The Cipher Brief

There is a growing perception among long-standing US allies that they need to expand commercial relations with the People’s Republic of China (PRC). A thaw or détente with the PRC brings both rewards, particularly for a sluggish economy like Britain’s, but also major risks. History shows that a superpower can ruthlessly exploit détente with the West.

Economic Security and Intelligence

Economic security and intelligence are nothing new. Before the Second World War, for example, Britain ran a small outfit known as the Industrial Intelligence Centre (IIC). Run by a former MI6 officer, Desmond Morton, the IIC provided a coordination of intelligence on German rearmament and, working with MI5, assessed Britain’s commercial vulnerabilities. British intelligence helped to devise the UK government’s War Book, which set out emergency regulations to protect critical national infrastructure in the event of war. After the Second World War, during the Cold War, it became a staple of British and other western intelligence to assess the size and strength of economies behind the Iron Curtain.

Risky Business

In 1972 President Nixon and his national security advisor, Henry Kissinger, ushered in a policy of détente with the Soviet Union. Its purpose was to further divide the Soviet Union from China. Papers at the Nixon library show that Kissinger was under pressure from British firms, in particular, to open up markets behind the Iron Curtain. Britain was in a dire economic doldrum following an oil shock due to a war in the Middle East.

Kissinger and Nixon knew that not all commercial technologies could be transferred to America’s main strategic enemy, the Soviet Union. The White House was accurately afraid of dual use technologies, namely those that were civilian but could also be used for military purposes. Kissinger limited the sale of high end computers and microchips, for example, only allowing second tier components to be sold to the Soviets.

Although Nixon and Kissinger accurately guessed that US industries would be targets for Soviet espionage, the extent to which the Soviets exploited détente would have been beyond their wildest imaginations. The collection of scientific and technical intelligence from the US was conducted by Soviet military intelligence (GRU) and the KGB, whose operating arm, Line-X, reported to Directorate T (Technology). In 1973 the KGB assigned an officer to New York whose full-time job was to collect (steal) US scientific and technical intelligence (S&T). By 1980 the US was producing more S&T intelligence for Moscow than the rest of the world combined. Visiting Soviet trade delegations to US research centers, laboratories and fortune 500 companies, for example, were packed with undeclared Soviet intelligence officers. In an agricultural delegation of a hundred Soviet officials about one third were known or suspected Soviet intelligence officers. In one visit to a Boeing laboratory a delegate applied adhesive to his shoes to obtain metal samples. The size of the Soviet onslaught was so large that entire fields of US research and development became replicated in the Soviet Union. The East German spy master, Markus Wolf, recalled the East German computer company, Robotron, was, thanks to Soviet espionage, an unofficial subsidiary of IBM.

Soviet S&T espionage was often facilitated by sloppy security at US defense contractors. An employee of TRW Corporations in Redondo Beach, CA, which manufactured a US spy satellite, recalled that workers “regularly partied and boozed it up during working hours with the ‘black vault’ housing the Rhyolite [spy] satellite project”. Bacardi rum, he claimed, was kept behind the cipher machines and a cipher-destruction device was used as a blender to mix banana daiquiris and Mai-Tais.

Soviet espionage was so far reaching that, ironically, by the end of the Cold War both sides of the conflict, NATO and the Soviet Union, were dependent on US S&T.

Business Risk

Fast forward to the present day – a time when the world is vastly more complicated than the last century’s Cold War. Western countries did not need the Soviet economy. By contrast, China is intertwined with the world economy.

Beijing is seeking to portray Washington’s new approach to economic, defense, and foreign policies as undermining the post war rules based international order that it created. Meanwhile the PRC, which, has previously railed against the international order (though in reality it vastly benefited from that order), is holding itself out to be the stable player on the world stage. The PRC’s attitude is that it will play by the rules when it suits it but is happy to break them whenever it decides to do so.

Recent diplomatic outreach to Beijing by Western leaders include agreements framed as pragmatic economic wins. If middle powers, like Britain, for example, pursue a strengthening of commercial relations with China, they will need a strategy to mitigate risk like Nixon and Kissinger developed. Britain does not have a strategy for doing so. Even China hawks, like former US ambassador in Beijing, Nicholas Burns, have stated that for economic growth the US will need to continue to trade with China, but will need to carve out elements of national security and critical infrastructure. The latter is a principle stretching back to the UK government War Book.

There is no reason why the PRC would not seek to exploit a détente with the west as the Soviets did before. The Chinese state and its intelligence services have never encountered a western business whose intellectual property they did not want. The Chinese Communist Party (CCP) uses a constellation of front companies to do business with the outside world. Often such companies will enter into business ventures to obtain intellectual property from their western counterparts, but then pull the plug, bankrupting their western counter parties. To add insult to injury, Chinese firms will often sell the product they have stolen back to western markets.

The name of the game for western businesses must therefore be risk mitigation regarding China. In the last century, governments held the monopoly on the know-how and intelligence critical to the technologies that shaped our world – nuclear weapons. It took state resources to detect technology transfer. Soviet S&T espionage was only discovered when French intelligence recruited an agent in KGB Line-X in the 1980s. The same is not true today. Private sector companies today hold the keys to innovations that will shape our lives this century – microchips, A.I., quantum and bioengineering. It is therefore private sector companies that are best placed to mitigate risk of stolen intellectual property. And unlike in the past, this can be done by using A.I. driven publicly available data.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Future of Intelligence Space Assets: SAR, Electro-Optical and AI Fusion

The combination of synthetic aperture radar (SAR) and electro-optical reconnaissance is changing modern intelligence collection. What was once a competition between sensor systems has turned into an integrated targeting system that can provide constant almost real-time global surveillance. The future of space-based intelligence is not one or the other. It is about using both SAR and optical imagery together with artificial intelligence, multiple satellites and automated targeting systems.

For a time, electro-optical satellites were the best for strategic reconnaissance. Systems like the KH-11 series provided very detailed visual information allowing analysts to identify aircraft types, monitor missile deployments and assess enemy military infrastructure with great accuracy.

Optical systems have always had limitations.

Clouds, smoke, darkness and bad weather could make it hard or impossible to collect information. Enemies knew about this weakness and often used weather to hide their movements. Synthetic aperture radar completely changed this. Unlike electro-optical satellites, SAR systems send out radar pulses and measure the energy that bounces back from the earth’s surface. Because radar waves can go through clouds and work in any light, SAR satellites can provide surveillance in any weather, day or night. This made radar reconnaissance more important. The real change is happening now with both systems working.

A modern intelligence cycle often starts with SAR detection.

Radar satellites continuously monitor areas looking for unusual activity, movement patterns or changes in infrastructure that might indicate military activity. A SAR satellite might detect soil near a missile field, unusual patterns at a naval base or the movement of launchers in bad weather. Because SAR is good at monitoring areas it's a great way to detect suspicious activity. Once something suspicious is detected optical systems are used to get information. Electro-optical satellites can then determine whether a detected object is a decoy, a logistics vehicle, a formation or a ballistic missile launcher. SAR provides detection and persistence; optical systems provide confirmation and attribution. Together they create a more powerful intelligence system.

This fusion is becoming more important as mobility increases.

During the Cold War strategic targets were often predictable. Today’s battlefield is mobile spread out and deliberately deceptive. Hypersonic missile launchers, ship ballistic missile units, mobile ICBMs and rapidly relocatable air defense systems require continuous tracking rather than periodic observation. Combined SAR/ electro-optical targeting enables custody of such targets across multiple environmental conditions. The war in Ukraine has shown aspects of this evolution.

Commercial SAR providers have demonstrated the ability to monitor troop concentrations identify damaged infrastructure and track movements despite poor weather and battlefield obscurants. Meanwhile optical imagery providers supplied detailed visual confirmation of equipment losses and force deployments. The integration of governmental ISR streams has accelerated intelligence dissemination timelines dramatically compressing what once took days into hours or even minutes. The United States (Proliferated Architecture) and China are both investing heavily in low-Earth orbit constellations designed around sensor fusion concepts.

Instead of relying on a few high-end strategic satellites, next-generation architectures employ many smaller assets operating together across multiple orbital planes. SAR satellites may maintain persistent broad-area surveillance while optical satellites conduct rapid revisit identification missions.

Artificial intelligence is key to making this architecture work.

The volume of data generated by ISR constellations far exceeds the capacity of human analysts alone. Automated systems are now increasingly responsible for anomaly detection, pattern recognition and cross-sensor correlation. AI algorithms can compare SAR signatures across time identify changes in terrain or infrastructure and automatically task assets for further inspection. The reconnaissance architecture itself is becoming semi-autonomous. This trend is especially important in surveillance.

The world’s oceans represent one of the difficult ISR environments due to weather, scale and vessel mobility. SAR systems are exceptionally effective at detecting ships because metallic structures strongly reflect radar energy. A radar satellite can identify vessels through storms or at night when ships disable AIS transponders to conceal their location. Optical satellites can then refine identification, determine vessel class, assess deck activity and verify cargo or weapon configurations.

The strategic implications are profound.

For planners, combined SAR and optical targeting reduces sanctuary. Traditional concealment methods based on weather, darkness or camouflage become increasingly ineffective when adversaries possess multi-sensor coverage. Effective concealment now requires defeating sensing modalities simultaneously dramatically increasing operational complexity. This development also affects nuclear deterrence dynamics.

Mobile missile forces historically relied on mobility and concealment for survivability. Persistent fusion between SAR and electro-optical platforms threatens to erode that survivability by enabling tracking of transporter-launchers across wider geographic areas. Such capabilities may intensify concerns about counterforce vulnerability among peer nuclear powers. At the time the increasing dependence on integrated ISR architectures creates new vulnerabilities.

Combined targeting systems rely heavily on data fusion networks, satellite communications, cloud-based processing and AI-driven automation. Disrupting any component of this chain - through cyberattacks, electronic warfare, kinetic ASAT operations or orbital interference - could degrade the effectiveness of the reconnaissance ecosystem. Consequently, future space competition is unlikely to focus on building better satellites. Instead, competition will center on resilience, data integration, processing speed and survivability under contested conditions. Nations capable of sustaining sensor fusion architectures during conflict will possess operational advantages. The future battlefield will likely feature ISR "kill webs" than isolated collection platforms.

Future trends

SAR satellites, SIGINT assets, airborne ISR, unmanned systems and terrestrial sensors will operate as interconnected nodes in a continuous surveillance and targeting network. Detection by one sensor will automatically trigger tasking across others producing situational awareness at unprecedented speed. This evolution represents one of the significant transformations in intelligence collection since the dawn of the space age. The decisive advantage no longer belongs merely to the nation with the photograph from orbit.

It belongs to the nation of integrating radar persistence, optical precision, automated analytics and rapid targeting into a unified operational architecture. In the emerging era of power competition, combined SAR and optical targeting is becoming more than an intelligence capability.

It is rapidly evolving into the new era of modern military power itself.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Morning Brief: What the PDB Can Offer the Corporate Leadership Team

CEOs of major corporations need to make hugely consequential decisions every day, but many start their mornings in fragmented and reactive information environments. Compare that to the President and other senior US national security leaders who often begin their day when their intelligence briefer delivers the President’s Daily Brief (PDB). The PDB briefer provides a curated engagement to help their principal understand the issues of the day; the briefer might share insight on the motivations of a key foreign leader, walk through the nonobvious implications of a recent development, or offer a path to pose questions directly to the Intelligence Community. The PDB briefing model offers a compelling template for companies that want to improve the information and decisionmaking environments of their key leaders.

The PDB has been around for more than 60 years. It is the pinnacle of the Intelligence Community’s analytic support, delivering the most important and high-quality analysis and intelligence reporting. Perhaps more importantly, it pairs a senior leader with a briefer whose sole job is to enable their principal to understand everything they need to know about national security issues for that day in about 30 minutes. The briefer becomes intimately aware of the principal’s world – who are they talking to later that morning, which NSC meeting do they have to attend in the afternoon, what policies are they trying to advance, and where are their blind spots on national security threats that could harm Americans. Through those daily conversations, the briefer helps the principal identify the questions to ask to get to the heart of a complex issue and sometimes passes those questions to the IC in the form of taskings that will result in a follow-up written response.

The briefer uses their mastery of analytic tradecraft to explain the argumentation behind each assessment in the PDB. They provide context and offer the principal a confidential sounding board to talk through policy quandaries. They deliver bad news effectively and dispassionately by expertly walking through the strength of the sources underlying key judgments. In short, having a daily briefer gives the principal an opportunity to better accomplish his or her goals.

In the private sector, executive leadership teams are often left to their own devices, triaging emails from the day before, trying to make sense of dashboards showing the most recent overnight data, and trying to read a few different news sources to get a handle on a threat to the company’s wellbeing that seems important even as the key implications remain hazy. CEOs might meet with a chief of staff, which helps, but that role is built to clear obstacles, drive decisions, and put out the day's fires — work that runs on deadlines, unlike readiness to answer any major question the CEO could raise, even the ones they never ask. So no matter how capable the chief of staff or how large their team, that readiness is the first thing the calendar crowds out. An executive assistant can walk through the schedule but can't explain why tomorrow's agenda is built around the wrong question. Everything feels reactive because it is.

The PDB process offers a better way. Imagine a major company that creates a small team of senior managers that understands all the inputs flowing to the executive leadership team from across the company—data from sales and marketing teams, supply chain updates, cyber threat assessments—and can identify what the leadership team needs to know each morning. Just like the staff that creates the PDB’s content, these managers would work with internal stakeholders to create a set of products delivered to the leadership team with a predictable rhythm while facilitating the production of ad-hoc “breaking news” style internal assessments. The team would work with a set of briefers drawn from the company’s most promising midlevel employees – rising stars who have demonstrated exceptional abilities to make sense of huge amounts of data and understand the needs of someone in a leadership role, and who have unquestionable judgment and discretion.

Both groups would work together to produce and deliver the briefing package for the CEO and other executive team members. The CEO’s briefing package might be the smallest but would include the most important internal company information combined with external news pulled in by the briefer overnight. It would form the core of the briefing package for every other leadership team member so each would know what the CEO is reading each morning, allowing them to be better prepared to answer questions from the CEO while also giving them additional material relevant to their core roles – the chief marketing officer might get extra news reporting on trending influencers while the chief financial officer might get a rundown on the latest indicators of how the Fed might vote the following week. Strong companies will protect both teams from institutional pressure by making their mandate for objective delivery explicit – one way to handle this would be for the briefing team to report to the board to help protect their independence.

On any given morning, the CEO’s briefer would explain the electoral dynamics affecting how a visiting governor will ask for concessions from the company at their breakfast meeting; unpack the data in a recent HR study on employee retention rates; highlight the mitigation of a recent cyber intrusion event; and unpack the political dynamics in a major foreign market that could lead to retaliatory tariffs. The briefer can go deep into all of these issues because she spent all night working to understand them. If she can’t answer the CEO’s questions, she’ll issue a tasking to the right department, which will deliver an answer the briefer can use by the next morning. Before she leaves for the day, she’ll give a download of the briefing to the chief of staff, record feedback on various items in the briefing to share with key recipients and review the menu for the next day’s briefing items with the production team.

As the saying goes, when information is cheap, attention becomes expensive. As AI shifts the cost of information and even analysis toward zero, a key constraint on senior decision-making shifts to something more scarce — a trusted human whose sole mandate is to be prepared to help a leader be ready to start their day in an environment in which seeing what’s around the corner is both increasingly important and difficult. The PDB briefing experience creates a partnership between principal and briefer that extracts the most value from the least amount of time, which is inarguably the most valuable resource for any senior leader. Companies facing fast-moving, loosely connected threats, where being caught flat on any single one is costly, will find that having a corporate PDB briefing team is less a luxury than a wise investment having leaders who are exquisitely prepared to meet each day.

Phillip Consentino recently retired after a 25 year career in CIA’s Directorate of Analysis in which he served as managing editor of the PDB from 2019-2022.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Russia’s Taliban Embrace Signals a New Power Shift in Afghanistan

Sometimes the only thing more frightening than Afghanistan’s problems is the Taliban’s solutions and the recently signed Russia-Taliban military-technical agreement may be the most alarming one yet. The partnership signals that Afghanistan’s security architecture is being rebuilt without the United States, and increasingly by America’s rivals. Washington should pay close attention because the deal hands one of the world’s most repressive regimes a pathway to becoming more capable and deeply entrenched in a regional order where Russian influence is expanding at America’s expense.

No one should be fooled by the bland language of the arrangement struck between Sergei Shoigu, one of Russia’s most powerful figures, and Taliban Defense Minister Mawlawi Mohammad Yaqoob. In Russia’s playbook, such arrangements are practical templates for influence, opening the door to weapons transfer, spare parts, maintenance contracts, training missions, surveillance systems, encrypted communication tools, and intelligence sharing, ultimately producing deep security dependence. It also creates space for Russian military contractors to embed inside Taliban's security institutions and for Moscow to establish listening posts inside Afghanistan, expanding its visibility into rival intelligence activity across the region.

The arrangement marks a clear shift from Russia’s arms-length contact with the Taliban to something closer to institutional partnership. For Moscow, it delivers a foothold inside the Taliban’s security state, a lever in the region, and potentially a quiet logistics corridor through Afghanistan, including toward Iran. For the Taliban, it offers legitimacy, military hardware, technical assistance, and a powerful patron that will not attach lectures about human rights or political inclusion to its support.

The reported rationale, countering the threat from ISIS-K, the Islamic State’s regional branch, is genuine enough to give both sides cover. ISIS-K has mounted attacks inside Afghanistan, challenged Taliban authority, recruited across Central Asia, and claimed the 2024 Moscow concert hall attack that killed over 140 people. While both Russia and the Taliban have reasons to fear it, reducing the deal to counterterrorism alone misreads its scope. As threats stack up — ISIS-K, border instability, militant flows, and narcotics trafficking — Moscow is exploiting each layer of risk to justify a deeper role in Afghanistan, where the United States spent two decades trying to shape the outcome.

Russia did not arrive at this partnership out of ideological sympathy, as the history between the two sides is complicated enough to rule that out. In the late 1990s, the Taliban recognized Chechnya's independence, openly supporting a separatist cause that Moscow treated as an existential threat. Years later, Russia was reportedly the third largest external backer of the Taliban insurgency against U.S. forces, after Pakistan and Iran. What drives Moscow today is the same cold logic that has long shaped its Afghanistan policy: not affection for the Taliban, but a calculated bargain of what that regime can deliver. That is why Moscow first removed legal barriers to dealing with the Taliban, then became the first country to formally recognize the regime, and has now moved into a deeper security partnership.

Under the new arrangement, Taliban arrives at the table with every disadvantage that makes it an ideal Russian partner. It is isolated internationally, starved for cash, absorbing Pakistani airstrikes along a contested border, and desperate for external legitimacy. For the Taliban’s ruling clerics, accepting help from Moscow may mean swallowing some pride, but their need for outside support is real. For Russia, that desperation is more of a feature than a flaw: a partner weak enough to need help, isolated enough to accept the terms, and useful enough to serve a larger regional strategy. A stronger Taliban may be dangerous, but a dependent Taliban is exactly what Moscow wants.

This is a playbook Moscow has refined elsewhere. Across the Sahel, Russia used Wagner Group and its successor structures to offer struggling regimes what the West often withholds: weapons, trainers, protection, and political backing without rigid preconditions. Moscow’s offer is structurally simple: show up with ammunition and discreet support when others walk away. In places where governance has collapsed and security guarantees are scarce, that formula has proved devastatingly effective. The same template has now arrived in Afghanistan.

The Taliban's military has a well-understood Achilles' heel, and they badly need what Russia can provide. Taliban forces can hold territory, run checkpoints, and enforce loyalty with remarkable effectiveness, but they remain vulnerable to airstrikes, drones, and advanced surveillance. They also rely on aging Soviet-era equipment, captured stocks, and leftover U.S.-supplied hardware inherited from the previous government's collapse, much of which is difficult to sustain. Russian support could close these gaps, including by training technicians, repairing helicopters and armored vehicles, supplying cheap drones, upgrading communications, and possibly even strengthening air-defense capabilities over time.

For the Taliban, political payoff compounds the military one. Every handshake with a major power makes the regime look less like a permanent pariah and weakens the assumption that it can be kept outside the international system indefinitely. Every technical channel also opens a pathway to broader commercial engagement - from mining contracts and railway projects to regional connectivity initiatives - each one gradually normalizing Taliban rule.

The most important piece of this arrangement is intelligence cooperation. The Taliban can provide what Russia cannot easily get on its own: human access across districts, border crossings, prisons, mosques, smuggling routes, and militant networks. That means eyes and ears on who moves, who recruits, who shelters foreign fighters, who disappears across borders, and who returns with new skills or fresh instructions. Russia, in turn, brings capabilities the Taliban has limited means to develop domestically, including surveillance tools and biometric systems, creating a dangerous exchange.

The danger sharpens when we trace what Russian equipment could actually do in Taliban hands. Military-grade drones could help hunt ISIS-K, but they could also give Moscow visibility over Afghan terrain, border and customs zones, and security movements. Encrypted Russian communications tools may help Taliban commanders avoid interception by rivals while remaining visible to Russian signals intelligence. Biometric databases could help identify ISIS-K and other suspects, but they could also turn Afghan border crossings into screening nodes serving Russian security priorities.

The most obvious danger lies in targeting. The Taliban is not a clean counterterrorism partner, even if it governs a country riddled with extremist groups, many of which it tolerates or quietly protects. Russian intelligence tools intended to hunt ISIS-K could easily be redirected by Taliban factions toward other targets, including regional rivals, Afghan political opponents, or competing factions. The same capabilities could also be used to pressure businesses, monitor communities, and harden the coercive machinery the Taliban relies on to keep dissent from organizing.

Russia's machinations, however, extend well beyond the bilateral arrangement. At a Shanghai Cooperation Organization (SCO) meeting in Bishkek in May, Moscow framed its Taliban partnership not as a narrow bilateral preference, but as a player in collective regional stability — one that Tajikistan, Uzbekistan, Kazakhstan, and China are likely to reinforce, or at least tolerate. Through this framing, Taliban security cooperation is being gradually folded into the SCO orbit, giving the Taliban targeted access to a multilateral intelligence architecture while allowing Russia to be the primary gatekeeper of that relationship. The message to the region is unmistakable: Moscow now holds the direct Taliban line and is best placed to manage threats from Afghanistan.

Here, Taliban and Russian interests may also converge in ways that quietly extend the partnership's reach — for example, in suppressing Tajik militant networks inside Afghanistan to reduce threats to Tajikistan, a CSTO member Russia is treaty-bound to defend. Meanwhile, Moscow is simultaneously positioning itself as a mediator between the Taliban and Pakistan — whose relationship has collapsed into open hostility along the Durand Line — placing Russia not just as Taliban’s partner but as a potential broker with Pakistan.

To be sure, Russia is not blind to what it is getting into by betting on a regime with deep self-limiting features, risks Moscow appears willing to accept if the new arrangement holds. The Taliban is neither a nimble political system nor capable of easy course correction, driven instead by ideological certainty and its own sense of manifest destiny. It increasingly operates on a logic of risk because risk has repeatedly paid off. The man at the top of the regime trusts almost no one, yet constant jockeying runs beneath him across the ranks with different factions needing allies, resources, networks, and outside patrons simply to survive. That contradiction shapes Taliban politics and remains the regime’s main weakness. That gap between centralized command and fractured allegiance is also the fault line along which the entire arrangement with Moscow could eventually crack.

At the same time, the Taliban has learned to make uncertainty work in its favor. It rarely needs a clear view of the future because unpredictability itself has become part of its governing style, a way to preserve options, test limits, and keep others off balance. Ironically, this is also one area where Washington still holds a form of leverage. Washington is often described as unpredictable, but unpredictability can be a deterrent when adversaries cannot easily calculate how it might respond in a crisis.

The problem is not that Washington is confused about Taliban-ruled Afghanistan, but that the debate around it often lacks the right framing. When Afghanistan is discussed, the focus usually defaults to ISIS-K threat and the residual al-Qaeda presence, asking whether these groups can strike the American homeland. From that starting point, the Taliban gets cast as either a human rights problem demanding condemnation or as a reluctant counterterrorism partner worth practically engaging, with little analytical space in between. The more important question is not only whether ISIS-K poses a threat to the United States (it does), but whether the Taliban's evolving security state, including its external patrons, militant relationships, and deepening integration into Russia's orbit, is creating a threat landscape that will be far harder to confront once it fully takes shape.

That’s why, for the United States, the lesson embedded in this relationship is both clear and uncomfortable. Afghanistan’s security architecture is being rebuilt in America's absence — and, in some ways, against American interests. Isolation has not changed the Taliban; instead, it has driven the regime toward partners who ask fewer questions and deliver more practical assistance. Russia, meanwhile, also benefits from a strikingly different position in its dealing with the Taliban: no Russian hostages held by the group, no clear constraints on Russian intelligence activity inside Afghanistan, and no Taliban-generated political pressure that would otherwise complicate Moscow’s calculus. The asymmetry matters because while Washington carries the heavy weight of a twenty-year war, Moscow is now buying influence at a discount.

None of this argues for recognizing the Taliban, legitimizing its rule, or copying Moscow's approach to engagement. But pretending that isolation and sanctions alone will contain a regime actively cultivating powerful patrons is no longer credible. If that assumption continues to guide U.S. policy, Afghanistan will keep drifting into a security order where American influence is weak, Russia’s leverage is growing, and the Taliban’s staying power becomes more sophisticated.

The Russia-Taliban handshake was quiet, but its consequences are unlikely to be. If Washington does not define a realistic Afghanistan policy before these arrangements harden, Russia and others will keep writing the rules in a country where the United States paid the highest price only to watch its rival collect the benefits.

The Cipher Brief participates in the Amazon Affiliate program and may make a small commission from purchases made via links.

Sign up for our free Undercover newsletter to make sure you stay on top of all of the new releases and expert reviews.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

Governance Failure and Civil Resistance in Azad Jammu and Kashmir

The June 2026 events in Azad Jammu and Kashmir (AJK) are the most recent example of a larger governance issue rather than a singular political crisis. Authorities banned the Jammu Kashmir Joint Awami Action Committee (JKJAAC) on June 5–6, detained dozens of activists, interfered with internet and mobile services, and asked for more security guards in advance of a long march and strike that was scheduled to take place throughout the region (Pakistan Today, 2026a; Express Tribune, 2026a; Express Tribune, 2026c). The clash stems from years of unsolved grievances, failed agreements, and rising irritation with the gap between formal autonomy and effective authority, even though these measures were justified as being required to protect public order.

The Architecture of Managed Dependency

Many of the institutions of self-government, such as an elected president, prime minister, legislative assembly, and judiciary, are present in AJK. However, Islamabad continues to have a significant influence in important policy areas like infrastructure, electricity, water management, and security. According to Zamin (2025), AJK's elected institutions frequently have little control over the policy areas that have the biggest impact on day-to-day living.

This paradox is especially apparent in the energy industry. With almost 3,000 megawatts feeding the national grid and much more unrealised potential, hydropower projects supported by AJK's rivers greatly contribute to Pakistan's electricity generation (Wikipedia, 2024; The News, 2026). Residents still have to deal with load shedding and electricity costs, which are generally thought to be out of proportion to local production costs, notwithstanding this contribution (The News, 2026). One of the main causes of political unrest is the belief that local resources mostly benefit the larger federation while local communities receive little in return.

Political developments have heightened these concerns. Changes in governance in AJK typically reflect developments in federal politics rather than local election preferences. Following political shifts in Islamabad, the PTI-aligned administration was replaced by a PPP-led government, strengthening perceptions that AJK's institutions act as extensions of federal political dynamics rather than representations of local democratic choice (The Diplomat, 2025; Express Tribune, 2026b).

Three Years of Agreement, Three Years of Non-Implementation

The current issue cannot be understood without first reviewing the pattern of previous agreements and unsuccessful implementations. Since 2024, negotiations between the government and the JKJAAC have generated numerous settlements aimed at resolving economic and political problems. However, several obligations were postponed, partially implemented, or unresolved. Following significant protests in May 2024, officials pledged financial aid, discounted utility bills, and reduced wheat prices (Wikipedia, 2024). The movement called off its protests, but implementation delayed. Further agreements concluded in late 2024 and 2025 followed a similar pattern. Compensation measures, legislative review, telecommunications reconnection, and public services did not offer the level of change that many citizens expected (Voicepk, 2026).

By May 2026, negotiations had once again broken down. Disputes over legislative representation and implementation methods increased the distance between the parties. The JKJAAC rejected government proposals on the refugee-seat issue and boycotted an All Parties Conference convened to address the matter (Express Tribune, 2026b). For many campaigners, conversations appeared to yield paper commitments rather than genuine progress in practice.

The implications went beyond politics. Protest-related violence in 2024 and 2025 resulted in civilian deaths, communication limitations, and growing mistrust between government and civil society groups (Voicepk, 2026; Al Jazeera, 2025). During this time, the movement shifted from a campaign centred on economic concerns to a broader platform arguing for governance change, accountability, political representation, and increased local control over resources (JURIST, 2025).

The Proscription and Its Implications

The decision to identify the JKJAAC under anti-terrorism legislation marks a significant step up in the state's response. The organisation is a coalition of traders, lawyers, labourers, transportation workers, and community representatives that has mostly operated through strikes, demonstrations, and negotiations with government officials (NewsX, 2026). Applying legislation designed to fight violent organisations to a movement with proclaimed civic goals profoundly alters the legal status of political opposition in AJK.

Authorities claim that the group jeopardised public order and security. Critics argue that the prohibition risks criminalising political opposition instead of addressing the root causes of instability. According to opposition politicians and civil society campaigners, the bill severely restricts democratic rights and peaceful political engagement (Express Tribune, 2026b).

The timing of the ban is equally important. It happened right before a planned protest rally and shortly before elections. When combined with communication limitations and large-scale security deployments, the action has raised doubts about whether the goal is counter-terrorism, election stability, or the containment of organised political opposition (Pakistan Today, 2026b; Express Tribune, 2026c). Regardless of aim, the decision has reduced the opportunity for conversation at a time when confidence between the state and civil society is already exceedingly low.

The International Dimension

Unlike prior protest cycles, the June 2026 crisis has sparked increased international attention. Members of the British Parliament and Kashmiri diaspora have expressed worry about arrests, communication limitations, and the overall political situation (NewsX, 2026). Reports of families being unable to reach relatives in AJK fueled criticism of the government's response.

The situation is also unfolding in the background of the unresolved Kashmir conflict and ongoing tensions between India and Pakistan. Following Operation Sindoor and the following cease-fire, regional tensions remain high (Carnegie Endowment, 2025). AJK is a unique territory that is both politically disputed and strategically significant. As a result, internal dissent is frequently regarded via a national security perspective rather than just as a governance issue.

The Substance of the Demands

To assess the proportionality of the state's response, one must examine the substance of the JKJAAC's demands. The movement's platform includes lower electricity tariffs, food and fuel subsidies, more local benefits from hydropower projects, accountability for protest-related violence, civil liberties protection, and parliamentary representation improvements (Kashmir Welfare Foundation, 2026).). While some initiatives are politically problematic, the overarching agenda prioritises governance, economic fairness, and institutional responsibility over secession or armed opposition.

Movement leaders have constantly described the campaign as peaceful and nonviolent (Pakistan Today, 2026c). At the same time, popular sentiment in the AJK is not uniform. Some citizens support the movement's goals but are dissatisfied with the inconvenience created by ongoing strikes and shutdowns (Pakistan Today, 2026d).

Conclusion: The Cost of Structural Deferral

The events of June 2026 reveal a long-term government failure. AJK's formal autonomy has not been matched by comparable political authority, and its resource richness has not resulted in broadly shared economic gains. Repeated agreements have boosted expectations without resolving underlying complaints, while rising conflict has gradually destroyed trust between the state and civil society.

The fundamental question is not whether the demands for accountability, representation, and economic fairness will continue. The evidence from the last three years suggests they will. The more pressing question is whether AJK's governance structures can adapt to meet those demands through actual reform rather than repeated cycles of protest, repression, and non-implementation. Without such reform, the tensions visible today are unlikely to disappear; they will merely re-emerge in new forms, carrying growing political and reputational costs for the state.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Gulf States Turned Crisis Into Confidence

The Epidemic of Patriotism

How war, intelligence, technology, and state competence are building a new nationalism in the Gulf.

There is an old idea in political theory that war makes the state.

The pressure of external threat forces governments to centralize, to coordinate, to invest in systems that work. States that survive conflict emerge more capable than they entered it. The ones that don't fracture.

What nobody talks about is what comes next.

When the state performs, when it absorbs the shock, sustains order, and demonstrates visible competence, the state makes something else.

It makes patriots.

I recently spent time in the UAE during a period of acute regional pressure following Iran's barrage of missiles and drone strikes across the Middle East. What I expected to find was tension. What I found instead was something more interesting.

Patriotism. Everywhere. Organic, visible, and unforced.

Towering signage along major highways with mottos like “Proud of UAE.” UAE flags woven into the texture of daily life, not militarized, not performative, but present in the way that identity becomes present when people feel their nation has held the line.

The population wasn't reacting to crisis. It was consolidating around the idea of the state itself.

The question I came back with: why did this work? Why did external threats produce loyalty rather than anxiety? Why did the GCC, especially Saudi Arabia, UAE, and Qatar emerge from a period of regional instability with greater public confidence, not less?

The answer isn't just geography or leadership or cultural cohesion. The answer is in intelligence and defense architectures.

The Intelligence Backbone Nobody Sees

States that perform in a crisis don't do so by accident.

Behind the public calm in the UAE, behind the intercepted drones and the uninterrupted skylines and the visible symbols of continuity, is a decision-making infrastructure that most people never see and analysts rarely discuss in this context.

Over the last decade, the Gulf states have made serious, sustained investments in the tools of modern statecraft: open-source intelligence collection, AI-enabled data fusion, integrated sensor networks, and the analytical pipelines that allow governments to move from information to decision at operational tempo.

This is not hypothetical. It is observable in procurement patterns, in the capabilities demonstrated during the March–April 2026 Iranian attacks, and in the speed and coherence of governmental response across multiple GCC states simultaneously.

When Iran launched, these states knew.

Not just from allied intelligence sharing, though that mattered, but from indigenous systems built to ingest, fuse, and act on data at scale. Commercial satellite feeds, open-source signals, pattern-of-life analysis, cross-domain data pipelines that would have been the exclusive domain of major intelligence agencies a decade ago.

The state saw clearly. And because it saw clearly, it acted. And because it acted, the public saw competence.

But seeing clearly was only part of it.

The battlefield that Iran chose to contest is not the battlefield of the 20th century. It is not decided by who has more tanks, more ships, or more aircraft. Iran didn't send a conventional military force. It sent drones and missiles, cheap, scalable, and increasingly precise instruments that have fundamentally democratized the ability to project lethal force across distance.

The drone is the great equalizer of modern conflict.

It lowers the cost of precision strike to a level that non-state actors, regional powers, and asymmetric adversaries can sustain indefinitely. It saturates traditional air defense frameworks designed for a different threat geometry. And it shifts the decisive advantage away from platform count and toward something harder to procure and harder to replicate: the architecture of detection, classification, and response at machine speed.

The GCC understood this shift before the attack came.

The investments made across Gulf states in counter-drone systems, AI-enabled sensor fusion, and integrated kill chains weren't legacy procurement decisions, they were deliberate bets on the direction the battlefield was moving. The question was never who had more. It was who could out-sense, out-decide, and out-react fast enough to neutralize a swarm before the next one launched. That is not a hardware problem. It is an architecture problem.

And on the night Iran tested it, the architecture held.

The state acted decisively. And the public, watching intercepted threats fall before they reached their targets, saw a government that had invested in the right problems before the crisis arrived.

Technology continues to advance, and the GCC states are in an accelerating race to optimize their asymmetric architectures, sharpening their ability to detect and defeat incoming threats at machine speed, while developing the offensive capacity to reach back and eliminate the sources before they can launch again. That is not a static capability. It is a compounding one.

That is the mechanism. That is how intelligence and technology become patriotism.

Competence as the New Social Contract

Patriotism in the Gulf was never purely tribal or historical.

It has always carried a transactional dimension, a contract between population and state that runs something like: deliver safety, deliver prosperity, deliver order, and you have legitimacy. What has shifted is the evidence base for that contract.

Citizens don't observe the intelligence and defense architectures directly. They observe outcomes. Intercepted missiles. Functioning infrastructure. Stable markets. Governments that communicate clearly and move without visible panic.

In an era of OSINT and data driven decision-making, the speed and quality of state response have increased measurably. The lag between threat and action, the gap that historically exposed state weakness, has compressed. Governments with modern day focus on intelligence collection from open-source and sensitive sources, data exploitation, and data fusion to enhance their decision-making cycle, simply look more competent, because they are more competent, at least in the domains the public can witness. This matters enormously for legitimacy.

When people can compare their government's performance against the chaos visible across their borders, in real time, on their phones, through open-source feeds that show burning cities and collapsing infrastructure elsewhere, the contrast is stark. The Gulf didn't just survive the pressure. It appeared to absorb it without breaking stride. That contrast is where modern patriotism is being forged.

A New Kind of Nationalism

What I observed in the UAE is not the nationalism of the 20th century.

It is not rooted in historical grievance, ethnic solidarity, or liberation mythology. It is not state-manufactured in the top-down sense that Western analysts often assume when they look at Gulf political culture.

But it isn't accidental either.

I spoke with Jonny Gannon, a retired CIA officer with extensive experience in the Middle East. His observation cuts to the heart of what makes the UAE's approach distinctive: "The UAE hasn't just invested in infrastructure and technology, but also in symbols and stories of unity. Identity politics and divisive behavior is actually not allowed."

That framing matters. What Gannon is describing is a deliberate parallel architecture, one that runs alongside the defense and intelligence investments and is equally intentional. While the GCC was building the data pipelines and counter-drone systems that would absorb Iran's attack, it was also constructing the cultural conditions that would make a population capable of responding with pride rather than panic.

The billboards. The flags. The national narratives. The deliberate suppression of the sectarian and tribal fault lines that have fractured other states in the region. These are not decorative. They are load-bearing.

A population divided against itself cannot consolidate around a state under pressure. The UAE understood that social cohesion is not a soft outcome, it is a strategic asset. And it built both the hard and soft architecture with the same discipline.

It is aspirational. It is performance-based. And it is digitally amplified in ways that accelerate its spread.

The younger generation across the GCC is patriotic about *what their states are building*, AI cities, space programs, global financial hubs, intelligence architectures that rival those of countries ten times their size. They are proud of capability. Of systems that work. Of governments that appear to know what they are doing.

Crises accelerate this.

When missiles fly, populations ask questions that normally stay dormant: Who protects us? Has the threat been curtailed? Are we safe?

The Gulf answered those questions with visible, competent performance, enabled by tools most of the world's analysts don't fully credit in this context.

The Irony Iran Didn't Intend

There is a strategic irony in what Iran's March - April 2026 strikes produced.

The intended effect was intimidation. The demonstration of reach. The signaling of capability and willingness to escalate.

The actual effect, in the Gulf at least, was consolidation.

The GCC states that were targets, or could be targets, emerged with sharper national identity, higher public confidence in their governments, and stronger regional cohesion than before the attack.

Iran's strike package became the proof of concept for Gulf state competence.

Every intercepted drone was a data point. Every functioning hospital, every uninterrupted supply chain, every calm official statement backed by visible governmental control, each one reinforced the social contract between citizen and state.

The war made the state. The state made the patriots.

Two Kinds of Patriotism

Not all patriotism is built the same. And the difference matters more than people recognize.

On September 11, 2001, the United States experienced one of the most powerful eruptions of national unity in its modern history. At the time, I was a young CIA case officer and I felt the power of national unity and the need to protect the homeland at all costs. Flags on every overpass. Record military enlistments. Increased approval ratings for government institutions that hadn't existed in decades and haven't been seen since. It was real. It was visceral. But it didn't last.

Within a few years, the wars in Afghanistan and Iraq had begun to hollow it out. By the time those wars ended, the patriotism of September 12th had transformed into something closer to its opposite: criticism and distrust of institutional decisions over 20 years and a political culture defined by the fractures that grief and vengeance had papered over. The reason was structural, not incidental.

The patriotism that followed 9/11 was built on shared trauma and collective grief. It was the patriotism of deep national wounds, powerful in the moment, but dependent on an enemy and an emotion rather than a demonstrated capability. When the wars that followed proved costly, and inconclusive, the foundation cracked. Because the foundation was based on pain.

The Gulf in 2026 is a different story.

Patriotism emerging across the GCC was not born from a failure to stop attacks against the homeland nor forged in grief. It emerged from a population watching its governments absorb a real threat, intercepted in the air, managed on the ground, communicated clearly, and perform.

That is a fundamentally different foundation.

Ukraine offers a third model, and in some ways the most instructive of all.

When Russia launched its full-scale invasion in February 2022, the global intelligence community made two catastrophic analytical errors simultaneously. It underestimated the will of the Ukrainian people to fight. And it overestimated the capability of the Russian military to win.

Both errors stemmed from the same failure: modeling hardware and not morale. Counting battalions and not belief. What followed rewrote assumptions that had governed Western military analysis for a generation.

Ukraine's patriotism did not emerge in 2022. It was forged earlier, in 2014, when Russia seized Crimea and ignited the Donbas conflict. By the time the full invasion came, Ukrainian national identity had already hardened into something that satellite imagery and order-of-battle assessments couldn't capture. The invasion didn't create Ukrainian patriotism. It revealed how deep it had already run. And then that patriotism enabled something remarkable.

Facing a conventionally superior adversary, Ukraine didn't try to match Russia tank for tank. It fused commercial off-the-shelf technology, open-source intelligence, and decentralized decision-making into an asymmetric capability that the Russian military, designed for a different era, structured around a different doctrine, couldn't absorb or adapt to fast enough.

Drone units guided by commercial satellite feeds. Targeting decisions informed by crowdsourced OSINT. Battlefield coordination running on consumer applications. The entire architecture of modern conflict compressed into tools available on the open market, operated by a population that had decided what it was defending and why.

This is the COTS revolution meeting the will-to-fight, and the combination proved more decisive than most professional militaries predicted.

Russia, by contrast, demonstrated what institutional brittleness looks like under pressure. A military built on centralized command, information opacity, and top-down control couldn't adapt at the speed the battlefield demanded. The architecture that was supposed to project strength became a liability the moment it encountered a distributed, adaptive, data-informed adversary.

Ukraine's lesson reinforces the same underlying principle as the GCC's, but from a different angle.

The GCC built institutional architecture first, and patriotism followed from demonstrated state competence. Ukraine had the patriotism first, and it drove a population to build the architecture, improvised, distributed, and lethal, from the ground up.

In both cases, the fusion of technology, intelligence, and national will produced an outcome that conventional analysis failed to anticipate.

In both cases, the side that could see more clearly, decide faster, and act with coherent purpose held the line.

That distinction, between patriotism as a response to failure and patriotism as a recognition of competence, or as a foundation for building it, may be the most consequential strategic variable of the current era that nobody is systematically measuring.

What This Means

This is not a story about the Gulf being exceptional. It is a story about a principle that generalizes.

States that invest in the architecture of modern statecraft, advanced systems, the intelligence pipelines, the data-enabled decision layers that allow governments to sense, process, and act faster than their adversaries, earn something that cannot be bought or manufactured through propaganda. They earn demonstrated competence.

And demonstrated competence, in moments of real pressure, produces legitimacy. Legitimacy, sustained over time, produces loyalty.

The epidemic of patriotism spreading across the GCC is not a communications campaign. It is not state-engineered sentiment. It is the downstream effect of governments that invested in their intelligence and defense infrastructure, demonstrated that infrastructure under fire, and let the results speak for themselves.

Security creates loyalty.

Competence creates legitimacy.

And in an era where citizens can watch state performance in real time — open-source, unfiltered, and comparative — the gap between governments that have the intelligence and defense architectures and those that don't is becoming impossible to hide.

The Gulf built those architectures. The crisis revealed it. The patriotism followed.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Expect Russia to Escalate Its Attacks on our Democracies

The Kremlin Files: For many in the West, Russian information warfare still conjures images of hacked emails, troll farms, and social media manipulation during the 2016 U.S. election and the Brexit vote in the UK. But those operations were not isolated incidents. They were part of a much older Russian playbook—one refined over a century by Soviet and later Russian intelligence services. Today, that same machinery is evolving again, becoming more aggressive, more technologically sophisticated with cognitive AI, and more focused on exploiting the deepest social fractures within democratic societies. The latest revelations about Russian-linked operations in Europe should therefore not surprise us. They should warn us.

A report released last week by the Organized Crime and Corruption Reporting Project (OCCRP) focuses on a new effort, ostensibly by the Russian Presidential Administration, hidden under several front companies, to sow discord and distrust among ethnic minorities and groups in several different countries. Dead pigs’ heads thrown onto the territories of Mosques, synagogues defaced, slurs against historic atrocities—all intended to get various groups in democracies fighting with and among each other, and for the benefit of the Russian Federation. The reporting is important, and more attention needs to be drawn to it in Europe and the United States. But the tactics are not new; they are classic Russian “active measures,” what they now call “measures of support,” carried out by their intelligence services. We can expect more of the same in the months and years to come.

The KGB was very clear on what active measures, or information warfare, were, and how they were meant to be used. The famous archivist-turned-defector Vasiliy Mitrokhin detailed active measures as he quoted from the official KGB training and operational guide: “agent-operational measures aimed at exerting useful influence on aspects of the political life of a target country which are of interest, its foreign policy, the solution of international problems, misleading the adversary, undermining and weakening his positions, the disruption of his hostile plans, and the achievement of other aims.” Sound familiar? The definition is worth breaking down further to demonstrate how it was applied and still applies to the Russians’ tactics today.

Russian active measures are principally the work of the SVR (the Service for Foreign Intelligence), the GRU or “GU” (military intelligence), and the FSB (the Federal Security Service). The SVR has a dedicated Directorate for this work, including information and cognitive warfare focused exclusively on the United States as the “main adversary” (glavnii protivnik) and on all of our close NATO and European allies. The goal is to use intelligence operations to discredit our democracies, mislead policies and political groups, and sow discord and disunity within our societies. The SVR and GRU both did this in 2016 with elections in the United States and with the UK’s Brexit, as cited by non-partisan reporting from the Senate SSCI committee (of which current Secretary of State Marco Rubio was a senior member), the DNI, and, in the case of the UK, by the report of a special commission.

There are always three elements of active measures, as I outline in my book and in its chapter on the same topic: identify the target, determine the operational method, and, most importantly, apply maskirovka to conceal Russia’s hand. All of this can be seen at play in the events in France, Germany, Armenia, and other countries, as highlighted in the OCCRP report, and many other incidents from recent years.

In the case of the dead pigs’ heads thrown onto Islamic centers, the goal is to incite potential unrest and political action by French political groups on all sides. The Russians hoped that these would be reported and activated as intended “cognitive strikes” within French society, and labeled as “racist attacks.” Distrust would be amplified with every media mention. The Russians no doubt (and likely correctly) guessed that some would deplore the attacks, some might try to explain them from one optic or another in light of French politics, and some might actually empathize (disgusting, but true with all such racist and ethnic hatred). But all of these are a win for Russian intelligence.

The Russian goal is to sow discord, just as they did in the U.S. elections of 2016 with social media trolling. Russian intelligence picked up issues then (in 2016 and 2020, in the case of U.S. elections). It will focus now on the most divisive issues to attack: racism, ethnic strife, abortion, LGBTQ, and other issues—again, not for or against, since the Russian services lack any sentimentality and no morals—but to foment societal division. A weakened adversary cannot counter Russia in Ukraine, the Baltics, or wherever Putin next chooses to launch aggression.

The methods selected can vary: from bribing a journalist to write a story to recruiting a politician or lobbyist to help start a political action group to sending actual operatives, as in this case, to carry out fake attacks to stir discord. The Soviets and Russians have done it before, many, many times.

And there is another key point here—the Russian services and their political masters in the Kremlin—President Putin and his siloviki —are not necessarily for or against any single political group or ideology, even when it appears there may be synergy with Russia’s views. That is incidental (including in the case of the 2016 election). Benefit to any one candidate was not their overall goal, though they may capitalize opportunistically in the short term. Any such gains are still subordinate to the overarching goal—to attack our citizenry and democracy, making the West weak and, ideally, our populations divided. The attack is fundamentally against democracy itself, and the Russians aim to get the French, or Armenians, or Americans to hate each other and fight viciously over the issues that Russian intelligence selects for their cognitive warfare.

Democracy is the threat. That is why Putin ultimately had to destroy Ukraine—he cannot stand a free and functioning democracy, yet another one, thriving on his borders like the Baltic states have done for 30+ years since their independence. Democracy and free societies work, but Putin can’t let the Russian people get wind of that. The West has to be portrayed as split, divided, and weak.

The Russian intelligence services and their Soviet forebears have been at this for 100 years, since the Bolshevik revolution in its earliest days. Spread disinformation, make use of “useful idiots” in the West who actually believed in communism, all the while Lenin insisted that “Iron Felix” Dzerzhinsky stood for organized terror. A divided opposition and adversaries would be weaker in trying to stop the revolution, Stalin’s expansionism before and after World War II, or the Cold War policies of the USSR within the Warsaw Pact. Today, they need NATO and the EU to be weak, the transatlantic partnership divided. We should not help them achieve their goals.

The final element, though, is the most important: what the Russians call maskirovka. The best translation for the term's intelligence understanding is likely “denial and deception.” Hide the hand and make it look like someone, anyone else, is to blame. The OCCRP report cites Russian Presidential Administration aides discussing and ordering that the operatives “believe they are working for Ukraine.” That is the essence of maskirovka, false flags, and deception. Just like the alleged Venezuelan manipulation of voting machines, what former U.S. Attorney General William Barr said was a “bullshit” theory (his word). But it makes for great maskirovka—blame the Venezuelans, anyone but the Russians.

And finally, about the Russian Presidential Administration directing so-called front companies in the report, like the SDA and SNG media, with lofty goals and mission statements like: to “compensate for the lost ties between residents of the countries of the post-Soviet space after the dissolution of the USSR, acknowledged as one of the largest geopolitical catastrophes in the world.” Again, more maskirovka, more hidden hands so that even if found to their roots, the roots don’t point to the intelligence services. The Russians use diversified cover for their intelligence service officers across all of their government, including in the Presidential Administration. It is filled with former and current KGB/SVR/FSB and GRU hardliners.

Why did they fail in this plot? Poor implementation and judgment of us, the West, their adversaries. The Russians have been underestimating the strength of free and fair investigative journalism for years. Bellingcat has repeatedly exposed its operations; OCCRP now joins that list and deserves real credit for doing so. But we still have a long way to go in countering Russian active measures and disinformation. Many in the United States, the UK, and across the EU –including some of our leaders-- still do not fundamentally believe the Russians are engaged in this kind of activity. And what Russian intelligence officers, organized crime groups, hackers, and proxies accomplished in 2016 can now be amplified exponentially through cognitive AI—magnifying social media trolling and influence operations ten-thousandfold.

The West must understand that this threat is neither temporary nor improvised. It is systemic, deeply rooted in Russian intelligence doctrine, and likely to intensify as the Kremlin feels increasingly isolated and strategically threatened. Moscow will continue turning to old and trusted tools—deception, division, provocation, and manipulation—because they are cheaper than tanks and often more effective. Democracies cannot defend themselves if their citizens no longer trust one another, their institutions, or even the basic idea of objective truth. If we think “elections are rigged,” that is a huge win for Putin. That is the real target of Russian active measures—democracy. Recognizing that reality is the first step toward resisting it. Russian intelligence services are trying to make “useful idiots” of us all. We shouldn’t let them.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Qatar's New Online Influence Machine

For years, Qatar has positioned itself in Washington as a trusted American partner: a host to major U.S. military assets, a mediator in hostage negotiations, and a wealthy Gulf state capable of talking to nearly everyone in a turbulent region. At the same time, Doha has earned a reputation for exerting influence by illicit means, such as the bribes that secured it the right to host soccer’s 2022 World Cup. Less recognized is the Qatari regime’s employment of an artificial media platform that poses as an independent news organization while promoting Doha’s agenda.

To complement Al Jazeera, its global media powerhouse, Doha created Eekad, an Arabic-language media platform that presents itself as an independent fact-checking and open-source investigative outlet. In actuality, Eekad is part of an opaque digital ecosystem with links to Qatari government ministries and contracted PR firms that consistently pushes narratives aligned with Qatar’s geopolitical interests, while attacking many of Doha’s regional rivals.

Eekad produces polished content that mimics serious investigations by using satellite imagery, network analysis graphs, and short-form videos designed for mass consumption across the Arabic-speaking world. It has built a strong audience online but obfuscates who funds, operates, and controls the platform. What is clear, however, is that multiple Eekad employees simultaneously worked at Al Jazeera, Qatari ministries, and state-affiliated organizations.

Eekad’s messaging follows a remarkable pattern. It regularly criticizes Israel, Saudi Arabia, and the United Arab Emirates while defending Hamas and dismissing criticism of Qatar. For example, after Hamas’s October 7, 2023 massacre in Israel, the platform questioned reports of atrocities committed against Israeli civilians while portraying criticism of Hamas as part of coordinated foreign influence campaigns. This jibes with Qatar’s position of holding Israel “solely responsible” for the October 7 massacre.

Eekad has also repeatedly defended Qatar’s reputation by attempting to debunk criticism of Doha. The platform worked to discredit allegations of labor abuses tied to the 2022 World Cup despite FIFA finding that “severe human rights impacts did ultimately occur in Qatar.”

These are the same narratives and talking points that Qatar has peddled outside the shadows of social media. Documents submitted to the U.S. Department of Justice pursuant to the Foreign Agents Registration Act show how Qatar has spent over $235 million dollars employing dozens of American lobbying and public relations firms to polish Qatar’s reputation and promote its relationship with the United States.

In some cases, Doha has employed U.S. firms specifically for outreach to traditional media. Tucker Carlson’s viral 2025 interview with Qatar’s prime minister is a product of these efforts. Qatar has invested in a significant U.S. media campaign in recent months, hiring a former CNN producer to serve as a registered agent in the United States, and encouraging Qatar-based academics to “examine strategies of sectarian hate speech and propaganda on social media in the Gulf region.”

The patterns hinting at direct Qatari government control of Eekad are difficult to dismiss. Washington tends to think about foreign influence through the lens of Russian troll farms or Chinese espionage, but Qatar is working to earn itself a place on that list.

Today’s influence campaigns increasingly operate through decentralized digital ecosystems: “independent” brands, influencers, and social media networks that can maintain plausible deniability while still advancing state interests. This is no secret to Qatar, which brought a group of conservative influencers to Doha over Thanksgiving 2025 on a luxury trip that resembled a sophisticated foreign influence campaign rather than an educational endeavor. One influencer, a veteran with nearly half-a-million followers on X, said he had an “eye-opening few days” learning about “the unique and mutually beneficial military and financial partnerships that we share with Qatar.” Months later, another online personality said that Qatar had invited him on the influencer trip but then told him that “they ran out of money for ticket allocation” after he posted a video “questioning Qatar’s influence in America.”

Platforms like Eekad are effective because they do not resemble traditional state propaganda outlets. Their content adopts the aesthetics of scrappy open-source intelligence and online fact-checking outlets, helping the material to appear credible to ordinary viewers. It is a suitable approach for countries like Qatar, which seek to maintain close military and diplomatic ties with Washington while promoting narratives directly harmful to American interests.

When meeting with Qatari counterparts, senior U.S. leaders should make clear they aware of Qatar’s underhanded methods and that Washington will strip Doha of the privileges of being ally if behaves like an adversary.

The Cipher Brief participates in the Amazon Affiliate program and may make a small commission from purchases made via links.

Sign up for our free Undercover newsletter to make sure you stay on top of all of the new releases and expert reviews.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business

The Forgotten History Moscow Doesn’t Want Remembered

Sadly, few in the U.S. and Europe know the complicated history of the Kremlin’s actions in the years leading up to Hitler’s Invasion of the USSR. This is partially a result of Moscow’s emphasis on some facts, twisting other facts and effort to ignore it to suppress critical facts that threaten and undermine the Kremlin’s propaganda and cognitive warfare narratives. Just a few reminders:

Putin’s “historians” often forget to mention the fact that in 1939, when Hitler invaded Poland, the Soviets not only did NOT join the UK and France in standing up to that aggression, but participated in the unjustified occupation - with Moscow and Berlin dividing Poland amongst themselves. You can find photos of Soviet NKVD and German Gestappo officers meeting in occupied Poland, where they were working to target Polish officers and citizens. As Russian historian Nikita Sokolov notes in his article “Victory Instead of the Truth: Myths and Blank Spots Related to the Topic of the Great Patriotic War”, prior to Germany’s invasion of the Union of Soviet Socialist Republics (USSR) in June 1941, the Soviet leadership not only refused to aid the United Kingdom and France when they went to war with Hitler’s Germany and Italy in 1939, but Soviet censors prohibited writers from writing negatively about Nazi Germany and between 1939 and 1941, the Kremlin banned 4,000 publications that were critical of Berlin from being published.

There is also the matter of the “Winter War” waged by Moscow against Finland between November 1939 and March 1940. An aggression conducted against one of the Soviet Union’s neighbors that was justified by the false claim that the Finns were threatening to invade Soviet territory and occupy Leningrad and preceded by a classic provocation – when the Soviets conducted a false flag operation and opened fire on their own troops along the Soviet – Finnish border, then claimed that the attack was perpetrated by the Finnish Armed Forces, justifying Stalin’s invasion of Finland.

When France signed an armistice with Berlin in June 1940, the United Kingdom stood alone facing the full might of German and Italian forces. Moscow did not support London during this period, but instead, was busy seizing Polish and Romanian territory, occupying the Baltic States and providing its German allies with raw materials used to fuel the German war machine.

While the Germans were bombing London and other British cities, Stalin was helping them. In a sign of just how absurd Russian propaganda about the Second World War can be, one Russian news program I recently watched made the claim that London was, in fact, never bombed n by the Germans but instead, was bombed by the British themselves as part of a false flag operation conducted by London against its own population. (NOTE: This kind of lie might be hard for many to understand, but not Russians who are well aware of the fact that their own government has conducted false flags and provocations against the Russian population to justify various government decisions going back to Tsarist times.)

Putin’s propaganda machine likes to promote the image of Ukrainian and Baltic peoples siding with the Nazis against the USSR to justify Russian aggression against its neighbors. Historically, it is a fact that many in Ukraine and the Baltic States initially welcomed the Germans - because they were seen as a relief from Stalin and his regime, that had terrorized the Soviet Union for years, including arresting and sending millions of Soviet citizens to their deaths via purges, mass arrests, forced labor projects and forced starvation programs. But the same historians also tend to remain silent about the shame that, during the Second World War, large numbers of Russians also went over to the side of the Germans. Few in the West are familiar with the story of Stalin’s “Favorite” General, Andrii Vlasov, who after being captured by the Germans in 1941, volunteered to lead thousands of Russian troops who had been captured by the Germans against the Red Army. Vlasov Army consisted of a large number of ethnic Russians who choose to fight against the Soviet Union and was augmented by many other ethnic Russians from the USSR’s “First Wave” of emigration living in Europe at the time – former officers of the “White Movement” who fled Russia during and after the Russian Civil War and volunteered to help Fascist Germany in its fight against Moscow.

The Kremlin’s scribes often falsely claim that Moscow “single handedly" defeated the Nazis and won the war while the UK and U.S. sat on the sidelines. The argument is repeated that London and Washington delayed the opening of second front in Europe to relieve pressure from the Soviets. Of course, Putin’s “historians” often fail to recall that while the American, Australian and British troops were fighting a bloody and brutal war against Imperial Japan in the Far East, Comrade Stalin refused to declare war on Tokyo until after it was clear that the allies had knocked Japan out of the war in 1945, opening the way for the Soviets to grab territory from an already defeated country.

Not only did the Soviets fail to support the allies in the Pacific, but Stalin actually worked clandestinely to spark a war between the U.S. and Imperial via operation “Snow” in 1941.

British and U.S. operations in North Africa and the Mediterranean were not enough for Stalin, who insisted that London and Washington expand their efforts in Western Europe to save him from the same Fascist regime that Stalin signed the Molotov Ribberntrop pact with only a few years earlier.

While the U.S. was funneling assistance to the Soviet Union via the “Lend Lease” program, Mosow was conducting aggressive and extensive espionage activities against its “allies”, recruiting and running large agent networks tasked with stealing just about any secret that they could get their hands on. Of course, Putin remembers this part of the “alliance” and loves to gloat and glorify the Soviet Intelligence officers who were behind operations like “Snow” and “Enormous”.

The same “historians” that love to boast about how the “Russians” defeated Hitler’s Germany, rarely mention the direct impact the allied strategic bombing campaign had on the Hitler’s ability to wage war. This air campaign, which cost the lives of large number of U.S. and Allied Airmen, was a key element in the defeat of Hitler’s Germany, with sorties significantly disrupting German defense production and energy supplies needed to equip and power the German military.

There is no doubt that the people of the Soviet Union suffered greatly during the Second World War, or as it was referred to by the Soviets as “The Great Patriotic War”. But it was not only the Russians of the former Soviet Union that paid a terrible price for the failure of diplomacy and common sense that led to the worldwide conflict. Millions of Soviet citizens died during that horrible period. Uzbeks, Tajiks, Ukrainians, Belarussians, Kazakhs, Azerbaijanis, Armenians, Kyrgyz. Each former Soviet Republic sacrificed to defeat the Nazis and those tremendous sacrifices should be remembered and respected. But why does the Kremlin today try to present Russia alone as the sole victor in the battle against Facism?

Why? During the Cold War, the Central Committee of the Communist Party of the USSR tried to cover up its own failures and mistakes by promoting false narratives about the war. Among other things, the goal was to present the U.S. and “West” as aggressors, downplay their roles in defeating fascism and aiding the Soviet Union survive Hitler’s onslaught, which as Sokolov notes, could not have survived German aggression without help from the U.S. and other allies. Following the collapse of the Soviet Union in 1991, as the new Russian Federation (RF) attempted to build better ties with its former Cold War enemies, there was a recognition of the role played by Washington, London, Ottawa, Canberra and other allied nations in defeating the Nazis. But with Vladimir Putin’s ascendency to power in the early 2000s, Russian history once again saw a re-introduction of the Cold War era theme designed to denigrate the contributions of others in defeating Hitler and promote Russia as a great power.

Putin’s own behavior towards his neighbors since his invasion of Georgia in 2008, and assault on Ukraine starting in 2014, has made Putin synonymous with Hitler. Today, those subjected to the war crimes and atrocities inflicted upon them by the Russian Military see the Russians who condone Putin’s war of aggression as being synonymous with those Germans who either played a direct role in promoting Hitler’s policies or who passively went along with those policies.

I can say from my past experiences traveling in both the Soviet Union and Russia over the past 40 years that while official propaganda often tried to deny the roles played by the U.S., UK and others in defeating Nazi Germany in the 2nd World War, many Russians remembered with fondness the sacrifices made by their allies to help the against the Third Reich. The Russians themselves remembered the lifeline they received via Lend Lease; the incredibly treacherous journey allied merchant ships took delivering supplies to the USSR. They would often recall the photo of U.S. and Soviet troops meeting on the Elba River, recognizing this event as a symbol of cooperation and mutual sacrifice. And these same Russians would often tell me how horrific the war was and how much they wanted to avoid living through the horrors of another conflict.

Unfortunately, Russia’s current autocratic leader has ordered his historians and propagandists to re-write history with the goal of denigrating the role all of the allied powers played in destroying Fascist Germany and ignore the fact that the USSR failed to join the war effort against Imperial Japan until the war in the Pacific was almost over. We should never allow him to get away with giving credit to those who earned it and as with all of Putin’s disinformation, call it out whenever and wherever encountered and counter his distortions with historic facts.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Rubio Lays Out Trump Administration’s Iran Endgame

“He [President Trump] felt it was imperative that Iran not be able to establish a conventional shield that they were building with massive number of drones and missiles, and they were on their way to getting double what they had, and if they reached the point where they had so many missiles and so many drones plus their naval capabilities that existed at the time, Iran would then say to the world there's nothing you can do about our nuclear program because if you do we will overwhelm your defenses with the sheer volume of launches that we have and then they could do whatever they wanted on their nuclear program. That was an unacceptable risk. It was a risk that we were running out of time to address.”

That was Secretary of State Marco Rubio, testifying last Wednesday before the Senate Appropriations Committee and providing the latest rationale for the U.S. joining Israel in the first February 28 bombing attack on Iran.

Rubio went on to claim that prior to the decision to attack, Trump and his advisors weighed the risks, “not just [to Iran closing] the Strait [of Hormuz], but also the attacks against Kuwait and Bahrain and UAE (United Arab Emirates) and Saudi Arabia and Qatar. It was weighed against that and the President made a decision that not having a nuclear weapon above all else had to be the priority.”

Wednesday’s Senate Appropriations appearance was Rubio’s fourth time testifying last week before Congress, nominally about the State Department’s fiscal 2027 budget, but in reality providing public answers to a whole series of administration wartime and foreign policy activities that have seen various explanations for weeks.

I will discuss some of Rubio's policy explanations to Senate and House members last week in a moment, but the hearings also provided surprising new information, not all of it from the Secretary of State.

For example, did you know the Trump administration has had three classified criteria it has used to determine which so-called narco-trafficking boats should be blown up in the Caribbean and eastern Pacific Ocean? Up-to-now at least 207 people have been killed as the result of more than 60 such U.S. strikes, with little public explanation.

At last Tuesday’s Senate Foreign Relations Committee hearing, Sen. Tim Kaine (D-Va.) told Rubio, “I know what the targeting criteria are because of briefings I've had in this committee and in the [Senate] Armed Services Committee. It's all been classified and I'm not allowed to discuss the targeting criteria because they've only been shared in classified [settings].”

However, Kaine added, “I don't think I'm prohibited from describing things that aren't targeting criteria.” He then said what had surprised him was that “There's evidence of narcotics on the

boat. That is not (emphasis added) a targeting criteria…They have not used the presence of narcotics on the boat as one of the targeting criteria,” Kaine repeated.

Kaine then asked Rubio, “Why would the administration not include the presence of narcotics in the boat as a targeting criteria?” and Rubio replied, “As you've just outlined, I can't discuss the specifics of the targeting criteria, but I can tell you the one thing that is obvious is that the targeting criteria is not single source. In essence, there are multiple checks...and all of it informed and infused by intelligence collection.”

Rubio added, “I'm not aware of every strike because it's not reported [to him] on a regular basis, but there have been strikes that they've walked away from because it doesn't meet the criteria or because there's doubt.”

Later, at that same hearing, Sen. Rand Paul (R-Ky.) noted “that the statistics from the [U.S.] Coast Guard also say that when we interdict alleged drug boats in the historic way, the way we've always done it, about one in four don't have drugs. We make mistakes. We see something suspicious about the boat. We stop them and they don't have drugs on board.”

Then Sen. Paul went on, “I would also like to add that drugs is not a criteria for blowing up the boats, the boats that are called drug boats, but neither are arms (emphasis added). So, in order to blow them up, we don't have to say that they're armed or have drugs. And I think a lot of people would have questions, which I still do.”

It’s obvious the so-called criteria for these strikes needs more explanation.

Another issue, brought up at Wednesday’s hearing, came from Sen. Jeanne Shaheen (D-N.H.) and related to the more than 100 vacant U.S. ambassadorial posts around the world.

Shaheen told Rubio, “The fact is it's not the Foreign Relations Committee in the Senate that is holding up those nominees. It's the fact that the nominees are not being submitted to us [and] those nominees who start to go through the process often aren't willing to comply with the ethics requirements that require that they divest of their outside holdings.”

Noting that “you just sent over 20 nominees of whom only four are career people,” Shaheen said, “So the problem is not in the Congress, the problem is in the administration. And I hope that you will begin to take up that slack by appointing more career ambassadors.”

As for today’s main issues, Rubio made clear the re-opening for shipping through the Strait of Hormuz was the U.S. priority with Iran, while solving the nuclear issues with Tehran comes second.

As Rubio put it on Wednesday before the Senate Appropriations panel, “The only reason there is a [U.S. Navy] blockade is because of what they've [Iranians] done in the Strait. The fact that they are telling the whole world we will not let your ships through unless you pay us a toll. And we can never accept that -- that we can never accept, the tolling system in the Strait. If we accept that in the Strait it will be replicated in multiple places around the world. There'll become a new status quo, everyone will want to do one.”

Rubio added that Iran had “mined the Straits and are shooting drones at ships. So, they need to stop doing that. They need to cooperate with the removal of the mines. And if they do that, then [open] the Strait, then the blockade comes off.”

At another point last Wednesday, Rubio said as part of the negotiations, once the Strait is opened, the U.S. blockade withdrawn, “they [the Iranians] would agree as part of all of this that they are prepared to sit down and negotiate an agreement that disposes of the highly-enriched uranium that limits, and/or prohibits, their enrichment program.”

Rubio continued, “In return they [the Iranians] would be able to have some, not all, of the sanctions that they are facing for their nuclear program potentially waived or reduced, but that would be only be depending on what they give, and of course these things all have to be verifiable.”

Rubio further explained, “The highly-enriched uranium you can verify because when it's removed it's removed. The enrichment monitoring is the one that's going to be critical for any deal to be successful.”

Toward the end of the Senate Appropriations hearing, Rubio summed up nuclear negotiations saying, “What's been offered to them? There's no down payment or bonus for entering into negotiations. So what's been offered to them is everything that they ask for will be commensurate with what they're willing to give as part of the broader negotiation for a deal…The only thing they get for opening the Strait is the lifting of our blockade.”

On enrichment, Rubio clarified, “What we're focused on, I think most people are focused on, is the highly-enriched uranium, which is, you know, like the 60% [enriched uranium] for example, that we know they still possess that can quickly be turned into 90%. That's what the term highly- enriched uranium is. There's some 20% enriched as well, but the bulk of what the world is concerned about is the 60%.”

During his appearance before the House Foreign Affairs Committee last Wednesday, Rubio gave a hint of whom, among the Iranians, they hope they are dealing with.

Rubio explained, “As you know, the Iranians suffered tremendous losses in personnel, and that includes top leadership of the IRGC (Islamic Revolutionary Guard Corps) and other elements of their government. What the President [Trump] is alluding to is that there are certain individuals in the Iranian regime who have indicated both directly and indirectly a willingness to approach the future perhaps a little differently. Not ideal. I'm not telling you. Look, everybody talks about moderates in Iran. There are no moderates. There are radicals and super radicals. Okay? That's been our view of it. But there are some of them that believe that they actually need to do a deal because their economy is in shambles. And so I think what the President is alluding to is that there are some individuals involved in the negotiations and in elements of their government including some in elements of their military that are more open to a deal than others.”

Asked about post-President Maduro Venezuela during last Tuesday’s Senate Foreign Relations hearing, Rubio said, “Venezuela is in a better place today and in a better trajectory today than it was five months ago. Now, is it where it needs to be? Is it where it needs to ultimately wind up? The answer is, of course, no.”

Rubio explained, “Ultimately, in order to truly transition, they have to have multi-party free and fair elections. But the conditions for free and fair elections are the following. First of

all, you have to have a free and open media. And while you've seen independent journalists are now for the first time activated again, that has to exist. Political parties have to be given the space and time to organize. The National Electoral Council has to be reformed so that it has members in it that will actually accurately count the vote. You have to have certain conditions in place. I'm not telling you that's five years from now, but it's been five months. So I want to be relative to that.”

On Cuba, Rubio told the Senators, “Cuba is actually not controlled by the government. Cuba's controlled by a military holding company named Gaesa. And Gaesa virtually owns everything, they own the tourist sector, they own mining, they own the gas stations, they own everything. They generate about 70% of Cuba's GDP [which]is under the control of this military company and they're sitting on between $14 [billion] and $17 billion in assets. So you have people literally starving, a power grid that hasn't been maintained in 10 years. And yet you have this holding military company sitting on these assets. And by the way, not a penny of the money in the military holding company translates over to the public treasury.”

With that background, Rubio said that for Cuba “not to continue to be a failed state, which poses a threat to the United States, they need systemic and serious reform. They need to have economic reforms. And the question is, can they possibly reform given the people who are currently in charge both of Gaesa and of their government?”

Not surprisingly, Rubio went on, “I really don't believe this system [in Cuba] is capable of reform unless new people take over or a new mindset takes hold. Now, we've engaged in conversations with them. We've offered them what I think needs to happen in order for their economy to recover,” but he did not explain what that was.

Whether or not Rubio’s information turns out to be accurate and his views of where things should be headed even prevail, the words of this Secretary of State/acting White House National Security Adviser need serious consideration because on top of it all he may be a future Presidential candidate.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Middle East at the Brink: Norm Roule on Iran, Israel, and the High-Stakes Struggle Taking Shape

As tensions between Israel and Iran continue to evolve following a weekend Iranian ballistic missile attack against Israel, policymakers and markets alike are grappling with a complex and uncertain landscape. A very fragile ceasefire, ongoing disruptions to maritime traffic in and around the Strait of Hormuz, threats of new escalation by the Houthis in the Red Sea and continued diplomatic engagement between Washington and Tehran underscore the highly complex military, economic, and political dynamics now shaping the region. While fears of a broader regional war have eased somewhat, for now, key questions remain about the durability of any ceasefire, the future of nuclear negotiations, and the security of critical energy and trade routes.

To help put these developments into perspective, The Cipher Brief spoke with former National Intelligence Manager for Iran (NIM-I) Norm Roule. In this conversation, Roule examines the multiple layers of the current crisis - from maritime security and energy markets to Iran's regional strategy, proxy networks, nuclear diplomacy, and the implications of renewed Israeli-Iranian confrontation - offering his assessment of where the conflict may be headed and what policymakers should be watching next.

Norman T. Roule

Norman Roule is a geopolitical and energy consultant who served for 34 years in the Central Intelligence Agency, managing numerous programs relating to Iran and the Middle East. He also served as the National Intelligence Manager for Iran (NIM-I)\n at ODNI, where he was responsible for all aspects of national intelligence policy related to Iran.

Understanding a Multi-Layered Crisis

The Cipher Brief: The tenuous ceasefire in the Middle East involving Iran may be collapsing. Iran has fired a fresh barrage of missiles at Israel, and reportedly, President Trump attempted to restrain Israel from retaliation. We have seen a growing number of reports that container ships and oil tankers are beginning to trickle out of the Strait of Hormuz, albeit sometimes under fire. At the same time, we have reports that the Administration’s negotiators are consulting nuclear experts to develop the next phase of talks with Iran. The situation is difficult to understand. Can you put this into perspective?

Roule: The best way to look at the current situation is to see it operating on several levels in parallel. The levels interact, but they can also progress independently. The situation is brittle, but each process has predictable elements because each level is maintained by a consistent set of actors whose strategic motivations are constant. The ceasefire, such as it is, concerns Iran itself and should not be considered to include Lebanon. This arena will remain a disruptive element over which the U.S. will have limited influence. Regarding the Strait of Hormuz, we should view it as a contested enforcement crisis sustained by a nominal ceasefire, with the post-strike and ceasefire diplomatic endgame not yet in sight.

The Strait of Hormuz and Maritime Pressure

The Cipher Brief: What is the current state of shipping in the Strait of Hormuz?

Roule: Iran continues to press ships to pay for passage through Iranian-designated routes or Iranian transit-control arrangements in and around the Strait and will continue to do so. There are credible reports that the Strait is mined, but this has not been publicly confirmed. Most ships appear to be moving through Omani waters, where the U.S. military is providing some level of informal protection, short of formal escort, as they pass through the Strait. The U.S. Navy has repeatedly and appropriately demonstrated that it will tolerate no threats by Iran and has destroyed Iranian drones and struck coastal radar or other military assets when they threatened maritime traffic or U.S. forces. These operations have likely constrained Iran’s actions. We should expect Iranian tests of the U.S. to continue, however, if only because Iran knows that even a small number of attacks will prevent most shippers from testing the route and will keep insurance rates prohibitively high for cargo traffic.

The Economic Squeeze on Iran

The Cipher Brief: Tell us about the impact of the blockade on Iran.

Roule: The impact is significant and almost certainly far greater than Iran is willing to admit, and growing every day. Before the blockade, Iran’s oil exports were commonly estimated at 1.4 to 1.8 million barrels per day, depending on whether one counts crude, condensate, refined products, and shadow-fleet flows. Oil and gas exports accounted for roughly 15 percent of GDP. Iran’s exports have fallen sharply, with current flows measured in the hundreds of thousands of barrels per day rather than pre-blockade levels. May crude and condensate exports will be well below 300,000 bpd. Unemployment is growing. Inflation is growing. Iran’s rial open-market rate now hovers around 1.7 million per dollar. The economic erosion and associated domestic political costs will be cumulative in a country that was already shaken by unprecedented nationwide unrest in December and January.

Iran's Regional Strategy

The Cipher Brief: What are Iran’s options to weaken the impact of sanctions?

Roule: We are seeing these play out in real time. Iran is using Pakistan, Caspian, Turkey, rail, and other land routes for limited trade leakage, but these cannot replace seaborne crude exports to China at scale. Tehran will also press shippers to pay for passage through waters it controls. Militarily, use missile and drone attacks on Kuwait, Bahrain, some of the ships transiting the Strait, and now missile strikes on Israel to show the limits of U.S. power, to split regional alliances, and to keep oil prices as high as possible. In terms of foreign engagement, the Foreign Minister must use travel to show Iran is not isolated, and the Quds Force needs to sustain its relations with proxies and to keep international attention on Israel, and influence U.S. public opinion against continuing the conflict.

The Future of Nuclear Diplomacy

The Cipher Brief: Tell us about Iran’s broader regional motives? What prompted Iran to attack Israel with missiles this evening? Why is Iran so focused on Lebanon?

Roule: The ongoing crisis prompted by the Iranian missile attack on Israel risks significantly changing the region’s strategic map, but before we talk about today’s developments, let’s unpack some of the other issues that led to it. I think that will lay a good foundation for understanding Iran’s motives in launching the missile attack and help explain these attacks and where the broader region is going.

First, neither the United States nor Iran wants to see a return to open hostilities such as those seen in the first weeks of the conflict. Tehran needs domestic stability, and Washington has no interest in another war in the Middle East. Therefore, the weight of the conflict, as well as the pressure tool for talks, shifted to the Strait of Hormuz because each side sees this lower-intensity battlespace as offering leverage without the risks of that broader conflict.

There are routine reports that a small number of ships are exiting the Strait, sometimes under fire from Iran. The ships are generally moving through Omani waters, but there are rare reports of ships choosing to travel through Iran’s side of the Strait. This flow is sufficient to allow Iran to demonstrate that it will deal with those countries that pay the price of passage, but also allows Washington to show a capacity to defend shipping willing to fall under its informal protective umbrella. Tehran continues to hope for an arrangement in which it can collect a fee for each ship. This plan has been soundly rejected internationally, and the U.S. has already sanctioned the entity the Iranians set up to manage the Strait due to its links to the Revolutionary Guard. Any company that pays a fee to Iran will risk U.S. sanctions.

We shouldn’t expect Iran to drop its demands on the Strait, however. Washington, on the other hand, sees its blockade of Iranian ports, coastal areas, and Iranian-linked oil shipments through the Strait as its best means of compelling Tehran to accept nuclear concessions. Neither side will easily give up this influence without substantial concessions from the other that would need to be tightly sequenced in a carefully orchestrated diplomatic deal that has yet to be arranged. For the U.S., the price would have to be a firmer commitment to nuclear concessions. Tehran will seek substantial financial inducements and likely long-term sanctions relief.

Second, as events play out, Tehran is converting geography, missile reach, and proxy survival into fresh coercive regional leverage and using nuclear engagement in a new game with very high stakes. Tehran sees its control of the Strait as giving it not only a stranglehold on the economies of its Gulf neighbors, but long-term global economic influence. Let’s spend a moment on this. In addition to the oil, distillates, and hydrocarbon products that have filled the headlines, the Strait is also home to at least seven major undersea fiber-optic cables that carry a critical share of Gulf international connectivity for the Gulf states. Together with energy targets, this would give Iran the ability to threaten the region’s oil, LNG, insurance, and freight, but also put at risk cloud connectivity, banking, military communications, energy trading, telecom networks, and Gulf economic diversification. Iran targeted cloud and data-center infrastructure, including facilities supporting AI workloads in the region, in drone attacks. This will become another avenue of threat, although Gulf states are already taking steps to harden these facilities. For the Gulf States, and for the world, the idea that we would allow a situation where Iran could threaten such an AI infrastructure tied to the global financial system at a time when the GCC states are investing heavily in data centers, cloud services, and fintech that would only expand the impact of that network should be of the greatest concern.

Returning to regional militias, it comes as no surprise that a regime dominated by the Islamic Revolutionary Guard Corps has made protection of proxies a pillar of its national security policy. Since the end of the Iran-Iraq War, the IRGC doctrine has been to rely on a palette of asymmetric tools – including proxies, missiles, and other asymmetric weapons – to achieve regional dominance. Militias provide Iran with a means to project power throughout the region and to influence shipping in the Red Sea. Although indeed, Iran’s proxies were severely damaged in recent years, they all survived. Iran’s humiliation at the time was that the proxies were neither able to serve as a strategic defense to Iran when needed, nor was Iran able to defend them in their hour of need. The current regime in Tehran has shown from its arrival that Lebanon, or rather Hezbollah, is a core national security pillar. If Hezbollah falls, the current regime cannot claim to be any more successful than its predecessor. What remains to be seen is whether this decision will affect unrest in Iran. In recent demonstrations, some protestors complained that the government spent more time on proxy issues than on national problems.

None of this means diplomatic talks can’t continue. Indeed, as history has shown over the past decades, Iran has had no difficulty pursuing lengthy diplomacy while pursuing similar programs. The Iran nuclear talks in the Obama administration continued during a period of Qods Force regional expansion. Despite the sometimes heated rhetoric on each side, Washington and Tehran have pursued diplomacy, passing draft proposals via Pakistan and, reportedly, messages via Gulf partners. Although slow progress is common in the world of indirect Iranian diplomacy, the security conditions of the new Iranian government, Tehran’s need to form a system under fire, and the very consequential nature of these issues for each side make the idea of fast talks in this case unrealistic in the extreme.

Each side also has some reason to believe economic and political pressures will compel its adversary to make concessions if only they can stand firm longer. Washington knows sanctions are gnawing at Iran’s economy. Tehran is watching oil and natural gas prices creep higher as inventories decline. This makes predicting the conclusion of talks difficult. Despite what is sometimes said in the press, the issues are likely well understood by each side. After all, they have been discussed for years in some cases. The first challenge will be to develop the mechanics of a sequenced series of steps to overcome the distrust between the two sides and to deal with domestic opponents of engagement in each country. Events and politics on each side throw the occasional wrench into the talks.

Challenges with any near-term agreement

The Cipher Brief: What happens if we do sign a memorandum of understanding (MOU) with Iran?

Roule: An MOU would only be the beginning of a longer process, and we shouldn’t be overly optimistic that the outcome will be as productive. Iran refuses to give up its right to domestic enrichment, and until it disbands the Quds Force, we can expect it to threaten its neighbors and the world with militias and terrorists. That is a recipe for sanctions and potential military action. It may be possible to remove Iran’s buried enriched uranium and increase IAEA access, but this will probably be a lengthy and complex diplomatic process as well.

The confidence-building stage in the MOU implementation would involve disbursing financial relief to Iran without the U.S. withholding the same at the last moment. For the U.S., financial relief will need to be managed in a way that will allow Washington to say that the funds are not being used to fund terrorism or missile proliferation. The Strait would need to be opened quickly and loudly, and the Trump administration would need to be able to point to progress in nuclear talks. Both sides would claim victory for their respective political bases, and Iran’s rhetoric would aim to humiliate the U.S. Inevitably, the strength of any MOU would be tested. With luck, the only test would be enduring the rhetoric of Iran’s hard-line officials, but more significant and challenging tests are possible. Last night’s example of Iran’s missile attack on Israel is a good example. Hezbollah or other proxies will continue their attacks.

When you put all of this together, we need to recognize that we are now in an era where Iran feels able to use a blend of conventional and proxy weapons against Israel and its neighbors more freely than at any time in the past. The concept of deterrence against Iran has been tested during this conflict, and new realities have been laid bare. I don’t think we have spent enough time thinking about what this means.

Israel, Hezbollah, and Escalation Risks

The Cipher Brief: So, let’s move to Israel and Lebanon. We realize this is playing out live. How should we look at this?

Roule: We are watching the real-world consequences of allowing Iran to destabilize the Middle East through its proxies. The chronology of this event is important because it shows what the future of the Middle East will look like unless we do something to change Iran’s role. Rocket fire from Lebanon into northern Israel prompts Israeli retaliatory airstrikes against Hezbollah-linked targets in Beirut. Iran then fires ten missiles against an Israeli airbase. Washington tried to constrain Israeli retaliation against Iran, but this was unlikely to succeed, even though it would be a disruptor in the nuclear talks. Israel’s Lebanon campaign in response to Hezbollah attacks will remain a variable that Tehran is using to link the U.S.-Iran track to Levant security. At the same time, Washington’s Iran channel does not control the Israel-Lebanon track, which will be subject to events in that arena and the actions of Israeli and Hezbollah actors.

Any Israeli Prime Minister would need to show their people, and Iran, that Tehran and its proxies cannot attack Israeli territory and escape punishment. That principle has been a firm element of Israeli security policy, especially since the October 7 Hamas attacks. Israel’s attacks against Iran included military targets and at least one petrochemical target of importance to the Revolutionary Guard. This strike appears constrained and contains a message that Jerusalem is prepared to damage more than military targets if Tehran continues. One suspects that Iranian officials have also adopted security protocols to enhance their safety. This will slow any talks that are underway, although it doesn’t appear that Israel attempted strikes against Iranian leadership.

What the Crisis Means for Energy Markets

The Cipher Brief: What are your thoughts on energy markets going forward?

Roule: Turbulence will remain a constant, but the market seems to have already accepted the idea that neither Iran nor the U.S. is interested in a broader conflict. Absent a significant change in conditions, that will likely continue.

Looking more broadly, the Iran conflict has made it clear that energy distribution security is now a permanent variable in energy markets planning. The direction and scope of energy, telecommunications, and transportation infrastructure budgets for the GCC will be major policy challenges in the coming years.

Next, I’m sure your readers have noticed the impact of the conflict was less severe than some initially predicted. A handful of factors contributed to this, including the fact that energy sources are far more diversified than they were a decade ago. In addition to the U.S., Brazil, Guyana, and even Venezuela are producing more oil than before. Riyadh and Abu Dhabi were able to increase production rapidly during the crisis because of wise, pre-crisis investments in infrastructure. Countries drew upon strategic reserves. China purchased less energy over the last few months. Europe and Asia made cutbacks. All of this bought time and space for markets. Nonetheless, Asia and Europe have already faced steep price increases, and the U.S. is likely to face the same if supplies do not improve in the coming weeks.

Lastly, in the medium term, a ceasefire or framework agreement between the United States and Iran will cap the panic premium, but it won’t eliminate the physical market premium. This will require a substantial change in supply. And this will require underwriters to return with lower insurance costs, ship traffic to normalize transponder use, inventory rebuilding, and Gulf crude and LNG moving routinely to markets globally. It will also take weeks following an agreement for the backlog of ships to work through Gulf ports and reach their destinations. This means price distortions in physical markets will linger even after an agreement.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Alex Younger: An Unusually Likeable Human Being, And A Spy

Sir Alex Younger died earlier this week at the age of 62. He had been fighting cancer for some time.

Alex was Chief of the Secret Intelligence Service (SIS, more popularly MI6) from 2014 to 2020. For most past and present MI6 officers, he was the best-loved Chief anyone had known.

One reason for this was that Alex had risen through the ranks. A good MI6 head does not need to have done so. But there is an undoubted advantage in a humint service to have a leader like Alex who has spent years operating under alias and diplomatic cover, who has had gritty operational discussions with a bewildering variety of foreign liaison services. Who has done his time as a desk officer in Century House and Vauxhall Cross, managing the egos of superiors, colleagues and officers in stations overseas. Who knows what it’s like waiting under alias in the hotel of some god-forsaken place, wishing he was back in Britain with his beloved wife and family.

A second reason was that Alex was a thinker. He had a strong set of values and beliefs and was happy to talk about them. He was a believer in the Enlightenment – the ideas circulating in Europe and elsewhere in the 18th century, advocating reason, challenging superstition and prejudice. He believed that these ideas had brought humanity to a better place and would continue to do so; that those who resisted reason and enlightenment should be challenged and never yielded to. I suspect as a young man he left the army to join MI6 because he could better – and more enjoyably – fight that fight.

But he also thought about national security and where it needed to be in the twenty first century. For him MI6 could not just dig itself into a humint trench, carrying on as before, on the assumption that all that mattered was people. A humint service that was not engaged with science and technology, threats and opportunities, was going to become a museum piece, and a rarely visited one at that.

A speech he gave as Chief 8 years ago at his old university, St Andrews in Scotland, showed he had been thinking deeply about AI – now on everyone’s minds. He was clear that a modern humint service had to engage with technology and the nature of hybrid conflict. “We and our allies face a battle to make sure technology works to our advantage, not to that of our opponents,” he said. “Liberal democracies should approach this with confidence”.

The third reason was that Alex was an unusually likeable human being. He was a spy. When an agent is going to accept tasking from an intelligence officer, the agent needs first and foremost to trust the officer: their competence and integrity. After that, the agent is looking for someone he or she likes: someone who has a good sense of humour, who understands you, convinces you this is the right thing to do. Alex was unusually strong in all these respects. He was a fine case officer.

And these strengths translated to the increasingly demanding leadership roles he took on: head of station in Kabul, Director Counter-Terrorism, Director-General Operations and finally, Chief. Alex was well known for walking the corridors, talking to staff of all grades. This meant that people across the organisation felt valued. They could say whatever they wanted to him, the franker the better. It meant that Alex, as leader, learned stuff that perhaps his immediate leadership team had not shared with him. He knew what everyone working for him did and what they needed to do it. He was the most approachable of people. He did not set out to intimidate or impress you with how busy or important he was. Noone had greater humility. It was a different, but entirely successful, type of leadership.

Alex also believed in partnership. Relationships with the rest of the British intelligence community – with MI5 and GCHQ – were made deeper and broader. So were relationships with the police, military and other government departments. Strategic cooperation with foreign liaison partners was strengthened. Of particular importance to Alex was the relationship with the US. Operational cooperation with the CIA had been important for much of his career, and he valued the unique intelligence sharing and cooperation between the two countries. It was in the US that Alex sought a possible solution to his last illness, and in the US that he passed away.

Alex’s wisdom and foreign affairs experience were highly valued by a succession of British prime ministers – Cameron, May, Johnson. After retiring from public life, he built up quite a following in Britain of people impressed by his occasional media appearances, providing unique insights into the increasingly bewildering international landscape. Friends would ask me if I’d heard “what that Alex Younger had to say on the telly last night”. He talked sense.

He apparently nicknamed his cancer “Putin”.

For the time being, all that family, friends and colleagues – including secret agents – can do is mourn the painfully premature passing of – to use an old-fashioned term – a true gentleman. Longer term, Alex’s memory must inspire people to believe in and defend liberal democracy.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Remembering Alex Younger: The Intelligence Chief Who Shaped a Generation

I don't want to write about Sir Alex Younger, my predecessor as Chief of SIS.

I want to write about my friend.

I had known about Alex's cancer from the outset, while I was still Chief. He treated it with his customary irreverence and wit. He nicknamed his tumour "Putin". At one stage he took to sporting a lapel badge bearing the words "I'm not dead yet". Sarah, his wife, persuaded him not to wear it to the memorial service of a former agent.

I knew he had become dangerously ill in Boston last week. Even so, it still came as a shock to step off a twelve-hour flight to Singapore on Thursday morning and learn that he had died. My immediate thoughts were for Sarah and the family. They had already endured more than any family should when they lost their son Sam in 2019.

Alex and I were almost exact contemporaries. He was a little less than two months younger than me. We spent much of our professional lives travelling along parallel tracks.

We really came to know one another after 9/11, when we were appointed to our first Head of Station jobs. Alex pipped me to the post to get Dubai. I got Kuala Lumpur as a consolation prize.

As it happened, both stations became important nodes in the effort to understand and dismantle the proliferation network established by A.Q. Khan. Working closely with CIA colleagues, Alex and I found ourselves cooperating on one of the most important intelligence operations of that era.

It was during that period that I came to appreciate the characteristics that would define him throughout his career.

Alex was intensely collaborative. He was competitive too, but his competitive instincts were directed entirely towards the mission and the adversary rather than towards colleagues. Underpinning that was a generosity of spirit and a quiet confidence that came from being entirely comfortable in his own skin.

That combination earned him enormous affection.

The wider public came to appreciate Alex through his media appearances after he left SIS. Those of us who had worked with him recognised immediately the qualities the wider public was now seeing: clarity of thought, economy of language and a gift for making complex issues intelligible without oversimplifying them. Few words were wasted. He also possessed a wonderfully dry sense of humour and a gift for the perfectly judged bon mot.

Yet beneath the outward affability was a private man. In many respects Alex was an introvert. His confidence came not from external validation but from self-knowledge. He did not need to dominate a room or win every argument. He knew how and when to delegate. The result was a calm authority that people trusted and wanted to follow.

Those qualities served him exceptionally well during one of the most consequential periods in the modern history of SIS.

As Chief, Alex oversaw a significant reorientation of SIS's counterterrorism effort to confront the rise of ISIS and the threat it posed to the United Kingdom and our allies. The challenge was made all the more acute by the appalling terrorist attacks suffered by the United Kingdom in 2017.

At the same time, he recognised earlier than many that the hostile-state threat had returned. Alongside CIA colleagues, he invested heavily in developing the capabilities of Ukrainian intelligence and security partners years before Russia's full-scale invasion brought the importance of that work into public view.

The attempted murder of Sergei and Yulia Skripal in Salisbury, and the death of Dawn Sturgess, presented another defining challenge. Alex led the intelligence response that helped drive the expulsion of hundreds of Russian intelligence officers operating under diplomatic cover across Europe and beyond, imposing a significant and lasting setback on Russian intelligence operations.

He also ensured that SIS's intelligence relationships with European partners emerged intact from Britain's decision to leave the European Union. At a time when political relationships were often under strain, intelligence cooperation remained strong.

The relationship with the United States occupied a special place in his thinking.

Alex believed deeply in the Anglo-American intelligence partnership and worked closely with John Brennan, Mike Pompeo and Gina Haspel during his tenure. Together with John, he instituted annual gatherings of the senior leadership teams of SIS and CIA, recognising that institutional trust is ultimately built through personal relationships.

He was, however, equally committed to ensuring that the relationship remained a genuine partnership. On the rare occasions when he sensed a tendency in Langley to regard SIS as a particularly capable vetted unit rather than as a strategic partner, he would gently but unmistakably correct the impression.

Alex also recognised earlier than many how profoundly technology would shape intelligence work. The computer science graduate from St Andrews was never far beneath the surface. He understood that operations officers needed to become digitally literate - not only to recognise threats to their operations but also to understand how technology could protect agents and enhance operational effectiveness.

His final major challenge as Chief was Covid. Intelligence services could not simply close their doors and work from home. Operations still had to be run, agents protected and intelligence delivered. The pandemic required a wholesale re-engineering of how SIS functioned while continuing to do its job. Alex led the Service through that period with clarity and compassion.

Looking back now, what I remember most are not the operations, the crises or the offices he held. I remember the humour, the kindness, the judgement and the friendship.

Alex made a profound contribution to SIS and to the country's security. But for those of us fortunate enough to know him personally, the loss feels rather simpler than that.

We have lost a friend.

Watch The Cipher Brief’s Interview with Sir Alex Younger explaining the urgency of the threats facing democracies today in the plain language described by Sir Richard Moore. We are sending our condolences to the Younger Family and to Alex’s broader IC family as well.

Can the Pentagon’s New Innovation System Deliver?

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

On January 12, 2026, Secretary Hegseth's office published a memo that ought to be hanging in every PEO's office: "No longer a loose federation. They are the Office of the Secretary of War's innovation operating system." The memo took six previously-warring fiefdoms, Defense Innovation Unit (DIU), Strategic Capabilities Office (SCO), Chief Digital and AI Office (CDAO), Defense Advanced Research Projects Agency (DARPA), Office of Strategic Capital (OSC), and the Test Resource Management Center (TRMC), and stacked them under a single DoW CTO. The DIU and SCO were redesignated Department Field Activities. Owen West, a Marine with two decades experience at Goldman Sachs and a former Assistant Secretary of Defense (ASD) for Special Operations, took over as Director of DIU. Cameron Stanley, former chief of Project Maven, is now head of the CDAO. The press wrote the whole thing up as a reorganization. Five months later, that read is the wrong one. This was an operating-system upgrade. An operating system that hasn't booted is just another memo. The urgent question now is which one we have, and Beijing, Riyadh, and Kyiv are not waiting around for the answer.

From Loose Federation to Operating System

For anyone who hasn't been tracking, the structural change is bigger than it looks. Six execution organizations now sit under one CTO, Emil Michael. The Defense Innovation Steering Group, the Defense Innovation Working Group, and the old CTO Council were dissolved and replaced by a single Action Group. Field Activity designation gives DIU and SCO faster contracting and personnel authorities than their predecessor organizational structures allowed.

This is the reform the Iron Triangle has been asking for. The old federation produced parallel pitches into competing fiefdoms. The same vendor would brief DIU on Monday, SCO on Wednesday, and CDAO on Friday, while the program offices that actually buy at scale received no shared signal back. DIU built a portfolio. SCO built a portfolio. CDAO built a portfolio. DARPA built a portfolio. Each was a victory lap for the individual office and a logistics burden for the warfighter, who eventually inherited four nearly-identical autonomy stacks that didn't talk to each other.

The Action Group is the first credible attempt at unified intake. It takes the political cost of saying no to a vendor, historically the binding constraint that kept the federation porous, and concentrates it in one place. The CTO can quickly route capabilities across all six execution organizations. Whether the building actually uses the routing layer is the open question.

Five Months In: What Booted, What Didn't

The good news first. Owen West was confirmed and is operationally active; his March 2 ceremony at Fort Benning was a signal that the Marine Corps and the special operations community have a seat at the head of the DIU table. Within weeks he told the building that he intends to narrow DIU's investment priorities, a signal investors should read carefully because it suggests fewer, deeper bets. Cameron Stanley has the CDAO chair and a mandate that includes AI compute on military installations, data-asset unlock across the department, and the GenAI.mil platform. These are accountable people running accountable shops, and they are issuing memos with their names on them.

The bad news. The OSC, the most consequential of the execution organizations for investors, has not released an FY26 investment strategy as of June 1. The FY26 NDAA appropriated $97.8 million for OSC's capital assistance pilot, enough to subsidize up to $4.4 billion in loans and guarantees, but the deployment cadence is opaque. The Action Group itself has not published outcomes against measurable targets. Six months from now, we should be able to count program offices that have routed capability needs through the Action Group, OSC term sheets executed, and CDAO-led integrations into contracts. Today, most of those dashboard lights are still amber.

The OSC Question

The OSC angle deserves its own section because it is the answer the May issue of this column was implicitly asking for. A Bridge Too Small argued that $49 billion in private capital cannot bridge a $1.5 trillion budget without serious structural reform. The OSC is one of the structural reforms; a loan-guarantee instrument designed to leverage private capital into national-security priorities at a multiple. The April FY27 budget request put $20 billion-plus on the table for the Strategic Capital loan program, up from under $1.5 billion in FY26. That is an order-of-magnitude scaling and a serious procurement-architecture commitment.

The proof that OSC can deliver already exists. Last year, OSC executed a $150 million loan to MP Materials for heavy rare-earth separation capacity at Mountain Pass, California. No venture fund underwrites that kind of paper. No SBIR ceiling reaches that kind of scale. The transaction does more for the neodymium and brushless-motor chokepoint I warned about in April than any number of Blue UAS compliance memos, and it is the kind of instrument the trifecta has been demanding.

What scales now matters. OSC has built out a Credit Program covering 31 Covered Technology Categories. Individual loans run from $10 million to $150 million. The total FY26 loan ceiling sits at $984 million. The FY27 request makes the program ten-times that. For procurement officers, OSC is the only DoW instrument that bridges directly to private debt. For investors, OSC's underwriting standards will eventually price the floor of the defense-tech market. For policy wonks, OSC is either the most important Treasury-style instrument the building has ever held, or it is a slide deck with appropriations attached. The next six months will decide which.

The View from Beijing, Riyadh, and Kyiv

The Innovation Operating System is not only a domestic procurement story. It is a foreign policy instrument, and the external clock is running faster than the internal one.

Beijing has spent the past eighteen months building its own version of an innovation operating system, optimized for export rather than for internal acquisition. The March 2026 deal between Aviation Industry Corporation of China and Saudi Arabia's General Authority for Military Industries set up local production of forty-eight Wing Loong-3 unmanned combat air vehicles per year in Jeddah, with a Riyadh acting as a logistics hub explicitly designed to serve other Gulf Cooperation Council (GCC) customers. The four-billion-dollar Pakistan-Libya JF-17 deal that closed in spring extends the same model further. China is exporting state-coordinated industrial capacity to allies that previously purchased primarily American. If the Action Group cannot route US capability into those markets at competitive speed, the substitution will continue, with maintenance contracts, training pipelines, and next-platform decisions following the initial procurement.

Riyadh is the harder case because it activated the Pakistan-Saudi mutual defense pact in May, generating combat-credible deployments inside ninety days of trigger: eight thousand troops, sixteen Chinese-built JF-17s, an HQ-9 air defense battery, and two squadrons of drones. Foreign Military Sales economics for US primes have assumed the Gulf as a baseline customer since the Carter administration. That baseline is moving. Investors holding GCC (Foreign Military Sales) FMS exposure should be repricing it. Procurement officers running F-15EX, MQ-9, and Patriot pipelines should be running the dependency map.

Kyiv has demonstrated the procurement-velocity standard the building is now implicitly trying to match. Ukrainian manufacturers produced roughly four million drones in 2025 and are targeting seven million in 2026, with the Brave1 marketplace routing capability needs from frontline units to certified manufacturers in days. The Innovation Operating System is, in part, an attempt to import the Brave1 effect inside an institution whose default cycle is the opposite of distributed and rapid. The Pentagon does not need to copy Brave1 exactly. It does need to demonstrate, by the end of the year, that the Action Group can produce a signal-and-response loop on a US scale. If it cannot, allies will keep studying Kyiv for the template and looking elsewhere for the systems.

Hegseth's memo bought the building time. Whether the building uses that time determines more than acquisition outcomes. It determines whether the next decade of alliance procurement runs through Washington or around it.

What the Trifecta Should Do Tomorrow

This is the reform that does not require an act of Congress, and the trifecta has more agency in it than the powerpoint slides suggest. Three concrete moves.

Procurement officers: stop pitching vendors against your individual program. Start pitching capability needs into the Action Group's intake so the CTO can route across DIU, SCO, CDAO, DARPA, and OSC. DIU's $99 million Obviant prototype award for an AI platform that consolidates DoW acquisition, contracting, and budgeting data is DIU paying for the data layer that the reorganization needs at the institutional layer. Use both.

There is a deeper move underneath the routing layer and the data layer, and it is an identity shift. The traditional procurement officer is rewarded for stovepipe wins: my program, on time, on budget. The new model rewards capability gaps closed across multiple execution organizations, with capability other PEOs can leverage. That is portfolio thinking, not program shepherding. The FY26 NDAA reform language and the Hegseth memos are pushing every PEO toward this shift. The ones who lean in will define the next decade of acquisition. The ones who don't will be measured against them.

Investors: treat OSC as a real instrument. Get on a call with DIU and CDAO. If you are holding portfolio companies with critical-technology exposure, OSC's loan guarantees are the leverage instrument you have been asking the federal government for since the SBIR program was conceived. Underwrite accordingly. MP Materials should not be a one-off. And read the FMS pipeline with foreign-policy realism: the Gulf customer base is being reshaped, and OSC's onshoring bets are partly a hedge against that erosion.

Policy wonks: push for OSC investment-strategy publication and Action Group outcome metrics. The reorganization either produces visible procurement velocity within six months or it does not. There is no middle ground, and there will be no excuse if Q4 2026 looks like Q4 2025. The foreign policy clock will not wait for FY28.

Conclusion: Boot or Be Dismissed

The Innovation Operating System will either reach sustained throughput by the end of 2026 or it will be unwound by the next administration. West and Stanley are accountable people running accountable shops. Emil Michael owns the CTO function and the political cover that comes with it. The trifecta has spent a decade complaining about a loose federation. The memo dissolved the federation. The question that should keep procurement officers up at night, that should be on every investor's diligence checklist, and that every policy wonk should be asking is the same: can a machine that has never run end-to-end deliver capability at the speed Beijing, Riyadh, and Kyiv are now setting? The Iron Triangle will be watching the dashboard for the next six months. So should you.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the U.S. Cannot Afford to Lose Intelligence Partners

THE BLUF: Working with partners is a key intelligence tool. While the US has one of the best if not the best intelligence organizations in the world, it still cannot collect and analyze all global trends. The US sets intelligence priorities based on threats against the nation and the American people. Trends and anomalies in areas that may not have a direct impact on the US are of a lesser priority. Other countries do the same. If we share our analysis and collection among allies and partners, we are able to retain our focus without missing trends that could end up as a major issue down the road. If we are not a stable and trustworthy partner, we will miss out on potentially important intelligence that could affect our nation.

The US intelligence community has worked hard to develop strong relationships with its allies and partners. For the last 10 years, the US has led intelligence in NATO as the Assistant Secretary General for Intelligence and Security. The Defense Intelligence Agency (DIA) has put in place a Deputy Director for the Commonwealth. Allies have offices in the Pentagon to be better able to share intelligence. Many of the Combatant Commands have partners and allies sitting in their intelligence units. Two successful examples of close intelligence sharing are:

·Operation Gallant Phoenix (OGP): an intelligence fusion center established in 2013 in Jordan. It is made up of over twenty countries with representatives from a variety of agencies, including law enforcement, military and civilian intelligence. OGP focuses on response to current, evolving and future violent extremist threats - regardless of threat ideology. Gallant Phoenix allows nations not only to share intelligence on the foreign fighter threat, but also to get that information back to their law enforcement and homeland security agencies.

BICES: Battlefield Information Collection & Exploitation Systems (BICES) links intelligence between a range of partner nations. The system originally centered on NATO, but today's version goes beyond that. It delivers technical capability to provide multinational intelligence and information-sharing capabilities.

The importance of these types of intelligence sharing constructs is seen in how intelligence sharing has saved lives. In 2025, intelligence sharing thwarted attacks against US allies.

·In July 2025, the CIA said that it helped Germany foil a Russian plot to assassinate the head of a German arms manufacturer that produced weapons for Ukraine.

·In August 2025, the CIA said it provided intelligence to Austrian authorities that allowed them to disrupt a plan, allegedly inspired by the Islamic State group.

Allies and partners, however, are raising concerns about sharing intelligence with the US. They have given a host of reasons for that concern that largely reflect unease about intelligence being leaked to adversaries, either unwittingly or for political reasons. Some partners have raised issues with how their intelligence is being used by the US. The Danish Defense Intelligence Service, one of Denmark’s key spy agencies, has described the U.S. as a potential security risk, saying in a 2025 report that the United States is increasingly prioritizing its own interests and “now using its economic and technological strength as a tool of power, also toward allies and partners.”

These concerns continue to grow with two staunch allies declaring that they are either completely halting or are curtailing intelligence sharing with the US:

·Colombia: Through the early 2000s Colombia became a close partner with the US in combatting drug cartels and left wing insurgent groups. The close intelligence relationship contributed to the operation to rescue US hostages in Colombia and the demise of the FARC narco-terrorist group. Under leftist Colombian President Gustavo Petro, the intelligence relationship faltered with Petro completely halting it as a result of the current US counter drug policy. We will see what a new Colombian President will decide vis a vis the US intelligence relationship.

·UK: The intelligence sharing relationship between the US and the UK is one of the strongest ones the US has. Because of UK concerns about the legality of US maritime strikes against alleged drug runners, the UK has announced last year that it would curtail its intelligence sharing with the US on cartel related issues.

This trend comes at a time when Europe is rethinking its future intelligence organization. The US’s influence on that organization could lessen if our long-time partners believe that they cannot count on us to keep their secrets, share our intelligence, and use their intelligence for legal purposes.

These recent events should raise larger strategic concerns as the US relooks the future of its intelligence community. With new technologies that help us collect and analyze open source data, sharing intelligence should be easier. If we start with open source and commercially available information that AI can curate, we are starting in a place that is unclassified and thus easily sharable. The ability to share and its importance married with using the latest technologies is why the US needs to build a new open source center that feeds into each of the intelligence community components. This center would have as part of its organization, partners and allies who would bring their open source information to the table—much like Operation Gallant Phoenix but with a global threat based problem set. This is where the US and the world would see the first trends of a new global pandemic, watch out for signs of instability in countries that normally are not first tier priorities for the US, and understand how climate change might be affecting global economies that could result in unrest or regime change.

This is not the time to go it alone in the intelligence community. In order to keep our nation safe in a cost effective way, we need to continue to work closely with partners and share intelligence and intelligence operations. We can only do this if our partners and allies see the US intelligence community as strong, effective, apolitical, and leading in sharing with its partners.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Radical Empathy: The Counterintuitive Skill That Made Me Better at Everything Else

There's a moment in every intelligence officer's career when they realize something uncomfortable: to be effective at their job, they must genuinely connect with people whose values, beliefs, or actions they might find repugnant. Not pretend to connect. Not manipulate. Actually connect.

This realization runs counter to everything we typically believe about empathy. We're taught that empathy flows naturally toward people we like, people who share our values, people who we think of as "good." But in the world of human intelligence, that comfortable version of empathy is nearly useless. What matters is something far more difficult, and far more powerful.

I call it radical empathy: the disciplined capacity to temporarily suspend moral judgment in order to genuinely understand another human being at their deepest level. Not to excuse them. Not to agree with them. But to see them with such clarity that you understand why their choices make perfect sense from inside their own experience.

This skill changed how I operate professionally. It changed how I lead. It changed my relationships. And I believe it's one of the most underdeveloped yet universally applicable capabilities in leadership, business, and life.

The Paradox at the Heart of Intelligence Work

Here's something most people don't understand about recruiting human sources: it's not about deception in the way movies portray it.

Yes, intelligence officers operate under cover. Yes, there are secrets and compartmented truths. But the actual relationship between a case officer and their asset? That has to be real. Authentic. Built on genuine understanding.

Why? Because you're asking someone to do something extraordinarily difficult and potentially dangerous. You're asking them to betray their country, their employer, their colleagues, perhaps even their family. You're asking them to live with secrets that could get them imprisoned or killed.

No one does that for someone they don't trust. Few people will take that risk for a relationship that feels transactional or manipulative (though there have been high-profile espionage cases where money was everything for the spy).

The intelligence officers who succeed at recruitment aren't the ones who are best at lying. They're the ones who are best at understanding. They develop an almost preternatural ability to see the world through another person's eyes, to discover what motivates them at the deepest level, and to position themselves as someone who genuinely meets that need.

This creates a paradox that took me years to fully appreciate: the profession that operates in shadows and secrets requires, at its core, one of the most authentic forms of human connection imaginable.

Finding Humanity in Uncomfortable Places

As a young officer, this was once put to the test when I was working against a major narcotics-trafficking rebel group and recruited one of its members as my source. We had precious little in common, a girl from Northern California and an armed fighter moving opium and heroin into the international market. But we found a way to connect. I learned about his own circumstances, the limited opportunities, the pressures of an armed militia that occupied his hometown, and his desire to do something more, better, with his life.

That experience taught me something I've remembered ever since: every human being, regardless of what they've done, has at least one redeeming quality. Some kernel of humanity that can serve as the foundation for genuine connection. A corrupt official might be a devoted father who would do anything for his children's future.

A disillusioned bureaucrat might be an idealist who once believed deeply in something and now feels betrayed by the system he serves. A person working for an adversarial government might hold private doubts about the direction her country is taking. The skill isn't in inventing these qualities. It's in uncovering them. They're always there. The question is whether you're willing to look past the surface, past your own judgments and assumptions, to discover them.

This is what I mean by radical empathy. It is neither soft nor naive. It’s not about investing my own emotional energy in another person at some supernatural level. It's a disciplined practice of psychological discovery that requires you to temporarily set aside your own moral framework in order to understand someone else's. The term radical empathy could just as well be radical understanding.

The Internal Work Most People Skip

Here's what makes radical empathy difficult: it requires confronting your own judgments, biases, and emotional reactions before you can genuinely see another person.

Most of us don't do this. We don't even realize we're not doing it.

We enter conversations with people already filtered through our assumptions about who they are, what they believe, and what they deserve. We listen for confirmation of what we already think. We interpret their words through our own frameworks. And we call this "understanding." It's not. It's projection dressed up as empathy.

True radical empathy requires a different thought process: First, acknowledge your judgments. Don't pretend you don't have them. If you're meeting with someone whose politics you find abhorrent, whose business practices you consider unethical, or whose personality rubs you the wrong way… acknowledge it. To yourself. Clearly. You can't set aside what you don't recognize. Second, summon genuine curiosity about their internal logic. This is the key move. Ask yourself: What would have to be true for this person's choices to make perfect sense? Not sense by your standards, sense by their standards, given their experiences, their information, their pressures, their fears, their aspirations. Dig deep to understand the other person’s “why” or sense of purpose. Everyone is the hero of their own story. Everyone's choices feel rational from inside their own experience. When you can't understand why someone does what they do, the limitation is usually in your own understanding, not in their rationality. Third, find the universal human element. Beneath the surface differences, what basic human needs are they trying to meet? Security? Recognition? Belonging? Purpose? These needs are universal even when the cultural context or strategies for meeting them diverge radically.

Finally, let genuine connection emerge. When you've done this work, something changes. The person in front of you stops being a caricature or a problem to be solved and becomes a full human being. Connection is truly possible, not because you've manipulated it, but because you've created the conditions for it. Your own curiosity and open mind promote trust, and trust is the foundation of real connection.

Why This Feels Uncomfortable

I've shared these ideas with others over the years, and occasionally encountered resistance. The concern usually sounds something like this: "If I empathize with someone whose behavior is harmful, aren't I excusing or enabling that behavior? Doesn't understanding become complicity?" This is an important question, and the answer is no, but only if you understand what radical empathy actually is. Radical empathy is not agreement. It's not approval. It's not moral relativism. And it’s not, again, pouring all of your own emotional energy into the other person.

It’s about understanding. You can fully understand why someone made a destructive choice and hold them accountable for it. You can genuinely empathize with the pressures that led someone to act unethically and still insist on consequences. You can see the humanity in someone and oppose everything they stand for. In fact, I'd argue that empathy strengthens your ability to respond effectively. When you truly understand someone's motivations, you're better positioned to influence them, negotiate with them, counter them, or help them adapt their behavior. You're operating with full information rather than fighting a caricature. The intelligence world taught me this viscerally. We weren't in the business of excusing bad actors. We were in the business of understanding them so well that we could anticipate their moves, identify their vulnerabilities, and, when possible, recruit them or change their behavior.

Understanding is not endorsement. It's power.

The Shift That Changes Everything

I remember another moment from late in my career when I sat across the dinner table from a former communist insurgent who had since risen to some prominence in his government. Decades earlier, we would have been committed adversaries. He still harbored deep animosity for the United States and, by extension, me as our government’s representative.

The conversation was tense and stilted at first, but shifted over time as we spoke about our families, our mutual desire for equality in our countries, our values of independence, self-reliance, and patriotism. He realized that I sought understanding, not judgment, and that changed everything. It ended up being one of the most fascinating dinner conversations I had enjoyed in years.

What I've learned is that radical empathy creates a particular kind of shift in how other people experience you. When someone feels genuinely seen, not judged or evaluated, not managed, but actually understood at some level, something in them opens. Defenses lower. Authentic communication becomes possible. Trust builds faster than it otherwise would. This isn't mystical. It's psychological. Humans are fundamentally wired to respond to being understood. We crave it. And we can tell the difference between someone who's performing and someone who actually gets us. Intelligence officers become skilled at creating this experience for others because recruitment depends on it. But the skill needs to be real to work. The curiosity must be sincere, and your humanity must be felt.

Beyond the Shadows: Where Radical Empathy Transforms Results

For years, I cultivated this capability in classified contexts, assuming it was specialized, something unique to the peculiar demands of intelligence work. Obviously, that’s not the case. Radical empathy is a master skill that amplifies effectiveness in virtually every domain that involves human beings.

Leadership and Management

The leaders I most respect share a common trait: they understand their people at depth, and they can set aside judgment as they seek to build that understanding. They can appreciate someone else’s skills and performance, but also their aspirations, pressures, and private struggles.

This understanding doesn't make them soft. It makes them effective. They can deliver hard feedback in ways that the other person can receive because they've earned trust through genuine connection. They can motivate individuals differently based on what actually drives each person. Radical empathy allows you to lead people as they actually are, not as you assume them to be.

The "Likeability" Trap Leaders Must Escape

Here's a leadership mistake I have seen repeatedly over my long career. Too many leaders fall into the trap of filtering their teams through the lens of personal likeability. They gravitate toward employees they find pleasant. They invest more energy in people who are affable, who share their communication style, who feel easy to deal with. And they unconsciously distance themselves from those they find difficult, abrasive, awkward, or simply different. This is a fundamental leadership failure, and radical empathy is the antidote.

Bottom line? You don't have to like everyone you lead. It’s not a friendship. It isn't a marriage. It's work. The question isn't whether someone's personality delights you; it's whether you can understand them well enough to connect, build trust, and lead effectively. Some of the most valuable people I've worked with were not people I would have chosen as friends. They were prickly, or intense, or operated on a wavelength different from mine. Early in my career, I might have kept them at arm's length, managing them transactionally rather than leading them fully. That would have been my loss, and the organization's loss. Because frankly, genius does not always come in convenient packages. Radical empathy strips away the likeability filter. It asks a different question: Can I understand this person deeply enough to lead them well? The answer is almost always yes, if you're willing to do the work.

This becomes especially critical when you're leading people from outside your own field of expertise. If you're a business leader managing engineers, or a military officer leading intelligence professionals, or an executive suddenly responsible for a function you've never worked in, you can't rely on shared professional language or common technical background to create connection. You have to build it another way.

That way is radical empathy. It begins with genuine curiosity and an open mind. It requires you to ask questions you don't know the answers to, to listen without feigning expertise you don't have, and to understand what drives people whose work you may never fully comprehend. When you do this, something interesting happens: people forgive your lack of specialized expertise in their field. They trust you anyway. Because what they really need from a leader isn't someone who understands their work better than they do. It's someone who understands them. Connection precedes credibility. And connection begins with empathy.

Negotiation and Conflict Resolution

Every negotiation book talks about "understanding the other side's interests." Radical empathy takes this further. It's not just understanding what they want, it's understanding why they want it, what fears drive their positions, what pressures they face, and what success looks like from inside their world.

When you achieve this level of understanding, creative solutions emerge. You see trades that weren't visible before. You can frame proposals in language that resonates with their values rather than yours. You can anticipate objections and address them before they surface.

I've watched negotiations transform when one party makes the effort to genuinely understand the other. The shift is palpable. Suddenly, the conversation moves from positional warfare to joint problem-solving.

Sales and Client Relationships

The best salespeople I know aren't persuaders in the traditional sense. They're understanders. They invest time in genuinely comprehending their client's world… the pressures they face, the internal politics they navigate, the fears that keep them up at night, the outcomes that would make them heroes within their own organization.

From this understanding, they don't have to "sell" in the pushy sense. They simply present solutions that genuinely fit. The client feels understood rather than manipulated, and trust builds accordingly.

This is exactly what intelligence officers do with potential sources. We seek to understand their world so thoroughly that when we finally present an opportunity, it feels like the natural answer to their problem, because often it is.

Cross-Cultural and International Contexts

Radical empathy becomes even more critical when operating across cultural boundaries. Different cultures have different frameworks for understanding the world. Very different assumptions about hierarchy, relationships, time, honor, and obligation.

Effective cross-cultural engagement requires the ability to temporarily adopt another cultural framework, to see the world as your counterpart sees it, and to communicate in ways that make sense within their context rather than your own.

This was the daily work for intelligence officers working abroad. But it's equally essential for global business leaders, international negotiators, diplomats, and anyone working across cultural lines in our increasingly connected world.

Healthcare, Counseling, and Helping Professions

Professionals who work with people in crisis (doctors, therapists, social workers, counselors) depend on the ability to understand without judgment. A physician who can truly understand a patient's fears and lifestyle constraints will be more effective at encouraging treatment compliance. A therapist who can enter a client's frame of reference can facilitate change that would otherwise be impossible.

The radical empathy developed in intelligence work is structurally identical to the "unconditional positive regard" that therapists cultivate. Both require the capacity to understand without judgment, to see the logic in choices that might otherwise seem irrational or self-destructive.

Politics, Policy, and Civic Life

In an era of intense polarization, radical empathy offers something our public discourse desperately needs: the ability to understand positions with which we disagree without portraying counterparts as caricatures.

This doesn't mean abandoning your principles or treating all positions as equally valid. It means understanding why people on the other side believe what they believe. What experiences, fears, and values drive their positions.

From this understanding, persuasion becomes possible. Common ground becomes visible. And even where agreement is impossible, respectful coexistence becomes more achievable.

The Practice: How to Develop Radical Empathy

Like any skill, radical empathy can be developed. Here's how I'd suggest approaching it: Start with low-stakes practice. Before attempting this with someone who triggers strong reactions, practice with neutral encounters. The barista who seems rude. The colleague whose communication style irritates you. The family member whose choices confuse you. Ask yourself: What would have to be true for their behavior to make perfect sense?

Notice your judgments without fighting them. You don't need to eliminate your moral reactions. You need to notice them clearly enough that they don't unconsciously drive your behavior. Judgment observed is judgment that can be temporarily set aside. Ask questions you don't think you need answered. The most powerful understanding often comes from exploring areas where you think you already know the answer. You probably don't. So, ask anyway. Listen for what's underneath the surface. When someone expresses a position, seek to understand what need it serves. When they describe a behavior, think about what fear or aspiration drives it. Keep digging beneath the presenting content.

Practice with people you disagree with. This is where the growth happens. Find opportunities to genuinely understand (not debate, not convince, just understand) people whose views differ from your own. This is uncomfortable and becoming increasingly rare in our polarized political climate. Do it anyway. Debrief yourself. After important conversations, reflect: Did I genuinely understand this person's perspective, or did I project my own assumptions? What did I miss? What would I do differently?

The Person You Become

Here's what I didn't expect when I began developing this capacity: it changed me.

Radical empathy doesn't just make you better at understanding others. It makes you more aware of your own biases, assumptions, and blind spots. It develops your intellectual humility and a kind of cognitive flexibility, or the ability to hold multiple perspectives simultaneously, to see situations from different angles, to resist the allure of your own certainty.

It also, somewhat paradoxically, makes you more secure in your own values. When you've genuinely understood perspectives different from your own and chosen to maintain your positions anyway, those positions are no longer defaults. They are consciously chosen. And that's a different kind of conviction.

This focus on empathy is something our country desperately needs more of today. It’s core to the work I conduct on Mind Sovereignty™, since the collapse of civic empathy is so closely tied to filter bubbles, algorithmic amplification, and the resulting affective polarization we see in society. But empathy can be rebuilt, and it starts at the individual level.

An Invitation

We live in a time when understanding across divides feels increasingly rare. Political polarization, social media echo chambers, and the pace of modern life all conspire against the slow, patient work of genuinely seeing another person.

And yet this capacity has never been more valuable. In leadership, in business, in diplomacy, in life… the ability to understand without judgment, to see without agreeing, to connect across differences, remains the master skill that amplifies all others.

I was fortunate to develop this capability in an unusual crucible. But the skill itself isn't classified tradecraft. It's available to anyone willing to do the internal work.

The question is whether we're willing to set aside our own sense of certainty (and often, moral superiority) long enough to actually see the person sitting across from us.

In my experience, what we find when we do so is almost always more interesting (and more human) than what we assumed.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

China’s Uneasy Partnerships With Russia and North Korea

China’s summit with Russia last month and the reported likely upcoming visit of President Xi Jinping to North Korea are tactical moves that ignore the historical tensions between China, Russia and North Korea.

That tension threatens a meaningful strategic partnership.

The meeting between Mr. Xi and Russian ruler Vladimir Putin, convened immediately after President Trump’s summit with Mr. Xi, resulted in a joint statement highlighting a strategic partnership between Russia and China. Meanwhile, it criticized the current “law of the jungle” — a not-so-subtle dig at the U.S.

The 1991 Treaty of Good Neighborliness and Friendly Cooperation between Russia and China was extended for another five years, memorializing the quasi-alliance between these two countries.

The summit’s message was clear: China and Russia will continue to strengthen their strategic partnership and pursue a multipolar world opposed to unilateralism. That is another not-so-subtle criticism of the U.S.

Despite Russia’s efforts, China did not agree to the Power of Siberia 2 pipeline, which would carry roughly 1.8 trillion cubic feet of Russian gas annually from western Siberia through Mongolia into China. This is an important project for Russia, owing to Europe’s sharply reduced purchases of Russian gas because of its invasion of Ukraine.

Given the loss of European revenue, Russia hoped to redirect gas eastward to China. China, however, has been cautious, not wanting to become overly dependent on Russia, while pressing for lower prices and more favorable financing terms.

Also of concern to Russia is China’s inroads into Siberia and Russia’s Far East. The country is concerned about Chinese nationals migrating to Siberia in search of economic opportunities.

There are powerful historical reasons why Beijing and Moscow will always be wary of each other. These include the 1969 border clashes on the Ussuri River and Russia’s threat during that decade to launch nuclear strikes against Chinese nuclear sites. They also point to deeper historical wounds, such as Russia’s 1860 seizure of Vladivostok from the Qing Dynasty under the Treaty of Peking — one of the “unequal treaties” imposed on China. Decades later, Beijing retaliated by providing military support to Afghan fighters resisting the 1979 Soviet invasion.

Pro-Kremlin Russia Today expert Alexey Martynov argued in a recent commentary piece that China can no longer treat Moscow as a junior partner. He wrote, “Beijing behaves as though it can preserve a carefully managed partnership in which China remains the senior partner while minimizing its own obligations.”

A no-limits strategic partnership between a revanchist Russian Federation — a pariah state because of its invasion of Ukraine — and a China determined to be a model world leader is a partnership that will not endure.

North Korea is China’s only ally. More than 90% of North Korea’s trade is with China, and more than 90% of North Korea’s crude oil imports come from China. China is North Korea’s economic lifeline.

Yet historical distrust of China is still deeply embedded in North Korean strategic thinking. Korea has a long history in the Chinese tributary system. For centuries, Korean dynasties operated within the Sinocentric regional order, with imperial China as the dominant power.

Many Korean nationalists viewed this as unequal and humiliating. Former North Korean leader Kim Il-sung balanced between Moscow and Beijing during the Cold War to avoid subordination to either, though North Korea depended on China economically.

North Korea will always be concerned about Chinese influence and its ability to pressure North Korea economically or support reforms like China’s. China is concerned with North Korean nuclear brinkmanship and potential refugee flows in the event of instability in North Korea.

Most important, if there is instability or war on the Korean Peninsula, China would be concerned that the U.S. would be there for its ally, South Korea.

After North Korean leader Kim Jong-un took power in 2011, he kept his distance from China and did not show the respect China expected. In September 2025, however, Mr. Xi invited Mr. Kim to Beijing to stand with Messrs. Xi and Putin at Beijing’s Victory Day parade, commemorating the end of World War II.

If Mr. Xi visits Pyongyang in the next few weeks, it will be obvious that China is working hard to improve relations with North Korea.

North Korea’s new allied relationship and mutual defense treaty with Russia and its military aid to Russia for the war with Ukraine have no doubt motivated China to be more energetic in bringing North Korea back into the fold.

Despite visits and joint statements, China’s relations with Russia and North Korea remain fragile. A strategic partnership will not endure.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

This story appeared in The Washington Times and is republished here with permission.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

From Terror Networks to Hybrid Threats: A Partner Approach to a Growing Threat

The hybrid threat challenge facing Europe today is reminiscent of the terrorist threat challenge of the post-9/11 Global War on Terrorism (GWOT) era. Because of that similarity, the alliance should adapt the counterterrorism cooperation model developed over the last twenty years.

As European security partners grapple with Russia’s gray-zone activities—operations conducted below the threshold of war to create confusion and hesitation—the recently released U.S. counterterrorism strategy makes a notable acknowledgment. In the final sentence of its subsection on Europe, the strategy commits to working with European partners to counter covert state actions, including sabotage and assassination plots, categorized as “hybrid threats.” The inclusion of the term is both appropriate and significant because Russian intelligence services have demonstrated how state power can be projected through irregular means.

After all, even a cursory glance at some of the activities being perpetrated by Russian and Iranian proxies throughout Europe demonstrates that what we are actually talking about looks a lot like the FBI’s definition of international terrorism— “Violent, criminal acts committed by individuals and/or groups who are inspired by, or associated with, designated foreign terrorist organizations or nations (state-sponsored).”

Since the Russian invasion of Ukraine, Western intelligence services have been tracking a troubling evolution in Russian tradecraft: the emergence of proxy recruitment at scale, enabled by digital platforms and designed to blur the lines between espionage, sabotage campaigns, and terrorism.

Through the use of so-called “disposable agents,” both Moscow and Tehran have convinced individuals living in the West to commit violent, criminal acts, sometimes for small sums of money, other times encouraging attackers with ideological inspiration. If these were Sunni jihadists linked to al-Qaeda or the Islamic State, the incidents would be labeled as terrorist attacks, and those responsible would be called homegrown violent extremists who were radicalized and recruited online. Russia has worked through its intelligence services, while also cultivating a network of willing recruits throughout Europe.

Recent investigations reveal the scale and intentionality behind this approach. A 2025 exposé uncovered a Russian military intelligence (GRU)-linked recruitment campaign using Telegram bots and viral propaganda videos to solicit volunteers abroad. The messaging was deliberately broad—appealing to nationalism, grievance, or simple curiosity—and funneled interested individuals into automated recruitment pipelines. These systems lowered the barrier to entry: a single click, message, or expression of interest could place a user into a pipeline for tasking.

Iran has followed suit, relying on one of its many proxy groups—Kataib Hezbollah, an Iraqi Shia militia—to orchestrate a shadowy hybrid campaign under the banner of Harakat Ashab al-Yamin al-Islamia (HAYI). HAYI has already claimed responsibility for a series of attacks across Europe, spanning the United Kingdom, the Netherlands, Belgium, and France. Similarly, Russian hybrid attacks in Europe know no borders and have occurred in the UK, France, Germany, Estonia, Georgia, Moldova, and elsewhere. Just last week, Russian drones crashed through an apartment block in Romania, a NATO member.

The key to successfully countering hybrid threats is working by, with, and through allies to leverage each other's strengths in a shared effort to identify threat networks, map their structures, penetrate their operations, and dismantle them. This requires not just unity of effort within countries, but a coordinated approach across law enforcement, intelligence agencies, security services, and special operations forces.

In some ways, perhaps, the U.S. and its allies are a victim of their own success. The Global War on Terrorism—while not without its faults—was successful in combating al-Qaeda and the Islamic State, decapitating their leadership and driving them from safe havens in the Levant and Pakistan's tribal areas. Of course, the terrorist threat has not vanished, though it has morphed into a more decentralized network of regional affiliates and franchise groups that still wreak havoc from the Sahel to Central Asia.

For more than two decades after 9/11, the United States and our European allies were bound together by a clear and urgent mission: to disrupt terrorist networks, prevent attacks, and dismantle organizations such as al-Qaeda and ISIS. That shared mission forced us to innovate. It drove unprecedented cooperation across intelligence services, law enforcement, counterintelligence and with special operations forces. Barriers – silos – that once slowed us were broken down, and in doing so, countless lives were saved.

But the strategic environment has dramatically changed.

Compared to the two decades that followed the al-Qaeda attacks of September 11, 2001, terrorism has become a back-burner issue, relegated to a focus on great power competition, which manifests in the shadows through hybrid threats. And while there has been a NATO strategy to counter hybrid threats since 2015 (and it has also developed a Center of Excellence to analyze the issue), the discussion is typically less coalition and mission-focused than counterterrorism operations were, say, during the peak of the Islamic State's caliphate and amidst the mass movement of foreign fighters between Western countries and the Middle East.

One of the issues is that, as a concept, hybrid threats—while not a new term—suffer from definitional ambiguity and are not widely agreed upon in the lexicon. The term itself is used interchangeably with 'gray zone warfare' and is at times mistaken for or confused with asymmetric warfare, political warfare, irregular warfare, and/or unconventional warfare.

Still, the 2026 strategy does characterize certain states as behaving like terrorist enablers—or as part of the terrorist threat environment—when they sponsor, support, equip, or facilitate terrorist organizations, rather than treating terrorism solely as a non-state actor phenomenon. While not explicitly calling out Russia, that framing is useful and is a departure point for a more aggressive Western strategy for countering this phenomenon.

Terminology and labeling aside, what is clear is that sabotage, cyber operations, and the use of disposable agents by Russia, Iran, and other Western adversaries are wreaking havoc and destabilizing society in many countries. And because state actors are involved, there is an additional element they alone can bring—scale. This means using professional intelligence services, financial resources, sophisticated cyber capabilities, diplomatic cover, and complex logistical support in transportation, communications, and other crucial areas.

As such, the only way that states can hope to be successful in countering hybrid threats is by massing their own state-based capabilities and cooperating through pooled resources and intelligence sharing.

Another idea gaining traction in the event of escalation in Europe, is resurrecting Cold War–era like-stay-behind structures for government continuity: a legally grounded resistance architecture that’s in place—distributed, resilient, and capable of sustaining state continuity from the first moment of disruption. It is almost shocking to process the idea that hybrid threats from Russia are causing some NATO countries to institutionalize “total defense” models designed to absorb shock and sustain governance under pressure. But the threat landscape demands such contingencies.

In this new threat paradigm, resilience and resolve—not caution—is the center of gravity.

Only a more aggressive stance in pushing back against those actors deploying hybrid capabilities can be effective. One thing is for certain: a tepid, half-hearted response—or worse, no response—will only continue to embolden Moscow, Tehran, and Beijing. Hybrid threats, by their very nature, pose a cross-border challenge. The shots may be called in the Kremlin, but the operations take place in London, and may involve intermediaries scattered across the globe, providing various forms of active and passive support to the perpetrators of the attack.

To blunt these offensives requires integrating and partner-sharing of world-class intelligence – like the way Western intelligence services dealt with jihadi threats - and an unprecedented willingness to elevate aggressive offensive counterintelligence to a strategic capability among partners nations.

Countering hybrid warfare requires far deeper intelligence integration among allies. Intelligence sharing can no longer remain confined to elite classified exchanges between a handful of services. Governments must create real-time intelligence fusion across cyber defense agencies, financial regulators, military commands, law enforcement, border security organizations, and private-sector infrastructure operators. This is particularly urgent because critical infrastructure is now the frontline of modern conflict.

If the Western nations remain integrated, vigilant, and forward-leaning, they will not simply compete in this space—they will shape it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Put the Next Generation to Work: Digital Transformation Has Only Just Begun

Put the Next Generation to Work: Digital Transformation Has Only Just Begun

We are witnessing a historic bottleneck in the technology sector. According to recent data, unemployment among new computer science graduates has climbed to 6.1%. While many point to AI as the singular cause of this displacement, the reality is more nuanced: the industry has stopped hiring "apprentices" because it has temporarily lost sight of the value of human-led systems integration.

We are currently operating under a dangerous fallacy: that because AI can generate code and simulate reasoning, the "entry-level" phase of a technology career is no longer necessary.

This is wrong. Digital transformation has only just begun.

The "Stagnant Workflow" Crisis

If you look past the high-tech bubble, the American economy is still defined by millions of archaic, bureaucratic, and manual workflows. These are the processes—in supply chains, logistics, municipal services, and industrial infrastructure—that were never digitally transformed because they were too complex or too niche to justify traditional, high-cost software engineering.

We have spent decades ignoring this "long-tail" of technical debt. Now, we finally possess the intelligence to solve it. But instead of mobilizing our newest engineers to tackle these systems, we are benching them. We are letting an entire generation of talent go to waste while our infrastructure continues to operate on decades-old, manual processes.

The Trap of the Probabilistic Agent

There is a temptation today to simply hand these workflows over to probabilistic, agentic AI. It is an enticing shortcut: the agent "learns" the process, makes decisions, and clears the backlog.

But this is only a temporary fix.

Probabilistic agents are useful for discovery, classification, and reasoning through ambiguity, but they are not a replacement for high-integrity automation. They are "black boxes" of probability. For mission-critical workflows, we cannot afford to gamble on a result that changes with every iteration.

The ultimate goal is not "agentic" automation—it is deterministic automation.

The most effective systems are those where AI acts as the architect, helping our engineers map and generate the robust, deterministic code that replaces the manual friction. We need our next generation to use AI to build systems that are predictable, auditable, and repeatable. We must move beyond the "agent in the loop" and toward the "code-governed system"—where AI generates the logic, but humans define the constraints, ensuring the system functions with the precision of a clock.

The New Digital Transformers

The role of the "entry-level" hire is not dead—it has been promoted. We no longer need junior developers to write boilerplate code; we need Digital Transformers who understand this distinction.

These are the systems thinkers who will:

Audit the Bureaucracy: These engineers must be capable of navigating the non-automatic, messy reality of our nation’s businesses. They will act as "process anthropologists," going into legacy environments to document the hidden bottlenecks that current automated tools cannot see. By doing so, they provide the necessary data and context that are essential for any meaningful digital intervention.

Orchestrate the AI: Instead of merely using AI to generate snippets, these transformers will use frontier models to synthesize complex processes and then codify those processes into deterministic, high-reliability systems. This requires a shift from prompt-based experimentation to a rigorous engineering mindset where the AI is treated as a component in a larger, stable architecture. They will build the "connective tissue" between legacy databases and modern AI-driven decision engines, ensuring the output is not just plausible, but structurally sound.

Bridge the Domain Gap: Learning the nuance of a business's operations is a feat that AI cannot accomplish without human context. These graduates will be tasked with understanding the "why" behind the workflows—the regulatory constraints, the unique company culture, and the operational trade-offs—that an LLM will never inherently know. This domain literacy ensures that the technology we deploy is not just efficient, but actually improves the business's core performance.

It’s Time to Hire

This is a direct call to the leaders of our frontier AI companies and major industrial enterprises.

You have the capital and the mandate to lead. If you are building the future of intelligence, you have a responsibility to underwrite the deployment of this generation. Stop treating entry-level talent as a cost center to be minimized. Start treating them as your Technical Debt Task Force.

Provide the Infrastructure: Underwrite the compute and the platforms they need to work. This investment should be viewed as a "Research and Development" tax on innovation, where the return on investment is a more resilient and modern industrial base. By providing these credits, frontier AI companies create a massive, decentralized lab for testing their models on real-world, high-stakes industrial friction.
Open the Sandboxes: Give them access to the legacy "impossible" problems that no one else has had the time to fix. These are the workflows that currently exist outside of the "high-margin" software bubble, serving as the perfect, low-risk, high-reward testing ground for junior architects. Solving these neglected problems provides an immediate, measurable boost to operational efficiency while shielding the company's core products from experimental risks.
Deploy the Talent: Shift the focus from automating away the junior role to deploying that role to modernize our country’s industrial foundation. By placing these graduates into cross-functional teams, you create a new management paradigm that prioritizes "orchestration" over "maintenance." This transition creates a clear path to leadership for the new hire while ensuring that the organization is actively clearing its backlog of technical debt every single quarter.

A Mission for the Next Generation

When a young graduate uses AI to re-engineer a failing production line or automate the synthesis of experimental data, they aren't just completing a task—they are building the digital architecture of the next fifty years. They are learning systems design, stakeholder management, and domain expertise in the most intensive way possible: by building, testing, and iterating in the real world.

We have the human capital. We have the technology. We have an economy that is crying out for modernization.

The era of digital transformation didn't end with the launch of the latest large language model; it is only now reaching the point where we can finally apply it to the hard, unglamorous problems of our physical and industrial world.

The work is ready. The team is waiting. It is time to hire.

Follow Mark Munsell on LinkedInThe Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Invisible Conflict: Defending Against Hybrid Non-Kinetic Warfare

War doesn’t always look like war anymore. Hybrid non-kinetic warfare is an increasingly popular means for threat actors to orchestrate prolonged campaigns aimed at achieving political and security objectives by destabilizing the adversary, eroding its strength and social cohesion, while avoiding the creation of a pretext for military retaliation. The goal is to wreak chaos with invisible hands from an anonymous cloak, absent a military, uniforms or declaration of war.

The Iranian conflict is a real-time case study in how warfare is being reshaped. In recent weeks, Iran-linked hackers have targeted critical infrastructure in the US, disrupting multiple oil, gas and water facilities. Tehran-linked hackers likewise disrupted operations at a major US medical device maker – among other things, they hacked into an emergency system that first responders use to communicate patient data to hospitals. A high-ranking US security official saw his personal email hacked and exposed by Iranian affiliates. Iranian hacktivists celebrated efforts like this with – of all things – Lego propaganda.

Hybrid non-kinetic warfare is not confined to the physical battlefield and has no regard for borders. Hybrid tactics are low-cost, low-risk and hard to trace. These tactics are effective where traditional firepower isn’t, and they’re quietly reshaping the future of conflict.

They’re also exposing how unprepared many governments remain for threats that don’t arrive with missiles or tanks. Modern warfare and defense preparedness hinges on our ability to adapt to the new realities of hybrid non-kinetic warfare. The technologies used to combat these threats must likewise adapt.

AN AMORPHOUS ARSENAL

The tools of hybrid non-kinetic warfare are varied and very dangerous in and of themselves – especially so when applied in concert.

High-impact sabotage operations are a frequent, favored tactic. Russia, for example, is known to target civilian infrastructure via hybrid pressure campaigns intended to influence Ukraine war outcomes. In Poland, these attacks include an arson attack on a massive shopping center that gutted 1,400 shops, and more recently, an orchestrated railway explosion. Dozens of these vandalism, arson and sabotage attacks have been mounted and documented since the February 2022 Russian invasion into Ukraine.

Disinformation and propaganda are likewise commonly employed. We see this in coordinated campaigns – online and offline – to spread false narratives, divide societies and support politicians who align with the attackers’ goals. Sounding the alarm, Italy’s Defense Minister has urged the European community to protect itself from Russian disinformation tactics seen recently in Italy.

“We are under attack, and the hybrid bombs keep falling,” he said.

Cyberattacks play a role too. These can target critical infrastructure – power grids, hospitals, transportation systems, government websites – and they’re often timed to sow confusion or weaken public trust.

In a recent twist, cyberattacks have been blended with traditional warfare – investigations have uncovered Iran’s use of "cyber-enabled kinetic targeting" before and after real-world missile attacks against ships and land infrastructure. By hacking into CCTV cameras, among other methods, Iranian advanced persistent threat (APT) groups have successfully gathered intelligence on real-world targets.

Irregular or engineered migration is increasingly employed in hybrid non-kinetic campaigns. In some cases, governments deliberately funnel large numbers of migrants toward their adversary’s borders – not to help the migrants, but to overwhelm border systems and create political tension. We’ve seen this tactic used at the Belarus-Poland border, and between Russia and Finland, and it works because it creates pressure from every direction – on border patrols, on social services, on local communities and governments and beyond.

Political interference is another established tactic that’s gained new relevance in contemporary hybrid non-kinetic warfare. Russia’s known interference in the states of Ukraine, Georgia and Moldova is aimed at preventing them from shifting allegiances toward the West. This interference often peaks during election seasons.

These tactics on their own are often regarded as isolated threats. In combination, they comprise a potent, long-term war campaign – a strategy to reshape a community or region without ever sending in troops.

THE ART OF HYBRID WAR

Hybrid non-kinetic warfare looks disorganized on its surface, but there’s a logic behind it – a playbook. In plain terms, these are the core principles.

Be flexible and move fast. These operations are constantly evolving. If threat actors see an opportunity – like a protest, an election, a scandal – they join the fray and make it worse. The goal is to stir the pot, to cause unrest.

Destabilize from within. These attackers seek to weaken the glue that holds communities and countries together – trust, unity, stability. They want people to feel divided, unsafe and unsupported.

Use every tool available – military and civilian. Physical sabotage, cyberattacks, media campaigns, migrant flows and financial pressures are all part of the hybrid non-kinetic playbook. Shadowy attacks spur dark rumors that metastasize into fear. Anything that causes confusion or disruption is fair game.

Think long-term. These aren’t one-off attacks. They’re slow, strategic campaigns – sometimes unfolding over months or years. They’re designed to wear a country down, applying constant stress.

Make it hard to know what’s really happening. There are no uniforms, no flags, no announcements to make sense of – just a series of “incidents” that seem disconnected – until you step back and connect the dots.

HOW TO CONNECT THE DOTS

Combatting hybrid non-kinetic warfare requires closer security and intelligence collaboration, and a coordinated, systematic, multi-agency response that extends across borders. It requires a fresh approach to defense spending that prioritizes continuous intelligence monitoring and analysis in parallel with conventional battlefield weaponry.

Resilience doesn’t just come from defense. It comes from understanding, and this clarity can only be achieved with a holistic view of the threat landscape and the ability to surface patterns from the chaos.

At the technology layer, homeland security and intelligence organizations will benefit from a centralized architecture that unites border protection, financial investigations, tactical operations and cyber intelligence in a single cohesive view. The advent of data fusion technology, AI investigative analytics and decision intelligence automation makes it possible to sift mountains of disparate data streams to gain immediate, actionable insights.

Warfare is no longer measured in terms of physical destruction and territorial command because the boundaries of warfare are blurring. Acts of hybrid non-kinetic warfare may look like random crimes and provocations to the untrained eye – their amorphous nature is what makes them so insidious and effective.

To help investigators understand how and why these seemingly random acts intersect and identify the proxy groups responsible, it’s essential to employ an early warning system that invites and unites intelligence from diverse disciplines and geographies. In this way, we can equip intelligence agencies to recognize acts of hybrid non-kinetic warfare in real-time and anticipate them before they happen again.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Deterrence Is Not Enough in the Age of Synthetic Asymmetry

Events have moved faster than doctrine. Part 1 of this series diagnosed the rise of synthetic asymmetry, an era where technological convergence allows small actors to impose disproportionate costs on states and institutions. Unlike the guerrillas of the past, today's asymmetric threats are engineered by design. This essay asks the harder question: How should democracies respond to a threat that is diffuse, deniable, and constantly mutating?

The Failure of Traditional Deterrence

The foundational flaw in applying Cold War security strategies to synthetic asymmetry is the breakdown of attribution and retaliation. Deterrence requires a clear threat of punishment against a visible state actor. Synthetic attackers thrive in gray zones: non-state groups, state proxies, or anonymous cyber operators whose acts are plausibly deniable, and whose tools can blur or obscure attribution by design.

When ransomware shuts down a critical pipeline, the target state faces a genuine conundrum. Is this an act of war demanding a kinetic response? Or a crime demanding law enforcement? That ambiguity makes the nuclear-era playbook obsolete. The attacker's goal is often strategic paralysis: erode trust, impose economic costs far exceeding the effort required to launch the operation.

The costs of these attacks, typically low-cost, remote, and cross-border, are negligible compared to the billions required for a proportional kinetic response. Traditional punitive deterrence buckles under that math.

The answer is to supplement deterrence with a doctrine of synthetic resilience: the capacity of democratic societies to absorb, adapt to, and recover from engineered multi-domain disruption before it produces strategic paralysis or loss of legitimacy. A powerful kinetic threat must remain, but democracies must also assume they will be attacked across multiple domains simultaneously. Survival depends on absorbing disruption, adapting rapidly, and ensuring the continuity of core societal functions and political legitimacy.

What the intervening period has clarified is that this assumption is no longer theoretical. Advanced AI and synthetic media are turning this from a theoretical concern into a systemic global risk (the World Economic Forum and allied intelligence communities have reached this conclusion independently) with opportunistic actors exploiting psychological profiling and emotional triggers to manipulate public perception at scale. The threat environment Part 1 described has accelerated.

The predictable objection is that synthetic resilience sounds resource-intensive and risks replicating the bureaucratic complexity it claims to replace. The cost-of-failure data argues otherwise. The 2021 Colonial Pipeline attack cost the company $4.4 million in ransom, but the downstream economic disruption across the eastern United States ran into the billions. The 2024 CrowdStrike outage, which involved no adversary at all, produced an estimated $10 billion in global losses from a single software update. The NotPetya campaign of 2017 caused over $10 billion in damage across multiple sectors and countries from a single piece of malware. Against those losses, resilience is not a fiscal luxury. It is actuarially rational. The question is never whether democracies can afford to build it. It is whether they can afford not to.

Principles of a New Doctrine

A coherent strategy cannot be built on isolated, domain-specific efforts. It must rest on three integrated principles, Alignment, Adaptation, and Agility, woven into national security planning, budgetary decisions, and interagency cooperation.

1. Alignment over Silos

Defense planners have historically treated cyber, space, and economic security as separate verticals, managed by different agencies with distinct budgets and legal authorities. Adversaries operate horizontally, leveraging convergence to create effects greater than the sum of their parts. A modern influence campaign is simultaneously a cyber attack (to steal data), a financial operation (to fund bot networks via crypto), and a kinetic risk (to incite real-world violence), often without a shot fired.

Nations must respond in kind. That means permanent interagency teams pulling together financial regulators, public health officials, and economic ministers alongside military and national security planners, trained together on synthetic asymmetry scenarios that force convergence. It also means a national risk framework that maps cascading dependencies: how a cyber attack on a single grain futures exchange could trigger a financial crisis, which enables a cognitive influence campaign built on food scarcity fears. The unit of analysis must shift from individual assets to systemic functions.

Recent events illustrate why. Rapid, uncoordinated changes to critical IT infrastructure, where operational decisions bypass standard security review, create systemic confusion between authorized and unauthorized system changes. When the mechanisms for coordination and attribution are themselves disrupted, adversaries inherit a structural advantage at no cost. This is a doctrinal vulnerability, not just an operational one.

2. Adaptation over Retaliation

The priority must shift from punishment to continuity. Against a deniable actor, resilience ensures the adversary gains nothing even if an attack succeeds (the same logic by which the internet routes around failures regardless of cause).

This requires reallocating resources toward the "invisible victory" of hardened defense over the more politically visible power projection of offense. The practical mechanism is hardening-in-depth: mandatory standards for redundancy, self-healing networks, and decentralized systems across the grid, finance, and logistics. Resilience cannot stop at government networks. It must be built into the economy itself, with strategic national reserves of critical goods and supply chains diversified enough that no single political event can halt production of essential materials.

The lesson is direct. When critical cybersecurity functions, including incident reporting oversight, real-time vulnerability monitoring, and analytical data systems, are degraded during periods of institutional restructuring, recovery timelines run into adversary windows. Denying adversaries strategic impact requires institutional capacity to be intact when the attack arrives.

3. Agility over Bureaucracy

Threats emerge at machine speed, powered by generative and agentic AI and automated reconnaissance. Acquisition cycles and regulatory processes measured in years are becoming strategically untenable.

The solution is defense architecture built around interchangeable, open-source, and rapidly updateable components. The Modular Open Systems Approach offers a workable template: technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, can compress the path from lab to deployment substantially.

The goal is simple: evolve as fast as the threat. That requires institutional depth to sustain capabilities across political transitions. Agility without continuity is a vulnerability, not a strategy.

Putting the Doctrine to Work

The three-principle framework only has force if it connects to concrete action. What follows is not a comprehensive policy platform. It is an illustration of how Alignment, Adaptation, and Agility translate into operational commitments across the domains where synthetic asymmetry is already active.

Alignment: Interagency Teams, Systemic Risk Mapping, Private-Sector Crisis Agreements

Alignment means building the interagency connective tissue that adversaries already assume democracies lack. Every national security council should maintain a standing synthetic-asymmetry cell with authority to convene defense, finance, health, energy, intelligence, and private-sector infrastructure leaders before a crisis begins. A national risk framework that maps cascading dependencies, such as how a cyber attack on a grain futures exchange could enable a food-scarcity influence campaign, shifts the unit of analysis from individual assets to systemic functions.

The private sector belongs inside this framework, not adjacent to it. Corporations are no longer adjacent to national security conflict, they are participants in it, operating on infrastructure adversaries deliberately target. Legally robust agreements with critical technology and infrastructure providers, covering roles, responsibilities, and pre-agreed crisis protocols, are the mechanism. These agreements must be written to survive leadership transitions. Tax benefits and procurement preference tied to resilience standards convert security from a state-imposed cost into a financially rational business position.

Adaptation: Infrastructure Redundancy, Cognitive Inoculation, Public Health Surge Capacity

Adaptation means building systems that deny adversaries strategic effect even when attacks succeed. For physical infrastructure, that requires legally mandated geographical diversity, making single-point failure structurally impossible, and jointly funded international rapid-response capacity targeting repair times measured in days, not weeks. On space systems, rapid reconstitution matters more than norms compliance: pre-negotiated commercial surge contracts for replacement satellite launches, hardened ground stations continuously monitored for intrusion. A jammed satellite is a setback. A seized ground station is a disaster.

In the cognitive domain, adaptation means inoculation before manipulation takes hold, not crisis management after. Sweden’s model is the operational benchmark: psychological defense embedded within total defense doctrine, with a dedicated national agency running continuous environmental monitoring. Several NATO allies are already looking closely at this model. Digital provenance, verifiable watermarks and metadata on all AI-generated or heavily altered content, must become a global standard. Without it, citizens and news organizations cannot reliably distinguish reality from synthetic manipulation. An allied intelligence-sharing entity focused exclusively on influence operations would allow attribution data on foreign manipulation tactics to move across borders before the manipulation has time to work.

Public health resilience belongs in this category too. The democratization of tools like CRISPR means engineered pathogen capability is no longer exclusive to state WMD programs. Permanently maintained, distributed vaccine manufacturing facilities and stockpiles of broad-spectrum antivirals represent the same logic as military pre-positioning: make the local response fast enough that the epidemic phase never gains traction. International agreements must move beyond bans toward regulating access, with mandatory safeguards on DNA synthesis services and flagging of suspicious orders, before the capability is in widespread use.

Agility: Modular Systems, Regulatory Sandboxes, Commercial Surge Capacity

Agility means closing the gap between threat speed and response speed. Defense architecture built around interchangeable, open-source, rapidly updateable components, along the lines of the Modular Open Systems Approach, enables technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, compress the path from lab to deployment. The financial domain requires the same logic: cooperative regulatory frameworks for crypto and DeFi across allied jurisdictions create a unified digital perimeter that forces transparency on illicit cross-border flows, closing the sanctions-evasion channel that currently funds a significant share of adversary low-cost operations.

Democracies hold one structural advantage that agility can amplify but authoritarians cannot replicate: decentralized command cultures that empower local actors to respond faster than centralized systems allow. The spontaneous, bottom-up innovation visible in Ukraine’s use of commercial technology is the template, capability flowing upward from the edge, not downward from the center. Alliances provide redundancy and burden-sharing no single state can match. A vulnerability in one ally’s financial system can be compensated by the strength of another. Allied nations that have invested in psychological defense, infrastructure redundancy, and cross-border intelligence sharing are likely better positioned today. That gap is widening. Maintaining trust and legitimacy under attack is the ultimate measure of democratic power. A democracy that comes through a crisis with its institutions functional and trusted has, in the most consequential sense, won.

The Path Forward

Synthetic asymmetry is not a temporary challenge. The period since this series began has confirmed that it is already shaping outcomes.

The choice before democracies has sharpened. The question is no longer simply whether they will update Cold War playbooks. It is whether they will recognize that the preconditions for synthetic resilience, including institutional depth, continuity of expertise, and coordinated capability, are themselves potential targets and must be treated as strategic assets accordingly.

Resilience infrastructure is not self-sustaining. It must be actively maintained, resourced, and insulated from the same political volatility it is designed to help societies weather. When incident reporting mechanisms, real-time vulnerability monitoring, and the talent pipelines that sustain them are degraded for any reason, the recovery timeline runs into adversary windows. The "invisible victory" of hardened defense becomes invisible in a different and more dangerous sense: it disappears precisely when it is most needed.

Synthetic resilience cannot be built after the disruption arrives. It must exist before.

Governments that adapt now will be better positioned to survive and to operate from strength. Those that inadvertently erode the institutional foundations of resilience while pursuing other priorities risk watching synthetic asymmetry become not just an adversary's tool but a permanent feature of global order.

Nuclear weapons reshaped the strategic logic of the 20th century. Synthetic asymmetry may do the same for the 21st. The choice is clear: write the doctrine of synthetic resilience, resource it, protect it, or be overtaken by disruption engineered to exploit the void.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How America’s Adversaries Compete Across Peace and War

Author’s Note: This article does not introduce “Endless Warfare” as another term in an already crowded national security lexicon. It examines an increasingly visible pattern in which U.S. adversaries pursue persistent strategic advantage both below and above the threshold of open conflict. The aim is not to argue terminology, but to clarify the character of the competition we are already in.

This article is also not about “endless wars” as a critique of U.S. interventions over the past two decades; that debate belongs elsewhere. Here, “Endless Warfare” describes how our adversaries wage continuous, long-term competition and conflict against the United States across peace and war.

Endless Warfare – Part I

How Gray-Zone Tactics, Cognitive Warfare, and Asymmetric Strategies Are Reshaping Global Conflict

On 28 February, the United States and Israel began a campaign against Iran. The strikes were precise, lethal, and decisive from a conventional standpoint. Despite these destructive attacks and Iran’s significantly weakened military capabilities, it did not surrender or collapse; Iran is fighting a different war.

Iran’s objectives are not to win on the battlefield—an impossible outcome against the U.S. and Israel—but to ensure the survival of the regime; create regional and global political, diplomatic, and economic chaos that shapes U.S. decision-making; and end the war on terms favorable to Tehran. Iran views this as an opportunity to turn these attacks into a long-term strategic advantage.

Iran’s arsenal of terrorist surrogates and partners, drones and missiles as weapons of coercion in the Strait of Hormuz and elsewhere, cyber capabilities, cognitive warfare, an empowered and battle-hardened IRGC, and transactional relationships with Russia and China have allowed it to believe it can still achieve these goals—improbable as they seemed in the early days after the U.S. and Israeli strikes.

Ultimately, Iran may not succeed, but it has already shaped the war in ways that complicate U.S. strategy. Much as we are learning from Ukraine’s adaptive, asymmetric resistance to Russia’s invasion, we are likewise drawing lessons from the clash with Iran. Changes in modern warfare aren’t just academic issues; they are playing out in real time.

This is not conventional war for Iran; it is a continuum of full-spectrum pressure and attacks both above and below the threshold of open conflict. For Iran, this is about pursuing regional dominance through surrogate networks and control of vital resources and sea lanes. Even when this round of fighting ends, Iran will almost certainly resume its gray zone campaign and its long war against the U.S. and its partners.

In Washington, where “forever wars” are a political liability, U.S. leaders tend to see engagements with Iran as finite in time and objectives where conventional military power ultimately prevails.

In contrast, Iran sees its struggle against the U.S. as existential and unending, where winning is measured less by battlefield victory than by political, economic, and coercive leverage and the ability to shape the decision space of its adversaries.

For Iran, this is about securing freedom of action regionally and globally, constraining adversaries, and expanding political, economic, and military advantage. Iran’s gray zone and asymmetric posture reflect this strategy. Iran has been preparing for this moment for decades. For Tehran, this is Endless Warfare.

Endless Warfare

For the purposes of this article, Endless Warfare refers to a calculated and persistent state of confrontation that operates both below and above the level of open warfare in which preparation for the next conflict is always underway. It is never formally declared, has no clear starting or end points, and provides our adversaries viable alternatives to conventional warfare.

At its core, Endless Warfare is a long-term strategy to prevail through cumulative gains and exhausting the strategic resolve of an adversary.

Navigating the Threshold.

Below the threshold of open conflict, the gray zone is a space of ambiguity, plausible and implausible deniability, and persistent, incremental aggression where weaknesses and gaps are identified and exploited. The gray zone—and gray warfare—allow adversaries to conduct operations to advance their own national interests, attack and undermine their adversaries, and set the conditions for a future war without triggering a military response. Preparation and setting conditions in the gray zone enable asymmetric warfare and fuel an endless cycle of conflict.

Above the threshold of open conflict, asymmetric warfare becomes the counterpart to gray warfare for militarily outmatched countries, such as Iran. The tools are the same. For Iran, asymmetric warfare is not a desperate last resort but a long‑planned survival strategy: a deliberate way to impose costs, buy time, and pursue broader regional objectives against a militarily superior United States and Israel.

Beyond countries like Iran, Endless Warfare is also the strategy for Russia and China. Although their strategic approaches differ, both countries are engaged in a continuum of full-spectrum pressure and attacks against the U.S. Their goal is the slow erosion of American relative power, autonomy, and influence across multiple domains and reshaping the existing world order in their favor.

China’s Approach to Endless Warfare

For China, patience is a strategic weapon. While Beijing does not use the term “Endless Warfare,” its doctrine of protracted, whole-of-society warfare that can last decades or generations reflects that it emphatically embraces the underlying thinking. For example:

Mao Zedong emphasized wearing down a stronger adversary through time, space, and political mobilization rather than seeking decisive battles.

Unrestricted Warfare, the influential 1999 doctrinal work by PLA colonels Qiao Liang and Wang Xiangsui, calls for extending conflict beyond traditional military operations into economic, technological, legal, psychological, cyber, space, and information domains. In this framework, “war” is reframed as permanent competition across all instruments of national power.

China’s official “Three Warfares” doctrine—public opinion, psychological, and legal warfare—formalized in 2003, focuses on shaping the battlefield before and often instead of kinetic conflict.

As Elizabeth Economy details in Foreign Affairs, “China is executing a patient, multi-decade campaign to dominate the “new frontiers of power”—deep seabed, Arctic routes, space, cyber protocols, and financial infrastructure. This is not episodic aggression but a continuous effort to set conditions, rewrite rules, and erode U.S. advantages below the threshold of open conflict.”

Michael Pillsbury also persuasively argues in The Hundred-Year Marathon that China’s approach centers on a long-term strategy of “winning without fighting” — drawing on traditions of extreme patience over decades or generations, inducing complacency in competitors, and pursuing the patient displacement of American primacy over decades or generations.

China’s activities in the South China Sea, cyber pre-positioning in critical infrastructure, and expansion of global port access reflect a strategy focused less on immediate confrontation and more on a persistent approach to reshape power and influence order in China’s favor. In short, Beijing’s strategy is built for a marathon of protracted competition to weaken American primacy and expand China’s own political, economic, technological, and military influence.

Russia’s approach to Endless Warfare:

In contrast to China’s patient, multi-decade campaign, Russia is a committed global disrupter on a permanent war footing against the West.

This posture is driven, in part, by Russia’s long-standing obsession with defending the homeland—a besieged fortress mentality—the conviction that Russia is existentially threatened and surrounded by enemies seeking its destruction. Russia considers the U.S. and NATO first among those enemies.

According to CEPA, Russia sees warfare as “continuous and ubiquitous” and believes that true lasting peace with the West is impossible—only temporary pauses in confrontation exist. This worldview and deeply embedded ideology of Endless Warfare by other names have resulted in persistent and evolving gray zone attacks against the West across political, economic, cyber, informational, and social domains.

Russia often appears less concerned about the success or failure of individual operations than with generating disruption, uncertainty, cognitive impact, and strategic effects over time.

As RAND has noted, “All of the many thousands of hostile and often costly interactions between Western and Soviet states or Russia since the 1917 revolution have taken place in the so-called gray zone short of war.” This long-standing reality makes the gray zone a continuous challenge…” This reflects that Endless Warfare by other names is long-standing Russian strategy.

Mechanisms of Endless Warfare

Persistent Gray Zone Attacks:

The gray zone is where great power competition increasingly plays out every day—below the threshold of open conflict and often below the threshold of credible deterrence.

Russia and China employ persistent gray-zone attacks because they have calculated that the strategic gains outweigh the risks and that the likelihood of provoking decisive retaliation remains low.

As argued in earlier work on China’s Gray War on America, strategic defeat in the gray zone—or through gray warfare—emerges not through decisive military power, but through the cumulative loss of relative power, autonomy, and influence across multiple domains of national power.

Russia and China’s gray zone attacks against the United States reflect this strategy. Their objective is not necessarily to directly confront and defeat America through conventional military power, at least not as a primary strategy, but to decisively, even patiently, weaken American at home and abroad over the long term—the framework of Endless Warfare.

Russia’s gray-zone campaign in Europe illustrates this approach. Russia seeks to disrupt and dissuade support for Ukraine while weakening and fracturing NATO—a combination of immediate operational goals and long-standing strategic objectives. For decades, Russia has penetrated institutions, organizations, and networks across Europe, shaping conditions for future conflict. This access provides Russia with the leverage, reach, and insight necessary to conduct a broad spectrum of persistent disruptive activities over the long-term below the threshold of war.

The same approach increasingly extends to the United States. Russia has conducted cyber intrusions; penetrated critical infrastructure; stolen sensitive government, corporate, and personal information; cultivated strategic access, and employed influence operations and other gray zone tools intended to impose costs and create long-term strategic advantage.

Russia’s broader efforts to confront U.S. actions globally through disruption in Syria, across Africa, in the Arctic, and throughout other contested regions—while compelling the United States to respond across multiple theaters and placing sustained stress on allied unity—reflect an approach intended not to engage the United States militarily, but to gradually erode America’s capacity to sustain long-term global competition.

China’s gray zone campaign against the United States has included the penetration of critical infrastructure networks, industrial-scale theft of intellectual property, the compromise of sensitive personal data on millions of Americans, persistent cyber espionage directed at government, defense, and commercial sectors, and influence operations intended to exploit social and political divisions and erode confidence in American institutions. These activities are designed not merely to achieve immediate impact but to gain an advantage over time that will be difficult to reverse.

Cognitive warfare:

The most pervasive adversary activity in the gray zone—and one of the central drivers of Endless Warfare—is cognitive warfare. Our adversaries use cognitive warfare to influence individuals, groups, and societies at the cognitive level—not only through traditional information and influence activities, but also through political, economic, technological, and societal pressures that can influence or disrupt cognition itself.

We should not see cognitive warfare as merely another challenge in the information domain; we should recognize it as a new frontier of power—a deliberate effort to subvert how free societies know, deliberate, and decide.

The ultimate objective of cognitive warfare is to undermine America’s decision autonomy—our ability to accurately perceive global events, to trust the knowledge we have and the information we receive, and to make confident, independent decisions free from external manipulation or coercion.

Adversaries use persuasive disinformation, weaponized narratives, AI-enabled deepfakes, synthetic realities, coercion, intimidation, and other evolving tools to erode trust in institutions, amplify social and political division, manipulate public perception, and increase uncertainty at every level of society: private citizens, business leaders, military commanders, and policymakers.

In the cognitive domain, truth is a strategic asset—precious, powerful, and fragile, and cognitive warfare is a contest for that truth and knowledge.

Cognitive warfare does not need to result in major actions or decisions that directly benefit an adversary to be effective. It succeeds when our decisions become slower, more hesitant, more internally contested, or result in inaction or false choices due to erosion of resolve, coercion, or intimidation.

Proxies and Surrogates

The use of proxies and surrogates offers countries options to the potentially devastating consequences of direct conflict. Proxies and surrogates add essential capability, deflect attribution, and externalize the burden and consequences of Endless Warfare.

Iran has built one of the most developed proxy and surrogate networks in modern conflict. This network allowed Iran to indirectly attack Israel, intimidate regional states, serve as a spoiler in Syria, attack U.S. forces in Iraq, and disrupt international shipping—all while largely keeping itself at arm’s distance. This network also served as a defensive shield, helping dissuade attacks from Israel or the West, and advanced Iranian strategic interests for decades.

Yet surrogacy in Endless Warfare is evolving as modern conflict evolves.

In Endless Warfare, surrogacy is increasingly defined not by the hierarchy or control associated with traditional surrogate relationships, but by the persistent pursuit of strategic outcomes by multiple actors against a common adversary.

In this evolving form of pragmatic surrogacy, adversaries do not necessarily need formal coordination if their independent actions against a common adversary are mutually beneficial.

For example, China and Russia do not share identical strategic objectives. Russia is not a traditional surrogate, but it is also not an equal partner in the relationship. China provides economic, diplomatic, and broader strategic support that helps Russia sustain its war in Ukraine. In turn, Russia takes action to impose costs on the U.S. and it allies and that generates strategic outcomes that benefit China’s broader Gray War against America—consuming U.S. war reserves and resources, diverting attention from the Indo-Pacific and other global priorities, stressing domestic and allied resolve, and exposing potential military vulnerabilities.

Similar dynamics are visible in the Middle East. Iran pursues its own regional ambitions and is not subordinate to either Moscow or Beijing. Yet Iran’s persistent confrontation with the United States can benefit both Russia and China—including increased Russian fossil fuel revenue, discounted energy flows to China, strategic observations relevant to Taiwan, depletion of U.S. military reserves, diversion of U.S. strategic attention, and challenges to U.S. influence in the Middle East.

Russia and China may also benefit from pragmatic surrogate behavior by a much broader range of countries. Rather than build surrogate structures, both countries increasingly persuade, incentivize, induce, or coerce states into actions that strengthen their broader competitive position against the United States. Continuous purchases of Russian energy, participation in alternative financial systems, diplomatic shielding, sanctions evasion, strategic infrastructure access, or agreements providing future military utility can all favor Russia and China while disadvantaging the United States.

Because much of Endless Warfare occurs in ambiguous spaces below the threshold of traditional war, this pragmatic surrogacy may become one of the most effective and scalable mechanisms available to America’s adversaries.

Weaponizing Negotiations.

Negotiations do not necessarily represent the end of conflict; in Endless Warfare they often represent the continuation of it by other means—a new phase where strategic advantage can still be lost or gained.

It is a mistake to assume that entering negotiations means that an adversary will approach them in good faith to seek genuine resolution.

In their negotiations with the U.S., Russia and Iran both posture to seek concessions in advance, set maximalist demands they know are unacceptable, slow diplomatic processes, complicate U.S. decision-making, and erode allied political will and resolve. Most importantly—our adversaries use negotiations to gain time to reconstitute, make adjustments on the battlefield or in the gray zone, and strengthen their overall political and military position.

Russia’s approach under Vladimir Putin particularly reflects a negotiations strategy that is not a bridge to peace, but another instrument of conflict and Endless Warfare.

This pattern was clearly visible after the 2008 war with Georgia. The six-point ceasefire agreement brokered by French President Sarkozy was meant to restore peace and secure Russian withdrawal. Instead, Moscow used the negotiations to consolidate control over Abkhazia and South Ossetia, formally recognize their “independence,” establish permanent military bases, and evade full compliance with the deal.

The same playbook was repeated in the Minsk process after the 2014 intervention in eastern Ukraine. Russia exploited agreements designed to reduce hostilities to freeze the conflict on terms favorable to Russia, preserve leverage, buy time for rearmament, and weaken Western cohesion.

Today, Russia engages in talks to end the war with Ukraine while maintaining military pressure on Ukraine, insisting on maximalist demands, and using the process to weaken Western unity and improve its battlefield position. For Putin, negotiations are rarely about ending the conflict—they are about advancing it by other means.

In the logic of Endless Warfare, negotiations are less about compromise and resolution than about deception, gaining time, shaping perception, extracting concessions, and improving strategic position for the next phase of conflict. An agreement by an adversary to participate in negotiations may not be a diplomatic victory; just a new phase of conflict.

This article has focused on defining Endless Warfare and how our adversaries employ it. Part II will discuss approaches to countering this emerging reality of modern conflict.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Your AI Isn’t My AI: The Quiet Splintering Ahead

One of the most consequential geopolitical and technological races underway is the competition to shape the future of large language models. For a moment, it looked like a race to build one dominant cognitive operating system for humanity. But that is not what the next five to ten years will look like. Three forces will define the LLM landscape of the next decade: fragmentation across countries and cultures, the shift from chatbots to autonomous agents, and a quiet transformation in how each of us receives, interprets and shares information.

Search engines organize our information. Social media channels figure out how to grab and keep our attention. Large language models now shape our interpretation.

The first two layers concentrated power. The LLM layer, by contrast, is decentralizing along political, cultural and commercial lines.

Almost overnight, LLMs have become the front door to knowledge. Increasingly, they do not simply retrieve information; they interpret it for us. We consult them as experts, rely on them as filters for decision-making, and use them to help make sense of our world. In the process, we are outsourcing judgement to machines we have never met and never will.

This should not surprise us. Humans naturally apply social rules and expectations to computers – a phenomenon described by Byron Reeves and Clifford Nass in their “Computers are Social Actors” (CASA) framework in The Media Equation (1996). If a machine can communicate fluently, express emotion and simulate empathy, our social instincts engage almost automatically. That tendency will become far more consequential as LLMs continue to evolve.

Fragmentation — many models, many worldviews

Every LLM embeds assumptions.The key question for any model is not whether it is biased. It is “what are its biases and how transparent are they?” Each LLM can embed its own historical framing, level of censorship, moral assumptions, geopolitical narratives and definitions of what is acceptable. There is no globally accepted governance framework that consistently defines these boundaries across models. Rather, it can be different for each LLM today.

This challenge becomes even more complex across languages.Biases in Hindi, Mandarin, Arabic, Portuguese, Bahasa Indonesia, Russian and Spanish may receive far less international scrutiny than English-language outputs.The world may therefore experience not one AI ecosystem, but several competing cognitive ecosystems.

Fragmentation and Sovereign AI

A major structural shift underway is the rise of sovereign AI.

Countries increasingly want domestic models, local compute infrastructure, regulatory control, cultural alignment, and strategic independence.

China already operates a distinct AI sphere through systems such as DeepSeek, Qwen, ERNIE, and Hunyuan. India is pursuing Sarvam and Indus. France backs Mistral.Canada’s Cohere and Germany’s Aleph Alpha are in a planned merger to create a transatlantic sovereign AI vendor. UAE has Falcon and Jais through TII and G42. Singapore’s AI Singapore program backs SEA-LION, a national open-source LLM family. Saudi Arabia’s Public Investment Fund backs HUMAIN, a sovereign AI company focused on Arabic-language models.

It is logical that each of these LLMs will be influenced by language, regulation, compute access, procurement ecosystems, and cognitive alignment.

Open-weight models and asymmetric power

Another major development is the rapid spread of open-weight models.Techniques such as Low-Rank Adaptation (LoRA) allow organizations or individuals to fine-tune powerful models cheaply and quickly. Models can be modified for specialized capability, ideological alignment, style adaptation, or the removal of alignment and safety constraints.

Many open-weight ecosystems contain uncensored variants, often available on platforms, such as Hugging Face, a central hub for open-source AI models. This creates a strategic asymmetry. Advanced AI capabilities are no longer confined to major state actors or frontier labs. Adversaries, extremist groups, criminal organizations and foreign influence operations increasingly have access to highly capable systems.

The Rise of Agentic Systems

While the world fragments into competing models, a second transformation is changing what those models actually do. Today, we still think about AI as chatbots, but that framing is already becoming outdated. LLMs are evolving into agentic systems that call APIs, execute code, coordinate workflows, verify outputs, and operate semi-autonomously. In practical terms, agents will book the travel, draft the contract, monitor the competitor, screen the resumes, reconcile the invoices, prepare the briefing and flag what changed overnight — often calling other agents along the way.

Within five years, much of the information arriving at our desks will likely have been gathered, filtered and summarized by an agent before we read a word of it.The interface shifts from “asking questions” to “delegating objectives.” In this sense, the LLM itself disappears into the background — much like relational databases disappeared into modern computing infrastructure.

The Battle Over Cognitive Infrastructure

Put these two forces together and the picture changes for every leader, every citizen, every reader.

How we receive information. Each of us will increasingly see the world through whichever LLM sits between us and it. That model carries its own training data, its own guardrails, its own omissions. Two colleagues asking the same question of two different systems may get two materially different answers — and neither will know what was left out.

How we interpret information. Agents will not deliver raw material. They will deliver conclusions, summaries, and recommendations. The intermediate steps — the sources weighed, the alternatives discarded — will happen out of sight. We will be tempted to accept what arrives, because the cost of checking will be high and the appearance of competence will be persuasive.

How we share information. Increasingly, the message I send is drafted by my agent and read by yours. Provenance gets murky. Tone gets averaged. Persuasion runs through systems neither of us fully controls. Citizens can gradually lose trust in institutions, experts and media altogether – and societies with weakened shared trust become far more vulnerable to manipulation, polarization and coercion.

For intelligence services, this represents a shift in who controls the collection, preprocessing and interpretation layers that sit between raw data and national-level judgement.

What this asks of us

The United States currently retains major advantages (frontier research, semiconductor ecosystems, hyperscale cloud infrastructure, venture capital, and global platform reach), but the strategic environment is changing quickly. American developers increasingly use Chinese open-weight models because of cost-performance advantages. Open-weight models are publicly available, allowing anyone to run, modify, fine-tune or adapt them to their liking. The visible layer of perhaps dozens of major frontier models understates the true landscape. The real surface area lies in the derivatives, adapters and localized systems proliferating worldwide. The battle over AI and LLMs is not simply about economic advantage or technology leadership. It is about who will shape the cognitive architecture through which billions of people understand truth, authority, identity and reality.

The defining question of the next decade may be “Which system do we collectively trust — and what do we still insist on judging for ourselves”. Because whichever systems mediate knowledge, memory, interpretation, persuasion, and trust will increasingly shape the operating system of human society itself. The good news is the infrastructure is being built, the rules and guidelines are yet to be formalized, governance is an emerging topic and major consolidation has not yet taken place. Our future depends on who preserves human judgement, freedom and trust as our world is transformed by technological advance.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Before Funding a Record Defense Budget, Congress Should Demand Answers on Iran

As I listened to Defense Secretary Hegseth testify about the proposed $1.5 Trillion defense budget, the quote from Robert Heinlein, the science fiction writer, kept running through my mind: “The most expensive thing in the world is a second-best military establishment, good but not good enough to win.”

The U.S. military has no peer. U.S. military personnel are a stunningly impressive group, the best trained and equipped to ever fight a war. But despite continued tactical excellence, and the highest tech and the (already) most expensive military in the world, the U.S. has had a hard time turning that into durable strategic outcomes.

The War in Afghanistan ended in a collapse of its government and U.S. withdrawal. Getting Iraq to a fragile, deeply sectarian, often-Iranian-dominated, and corrupt democracy, took years, thousands of U.S. lives, many multiples of that of Iraqi lives, and billions of dollars. And the current Iran war seems likely to end in a way that is neither beneficial for U.S. security nor a successful escalation beyond what can be accomplished with coercive diplomacy—as of right now, the war did not remove the Iranian regime, its highly enriched uranium nor Iran’s capacity to shut down the Strait of Hormuz at will. As a bonus, we likely have confirmed the view among nations that the only real way to ensure that no one will attack you is to acquire a nuclear weapon. These three wars are not a track record of strategic wins.

While Congress considers authorizing and appropriating the largest defense budget since World War II, they should undertake a formal, concerted effort to understand why this disconnect exists. In the case of Afghanistan, such an effort is well underway with the Afghanistan War Commission. But a myriad of questions, ranging from the purely tactical to the political and strategic, need to be answered in the case of the Iran War. While the Administration will certainly argue that it’s too soon for a commission like the one for the Afghanistan War to be contemplated, that should not stop Congress from seeking answers on its own as it determines whether, and how, to provide the requested defense spending.

Congress should demand to know why the U.S. military was underprepared for the threat of Iranian drones, which killed U.S. servicemembers, destroyed aircraft, damaged U.S. facilities across the Gulf, and damaged commercial facilities in multiple countries. This seeming under-preparedness is despite the ubiquity of Iranian-supplied drones in the Russia-Ukraine war. Congress should seek to determine if the intelligence on Iran’s drone programs was accurate and, if so, was DOD unprepared? Or, alternately, did DOD determine this level of damage was an acceptable risk—after all, one rarely fights wars without losses. But it’s equally likely, perhaps much more likely, that we overestimated our capacity and that of our allies to suppress drone launches and intercept airborne drone attacks.

Similar questions relate to Iran’s missile capability, which has done damage all over the region. Again, those authorizing and carrying out the war would have strong insight into Iran’s capacity to conduct such strikes. And the U.S. may have understood, assuming media reports are correct, that Iran could rebuild these capabilities reasonably quickly. But Congress should ask about this and the capabilities and decision-making given the costs that have been imposed. Would the systems that would be funded in this year’s budget request fix that problem? Or do we need to do something else?

Iran has been, as noted, able to close the Strait of Hormuz. Did DOD develop workable options for this foreseeable possibility? If not, why not given that such a closure has been contemplated in many, many war games and written about publicly for years? Bad planning? Or did DOD assume they had the capability to deal with the Iranian systems? If so, why was that wrong and what do we need to do to ensure that this can’t happen in the future, for example in the Strait of Malacca or the South China Sea?

Congress should also ask hard questions about military planning. The Department of Defense is extremely defensive about sharing details of war plans with Congress, for understandable reasons, but the Secretary of Defense and Chairman of the Joint Chiefs have not been shy about broadcasting, for example, the number of targets hit and ships sunk. How did the planners envision striking these targets in those numbers would achieve strategic goals, whatever they were?

The largest problems appear to come from confused and wildly over-optimistic goals and misaligned strategies between allies. And one cannot envision the Administration agreeing to answer questions about how the President made the decision to attack or why he made that decision when he did. But Congress can and should press the Department and the Intelligence Community on what options were presented and how risks and benefits were presented. The Executive Branch will resist this, but also cannot be trusted to grade its own homework. And the country deserves to have some faith in the process by which the President is presented and weighs strategic options and risk even if the President resists explaining how he came to make those decisions.

It would be ideal if Congress would conduct these inquiries publicly. But given the political environment, that seems likely to break down in partisan infighting. Instead, Congress, through the Armed Services Committees and to a lesser extent the Intelligence Committees, could simply explore these questions through a series of closed-door briefings, hearings, and interviews. Responsible members, and the Chairman and Ranking Members on both Armed Services committees are in that category, can agree to lock arms and work together to understand what happened—the Senate Select Committee on Intelligence investigation into Russia’s attempts to interfere in the 2016 election provides a good example of just this kind of effort (full disclosure—I was the Minority Staff Director on SSCI during this time). Such effort may not fully satisfy anyone, will irritate partisans on both sides of the aisle, and will certainly provoke conflict between the branches. But such checks and balances are essential to war fighting by a democratic state. We need to understand why we’ve failed in the past if we want to win in the future and avoid Heinlein’s curse.

All views, positions, and conclusions expressed in this publication should be understood to be solely those of the author.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Anonymous Wikipedia Editors Influence Global Narratives — and AI Systems

OPINION -- If you ask Google what Al Jazeera is, the answer you receive draws heavily on Wikipedia. The same is true if you ask ChatGPT, Perplexity or many other large language models. Wikipedia has become the working baseline of public knowledge, whether for reporters, students or congressional staffers.

Look up Al Jazeera on Wikipedia today and the encyclopedia describes it as “a Qatari news media organization” that is “a statutory private foundation for public benefit” “primarily funded by the government of Qatar.” Its flagship article assures readers that Al Jazeera was “launched with a mandate of independence,” was “noted for its journalistic professionalism,” and is recognized by scholars as having driven a democratizing “Al Jazeera effect” across the Arab world. This is the conventional wisdom hundreds of millions of people now casually believe.

It is also, in many important respects, wrong.

The ground truth is that Al Jazeera is a state-owned broadcaster of an absolute monarchy, funded and effectively controlled by the ruling Al Thani family of Qatar. The network's own former director general told the BBC in 2017 that “90% maybe” of its budget comes from the Qatari government. Its founding chairman has been Sheikh Hamad bin Thamer Al Thani, a member of the royal house. Qatari law makes criticism of the Emir, his family or his policies a punishable offense, and Reporters Without Borders ranks the country among the world's least free for journalism.

The U.S. Department of Justice has determined Al Jazeera to be “controlled and funded by the government of Qatar” and has ordered its U.S.-targeted digital outlet, AJ+, to register as a foreign agent — an order it has refused to comply with. Israel banned the network in 2024. Four neighboring Arab states demanded its closure as a condition of restoring relations with Qatar in 2017. By every functional measure that matters, Al Jazeera is a state influence enterprise. That is not the picture Wikipedia paints. And it is not an accident.

Wikipedia, the fifth-most-visited website in the world, is written by anonymous volunteers. Anyone with an internet connection can edit nearly any article, and editors are under no obligation to disclose their real identity. The platform's paid-editing rules require editors who are compensated by clients to declare it on their user page, but enforcement depends entirely on volunteer detection. Articles on contentious topics, like the Israel-Palestine conflict, can be placed under so-called “Extended Confirmed Protection,” restricting edits to established accounts. But within those restrictions, the system runs on the assumption of good faith. Once an account passes the threshold for tenure, it can shape any article it chooses, in any direction, behind whatever username it likes.

One user dominates Wikipedia's coverage of Al Jazeera. Originally registered as Gsgdd in November 2022 and later renamed Cinaroot, the account is now responsible for more than 40 percent of the current text on the main Al Jazeera Media Network article (nearly quadruple the second most active editor), more than 27 percent on Al Jazeera English (triple the next editor), and 68.2 percent on Al Jazeera effect, the entry that explains the network's broader significance (five times greater than the second most active editor).

Who is Cinaroot? Honestly, no one outside Wikipedia's internal moderators knows. The account presents no biographical information, lists no affiliations, and has renamed itself twice — from Gsgdd to Astropulse in mid-2024, then to Cinaroot in early 2025 — making earlier activity harder to trace. There is no public evidence directly linking the account to the Qatari government, to Al Jazeera, or to any contractor working for either. What can be established is the pattern of edits, their volume, their direction, their timing, and the institutional environment in which the work is taking place. Whether Cinaroot is one person, a team operating from Doha's information ministry, or a contractor compensated by a third party can only be inferred. The inference is strong. The proof of who sits at the keyboard remains, by design, out of reach.

What can be analyzed is the account's behavior, and it would interest any analyst of influence operations. Cinaroot was registered on Nov. 12, 2022, ten days before Qatar opened the 2022 World Cup — the centerpiece of more than a decade of Qatari soft-power spending and an event Doha treated as the small Gulf monarchy's arrival as a global actor. The account made a handful of minor, unrelated edits and then, for nine months, fell silent. That itself is unusual. Most organic users' activity fluctuates, but rarely do they go fully dormant for months. Most important is when the account “woke up.”

On Oct. 25, 2023, eighteen days after Hamas's attack on Israel, Cinaroot's first substantive act was a political statement. The edit was a post on the Talk page of the October 7 attacks article, where editors discuss (and often fight over) changes. The account, citing UN Secretary-General António Guterres, asserted that the massacre of 1,200 people in Israel “did not happen in a vacuum,” and enumerated alleged Israeli responsibilities for the violence.

Two days later, the account began what would become a years-long campaign focused on Al Jazeera. But what it did first would set the template for everything that followed.

In 2017, Saudi Arabia, the United Arab Emirates, Bahrain and Egypt severed relations with Qatar, blockaded its borders, and demanded the closure of Al Jazeera as one of thirteen conditions for restoring them. Four Arab governments — Qatar's closest neighbors and the states that had lived with the network's regional role for two decades — had judged Al Jazeera consequential enough that its shutdown was a key demand. That fact sat in the lead section of the Al Jazeera Arabic Wikipedia entry, the first thing a reader would see — and as damaging a claim as any for an organization trying to manage its credibility.

Cinaroot, an account that, at the time, had almost no recorded experience on the platform, swiftly moved the statement out of the lead and into a controversies section further down, where fewer readers would encounter it. In its place, favorable language about the network's journalism went in at the top. The same kind of move would be repeated across the cluster for the next two and a half years: critical material relocated, compressed or contained; favorable material elevated; disputes about Qatari control reframed as procedural questions about sourcing and balance.

Examples accumulated. In November 2023, Cinaroot removed the names of senior Qatari figures — including the network's chairman, a member of the Al Thani royal house — from the lead of the Al Jazeera Media Network article, visually distancing the network from its royal leadership at the top of the page. The same month, the account rewrote the article's account of the U.S. foreign-agent ruling to apply only to the subsidiary AJ+, isolating the legal classification from the parent organization. In June 2024, Cinaroot removed Al Jazeera English's “state media” categorization tag from its Wikipedia infobox, arguing in the edit summary that “partial funding by Qatar govt itself is not enough for categorization.” In September 2025, when another editor proposed describing the network as “essentially state media,” Cinaroot reverted them with the justification: “essentially is not enough, legally is what matters.” On a single day in January 2026, the account deleted 39,544 bytes — roughly 6,500 words, or a month of accumulated work by another editor — covering the network's funding, governance and editorial policy.

Cinaroot has not gone uncontested. Another editor, operating under the Arabic-language username Ghawwas Al-Ilm — “diver of knowledge” — has spent years expanding the same pages with sourced material on Al Jazeera's funding, leadership and operational ties to the Qatari state. That material is the substance Cinaroot has repeatedly removed. The pattern across the cluster is one of expansion by Ghawwas, then constraint by Cinaroot — additions accumulate over weeks; one structural edit erases them. Because Cinaroot has the higher tempo and the procedural fluency, the constraint side has, over time, prevailed.

The cumulative effect, edit by edit, is more than a sanitized story. It is a Wikipedia certification of Al Jazeera as independent — the most valuable endorsement the network could ask from any platform. That certification flows outward. It feeds Google's answer panels, trains the major large language models, and shapes the first paragraph of countless news stories, term papers and policy memos. The result is one of the most consequential acts of historical revision in the digital age.

Al Jazeera's 1996 founding, originally rooted in the 1995 palace coup that brought Sheikh Hamad bin Khalifa Al Thani to power — and that produced a satellite broadcaster to project his new government's voice almost immediately — has been stripped of that political context. The phrase “primarily funded by Qatar,” used in earlier versions of the article, has been softened. In reality, the network's funding, launched reportedly with more than $1 billion, mostly from the Emir of Qatar himself, has not changed.

The most striking work is on the Al Jazeera effect article — a page that does not simply describe the network but theorizes it as a democratizing political-science phenomenon. The article today asserts in its own voice that there is a “broad consensus that the network has revolutionized Arab television news,” enjoying an “unprecedented margin of freedom” and “democratizing media in the Middle East.” In effect, this is a complete inversion of the journalistic reality behind the network, which is funded and effectively controlled by the rulers of an autocratic petro-state. Cinaroot wrote 68.2 percent of it. This isn't ancient history: the account is responsible for 71 of the page's 83 edits since the beginning of this year.

The Al Jazeera effect article leans on the work of Mohamed Zayani, a scholar at Georgetown University's Doha campus, which Qatar has funded with more than $1.06 billion in disclosed payments to the university. The Wikipedia article's signature claim, that Al Jazeera enjoys an “unprecedented margin of freedom,” is taken from a paywalled Zayani paper that Cinaroot personally paid $37 to access, noting “thanks Sage” in the edit summary. Volunteer encyclopedia editors working in their spare time do not typically reach for their credit card to buy paywalled academic articles in order to cite them.

Wikipedia insiders have a term for this kind of loop: citogenesis. In the classic case, an editor adds an unsourced claim to Wikipedia; a reporter reads it and repeats it in print; the printed article is then cited back into Wikipedia as the source. A claim has been validated by the loop it produced. What appears to be happening on the Al Jazeera pages is citogenesis at an institutional scale. Qatar funds the news network. Qatar funds the prestigious university. Scholarship that emerges from inside that funded ecosystem then appears in Wikipedia as if it were neutral authority. Wikipedia trains Google's answer panels and the major large language models. By the time the information reaches a reader, the original political circumstance has been removed at three stages, and the constructed “truth” separated from the context that produced it.

Cinaroot is not alone. A second editor, Mo2010, has built out much of the secondary infrastructure across the Al Jazeera ecosystem — and has done particularly consequential work on the AJ+ article, which Mo2010 created from scratch in February 2014. AJ+ is the brand U.S. regulators ordered to register under the Foreign Agents Registration Act, and the network's most aggressively distributed property on American social media. On the AJ+ page, the way that foreign-agent order is described — as a press-freedom issue rather than a Justice Department determination of state control — shapes how American readers, and the AI systems that increasingly answer their questions, encounter a foreign government's most active U.S. media presence.

This is not the first Wikipedia editing operation linked to Qatar's interests. In January, the Bureau of Investigative Journalism — a London-based nonprofit newsroom — documented a covert editing operation by London PR firm Portland Communications on behalf of Qatari-linked clients: a network of anonymous accounts deployed to reshape politically sensitive articles, particularly those connected to the crown jewel of Qatar's brand empire — its global sports-related partnerships and the executives behind them. That investigation established the capability and the precedent. The Al Jazeera cluster is what the same playbook looks like applied to Qatar's most consequential media asset.

None of this is a hidden conspiracy. Every edit is in the public Wikipedia record. Anyone with a browser can read them. That is also the design: each individual edit is defended on its face as sourcing improvement, neutrality balancing or style cleanup. Wikipedia's culture rewards those rationales. The pattern is only visible when one reads the edits together.

Wikipedia will not solve this on its own. The platform's editorial culture is designed to assume good faith and to treat procedural arguments as conclusive. That is its strength, and its vulnerability. Foreign-influence work that arrives in the language of “sourcing” and “balance” passes through without resistance. It also helps when the platform has been cultivated. The Qatar Foundation, a state-owned non-profit, was a six-figure donor to the Wikimedia Foundation in the early 2010s. The Qatar Computing Research Institute — owned by the Qatar Foundation — entered a formal partnership with Wikimedia in 2011 to expand Arabic-language Wikipedia, train editors and integrate Wikipedia editing into university curricula in the emirate.

In 2013, Wikipedia co-founder Jimmy Wales delivered a keynote at a Qatar Foundation event in Doha. And in December 2025, Al Jazeera Media Network announced an expanded partnership with Google Cloud to integrate Google's AI tools into its newsroom — the same Google whose answer panels are fed in part by the Wikipedia articles Cinaroot has shaped. None of these touchpoints proves editorial control. They demonstrate that Qatar has, for more than a decade, engaged the encyclopedia and its commercial neighbors at the institutional levels at which platforms decide which actors' claims should be treated as credible and which should be scrutinized.

There are concrete steps Wikipedia and its parent foundation could take. Articles about state-funded media organizations could be designated as a contentious topic class, requiring identity verification through the Wikimedia Foundation for editors making more than a defined number of substantive changes — without exposing those identities publicly. Single-editor authorship dominance above an established threshold (say, 40 percent of an article on a politically sensitive subject) could trigger automatic review. Edit summaries that justify content removal on procedural grounds could require linking to a documented Talk-page consensus rather than a single editor's policy invocation. Wikipedia's existing paid-disclosure rules could be enforced not only against editors who declare themselves paid, but against accounts whose editing patterns — concentrated topical focus, procedural sophistication, persistent directional outcomes — diverge measurably from organic editing. None of these would compromise the open ethos that makes Wikipedia what it is. They would simply close the gap the current rules leave open.

What governments, technology platforms and the encyclopedia itself owe their readers is a more honest accounting of who writes the entries that now train the world's information systems. Until then, the answer to the question “What is Al Jazeera?” will be whatever a small number of editors, backed by a much larger set of institutional relationships, have together determined.

Ashley Rindsberg is founder and chief investigative officer of NPOV. Toby Dershowitz is senior adviser at the Foundation for Defense Of Democracies, a non-partisan research Institute focused on national security and foreign policy issues. Follow them on X @ashleyrindsberg and @tobydersh

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Part II: When a Machiavellian and a Charismatic Met

In our pre-summit piece on the Xi/Trump meeting [When a Charismatic and a Machiavellian Meet 12 May] we wrote: "When a gifted political charismatic such as President Trump is paired in negotiation with an equally gifted Machiavellian such as President Xi, history-making deals may happen. So too can epoch-defining disasters." At the end of the summit, the two Presidents parted ways in an atmosphere of comity – and with the possibility of hammering out between them this year (with three more summit opportunities) a modus vivendi on Artificial Intelligence with incalculable value to all of humanity.

Beijing's and Washington's announcement of their commitment to establish the first ever "intergovernmental dialogue" on AI received scant attention in the noisy and highly divergent post-summit parlor game commentary about who gained what, who gained most, who gained nothing, and who lost what. This is probably because of deep skepticism that mutual trust can be achieved in the midst of the current breakneck international competition to win the AI race.

Those of a certain age can remember the despondent faces of Reagan and Gorbachev, great friends and partners in peace, when they failed at their October 1986 summit in Reykjavík to reach an agreement that had the potential to eliminate all nuclear weapons. Soon after the summit — in 1990, four years later — Gorbachev was awarded the Nobel Peace Prize "for the leading role he played in the radical changes in East-West relations" but ever after spoke about his sense of personal failure in not making a deal with Reagan.

At the time, these two leaders of the world's recognized superpowers – the two most politically powerful men on earth in 1986 -- were working in a world where "mutually assured destruction" had become the de-facto solution to avoiding global nuclear war. What Xi and Trump are proposing now is getting ahead of an equally potentially cataclysmic global problem. They are proposing, as the Chinese announcement said, "working together to promote the development and governance of AI, so that AI can better serve the progress of human civilization and the common wellbeing of the international community." In other words, they are committing to using their individual power in their separate global spheres of influence to avoid a cyberspace era of "mutually assured destruction" – let's call this CyberMAD – this time based on weaponizing AI, versus nuclear power that we can call NuclearMAD.

The AI agreements they may strike – a new "rules based" order that only they will be able to enforce in their own regions – might only be possible when the negotiations occur between "frenemies," two counterpart leaders at the apex of world power who negotiate in good faith despite differences in temperaments, competing political systems, widely divergent cultures and histories.

Paradoxically, what stands out against the backdrop of Xi and Trump's numerous and salient differences are their very similar understandings of the logic and dynamics of political power and their shared political ethics regarding only negotiating with true equals in power. The combination of such extreme differences alongside similar political philosophies may pave the way to forging an AI accord.

Should they succeed, history will judge these men as belonging among the ranks of great world leaders, and history will forgive them much.

Let's review some events from the summit that signal why such a deal is possible.

No Big Fat Hug, but a Counter-Cultural Handshake

With his usual seemingly slightly over-caffeinated gusto the extroverted American President declared prior to their meeting that the Chinese President will greet him with "a big, fat, hug." Trump may have been channeling the classic comedy dynamic between a "funny man" up against a deadpan "straight man." In response to this possible wisecracking from President Trump, the austere introverted Chinese President maintained his usual imperturbable silence, though we can imagine him chuckling — or eye rolling — as this sally from his fellow member of the "superpower leaders' club" – that most exclusive club with a current membership of two.

In the end, Trump was greeted in Beijing not with a big hug from Xi, but with Xi accepting Trump's characteristic long two-handed grip handshake and penetrating stare into the other leader's eyes — something highly culturally uncomfortable for a Chinese leader. For the Chinese such a full in-the-face stare is usually interpreted as a deliberate act of aggression or dominance.

We cannot overlook how much these two Presidents are working to accommodate each other, despite their real differences.

Though Their Drawbridges May be Down, Their Battlements Remain Armed

Xi and Trump share a philosophy of power whereby lasting international deals can only be made if domestic – meaning personal -- power remains balanced between the two dealmakers. Enforceable deals are only secure if individual domestic power is advertised and equally respected by both parties.

Xi's team made this reminder clear regarding his domestic power when China's Foreign Ministry spokesperson tweeted in the middle of the summit that, "the Taiwan question is the most important issue in China-U.S. relations…If it is handled properly, the bilateral relationship will enjoy overall stability. Otherwise, the two countries will have clashes and even conflicts, putting the entire relationship in great jeopardy." The resulting outcry by the American media at this piece of "disrespect" was predictable.

Trump's team made their own statement of defiance regarding domestic power by dramatically chucking any non-organic technology (burner phones and computers) and Chinese representation gifts into a large wastebin at the foot of Air Force One as they departed. This was an unsubtle for-the-cameras reminder to their Chinese counterparts that: "we won't help you spy on us at home." Predictable Chinese commentary ensued over what was labelled an unnecessarily provocative, rude, and "disrespectful" gesture.

Each leader's current stance with regard to their domestic power appears to be enough said and point made (without direct confrontation) and no long-term harm was done. Each leader can make – and take -- political displays of domestic toughness from the other because both understand that each must test their frenemy's strength and resolve. Xi and Trump tolerate and respect each other's political skills on this level, like lions roaring at each other in the wild to mark their territories.

Domestic Postures and Personalities Aside – An AI Deal for the Ages

Xi is a Machiavellian who understands the dangers of yielding to AI control over the material infrastructures of civilization. Trump is a charismatic and intuitively understands the dangers of outsourcing to AI mastery over the intangible psychological ties that shape the social contract between a populace and governance. Humanity missed the mark in WWII with nuclear weapons — each nation hellbent on making such weapons their own and ignoring the global implications of proliferation. This fierce self-interested competitiveness between the world's nations led us to a world where accepting the well-named MAD – mutually assured destruction – made sense as the only way to keep the peace, and therefore all of humanity alive. Today, as we watch the dynamics between the two leaders of the world's superpowers we can hope for a different outcome. Xi and Trump understand the politics that led to NuclearMAD in the past, and how the current politics of AI can lead to the new calamity of CyberMAD. This time however they appear to be taking steps to guide humanity away from making a new set of science-based self-destructive global mistakes.

These leaders — powerful, intimidating, each in his own way brilliant — are best positioned — temperamentally and politically — to hammer out, put on record, and police a deal to curb the dangers of AI and secure humanity's future.

Who knows what marvels future generations will achieve with the aid of AI, if its dangers are curbed through the joint leadership of the Presidents of China and the United States.

[1]"All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Narco-Terrorism as Grey-Zone Warfare: Pakistan’s Hidden Front Against India

The United States has long framed its South Asia policy around countering China’s rise, managing the fallout from Afghanistan, and preventing terrorist safe havens. Yet, Pakistan-facilitated narcotics trafficking into India remains a persistent and under-appreciated threat that demands greater attention in Washington. This is no longer an organized crime syndicate but a strong case of narco-terrorism – a deliberate grey-zone strategy that blends profit with subversion.

Drug proceeds fund anti-India Salafi-Jihadist groups, erode social stability in a key democratic partner, and sustain the very transnational networks that the United States has targeted for decades. Recent Indian operations and intelligence reports reveal Pakistan’s role as both a transit hub and active enabler, turning the Golden Crescent into a direct vector against Indian society. For American policymakers, ignoring this pipeline risks undermining Indo-US strategic convergence at a critical moment in the Indo-Pacific and the Middle East.

The Enduring Golden Crescent Nexus

Afghanistan continues to dominate global opium production, even after the Taliban’s 2022 cultivation ban dramatically reduced planted hectares. Vast pre-ban stockpiles, combined with a surge in methamphetamine labs reliant on chemical precursors, have kept the trafficking ecosystem alive and adaptable. Pakistan remains the indispensable transit corridor, channeling Afghan-origin heroin, hashish, and synthetics eastward into India while also moving product westward toward Europe. A 2025 US State Department Presidential Determination on major drug transit countries explicitly listed Pakistan among the 23 nations central to the global illicit drug trade, citing “geographic, commercial, and economic factors” that sustain the flow despite enforcement gaps. Indian analysts and security officials frame this as narco-terrorism. Proceeds from these shipments are alleged to finance groups such as Lashkar-e-Taiba (LeT), with hawala networks and cryptocurrencies providing the laundering backbone.

The human cost inside India is stark as border states like Punjab confront epidemic youth addiction, rising crime rates, and generational damage that weakens internal cohesion. What begins as a criminal enterprise quickly becomes a tool of hybrid warfare that imposes asymmetric costs on India without crossing the threshold of conventional conflict. For the United States, this matters because the same financial pipelines that move drug money have historically overlapped with terrorist financing streams that once threatened American lives and interests.

From Drones to Deep-Sea Handovers

Pakistan-linked networks have proven agile, shifting tactics to evade Indian border defenses and capitalize on new technologies. The most alarming innovation is the sudden rise of drug-laden Pakistani drones along the western land border, particularly in Punjab. According to India’s Narcotics Control Bureau (NCB) 2024 Annual Report, drone-related trafficking cases along the India-Pakistan border skyrocketed from just three in 2021 to 179 in 2024, with 163 incidents concentrated in the bordering districts of the Indian state of Punjab. The trend escalated further in 2025 with India’s Border Security Force seizing 272 drones coming from Pakistan into Punjab and recovering more than 367 kg of heroin between January and November 2025. The NCB explicitly warns that these unmanned systems constitute a “significant threat to India’s internal security,” as they bypass physical fencing, evade patrols, and deliver precise payloads of heroin and opium in minutes. Recoveries in these operations have included hundreds of kilograms of narcotics, highlighting the scale and sophistication.

Maritime routes across the Arabian Sea offer another high-volume artery. In April 2024, the Indian Coast Guard, NCB, and state police forces intercepted a Pakistani vessel west of Porbandar in Gujarat, seizing approximately 86 kg of narcotics valued at nearly $62 million and detaining 14 Pakistani crew members. A parallel case from December 2021, adjudicated in April 2026, saw a Gujarat special court sentence six Pakistani nationals to 20 years’ rigorous imprisonment each for smuggling 76.9 kg of heroin worth $39 million; the boat was intercepted 35 nautical miles off the Gujarat coast after intelligence pinpointed mid-sea handovers originating from Karachi. These sea operations frequently involve coordinated transfers from ports such as Karachi or Gwadar, exploiting India’s 7,500-kilometer coastline as both a destination and a transit node toward Gulf markets. Traditional land corridors through Jammu and Kashmir and Rajasthan persist, often synchronized with drone drops in hybrid tactics.

Narco-Terrorism as Grey-Zone Warfare

Beyond the statistics lies Pakistan’s deeper strategic intent. By flooding Indian border regions with narcotics, these networks corrode the social fabric, generate revenue for Pakistan-backed jihadist outfits, and force New Delhi to divert resources toward internal security. This mirrors grey-zone tactics Washington has criticized in other theaters, including persistent, below-threshold pressure designed to weaken an adversary without provoking open war. Recent National Investigation Agency (NIA) chargesheets, including an October 2025 filing in an LeT-linked narco-terror case, have traced drug proceeds directly to financing of proscribed terrorist outfits, with international hawala channels routing funds to operatives in India and Pakistan-administered Kashmir. Furthermore, Indian border forces’ confiscation of 10.2 kg of explosive material, 12 hand grenades, and 200 small arms with ammunition alongside drug shipments in 2025 alone offers strong evidence that narcotics, arms, and terror financing now operate as one ecosystem.

For the United States, the implications are concrete and immediate as terror groups sustained by narco-profits have repeatedly targeted American citizens and allies. The same laundering mechanisms that shield drug profits also obscure terrorist financing, creating overlapping threats that US law enforcement and intelligence agencies have long tracked. Moreover, India is America’s indispensable partner in the Indo-Pacific. As Washington deepens defense, technology, and intelligence cooperation with New Delhi to counter Chinese assertiveness, allowing a Pakistan-enabled narco-pipeline to undermine Indian stability undercuts that partnership. The post-Operation Sindoor landscape has already demonstrated how quickly South Asian flashpoints can escalate. Layering narcotics-fueled instability atop existing tensions only heightens crisis risks. In short, what happens in Punjab or Gujarat does not stay there, but it reverberates across the QUAD and into America’s broader strategic calculus.

Time for a Smarter US Approach

US policymakers should stop treating India’s narcotics challenge as a narrow bilateral issue and elevate it from the margins of policy on three fronts:

First, Washington should expand real-time intelligence sharing between US agencies and India’s Narcotics Control Bureau and Coast Guard to accelerate interdictions. The Arabian Sea route matters to Western interests because the same waters used for narcotics trafficking are also vital to global energy flows and commercial shipping. If Washington is investing in maritime domain awareness and Indian Ocean security, narcotics interdiction should be part of that conversation, not an afterthought.

Second, the United States should use targeted sanctions against key traffickers, facilitators, and financial enablers by leveraging existing counter-narcotics and counterterrorism authorities. Raising the cost of operating across these networks would help disrupt the financial architecture sustaining narco-terror activity.

Third, US diplomatic engagement with Islamabad should explicitly link counter-narcotics performance to broader security assistance discussions, making clear that grey-zone destabilization carries consequences.

The post-Sindoor era has shown how quickly South Asia’s security architecture can evolve. Yet the narcotics threat has intensified, adapting faster than the countermeasures designed to contain it. For the United States, treating Pakistan’s role in this pipeline as a peripheral law-enforcement matter is no longer tenable. Confronting it is a necessary investment in protecting a vital democratic partner, disrupting terror financing, and preserving long-term stability across South Asia.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

AI, Autonomous Weapons, and the Pentagon’s $55 Billion Bet on Future War

“The [Defense] Department (DoD) is requesting a massive increase for DAWG. For those in the audience that may not know, DAWG is the Defense Autonomous Warfare Group [tasked with rapidly developing, testing, and fielding large numbers of un-crewed systems and drones] and it's going from the $225 million [in fiscal year 2026] up to the $55 billion for fiscal year 2027. And at the same time, we're integrating the AI-driven [Artificial Intelligence-driven] targeting with those autonomous munitions at a pace that DoD directive 3000.09 was not designed to contemplate.”

That was Senate Armed Services Subcommittee Chairman Sen. Joni Ernst (R-Iowa) on May 19, speaking during a hearing on the science and technology priorities contained in the Fiscal Year 2027 Defense Authorization Bill and the Future Years Defense Program.

The 85-minute subcommittee session covered not only the proposed sharp budget increase in new autonomous weaponry, but also the race that’s going on between the U.S., China and other countries to integrate AI into offensive and defensive warfare. Ernst was questioning Defense Undersecretary for Research and Engineering Emil Michael when she brought up DoD directive 3000.09 which, as updated in 2023, established policy “for developing and using autonomous and semi-autonomous functions in weapon systems, including armed platforms that are remotely operated or operated by onboard personnel.”

Ernst asked: “Secretary Michael, has the department formally reviewed whether the current governance framework is actually keeping pace with DAWG’s growth and then how do we overcome that?”

Michael responded, “It absolutely needs updating…because of the threat environment -- what's possible by the adversary -- and partly because of the lessons we learned in Iran.” He explained that the U.S. wants “autonomous mine-seeking capabilities” for the Hormuz Strait, and the Trump anti-missile Golden Dome “has an autonomous element to it, a space-based interceptor that could …hopefully get a Chinese hypersonic missile in the first 90 seconds of launch before it separates into decoys and multiple munitions. So there are going to be different risk levels with autonomous and we have to account for them in our policies. My belief is that will change more frequently than it has in the past than it ought to, to be consistent with our values, consistent with the threat environment, and consistent with the technology development.”

In his opening remarks, Michael described concerns with China, when it comes to the AI competition.

“From a national security standpoint, this is another case of our adversary, the main adversary, China, you know, taking our IP [intellectual property] from our American development labs that have spent hundreds of billions of dollars [on AI] by the end of the next couple of years…And they're “distilling” those [AI] models, which means effectively copying them for a fraction of the

price, taking off the guard rails for them, which means they could be used in ways that they're not intended to be used, which is very dangerous for us, whether it's cyber as a cyber weapon, as a biological weapon, as a chemical weapon.”

“So the threat is real,” Michael said, adding, “We have to stay ahead on chips, power, innovation and capital formation and that gives us this six to 12 month lead and maybe we could extend it. In the last Commerce [Department] NIST (National Institute of Standards and Technology) evaluation, our lead had increased by a few months against the Chinese.”

Discussion of AI in directed energy/laser weaponry was one area that caught my eye.

“Directed energy is one of my top critical technology areas,” Michael said, “So it is a focus by us. The science for directed energy is largely done and now we're in the engineering phase of it. So the engineering part of it makes it cheaper, smaller and more proliferated. We now have a suite of directed energy products that go from low-end to high-end and now we have to scale production of those. The things that are helping are Golden Dome [anti-missile defense systems], because they have a big reliance on directed energy…And because the commitment was made to the President [Trump] that we're going to have a demonstration that includes directed energy in our Golden Dome architecture, there's a lot of energy going into that.

Michael added, “While we're going to have multiple demonstrations, the primary demonstration where it [laser technology] demonstrates a lot of capabilities will be summer of [20]28.”

When Subcommittee Chairman Ernst asked Undersecretary Michael, “What are we doing to ensure that the transition pathway from that [AI weapons] prototype to actual production is actually functioning,” he gave as an example Castelion, a company he said, “developing low-cost hypersonics less than half-a-million-dollars per missile relative to the $50 million per missile we pay today.”

Backing up his statement, I found that last April 24, the U.S. Navy announced it had awarded Castelion a $105 million to continue efforts to integrate its Blackbeard hypersonic strike weapon onto the F/A-18 fighter/bomber and transition the system to an Early Operational Capability in 2027 for carrier-based operations.

And on May 13, DoD announced “once Castelion achieves testing and validation, the Department will award a two-year multi-year procurement contract for a minimum of 500 Blackbeard missiles annually, with options to extend for up to five years. To further encourage Castelion's self-funded facility expansion, the Department is actively seeking the necessary authorizations and appropriations to purchase over 12,000 Blackbeard missiles over five years.”

Subcommittee Ranking Minority Member Sen. Elissa Slotkin (D-Mich.) raised two questions that took up a good part of the panel’s time.

“Given the strategic importance of winning, I cannot for the life of me understand two decisions that have been made,” Slotkin said. “Number one [was] the decision to sell Nvidia chips to the

Chinese, giving them not our most sophisticated, but some of our most sophisticated chips and chips they do not have.”

“Secondly,” she said, “I do not understand picking a fight with one of the few [AI] companies, Anthropic, that's in all of your [DoD] systems. All of you [the military services] use Anthropic right now, to the point where we've named them a supply chain risk, and all of you are supposed to be divesting from Anthropic in the next two months.”

“On the chips question,” Michael said, “this is a debate within the technology industry which is if you sell an adversary older chips, do you slow down their domestic production of equivalent chips because they become reliant on your technology?…If they become used to the American stack, is that net better for the American AI proliferation? And that's a debate.”

Michael added, “And the White House has decided that if we gave them two versions behind chips that we'd be able to preserve our dominance on the programming language, and make it less encouraging for them to develop their own domestic chip industry to catch up.”

As for the withdrawal from Anthropic, Michael said, “What we're worried about with the terms of service that they [Anthropic] had, and their posture toward the department [DoD], which when they questioned the [Venezuela President] Maduro raid, and whether their software was used inappropriately [in his kidnapping], gave us the sense that this was not a reliable partner to deal with…in conjunction with their written terms of service which prevent the use cases that we would like to advance into -- battlefield management, directing interceptions, developing weapons systems.”

Michael explained, “Google, who's been a longtime partner of the [Defense[ Department, Microsoft, Nvidia, real big companies with proper corporate governance, went through their legal teams and agreed to our terms of all lawful use cases, where Anthropic would not. So that should say something that our terms weren't unreasonable.”

However, last week news stories reported that White House Chief of Staff Susie Wiles personally overruled the Pentagon's supply chain risk designation for Anthropic when it came to the company’s contract with the National Security Agency (NSA), which collects and processes electronic foreign intelligence communications.

The revised Anthropic contract with NSA drops the previously contested "any lawful use" Pentagon language, and adds an explicit clause restricting use of Anthropic tools for processing data on American citizens.

In this case, the White House appears to have supplanted the Pentagon in setting the rules for AI contracts. It remains to be seen how these conflicting decisions will be worked out.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Remembering the Americans Who Made Ukraine’s War Their Own

This Memorial Day, The Cipher Brief is remembering the Americans who answered the call after Russia launched its unprovoked, deadly invasion of Ukraine in February of 2022. What follows is a deeply personal account of the war through the eyes of two Americans who have lived it. This piece was written by Dr. Douglas Davis in cooperation with Colonel Sam Hartwell (Ret.).

PERSPECTIVE / OPINION – I did not set out to become someone who counts or names the dead. But years of working in Ukraine have a way of reorienting what you thought your life was all about. Our families have a high price dating back to 2014, when Russia invaded Crimea and uprising in the Donbas.

My wife’s 25-year-old cousin, Mykola Zabavchuk, was killed while serving as a sniper near Bakhmut in the first summer of Russia’s invasion. We visit his grave and the memorial bearing his posthumous Order of Courage medal from Ukrainian President Volodymyr Zelensky every time we’re in Lviv. It changes you and keeps a solemn perspective on those who are fighting for their freedom.

But the reality is that the loss of Ukrainian lives is tragic but understood, even expected, in the cold calculus of this war. But that’s not the whole story. What we find most difficult to reconcile is this: America says it is not at war in Ukraine - and officially that’s true - yet some of America’s most experienced warriors cannot ignore the call to defend freedom and have volunteered to fight and die there. Very few outside their military community are talking about it.

My collaborator for this article, Sam Hartwell is a West Point graduate and former U.S. Army intelligence officer who has spent much of the past three decades living and working in Ukraine. He knows what I am talking about better than most. He lost one of his closest friends, Mark Paslawsky, a West Point classmate and former 82nd Airborne Division artillery officer on August 19, 2014, in Donbas.

Paslawsky was the first American killed in Russia’s war on Ukraine at the Battle of Ilovaisk. He was posthumously awarded the Order of Danylo Halytsky by then-Ukrainian President Petro Poroshenko. Sam now lives in his friend's former apartment in Kyiv, not far from a memorial wall that bears Mark’s portrait. Sam does not talk about this often. That restraint is itself, a kind of testimony.

As a global health physician, I came to this story through a different door than Sam did. My medical work in Ukraine brought me into close contact with a remarkable and unlikely community: American veterans who came to Ukraine not under orders, not under contract, but under conscience. Many applied the lessons learned in war and national security to fight for freedom alongside Ukrainian brothers and sisters in arms. Others came principally to support humanitarian causes.

Crisis of Conscience

I had the honor of serving on the board of one such humanitarian group, Mountain Seed Foundation, alongside its founder, Lieutenant Colonel Nathan Schmidt, USMC ret., and Navy SEAL Lieutenant Commander Dan Cnossen, USN ret., two Naval Academy classmates whose service in Iraq and Afghanistan, respectively, left marks that never fully heal.

Nathan's wounds are the kind that don't show up in physical exams. He came home carrying the weight and burden of friends and colleagues who were lost both above and below his command, and he built something redemptive from that grief.

Dan's injuries were immediate and visible: both of his legs were taken above the knee by an IED during combat operations. He went on to become one of the most decorated American Winter Paralympians of his generation.

Two different kinds of loss. Two extraordinary responses to it.

Together we have climbed mountains in the Austrian Alps and the Carpathians of Ukraine with Ukrainian veterans and their families, part of a healing process that I will admit freely, has been as transformative for me as for anyone on those steep slopes and ledges. Nathan and Dan are two of the finest human beings I have encountered in my life, and they represent something larger: the remarkable community of similarly extraordinary American veterans who have quietly extended their service into the humanitarian domain long after their official obligations ended.

"Kaprun, Austria at the Mooserboden Dam in Hohe Tauern National Park in Summer 2023. Mountain Seed Foundation ‘climbing to heal’ alongside veterans and Ukrainian Gold Star families in the Austrian Alps. Pictured (left to right): Volunteer Courtney Brilliant, Davis, Lt Commander Dan Cnossen, Lt Colonel Nathan Schmidt, Dr. Davis, MSF co-founder Iryna Prykhodko." Photo provided by Dr. Davis.

I have also encountered American warfighters who, like Sam’s friend Mark, resolved their crisis of conscience over this war by making it their own. Individuals like Bryan Pickens, a twenty-year Special Forces (SF) veteran, left retirement not for a contractor's paycheck but to volunteer to lead a combat and drone team of former US. .Special Operations Forces (SOF) operating in active fighting and training. With Russian language skills and extensive combat experience, Bryan first came to Ukraine in 2019 while still in uniform as an official adviser with U.S. Army Special Forces. He later retired and returned to Ukraine in 2022 as a volunteer. He has not looked back.

The men around him are cut from the same cloth. Xen is an accomplished Navy SEAL veteran, sniper and Ukraine drone pilot who brings to this fight the quiet, fierce conviction that defines the best of that community. Bryan, Xen, and others from their circle first came into my life to provide security for me and my colleagues when our humanitarian work brought us into proximity to the front lines. That practical necessity became something else over time. The relationships deepened into a kind of mutual mentorship, each of us coming to understand this war through the other's eyes, and my admiration for all of them has only grown. We have since written and spoken publicly together trying to convey the urgency of what is happening and to close the gaps in understanding that still persist in Washington and beyond.

Joshua Ransford, a former U.S. Marine and another member of Bryan's team, traces a similar arc. He has been working in Ukraine since early 2022, starting as infantry, reconnaissance, and a sniper before evolving into drone operations as the battlefield transformed into an environment where unmanned systems became decisive. He has led counter-electronic warfare and security for our medical teams, including in situations where we found ourselves amid active drone and missile strikes.

What he, Bryan, Xen and others have taught me about the realities of modern war - far beyond anything the medical spectrum captures - is profound. I may never find the right forum to share all of it. But this account of what’s really happening would not exist without Joshua and the other veteran combatants who have trusted me with what they know. As the conflict with Iran has made clear, the lessons carried by this community are not abstractions. They are operational intelligence that the United States cannot afford to ignore.

The Cost of Showing Up

First of all, let me be clear about what these veterans are and what they are not. They are not mercenaries. They are not reckless adventurers seeking a second act or a story to tell. They are among the most disciplined, experienced, and morally serious people I have ever known, and the war has not made them harder so much as it has made them more clear on the realities that exist. They did not ask to be named or recognized. Those whom Sam and I identify in this account acquiesced to sharing their stories only after persuasion that sharing serves a larger cause. They are unsung American heroes operating in Ukraine as often unpaid, largely unsupported volunteers, at enormous personal risk and at real cost to their lives back home.

That last point deserves a moment of reflection. Veteran volunteers like Bryan Pickens have had to periodically leave Ukraine entirely, return stateside, and take contract work simply to finance their ability to go back. The war does not pause while they earn the money to fight it as volunteers. Nor do their mortgages and other obligations at home.

Incidentally, some readers may recognize Bryan in a different context: he served as a military adviser and a role player alongside Sean Penn in the Oscar-winning film One Battle After Another.

The title is unintentionally poetic. Bryan moves back and forth between that work stateside and a calling that keeps pulling him back to the Ukrainian front. I learned this only after the film debuted, from Bryan's teammates — because self-promotion is not in his DNA, almost to a fault. That is the reality for many of these veterans. Little to no salary. No benefits. No official recognition. Just the conviction that the work matters and the discipline to keep showing up for it. One. Battle. After. Another.

That is no small thing. In a moment when official policy has struggled to match the clarity of the moral stakes, these individuals have provided their own answer. For too many of them, that answer has been written in blood, and paid for with their lives.

In February of 2023, Pete Reed, a former U.S. Marine and seasoned humanitarian worker, was killed in Bakhmut. The New York Times documented his death in detail, as it was caught on film. I knew Pete through the overlapping networks of American volunteers and veterans working in Ukraine, and I arrived in Lviv for one of my early trips of this war on the very day he died. His loss hit his community hard. What the coverage captured was the human cost. What it did not fully capture was an emerging pattern.

Detecting a Quiet Pattern

I began to see that pattern first through Pete, and more so later as I became drawn into the care coordination of several international veterans wounded in Ukraine. Among them was an American Marine veteran named Cristiano Zeledon, who was working in a humanitarian capacity when he was severely wounded in a missile strike on a pizzeria in Kramatorsk in June 2023. That same strike killed several other aid workers, including the celebrated Ukrainian writer and war crimes researcher Victoria Amelina, whose death drew significant international attention and outrage. It also killed American veteran Ian Tortorici, who had been serving in combat with the Ukrainian International Legion.

What the coverage at the time did not report, and what was suggested to those of us working in these networks afterward, is this: a Russian intelligence asset had been monitoring not just the foreign aid workers who were killed in that pizzeria, but specifically, American veterans and they called in the strike to kill them. If true, then this was not just a random act of war. It was a targeted assassination of Americans on foreign soil, planned and executed opportunistically by Russian intelligence.

The attack barely registered in the West, in part because the public visibility of American involvement in Ukraine was being carefully managed as Washington sought to avoid any appearance of escalation. One can also blame the saturated news cycle, which moves rapidly from one atrocity to the next, leaving yesterday's events forgotten before they are fully understood.

It should have registered. Because that strike was not an isolated incident. It was another data point in a pattern the American public has not yet been compelled to reckon with. People like Bryan Pickens and his community helped me see it more clearly and soberly.

Rocki, Tiny & Sandy

That pattern is perhaps best exemplified by retired U.S. Marine First Sergeant Corey Nawrocki, widely recognized as one of the most decorated Americans killed while defending Ukraine. Nawrocki, known as "Rocki" was operating alongside other American veterans when he died in October 2024.

I met an experienced combat operator and medic who goes by the callsign "Tiny” at a medical conference in Kyiv, where his frontline experience helped shape our discussions on the evolving realities of combat casualty care. He later shared the details of Corey's death on the condition of anonymity for security reasons.

Tiny was the primary medic on the mission. When the team crossed into Bryansk, Russia on a sabotage and reconnaissance operation under the direction of Ukrainian Military Intelligence, they encountered a large Russian force. In the firefight that ensued, Tiny was treating a teammate with a gunshot wound to the head when he himself was wounded and evacuated by ATV to a hospital in Semenivka, Ukraine. Corey died courageously and selflessly under heavy fire while attempting to rescue another wounded teammate. The details of his final hours that Tiny shared with me remain among the most sobering things I have encountered in years of working in this war. Tiny shared the account of the battle and of Corey's final moments, which has been corroborated by recordings and testimony from other teammates. I am haunted by what he showed me.

Corey approaches a Russian position during a raid into Bryansk Oblast, Russia. Photos provided by Sandy Nawrocki with permission to publish.

Corey and teammate during a raid into Bryansk Oblast, Russia. Photos provided by Sandy Nawrocki with permission to publish.

Corey Nawrocki, during the raid into Bryansk Oblast, Russia, one of the last images of him alive. Nawrocki, a U.S. Marine Corps veteran and two-time Purple Heart recipient, was killed on October 27, 2024, during the operation while attempting to rescue a wounded teammate. Photos provided by Sandy Nawrocki with permission to use.

But death was not the end of it. Indignity followed. Russian soldiers stood over Nawrocki's body, displayed his military ID, and broadcast the image to the world. A distinguished Marine Corps veteran, reduced to a trophy. His identity paraded before a global audience while his family was still learning what had happened. And it did not stop there.

Following his death, Corey’s mother, Sandy Nawrocki, says she was the target of a deliberate digital campaign of cruelty. In a CNN interview, she described being targeted online after Corey’s death, saying trolls posted a picture of her home and her full address, and in an act that can only be described as calculated brutality, posted smiling emojis on social media posts about Corey. Sandy has also spoken publicly, including at a Congressional Ukraine Caucus press conference, about her son’s sacrifice and the broader toll on American families whose loved ones have fought for Ukraine.

The haunting we already felt only intensified after conversations with Sandy, who faced not only the unimaginable grief of losing her son and the torment of a malicious Russian campaign against her, but a separate and frustrating battle to bring Corey’s body home and secure him a military burial at Arlington National Cemetery. That is a struggle that never should have happened. It tells you something important about how this country has chosen to account for its sons in Ukraine's war. But stories like these have barely registered in the American news cycle.

Corey was killed alongside three other international volunteers: U.S. veteran Bradley Jennison, known as “Super Dave,” Canadian Mandeep Singh, known as "Poet," and Swedish volunteer Simon Rajakisto, known as "Rauta." These were men who showed up to fight for what they believed in, an ad hoc coalition of Western veterans operating without formal government acknowledgment or protection. That is what makes the repatriation difficult and the propaganda exploitation of their bodies so damning.

Corey's name appears on no official list of American soldier casualties in Ukraine. America has no such list for a war it is not officially fighting. Corey is, in the ledger of this conflict, ambiguous — if not invisible. That ledger is difficult to reconcile, and the numbers we can piece together paint a sobering picture, even if they remain only an approximation of the truth.

The Invisible Ledger

Since February 2022, the United States has officially lost no active-duty service members in Ukraine. That is technically true. What it obscures is something that those of us working on the ground have understood for years: a significant number of America's most elite veterans, including Special Forces, SOF, and similar warfighters, have gone to Ukraine as civilians and have not come home. The New York Times reported at least 92 American veterans killed in action in Ukraine as of September 2025, but many within the community believe the true number is much higher. Online (and unofficial) estimates suggest elite American veteran deaths since 2022 fall somewhere between 100 and 150, and possibly more. No official U.S. entity is keeping count. Because none of them were officially there.

To put that figure in context: the total number of U.S. Special Operators killed across the entire two-decade global war on terror is reported in the low 600s . If current estimates from Ukraine are even close to accurate, the annual rate of loss among American SOF veterans in Ukraine is near or exceeds the per-year casualty rate of the entire war on terror. Read that again. In a war the United States is officially not fighting, America’s top war fighters are dying at a pace that rivals the wars we were officially fighting up to our withdrawal from Afghanistan. And if you were to include veterans coming from other NATO-aligned countries, the numbers increase considerably.

To be clear, this is not a comparison between the war on terror and the war in Ukraine. These are fundamentally different conflicts across every meaningful dimension: geography, doctrine, technology, and geopolitical stakes. Nor is it a comparison between special operators and conventional warfighters. The point is not equivalence. The point is scale, motivation, and the character of the men and women who are making the sacrifice.

A Verdict, Not an Accident

These are not green volunteers swept up in idealism. These are the most capable, most experienced, most thoroughly trained fighters the United States and NATO has ever produced. They have seen war up close. They understand the odds. They are making a deliberate choice, with no orders, little to no salary, no benefits, no official recognition, and no government waiting to bring their bodies home, to put themselves in the line of fire for a country that is not theirs. That choice deserves to be known and understood by the American public.

But the reality is that the American military and political establishment has largely looked away from this reality, partly for legal and diplomatic reasons, partly because acknowledging it complicates the official narrative of non-involvement, and partly because the men and women doing this work are by training and temperament, disinclined to seek attention. They are called quiet professionals for a reason. They do not hold press conferences. They do not post on social media except to the extent necessary to support their volunteering. They go, they fight, they bleed, and when they do not come back, their families grieve privately while Washington issues no statements. And the American public, by and large, has little to no idea they were ever there.

Sam Hartwell lives inside that grief.

He walks past his friend's portrait almost daily. He understands in a way that no policy paper can convey, what it means that America's best are choosing Ukraine. It is not a coincidence or an accident of individual temperament. It’s a verdict.

Sam’s grief is compounded by a particular sorrow that comes not just from personal loss but from watching something he believed in turn away from itself. For soldiers of his generation, witnessing America step back from the principles that have anchored the rules-based international order for nearly a century is professionally and personally devastating in ways that resist easy description. Yet the men we write about here did not abandon those ideals. They did not wait for permission or policy to catch up with their conscience. That is why they came. That is why they stayed.

These veterans have lived and studied warfare and geopolitics at the highest levels. They have operated in every major theater of conflict of the past two to three decades. They have seen what American power can do and what happens when it retreats. They have looked at what is happening in Ukraine with clear eyes and concluded that the stakes are worth dying for. They recognize what a Russian victory would mean for the security architecture of Europe and the world. They understand what it would do to the credibility and readiness of American power at a moment when that credibility is already under strain. They know that the strategic center of gravity for this century is China, and that pressing demands in Latin America, Africa, and the Middle East complicate the math — but that the thread running through this era of great power competition also runs directly through Ukraine. And they understand what hangs in the balance for the rules-based international order that American blood and treasure built across the last century and that is now, for the first time in a generation, genuinely at risk of unraveling.

They are voting with their lives. The least the rest of us can do is count the votes honestly.

The quiet professionals ask for almost nothing except our support. They do not ask to be called heroes, though they are. But the story of what they have given, and what they continue to give, in a war that Washington officially says does not involve American casualties, is one the American people deserve to know. Not to inflame. Not to escalate. But to reckon honestly with what is being sacrificed, by whom, and why.

Pete Reed knew why. Ian Tortoricci knew why. Corey Nawrocki knew why. Sam’s friend Mark Paslawsky knew why. So does every American volunteer in Ukraine, whether they fight or support those fighting for Ukraine's freedom and Ukraine's very existence. So does every name on the memorial wall in Kyiv, and on walls like them across the country. Memorials that most Americans will never see. They all answered the question of why – not with words, but with action.

Eyes Wide Open

The question that remains is what to do with this story. Sam and I make no claim that this account is comprehensive. It is not. Others may interpret what we have described differently than we do. But it is a beginning, a handful of names and stories pulled from a much larger ledger that our country has not yet fully reconciled. We offer them here because they deserve to be named, because the silence around them is not neutral, and because meaningful dialogue, honest reckoning, and sound policy can only follow from what we are first willing to see. And that begins with eyes wide open.

Honoring the fallen is not optional. But to honor them without learning what they learned would be a compounding tragedy.

The lessons carried home from Ukraine by some of our most elite veteran volunteers, written in blood on a battlefield that has become the proving ground for modern warfare, are directly applicable to active duty service members in other theaters of conflict and to the new and emerging threats facing our homeland defenders. It would be a disgrace to leave them unexamined.

Ukraine is doing its part to honor and memorialize the foreign veterans who have fallen on its soil. My friend Vitali Ostapchuk, a retired Ukrainian Military Intelligence officer, has dedicated himself almost entirely to this mission. In addition to memorial walls and other honors for international veteran volunteers across the country, Vitali is working to establish a national memorial to fallen American veterans and other international volunteers in Bucha, not far from the mass grave site marking the Russian massacres that were carried out in the early weeks of Moscow’s full-scale invasion. Sam and I fully support Vitali and his colleagues in this endeavor. I have visited Bucha many times to honor Ukraine’s dead. I will have even more reason to return now to honor our own. Sam and I have suggested that they call the memorial "The Quiet Professionals."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

DHS Has Become Central to American Strategy, But Its Strategy Has Not Caught Up

A generation after 9/11, the homeland has returned to the center of American national security strategy. The 2025 National Security Strategy, the National Defense Strategy (NDS), and last week's Counterterrorism Strategy each push in that direction. Parity is the right destination, but it is also a long road. Closing the distance requires a Department of Homeland Security that can chart its own course over the years it will take. The institutional strategy capable of guiding that transition still does not exist.

The security environment that produced these documents is one where the line between foreign and homeland threats has thinned. Cartels are now treated as national security threats. Fentanyl trafficking is no longer viewed solely as a criminal issue, with its precursors now being classified as weapons of mass destruction. Domestic violent extremism remains a core homeland concern.

America's ongoing conflict with Iran has reinforced the same dynamic. Iranian state-affiliated actors targeted U.S. medical technology firm Stryker in March, and the Cybersecurity and Infrastructure Security Agency (CISA) has issued joint advisories on Iranian cyber actors probing U.S. critical infrastructure. Threats once treated primarily as overseas contingencies increasingly carry direct homeland implications across cyber operations, critical infrastructure security, public gatherings, and lone-actor violence.

The department’s strategic architecture has not kept pace. As Customs and Border Protection (CBP) manages the border, the Coast Guard secures the maritime domain, and FEMA prepares for disasters, DHS still lacks a strategic lodestar capable of aligning its disparate components around a coherent departmental vision.

The first Trump administration did not produce a Quadrennial Homeland Security Review (QHSR). The Biden administration produced the 2023 review six months behind the strategic cycle, and the US Government Accountability Office (GAO) found it deficient against ten of twenty-one statutory requirements. This pattern is institutional, not partisan.

Counter-UAS operations increasingly illustrate how rapidly the homeland security mission is evolving. The mission cuts across CBP at the border, CISA at critical infrastructure, the Secret Service at major events, and the Transportation Security Administration (TSA) in aviation. The FY2026 NDAA extended DHS counter-UAS authorities through 2031, ending years of short-term reauthorization fights, and designated the World Cup and 2028 Olympics as a pilot program for state and local counter-UAS deployment.

With the legal architecture now in place, DHS must build the strategic architecture necessary to operationalize those authorities across components, federal partners, and state and local agencies. Counter-UAS operations are only one of many emerging missions where authorities have outpaced strategy.

The 76-day DHS shutdown earlier this year was the longest in American history. It demonstrated how easily DHS appropriations can fracture around the department’s most politically contentious missions rather than broader enterprise-wide priorities. TSA officers and Coast Guardsmen missed paychecks while FEMA preparedness and recovery operations slowed under mounting resource constraints. The operational consequences continued long after funding resumed, with department officials warning it could take months for components to fully recover.

The final agreement funded most of DHS through September while excluding immigration enforcement. The episode showed how vulnerable DHS remains when its missions are not bound by a coherent strategic framework.

That matters more now than when Congress first mandated the QHSR two decades ago. The department was built for an era defined by post-9/11 domestic protection. American strategic planning was focused outward, with counterinsurgency campaigns in the Middle East and power projection in the Pacific. Homeland security was treated as a defensive enterprise running parallel to it.

That world is gone. The mission set has converged with the American national security strategy itself, and the institutional architecture meant to carry that strategy has not changed with it.

This administration has more reason than any of its predecessors to take the QHSR seriously. No previous White House has positioned DHS this close to the center of its national security identity. The mission set the administration has prioritized runs through DHS components first. A functional QHSR is what would translate that political emphasis into a department capable of executing it. Without a strategic reference point, components will continue defaulting toward inherited institutional habits rather than department-wide strategic priorities.

The fix is institutional. The NDS carries weight because it sits at the top of an institutional chain. Serving as the Pentagon's unifying strategic reference, it forces priority trade-offs the department cannot defer. It connects directly to resourcing decisions that translate strategy into what the military buys, builds, and deploys. Congress also chartered an independent commission to review each NDS and test its logic and resource assumptions in public. Congress should give the QHSR the same architecture: a strategy that pulls components into coherence, priorities that drive resource decisions, and an independent commission that scrutinizes its logic.

As the youngest department in the national security apparatus, DHS's strategic infrastructure remains underdeveloped relative to the mission it now carries. A Goldwater-Nichols-style restructuring will eventually come when the politics allow it. Until then, anchor the department around a credible QHSR. A strategy with the architecture Congress has already built around the NDS would not require reorganizing components or rewriting authorities. It would require Congress to treat DHS strategic planning with the same rigor it applies to defense strategic planning.

While America's strategic turn inward is underway, parity will not arrive on its own. The strategy documents prescribe missions for a DHS that does not yet exist. Without a working QHSR, the gap between presidential ambition and institutional coherence will continue to widen.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Norman T. Roule

Back to top