the network has revolutionized Arab television news,” enjoying an “unprecedented margin of freedom” and “democratizing media in the Middle East.” In effect, this is a complete inversion of the journalistic reality behind the network, which is funded and effectively controlled by the rulers of an autocratic petro-state. Cinaroot wrote 68.2 percent of it. This isn't ancient history: the account is responsible for 71 of the page's 83 edits since the beginning of this year.

The Al Jazeera effect article leans on the work of Mohamed Zayani, a scholar at Georgetown University's Doha campus, which Qatar has funded with more than $1.06 billion in disclosed payments to the university. The Wikipedia article's signature claim, that Al Jazeera enjoys an “unprecedented margin of freedom,” is taken from a paywalled Zayani paper that Cinaroot personally paid $37 to access, noting “thanks Sage” in the edit summary. Volunteer encyclopedia editors working in their spare time do not typically reach for their credit card to buy paywalled academic articles in order to cite them.

Wikipedia insiders have a term for this kind of loop: citogenesis. In the classic case, an editor adds an unsourced claim to Wikipedia; a reporter reads it and repeats it in print; the printed article is then cited back into Wikipedia as the source. A claim has been validated by the loop it produced. What appears to be happening on the Al Jazeera pages is citogenesis at an institutional scale. Qatar funds the news network. Qatar funds the prestigious university. Scholarship that emerges from inside that funded ecosystem then appears in Wikipedia as if it were neutral authority. Wikipedia trains Google's answer panels and the major large language models. By the time the information reaches a reader, the original political circumstance has been removed at three stages, and the constructed “truth” separated from the context that produced it.

Cinaroot is not alone. A second editor, Mo2010, has built out much of the secondary infrastructure across the Al Jazeera ecosystem — and has done particularly consequential work on the AJ+ article, which Mo2010 created from scratch in February 2014. AJ+ is the brand U.S. regulators ordered to register under the Foreign Agents Registration Act, and the network's most aggressively distributed property on American social media. On the AJ+ page, the way that foreign-agent order is described — as a press-freedom issue rather than a Justice Department determination of state control — shapes how American readers, and the AI systems that increasingly answer their questions, encounter a foreign government's most active U.S. media presence.

This is not the first Wikipedia editing operation linked to Qatar's interests. In January, the Bureau of Investigative Journalism — a London-based nonprofit newsroom — documented a covert editing operation by London PR firm Portland Communications on behalf of Qatari-linked clients: a network of anonymous accounts deployed to reshape politically sensitive articles, particularly those connected to the crown jewel of Qatar's brand empire — its global sports-related partnerships and the executives behind them. That investigation established the capability and the precedent. The Al Jazeera cluster is what the same playbook looks like applied to Qatar's most consequential media asset.

None of this is a hidden conspiracy. Every edit is in the public Wikipedia record. Anyone with a browser can read them. That is also the design: each individual edit is defended on its face as sourcing improvement, neutrality balancing or style cleanup. Wikipedia's culture rewards those rationales. The pattern is only visible when one reads the edits together.

Wikipedia will not solve this on its own. The platform's editorial culture is designed to assume good faith and to treat procedural arguments as conclusive. That is its strength, and its vulnerability. Foreign-influence work that arrives in the language of “sourcing” and “balance” passes through without resistance. It also helps when the platform has been cultivated. The Qatar Foundation, a state-owned non-profit, was a six-figure donor to the Wikimedia Foundation in the early 2010s. The Qatar Computing Research Institute — owned by the Qatar Foundation — entered a formal partnership with Wikimedia in 2011 to expand Arabic-language Wikipedia, train editors and integrate Wikipedia editing into university curricula in the emirate.

In 2013, Wikipedia co-founder Jimmy Wales delivered a keynote at a Qatar Foundation event in Doha. And in December 2025, Al Jazeera Media Network announced an expanded partnership with Google Cloud to integrate Google's AI tools into its newsroom — the same Google whose answer panels are fed in part by the Wikipedia articles Cinaroot has shaped. None of these touchpoints proves editorial control. They demonstrate that Qatar has, for more than a decade, engaged the encyclopedia and its commercial neighbors at the institutional levels at which platforms decide which actors' claims should be treated as credible and which should be scrutinized.

There are concrete steps Wikipedia and its parent foundation could take. Articles about state-funded media organizations could be designated as a contentious topic class, requiring identity verification through the Wikimedia Foundation for editors making more than a defined number of substantive changes — without exposing those identities publicly. Single-editor authorship dominance above an established threshold (say, 40 percent of an article on a politically sensitive subject) could trigger automatic review. Edit summaries that justify content removal on procedural grounds could require linking to a documented Talk-page consensus rather than a single editor's policy invocation. Wikipedia's existing paid-disclosure rules could be enforced not only against editors who declare themselves paid, but against accounts whose editing patterns — concentrated topical focus, procedural sophistication, persistent directional outcomes — diverge measurably from organic editing. None of these would compromise the open ethos that makes Wikipedia what it is. They would simply close the gap the current rules leave open.

What governments, technology platforms and the encyclopedia itself owe their readers is a more honest accounting of who writes the entries that now train the world's information systems. Until then, the answer to the question “What is Al Jazeera?” will be whatever a small number of editors, backed by a much larger set of institutional relationships, have together determined.

Ashley Rindsberg is founder and chief investigative officer of NPOV. Toby Dershowitz is senior adviser at the Foundation for Defense Of Democracies, a non-partisan research Institute focused on national security and foreign policy issues. Follow them on X @ashleyrindsberg and @tobydersh

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Part II: When a Machiavellian and a Charismatic Met

In our pre-summit piece on the Xi/Trump meeting [When a Charismatic and a Machiavellian Meet 12 May] we wrote: "When a gifted political charismatic such as President Trump is paired in negotiation with an equally gifted Machiavellian such as President Xi, history-making deals may happen. So too can epoch-defining disasters." At the end of the summit, the two Presidents parted ways in an atmosphere of comity – and with the possibility of hammering out between them this year (with three more summit opportunities) a modus vivendi on Artificial Intelligence with incalculable value to all of humanity.

Beijing's and Washington's announcement of their commitment to establish the first ever "intergovernmental dialogue" on AI received scant attention in the noisy and highly divergent post-summit parlor game commentary about who gained what, who gained most, who gained nothing, and who lost what. This is probably because of deep skepticism that mutual trust can be achieved in the midst of the current breakneck international competition to win the AI race.

Those of a certain age can remember the despondent faces of Reagan and Gorbachev, great friends and partners in peace, when they failed at their October 1986 summit in Reykjavík to reach an agreement that had the potential to eliminate all nuclear weapons. Soon after the summit — in 1990, four years later — Gorbachev was awarded the Nobel Peace Prize "for the leading role he played in the radical changes in East-West relations" but ever after spoke about his sense of personal failure in not making a deal with Reagan.

At the time, these two leaders of the world's recognized superpowers – the two most politically powerful men on earth in 1986 -- were working in a world where "mutually assured destruction" had become the de-facto solution to avoiding global nuclear war. What Xi and Trump are proposing now is getting ahead of an equally potentially cataclysmic global problem. They are proposing, as the Chinese announcement said, "working together to promote the development and governance of AI, so that AI can better serve the progress of human civilization and the common wellbeing of the international community." In other words, they are committing to using their individual power in their separate global spheres of influence to avoid a cyberspace era of "mutually assured destruction" – let's call this CyberMAD – this time based on weaponizing AI, versus nuclear power that we can call NuclearMAD.

The AI agreements they may strike – a new "rules based" order that only they will be able to enforce in their own regions – might only be possible when the negotiations occur between "frenemies," two counterpart leaders at the apex of world power who negotiate in good faith despite differences in temperaments, competing political systems, widely divergent cultures and histories.

Paradoxically, what stands out against the backdrop of Xi and Trump's numerous and salient differences are their very similar understandings of the logic and dynamics of political power and their shared political ethics regarding only negotiating with true equals in power. The combination of such extreme differences alongside similar political philosophies may pave the way to forging an AI accord.

Should they succeed, history will judge these men as belonging among the ranks of great world leaders, and history will forgive them much.

Let's review some events from the summit that signal why such a deal is possible.

No Big Fat Hug, but a Counter-Cultural Handshake

With his usual seemingly slightly over-caffeinated gusto the extroverted American President declared prior to their meeting that the Chinese President will greet him with "a big, fat, hug." Trump may have been channeling the classic comedy dynamic between a "funny man" up against a deadpan "straight man." In response to this possible wisecracking from President Trump, the austere introverted Chinese President maintained his usual imperturbable silence, though we can imagine him chuckling — or eye rolling — as this sally from his fellow member of the "superpower leaders' club" – that most exclusive club with a current membership of two.

In the end, Trump was greeted in Beijing not with a big hug from Xi, but with Xi accepting Trump's characteristic long two-handed grip handshake and penetrating stare into the other leader's eyes — something highly culturally uncomfortable for a Chinese leader. For the Chinese such a full in-the-face stare is usually interpreted as a deliberate act of aggression or dominance.

We cannot overlook how much these two Presidents are working to accommodate each other, despite their real differences.

Though Their Drawbridges May be Down, Their Battlements Remain Armed

Xi and Trump share a philosophy of power whereby lasting international deals can only be made if domestic – meaning personal -- power remains balanced between the two dealmakers. Enforceable deals are only secure if individual domestic power is advertised and equally respected by both parties.

Xi's team made this reminder clear regarding his domestic power when China's Foreign Ministry spokesperson tweeted in the middle of the summit that, "the Taiwan question is the most important issue in China-U.S. relations…If it is handled properly, the bilateral relationship will enjoy overall stability. Otherwise, the two countries will have clashes and even conflicts, putting the entire relationship in great jeopardy." The resulting outcry by the American media at this piece of "disrespect" was predictable.

Trump's team made their own statement of defiance regarding domestic power by dramatically chucking any non-organic technology (burner phones and computers) and Chinese representation gifts into a large wastebin at the foot of Air Force One as they departed. This was an unsubtle for-the-cameras reminder to their Chinese counterparts that: "we won't help you spy on us at home." Predictable Chinese commentary ensued over what was labelled an unnecessarily provocative, rude, and "disrespectful" gesture.

Each leader's current stance with regard to their domestic power appears to be enough said and point made (without direct confrontation) and no long-term harm was done. Each leader can make – and take -- political displays of domestic toughness from the other because both understand that each must test their frenemy's strength and resolve. Xi and Trump tolerate and respect each other's political skills on this level, like lions roaring at each other in the wild to mark their territories.

Domestic Postures and Personalities Aside – An AI Deal for the Ages

Xi is a Machiavellian who understands the dangers of yielding to AI control over the material infrastructures of civilization. Trump is a charismatic and intuitively understands the dangers of outsourcing to AI mastery over the intangible psychological ties that shape the social contract between a populace and governance. Humanity missed the mark in WWII with nuclear weapons — each nation hellbent on making such weapons their own and ignoring the global implications of proliferation. This fierce self-interested competitiveness between the world's nations led us to a world where accepting the well-named MAD – mutually assured destruction – made sense as the only way to keep the peace, and therefore all of humanity alive. Today, as we watch the dynamics between the two leaders of the world's superpowers we can hope for a different outcome. Xi and Trump understand the politics that led to NuclearMAD in the past, and how the current politics of AI can lead to the new calamity of CyberMAD. This time however they appear to be taking steps to guide humanity away from making a new set of science-based self-destructive global mistakes.

These leaders — powerful, intimidating, each in his own way brilliant — are best positioned — temperamentally and politically — to hammer out, put on record, and police a deal to curb the dangers of AI and secure humanity's future.

Who knows what marvels future generations will achieve with the aid of AI, if its dangers are curbed through the joint leadership of the Presidents of China and the United States.

[1]"All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Narco-Terrorism as Grey-Zone Warfare: Pakistan’s Hidden Front Against India

The United States has long framed its South Asia policy around countering China’s rise, managing the fallout from Afghanistan, and preventing terrorist safe havens. Yet, Pakistan-facilitated narcotics trafficking into India remains a persistent and under-appreciated threat that demands greater attention in Washington. This is no longer an organized crime syndicate but a strong case of narco-terrorism – a deliberate grey-zone strategy that blends profit with subversion.

Drug proceeds fund anti-India Salafi-Jihadist groups, erode social stability in a key democratic partner, and sustain the very transnational networks that the United States has targeted for decades. Recent Indian operations and intelligence reports reveal Pakistan’s role as both a transit hub and active enabler, turning the Golden Crescent into a direct vector against Indian society. For American policymakers, ignoring this pipeline risks undermining Indo-US strategic convergence at a critical moment in the Indo-Pacific and the Middle East.

The Enduring Golden Crescent Nexus

Afghanistan continues to dominate global opium production, even after the Taliban’s 2022 cultivation ban dramatically reduced planted hectares. Vast pre-ban stockpiles, combined with a surge in methamphetamine labs reliant on chemical precursors, have kept the trafficking ecosystem alive and adaptable. Pakistan remains the indispensable transit corridor, channeling Afghan-origin heroin, hashish, and synthetics eastward into India while also moving product westward toward Europe. A 2025 US State Department Presidential Determination on major drug transit countries explicitly listed Pakistan among the 23 nations central to the global illicit drug trade, citing “geographic, commercial, and economic factors” that sustain the flow despite enforcement gaps. Indian analysts and security officials frame this as narco-terrorism. Proceeds from these shipments are alleged to finance groups such as Lashkar-e-Taiba (LeT), with hawala networks and cryptocurrencies providing the laundering backbone.

The human cost inside India is stark as border states like Punjab confront epidemic youth addiction, rising crime rates, and generational damage that weakens internal cohesion. What begins as a criminal enterprise quickly becomes a tool of hybrid warfare that imposes asymmetric costs on India without crossing the threshold of conventional conflict. For the United States, this matters because the same financial pipelines that move drug money have historically overlapped with terrorist financing streams that once threatened American lives and interests.

From Drones to Deep-Sea Handovers

Pakistan-linked networks have proven agile, shifting tactics to evade Indian border defenses and capitalize on new technologies. The most alarming innovation is the sudden rise of drug-laden Pakistani drones along the western land border, particularly in Punjab. According to India’s Narcotics Control Bureau (NCB) 2024 Annual Report, drone-related trafficking cases along the India-Pakistan border skyrocketed from just three in 2021 to 179 in 2024, with 163 incidents concentrated in the bordering districts of the Indian state of Punjab. The trend escalated further in 2025 with India’s Border Security Force seizing 272 drones coming from Pakistan into Punjab and recovering more than 367 kg of heroin between January and November 2025. The NCB explicitly warns that these unmanned systems constitute a “significant threat to India’s internal security,” as they bypass physical fencing, evade patrols, and deliver precise payloads of heroin and opium in minutes. Recoveries in these operations have included hundreds of kilograms of narcotics, highlighting the scale and sophistication.

Maritime routes across the Arabian Sea offer another high-volume artery. In April 2024, the Indian Coast Guard, NCB, and state police forces intercepted a Pakistani vessel west of Porbandar in Gujarat, seizing approximately 86 kg of narcotics valued at nearly $62 million and detaining 14 Pakistani crew members. A parallel case from December 2021, adjudicated in April 2026, saw a Gujarat special court sentence six Pakistani nationals to 20 years’ rigorous imprisonment each for smuggling 76.9 kg of heroin worth $39 million; the boat was intercepted 35 nautical miles off the Gujarat coast after intelligence pinpointed mid-sea handovers originating from Karachi. These sea operations frequently involve coordinated transfers from ports such as Karachi or Gwadar, exploiting India’s 7,500-kilometer coastline as both a destination and a transit node toward Gulf markets. Traditional land corridors through Jammu and Kashmir and Rajasthan persist, often synchronized with drone drops in hybrid tactics.

Narco-Terrorism as Grey-Zone Warfare

Beyond the statistics lies Pakistan’s deeper strategic intent. By flooding Indian border regions with narcotics, these networks corrode the social fabric, generate revenue for Pakistan-backed jihadist outfits, and force New Delhi to divert resources toward internal security. This mirrors grey-zone tactics Washington has criticized in other theaters, including persistent, below-threshold pressure designed to weaken an adversary without provoking open war. Recent National Investigation Agency (NIA) chargesheets, including an October 2025 filing in an LeT-linked narco-terror case, have traced drug proceeds directly to financing of proscribed terrorist outfits, with international hawala channels routing funds to operatives in India and Pakistan-administered Kashmir. Furthermore, Indian border forces’ confiscation of 10.2 kg of explosive material, 12 hand grenades, and 200 small arms with ammunition alongside drug shipments in 2025 alone offers strong evidence that narcotics, arms, and terror financing now operate as one ecosystem.

For the United States, the implications are concrete and immediate as terror groups sustained by narco-profits have repeatedly targeted American citizens and allies. The same laundering mechanisms that shield drug profits also obscure terrorist financing, creating overlapping threats that US law enforcement and intelligence agencies have long tracked. Moreover, India is America’s indispensable partner in the Indo-Pacific. As Washington deepens defense, technology, and intelligence cooperation with New Delhi to counter Chinese assertiveness, allowing a Pakistan-enabled narco-pipeline to undermine Indian stability undercuts that partnership. The post-Operation Sindoor landscape has already demonstrated how quickly South Asian flashpoints can escalate. Layering narcotics-fueled instability atop existing tensions only heightens crisis risks. In short, what happens in Punjab or Gujarat does not stay there, but it reverberates across the QUAD and into America’s broader strategic calculus.

Time for a Smarter US Approach

US policymakers should stop treating India’s narcotics challenge as a narrow bilateral issue and elevate it from the margins of policy on three fronts:

First, Washington should expand real-time intelligence sharing between US agencies and India’s Narcotics Control Bureau and Coast Guard to accelerate interdictions. The Arabian Sea route matters to Western interests because the same waters used for narcotics trafficking are also vital to global energy flows and commercial shipping. If Washington is investing in maritime domain awareness and Indian Ocean security, narcotics interdiction should be part of that conversation, not an afterthought.

Second, the United States should use targeted sanctions against key traffickers, facilitators, and financial enablers by leveraging existing counter-narcotics and counterterrorism authorities. Raising the cost of operating across these networks would help disrupt the financial architecture sustaining narco-terror activity.

Third, US diplomatic engagement with Islamabad should explicitly link counter-narcotics performance to broader security assistance discussions, making clear that grey-zone destabilization carries consequences.

The post-Sindoor era has shown how quickly South Asia’s security architecture can evolve. Yet the narcotics threat has intensified, adapting faster than the countermeasures designed to contain it. For the United States, treating Pakistan’s role in this pipeline as a peripheral law-enforcement matter is no longer tenable. Confronting it is a necessary investment in protecting a vital democratic partner, disrupting terror financing, and preserving long-term stability across South Asia.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

AI, Autonomous Weapons, and the Pentagon’s $55 Billion Bet on Future War

“The [Defense] Department (DoD) is requesting a massive increase for DAWG. For those in the audience that may not know, DAWG is the Defense Autonomous Warfare Group [tasked with rapidly developing, testing, and fielding large numbers of un-crewed systems and drones] and it's going from the $225 million [in fiscal year 2026] up to the $55 billion for fiscal year 2027. And at the same time, we're integrating the AI-driven [Artificial Intelligence-driven] targeting with those autonomous munitions at a pace that DoD directive 3000.09 was not designed to contemplate.”

That was Senate Armed Services Subcommittee Chairman Sen. Joni Ernst (R-Iowa) on May 19, speaking during a hearing on the science and technology priorities contained in the Fiscal Year 2027 Defense Authorization Bill and the Future Years Defense Program.

The 85-minute subcommittee session covered not only the proposed sharp budget increase in new autonomous weaponry, but also the race that’s going on between the U.S., China and other countries to integrate AI into offensive and defensive warfare. Ernst was questioning Defense Undersecretary for Research and Engineering Emil Michael when she brought up DoD directive 3000.09 which, as updated in 2023, established policy “for developing and using autonomous and semi-autonomous functions in weapon systems, including armed platforms that are remotely operated or operated by onboard personnel.”

Ernst asked: “Secretary Michael, has the department formally reviewed whether the current governance framework is actually keeping pace with DAWG’s growth and then how do we overcome that?”

Michael responded, “It absolutely needs updating…because of the threat environment -- what's possible by the adversary -- and partly because of the lessons we learned in Iran.” He explained that the U.S. wants “autonomous mine-seeking capabilities” for the Hormuz Strait, and the Trump anti-missile Golden Dome “has an autonomous element to it, a space-based interceptor that could …hopefully get a Chinese hypersonic missile in the first 90 seconds of launch before it separates into decoys and multiple munitions. So there are going to be different risk levels with autonomous and we have to account for them in our policies. My belief is that will change more frequently than it has in the past than it ought to, to be consistent with our values, consistent with the threat environment, and consistent with the technology development.”

In his opening remarks, Michael described concerns with China, when it comes to the AI competition.

“From a national security standpoint, this is another case of our adversary, the main adversary, China, you know, taking our IP [intellectual property] from our American development labs that have spent hundreds of billions of dollars [on AI] by the end of the next couple of years…And they're “distilling” those [AI] models, which means effectively copying them for a fraction of the

price, taking off the guard rails for them, which means they could be used in ways that they're not intended to be used, which is very dangerous for us, whether it's cyber as a cyber weapon, as a biological weapon, as a chemical weapon.”

“So the threat is real,” Michael said, adding, “We have to stay ahead on chips, power, innovation and capital formation and that gives us this six to 12 month lead and maybe we could extend it. In the last Commerce [Department] NIST (National Institute of Standards and Technology) evaluation, our lead had increased by a few months against the Chinese.”

Discussion of AI in directed energy/laser weaponry was one area that caught my eye.

“Directed energy is one of my top critical technology areas,” Michael said, “So it is a focus by us. The science for directed energy is largely done and now we're in the engineering phase of it. So the engineering part of it makes it cheaper, smaller and more proliferated. We now have a suite of directed energy products that go from low-end to high-end and now we have to scale production of those. The things that are helping are Golden Dome [anti-missile defense systems], because they have a big reliance on directed energy…And because the commitment was made to the President [Trump] that we're going to have a demonstration that includes directed energy in our Golden Dome architecture, there's a lot of energy going into that.

Michael added, “While we're going to have multiple demonstrations, the primary demonstration where it [laser technology] demonstrates a lot of capabilities will be summer of [20]28.”

When Subcommittee Chairman Ernst asked Undersecretary Michael, “What are we doing to ensure that the transition pathway from that [AI weapons] prototype to actual production is actually functioning,” he gave as an example Castelion, a company he said, “developing low-cost hypersonics less than half-a-million-dollars per missile relative to the $50 million per missile we pay today.”

Backing up his statement, I found that last April 24, the U.S. Navy announced it had awarded Castelion a $105 million to continue efforts to integrate its Blackbeard hypersonic strike weapon onto the F/A-18 fighter/bomber and transition the system to an Early Operational Capability in 2027 for carrier-based operations.

And on May 13, DoD announced “once Castelion achieves testing and validation, the Department will award a two-year multi-year procurement contract for a minimum of 500 Blackbeard missiles annually, with options to extend for up to five years. To further encourage Castelion's self-funded facility expansion, the Department is actively seeking the necessary authorizations and appropriations to purchase over 12,000 Blackbeard missiles over five years.”

Subcommittee Ranking Minority Member Sen. Elissa Slotkin (D-Mich.) raised two questions that took up a good part of the panel’s time.

“Given the strategic importance of winning, I cannot for the life of me understand two decisions that have been made,” Slotkin said. “Number one [was] the decision to sell Nvidia chips to the

Chinese, giving them not our most sophisticated, but some of our most sophisticated chips and chips they do not have.”

“Secondly,” she said, “I do not understand picking a fight with one of the few [AI] companies, Anthropic, that's in all of your [DoD] systems. All of you [the military services] use Anthropic right now, to the point where we've named them a supply chain risk, and all of you are supposed to be divesting from Anthropic in the next two months.”

“On the chips question,” Michael said, “this is a debate within the technology industry which is if you sell an adversary older chips, do you slow down their domestic production of equivalent chips because they become reliant on your technology?…If they become used to the American stack, is that net better for the American AI proliferation? And that's a debate.”

Michael added, “And the White House has decided that if we gave them two versions behind chips that we'd be able to preserve our dominance on the programming language, and make it less encouraging for them to develop their own domestic chip industry to catch up.”

As for the withdrawal from Anthropic, Michael said, “What we're worried about with the terms of service that they [Anthropic] had, and their posture toward the department [DoD], which when they questioned the [Venezuela President] Maduro raid, and whether their software was used inappropriately [in his kidnapping], gave us the sense that this was not a reliable partner to deal with…in conjunction with their written terms of service which prevent the use cases that we would like to advance into -- battlefield management, directing interceptions, developing weapons systems.”

Michael explained, “Google, who's been a longtime partner of the [Defense[ Department, Microsoft, Nvidia, real big companies with proper corporate governance, went through their legal teams and agreed to our terms of all lawful use cases, where Anthropic would not. So that should say something that our terms weren't unreasonable.”

However, last week news stories reported that White House Chief of Staff Susie Wiles personally overruled the Pentagon's supply chain risk designation for Anthropic when it came to the company’s contract with the National Security Agency (NSA), which collects and processes electronic foreign intelligence communications.

The revised Anthropic contract with NSA drops the previously contested "any lawful use" Pentagon language, and adds an explicit clause restricting use of Anthropic tools for processing data on American citizens.

In this case, the White House appears to have supplanted the Pentagon in setting the rules for AI contracts. It remains to be seen how these conflicting decisions will be worked out.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Remembering the Americans Who Made Ukraine’s War Their Own

This Memorial Day, The Cipher Brief is remembering the Americans who answered the call after Russia launched its unprovoked, deadly invasion of Ukraine in February of 2022. What follows is a deeply personal account of the war through the eyes of two Americans who have lived it. This piece was written by Dr. Douglas Davis in cooperation with Colonel Sam Hartwell (Ret.).

PERSPECTIVE / OPINION – I did not set out to become someone who counts or names the dead. But years of working in Ukraine have a way of reorienting what you thought your life was all about. Our families have a high price dating back to 2014, when Russia invaded Crimea and uprising in the Donbas.

My wife’s 25-year-old cousin, Mykola Zabavchuk, was killed while serving as a sniper near Bakhmut in the first summer of Russia’s invasion. We visit his grave and the memorial bearing his posthumous Order of Courage medal from Ukrainian President Volodymyr Zelensky every time we’re in Lviv. It changes you and keeps a solemn perspective on those who are fighting for their freedom.

But the reality is that the loss of Ukrainian lives is tragic but understood, even expected, in the cold calculus of this war. But that’s not the whole story. What we find most difficult to reconcile is this: America says it is not at war in Ukraine - and officially that’s true - yet some of America’s most experienced warriors cannot ignore the call to defend freedom and have volunteered to fight and die there. Very few outside their military community are talking about it.

My collaborator for this article, Sam Hartwell is a West Point graduate and former U.S. Army intelligence officer who has spent much of the past three decades living and working in Ukraine. He knows what I am talking about better than most. He lost one of his closest friends, Mark Paslawsky, a West Point classmate and former 82nd Airborne Division artillery officer on August 19, 2014, in Donbas.

Paslawsky was the first American killed in Russia’s war on Ukraine at the Battle of Ilovaisk. He was posthumously awarded the Order of Danylo Halytsky by then-Ukrainian President Petro Poroshenko. Sam now lives in his friend's former apartment in Kyiv, not far from a memorial wall that bears Mark’s portrait. Sam does not talk about this often. That restraint is itself, a kind of testimony.

As a global health physician, I came to this story through a different door than Sam did. My medical work in Ukraine brought me into close contact with a remarkable and unlikely community: American veterans who came to Ukraine not under orders, not under contract, but under conscience. Many applied the lessons learned in war and national security to fight for freedom alongside Ukrainian brothers and sisters in arms. Others came principally to support humanitarian causes.

Crisis of Conscience

I had the honor of serving on the board of one such humanitarian group, Mountain Seed Foundation, alongside its founder, Lieutenant Colonel Nathan Schmidt, USMC ret., and Navy SEAL Lieutenant Commander Dan Cnossen, USN ret., two Naval Academy classmates whose service in Iraq and Afghanistan, respectively, left marks that never fully heal.

Nathan's wounds are the kind that don't show up in physical exams. He came home carrying the weight and burden of friends and colleagues who were lost both above and below his command, and he built something redemptive from that grief.

Dan's injuries were immediate and visible: both of his legs were taken above the knee by an IED during combat operations. He went on to become one of the most decorated American Winter Paralympians of his generation.

Two different kinds of loss. Two extraordinary responses to it.

Together we have climbed mountains in the Austrian Alps and the Carpathians of Ukraine with Ukrainian veterans and their families, part of a healing process that I will admit freely, has been as transformative for me as for anyone on those steep slopes and ledges. Nathan and Dan are two of the finest human beings I have encountered in my life, and they represent something larger: the remarkable community of similarly extraordinary American veterans who have quietly extended their service into the humanitarian domain long after their official obligations ended.

"Kaprun, Austria at the Mooserboden Dam in Hohe Tauern National Park in Summer 2023. Mountain Seed Foundation ‘climbing to heal’ alongside veterans and Ukrainian Gold Star families in the Austrian Alps. Pictured (left to right): Volunteer Courtney Brilliant, Davis, Lt Commander Dan Cnossen, Lt Colonel Nathan Schmidt, Dr. Davis, MSF co-founder Iryna Prykhodko." Photo provided by Dr. Davis.

I have also encountered American warfighters who, like Sam’s friend Mark, resolved their crisis of conscience over this war by making it their own. Individuals like Bryan Pickens, a twenty-year Special Forces (SF) veteran, left retirement not for a contractor's paycheck but to volunteer to lead a combat and drone team of former US. .Special Operations Forces (SOF) operating in active fighting and training. With Russian language skills and extensive combat experience, Bryan first came to Ukraine in 2019 while still in uniform as an official adviser with U.S. Army Special Forces. He later retired and returned to Ukraine in 2022 as a volunteer. He has not looked back.

The men around him are cut from the same cloth. Xen is an accomplished Navy SEAL veteran, sniper and Ukraine drone pilot who brings to this fight the quiet, fierce conviction that defines the best of that community. Bryan, Xen, and others from their circle first came into my life to provide security for me and my colleagues when our humanitarian work brought us into proximity to the front lines. That practical necessity became something else over time. The relationships deepened into a kind of mutual mentorship, each of us coming to understand this war through the other's eyes, and my admiration for all of them has only grown. We have since written and spoken publicly together trying to convey the urgency of what is happening and to close the gaps in understanding that still persist in Washington and beyond.

Joshua Ransford, a former U.S. Marine and another member of Bryan's team, traces a similar arc. He has been working in Ukraine since early 2022, starting as infantry, reconnaissance, and a sniper before evolving into drone operations as the battlefield transformed into an environment where unmanned systems became decisive. He has led counter-electronic warfare and security for our medical teams, including in situations where we found ourselves amid active drone and missile strikes.

What he, Bryan, Xen and others have taught me about the realities of modern war - far beyond anything the medical spectrum captures - is profound. I may never find the right forum to share all of it. But this account of what’s really happening would not exist without Joshua and the other veteran combatants who have trusted me with what they know. As the conflict with Iran has made clear, the lessons carried by this community are not abstractions. They are operational intelligence that the United States cannot afford to ignore.

The Cost of Showing Up

First of all, let me be clear about what these veterans are and what they are not. They are not mercenaries. They are not reckless adventurers seeking a second act or a story to tell. They are among the most disciplined, experienced, and morally serious people I have ever known, and the war has not made them harder so much as it has made them more clear on the realities that exist. They did not ask to be named or recognized. Those whom Sam and I identify in this account acquiesced to sharing their stories only after persuasion that sharing serves a larger cause. They are unsung American heroes operating in Ukraine as often unpaid, largely unsupported volunteers, at enormous personal risk and at real cost to their lives back home.

That last point deserves a moment of reflection. Veteran volunteers like Bryan Pickens have had to periodically leave Ukraine entirely, return stateside, and take contract work simply to finance their ability to go back. The war does not pause while they earn the money to fight it as volunteers. Nor do their mortgages and other obligations at home.

Incidentally, some readers may recognize Bryan in a different context: he served as a military adviser and a role player alongside Sean Penn in the Oscar-winning film One Battle After Another.

The title is unintentionally poetic. Bryan moves back and forth between that work stateside and a calling that keeps pulling him back to the Ukrainian front. I learned this only after the film debuted, from Bryan's teammates — because self-promotion is not in his DNA, almost to a fault. That is the reality for many of these veterans. Little to no salary. No benefits. No official recognition. Just the conviction that the work matters and the discipline to keep showing up for it. One. Battle. After. Another.

That is no small thing. In a moment when official policy has struggled to match the clarity of the moral stakes, these individuals have provided their own answer. For too many of them, that answer has been written in blood, and paid for with their lives.

In February of 2023, Pete Reed, a former U.S. Marine and seasoned humanitarian worker, was killed in Bakhmut. The New York Times documented his death in detail, as it was caught on film. I knew Pete through the overlapping networks of American volunteers and veterans working in Ukraine, and I arrived in Lviv for one of my early trips of this war on the very day he died. His loss hit his community hard. What the coverage captured was the human cost. What it did not fully capture was an emerging pattern.

Detecting a Quiet Pattern

I began to see that pattern first through Pete, and more so later as I became drawn into the care coordination of several international veterans wounded in Ukraine. Among them was an American Marine veteran named Cristiano Zeledon, who was working in a humanitarian capacity when he was severely wounded in a missile strike on a pizzeria in Kramatorsk in June 2023. That same strike killed several other aid workers, including the celebrated Ukrainian writer and war crimes researcher Victoria Amelina, whose death drew significant international attention and outrage. It also killed American veteran Ian Tortorici, who had been serving in combat with the Ukrainian International Legion.

What the coverage at the time did not report, and what was suggested to those of us working in these networks afterward, is this: a Russian intelligence asset had been monitoring not just the foreign aid workers who were killed in that pizzeria, but specifically, American veterans and they called in the strike to kill them. If true, then this was not just a random act of war. It was a targeted assassination of Americans on foreign soil, planned and executed opportunistically by Russian intelligence.

The attack barely registered in the West, in part because the public visibility of American involvement in Ukraine was being carefully managed as Washington sought to avoid any appearance of escalation. One can also blame the saturated news cycle, which moves rapidly from one atrocity to the next, leaving yesterday's events forgotten before they are fully understood.

It should have registered. Because that strike was not an isolated incident. It was another data point in a pattern the American public has not yet been compelled to reckon with. People like Bryan Pickens and his community helped me see it more clearly and soberly.

Rocki, Tiny & Sandy

That pattern is perhaps best exemplified by retired U.S. Marine First Sergeant Corey Nawrocki, widely recognized as one of the most decorated Americans killed while defending Ukraine. Nawrocki, known as "Rocki" was operating alongside other American veterans when he died in October 2024.

I met an experienced combat operator and medic who goes by the callsign "Tiny” at a medical conference in Kyiv, where his frontline experience helped shape our discussions on the evolving realities of combat casualty care. He later shared the details of Corey's death on the condition of anonymity for security reasons.

Tiny was the primary medic on the mission. When the team crossed into Bryansk, Russia on a sabotage and reconnaissance operation under the direction of Ukrainian Military Intelligence, they encountered a large Russian force. In the firefight that ensued, Tiny was treating a teammate with a gunshot wound to the head when he himself was wounded and evacuated by ATV to a hospital in Semenivka, Ukraine. Corey died courageously and selflessly under heavy fire while attempting to rescue another wounded teammate. The details of his final hours that Tiny shared with me remain among the most sobering things I have encountered in years of working in this war. Tiny shared the account of the battle and of Corey's final moments, which has been corroborated by recordings and testimony from other teammates. I am haunted by what he showed me.

Corey approaches a Russian position during a raid into Bryansk Oblast, Russia. Photos provided by Sandy Nawrocki with permission to publish.

Corey and teammate during a raid into Bryansk Oblast, Russia. Photos provided by Sandy Nawrocki with permission to publish.

Corey Nawrocki, during the raid into Bryansk Oblast, Russia, one of the last images of him alive. Nawrocki, a U.S. Marine Corps veteran and two-time Purple Heart recipient, was killed on October 27, 2024, during the operation while attempting to rescue a wounded teammate. Photos provided by Sandy Nawrocki with permission to use.

But death was not the end of it. Indignity followed. Russian soldiers stood over Nawrocki's body, displayed his military ID, and broadcast the image to the world. A distinguished Marine Corps veteran, reduced to a trophy. His identity paraded before a global audience while his family was still learning what had happened. And it did not stop there.

Following his death, Corey’s mother, Sandy Nawrocki, says she was the target of a deliberate digital campaign of cruelty. In a CNN interview, she described being targeted online after Corey’s death, saying trolls posted a picture of her home and her full address, and in an act that can only be described as calculated brutality, posted smiling emojis on social media posts about Corey. Sandy has also spoken publicly, including at a Congressional Ukraine Caucus press conference, about her son’s sacrifice and the broader toll on American families whose loved ones have fought for Ukraine.

The haunting we already felt only intensified after conversations with Sandy, who faced not only the unimaginable grief of losing her son and the torment of a malicious Russian campaign against her, but a separate and frustrating battle to bring Corey’s body home and secure him a military burial at Arlington National Cemetery. That is a struggle that never should have happened. It tells you something important about how this country has chosen to account for its sons in Ukraine's war. But stories like these have barely registered in the American news cycle.

Corey was killed alongside three other international volunteers: U.S. veteran Bradley Jennison, known as “Super Dave,” Canadian Mandeep Singh, known as "Poet," and Swedish volunteer Simon Rajakisto, known as "Rauta." These were men who showed up to fight for what they believed in, an ad hoc coalition of Western veterans operating without formal government acknowledgment or protection. That is what makes the repatriation difficult and the propaganda exploitation of their bodies so damning.

Corey's name appears on no official list of American soldier casualties in Ukraine. America has no such list for a war it is not officially fighting. Corey is, in the ledger of this conflict, ambiguous — if not invisible. That ledger is difficult to reconcile, and the numbers we can piece together paint a sobering picture, even if they remain only an approximation of the truth.

The Invisible Ledger

Since February 2022, the United States has officially lost no active-duty service members in Ukraine. That is technically true. What it obscures is something that those of us working on the ground have understood for years: a significant number of America's most elite veterans, including Special Forces, SOF, and similar warfighters, have gone to Ukraine as civilians and have not come home. The New York Times reported at least 92 American veterans killed in action in Ukraine as of September 2025, but many within the community believe the true number is much higher. Online (and unofficial) estimates suggest elite American veteran deaths since 2022 fall somewhere between 100 and 150, and possibly more. No official U.S. entity is keeping count. Because none of them were officially there.

To put that figure in context: the total number of U.S. Special Operators killed across the entire two-decade global war on terror is reported in the low 600s . If current estimates from Ukraine are even close to accurate, the annual rate of loss among American SOF veterans in Ukraine is near or exceeds the per-year casualty rate of the entire war on terror. Read that again. In a war the United States is officially not fighting, America’s top war fighters are dying at a pace that rivals the wars we were officially fighting up to our withdrawal from Afghanistan. And if you were to include veterans coming from other NATO-aligned countries, the numbers increase considerably.

To be clear, this is not a comparison between the war on terror and the war in Ukraine. These are fundamentally different conflicts across every meaningful dimension: geography, doctrine, technology, and geopolitical stakes. Nor is it a comparison between special operators and conventional warfighters. The point is not equivalence. The point is scale, motivation, and the character of the men and women who are making the sacrifice.

A Verdict, Not an Accident

These are not green volunteers swept up in idealism. These are the most capable, most experienced, most thoroughly trained fighters the United States and NATO has ever produced. They have seen war up close. They understand the odds. They are making a deliberate choice, with no orders, little to no salary, no benefits, no official recognition, and no government waiting to bring their bodies home, to put themselves in the line of fire for a country that is not theirs. That choice deserves to be known and understood by the American public.

But the reality is that the American military and political establishment has largely looked away from this reality, partly for legal and diplomatic reasons, partly because acknowledging it complicates the official narrative of non-involvement, and partly because the men and women doing this work are by training and temperament, disinclined to seek attention. They are called quiet professionals for a reason. They do not hold press conferences. They do not post on social media except to the extent necessary to support their volunteering. They go, they fight, they bleed, and when they do not come back, their families grieve privately while Washington issues no statements. And the American public, by and large, has little to no idea they were ever there.

Sam Hartwell lives inside that grief.

He walks past his friend's portrait almost daily. He understands in a way that no policy paper can convey, what it means that America's best are choosing Ukraine. It is not a coincidence or an accident of individual temperament. It’s a verdict.

Sam’s grief is compounded by a particular sorrow that comes not just from personal loss but from watching something he believed in turn away from itself. For soldiers of his generation, witnessing America step back from the principles that have anchored the rules-based international order for nearly a century is professionally and personally devastating in ways that resist easy description. Yet the men we write about here did not abandon those ideals. They did not wait for permission or policy to catch up with their conscience. That is why they came. That is why they stayed.

These veterans have lived and studied warfare and geopolitics at the highest levels. They have operated in every major theater of conflict of the past two to three decades. They have seen what American power can do and what happens when it retreats. They have looked at what is happening in Ukraine with clear eyes and concluded that the stakes are worth dying for. They recognize what a Russian victory would mean for the security architecture of Europe and the world. They understand what it would do to the credibility and readiness of American power at a moment when that credibility is already under strain. They know that the strategic center of gravity for this century is China, and that pressing demands in Latin America, Africa, and the Middle East complicate the math — but that the thread running through this era of great power competition also runs directly through Ukraine. And they understand what hangs in the balance for the rules-based international order that American blood and treasure built across the last century and that is now, for the first time in a generation, genuinely at risk of unraveling.

They are voting with their lives. The least the rest of us can do is count the votes honestly.

The quiet professionals ask for almost nothing except our support. They do not ask to be called heroes, though they are. But the story of what they have given, and what they continue to give, in a war that Washington officially says does not involve American casualties, is one the American people deserve to know. Not to inflame. Not to escalate. But to reckon honestly with what is being sacrificed, by whom, and why.

Pete Reed knew why. Ian Tortoricci knew why. Corey Nawrocki knew why. Sam’s friend Mark Paslawsky knew why. So does every American volunteer in Ukraine, whether they fight or support those fighting for Ukraine's freedom and Ukraine's very existence. So does every name on the memorial wall in Kyiv, and on walls like them across the country. Memorials that most Americans will never see. They all answered the question of why – not with words, but with action.

Eyes Wide Open

The question that remains is what to do with this story. Sam and I make no claim that this account is comprehensive. It is not. Others may interpret what we have described differently than we do. But it is a beginning, a handful of names and stories pulled from a much larger ledger that our country has not yet fully reconciled. We offer them here because they deserve to be named, because the silence around them is not neutral, and because meaningful dialogue, honest reckoning, and sound policy can only follow from what we are first willing to see. And that begins with eyes wide open.

Honoring the fallen is not optional. But to honor them without learning what they learned would be a compounding tragedy.

The lessons carried home from Ukraine by some of our most elite veteran volunteers, written in blood on a battlefield that has become the proving ground for modern warfare, are directly applicable to active duty service members in other theaters of conflict and to the new and emerging threats facing our homeland defenders. It would be a disgrace to leave them unexamined.

Ukraine is doing its part to honor and memorialize the foreign veterans who have fallen on its soil. My friend Vitali Ostapchuk, a retired Ukrainian Military Intelligence officer, has dedicated himself almost entirely to this mission. In addition to memorial walls and other honors for international veteran volunteers across the country, Vitali is working to establish a national memorial to fallen American veterans and other international volunteers in Bucha, not far from the mass grave site marking the Russian massacres that were carried out in the early weeks of Moscow’s full-scale invasion. Sam and I fully support Vitali and his colleagues in this endeavor. I have visited Bucha many times to honor Ukraine’s dead. I will have even more reason to return now to honor our own. Sam and I have suggested that they call the memorial "The Quiet Professionals."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

DHS Has Become Central to American Strategy, But Its Strategy Has Not Caught Up

A generation after 9/11, the homeland has returned to the center of American national security strategy. The 2025 National Security Strategy, the National Defense Strategy (NDS), and last week's Counterterrorism Strategy each push in that direction. Parity is the right destination, but it is also a long road. Closing the distance requires a Department of Homeland Security that can chart its own course over the years it will take. The institutional strategy capable of guiding that transition still does not exist.

The security environment that produced these documents is one where the line between foreign and homeland threats has thinned. Cartels are now treated as national security threats. Fentanyl trafficking is no longer viewed solely as a criminal issue, with its precursors now being classified as weapons of mass destruction. Domestic violent extremism remains a core homeland concern.

America's ongoing conflict with Iran has reinforced the same dynamic. Iranian state-affiliated actors targeted U.S. medical technology firm Stryker in March, and the Cybersecurity and Infrastructure Security Agency (CISA) has issued joint advisories on Iranian cyber actors probing U.S. critical infrastructure. Threats once treated primarily as overseas contingencies increasingly carry direct homeland implications across cyber operations, critical infrastructure security, public gatherings, and lone-actor violence.

The department’s strategic architecture has not kept pace. As Customs and Border Protection (CBP) manages the border, the Coast Guard secures the maritime domain, and FEMA prepares for disasters, DHS still lacks a strategic lodestar capable of aligning its disparate components around a coherent departmental vision.

The first Trump administration did not produce a Quadrennial Homeland Security Review (QHSR). The Biden administration produced the 2023 review six months behind the strategic cycle, and the US Government Accountability Office (GAO) found it deficient against ten of twenty-one statutory requirements. This pattern is institutional, not partisan.

Counter-UAS operations increasingly illustrate how rapidly the homeland security mission is evolving. The mission cuts across CBP at the border, CISA at critical infrastructure, the Secret Service at major events, and the Transportation Security Administration (TSA) in aviation. The FY2026 NDAA extended DHS counter-UAS authorities through 2031, ending years of short-term reauthorization fights, and designated the World Cup and 2028 Olympics as a pilot program for state and local counter-UAS deployment.

With the legal architecture now in place, DHS must build the strategic architecture necessary to operationalize those authorities across components, federal partners, and state and local agencies. Counter-UAS operations are only one of many emerging missions where authorities have outpaced strategy.

The 76-day DHS shutdown earlier this year was the longest in American history. It demonstrated how easily DHS appropriations can fracture around the department’s most politically contentious missions rather than broader enterprise-wide priorities. TSA officers and Coast Guardsmen missed paychecks while FEMA preparedness and recovery operations slowed under mounting resource constraints. The operational consequences continued long after funding resumed, with department officials warning it could take months for components to fully recover.

The final agreement funded most of DHS through September while excluding immigration enforcement. The episode showed how vulnerable DHS remains when its missions are not bound by a coherent strategic framework.

That matters more now than when Congress first mandated the QHSR two decades ago. The department was built for an era defined by post-9/11 domestic protection. American strategic planning was focused outward, with counterinsurgency campaigns in the Middle East and power projection in the Pacific. Homeland security was treated as a defensive enterprise running parallel to it.

That world is gone. The mission set has converged with the American national security strategy itself, and the institutional architecture meant to carry that strategy has not changed with it.

This administration has more reason than any of its predecessors to take the QHSR seriously. No previous White House has positioned DHS this close to the center of its national security identity. The mission set the administration has prioritized runs through DHS components first. A functional QHSR is what would translate that political emphasis into a department capable of executing it. Without a strategic reference point, components will continue defaulting toward inherited institutional habits rather than department-wide strategic priorities.

The fix is institutional. The NDS carries weight because it sits at the top of an institutional chain. Serving as the Pentagon's unifying strategic reference, it forces priority trade-offs the department cannot defer. It connects directly to resourcing decisions that translate strategy into what the military buys, builds, and deploys. Congress also chartered an independent commission to review each NDS and test its logic and resource assumptions in public. Congress should give the QHSR the same architecture: a strategy that pulls components into coherence, priorities that drive resource decisions, and an independent commission that scrutinizes its logic.

As the youngest department in the national security apparatus, DHS's strategic infrastructure remains underdeveloped relative to the mission it now carries. A Goldwater-Nichols-style restructuring will eventually come when the politics allow it. Until then, anchor the department around a credible QHSR. A strategy with the architecture Congress has already built around the NDS would not require reorganizing components or rewriting authorities. It would require Congress to treat DHS strategic planning with the same rigor it applies to defense strategic planning.

While America's strategic turn inward is underway, parity will not arrive on its own. The strategy documents prescribe missions for a DHS that does not yet exist. Without a working QHSR, the gap between presidential ambition and institutional coherence will continue to widen.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The G-2: Takeaways from Trump's Trip to Beijing

By most accounts, President Donald Trump’s trip to Beijing ended ambiguously for the U.S. From Air Force One on his way back to the U.S., Trump touted a few concrete achievements that include an agreement for Beijing to purchase $17 billion per year in U.S. agricultural products and a purchase of 200 Boeing aircraft. Beijing’s final read out of the visit did not directly confirm those agreements but did acknowledge a mutual desire to promote “expanded two-way trade”. Chinese President Xi Jinping used the visit to reinforce Beijing’s narrative that China and the United States are co-equal global powers, even referring to the two countries as “the G-2.” But despite the lack of clarity around more urgent issues such as China’s potential role in resolving the Iran conflict or U.S. support for Taiwan, the trip was certainly significant. As many have observed, it is a positive step any time the leaders of the two most powerful countries meet for dialogue. As the U.S.’ only near peer adversary, the relationship with China, including the competition in economic, technology and military domains is the most consequential bi-lateral relationship the U.S. has by a wide margin.

The diplomatic choreography that followed the Trump- Xi summit was equally significant. Soon after Trump’s visit, Russian President Vladimir Putin traveled to Beijing for what was described as a “warm” and “substantive” meeting with Xi. The two leaders have now met more than 40 times, underscoring the depth of the China-Russia relationship. For Xi, the back-to-back meetings with a strategic rival and one of China’s closest partners offered a powerful opportunity to cast Beijing as a stabilizing force in the world at a time when both Washington and Moscow are managing active wars and mounting geopolitical pressure.

Following their summit, Xi and Putin issued a joint statement criticizing what they called “irresponsible” U.S. foreign policy, including a direct reference to Trump’s planned “Golden Dome” missile defense program. Xi also described China-Russia relations as being at an “unprecedented high,” reinforcing the message that Beijing sees its partnership with Moscow as central to its broader challenge to U.S. influence.

For Trump and Xi, the diplomatic track is expected to continue, with a potential Xi visit to the White House in September.

But the Beijing summit left unresolved the larger question at the center of U.S.-China relations: whether a shared interest in stability can meaningfully reduce the risk of confrontation, particularly over Taiwan.

Xi Tries to Show the World China Is America’s Equal

The larger message Xi appeared intent on sending throughout Trump’s visit was that China is no longer a junior power-seeking accommodation from Washington, but a peer competitor that expects to be treated as an equal leader of global order.

Chinese state media framed the summit as a diplomatic win for Beijing, emphasizing that the relationship now operates “on a more equitable basis” and portraying Xi as an equal - if not a more disciplined and strategic - counterpart to Trump. Beijing’s growing confidence in its own position was evident throughout the visit. Xi did not appear compelled to offer major concessions and instead used the moment to reinforce China’s position that the world’s two superpowers have a shared responsibility to manage competition and preserve stability.

That message drew heavily on the logic of the “Thucydides Trap” - the idea that conflict between a rising power and an established power is not inevitable but becomes more likely if rivalry is mismanaged. Xi’s public emphasis on competition, cooperation and “strategic stability” was designed to present Beijing as both confident and restrained: prepared to compete with Washington, but eager to avoid open confrontation.

The rhetoric was notable because it marked a shift from Beijing’s posture just a few years ago, which during the Biden-Xi summit appeared more resistant to the idea of “managed competition”. Like the Trump-Xi summit, the Biden-Xi dialogue similarly sought to establish guardrails to prevent strategic rivalry from escalating into direct military conflict, but at the time, Beijing rejected that framework as a veiled effort to contain China. Xi’s willingness now to publicly embrace the language of competition and strategic stability suggests that Beijing may see advantage in adopting the terminology - particularly if it reinforces the perception that China is negotiating with the United States from a position of parity.

Against that backdrop, we asked two Cipher Brief experts and longtime China watchers how they interpreted the Trump-Xi summit, particularly Xi’s willingness to publicly accept the language of “competition,” and what the summit signaled on the critical question of Taiwan.

Ambassador Joseph DeTrani

Ambassador Joseph DeTrani served as the U.S. Representative to the Korea Energy Development Organization (KEDO), as well as former CIA director of East Asia Operations. He also served as Associate Director of National Intelligence and Mission Manager for North Korea, was the Special Envoy for the Six-Party Talks with North Korea, and served as the Director of the National Counter Proliferation Center, ODNI. He currently serves on the Board of Managers at Sandia National Laboratories.

Rear Adm. (Ret.) Mike Studeman

Rear Adm. (Ret.) Mike Studeman was former Commander of the Office of Naval Intelligence. He also served as Director of the National Maritime Intelligence-Integration Office (NMIO) and as principal advisor to the Director of National Intelligence as National Intelligence Manager-Maritime, as well as the Director of Intelligence (J2) at U.S. Indo-Pacific Command, Honolulu and Director of Intelligence (J2) at U.S. Southern Command, Miami (2017-2019.)

On the US-China Relationship

What is your overall reaction to the summit and is Xi now more confident in China’s relationship with the U.S. and less concerned about whether that is interpreted as trying to contain China?

Detrani

I think Xi Jinping and China feel very good about the summit. I think we should feel relatively good about the summit. I think the president managed it well. We don't have the particulars on what was discussed. We did see very clearly that Xi Jinping prioritized Taiwan, but we don't have the particulars on our side. But I think overall, the summit went well.

Studeman

The CCP remains perennially allergic to allowing any other power, especially the U.S., dictate the language describing the Sino-U.S. relationship. For the Chinese, words carry great meaning. Whoever crafts the narrative, controls their destiny. Naming things is information superiority in action. The key phrase Xi used is "moderated competition," which is designed to show that Beijing is willing to absorb more friction in the U.S. relationship to protect its interests. The new verbiage essentially recognizes U.S. attempts to derisk, diversify, and distance itself from a deleterious overreliance on China. Xi's "moderated competition" signals his effort to stop the death spiral of unrestrained weaponization of interdependence and prevent any hasty departure from China by corporate America. The Chinese idea is to keep clinching the U.S. economically (intertwining like boxers trying to prevent the other from swinging a free arm), while not letting the increasingly tough choices that Washington and Beijing are forced to make spill over into outright confrontation. Using the word "competition" also makes it seem as if the superpower contestation is governed by transparent rules and fair play, which of course it isn't given Beijing's model of a state-driven market and other consequential distortions of global trade practices, including continued massive intellectual property theft. The CCP hopes American journalists, commentators, and political leaders begin adopting the "moderated competition" phrase, which would be a huge psychological warfare win for Beijing, particularly if it tranquilizes the White House into softening its strategic choices related to the Sino-U.S. rivalry.

The US-Taiwan-China Relationship

Taiwan emerged as the most consequential issue of the summit. Analysts note that despite the friendly nature of the talks, Xi’s warning to Trump on Taiwan underscores the longstanding rivalry between Washington and Beijing on the issue of Taiwan.

Following meetings with Xi, Trump declined to clearly commit to future U.S. arms sales to Taiwan or direct military defense of Taiwan in a cross-strait conflict. When questioned by reporters if the U.S. would defend Taiwan if it came to it, Trump answered, “I don’t want to say that. I’m not going to say that” adding later that, “I’m not looking to have somebody go independent, and we’re supposed to travel 9,500 miles to fight a war. I’m not looking for that.”

A $14 billion arms sale to Taiwan is also currently awaiting Trump’s approval. Following the Beijing Summit, Trump described the potential arms sale as a “very good negotiating chip” with China, adding that he needs to speak with the President of Taiwan, Lai Ching-te. He revealed that he and President Xi talked at great length about Taiwan, and notably, the Taiwan arms package. Trump said he would “make a determination over the next fairly short period” on whether he would approve the deal. When asked about the Six Assurances, the 1982 agreement that the U.S. would not consult with China on U.S. military support to Taiwan, Trump downplayed the longstanding norm observed by all previous U.S. presidents, saying, “So what am I going to do? Say ‘I don’t want to talk to you about it?’ Because I have an agreement that was signed in 1982? No, we discussed arms sales.”

This is a familiar practice Trump has used with allies before- framing an issue as more transactional than ideological. His emphasis on maintaining “the status quo” rather than backing Taiwanese independence reinforced concerns in Taipei and among U.S. allies that Taiwan could in fact become a bargaining chip in broader U.S.-China negotiations. Following Trump’s remarks, Taiwan’s government issued a statement reiterating that not only are arms sales to Taiwan a matter of security and deterrence for the U.S., but they are also stipulated in the Taiwan Relations Act.

Trump’s foreign policy messaging is obviously much less predictable than that of previous administrations, but what it means in terms of Taiwan and whether it points to the White House potentially prioritizing short-term U.S.-China stability over steadfast support for Taiwan remains to be seen.

US-Taiwan Relations Following the Trump-Xi Summit

How do you assess the impact to US-Taiwan relations following the Trump-Xi summit? What’s your reaction to Trump breaking with norms and discussing potential U.S. military arms sales to Taiwan, with Xi Jinping?

Detrani

I think the president handled it well enough and I think understandably he responded to Xi Jinping's comments on it. I think Xi understands very clearly the six assurances that President Ronald Reagan memorialized 1982. This was to reassure the [US] Congress and the American people and Taiwan that the United States would be there for Taiwan. This was President Ronald Reagan making it very clear, we're not walking away from arm sales. And this is between the United States and Taiwan. So, it's a very powerful memorialized document in the archives. But I think the president responded to Xi Jinping and I think Xi skillfully brought this up because this was the one issue Xi wanted to pursue with vigor during his summit discussions with President Donald Trump.

Overall, I don't think there were any big surprises. Although Xi made it very clear that there's one primary issue between the U.S. and China, and that's Taiwan and he made that the core element of the summit. So, I think China and Xi feel very good about the summit. I think they've accomplished what they wanted to accomplish. Xi is on the world stage, he's got the President of the United States saying some very nice things about him and the U.S. relationship with China. Xi made it very clear that Taiwan is something that the two sides must get right, otherwise we can have conflict, and we can go to war.

Studeman

Readouts from the summit indicate the President told Xi he did not support Taiwan independence or a change in the status quo, which aren't new policy positions. Multiple Presidents have said the same. But in a significant breach of one of the longstanding 1982 Six Assurances to Taiwan developed under President Reagan, specifically that the U.S. "has not agreed to consult with the PRC on arms sales to Taiwan," Trump flung open the door to letting the CCP negotiate down any foreign military sales deals with Taipei. Trump's aim is to use the Taiwan arms sales issue as a bargaining chip for a better trade deal and China's help in pressuring Iran to end the war. This shift in policy represents one of the biggest wins for China from the summit. China already leveraged its KMT proxies in Taiwan's Legislative Yuan (parliament) to weaken Taiwan's defense bill from $40B to $25B over the next five years, and now China is in the driver's seat to extract further arms sales concessions. These "inside out" and "outside in" successes for Beijing will only end up weakening Taiwan relative to rising PLA capability and presence around the island, in turn reducing strategic deterrence against Chinese aggression in any form.

The US, China and Artificial Intelligence

Despite the attendance of several U.S. tech CEOS, there were no breakthroughs on tech, and little evidence of a concrete technology framework or export-control agreement. The U.S. and China remain firmly positioned on the competitive side of emerging technology. Trump did state that the two sides “talked about possibly working together for guardrails” on AI, describing them as “standard guardrails that we talk about all the time”. During the visit, China’s Foreign Ministry and Chinese media portrayed the U.S. and China as equally leading in AI models, computing power, and ecosystems.

Just before the Beijing Summit, Washington approved the sale of Nvidia’s advanced H200 chips to China, a move that has long been contested by national security and China hawks. However, China has not yet signaled any commitment to buy H200 chips. U.S. Trade Representative Jamieson Greer said it was up to Beijing whether Chinese companies would make more purchases from the American chip giant.

How should we interpret the US decision to sell H200 chips, and the Chinese decision, so far, not to buy them?

Detrani

I think China is feeling good about their progress on artificial intelligence and the work they're doing and now they have the option of purchasing these H200 semiconductors which would be very helpful to them with their work on artificial intelligence. I think, Xi Jinping's strategy on artificial intelligence competition with the U.S. may be to show the world that this is not the China of the 19th century or the 20th even, but this is the new China. I think the Nvidia chips announcement is something Xi has in his pocket now and he probably feels that this is an option that he can use whenever he needs it.

Studeman

The PRC is becoming more self-reliant in indigenizing its key industries, including by stealing tech secrets and coopting foreign engineers, steadily eroding the chip gap. Given its paranoia about backdoors, dead switches, or info tech corruption of any sort, the PRC remains leery of becoming dependent on distrusted foreign suppliers as it rushes to catch up on raw compute power. At the same time, the PRC has achieved scale in less capable chips and is achieving tangible progress in developing more advanced ones. If China buys more Nvidia chips, it will be more likely to curry favor with the U.S. and keep an open door to future tech transfers.

Annabelle Darby contributed to this report

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Sweden and Denmark are in a Position of Power Over Russia

Two straits, six thousand kilometers apart, are defining the global balance of power in 2026. The first, Hormuz, is closed by force and heavily impacting the world economy. The second, the Øresund, is open, and through it passes 60% of the oil that funds Russia's war in Ukraine. One chokepoint is being used against the West; the other could be used to protect it. The difference is not legality, capability, or geography; it is political will. And as the conflict in Iran has consumed Washington's attention, the question of whether Europe will close the Øresund Strait to Russia's shadow fleet could become one of the most consequential decisions in Europe.

The Strait of Hormuz is 54 kilometers wide at its narrowest point, with 20% of the world's seaborne oil passing through it. After US and Israeli strikes on Iran and Iran's retaliation, it has been closed, held shut by a combination of high-end US warships and aircraft on one side and large-scale, low-cost Iranian sea mines and missiles on the other. The asymmetry is itself a lesson: a regional power with cheap munitions can deny a waterway against the most advanced navy in the world.

The consequences arrived quickly with oil passing $120 per barrel, which the IMF called the largest oil supply disruption in history. Kuwait, Iraq, Saudi Arabia and the UAE cut production of both oil and fertilizer because of a lack of available storage and without an ability to export it. East Asia, who gets a majority of its oil from the Middle East, has been badly hurt. The deepest damage, though, is in South Asia and Africa, where it translated into higher fertilizer prices, higher food prices, and empty shelves.

Iran will not reopen the strait while under military threat. Washington will not pull back while Tehran pursues a nuclear weapon. Both governments accept the global cost of the standoff and neither signals willingness to change their stance. The lesson is that a strait only tens of kilometers wide can do more to reshape the global economy than years of sanctions, summits, or shooting wars. Geography, used correctly, is leverage.

In May Donald Trump arrived in Beijing for the first US presidential visit to China in nearly a decade. The two leaders spoke of being "partners, not rivals." Although the choreography was immaculate, the substance was thinner. While trade deals were signed, both leaders affirmed that the Strait of Hormuz must be reopened. This was an unsurprising position, given that China depends heavily on Persian Gulf oil.

The summit is best read not as a negotiation but as two rivals agreeing that open confrontation has become too expensive, and looking for a way to coexist without conceding anything that matters.

European capitals watched with growing unease. Ukraine was not on the agenda. Neither was enforcement against Chinese firms supplying the Russian war economy. No joint language on Russian sanctions emerged, and no European leader was in the room. What Europe's leaders saw was something many had already suspected: Washington and Beijing are arranging a coexistence between themselves, and the multilateral order Europe is left out.

Europe is now responsible for its own security and its own pressure on Russia. And one of the most powerful tools they can use is geography.

Map of showing NATO member countries around the Baltic Sea after Sweden joining (Graphic by Valentin RAKOVSKY and Valentina BRESCHI / AFP via Getty Images)

Three thousand kilometers from Iran, Russia is stuck in a war of attrition with Ukraine, and with an economy that is hurting. Official 2026 growth was revised down to 0.4%, a figure many Western analysts deem falsified. Real wages are stagnant against high inflation. Its oil and gas industry is reporting sharp declines in profit. Ukrainian drone strikes on export terminals in the Baltic and Black Sea have already cut Russia's oil export capacity by roughly a million barrels per day, close to 20%.

Oil and gas are the foundation of the state with roughly a quarter of all government revenue, which funds the military, sustains the loyalty of the elite, and keeps basic services running. Putin's choice to keep Russia structurally dependent on oil is a regime strategy. A diversified economy would produce independent wealth, independent power centers, and political constituencies the Kremlin does not control.

The strategy is beginning to show strain. Money that once flowed to well-connected Russians is now flowing to the war. The elites and media are starting to complain publicly. Putin's regime can absorb financial pressure, but not financial pressure that turns the country against him. That is the pressure Europe is in a position to apply.

The opportunity is unusually clean. A consistent campaign of boardings and inspections in the Øresund could cut between a third to half of Russia's seaborne oil exports. No budget maneuver could replace that revenue. Russia's war funding would face a shortfall it could not absorb, and the political costs inside Russia would drastically sharpen.

The legal authority is already in place. Ships sailing under false flags, without valid insurance, or on sanctions lists can be lawfully stopped and inspected under existing maritime law. Sweden and Denmark control both shores of the strait. Acting in coordination, they can make it practically impossible for sanctioned vessels to transit, without firing a shot and without stepping outside the rules-based order they have spent decades defending.

What has been missing is political will. Denmark is hesitant, both to protect commercial interests and out of concern about Russian retaliation. Moscow has worked to keep that concern alive, and is actively using naval assets to project power.

Sweden has over the past three months taken a more active approach with five boardings of shadow fleet vessels done by a mix of Coast Guard, the National Task Force and unnamed military units. Boldness, once demonstrated, is contagious.

The next step is to make this routine. Every vessel transiting the Øresund under a false flag, without valid insurance, or on a sanctions list should be inspected. Sweden has proven its agencies can execute these operations. Denmark, on the other shore, has the same legal authority and strategic interest. Coordinated action would convert the Øresund from a loophole in the sanctions regime into the choke point it geographically already is.

The wider Ukrainian campaign is already in motion elsewhere. From bases in Libya, Ukrainian naval drones have struck Russian shadow fleet vessels in the Mediterranean. This is part of a deliberate Ukrainian naval strategy aimed at the economic infrastructure of the Russian war effort.

Hormuz has demonstrated, at enormous global cost, how a single narrow waterway can reshape the calculations of governments. Beijing has demonstrated that even the world's two largest powers will look for an exit when the price of confrontation becomes high enough. Putin has not yet reached that price. The Øresund is an important opportunity.

What remains is the political decision to treat the Øresund as a chokepoint for Russia's illicit oil trade. Unlike the deserts of the Middle East or the frozen lines of the Donbas, the Øresund is a place where Sweden and Denmark hold the keys, and where international law is already on their side.

The question is no longer whether Europe has the tools to pressure Russia without American leadership. The question is whether Europe will use them.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran's Digital War Machine Targeting U.S. Infrastructure

The first missile strikes hadn’t even cooled before Iranian-linked hackers were moving. When the U.S. and Israel launched military operations against Iran on February 28, 2026, Tehran’s cyber forces answered not with silence but with a systematic campaign against American infrastructure, one that has since moved well beyond reconnaissance into confirmed, disruptive attacks on United States soil.

The most striking blow came on March 11, when the Handala group — widely assessed as a front for an IRGC-sponsored threat actor — hit Michigan-based medical technology giant Stryker, wiping nearly 80,000 Windows devices, stealing 50 terabytes of data, and causing severe disruptions that materially impacted the company’s first-quarter earnings. Emergency responders across Maryland lost access to the electrocardiogram transmission system used to relay patient data to hospitals. The FBI later seized two domains that Handala used to leak the stolen data. It was, analysts noted, only the beginning.

Israel wiped out a major military hub in southeastern Tehran, hitting a site that Western intel says was the nerve center for the IRGC. The facility didn’t just house the Quds Force and Basij; it served as the literal “brain” for Iran’s global hacking campaigns and internal security operations.

The facility coordinated intrusion campaigns against adversaries across multiple continents. Yet even as satellite imagery confirmed the compound’s destruction, cybersecurity analysts were documenting a spike in reconnaissance activity emanating from Iranian-linked networks.

Tehran’s digital arsenal has proven more resilient than the bombing runs suggest. Handala — the persona behind the Stryker attack and now assessed as a front for Void Manticore, an MOIS-affiliated state actor — exemplifies exactly this. It operates as a hack-and-leak engine optimized for psychological disruption: breaking into accessible systems, wiping data, and timing the release of stolen material to maximize pressure on targets.

The earlier assassination of Deputy Intelligence Minister Seyed Yahya Hosseini Panjaki, once the man pulling the strings behind Handala and Karma Below, did not collapse the operation. Rather than dissolving, the apparatus evolved.

“State-aligned threat actors began utilizing out-of-band communication methods and alternative infrastructure, such as Starlink IP ranges, to bypass the degraded domestic grid,” JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief.

In simpler terms, Iranian hackers quickly shifted to alternative internet connections and encrypted communication channels that operate outside Iran’s damaged infrastructure, allowing cyber operations to continue even as domestic networks faltered.

Critical Infrastructure in the Crosshairs

The fallout from the February strikes has moved well past network probing. Iranian-linked hackers have successfully targeted and disrupted multiple U.S. oil, gas, and water sites — forcing some facilities to abandon automated systems entirely and operate manually, triggering financial losses, and, in some cases, deploying destructive wiper malware designed to erase data from victim networks. The IRGC’s CEC-affiliated group CyberAv3ngers has been confirmed to be targeting programmable logic controllers across U.S. government facilities, water and wastewater systems, and energy sectors — exploiting internet-facing industrial devices to create openings not just for disruption but for modifications to operating parameters with direct physical consequences. The campaign represents an escalation: where earlier Iranian cyber operations tested access, these attacks are weaponizing it.

Past operations attributed to IRGC-affiliated hackers include the 2011–2013 distributed denial-of-service attacks against major U.S. banks that disrupted online banking services for millions of customers. There was also the 2013 intrusion into the control systems of a small dam in New York, which demonstrated that Iranian hackers could potentially manipulate physical infrastructure.

“Iranian cyber strategy has consistently prioritized the targeting of ‘low-hanging fruit’ within critical infrastructure sectors where high societal impact can be achieved with relatively low-sophistication techniques,” Castellanos tells The Cipher Brief.

Much of this activity now comes from pro-Iran and pro-Russian hacktivist groups working in coordination. The current wave of activity suggests that Iranian operators are positioning themselves for potential retaliatory strikes, while American defense agencies operate under constrained circumstances.

“The Cybersecurity and Infrastructure Security Agency has been hampered by budget cuts, a significantly reduced workforce, and a lack of leadership over the last year,” Dave Chronister, Founder of Parameter Security, tells The Cipher Brief. “What makes it worse is that many of the remaining staff were effectively reassigned to support immigration enforcement operations rather than protecting critical infrastructure. That’s a significant misalignment of mission at exactly the wrong moment.”

The numbers now on record make that assessment concrete. CISA’s FY2026 budget dropped to $2.4 billion, with 2,649 funded positions, down from $3.0 billion and over 4,000 positions the prior year. By January 2026, the agency had logged at least 998 departures, layoffs, and transfers since the administration took office. The Trump administration also moved to reprogram $144 million from CISA’s 2025 budget to Immigration and Customs Enforcement operations.

Now, a proposed FY2027 budget would cut an additional $707 million. During an ongoing DHS shutdown, the acting CISA director has publicly stated that the agency cannot conduct the outreach and preparatory work necessary to counter cyber threats.

“The lapse of appropriations at CISA is impacting the depth and consistency of information sharing about Iranian cyber threats as well as coordinated planning for attacks that may occur,” Bob Kolasky, Senior Vice President at Exiger and founding director of CISA’s National Risk Management Center, tells The Cipher Brief.

Soft Targets and Hard Truths

Many water utilities, hospitals, and local governments still run unpatched systems with known vulnerabilities — exactly the soft targets Iranian hackers seek.

“Generally speaking, the most significant threat right now is what we call the n-day. These are known, but unpatched vulnerabilities, and Iranian threat actors are very aggressive at trying to exploit them,” Chronister points out.

The financial sector, despite its resources and experience defending against nation-state threats, remains vulnerable.

“Of all our critical sectors, the financial system is probably best positioned to weather an escalating Iranian threat, but ‘best positioned’ is not the same as immune,” Chronister says. “The sectors that keep me up at night are healthcare, industrial operations such as energy utilities, water systems, manufacturing, and non-federal government agencies. Those are the soft spots, and adversaries know it.”

The Stryker attack put the abstract into concrete terms. When Handala hit the Michigan-based medical technology giant on March 11, Maryland emergency responders lost access to the Lifenet system used to relay electrocardiogram data to hospitals, prompting a statewide alert that instructed EMS clinicians to switch to radio consultation.

The attack wiped nearly 80,000 Windows devices, stole 50 terabytes of data, and materially impacted the company’s first-quarter earnings. The FBI later seized two domains that Handala used to leak the stolen data. It is precisely the community-level harm the experts had forecast — now documented, not hypothetical.

Kolasky’s assessment aligns with this hierarchy of vulnerability.

“The Iranian playbook seems to suggest taking advantage of vulnerabilities in weaker parts of critical infrastructure cyber defenses. These include under-resourced sectors such as water and wastewater, food and agriculture, government services and healthcare, as well as areas of outdated technology, which can include operational technology,” he underscores.

In a conflict scenario, Tehran aims to harm critical functions that affect daily life across American communities. Water systems are failing. Hospitals are losing access to patient records. Local government services are grinding to a halt. These scenarios represent asymmetric warfare designed to erode public confidence and create pressure on policymakers without crossing thresholds that might trigger an overwhelming military response.

The Reach of Tehran’s Digital Operations

This geographic dispersion makes Iran’s cyber apparatus resilient to kinetic strikes like the weekend bombing.

“Cyber warfare depends far more on people than on high-end equipment, which means these operations can be dispersed across dozens of physical locations, down to a single operator working from a laptop,” Chronister tells The Cipher Brief. “While targeted strikes no doubt disrupt Iran’s overall tempo, the distributed nature of cyber makes total elimination of the apparatus virtually impossible.”

That assessment is no longer theoretical. During the twelve-day Israel-Iran conflict in June 2025, analysts from SecurityScorecard documented over 250,000 messages exchanged across 178 active Iranian proxy and hacktivist groups — with phishing campaigns, malware delivery, and data dumps timed precisely to kinetic strikes. Cyberattacks surged 700% within 48 hours of the opening salvos. When Iran’s domestic internet was largely cut off, operators shifted to Starlink and VSAT services to maintain tempo. The lesson was already written before the current conflict began.

Yet physical infrastructure still matters in the opening phases of conflict.

“Physical destruction of infrastructure such as data centers, cell phone towers, satellite communication channels, radar systems — all these systems destroyed or degraded by kinetic strike are usually high priority targets in the start of any conflict, as it prevents Iranian command and control from communication to lower echelon units,” Castellanos explains.

Essentially, destroying the communications infrastructure temporarily prevents Iranian commanders from directing their cyber operators on the ground. Nonetheless, the impact is likely to be temporary rather than decisive. Using alternative networks and encrypted channels to bypass damaged infrastructure entirely, cyber operatives quickly adapt.

“Effective cyber campaigns depend on access to technical infrastructure for carrying out attacks, personnel, and some level of command and control,” Kolasky asserts. “United States and Israeli operations have the proven ability to degrade Iran’s cyber capability and seem to have done so again. The question of how resilient the Iranian cyber warfare apparatus is remains an open one, but, thus far, it seems like we have limited Iran’s cyber offensive ability and, in the short term, I would expect that will remain the case.”

In simpler terms, the strikes have disrupted Iran’s ability to coordinate large-scale cyber operations for now, but it remains unclear how quickly Tehran can rebuild its offensive capabilities.

Meanwhile, Iranian operators have cultivated relationships with cybercriminal groups that provide technical services and operational cover. When Iranian-linked hackers targeted Albanian government networks in 2022, investigators traced the operation through multiple layers of contractors and intermediaries before establishing definitive state sponsorship.

Right now, pro-Russian hacktivist groups such as NoName057(16), the Z-Pentest Alliance and Killnet have joined with pro-Iran groups targeting Israel and its Western allies, launching DDoS attacks against Israeli and United States financial services in coordination with Iranian goals. These attacks aim to disrupt online banking and payment systems, creating public frustration and economic uncertainty while demonstrating Iran’s ability to strike back without firing a missile.

Moreover, DieNet, a pro-Palestinian hacktivist group that emerged in March 2025 and has since claimed responsibility for DDoS attacks against U.S. energy, financial, healthcare, government, transit, and communications systems — deploying DNS amplification, TCP SYN floods, and NTP amplification in operations that intensified following the arrest of activist Mahmoud Khalil.

“This international distribution of operations ensures that even if Iran is ‘offline’ domestically, its ‘second front’ in the cyber domain remains fully operational,” Castellanos tells The Cipher Brief.

Iran’s malicious cyber activities are made more difficult by this operational model, which complicates attribution efforts. Iran uses proxy forces to advance its strategic objectives while maintaining an official distance from their activities as part of its regional strategy. In the cyber domain, this approach allows Iranian intelligence services to conduct operations that would be politically costly if directly attributed to Tehran.

Since the February 28 strikes, Iranian-aligned groups have claimed numerous operations across the Middle East and beyond. Pro-Iran hacktivists have targeted energy infrastructure in Jordan, payment systems in Israel, and government portals across Gulf states. While many claims remain unverified, the volume and coordination of activity suggest a systematic campaign to demonstrate continued operational capability despite the degradation of Iran’s domestic infrastructure.

“It makes it very hard to identify them from a geolocation aspect, as well as identifying the fingerprint of the attack. It creates more resilience in these operations since there is no single point of infrastructure that you can attack,” Chronister tells The Cipher Brief. “It also means that as Iran’s leadership withers, and there is less coordination with their various cyber forces, these groups could act on their own initiative, which will make an already complex situation even worse.”

The loss of centralized control cuts both ways for Iran. Cyber operations conducted by dispersed groups can withstand missile strikes, but rogue proxy groups operating independently may unintentionally escalate conflicts.

Bombing a building does not stop hackers with laptops scattered across multiple countries, which highlights another fundamental challenge. Iranian cyber operatives can resume operations from new locations within hours, rendering traditional military strikes largely ineffective against digital threats.

“Like with proxy terrorist groups, Iran has the ability for a diffuse set of actors to work on behalf of the IRGC cause, but those actors are limited in the scale of what effects they can produce,” he adds. “This diffusion will allow for a continued exploitation of vulnerable systems that I would expect to be targeted for propaganda victories, to shift public opinion, and to cause harm at the community level. This necessitates broad information sharing engagement across critical infrastructure for the United States cyber defense community.”

The threat horizon extends well beyond the immediate conflict. Analysts are now flagging two upcoming high-profile moments on the U.S. calendar, the World Cup in June and the midterm elections in November, as likely priorities for Iranian cyber targeting. Security experts warn the tournament could see a 30 to 40 percent surge in fraud attempts, with Iranian-linked actors expected to focus specifically on airports, transportation systems, and critical infrastructure in host cities. Iran’s track record of infiltrating U.S. systems ahead of strategic moments — elections, geopolitical flashpoints, major public events — suggests these will not be missed opportunities.

The message is clear: Iran’s distributed cyber army may lack the power to cripple America’s infrastructure, but it has more than enough capability to disrupt daily life — and only coordinated defense can stop it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Proscribing the IRGC Will Make Britain Safer

The United Kingdom must act to proscribe Iran’s Islamic Revolutionary Guard Corps, or IRGC, before it’s too late. The IRGC must be proscribed before more places of worship are torched, more citizens are violently harassed, more ambulances intentionally destroyed, more peaceful gatherings threatened. The IRGC has the capability and the intent to harm people on British soil with increasing ease. This threat could be nipped in the bud with the right measures, right now.

The IRGC views the United Kingdom as a permissive environment. For the IRGC, the United Kingdom is not just a place to launder money or recruit British citizens to post the regime’s propaganda on social media, though both are certainly happening there. The IRGC is also conducting hostile intelligence operations, evading sanctions, hiding millions of pounds from illicit shadow fleet oil sales in high-end real estate portfolios, incorporating shell companies, running banned media offices, and sheltering their spendthrift children. And, most recently, the IRGC freely influenced local gangs in London under the banner of Harakat Ashab al-Yamin al-Islamia, or HAYI, to torch and destroy half a dozen Jewish-linked targets there over the span of just a few weeks.

The situation in today’s United Kingdom is not unlike Argentina in 1994. Back then, a young IRGC veteran of the Iran-Iraq War named Ahmad Vahidi worked with local Shi’a militants in Buenos Aires to attack the AMIA Jewish center, killing 85 people. Two years earlier, he had planned an attack on the Israeli embassy there that killed 29 people.

That same Ahmad Vahidi is now leading the IRGC in Iran after the U.S. and Israel killed the previous leaders on February 28, 2026. Vahidi is directing the IRGC to use the same toolkit he personally honed in Argentina to kill, maim, and terrorize people, Jewish or not, in Britain, Belgium, France, and elsewhere across Europe.

The IRGC must be proscribed in Parliament before an AMIA tragedy comes to London. But some argue that proscribing the IRGC may spook Iran into pulling its embassy out of London. Others fear crucial diplomatic and intelligence channels may dry up.

The UK has already sanctioned 1,238 Iranian persons and entities, including sanctions on 84 IRGC affiliates in 2023. And yet Iran’s embassy remains open for business. And so does a branch of the sanctioned, Iran-owned Bank Melli, right across the street from the Whole Foods Market in London’s affluent Kensington neighborhood. Across town, the IRGC’s banker, Ali Ansaari, received the go-ahead to build 33 luxury flats in north London despite UK sanctions specifically designating him the previous year for his help in bringing billions of pounds of IRGC money into British banks. Another beneficiary of the UK’s permissive environment for the IRGC is Mojtaba Khamenei, the erstwhile hidden successor of Iran’s late Supreme Leader. The sanctioned Khamenei counts luxury real estate holdings in London’s Bishop’s Avenue as a crown jewel in his £100 million European real estate portfolio.

Although hundreds of people and entities affiliated with the IRGC are sanctioned by the US, UK, and EU, the IRGC continues viewing the UK as a comfortable place to work. Sanctions are clearly an insufficient antidote to this unscrupulous organization. Sanctions are toothless unless paired with enforcement mechanisms that can cut through the shadowy layers of banks, shell companies, and cutouts the IRGC uses to slip right through onto the streets of London.

Asset freezes under the Sanctions and Anti-Money Laundering Act of 2018 and the Iran (Sanctions) Regulations of 2023 are a helpful start. But, as Bank Melli, Ali Ansari, and Khamenei’s son demonstrate, these measures remain largely ineffectual without actually proscribing the IRGC as a Proscribed Organisation. And with people like Ahmad Vahidi in charge of the IRGC, the clock is ticking ever closer to the next attack on British soil. But none of this is inevitable. Indeed, there is a way to stop it.

Keir Starmer noted recently that he has been “very worried” about the IRGC’s ability to use violent surrogate actors inside the UK. Worry is no substitute for action. And the proper action for this moment is a full proscription of the IRGC. People’s lives depend on it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Limits of Human Oversight at Machine Speed

OPINION — Warfare has always operated at human speed, but we now have the capability to operate at machine speed. The risks are high, but so are the risks of failing to adapt. Our adversaries are moving toward machine speed faster than we are, and the gap is widening faster than our processes can evolve.

Many companies are developing AI tools that accelerate the decision cycle and shrink OODA (Observe, Orient, Decide, Act) loops, augmenting analysts so they can triage alerts, draft courses of action, and surface recommendations in a fraction of the time it used to take. The tools are good and getting better, and the companies building them are doing important work.

But there is a ceiling. So long as a human sits at the “decide” step, the cycle runs at human speed. Augmented human speed, but human speed nonetheless. The AI can compress the observe and orient steps to near-zero, but it cannot compress the human decision process. The human is, in this configuration, the limitation.

That limitation is not inherently a problem. For most of the decisions we care about, we want a human making them. Across most of the defense enterprise, in planning, intelligence analysis, logistics, personnel, and countless workflows where judgment, accountability, and context matter, humans add real value. The argument that follows is not a blanket case for autonomy. It is about a specific class of decisions, in a specific class of operational environments, where the speed differential between offense and defense is becoming the determining factor.

The problem is that our adversaries may not accept the same ceiling. If they are willing to close the loop entirely, letting the machine observe, orient, decide, and act without a human gate, then their cycle runs at machine speed and ours runs at augmented-human speed. Those are not comparable tempos. Orders of magnitude separate them, and the gap is growing.

This is the context for every conversation about keeping humans in the loop. In a contest where one side operates at machine speed and the other does not, a human review step can be both a safeguard and a structural disadvantage. The question is no longer whether we can afford to keep humans in the loop. The question is whether the humans we claim to have in the loop are actually doing anything, and whether their presence reflects meaningful oversight or has quietly become a fiction we maintain because the alternative is uncomfortable.

This is a hard conversation, and hardest on the kinetic side, where autonomous lethal decisions raise questions we are not ready to answer. It is more tractable in cyber. Not because the stakes are zero, but because cyber effects do not place lives directly at stake on the same scale as kinetic strikes. The competitive pressure is already forcing decisions in cyber that the kinetic debate has been able to defer. That is where this piece starts.

The Cyber Case

In cyber, the argument for accelerating decision cycles isn't philosophical. It's arithmetic.

The Zero Day Clock, an industry tracker maintained by a coalition of cybersecurity researchers, measures when the mean time from vulnerability disclosure to first observed exploit crosses key thresholds. The one-year threshold was reached around 2021. One month in 2025. One week and one day were both crossed in 2026. One hour is projected for later this year. One minute by 2028.

The interval between milestones is collapsing. It took roughly four years to go from year-scale to month-scale exploitation, one year to go from month to week, and week to day happened in the same calendar year. Defenders who designed their patch cycles around the assumption of months are now operating against adversaries who weaponize disclosed vulnerabilities in hours.

Cyber operators today use AI tools to work through alerts and incidents faster, and those tools genuinely help. For routine work, the current model of AI surfacing and human deciding is fine. But for a contested environment against a capable adversary moving at the speeds the data describes, the math becomes harder to defend.

Tools that scan codebases for vulnerabilities are not new. What is new is the next step: these tools are starting to generate patches and mitigations for the vulnerabilities they find. The AI identifies the problem, proposes a fix, and routes the recommendation to a human for review before implementation. That review takes time. Not much by human standards, but enormous by the standards of what is happening on the other side.

Anthropic's Mythos preview is one indication of where this is headed. According to Anthropic's published descriptions, Mythos can find zero-day vulnerabilities and exploit them with minimal or no human input, closing the entire kill chain across the MITRE ATT&CK matrix. It is not alone. Google's Big Sleep was reported in late 2024 to have found the first publicly disclosed AI-discovered zero-day in SQLite, found by an AI before any human defender. Anthropic's red team reported in early 2026 that Claude had identified over 500 high-severity vulnerabilities in widely used open-source software, many of which had survived decades of expert review.

As Sean Heelan put it: the limiting factor on a capable state's ability to generate exploits is no longer the number of skilled hackers it can recruit. It is token consumption.

Bruce Schneier, Heather Adkins, and Gadi Evron published a joint essay in 2025 warning that we are approaching a singularity moment for cyber attackers, the point at which AI systems can discover vulnerabilities, write exploits, and launch attacks faster than any human defender can respond. The attackers' AI singularity is well underway; the defenders' is significantly behind. Reasonable people can disagree about how far behind. Few disagree about the direction.

The crucial point is this: just a few years ago, having a human in the loop wasn't really a choice. The technology wasn't capable enough to close the kill chain. AI tools could surface candidates, but the actual decision-making and execution was done by humans because nothing else could. That is no longer true. The technology can now close the chain end-to-end, and in some narrow tasks it can do so better than the humans it is supplementing. Whether to let it is a real question now, not a technical limitation pretending to be a policy choice.

If an adversary's AI can identify a vulnerability and weaponize it in minutes while our response workflow routes the patch recommendation through a human for review, we are not in the same race. The human review step that felt prudent in 2020 is, in some operational contexts, the step that ensures we lose.

This is the easier version of the conversation. The capabilities are concrete, the failure mode is a compromised network rather than a destroyed building, and the competitive pressure is undeniable. And yet even in cyber, we are struggling to have it honestly. Some of that is appropriate caution; some is risk aversion; some is the difficulty of holding AI capability providers accountable in a field evolving faster than the frameworks for evaluating it.

The Kinetic Case

The kinetic version of this conversation is harder because the stakes are final and the cultural resistance is more deeply entrenched.

For most of the history of weapons, humans were the end operators. Small arms, artillery, and dumb bombs all relied on a human for aiming and firing. Laser-guided munitions shifted some of the guidance burden to the technology, but a JTAC on the ground still had to mark the target. GPS-guided munitions moved further; the operator inputs coordinates and the weapon does the rest, but humans still chose what to target. Through every generation, the kill chain was executed by humans because nothing else could.

We are now fielding systems that can handle targeting, firing, guidance, and delivery of effects without a human at any of those steps. The technology has caught up; in some narrow tasks, it has surpassed us. The cultural framing has not. We still talk about autonomous weapons as though the question is whether to cross a line. The line has been moving for forty years, and we have been crossing it incrementally the whole time. What is new is that the technology is now capable of completing the trajectory.

That does not mean we should rush to full autonomy in lethal decisions. It means the conversation we need to have is not "should we ever remove humans from the loop" but "at what point have we effectively done so already, and are we being honest about it?"

What Is the Human Actually Doing?

This is the question the rest of the debate hinges on.

When we say there is a human in the loop, what is the human actually doing? Are they independently verifying or re-doing the AI system's work? If so, it defeats much of the purpose of using the AI. If not, it defeats much, if not all, of the purpose of having the human there. If the answer depends on the situation (which it almost always will), how are we deciding which situations justify fully autonomous action?

These questions have real answers in some contexts. There are workflows where a human reviewer genuinely catches errors the AI missed, including obvious ones the AI is structurally bad at recognizing. This is the most critical reason today, but the errors are becoming fewer and farther between. Human verification can also serve a second purpose: providing the feedback signal that helps train and improve the model. In those contexts, the human in the loop is doing real work, and the right policy is to keep them there. The argument here is not that human oversight is always theater. It is that we need to be honest about which contexts it is and which it isn't.

Consider AI-generated targeting. During an operation, an AI system ingests real-time intelligence feeds (signals, imagery, pattern-of-life data, network traffic) and produces a list of targets. A human is assigned to review the list before strikes are authorized. What does that review actually consist of?

The human does not have time to review all of the intelligence data the AI processed, and could not do it at the speed of the operation even if they had the analytical capacity. What they can do is a sanity check. They can ask whether the targets look roughly like the kind of targets they expect to see and flag obvious errors, the kind that come from the AI getting confused in ways a human would not. That catch is genuinely valuable. They can also provide a feedback signal that, over time, makes the system better. What they cannot do is verify that the AI's reasoning was correct. When speed matters, that limitation becomes a liability.

Reports of the Israeli military's use of the Lavender system during operations in Gaza illustrate what happens when this dynamic meets operational pressure. According to reporting by +972 Magazine and Local Call, lower-level operators faced extreme pressure to strike targets at a high pace and leaned on Lavender to generate target lists they could not meaningfully verify at the tempo demanded. Human review existed in name. In practice, the operators were approving AI-generated decisions they did not have the bandwidth to assess. What they were doing was signing off.

A non-AI parallel sharpens the point. Microsoft's "Digital Escort" program, reported by ProPublica in 2025, was designed to comply with Pentagon restrictions on foreign nationals accessing sensitive systems. Microsoft used lower-cost engineers in China to maintain government cloud systems and hired U.S.-based "digital escorts" to formally implement the code changes on the engineers' behalf. The escorts were less technically skilled than the engineers whose work they were approving and often did not understand what they were implementing. In practice, they rubber-stamped the work. The ‘American in the loop’ was theater.

This is the pattern we should expect with AI systems operating at the edge of human capacity. If the AI is doing work the human could not do themselves, or at a speed they cannot match, the human's role collapses from verification to approval, and under operational pressure, to rubber-stamping. The loop is closed in name only.

When human oversight collapses to rubber-stamping, we end up with the worst of both options. We have slowed the system down, accepting the operational disadvantage of human-speed decision cycles, without preserving the safety benefit that human review was supposed to provide. The risk is still present; we have simply added latency. It is a self-imposed disadvantage with none of the benefits that justified it.

In some current deployments, we already have this dynamic and we are not acknowledging it. The human in the loop comforts us. It satisfies the policy requirement and provides someone to name as the accountable decision-maker after the fact. It does not meaningfully alter what the AI would have done on its own.

Accountability When the Human Can't Keep Up

The accountability question follows directly from the verification question, and it breaks a chain we have relied on for a century.

When a rifle round hits the wrong target, we do not blame the rifle manufacturer; we investigate the shooter. When a dumb bomb misses, we investigate the pilot and the targeting process. When a laser-guided bomb hits the wrong building, we investigate the JTAC, the target designation, and the command chain. When a GPS-guided munition hits a school, we investigate whether the coordinates were correct and whether the targeting cell followed proper procedure. Through every generation, accountability has run to the human operator or the humans in the decision chain above them.

This works because the human operator is meaningfully in control. They choose the target, input the data, pull the trigger. They have both the authority and the capacity to be responsible for the outcome.

Autonomous systems strain this chain. If the human in the loop is functionally rubber-stamping AI-generated decisions made at speeds and against data volumes they cannot independently evaluate, it is not coherent to hold them solely responsible. We can name them as accountable in an after-action review. We cannot credibly claim they were the decision-maker.

This shifts accountability upstream. If the human at the edge cannot meaningfully verify the decision, then responsibility lies more heavily with the people who decided what the system would be allowed to do: the developers, the testers, the commanders who set the authorities, the policymakers who approved the capability for deployment. The operator at the terminal is executing a decision that has, in important respects, already been made.

Developing autonomous control layers and targeting systems is not like developing a rifle. A rifle manufacturer ships a tool and trusts the operator to use it responsibly. An AI targeting system manufacturer is shipping something closer to a decision-maker, a system that will, in practice if not in policy, determine outcomes that human operators cannot meaningfully override. That shift in function requires a shift in how we think about responsibility. The builder does not get to hand off the system and walk away.

This is not an argument against building these capabilities. The companies and labs developing autonomous defense systems are doing essential work, and the United States and its allies need them to keep doing it. It is an argument for building them with full awareness of what is being built and how it is being used. These labs are not just providing tools. They are making strategic and ethical decisions that will shape how force is used. The more honest we are about this, the better the systems will be.

Trust, and the Honest Conversation

We arrive at a gap that defines the current moment. We cannot keep humans meaningfully in the loop at machine speed in every context. We do not yet trust the systems enough to take them out. Both propositions are true.

The temptation is to resolve the gap by picking one side: full autonomy in the name of competitive necessity, or full human control in the name of moral responsibility. Neither is serious. Full autonomy without adequate trust risks catastrophic errors we cannot unwind. Full human control against an adversary at machine speed guarantees we lose before we can control anything.

So why are we struggling to have this conversation honestly? Several reasons, none unreasonable on their own. Senior decision-makers do not yet have the basis to trust autonomous systems with consequential decisions, because the evidence base hasn't been built. Risk aversion in defense institutions is a feature, not a bug; it has prevented many bad outcomes, even if it now imposes costs. We don't have mature frameworks for holding AI capability providers accountable. An autonomous lethal force, even when bounded and tested, raises moral questions that the Department is right to take seriously.

None of this is a reason to avoid the conversation but it is a reason to have it more carefully. That requires building the evidence base for trust. Trust is the product of testing, adversarial red-teaming, operational evaluation under realistic conditions, and accumulated evidence that the system behaves as intended across the range of situations it will face. We do not have this evidence for most of the autonomous capabilities being fielded or contemplated. Building it is not optional, and it cannot be skipped because the adversary is moving fast.

It also requires being honest about which loops have humans in name only. If the human reviewer cannot meaningfully verify the AI's decision, claiming they are in the loop is a fiction. The right response is to either make the human's role genuine, by slowing the system or narrowing its scope so review is possible, or to acknowledge that the decision is effectively autonomous and design the controls and accountability structures accordingly.

And it requires distinguishing between cases. Autonomous patching of a vulnerability in an isolated system is a different decision than autonomous targeting for lethal strikes. We need frameworks that distinguish between reversible and irreversible actions, between contained and uncontained effects, between narrow and broad consequences. A blanket "human in the loop" policy treats all these cases as identical. They are not.

The decision about whether to remove humans from certain loops has, in some narrow domains, already been made by the math. Our choice is whether to acknowledge that and build the systems and accountability structures that make it responsible, or to maintain a comforting fiction until something forces a reckoning we are not prepared for.

The adversaries are not waiting for us to decide.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Rethinking the Intelligence Cycle for the AI Era

There’s a profound assumption embedded in much of today’s conversation about AI and intelligence: better technology will solve our core problems. We need new infrastructure, better models, and faster processing—all tied to our unique data.

But step inside most intelligence workflows and a different reality emerges.

We are not constrained by what we can collect. We are constrained by what we can prioritize, interpret, and act on in time to matter.

The System Was Built for a Different Problem

The modern intelligence system was designed for a world defined by scarcity. Collection was difficult. Access was limited. Processing was slow. The intelligence cycle—collection, processing, analysis, dissemination—reflected those constraints. It imposed structure, discipline, and rigor on a problem set where information was hard to come by. That system worked because it matched the environment but the environment has changed.

Today, across open sources, commercial capabilities, and traditional collection, we operate in a world of persistent access and expanding data. AI is accelerating that shift, enabling faster processing, broader pattern recognition, and near-instantaneous assessments.

And yet, the underlying system—the way we task, integrate, evaluate, and deliver intelligence—has not fundamentally adapted.

The Constraint Has Moved

Much of the current focus remains on improving inputs: faster infrastructure, better models, more data. These are necessary but insufficient.

The constraint is no longer what we can collect or even what we can analyze. It is how effectively we prioritize what matters, integrate signals across sources, apply judgment at speed, and connect insight to decision in time to matter

In short, the constraint has moved from capability to tradecraft.

AI Is Compressing the Cycle—But Only at the Edges

AI is already changing parts of the intelligence workflow. Signals and geospatial intelligence processing that once took hours can now happen in minutes. Pattern recognition is functionally limitless and immediate. The era of the needle in the haystack is over. Draft assessments can be generated in seconds.

These capabilities are real but have not been fully implemented—nor can they be because the system still operates sequentially. Tasking decisions remain episodic; data integration is still a manual fight; and validation and coordination follow legacy timelines.

The result is a growing mismatch between what technology enables and what the system can absorb. We are accelerating pieces of the intelligence cycle without redesigning the cycle itself.

Tradecraft, Not Technology, Is Now the Limiting Factor

This is the call to action that will define the American Intelligence Community’s success in the next decade. If intelligence continues to operate as a linear process optimized for scarcity, then adding speed and scale at individual stages will produce diminishing returns.

The harder problem—and the more important one—is rethinking how intelligence is done:

How do we move from periodic tasking to dynamic prioritization?
How do we integrate AI into workflows as a default starting point, not an add-on?
How do we preserve rigor while operating at machine speed?
How do we ensure intelligence is informing faster, more diffuse, policy?

The Most Important Shift—Flattening the Intelligence Cycle.

The intelligence cycle was designed as a sequence: tasking, collection, processing, analysis, dissemination. Each step informs the next. Each stage has ownership. Each handoff introduces control—and delays.

This structure makes less sense today because collection is persistent, data is abundant, and processing is near-instantaneous. More importantly, policymaking is now dynamic—minute by minute—not defined by a once-a-day President’s Daily Brief and not constrained to the Oval Office.

How can we reimagine the intelligence cycle to account for these realities?

Let’s start by leveraging the real world and admitting that this change is not as radical as it sounds. During fast-moving crises, analysts often bypass formal cycles—pulling from multiple sources in real time, integrating signals as they arrive, and engaging directly with policymakers in an ongoing dialogue rather than through finished products.

For example, we did this out of necessity for counterterrorism operations over the last 25 years. Intelligence and operations were increasingly fused out of necessity. Collection and analysis informed action in near real time, and action reshaped collection and analysis priorities just as quickly. The formal cycle existed—but it was not how the work happened. Counterterrorism operational tradecraft set a model for where the system is heading.

The traditional cycle moves information through stages. The flattened cycle moves decisions through a system. The difference is subtle but profound.

In a flattened intelligence cycle:

Collection and analysis are intertwined. Some of the best analysts I know were case officers serving in the field.
Processing is not a step. It is largely automated with humans on the loop.
Dissemination is not an endpoint—it is an iterative relationship with policymakers.

Flattening the intelligence cycle does not mean abandoning rigor or structure. It means redesigning the system to move at the speed of the real world, automating rote tasks, and putting our nation's best and brightest minds on the hardest truly-human tasks.

What Comes Next

This is the first in a series examining how emerging technology—particularly AI—is reshaping the intelligence system in practice.

In my following posts, I’ll focus on where this tension is most visible today, especially in collection and analysis.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Russia and China are keeping Iran lethal

The ceasefire between the United States and Iran is barely holding. Pakistani mediators are still shuttling between capitals, fighting has flared in recent days, and President Trump is now sitting across from Xi Jinping in Beijing for a high-stakes summit covering trade, Iran, and Taiwan.

Yet American intelligence has reached a different conclusion about what Beijing is actually doing: China is preparing to move man-portable air-defense systems, MANPADs, to Iran through third-country cutouts, according to CNN, which cited three sources familiar with recent intelligence assessments. The shipments would reach Tehran while Beijing holds itself out as the party that helped stop the war.

The CCP, however, is deliberately doing both things at once.

The intelligence indicates Iran may be using the ceasefire as an opportunity to replenish weapons systems with the help of key foreign partners, with indications that Beijing is working to route the shipments through third countries to mask their true origin. The MANPADs in question are shoulder-fired, infrared-guided missiles — systems that require little infrastructure, minimal operator training, and can be concealed inside civilian vehicles, urban terrain, or dispersed military positions.

On April 3, an American F-15E Strike Eagle was shot down over Iran by a shoulder-fired heat-seeking missile — a fact Trump later confirmed publicly, saying the Iranians “got lucky.” Whether that system was Chinese-manufactured remains unconfirmed; Iran also produces its own Misagh MANPAD series, reverse-engineered copies of Chinese QW-series designs, meaning the Chinese origin of any given shoulder-fired missile over Iranian airspace may never be definitively established.

What is confirmed is that Tehran noticed what worked, and Beijing appears to be resupplying accordingly.

“The sending of MANPADs to Iran would represent an escalation in Chinese assistance, moving beyond traditionally supplying spare parts to Iran’s missile and drone program to the transfer of actual complete weapons systems,” Jason Brodsky, policy director at United Against Nuclear Iran, tells The Cipher Brief.

Neither Russia nor China fired a shot against American forces. They didn’t need to. For years, Moscow and Beijing have quietly supplied Tehran with the intelligence, technology, and weapons components needed to keep Iran capable of threatening United States forces — before wars start. At the same time, they’re being fought, and during the ceasefires in between. The pause in fighting did not stop that effort. It created cover for the next round.

Russia’s contribution: orbits and operational intelligence

Beyond diplomacy, Russia provided Iran with intelligence to aid strikes against United States forces in the region. According to reporting by the Washington Post, Moscow shared the locations of United States warships, aircraft, and radar systems with Tehran during the opening days of the conflict — what one official described as a “pretty comprehensive effort.”

The Wall Street Journal reported that the assistance went beyond location data: Russia was also feeding Iran satellite imagery from its Aerospace Forces, giving Tehran a clearer picture of what its strikes had hit and what to aim at next.

The results were visible in the strike patterns themselves. Meanwhile, satellite imagery found that at least 228 structures or pieces of equipment were hit at United States military sites across the Middle East, with radar installations, communications facilities, and air defense equipment among the most heavily targeted — a level of precision that exceeded Iranian strike patterns in the 12-day war between Iran and Israel in June 2025.

That precision has a signature. Iran had spent years supplying Russia with Shahed drones for use against Ukraine; Moscow was now returning the knowledge investment with interest. Russia shared battlefield lessons from its drone war in Ukraine with Iran, including guidance on strike altitudes and how many drones to deploy in a single wave — drone swarms used to overwhelm radar, followed by precision missile strikes against command-and-control nodes. Moreover, Iranian strike patterns in the Gulf increasingly resembled Russian tactics honed in Ukraine.

Jennifer Kavanagh, senior fellow and director of military analysis at Defense Priorities, tells The Cipher Brief that Russian and Chinese assistance is a direct reason for Iran’s improved targeting between June 2025 and the most recent conflict.

“However, the United States provided similar intelligence to Ukraine, so it is hard for the Trump administration to push back,” she explains.

The groundwork Russia laid before the first shot was fired made the intelligence-sharing during the war far more lethal. Russia built and launched the Khayyam satellite in August 2022, a Kanopus-V Earth-observation platform with a resolution of 1.2 meters, giving Tehran the ability to conduct near-continuous surveillance of specific United States and Israeli military facilities.

S-400 air defense components began arriving in Iran from Russia in 2024, with at least one battery deployed near Isfahan. Years earlier, Moscow had also delivered the Rezonans-NE, an over-the-horizon radar that can track stealth aircraft and ballistic missiles out beyond 400 miles.

What greeted United States and Israeli aircraft over Iran in February 2026 was not purely Iranian. The detection infrastructure had Russian fingerprints on it — years of deliberate investment in Tehran’s ability to see and track what was coming.

China’s fingerprints: navigation, components, and the dual-use pipeline

What China offered Iran wasn’t firepower. It was independence. Folding Tehran into BeiDou — Beijing’s military-grade satellite navigation system — meant Iran’s drones and missiles no longer depended on GPS signals that the United States and Israel had already demonstrated they could disrupt. During the June 2025 twelve-day war, Israeli jamming knocked out Iranian GPS-guided weapons almost immediately.

By the fourth day, Iran had shifted its drones, cruise missiles, and ballistic weapons onto BeiDou-3, and the jamming stopped working. The system’s encrypted military signals, defense analysts say, are essentially unjammable.

The dual-use component pipeline ran deeper still. In February 2025, the United States Treasury Department sanctioned Chinese front companies supplying gyro navigation devices to enhance Iranian-made UAVs. In November 2025, a separate network connected to Iran’s Aircraft Manufacturing Industrial Company was accused of using shell firms to acquire Chinese sensors and navigation equipment. Since China gave Iran access to BeiDou in 2021, Tehran has also used the system to produce decoy signals to confuse threat analysis and conceal actual Iranian military movements.

There is a pattern worth noting in how Chinese dual-use exports to Iran have moved. They rose after Trump signed a maximum pressure memorandum on Iran in early 2025. They rose again after the United States strikes on Iranian nuclear facilities in June 2025. Beijing has not acted despite American escalation. It has acted because of it.

Multiple sanctioned Iranian ships believed to be carrying sodium perchlorate, a precursor material for solid-propellant rockets, have traveled from China to Iran since the war began. Shanghai-based MizarVision — which holds a Chinese National Military Standard certificate and, like all Chinese companies, operates under Beijing’s national security law — systematically published AI-enhanced satellite imagery of United States military movements throughout the conflict, including carrier strike groups and F-22 positions at regional bases.

Iranian strikes later hit a number of the sites MizarVision flagged. Jing’an Technology was doing much the same. For Beijing, the arrangement was convenient — private firms, at least on paper, doing work the Chinese government could disavow.

Washington also accused SMIC, China’s largest chipmaker, of supplying chipmaking tools and technical training to Iran’s military industrial complex, beginning roughly a year before the war. Beijing denied each allegation in sequence.

The reconstitution problem

The deeper strategic problem is not what Russia and China did during the war. It is what they are positioning to do after it.

After suffering major battlefield losses during the October 2024 Israeli campaign and the June 2025 twelve-day war, Iran was able to rapidly reconstitute key elements of its missile and military infrastructure with external support — restoring its ability to threaten the United States and its regional allies in a matter of months. The pattern repeated itself after February 2026. The ceasefire may have halted the kinetics, but it did not halt the resupply.

MANPADs fit the reconstitution requirement precisely — lightweight, dispersible, and effective against the low-flying aircraft that United States and Israeli forces would rely on in any renewed campaign.

Not everyone thinks sanctions were ever the right tool here.

“This is not new,” Kavanagh notes. “China provided Iran with new weapons and air defense systems after the 12-day war and has assisted Iran’s military in other ways for years.”

Sanctions, meanwhile, are losing their bite. “Sanctions and export controls slow reconstruction as they temporarily disrupt procurement networks,” Brodsky says, “but the challenge is the Iranian regime has been adept at establishing new workarounds and evasion mechanisms — sometimes faster than the United States government can dismantle them.”

“U.S. sanctions have begun to lose their effect,” Kavanagh says. “China and Russia have proven adept at avoiding them and are willing to ignore them. Sanctions won’t prevent Iran from rearming.”

Defense analyst John Wood tells The Cipher Brief that the physical resupply is already moving. During the ceasefire, he says, Russia has been pushing assets across the Caspian Sea while China has been using overland rail routes to do the same — a coordinated, parallel effort to rebuild Iranian capacity before any renewed hostilities. “The objective is obvious,” he says. “Bleed the United States and Europe economically and militarily.”

Asked about the MANPAD intelligence on April 12 as he left the White House, Trump issued a terse warning: “If China does that, China will have big problems.” Whether that threat lands before the shipment does remains the operative question — particularly given that the joint statement from the Beijing summit includes agreement that Iran must never obtain a nuclear weapon and that the Strait of Hormuz must remain open, but contains no explicit commitment from Xi on weapons transfers to Tehran.

Beijing’s leverage over Washington is not limited to the battlefield. The late October 2025 exchange in South Korea, Washington's suspension of the Bureau of Industry and Security Affiliates Rule, and Beijing's pause on rare-earth export controls were a pointed illustration of how much the United States’ defense industrial base depends on materials that China controls and can restrict at will.

It holds cards over Tehran’s survival. And it is playing both — publicly mediating while quietly rearming, letting Russia absorb the harder accusations while preserving its own deniability.

Both Moscow and Beijing share a structural interest in the outcome, even if their calculus differs.

“Beijing and Moscow are happy to watch the United States waste its military power in the Middle East,” Kavanagh says, “but both also suffer costs from the war. For Beijing, higher energy prices and the precedent created by the closure of the Strait of Hormuz are worrisome even if they are glad to see Washington entangled in the Middle East.”

Both, she argues, would like to see the war end, but on terms favorable to Iran. Brodsky puts the longer-term stakes more plainly.

“If the United States meaningfully erodes the Iranian regime’s capability to project power beyond its borders, that actually harms Russia and China in the long run — as they now have a weakened partner.”

Neither Moscow nor Beijing wants an Iranian collapse that would invite American consolidation across the region. What they want is a Tehran that survives, reconstitutes, and keeps Washington consumed. The ceasefire is not the end of the strategy. For both powers, it is the condition under which the next phase begins.

“The longer the war goes on, the more it works to China’s advantage,” Wood says. “And raises the likelihood of a Taiwan blockade.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Inside the FBI’s New Push to Track Leaks and Monitor Employees

OPINION — “The FBI requests $7 million to procure and deploy a digital watermarking solution capable of embedding unique digital forensic watermarks in commonly shared documents to mitigate unauthorized disclosures from the FBI’s classified and unclassified networks. Digital watermarking embeds a unique overt or covert forensic marker into emails and other commonly used file types, making it possible to attribute leaked information via screen photography or other non-traditional means back to the user. If information is exfiltrated from an FBI-managed endpoint, the watermarking solution can trace the document back to an employee or group of employees.”

That’s a quote from the 94-page FY 2027 FBI Budget Request to Congress that was released in March under a section entitled “Transparency of Government and Promoting Public Trust.”

I was aware of the investigative use of watermarks to track down confidential government documents, but I had never believed I would find a government agency, particularly the FBI, acknowledging publicly they were using it to keep tabs on their own employees.

Much to my surprise, the FY 2027 FBI Budget Request to Congress showed other FBI programs to catch leakers inside the Bureau. The Bureau budget document also describes other programs that are worth some public disclosure which I will discuss below.

First, some explanation.

I had decided to look into the proposed FY 2027 FBI budget after reading some nasty exchanges that took place at the May 12, Senate Appropriations Committee hearing on the Bureau’s budget. FBI Director Kash Patel was a witness and several Senators raised questions about recent news stories about Patel’s personal activities, to which he made a strong vocal defense of the activities.

After one bitter argument over stories about Patel’s alleged excessive use of alcohol, Sen. Chris Van Hollen (D-Md.) asked the FBI Director if he had ordered polygraph tests for FBI personnel to determine the sources of these leaked stories.

Patel responded, “There's an internal inspection review process for any and all leaks -- especially of baseless information -- at the FBI that's been in place for the last 30 years. Those processes are followed by career intelligence and agents on the ground.”

My interest in the FBI’s “internal inspection review process for any and all leaks” led me to the FY 2027 FBI Budget Request to Congress and there under a section called “Transparency of Government and Promoting Public Trust,” were descriptions of not only the watermark program, described above, but also one entitled User Activity Monitoring (UAM) Technology.

With UAM, according to the FBI budget document, “The FBI is strategically shifting its insider risk identification posture from traditional reactive activities to enhanced proactive approaches, allowing for early detection and mitigation.”

It then says that the FBI planned to purchase a “risk management suite” and, once procured, the Bureau will need $11.4 million in FY 2027 to support operation of the system.

Back in December 2025, the FBI awarded a five-year, $7 million contract to Everfox LLC to provide an Insider Threat Management Suite with UAM capability and User and Entity Behavior Analytics capabilities.

According to the FBI Budget document, “The UAM module will serve as the FBI’s primary monitoring and logging tool, capturing and analyzing all employee activity…The system generates real-time alerts, audit logs, and reports to notify insider threat analysts of potential risks, such as unauthorized access to sensitive data or files.”

As for the Behavior Analytics capabilities, that module uses “advanced analytics across all FBI-managed endpoints to detect anomalous and high-risk user activity indicative of insider threats.”

In short, to track down leaks the FBI has put in place a system to monitor employee computer usage and analyze that usage to detect any that is unusual. Although the Everfox systems purchased are directed at monitoring FBI employees to prevent leaks of any kinds of information, the FBI budget justifies this approach by referring to an Executive Order signed in 2011 by then-President Barack Obama which was aimed to protect Bureau classified information from outside hackers.

So far, however, the stories questioning Patel actions continue, as seen Sunday with the New York Times story headlined, “Patel’s Pearl Harbor Snorkeling Trip Adds Concerns About his travels.” The authors claim they spoke with “more than a dozen current and former FBI and law enforcement agents,” as well as Freedom of Information material.

Another FBI program disclosed in the FY 2027 FBI Budget Request to Congress relates to implementing President Trump’s September 2025 National Security Presidential Memorandum-7 (NSPM-7), Countering Domestic Terrorism and Organized Political Violence.

According to the FY 2027 FBI budget document, “In recent years, heinous assassinations and other acts of political violence in the United States have dramatically increased. Commonly, this violent conduct relates to views associated with anti-Americanism, anti-capitalism, and anti-Christianity; support for the overthrow of the U.S. Government (USG); extremism on migration, race, and gender, and hostility towards those who hold traditional American views on family, religion, and morality.”

To meet this challenge, the budget document says, the FBI now oversees the “recently created NSPM-7 Joint Mission Center (JMC),” which is “composed of personnel from 10 [Federal] agencies who possess CT (counterterrorism) and criminal operational and analytical expertise. The JMC is working to counter DT (domestic terrorist) and organized political violence by integrating intelligence, operational support, and financial analysis to proactively identify networks and prosecute domestic terrorist and related criminal actors.”

So far, there have been no reported activities of the JMC, but organizations such as the Brennan Center For Justice point out that NSPM-7 excludes high-profile examples of domestic political violence that do not comport with its storyline, such as the January 6, 2021, attack on the Capitol.

I close with one element of his time as FBI Director that Patel seems most proud of.

As he put it during his May 12 testimony, “Before I got in the [FBI Director] seat, over one-third of the entire FBI workforce was located in the National Capital Region. When I got here, I put a thousand agents into the field permanently. Every single state got more agents than they've ever had. Behind that, I sent 300 intelligence analysts into the field permanently. Behind that, I sent 500 support staff and program managers into the field permanently. And that's only Conus [within continental U.S.]. We've also expanded our overseas footprint. So, decentralizing the bureaucracy of Washington, removing the red tape in the bureaucracy, putting agents in the field…is how we're getting the mission done.”

Time will tell how that Patel action has worked out.

Patel also added to the above statement, “no one at this FBI is allowed to politicize or weaponize law enforcement. If you do, you don't get to work there anymore.” Reviewing the number of FBI officials and special agents that have been summarily dismissed since Patel’s appointment, including those who were assigned to participate in Trump-related investigations, I don’t believe that statement can be considered accurate.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Roses, Trees, and Power: The Symbolism Behind the Trump-Xi Summit

Last week’s high-level summit in Beijing between President Trump and President Xi achieved few traditional ‘deliverables’ between the two leaders, and this led many outside observers to dismiss its singular importance. No significant trade deals were made, and there was little diplomatic progress with respect to ending the wars between Iran and America, or Russia and Ukraine. There was no mention of North Korea, or China’s possible influence with respect to a resumption of diplomatic negotiations between America and North Korea regarding the latter’s nuclear program. President Xi and President Trump pledged to work towards “constructive strategic stability” in the US-China relationship. But Xi’s comments about Taiwan – which could be interpreted as an indirect threat – in which he warned Trump, “If handled poorly, the two countries will collide or even clash, putting the entire US-China relationship in an extremely dangerous situation,” set the background tone of the summit. Despite other cordial words by both leaders – Trump repeatedly praised Xi as a “great leader” - many observers suggested that the summit had no significant or measurable outcomes, except for optics, symbolism, and body language. But for President Xi, these were – and are – the key ‘deliverables,’ making the summit, where he and Trump acted as equals (e.g. “G-2,” in Trump’s words), a critical success for him and China.

For some, President Trump’s trip to Beijing might remind one of Lord Macartney’s 1793 mission to China. Xi proved a gracious host, showcasing China’s achievements, history, culture, and ancient beauty. To truly understand Xi’s perspective, the setting, symbolism, and body language are critical. On the last day, Xi and Trump held an informal meeting in the lovely and historic Imperial Gardens of Zhongnanhai, where they strolled together while conversing and later, enjoying tea. Xi pointed out trees that are 490 years old, and in other cases, over 1000 years old. He asked Trump to touch the trees, highlighting their place in the gardens’ history. When President Trump commented on the beauty of the roses, President Xi offered to send some seeds from the Imperial rose garden back to the White House. For Xi, such symbolism is key, with a subtle framing of his message being, America is celebrating its 250th anniversary this year. But China is a civilization – like these trees – that has been in existence for thousands of years. Xi could not have said it better — or been more pleased.

Xi’s sophisticated diplomacy and aspirations (“The Chinese Dream of Rejuvenation”) have always been paired with strategic thinking (the concept of shi, described by Professor David Lai as “the alignment of forces, the propensity of things, or the potential born of disposition”), ruthlessness, and an increasingly confident posture regarding China’s domestic and international interests. The Xi-Trump summit showed them interacting as complete equals. For Xi and China, such images at last week’s summit serve to erase more than a century of humiliation. And China’s goal of becoming the world’s dominant superpower by 2049 (the centenary of the PRC’s founding) has not changed. Nor has it altered its gray zone strategy targeting America and the West, its cyber-attacks, its espionage efforts, its desire to dominate the key industries of the 21st Century, its military buildup in the South China Sea, its theft of intellectual property, its aggressive moves towards Taiwan, or its economic reach with respect to the Belt and Road Initiative. Today’s President Xi is unchanged from 2017, when he first hosted President Trump on a state visit to Beijing.

But Xi ought to be careful, as he prepares for his next summit with President Trump in late 2026. It is convenient for Xi to assert, as he has frequently done, that the East is rising, while the West is in decline. And many critics would agree that given a divided, polarized America, a lame-duck President with falling poll numbers, and a nation bogged down by military conflicts in the Middle East, Xi is correct. But I’d argue that they and Xi have a potential blind spot. Such an analysis of American and western decline, coupled with China’ remarkable achievement in lifting 800 million citizens out of poverty since 1949, while becoming the world’s 2nd-largest economy, risks ignoring America’s resilience, as it approaches its 250th birthday in July 2026. President Trump has always showcased his mastery of media and spectacular events too. At his next summit with President Xi, he ought to highlight America’s exceptionalism, and walk with Xi along the Mall, George Washington’s home in Mt. Vernon, and let Xi touch and feel not a tree nor roses, but Philadelphia’s famed Liberty Bell. Such symbols and gestures can matter. President Trump’s optics can thereby say, this too, is America. Freedom. Courage. Faith. Nationhood. Endurance. And Liberty. Old concepts, old values, which stand the test of time.

Dr. Kenneth Dekleva served as a Regional Medical Officer/Psychiatrist with the U.S. Dept. of State from 2002-2016 and is currently the CEO of Blackwood Advisory Solutions LLC and Professor of Psychiatry, UT Southwestern Medical Center, Dallas, TX. The views expressed by Dr. Dekleva are entirely his own and do not represent the views of the U.S. Government, the U.S. Dept. of State, or UT Southwestern Medical Center.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The administration needs a better relationship with the Vatican

President Reagan formed an alliance with Pope John Paul II in the 1980s that contributed to the dissolution of the Soviet Union in 1991.

This is a powerful precedent for two world leaders — Pope Leo XIV and President Trump — to work together to oppose evil and seek global peace and stability.

Secretary of State Marco Rubio’s meeting with the pope on May 7 was a powerful gesture that showed the U.S. government wants a close, cordial relationship with the Vatican. According to the Vatican, both pledged to improve bilateral relations after Mr. Trump accused Leo of being “terrible for foreign policy.” The pope had commented that Mr. Trump’s “threat to destroy Iran’s whole civilization” was “truly unacceptable.”

Francesco Sisci, an Italian sinologist, author and columnist who maintains close ties with the Vatican, said Mr. Rubio’s meeting with the pope went well. He said: “The pope tells the world there’s another America besides the controversial president. The pope’s America is the one the world loves to love. This should be important for the U.S. Active and intense dialogue should follow up this meeting to keep the momentum.”

Yes, to keep the momentum. The Vatican has consistently been opposed to war and nuclear proliferation in favor of peace and stability. Indeed, it was the U.S. after World War II that worked hard to bring peace and stability to a global community exhausted and devastated by the war.

Unfortunately, the Cold War followed, starting with the Korean War. An expansionist Soviet Union was determined to spread communism throughout the world: in Vietnam, Angola, Ethiopia, Mozambique, Yemen, Libya, Czechoslovakia, Nicaragua, Grenada and, in 1979, Afghanistan. Fortunately, they failed.

What contributed to the Soviet Union’s defeat was Reagan’s relationship with Pope John Paul II. Both viewed Soviet communism as an evil that denied the Russian people and the Eastern Bloc their human rights and dignity. Indeed, it was Reagan and John Paul II’s first meeting at the Vatican in June 1982 that initiated their close bond.

What followed was a close working relationship that contributed to the defeat of communism and the dissolution of the Soviet Union in 1991.

The partnership between the U.S. and the Vatican was characterized by intense, behind-the-scenes information sharing about the Soviet Union and coordinating actions in Eastern Europe. The pope provided the spiritual and moral inspiration to the Solidarity movement in Poland, weakening the authority of the Polish communist government.

Both the U.S. and the Vatican sent news into the Soviet Bloc, undermining the communist fake narrative. Indeed, the pope provided the moral voice, and Reagan, the geopolitical pressure.

This partnership peacefully transformed Eastern Europe. Can the partnership of the U.S. and the Vatican be replicated for the war in Iran?

Iran’s nuclear ambitions, the regime’s killing of more than 30,000 Iranian peaceful protesters earlier this year and its acts of terrorism, which have killed hundreds of Americans, are just some of the information we can and should share with the Vatican.

Conversely, the Vatican can share its moral options for changing the behavior of an Iranian regime that is viewed as a pariah state by its neighbors and the international community.

A collaborative U.S.-Vatican partnership to address other global issues, such as the wars in Ukraine and Sudan, and the ongoing conflict in the Gaza Strip, could be valuable. If the Vatican was helpful in bringing an end to the Cold War, then why are we not partnering with it on the multitude of ongoing global conflicts?

Hopefully, Mr. Rubio’s meeting with Pope Leo XIV is the beginning of a productive relationship with the Vatican, one that will bring peace and stability to the world.

This piece was originally published by The Washington Times and is republished here with permission.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Sustaining Decision Advantage: The Case for Analytic Tradecraft Reform

OPINION -- In an era where warfighters and decision-makers have on-demand access to vast data holdings and AI-generated insights, the future of intelligence analysis will be defined by the ability to apply modernized analytic tradecraft to transform data into decision-ready insight. Where others may optimize for speed, scale, and profit, the intelligence community must bring methodological rigor to create decision advantage.

The Promise and the Peril of Analytic Tradecraft

The scripture inscribed on the CIA’s Original Headquarters Building reads: “And Ye Shall Know the Truth and the Truth Shall Make You Free.” The words express an optimistic belief that objective truth can be identified and communicated. This premise, however, is increasingly under strain.

The Cold War-era architects of modern analytic tradecraft understood that intelligence analysts are no less susceptible to cognitive bias than anyone else. This led Sherman Kent, Richards Heuer, and others to develop a framework of analytic methods to ensure the objectivity of intelligence assessments. The methods encourage analysts to “show their work” and take active measures to mitigate cognitive bias, manage uncertainty, and boost decision-makers’ confidence in analytic conclusions.

The intelligence community’s adoption of a universal set of analytic tradecraft standards after the 9/11 terrorist attacks and the flawed assessment of Iraq’s WMD programs marked a high point in the use of analytic tradecraft.

Administrative formalization and the passage of time, however, have increased the risk of over-correction and ossification. Today’s analysts and managers must guard against the danger that tradecraft becomes a performative, backward-looking bureaucratic exercise disconnected from the national security mission.

The New Analytic Ecosystem

The U.S. Intelligence Community’s analytic tradecraft standards were designed for an information environment characterized by scarcity and secrecy, where long-form textual reports were the ultimate decision-support tool. We no longer operate in that world.

As of 2023, the National Geospatial-Intelligence Agency (NGA) was ingesting 70,000 new data points per second. At the same time, virtually anyone with a credit card can now access commercial GEOINT, commercial SIGINT, and millions of unique OSINT sources.

Amid this vast sea of data, political and military leaders now have access to a rapidly growing number of commercial analytic services. Dozens of defense technology companies are now testing these AI-enabled capabilities in Ukraine, Gaza, and Iran with an eye toward marketing battle-tested analytic tools to eager governments around the globe.

These changes in the information environment have given rise to a new analytic ecosystem in which the relative share of information the intelligence community provides to decision-makers is rapidly shrinking, and the community’s primacy as the go-to source for decision advantage is increasingly being challenged.

Operationalizing Modern Tradecraft

Amid revolutionary changes in the information environment and the rise of AI-enabled analytic capabilities, there is an urgent need to reaffirm the core principles of analytic tradecraft while simultaneously modernizing them to serve today’s analysts better.

1. Reaffirming mission relevance. Sherman Kent defined intelligence as knowledge for the purpose of action, and identified usefulness to the decision-maker as a key criterion for evaluating the quality of an analytic assessment. The OSS veteran observed that analysis that is inaccurate, incomplete, late to need, or lacks an obvious linkage to current national security decisions or future threats is—in a word—useless.

Intelligence Community Directive 203 lists decision-maker relevance as the fifth of nine analytic tradecraft standards on the sixth page of an eight-page policy document. It is not unreasonable that some may conclude that customer relevance is not a primary concern.

To be useful, analytic assessments should be decision-relevant, providing information and insights pertinent to U.S. national security and foreign policy, or highlighting emerging issues and threats that may require decision-maker attention. Assessments must be delivered in time to inform the decisions they are meant to support or to provide prompt warning of emerging threats. By necessity, an emphasis on decision-relevance and timeliness will create tension with analytic rigor and completeness. Skillful analysts and managers must actively manage these trade-offs to meet mission needs.

Usefulness is also a function of accuracy and focus. In today’s hyper-saturated information environment, analysts play a vital role in helping decision-makers determine which reporting and data can be independently corroborated. Analysts can also prevent information overload by prioritizing key reports and data essential to understanding an issue, while filtering out unnecessary details and unsupported judgments.

Maximizing the usefulness of analytic assessments for decision-makers requires a functioning relationship between intelligence agencies and the decision-makers they support. This necessitates active engagement and two-way dialogue that provide analysts with a deep and nuanced understanding of decision-makers' requirements and priorities. Without a functioning relationship, discerning decision relevance becomes an exercise in guesswork.

2. Reinforcing analytic objectivity. In a world where decision-makers have near-infinite choices in where they obtain information, the research methodologies, structured techniques, and standards that intelligence analysts use to ensure accuracy, rigor, and objectivity are key differentiators. These methods create decision advantage by helping reduce risk, manage uncertainty, and increase confidence in analytic conclusions.

Objectivity in AI-enabled analytic outputs must be defined technologically and methodologically, and analysts must make the case to decision-makers why they should have confidence in these tools.

The foundation of objectivity is transparency and methodological rigor. Existing tradecraft standards require analysts to provide detailed descriptions of the sources and methods used to form judgments. These descriptions include evaluations of their strengths, limitations, and potential biases. These standards must now be modernized and expanded to incorporate AI data inputs, prompt traceability, and model selection rationales. The standards should also be integrated directly into AI-enabled analytic tools. The recent Intelligence Community Directive on AI includes provisions intended to close this gap, but more work is necessary to fully integrate and align the community’s technology, data governance, and analytic tradecraft standards.

Analysis of alternative competing hypotheses, a long-standing method for detecting and mitigating cognitive bias, is both more important and more achievable with the proliferation of AI. Analysts are obligated to stress-test analytic conclusions against contradictory reports and competing hypotheses and report the results. While this has historically been a time- and labor-intensive task, AI-enabled tools and techniques can now test alternative hypotheses at scale. Establishing community-wide tradecraft standards for integrating these tools and techniques into analytic workflows will be instrumental in maintaining human accountability for analytic outputs.

3. Modernizing intelligence delivery. Current analytic tradecraft standards remain rooted in the analog text era. This technological latency is evident in the frustrations of decision-makers who use tablet computers to access analytic conclusions with the devices’ limited functionality, even though they have been in service for more than a decade. Along the same lines, the guidelines for formatting the endnotes in an analytic product rival the level of detail found in The Chicago Manual of Style, but are largely silent on how to maximize the usefulness and objectivity of visual and digital media. This can create operational risk when extremely high-quality visuals convey a level of certainty and confidence not supported by the underlying intelligence.

The intelligence community should modernize its analytic tradecraft, sourcing, and dissemination standards to better support the delivery of analytic conclusions via dynamic dashboards, visualizations, and structured analytic observations. Uncertainty and confidence must be encoded into these products, just as they are for text-based reports. This can be achieved by developing and consistently applying analytic tradecraft standards for new media that leverage interactive overlays, pop-ups, and uncertainty visualizations.

A Call to Action

The intelligence community now has the opportunity to proactively modernize its analytic tradecraft standards to sustain decision advantage. This window of opportunity will not remain open indefinitely.

The proliferation of AI-enabled analytic tools, in the absence of a shared set of standards and methodologies to mitigate cognitive bias, manage uncertainty, and ensure substantive accuracy, has introduced new risks into the national security decision-making process. The private-sector innovators leading the development of these new tools, and their commercial and foreign government clients, have different incentive structures and risk tolerances than the U.S. government, and they will not wait for the intelligence community to take action.

In today’s competitive analytic ecosystem, analytic tradecraft is a key differentiator. If the intelligence community does not act to reaffirm core tradecraft principles and modernize existing standards to take full advantage of AI-enabled tools, it risks being outpaced by private-sector intelligence providers and bypassed by national security decision-makers.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Ambassador Joseph DeTrani

Rear Adm. (Ret.) Mike Studeman

Back to top