The Cipher Brief

OPINION — A generation after 9/11, the homeland has returned to the center of American national security strategy. The 2025 National Security Strategy, the National Defense Strategy (NDS), and last week's Counterterrorism Strategy each push in that direction. Parity is the right destination, but it is also a long road. Closing the distance requires a Department of Homeland Security that can chart its own course over the years it will take. The institutional strategy capable of guiding that transition still does not exist.

The security environment that produced these documents is one where the line between foreign and homeland threats has thinned. Cartels are now treated as national security threats. Fentanyl trafficking is no longer viewed solely as a criminal issue, with its precursors now being classified as weapons of mass destruction. Domestic violent extremism remains a core homeland concern.

America's ongoing conflict with Iran has reinforced the same dynamic. Iranian state-affiliated actors targeted U.S. medical technology firm Stryker in March, and the Cybersecurity and Infrastructure Security Agency (CISA) has issued joint advisories on Iranian cyber actors probing U.S. critical infrastructure. Threats once treated primarily as overseas contingencies increasingly carry direct homeland implications across cyber operations, critical infrastructure security, public gatherings, and lone-actor violence.

The department’s strategic architecture has not kept pace. As Customs and Border Protection (CBP) manages the border, the Coast Guard secures the maritime domain, and FEMA prepares for disasters, DHS still lacks a strategic lodestar capable of aligning its disparate components around a coherent departmental vision.

The first Trump administration did not produce a Quadrennial Homeland Security Review (QHSR). The Biden administration produced the 2023 review six months behind the strategic cycle, and the US Government Accountability Office (GAO) found it deficient against ten of twenty-one statutory requirements. This pattern is institutional, not partisan.

Counter-UAS operations increasingly illustrate how rapidly the homeland security mission is evolving. The mission cuts across CBP at the border, CISA at critical infrastructure, the Secret Service at major events, and the Transportation Security Administration (TSA) in aviation. The FY2026 NDAA extended DHS counter-UAS authorities through 2031, ending years of short-term reauthorization fights, and designated the World Cup and 2028 Olympics as a pilot program for state and local counter-UAS deployment.

With the legal architecture now in place, DHS must build the strategic architecture necessary to operationalize those authorities across components, federal partners, and state and local agencies. Counter-UAS operations are only one of many emerging missions where authorities have outpaced strategy.

The 76-day DHS shutdown earlier this year was the longest in American history. It demonstrated how easily DHS appropriations can fracture around the department’s most politically contentious missions rather than broader enterprise-wide priorities. TSA officers and Coast Guardsmen missed paychecks while FEMA preparedness and recovery operations slowed under mounting resource constraints. The operational consequences continued long after funding resumed, with department officials warning it could take months for components to fully recover.

The final agreement funded most of DHS through September while excluding immigration enforcement. The episode showed how vulnerable DHS remains when its missions are not bound by a coherent strategic framework.

That matters more now than when Congress first mandated the QHSR two decades ago. The department was built for an era defined by post-9/11 domestic protection. American strategic planning was focused outward, with counterinsurgency campaigns in the Middle East and power projection in the Pacific. Homeland security was treated as a defensive enterprise running parallel to it.

That world is gone. The mission set has converged with the American national security strategy itself, and the institutional architecture meant to carry that strategy has not changed with it.

This administration has more reason than any of its predecessors to take the QHSR seriously. No previous White House has positioned DHS this close to the center of its national security identity. The mission set the administration has prioritized runs through DHS components first. A functional QHSR is what would translate that political emphasis into a department capable of executing it. Without a strategic reference point, components will continue defaulting toward inherited institutional habits rather than department-wide strategic priorities.

The fix is institutional. The NDS carries weight because it sits at the top of an institutional chain. Serving as the Pentagon's unifying strategic reference, it forces priority trade-offs the department cannot defer. It connects directly to resourcing decisions that translate strategy into what the military buys, builds, and deploys. Congress also chartered an independent commission to review each NDS and test its logic and resource assumptions in public. Congress should give the QHSR the same architecture: a strategy that pulls components into coherence, priorities that drive resource decisions, and an independent commission that scrutinizes its logic.

As the youngest department in the national security apparatus, DHS's strategic infrastructure remains underdeveloped relative to the mission it now carries. A Goldwater-Nichols-style restructuring will eventually come when the politics allow it. Until then, anchor the department around a credible QHSR. A strategy with the architecture Congress has already built around the NDS would not require reorganizing components or rewriting authorities. It would require Congress to treat DHS strategic planning with the same rigor it applies to defense strategic planning.

While America's strategic turn inward is underway, parity will not arrive on its own. The strategy documents prescribe missions for a DHS that does not yet exist. Without a working QHSR, the gap between presidential ambition and institutional coherence will continue to widen.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The G-2: Takeaways from Trump's Trip to Beijing

By most accounts, President Donald Trump’s trip to Beijing ended ambiguously for the U.S. From Air Force One on his way back to the U.S., Trump touted a few concrete achievements that include an agreement for Beijing to purchase $17 billion per year in U.S. agricultural products and a purchase of 200 Boeing aircraft. Beijing’s final read out of the visit did not directly confirm those agreements but did acknowledge a mutual desire to promote “expanded two-way trade”. Chinese President Xi Jinping used the visit to reinforce Beijing’s narrative that China and the United States are co-equal global powers, even referring to the two countries as “the G-2.” But despite the lack of clarity around more urgent issues such as China’s potential role in resolving the Iran conflict or U.S. support for Taiwan, the trip was certainly significant. As many have observed, it is a positive step any time the leaders of the two most powerful countries meet for dialogue. As the U.S.’ only near peer adversary, the relationship with China, including the competition in economic, technology and military domains is the most consequential bi-lateral relationship the U.S. has by a wide margin.

The diplomatic choreography that followed the Trump- Xi summit was equally significant. Soon after Trump’s visit, Russian President Vladimir Putin traveled to Beijing for what was described as a “warm” and “substantive” meeting with Xi. The two leaders have now met more than 40 times, underscoring the depth of the China-Russia relationship. For Xi, the back-to-back meetings with a strategic rival and one of China’s closest partners offered a powerful opportunity to cast Beijing as a stabilizing force in the world at a time when both Washington and Moscow are managing active wars and mounting geopolitical pressure.

Following their summit, Xi and Putin issued a joint statement criticizing what they called “irresponsible” U.S. foreign policy, including a direct reference to Trump’s planned “Golden Dome” missile defense program. Xi also described China-Russia relations as being at an “unprecedented high,” reinforcing the message that Beijing sees its partnership with Moscow as central to its broader challenge to U.S. influence.

For Trump and Xi, the diplomatic track is expected to continue, with a potential Xi visit to the White House in September.

But the Beijing summit left unresolved the larger question at the center of U.S.-China relations: whether a shared interest in stability can meaningfully reduce the risk of confrontation, particularly over Taiwan.

Xi Tries to Show the World China Is America’s Equal

The larger message Xi appeared intent on sending throughout Trump’s visit was that China is no longer a junior power-seeking accommodation from Washington, but a peer competitor that expects to be treated as an equal leader of global order.

Chinese state media framed the summit as a diplomatic win for Beijing, emphasizing that the relationship now operates “on a more equitable basis” and portraying Xi as an equal - if not a more disciplined and strategic - counterpart to Trump. Beijing’s growing confidence in its own position was evident throughout the visit. Xi did not appear compelled to offer major concessions and instead used the moment to reinforce China’s position that the world’s two superpowers have a shared responsibility to manage competition and preserve stability.

That message drew heavily on the logic of the “Thucydides Trap” - the idea that conflict between a rising power and an established power is not inevitable but becomes more likely if rivalry is mismanaged. Xi’s public emphasis on competition, cooperation and “strategic stability” was designed to present Beijing as both confident and restrained: prepared to compete with Washington, but eager to avoid open confrontation.

The rhetoric was notable because it marked a shift from Beijing’s posture just a few years ago, which during the Biden-Xi summit appeared more resistant to the idea of “managed competition”. Like the Trump-Xi summit, the Biden-Xi dialogue similarly sought to establish guardrails to prevent strategic rivalry from escalating into direct military conflict, but at the time, Beijing rejected that framework as a veiled effort to contain China. Xi’s willingness now to publicly embrace the language of competition and strategic stability suggests that Beijing may see advantage in adopting the terminology - particularly if it reinforces the perception that China is negotiating with the United States from a position of parity.

Against that backdrop, we asked two Cipher Brief experts and longtime China watchers how they interpreted the Trump-Xi summit, particularly Xi’s willingness to publicly accept the language of “competition,” and what the summit signaled on the critical question of Taiwan.

Ambassador Joseph DeTrani

Ambassador Joseph DeTrani served as the U.S. Representative to the Korea Energy Development Organization (KEDO), as well as former CIA director of East Asia Operations. He also served as Associate Director of National Intelligence and Mission Manager for North Korea, was the Special Envoy for the Six-Party Talks with North Korea, and served as the Director of the National Counter Proliferation Center, ODNI. He currently serves on the Board of Managers at Sandia National Laboratories.

Rear Adm. (Ret.) Mike Studeman

Rear Adm. (Ret.) Mike Studeman was former Commander of the Office of Naval Intelligence. He also served as Director of the National Maritime Intelligence-Integration Office (NMIO) and as principal advisor to the Director of National Intelligence as National Intelligence Manager-Maritime, as well as the Director of Intelligence (J2) at U.S. Indo-Pacific Command, Honolulu and Director of Intelligence (J2) at U.S. Southern Command, Miami (2017-2019.)

On the US-China Relationship

What is your overall reaction to the summit and is Xi now more confident in China’s relationship with the U.S. and less concerned about whether that is interpreted as trying to contain China?

Detrani

I think Xi Jinping and China feel very good about the summit. I think we should feel relatively good about the summit. I think the president managed it well. We don't have the particulars on what was discussed. We did see very clearly that Xi Jinping prioritized Taiwan, but we don't have the particulars on our side. But I think overall, the summit went well.

Studeman

The CCP remains perennially allergic to allowing any other power, especially the U.S., dictate the language describing the Sino-U.S. relationship. For the Chinese, words carry great meaning. Whoever crafts the narrative, controls their destiny. Naming things is information superiority in action. The key phrase Xi used is "moderated competition," which is designed to show that Beijing is willing to absorb more friction in the U.S. relationship to protect its interests. The new verbiage essentially recognizes U.S. attempts to derisk, diversify, and distance itself from a deleterious overreliance on China. Xi's "moderated competition" signals his effort to stop the death spiral of unrestrained weaponization of interdependence and prevent any hasty departure from China by corporate America. The Chinese idea is to keep clinching the U.S. economically (intertwining like boxers trying to prevent the other from swinging a free arm), while not letting the increasingly tough choices that Washington and Beijing are forced to make spill over into outright confrontation. Using the word "competition" also makes it seem as if the superpower contestation is governed by transparent rules and fair play, which of course it isn't given Beijing's model of a state-driven market and other consequential distortions of global trade practices, including continued massive intellectual property theft. The CCP hopes American journalists, commentators, and political leaders begin adopting the "moderated competition" phrase, which would be a huge psychological warfare win for Beijing, particularly if it tranquilizes the White House into softening its strategic choices related to the Sino-U.S. rivalry.

The US-Taiwan-China Relationship

Taiwan emerged as the most consequential issue of the summit. Analysts note that despite the friendly nature of the talks, Xi’s warning to Trump on Taiwan underscores the longstanding rivalry between Washington and Beijing on the issue of Taiwan.

Following meetings with Xi, Trump declined to clearly commit to future U.S. arms sales to Taiwan or direct military defense of Taiwan in a cross-strait conflict. When questioned by reporters if the U.S. would defend Taiwan if it came to it, Trump answered, “I don’t want to say that. I’m not going to say that” adding later that, “I’m not looking to have somebody go independent, and we’re supposed to travel 9,500 miles to fight a war. I’m not looking for that.”

A $14 billion arms sale to Taiwan is also currently awaiting Trump’s approval. Following the Beijing Summit, Trump described the potential arms sale as a “very good negotiating chip” with China, adding that he needs to speak with the President of Taiwan, Lai Ching-te. He revealed that he and President Xi talked at great length about Taiwan, and notably, the Taiwan arms package. Trump said he would “make a determination over the next fairly short period” on whether he would approve the deal. When asked about the Six Assurances, the 1982 agreement that the U.S. would not consult with China on U.S. military support to Taiwan, Trump downplayed the longstanding norm observed by all previous U.S. presidents, saying, “So what am I going to do? Say ‘I don’t want to talk to you about it?’ Because I have an agreement that was signed in 1982? No, we discussed arms sales.”

This is a familiar practice Trump has used with allies before- framing an issue as more transactional than ideological. His emphasis on maintaining “the status quo” rather than backing Taiwanese independence reinforced concerns in Taipei and among U.S. allies that Taiwan could in fact become a bargaining chip in broader U.S.-China negotiations. Following Trump’s remarks, Taiwan’s government issued a statement reiterating that not only are arms sales to Taiwan a matter of security and deterrence for the U.S., but they are also stipulated in the Taiwan Relations Act.

Trump’s foreign policy messaging is obviously much less predictable than that of previous administrations, but what it means in terms of Taiwan and whether it points to the White House potentially prioritizing short-term U.S.-China stability over steadfast support for Taiwan remains to be seen.

US-Taiwan Relations Following the Trump-Xi Summit

How do you assess the impact to US-Taiwan relations following the Trump-Xi summit? What’s your reaction to Trump breaking with norms and discussing potential U.S. military arms sales to Taiwan, with Xi Jinping?

Detrani

I think the president handled it well enough and I think understandably he responded to Xi Jinping's comments on it. I think Xi understands very clearly the six assurances that President Ronald Reagan memorialized 1982. This was to reassure the [US] Congress and the American people and Taiwan that the United States would be there for Taiwan. This was President Ronald Reagan making it very clear, we're not walking away from arm sales. And this is between the United States and Taiwan. So, it's a very powerful memorialized document in the archives. But I think the president responded to Xi Jinping and I think Xi skillfully brought this up because this was the one issue Xi wanted to pursue with vigor during his summit discussions with President Donald Trump.

Overall, I don't think there were any big surprises. Although Xi made it very clear that there's one primary issue between the U.S. and China, and that's Taiwan and he made that the core element of the summit. So, I think China and Xi feel very good about the summit. I think they've accomplished what they wanted to accomplish. Xi is on the world stage, he's got the President of the United States saying some very nice things about him and the U.S. relationship with China. Xi made it very clear that Taiwan is something that the two sides must get right, otherwise we can have conflict, and we can go to war.

Studeman

Readouts from the summit indicate the President told Xi he did not support Taiwan independence or a change in the status quo, which aren't new policy positions. Multiple Presidents have said the same. But in a significant breach of one of the longstanding 1982 Six Assurances to Taiwan developed under President Reagan, specifically that the U.S. "has not agreed to consult with the PRC on arms sales to Taiwan," Trump flung open the door to letting the CCP negotiate down any foreign military sales deals with Taipei. Trump's aim is to use the Taiwan arms sales issue as a bargaining chip for a better trade deal and China's help in pressuring Iran to end the war. This shift in policy represents one of the biggest wins for China from the summit. China already leveraged its KMT proxies in Taiwan's Legislative Yuan (parliament) to weaken Taiwan's defense bill from $40B to $25B over the next five years, and now China is in the driver's seat to extract further arms sales concessions. These "inside out" and "outside in" successes for Beijing will only end up weakening Taiwan relative to rising PLA capability and presence around the island, in turn reducing strategic deterrence against Chinese aggression in any form.

The US, China and Artificial Intelligence

Despite the attendance of several U.S. tech CEOS, there were no breakthroughs on tech, and little evidence of a concrete technology framework or export-control agreement. The U.S. and China remain firmly positioned on the competitive side of emerging technology. Trump did state that the two sides “talked about possibly working together for guardrails” on AI, describing them as “standard guardrails that we talk about all the time”. During the visit, China’s Foreign Ministry and Chinese media portrayed the U.S. and China as equally leading in AI models, computing power, and ecosystems.

Just before the Beijing Summit, Washington approved the sale of Nvidia’s advanced H200 chips to China, a move that has long been contested by national security and China hawks. However, China has not yet signaled any commitment to buy H200 chips. U.S. Trade Representative Jamieson Greer said it was up to Beijing whether Chinese companies would make more purchases from the American chip giant.

How should we interpret the US decision to sell H200 chips, and the Chinese decision, so far, not to buy them?

Detrani

I think China is feeling good about their progress on artificial intelligence and the work they're doing and now they have the option of purchasing these H200 semiconductors which would be very helpful to them with their work on artificial intelligence. I think, Xi Jinping's strategy on artificial intelligence competition with the U.S. may be to show the world that this is not the China of the 19th century or the 20th even, but this is the new China. I think the Nvidia chips announcement is something Xi has in his pocket now and he probably feels that this is an option that he can use whenever he needs it.

Studeman

The PRC is becoming more self-reliant in indigenizing its key industries, including by stealing tech secrets and coopting foreign engineers, steadily eroding the chip gap. Given its paranoia about backdoors, dead switches, or info tech corruption of any sort, the PRC remains leery of becoming dependent on distrusted foreign suppliers as it rushes to catch up on raw compute power. At the same time, the PRC has achieved scale in less capable chips and is achieving tangible progress in developing more advanced ones. If China buys more Nvidia chips, it will be more likely to curry favor with the U.S. and keep an open door to future tech transfers.

Annabelle Darby contributed to this report

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

A Tale of Two Straits: Sweden and Denmark are in a Position of Power Over Russia

OPINION — Two straits, six thousand kilometers apart, are defining the global balance of power in 2026. The first, Hormuz, is closed by force and heavily impacting the world economy. The second, the Øresund, is open, and through it passes 60% of the oil that funds Russia's war in Ukraine. One chokepoint is being used against the West; the other could be used to protect it. The difference is not legality, capability, or geography; it is political will. And as the conflict in Iran has consumed Washington's attention, the question of whether Europe will close the Øresund Strait to Russia's shadow fleet could become one of the most consequential decisions in Europe.

The Strait of Hormuz is 54 kilometers wide at its narrowest point, with 20% of the world's seaborne oil passing through it. After US and Israeli strikes on Iran and Iran's retaliation, it has been closed, held shut by a combination of high-end US warships and aircraft on one side and large-scale, low-cost Iranian sea mines and missiles on the other. The asymmetry is itself a lesson: a regional power with cheap munitions can deny a waterway against the most advanced navy in the world.

The consequences arrived quickly with oil passing $120 per barrel, which the IMF called the largest oil supply disruption in history. Kuwait, Iraq, Saudi Arabia and the UAE cut production of both oil and fertilizer because of a lack of available storage and without an ability to export it. East Asia, who gets a majority of its oil from the Middle East, has been badly hurt. The deepest damage, though, is in South Asia and Africa, where it translated into higher fertilizer prices, higher food prices, and empty shelves.

Iran will not reopen the strait while under military threat. Washington will not pull back while Tehran pursues a nuclear weapon. Both governments accept the global cost of the standoff and neither signals willingness to change their stance. The lesson is that a strait only tens of kilometers wide can do more to reshape the global economy than years of sanctions, summits, or shooting wars. Geography, used correctly, is leverage.

In May Donald Trump arrived in Beijing for the first US presidential visit to China in nearly a decade. The two leaders spoke of being "partners, not rivals." Although the choreography was immaculate, the substance was thinner. While trade deals were signed, both leaders affirmed that the Strait of Hormuz must be reopened. This was an unsurprising position, given that China depends heavily on Persian Gulf oil.

The summit is best read not as a negotiation but as two rivals agreeing that open confrontation has become too expensive, and looking for a way to coexist without conceding anything that matters.

European capitals watched with growing unease. Ukraine was not on the agenda. Neither was enforcement against Chinese firms supplying the Russian war economy. No joint language on Russian sanctions emerged, and no European leader was in the room. What Europe's leaders saw was something many had already suspected: Washington and Beijing are arranging a coexistence between themselves, and the multilateral order Europe is left out.

Europe is now responsible for its own security and its own pressure on Russia. And one of the most powerful tools they can use is geography.

Map of showing NATO member countries around the Baltic Sea after Sweden joining (Graphic by Valentin RAKOVSKY and Valentina BRESCHI / AFP via Getty Images)

Three thousand kilometers from Iran, Russia is stuck in a war of attrition with Ukraine, and with an economy that is hurting. Official 2026 growth was revised down to 0.4%, a figure many Western analysts deem falsified. Real wages are stagnant against high inflation. Its oil and gas industry is reporting sharp declines in profit. Ukrainian drone strikes on export terminals in the Baltic and Black Sea have already cut Russia's oil export capacity by roughly a million barrels per day, close to 20%.

Oil and gas are the foundation of the state with roughly a quarter of all government revenue, which funds the military, sustains the loyalty of the elite, and keeps basic services running. Putin's choice to keep Russia structurally dependent on oil is a regime strategy. A diversified economy would produce independent wealth, independent power centers, and political constituencies the Kremlin does not control.

The strategy is beginning to show strain. Money that once flowed to well-connected Russians is now flowing to the war. The elites and media are starting to complain publicly. Putin's regime can absorb financial pressure, but not financial pressure that turns the country against him. That is the pressure Europe is in a position to apply.

The opportunity is unusually clean. A consistent campaign of boardings and inspections in the Øresund could cut between a third to half of Russia's seaborne oil exports. No budget maneuver could replace that revenue. Russia's war funding would face a shortfall it could not absorb, and the political costs inside Russia would drastically sharpen.

The legal authority is already in place. Ships sailing under false flags, without valid insurance, or on sanctions lists can be lawfully stopped and inspected under existing maritime law. Sweden and Denmark control both shores of the strait. Acting in coordination, they can make it practically impossible for sanctioned vessels to transit, without firing a shot and without stepping outside the rules-based order they have spent decades defending.

What has been missing is political will. Denmark is hesitant, both to protect commercial interests and out of concern about Russian retaliation. Moscow has worked to keep that concern alive, and is actively using naval assets to project power.

Sweden has over the past three months taken a more active approach with five boardings of shadow fleet vessels done by a mix of Coast Guard, the National Task Force and unnamed military units. Boldness, once demonstrated, is contagious.

The next step is to make this routine. Every vessel transiting the Øresund under a false flag, without valid insurance, or on a sanctions list should be inspected. Sweden has proven its agencies can execute these operations. Denmark, on the other shore, has the same legal authority and strategic interest. Coordinated action would convert the Øresund from a loophole in the sanctions regime into the choke point it geographically already is.

The wider Ukrainian campaign is already in motion elsewhere. From bases in Libya, Ukrainian naval drones have struck Russian shadow fleet vessels in the Mediterranean. This is part of a deliberate Ukrainian naval strategy aimed at the economic infrastructure of the Russian war effort.

Hormuz has demonstrated, at enormous global cost, how a single narrow waterway can reshape the calculations of governments. Beijing has demonstrated that even the world's two largest powers will look for an exit when the price of confrontation becomes high enough. Putin has not yet reached that price. The Øresund is an important opportunity.

What remains is the political decision to treat the Øresund as a chokepoint for Russia's illicit oil trade. Unlike the deserts of the Middle East or the frozen lines of the Donbas, the Øresund is a place where Sweden and Denmark hold the keys, and where international law is already on their side.

The question is no longer whether Europe has the tools to pressure Russia without American leadership. The question is whether Europe will use them.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran's Digital War Machine Targeting U.S. Infrastructure

The first missile strikes hadn’t even cooled before Iranian-linked hackers were moving. When the U.S. and Israel launched military operations against Iran on February 28, 2026, Tehran’s cyber forces answered not with silence but with a systematic campaign against American infrastructure, one that has since moved well beyond reconnaissance into confirmed, disruptive attacks on United States soil.

The most striking blow came on March 11, when the Handala group — widely assessed as a front for an IRGC-sponsored threat actor — hit Michigan-based medical technology giant Stryker, wiping nearly 80,000 Windows devices, stealing 50 terabytes of data, and causing severe disruptions that materially impacted the company’s first-quarter earnings. Emergency responders across Maryland lost access to the electrocardiogram transmission system used to relay patient data to hospitals. The FBI later seized two domains that Handala used to leak the stolen data. It was, analysts noted, only the beginning.

Israel wiped out a major military hub in southeastern Tehran, hitting a site that Western intel says was the nerve center for the IRGC. The facility didn’t just house the Quds Force and Basij; it served as the literal “brain” for Iran’s global hacking campaigns and internal security operations.

The facility coordinated intrusion campaigns against adversaries across multiple continents. Yet even as satellite imagery confirmed the compound’s destruction, cybersecurity analysts were documenting a spike in reconnaissance activity emanating from Iranian-linked networks.

Tehran’s digital arsenal has proven more resilient than the bombing runs suggest. Handala — the persona behind the Stryker attack and now assessed as a front for Void Manticore, an MOIS-affiliated state actor — exemplifies exactly this. It operates as a hack-and-leak engine optimized for psychological disruption: breaking into accessible systems, wiping data, and timing the release of stolen material to maximize pressure on targets.

The earlier assassination of Deputy Intelligence Minister Seyed Yahya Hosseini Panjaki, once the man pulling the strings behind Handala and Karma Below, did not collapse the operation. Rather than dissolving, the apparatus evolved.

“State-aligned threat actors began utilizing out-of-band communication methods and alternative infrastructure, such as Starlink IP ranges, to bypass the degraded domestic grid,” JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief.

In simpler terms, Iranian hackers quickly shifted to alternative internet connections and encrypted communication channels that operate outside Iran’s damaged infrastructure, allowing cyber operations to continue even as domestic networks faltered.

Critical Infrastructure in the Crosshairs

The fallout from the February strikes has moved well past network probing. Iranian-linked hackers have successfully targeted and disrupted multiple U.S. oil, gas, and water sites — forcing some facilities to abandon automated systems entirely and operate manually, triggering financial losses, and, in some cases, deploying destructive wiper malware designed to erase data from victim networks. The IRGC’s CEC-affiliated group CyberAv3ngers has been confirmed to be targeting programmable logic controllers across U.S. government facilities, water and wastewater systems, and energy sectors — exploiting internet-facing industrial devices to create openings not just for disruption but for modifications to operating parameters with direct physical consequences. The campaign represents an escalation: where earlier Iranian cyber operations tested access, these attacks are weaponizing it.

Past operations attributed to IRGC-affiliated hackers include the 2011–2013 distributed denial-of-service attacks against major U.S. banks that disrupted online banking services for millions of customers. There was also the 2013 intrusion into the control systems of a small dam in New York, which demonstrated that Iranian hackers could potentially manipulate physical infrastructure.

“Iranian cyber strategy has consistently prioritized the targeting of ‘low-hanging fruit’ within critical infrastructure sectors where high societal impact can be achieved with relatively low-sophistication techniques,” Castellanos tells The Cipher Brief.

Much of this activity now comes from pro-Iran and pro-Russian hacktivist groups working in coordination. The current wave of activity suggests that Iranian operators are positioning themselves for potential retaliatory strikes, while American defense agencies operate under constrained circumstances.

“The Cybersecurity and Infrastructure Security Agency has been hampered by budget cuts, a significantly reduced workforce, and a lack of leadership over the last year,” Dave Chronister, Founder of Parameter Security, tells The Cipher Brief. “What makes it worse is that many of the remaining staff were effectively reassigned to support immigration enforcement operations rather than protecting critical infrastructure. That’s a significant misalignment of mission at exactly the wrong moment.”

The numbers now on record make that assessment concrete. CISA’s FY2026 budget dropped to $2.4 billion, with 2,649 funded positions, down from $3.0 billion and over 4,000 positions the prior year. By January 2026, the agency had logged at least 998 departures, layoffs, and transfers since the administration took office. The Trump administration also moved to reprogram $144 million from CISA’s 2025 budget to Immigration and Customs Enforcement operations.

Now, a proposed FY2027 budget would cut an additional $707 million. During an ongoing DHS shutdown, the acting CISA director has publicly stated that the agency cannot conduct the outreach and preparatory work necessary to counter cyber threats.

“The lapse of appropriations at CISA is impacting the depth and consistency of information sharing about Iranian cyber threats as well as coordinated planning for attacks that may occur,” Bob Kolasky, Senior Vice President at Exiger and founding director of CISA’s National Risk Management Center, tells The Cipher Brief.

Soft Targets and Hard Truths

Many water utilities, hospitals, and local governments still run unpatched systems with known vulnerabilities — exactly the soft targets Iranian hackers seek.

“Generally speaking, the most significant threat right now is what we call the n-day. These are known, but unpatched vulnerabilities, and Iranian threat actors are very aggressive at trying to exploit them,” Chronister points out.

The financial sector, despite its resources and experience defending against nation-state threats, remains vulnerable.

“Of all our critical sectors, the financial system is probably best positioned to weather an escalating Iranian threat, but ‘best positioned’ is not the same as immune,” Chronister says. “The sectors that keep me up at night are healthcare, industrial operations such as energy utilities, water systems, manufacturing, and non-federal government agencies. Those are the soft spots, and adversaries know it.”

The Stryker attack put the abstract into concrete terms. When Handala hit the Michigan-based medical technology giant on March 11, Maryland emergency responders lost access to the Lifenet system used to relay electrocardiogram data to hospitals, prompting a statewide alert that instructed EMS clinicians to switch to radio consultation.

The attack wiped nearly 80,000 Windows devices, stole 50 terabytes of data, and materially impacted the company’s first-quarter earnings. The FBI later seized two domains that Handala used to leak the stolen data. It is precisely the community-level harm the experts had forecast — now documented, not hypothetical.

Kolasky’s assessment aligns with this hierarchy of vulnerability.

“The Iranian playbook seems to suggest taking advantage of vulnerabilities in weaker parts of critical infrastructure cyber defenses. These include under-resourced sectors such as water and wastewater, food and agriculture, government services and healthcare, as well as areas of outdated technology, which can include operational technology,” he underscores.

In a conflict scenario, Tehran aims to harm critical functions that affect daily life across American communities. Water systems are failing. Hospitals are losing access to patient records. Local government services are grinding to a halt. These scenarios represent asymmetric warfare designed to erode public confidence and create pressure on policymakers without crossing thresholds that might trigger an overwhelming military response.

The Reach of Tehran’s Digital Operations

This geographic dispersion makes Iran’s cyber apparatus resilient to kinetic strikes like the weekend bombing.

“Cyber warfare depends far more on people than on high-end equipment, which means these operations can be dispersed across dozens of physical locations, down to a single operator working from a laptop,” Chronister tells The Cipher Brief. “While targeted strikes no doubt disrupt Iran’s overall tempo, the distributed nature of cyber makes total elimination of the apparatus virtually impossible.”

That assessment is no longer theoretical. During the twelve-day Israel-Iran conflict in June 2025, analysts from SecurityScorecard documented over 250,000 messages exchanged across 178 active Iranian proxy and hacktivist groups — with phishing campaigns, malware delivery, and data dumps timed precisely to kinetic strikes. Cyberattacks surged 700% within 48 hours of the opening salvos. When Iran’s domestic internet was largely cut off, operators shifted to Starlink and VSAT services to maintain tempo. The lesson was already written before the current conflict began.

Yet physical infrastructure still matters in the opening phases of conflict.

“Physical destruction of infrastructure such as data centers, cell phone towers, satellite communication channels, radar systems — all these systems destroyed or degraded by kinetic strike are usually high priority targets in the start of any conflict, as it prevents Iranian command and control from communication to lower echelon units,” Castellanos explains.

Essentially, destroying the communications infrastructure temporarily prevents Iranian commanders from directing their cyber operators on the ground. Nonetheless, the impact is likely to be temporary rather than decisive. Using alternative networks and encrypted channels to bypass damaged infrastructure entirely, cyber operatives quickly adapt.

“Effective cyber campaigns depend on access to technical infrastructure for carrying out attacks, personnel, and some level of command and control,” Kolasky asserts. “United States and Israeli operations have the proven ability to degrade Iran’s cyber capability and seem to have done so again. The question of how resilient the Iranian cyber warfare apparatus is remains an open one, but, thus far, it seems like we have limited Iran’s cyber offensive ability and, in the short term, I would expect that will remain the case.”

In simpler terms, the strikes have disrupted Iran’s ability to coordinate large-scale cyber operations for now, but it remains unclear how quickly Tehran can rebuild its offensive capabilities.

Meanwhile, Iranian operators have cultivated relationships with cybercriminal groups that provide technical services and operational cover. When Iranian-linked hackers targeted Albanian government networks in 2022, investigators traced the operation through multiple layers of contractors and intermediaries before establishing definitive state sponsorship.

Right now, pro-Russian hacktivist groups such as NoName057(16), the Z-Pentest Alliance and Killnet have joined with pro-Iran groups targeting Israel and its Western allies, launching DDoS attacks against Israeli and United States financial services in coordination with Iranian goals. These attacks aim to disrupt online banking and payment systems, creating public frustration and economic uncertainty while demonstrating Iran’s ability to strike back without firing a missile.

Moreover, DieNet, a pro-Palestinian hacktivist group that emerged in March 2025 and has since claimed responsibility for DDoS attacks against U.S. energy, financial, healthcare, government, transit, and communications systems — deploying DNS amplification, TCP SYN floods, and NTP amplification in operations that intensified following the arrest of activist Mahmoud Khalil.

“This international distribution of operations ensures that even if Iran is ‘offline’ domestically, its ‘second front’ in the cyber domain remains fully operational,” Castellanos tells The Cipher Brief.

Iran’s malicious cyber activities are made more difficult by this operational model, which complicates attribution efforts. Iran uses proxy forces to advance its strategic objectives while maintaining an official distance from their activities as part of its regional strategy. In the cyber domain, this approach allows Iranian intelligence services to conduct operations that would be politically costly if directly attributed to Tehran.

Since the February 28 strikes, Iranian-aligned groups have claimed numerous operations across the Middle East and beyond. Pro-Iran hacktivists have targeted energy infrastructure in Jordan, payment systems in Israel, and government portals across Gulf states. While many claims remain unverified, the volume and coordination of activity suggest a systematic campaign to demonstrate continued operational capability despite the degradation of Iran’s domestic infrastructure.

“It makes it very hard to identify them from a geolocation aspect, as well as identifying the fingerprint of the attack. It creates more resilience in these operations since there is no single point of infrastructure that you can attack,” Chronister tells The Cipher Brief. “It also means that as Iran’s leadership withers, and there is less coordination with their various cyber forces, these groups could act on their own initiative, which will make an already complex situation even worse.”

The loss of centralized control cuts both ways for Iran. Cyber operations conducted by dispersed groups can withstand missile strikes, but rogue proxy groups operating independently may unintentionally escalate conflicts.

Bombing a building does not stop hackers with laptops scattered across multiple countries, which highlights another fundamental challenge. Iranian cyber operatives can resume operations from new locations within hours, rendering traditional military strikes largely ineffective against digital threats.

“Like with proxy terrorist groups, Iran has the ability for a diffuse set of actors to work on behalf of the IRGC cause, but those actors are limited in the scale of what effects they can produce,” he adds. “This diffusion will allow for a continued exploitation of vulnerable systems that I would expect to be targeted for propaganda victories, to shift public opinion, and to cause harm at the community level. This necessitates broad information sharing engagement across critical infrastructure for the United States cyber defense community.”

The threat horizon extends well beyond the immediate conflict. Analysts are now flagging two upcoming high-profile moments on the U.S. calendar, the World Cup in June and the midterm elections in November, as likely priorities for Iranian cyber targeting. Security experts warn the tournament could see a 30 to 40 percent surge in fraud attempts, with Iranian-linked actors expected to focus specifically on airports, transportation systems, and critical infrastructure in host cities. Iran’s track record of infiltrating U.S. systems ahead of strategic moments — elections, geopolitical flashpoints, major public events — suggests these will not be missed opportunities.

The message is clear: Iran’s distributed cyber army may lack the power to cripple America’s infrastructure, but it has more than enough capability to disrupt daily life — and only coordinated defense can stop it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Proscribing the IRGC Will Make Britain Safer

The United Kingdom must act to proscribe Iran’s Islamic Revolutionary Guard Corps, or IRGC, before it’s too late. The IRGC must be proscribed before more places of worship are torched, more citizens are violently harassed, more ambulances intentionally destroyed, more peaceful gatherings threatened. The IRGC has the capability and the intent to harm people on British soil with increasing ease. This threat could be nipped in the bud with the right measures, right now.

The IRGC views the United Kingdom as a permissive environment. For the IRGC, the United Kingdom is not just a place to launder money or recruit British citizens to post the regime’s propaganda on social media, though both are certainly happening there. The IRGC is also conducting hostile intelligence operations, evading sanctions, hiding millions of pounds from illicit shadow fleet oil sales in high-end real estate portfolios, incorporating shell companies, running banned media offices, and sheltering their spendthrift children. And, most recently, the IRGC freely influenced local gangs in London under the banner of Harakat Ashab al-Yamin al-Islamia, or HAYI, to torch and destroy half a dozen Jewish-linked targets there over the span of just a few weeks.

The situation in today’s United Kingdom is not unlike Argentina in 1994. Back then, a young IRGC veteran of the Iran-Iraq War named Ahmad Vahidi worked with local Shi’a militants in Buenos Aires to attack the AMIA Jewish center, killing 85 people. Two years earlier, he had planned an attack on the Israeli embassy there that killed 29 people.

That same Ahmad Vahidi is now leading the IRGC in Iran after the U.S. and Israel killed the previous leaders on February 28, 2026. Vahidi is directing the IRGC to use the same toolkit he personally honed in Argentina to kill, maim, and terrorize people, Jewish or not, in Britain, Belgium, France, and elsewhere across Europe.

The IRGC must be proscribed in Parliament before an AMIA tragedy comes to London. But some argue that proscribing the IRGC may spook Iran into pulling its embassy out of London. Others fear crucial diplomatic and intelligence channels may dry up.

The UK has already sanctioned 1,238 Iranian persons and entities, including sanctions on 84 IRGC affiliates in 2023. And yet Iran’s embassy remains open for business. And so does a branch of the sanctioned, Iran-owned Bank Melli, right across the street from the Whole Foods Market in London’s affluent Kensington neighborhood. Across town, the IRGC’s banker, Ali Ansaari, received the go-ahead to build 33 luxury flats in north London despite UK sanctions specifically designating him the previous year for his help in bringing billions of pounds of IRGC money into British banks. Another beneficiary of the UK’s permissive environment for the IRGC is Mojtaba Khamenei, the erstwhile hidden successor of Iran’s late Supreme Leader. The sanctioned Khamenei counts luxury real estate holdings in London’s Bishop’s Avenue as a crown jewel in his £100 million European real estate portfolio.

Although hundreds of people and entities affiliated with the IRGC are sanctioned by the US, UK, and EU, the IRGC continues viewing the UK as a comfortable place to work. Sanctions are clearly an insufficient antidote to this unscrupulous organization. Sanctions are toothless unless paired with enforcement mechanisms that can cut through the shadowy layers of banks, shell companies, and cutouts the IRGC uses to slip right through onto the streets of London.

Asset freezes under the Sanctions and Anti-Money Laundering Act of 2018 and the Iran (Sanctions) Regulations of 2023 are a helpful start. But, as Bank Melli, Ali Ansari, and Khamenei’s son demonstrate, these measures remain largely ineffectual without actually proscribing the IRGC as a Proscribed Organisation. And with people like Ahmad Vahidi in charge of the IRGC, the clock is ticking ever closer to the next attack on British soil. But none of this is inevitable. Indeed, there is a way to stop it.

Keir Starmer noted recently that he has been “very worried” about the IRGC’s ability to use violent surrogate actors inside the UK. Worry is no substitute for action. And the proper action for this moment is a full proscription of the IRGC. People’s lives depend on it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Limits of Human Oversight at Machine Speed

OPINION — Warfare has always operated at human speed, but we now have the capability to operate at machine speed. The risks are high, but so are the risks of failing to adapt. Our adversaries are moving toward machine speed faster than we are, and the gap is widening faster than our processes can evolve.

Many companies are developing AI tools that accelerate the decision cycle and shrink OODA (Observe, Orient, Decide, Act) loops, augmenting analysts so they can triage alerts, draft courses of action, and surface recommendations in a fraction of the time it used to take. The tools are good and getting better, and the companies building them are doing important work.

But there is a ceiling. So long as a human sits at the “decide” step, the cycle runs at human speed. Augmented human speed, but human speed nonetheless. The AI can compress the observe and orient steps to near-zero, but it cannot compress the human decision process. The human is, in this configuration, the limitation.

That limitation is not inherently a problem. For most of the decisions we care about, we want a human making them. Across most of the defense enterprise, in planning, intelligence analysis, logistics, personnel, and countless workflows where judgment, accountability, and context matter, humans add real value. The argument that follows is not a blanket case for autonomy. It is about a specific class of decisions, in a specific class of operational environments, where the speed differential between offense and defense is becoming the determining factor.

The problem is that our adversaries may not accept the same ceiling. If they are willing to close the loop entirely, letting the machine observe, orient, decide, and act without a human gate, then their cycle runs at machine speed and ours runs at augmented-human speed. Those are not comparable tempos. Orders of magnitude separate them, and the gap is growing.

This is the context for every conversation about keeping humans in the loop. In a contest where one side operates at machine speed and the other does not, a human review step can be both a safeguard and a structural disadvantage. The question is no longer whether we can afford to keep humans in the loop. The question is whether the humans we claim to have in the loop are actually doing anything, and whether their presence reflects meaningful oversight or has quietly become a fiction we maintain because the alternative is uncomfortable.

This is a hard conversation, and hardest on the kinetic side, where autonomous lethal decisions raise questions we are not ready to answer. It is more tractable in cyber. Not because the stakes are zero, but because cyber effects do not place lives directly at stake on the same scale as kinetic strikes. The competitive pressure is already forcing decisions in cyber that the kinetic debate has been able to defer. That is where this piece starts.

The Cyber Case

In cyber, the argument for accelerating decision cycles isn't philosophical. It's arithmetic.

The Zero Day Clock, an industry tracker maintained by a coalition of cybersecurity researchers, measures when the mean time from vulnerability disclosure to first observed exploit crosses key thresholds. The one-year threshold was reached around 2021. One month in 2025. One week and one day were both crossed in 2026. One hour is projected for later this year. One minute by 2028.

The interval between milestones is collapsing. It took roughly four years to go from year-scale to month-scale exploitation, one year to go from month to week, and week to day happened in the same calendar year. Defenders who designed their patch cycles around the assumption of months are now operating against adversaries who weaponize disclosed vulnerabilities in hours.

Cyber operators today use AI tools to work through alerts and incidents faster, and those tools genuinely help. For routine work, the current model of AI surfacing and human deciding is fine. But for a contested environment against a capable adversary moving at the speeds the data describes, the math becomes harder to defend.

Tools that scan codebases for vulnerabilities are not new. What is new is the next step: these tools are starting to generate patches and mitigations for the vulnerabilities they find. The AI identifies the problem, proposes a fix, and routes the recommendation to a human for review before implementation. That review takes time. Not much by human standards, but enormous by the standards of what is happening on the other side.

Anthropic's Mythos preview is one indication of where this is headed. According to Anthropic's published descriptions, Mythos can find zero-day vulnerabilities and exploit them with minimal or no human input, closing the entire kill chain across the MITRE ATT&CK matrix. It is not alone. Google's Big Sleep was reported in late 2024 to have found the first publicly disclosed AI-discovered zero-day in SQLite, found by an AI before any human defender. Anthropic's red team reported in early 2026 that Claude had identified over 500 high-severity vulnerabilities in widely used open-source software, many of which had survived decades of expert review.

As Sean Heelan put it: the limiting factor on a capable state's ability to generate exploits is no longer the number of skilled hackers it can recruit. It is token consumption.

Bruce Schneier, Heather Adkins, and Gadi Evron published a joint essay in 2025 warning that we are approaching a singularity moment for cyber attackers, the point at which AI systems can discover vulnerabilities, write exploits, and launch attacks faster than any human defender can respond. The attackers' AI singularity is well underway; the defenders' is significantly behind. Reasonable people can disagree about how far behind. Few disagree about the direction.

The crucial point is this: just a few years ago, having a human in the loop wasn't really a choice. The technology wasn't capable enough to close the kill chain. AI tools could surface candidates, but the actual decision-making and execution was done by humans because nothing else could. That is no longer true. The technology can now close the chain end-to-end, and in some narrow tasks it can do so better than the humans it is supplementing. Whether to let it is a real question now, not a technical limitation pretending to be a policy choice.

If an adversary's AI can identify a vulnerability and weaponize it in minutes while our response workflow routes the patch recommendation through a human for review, we are not in the same race. The human review step that felt prudent in 2020 is, in some operational contexts, the step that ensures we lose.

This is the easier version of the conversation. The capabilities are concrete, the failure mode is a compromised network rather than a destroyed building, and the competitive pressure is undeniable. And yet even in cyber, we are struggling to have it honestly. Some of that is appropriate caution; some is risk aversion; some is the difficulty of holding AI capability providers accountable in a field evolving faster than the frameworks for evaluating it.

The Kinetic Case

The kinetic version of this conversation is harder because the stakes are final and the cultural resistance is more deeply entrenched.

For most of the history of weapons, humans were the end operators. Small arms, artillery, and dumb bombs all relied on a human for aiming and firing. Laser-guided munitions shifted some of the guidance burden to the technology, but a JTAC on the ground still had to mark the target. GPS-guided munitions moved further; the operator inputs coordinates and the weapon does the rest, but humans still chose what to target. Through every generation, the kill chain was executed by humans because nothing else could.

We are now fielding systems that can handle targeting, firing, guidance, and delivery of effects without a human at any of those steps. The technology has caught up; in some narrow tasks, it has surpassed us. The cultural framing has not. We still talk about autonomous weapons as though the question is whether to cross a line. The line has been moving for forty years, and we have been crossing it incrementally the whole time. What is new is that the technology is now capable of completing the trajectory.

That does not mean we should rush to full autonomy in lethal decisions. It means the conversation we need to have is not "should we ever remove humans from the loop" but "at what point have we effectively done so already, and are we being honest about it?"

What Is the Human Actually Doing?

This is the question the rest of the debate hinges on.

When we say there is a human in the loop, what is the human actually doing? Are they independently verifying or re-doing the AI system's work? If so, it defeats much of the purpose of using the AI. If not, it defeats much, if not all, of the purpose of having the human there. If the answer depends on the situation (which it almost always will), how are we deciding which situations justify fully autonomous action?

These questions have real answers in some contexts. There are workflows where a human reviewer genuinely catches errors the AI missed, including obvious ones the AI is structurally bad at recognizing. This is the most critical reason today, but the errors are becoming fewer and farther between. Human verification can also serve a second purpose: providing the feedback signal that helps train and improve the model. In those contexts, the human in the loop is doing real work, and the right policy is to keep them there. The argument here is not that human oversight is always theater. It is that we need to be honest about which contexts it is and which it isn't.

Consider AI-generated targeting. During an operation, an AI system ingests real-time intelligence feeds (signals, imagery, pattern-of-life data, network traffic) and produces a list of targets. A human is assigned to review the list before strikes are authorized. What does that review actually consist of?

The human does not have time to review all of the intelligence data the AI processed, and could not do it at the speed of the operation even if they had the analytical capacity. What they can do is a sanity check. They can ask whether the targets look roughly like the kind of targets they expect to see and flag obvious errors, the kind that come from the AI getting confused in ways a human would not. That catch is genuinely valuable. They can also provide a feedback signal that, over time, makes the system better. What they cannot do is verify that the AI's reasoning was correct. When speed matters, that limitation becomes a liability.

Reports of the Israeli military's use of the Lavender system during operations in Gaza illustrate what happens when this dynamic meets operational pressure. According to reporting by +972 Magazine and Local Call, lower-level operators faced extreme pressure to strike targets at a high pace and leaned on Lavender to generate target lists they could not meaningfully verify at the tempo demanded. Human review existed in name. In practice, the operators were approving AI-generated decisions they did not have the bandwidth to assess. What they were doing was signing off.

A non-AI parallel sharpens the point. Microsoft's "Digital Escort" program, reported by ProPublica in 2025, was designed to comply with Pentagon restrictions on foreign nationals accessing sensitive systems. Microsoft used lower-cost engineers in China to maintain government cloud systems and hired U.S.-based "digital escorts" to formally implement the code changes on the engineers' behalf. The escorts were less technically skilled than the engineers whose work they were approving and often did not understand what they were implementing. In practice, they rubber-stamped the work. The ‘American in the loop’ was theater.

This is the pattern we should expect with AI systems operating at the edge of human capacity. If the AI is doing work the human could not do themselves, or at a speed they cannot match, the human's role collapses from verification to approval, and under operational pressure, to rubber-stamping. The loop is closed in name only.

When human oversight collapses to rubber-stamping, we end up with the worst of both options. We have slowed the system down, accepting the operational disadvantage of human-speed decision cycles, without preserving the safety benefit that human review was supposed to provide. The risk is still present; we have simply added latency. It is a self-imposed disadvantage with none of the benefits that justified it.

In some current deployments, we already have this dynamic and we are not acknowledging it. The human in the loop comforts us. It satisfies the policy requirement and provides someone to name as the accountable decision-maker after the fact. It does not meaningfully alter what the AI would have done on its own.

Accountability When the Human Can't Keep Up

The accountability question follows directly from the verification question, and it breaks a chain we have relied on for a century.

When a rifle round hits the wrong target, we do not blame the rifle manufacturer; we investigate the shooter. When a dumb bomb misses, we investigate the pilot and the targeting process. When a laser-guided bomb hits the wrong building, we investigate the JTAC, the target designation, and the command chain. When a GPS-guided munition hits a school, we investigate whether the coordinates were correct and whether the targeting cell followed proper procedure. Through every generation, accountability has run to the human operator or the humans in the decision chain above them.

This works because the human operator is meaningfully in control. They choose the target, input the data, pull the trigger. They have both the authority and the capacity to be responsible for the outcome.

Autonomous systems strain this chain. If the human in the loop is functionally rubber-stamping AI-generated decisions made at speeds and against data volumes they cannot independently evaluate, it is not coherent to hold them solely responsible. We can name them as accountable in an after-action review. We cannot credibly claim they were the decision-maker.

This shifts accountability upstream. If the human at the edge cannot meaningfully verify the decision, then responsibility lies more heavily with the people who decided what the system would be allowed to do: the developers, the testers, the commanders who set the authorities, the policymakers who approved the capability for deployment. The operator at the terminal is executing a decision that has, in important respects, already been made.

Developing autonomous control layers and targeting systems is not like developing a rifle. A rifle manufacturer ships a tool and trusts the operator to use it responsibly. An AI targeting system manufacturer is shipping something closer to a decision-maker, a system that will, in practice if not in policy, determine outcomes that human operators cannot meaningfully override. That shift in function requires a shift in how we think about responsibility. The builder does not get to hand off the system and walk away.

This is not an argument against building these capabilities. The companies and labs developing autonomous defense systems are doing essential work, and the United States and its allies need them to keep doing it. It is an argument for building them with full awareness of what is being built and how it is being used. These labs are not just providing tools. They are making strategic and ethical decisions that will shape how force is used. The more honest we are about this, the better the systems will be.

Trust, and the Honest Conversation

We arrive at a gap that defines the current moment. We cannot keep humans meaningfully in the loop at machine speed in every context. We do not yet trust the systems enough to take them out. Both propositions are true.

The temptation is to resolve the gap by picking one side: full autonomy in the name of competitive necessity, or full human control in the name of moral responsibility. Neither is serious. Full autonomy without adequate trust risks catastrophic errors we cannot unwind. Full human control against an adversary at machine speed guarantees we lose before we can control anything.

So why are we struggling to have this conversation honestly? Several reasons, none unreasonable on their own. Senior decision-makers do not yet have the basis to trust autonomous systems with consequential decisions, because the evidence base hasn't been built. Risk aversion in defense institutions is a feature, not a bug; it has prevented many bad outcomes, even if it now imposes costs. We don't have mature frameworks for holding AI capability providers accountable. An autonomous lethal force, even when bounded and tested, raises moral questions that the Department is right to take seriously.

None of this is a reason to avoid the conversation but it is a reason to have it more carefully. That requires building the evidence base for trust. Trust is the product of testing, adversarial red-teaming, operational evaluation under realistic conditions, and accumulated evidence that the system behaves as intended across the range of situations it will face. We do not have this evidence for most of the autonomous capabilities being fielded or contemplated. Building it is not optional, and it cannot be skipped because the adversary is moving fast.

It also requires being honest about which loops have humans in name only. If the human reviewer cannot meaningfully verify the AI's decision, claiming they are in the loop is a fiction. The right response is to either make the human's role genuine, by slowing the system or narrowing its scope so review is possible, or to acknowledge that the decision is effectively autonomous and design the controls and accountability structures accordingly.

And it requires distinguishing between cases. Autonomous patching of a vulnerability in an isolated system is a different decision than autonomous targeting for lethal strikes. We need frameworks that distinguish between reversible and irreversible actions, between contained and uncontained effects, between narrow and broad consequences. A blanket "human in the loop" policy treats all these cases as identical. They are not.

The decision about whether to remove humans from certain loops has, in some narrow domains, already been made by the math. Our choice is whether to acknowledge that and build the systems and accountability structures that make it responsible, or to maintain a comforting fiction until something forces a reckoning we are not prepared for.

The adversaries are not waiting for us to decide.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Intelligence at the Speed of Relevance: Rethinking the Intelligence Cycle for the AI Era

There’s a profound assumption embedded in much of today’s conversation about AI and intelligence: better technology will solve our core problems. We need new infrastructure, better models, and faster processing—all tied to our unique data.

But step inside most intelligence workflows and a different reality emerges.

We are not constrained by what we can collect. We are constrained by what we can prioritize, interpret, and act on in time to matter.

The System Was Built for a Different Problem

The modern intelligence system was designed for a world defined by scarcity. Collection was difficult. Access was limited. Processing was slow. The intelligence cycle—collection, processing, analysis, dissemination—reflected those constraints. It imposed structure, discipline, and rigor on a problem set where information was hard to come by. That system worked because it matched the environment but the environment has changed.

Today, across open sources, commercial capabilities, and traditional collection, we operate in a world of persistent access and expanding data. AI is accelerating that shift, enabling faster processing, broader pattern recognition, and near-instantaneous assessments.

And yet, the underlying system—the way we task, integrate, evaluate, and deliver intelligence—has not fundamentally adapted.

The Constraint Has Moved

Much of the current focus remains on improving inputs: faster infrastructure, better models, more data. These are necessary but insufficient.

The constraint is no longer what we can collect or even what we can analyze. It is how effectively we prioritize what matters, integrate signals across sources, apply judgment at speed, and connect insight to decision in time to matter

In short, the constraint has moved from capability to tradecraft.

AI Is Compressing the Cycle—But Only at the Edges

AI is already changing parts of the intelligence workflow. Signals and geospatial intelligence processing that once took hours can now happen in minutes. Pattern recognition is functionally limitless and immediate. The era of the needle in the haystack is over. Draft assessments can be generated in seconds.

These capabilities are real but have not been fully implemented—nor can they be because the system still operates sequentially. Tasking decisions remain episodic; data integration is still a manual fight; and validation and coordination follow legacy timelines.

The result is a growing mismatch between what technology enables and what the system can absorb. We are accelerating pieces of the intelligence cycle without redesigning the cycle itself.

Tradecraft, Not Technology, Is Now the Limiting Factor

This is the call to action that will define the American Intelligence Community’s success in the next decade. If intelligence continues to operate as a linear process optimized for scarcity, then adding speed and scale at individual stages will produce diminishing returns.

The harder problem—and the more important one—is rethinking how intelligence is done:

How do we move from periodic tasking to dynamic prioritization?
How do we integrate AI into workflows as a default starting point, not an add-on?
How do we preserve rigor while operating at machine speed?
How do we ensure intelligence is informing faster, more diffuse, policy?

The Most Important Shift—Flattening the Intelligence Cycle.

The intelligence cycle was designed as a sequence: tasking, collection, processing, analysis, dissemination. Each step informs the next. Each stage has ownership. Each handoff introduces control—and delays.

This structure makes less sense today because collection is persistent, data is abundant, and processing is near-instantaneous. More importantly, policymaking is now dynamic—minute by minute—not defined by a once-a-day President’s Daily Brief and not constrained to the Oval Office.

How can we reimagine the intelligence cycle to account for these realities?

Let’s start by leveraging the real world and admitting that this change is not as radical as it sounds. During fast-moving crises, analysts often bypass formal cycles—pulling from multiple sources in real time, integrating signals as they arrive, and engaging directly with policymakers in an ongoing dialogue rather than through finished products.

For example, we did this out of necessity for counterterrorism operations over the last 25 years. Intelligence and operations were increasingly fused out of necessity. Collection and analysis informed action in near real time, and action reshaped collection and analysis priorities just as quickly. The formal cycle existed—but it was not how the work happened. Counterterrorism operational tradecraft set a model for where the system is heading.

The traditional cycle moves information through stages. The flattened cycle moves decisions through a system. The difference is subtle but profound.

In a flattened intelligence cycle:

Collection and analysis are intertwined. Some of the best analysts I know were case officers serving in the field.
Processing is not a step. It is largely automated with humans on the loop.
Dissemination is not an endpoint—it is an iterative relationship with policymakers.

Flattening the intelligence cycle does not mean abandoning rigor or structure. It means redesigning the system to move at the speed of the real world, automating rote tasks, and putting our nation's best and brightest minds on the hardest truly-human tasks.

What Comes Next

This is the first in a series examining how emerging technology—particularly AI—is reshaping the intelligence system in practice.

In my following posts, I’ll focus on where this tension is most visible today, especially in collection and analysis.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Moscow and Beijing’s shadow war: How Russia and China are keeping Iran lethal

The ceasefire between the United States and Iran is barely holding. Pakistani mediators are still shuttling between capitals, fighting has flared in recent days, and President Trump is now sitting across from Xi Jinping in Beijing for a high-stakes summit covering trade, Iran, and Taiwan.

Yet American intelligence has reached a different conclusion about what Beijing is actually doing: China is preparing to move man-portable air-defense systems, MANPADs, to Iran through third-country cutouts, according to CNN, which cited three sources familiar with recent intelligence assessments. The shipments would reach Tehran while Beijing holds itself out as the party that helped stop the war.

The CCP, however, is deliberately doing both things at once.

The intelligence indicates Iran may be using the ceasefire as an opportunity to replenish weapons systems with the help of key foreign partners, with indications that Beijing is working to route the shipments through third countries to mask their true origin. The MANPADs in question are shoulder-fired, infrared-guided missiles — systems that require little infrastructure, minimal operator training, and can be concealed inside civilian vehicles, urban terrain, or dispersed military positions.

On April 3, an American F-15E Strike Eagle was shot down over Iran by a shoulder-fired heat-seeking missile — a fact Trump later confirmed publicly, saying the Iranians “got lucky.” Whether that system was Chinese-manufactured remains unconfirmed; Iran also produces its own Misagh MANPAD series, reverse-engineered copies of Chinese QW-series designs, meaning the Chinese origin of any given shoulder-fired missile over Iranian airspace may never be definitively established.

What is confirmed is that Tehran noticed what worked, and Beijing appears to be resupplying accordingly.

“The sending of MANPADs to Iran would represent an escalation in Chinese assistance, moving beyond traditionally supplying spare parts to Iran’s missile and drone program to the transfer of actual complete weapons systems,” Jason Brodsky, policy director at United Against Nuclear Iran, tells The Cipher Brief.

Neither Russia nor China fired a shot against American forces. They didn’t need to. For years, Moscow and Beijing have quietly supplied Tehran with the intelligence, technology, and weapons components needed to keep Iran capable of threatening United States forces — before wars start. At the same time, they’re being fought, and during the ceasefires in between. The pause in fighting did not stop that effort. It created cover for the next round.

Russia’s contribution: orbits and operational intelligence

Beyond diplomacy, Russia provided Iran with intelligence to aid strikes against United States forces in the region. According to reporting by the Washington Post, Moscow shared the locations of United States warships, aircraft, and radar systems with Tehran during the opening days of the conflict — what one official described as a “pretty comprehensive effort.”

The Wall Street Journal reported that the assistance went beyond location data: Russia was also feeding Iran satellite imagery from its Aerospace Forces, giving Tehran a clearer picture of what its strikes had hit and what to aim at next.

The results were visible in the strike patterns themselves. Meanwhile, satellite imagery found that at least 228 structures or pieces of equipment were hit at United States military sites across the Middle East, with radar installations, communications facilities, and air defense equipment among the most heavily targeted — a level of precision that exceeded Iranian strike patterns in the 12-day war between Iran and Israel in June 2025.

That precision has a signature. Iran had spent years supplying Russia with Shahed drones for use against Ukraine; Moscow was now returning the knowledge investment with interest. Russia shared battlefield lessons from its drone war in Ukraine with Iran, including guidance on strike altitudes and how many drones to deploy in a single wave — drone swarms used to overwhelm radar, followed by precision missile strikes against command-and-control nodes. Moreover, Iranian strike patterns in the Gulf increasingly resembled Russian tactics honed in Ukraine.

Jennifer Kavanagh, senior fellow and director of military analysis at Defense Priorities, tells The Cipher Brief that Russian and Chinese assistance is a direct reason for Iran’s improved targeting between June 2025 and the most recent conflict.

“However, the United States provided similar intelligence to Ukraine, so it is hard for the Trump administration to push back,” she explains.

The groundwork Russia laid before the first shot was fired made the intelligence-sharing during the war far more lethal. Russia built and launched the Khayyam satellite in August 2022, a Kanopus-V Earth-observation platform with a resolution of 1.2 meters, giving Tehran the ability to conduct near-continuous surveillance of specific United States and Israeli military facilities.

S-400 air defense components began arriving in Iran from Russia in 2024, with at least one battery deployed near Isfahan. Years earlier, Moscow had also delivered the Rezonans-NE, an over-the-horizon radar that can track stealth aircraft and ballistic missiles out beyond 400 miles.

What greeted United States and Israeli aircraft over Iran in February 2026 was not purely Iranian. The detection infrastructure had Russian fingerprints on it — years of deliberate investment in Tehran’s ability to see and track what was coming.

China’s fingerprints: navigation, components, and the dual-use pipeline

What China offered Iran wasn’t firepower. It was independence. Folding Tehran into BeiDou — Beijing’s military-grade satellite navigation system — meant Iran’s drones and missiles no longer depended on GPS signals that the United States and Israel had already demonstrated they could disrupt. During the June 2025 twelve-day war, Israeli jamming knocked out Iranian GPS-guided weapons almost immediately.

By the fourth day, Iran had shifted its drones, cruise missiles, and ballistic weapons onto BeiDou-3, and the jamming stopped working. The system’s encrypted military signals, defense analysts say, are essentially unjammable.

The dual-use component pipeline ran deeper still. In February 2025, the United States Treasury Department sanctioned Chinese front companies supplying gyro navigation devices to enhance Iranian-made UAVs. In November 2025, a separate network connected to Iran’s Aircraft Manufacturing Industrial Company was accused of using shell firms to acquire Chinese sensors and navigation equipment. Since China gave Iran access to BeiDou in 2021, Tehran has also used the system to produce decoy signals to confuse threat analysis and conceal actual Iranian military movements.

There is a pattern worth noting in how Chinese dual-use exports to Iran have moved. They rose after Trump signed a maximum pressure memorandum on Iran in early 2025. They rose again after the United States strikes on Iranian nuclear facilities in June 2025. Beijing has not acted despite American escalation. It has acted because of it.

Multiple sanctioned Iranian ships believed to be carrying sodium perchlorate, a precursor material for solid-propellant rockets, have traveled from China to Iran since the war began. Shanghai-based MizarVision — which holds a Chinese National Military Standard certificate and, like all Chinese companies, operates under Beijing’s national security law — systematically published AI-enhanced satellite imagery of United States military movements throughout the conflict, including carrier strike groups and F-22 positions at regional bases.

Iranian strikes later hit a number of the sites MizarVision flagged. Jing’an Technology was doing much the same. For Beijing, the arrangement was convenient — private firms, at least on paper, doing work the Chinese government could disavow.

Washington also accused SMIC, China’s largest chipmaker, of supplying chipmaking tools and technical training to Iran’s military industrial complex, beginning roughly a year before the war. Beijing denied each allegation in sequence.

The reconstitution problem

The deeper strategic problem is not what Russia and China did during the war. It is what they are positioning to do after it.

After suffering major battlefield losses during the October 2024 Israeli campaign and the June 2025 twelve-day war, Iran was able to rapidly reconstitute key elements of its missile and military infrastructure with external support — restoring its ability to threaten the United States and its regional allies in a matter of months. The pattern repeated itself after February 2026. The ceasefire may have halted the kinetics, but it did not halt the resupply.

MANPADs fit the reconstitution requirement precisely — lightweight, dispersible, and effective against the low-flying aircraft that United States and Israeli forces would rely on in any renewed campaign.

Not everyone thinks sanctions were ever the right tool here.

“This is not new,” Kavanagh notes. “China provided Iran with new weapons and air defense systems after the 12-day war and has assisted Iran’s military in other ways for years.”

Sanctions, meanwhile, are losing their bite. “Sanctions and export controls slow reconstruction as they temporarily disrupt procurement networks,” Brodsky says, “but the challenge is the Iranian regime has been adept at establishing new workarounds and evasion mechanisms — sometimes faster than the United States government can dismantle them.”

“U.S. sanctions have begun to lose their effect,” Kavanagh says. “China and Russia have proven adept at avoiding them and are willing to ignore them. Sanctions won’t prevent Iran from rearming.”

Defense analyst John Wood tells The Cipher Brief that the physical resupply is already moving. During the ceasefire, he says, Russia has been pushing assets across the Caspian Sea while China has been using overland rail routes to do the same — a coordinated, parallel effort to rebuild Iranian capacity before any renewed hostilities. “The objective is obvious,” he says. “Bleed the United States and Europe economically and militarily.”

Asked about the MANPAD intelligence on April 12 as he left the White House, Trump issued a terse warning: “If China does that, China will have big problems.” Whether that threat lands before the shipment does remains the operative question — particularly given that the joint statement from the Beijing summit includes agreement that Iran must never obtain a nuclear weapon and that the Strait of Hormuz must remain open, but contains no explicit commitment from Xi on weapons transfers to Tehran.

Beijing’s leverage over Washington is not limited to the battlefield. The late October 2025 exchange in South Korea, Washington's suspension of the Bureau of Industry and Security Affiliates Rule, and Beijing's pause on rare-earth export controls were a pointed illustration of how much the United States’ defense industrial base depends on materials that China controls and can restrict at will.

It holds cards over Tehran’s survival. And it is playing both — publicly mediating while quietly rearming, letting Russia absorb the harder accusations while preserving its own deniability.

Both Moscow and Beijing share a structural interest in the outcome, even if their calculus differs.

“Beijing and Moscow are happy to watch the United States waste its military power in the Middle East,” Kavanagh says, “but both also suffer costs from the war. For Beijing, higher energy prices and the precedent created by the closure of the Strait of Hormuz are worrisome even if they are glad to see Washington entangled in the Middle East.”

Both, she argues, would like to see the war end, but on terms favorable to Iran. Brodsky puts the longer-term stakes more plainly.

“If the United States meaningfully erodes the Iranian regime’s capability to project power beyond its borders, that actually harms Russia and China in the long run — as they now have a weakened partner.”

Neither Moscow nor Beijing wants an Iranian collapse that would invite American consolidation across the region. What they want is a Tehran that survives, reconstitutes, and keeps Washington consumed. The ceasefire is not the end of the strategy. For both powers, it is the condition under which the next phase begins.

“The longer the war goes on, the more it works to China’s advantage,” Wood says. “And raises the likelihood of a Taiwan blockade.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Inside the FBI’s New Push to Track Leaks and Monitor Employees

OPINION — “The FBI requests $7 million to procure and deploy a digital watermarking solution capable of embedding unique digital forensic watermarks in commonly shared documents to mitigate unauthorized disclosures from the FBI’s classified and unclassified networks. Digital watermarking embeds a unique overt or covert forensic marker into emails and other commonly used file types, making it possible to attribute leaked information via screen photography or other non-traditional means back to the user. If information is exfiltrated from an FBI-managed endpoint, the watermarking solution can trace the document back to an employee or group of employees.”

That’s a quote from the 94-page FY 2027 FBI Budget Request to Congress that was released in March under a section entitled “Transparency of Government and Promoting Public Trust.”

I was aware of the investigative use of watermarks to track down confidential government documents, but I had never believed I would find a government agency, particularly the FBI, acknowledging publicly they were using it to keep tabs on their own employees.

Much to my surprise, the FY 2027 FBI Budget Request to Congress showed other FBI programs to catch leakers inside the Bureau. The Bureau budget document also describes other programs that are worth some public disclosure which I will discuss below.

First, some explanation.

I had decided to look into the proposed FY 2027 FBI budget after reading some nasty exchanges that took place at the May 12, Senate Appropriations Committee hearing on the Bureau’s budget. FBI Director Kash Patel was a witness and several Senators raised questions about recent news stories about Patel’s personal activities, to which he made a strong vocal defense of the activities.

After one bitter argument over stories about Patel’s alleged excessive use of alcohol, Sen. Chris Van Hollen (D-Md.) asked the FBI Director if he had ordered polygraph tests for FBI personnel to determine the sources of these leaked stories.

Patel responded, “There's an internal inspection review process for any and all leaks -- especially of baseless information -- at the FBI that's been in place for the last 30 years. Those processes are followed by career intelligence and agents on the ground.”

My interest in the FBI’s “internal inspection review process for any and all leaks” led me to the FY 2027 FBI Budget Request to Congress and there under a section called “Transparency of Government and Promoting Public Trust,” were descriptions of not only the watermark program, described above, but also one entitled User Activity Monitoring (UAM) Technology.

With UAM, according to the FBI budget document, “The FBI is strategically shifting its insider risk identification posture from traditional reactive activities to enhanced proactive approaches, allowing for early detection and mitigation.”

It then says that the FBI planned to purchase a “risk management suite” and, once procured, the Bureau will need $11.4 million in FY 2027 to support operation of the system.

Back in December 2025, the FBI awarded a five-year, $7 million contract to Everfox LLC to provide an Insider Threat Management Suite with UAM capability and User and Entity Behavior Analytics capabilities.

According to the FBI Budget document, “The UAM module will serve as the FBI’s primary monitoring and logging tool, capturing and analyzing all employee activity…The system generates real-time alerts, audit logs, and reports to notify insider threat analysts of potential risks, such as unauthorized access to sensitive data or files.”

As for the Behavior Analytics capabilities, that module uses “advanced analytics across all FBI-managed endpoints to detect anomalous and high-risk user activity indicative of insider threats.”

In short, to track down leaks the FBI has put in place a system to monitor employee computer usage and analyze that usage to detect any that is unusual. Although the Everfox systems purchased are directed at monitoring FBI employees to prevent leaks of any kinds of information, the FBI budget justifies this approach by referring to an Executive Order signed in 2011 by then-President Barack Obama which was aimed to protect Bureau classified information from outside hackers.

So far, however, the stories questioning Patel actions continue, as seen Sunday with the New York Times story headlined, “Patel’s Pearl Harbor Snorkeling Trip Adds Concerns About his travels.” The authors claim they spoke with “more than a dozen current and former FBI and law enforcement agents,” as well as Freedom of Information material.

Another FBI program disclosed in the FY 2027 FBI Budget Request to Congress relates to implementing President Trump’s September 2025 National Security Presidential Memorandum-7 (NSPM-7), Countering Domestic Terrorism and Organized Political Violence.

According to the FY 2027 FBI budget document, “In recent years, heinous assassinations and other acts of political violence in the United States have dramatically increased. Commonly, this violent conduct relates to views associated with anti-Americanism, anti-capitalism, and anti-Christianity; support for the overthrow of the U.S. Government (USG); extremism on migration, race, and gender, and hostility towards those who hold traditional American views on family, religion, and morality.”

To meet this challenge, the budget document says, the FBI now oversees the “recently created NSPM-7 Joint Mission Center (JMC),” which is “composed of personnel from 10 [Federal] agencies who possess CT (counterterrorism) and criminal operational and analytical expertise. The JMC is working to counter DT (domestic terrorist) and organized political violence by integrating intelligence, operational support, and financial analysis to proactively identify networks and prosecute domestic terrorist and related criminal actors.”

So far, there have been no reported activities of the JMC, but organizations such as the Brennan Center For Justice point out that NSPM-7 excludes high-profile examples of domestic political violence that do not comport with its storyline, such as the January 6, 2021, attack on the Capitol.

I close with one element of his time as FBI Director that Patel seems most proud of.

As he put it during his May 12 testimony, “Before I got in the [FBI Director] seat, over one-third of the entire FBI workforce was located in the National Capital Region. When I got here, I put a thousand agents into the field permanently. Every single state got more agents than they've ever had. Behind that, I sent 300 intelligence analysts into the field permanently. Behind that, I sent 500 support staff and program managers into the field permanently. And that's only Conus [within continental U.S.]. We've also expanded our overseas footprint. So, decentralizing the bureaucracy of Washington, removing the red tape in the bureaucracy, putting agents in the field…is how we're getting the mission done.”

Time will tell how that Patel action has worked out.

Patel also added to the above statement, “no one at this FBI is allowed to politicize or weaponize law enforcement. If you do, you don't get to work there anymore.” Reviewing the number of FBI officials and special agents that have been summarily dismissed since Patel’s appointment, including those who were assigned to participate in Trump-related investigations, I don’t believe that statement can be considered accurate.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Roses, Trees, and Power: The Symbolism Behind the Trump-Xi Summit

OPINION — Last week’s high-level summit in Beijing between President Trump and President Xi achieved few traditional ‘deliverables’ between the two leaders, and this led many outside observers to dismiss its singular importance. No significant trade deals were made, and there was little diplomatic progress with respect to ending the wars between Iran and America, or Russia and Ukraine. There was no mention of North Korea, or China’s possible influence with respect to a resumption of diplomatic negotiations between America and North Korea regarding the latter’s nuclear program. President Xi and President Trump pledged to work towards “constructive strategic stability” in the US-China relationship. But Xi’s comments about Taiwan – which could be interpreted as an indirect threat – in which he warned Trump, “If handled poorly, the two countries will collide or even clash, putting the entire US-China relationship in an extremely dangerous situation,” set the background tone of the summit. Despite other cordial words by both leaders – Trump repeatedly praised Xi as a “great leader” - many observers suggested that the summit had no significant or measurable outcomes, except for optics, symbolism, and body language. But for President Xi, these were – and are – the key ‘deliverables,’ making the summit, where he and Trump acted as equals (e.g. “G-2,” in Trump’s words), a critical success for him and China.

For some, President Trump’s trip to Beijing might remind one of Lord Macartney’s 1793 mission to China. Xi proved a gracious host, showcasing China’s achievements, history, culture, and ancient beauty. To truly understand Xi’s perspective, the setting, symbolism, and body language are critical. On the last day, Xi and Trump held an informal meeting in the lovely and historic Imperial Gardens of Zhongnanhai, where they strolled together while conversing and later, enjoying tea. Xi pointed out trees that are 490 years old, and in other cases, over 1000 years old. He asked Trump to touch the trees, highlighting their place in the gardens’ history. When President Trump commented on the beauty of the roses, President Xi offered to send some seeds from the Imperial rose garden back to the White House. For Xi, such symbolism is key, with a subtle framing of his message being, America is celebrating its 250th anniversary this year. But China is a civilization – like these trees – that has been in existence for thousands of years. Xi could not have said it better — or been more pleased.

Xi’s sophisticated diplomacy and aspirations (“The Chinese Dream of Rejuvenation”) have always been paired with strategic thinking (the concept of shi, described by Professor David Lai as “the alignment of forces, the propensity of things, or the potential born of disposition”), ruthlessness, and an increasingly confident posture regarding China’s domestic and international interests. The Xi-Trump summit showed them interacting as complete equals. For Xi and China, such images at last week’s summit serve to erase more than a century of humiliation. And China’s goal of becoming the world’s dominant superpower by 2049 (the centenary of the PRC’s founding) has not changed. Nor has it altered its gray zone strategy targeting America and the West, its cyber-attacks, its espionage efforts, its desire to dominate the key industries of the 21st Century, its military buildup in the South China Sea, its theft of intellectual property, its aggressive moves towards Taiwan, or its economic reach with respect to the Belt and Road Initiative. Today’s President Xi is unchanged from 2017, when he first hosted President Trump on a state visit to Beijing.

But Xi ought to be careful, as he prepares for his next summit with President Trump in late 2026. It is convenient for Xi to assert, as he has frequently done, that the East is rising, while the West is in decline. And many critics would agree that given a divided, polarized America, a lame-duck President with falling poll numbers, and a nation bogged down by military conflicts in the Middle East, Xi is correct. But I’d argue that they and Xi have a potential blind spot. Such an analysis of American and western decline, coupled with China’ remarkable achievement in lifting 800 million citizens out of poverty since 1949, while becoming the world’s 2nd-largest economy, risks ignoring America’s resilience, as it approaches its 250th birthday in July 2026. President Trump has always showcased his mastery of media and spectacular events too. At his next summit with President Xi, he ought to highlight America’s exceptionalism, and walk with Xi along the Mall, George Washington’s home in Mt. Vernon, and let Xi touch and feel not a tree nor roses, but Philadelphia’s famed Liberty Bell. Such symbols and gestures can matter. President Trump’s optics can thereby say, this too, is America. Freedom. Courage. Faith. Nationhood. Endurance. And Liberty. Old concepts, old values, which stand the test of time.

Dr. Kenneth Dekleva served as a Regional Medical Officer/Psychiatrist with the U.S. Dept. of State from 2002-2016 and is currently the CEO of Blackwood Advisory Solutions LLC and Professor of Psychiatry, UT Southwestern Medical Center, Dallas, TX. The views expressed by Dr. Dekleva are entirely his own and do not represent the views of the U.S. Government, the U.S. Dept. of State, or UT Southwestern Medical Center.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The administration needs a better relationship with the Vatican

OPINION — President Reagan formed an alliance with Pope John Paul II in the 1980s that contributed to the dissolution of the Soviet Union in 1991.

This is a powerful precedent for two world leaders — Pope Leo XIV and President Trump — to work together to oppose evil and seek global peace and stability.

Secretary of State Marco Rubio’s meeting with the pope on May 7 was a powerful gesture that showed the U.S. government wants a close, cordial relationship with the Vatican. According to the Vatican, both pledged to improve bilateral relations after Mr. Trump accused Leo of being “terrible for foreign policy.” The pope had commented that Mr. Trump’s “threat to destroy Iran’s whole civilization” was “truly unacceptable.”

Francesco Sisci, an Italian sinologist, author and columnist who maintains close ties with the Vatican, said Mr. Rubio’s meeting with the pope went well. He said: “The pope tells the world there’s another America besides the controversial president. The pope’s America is the one the world loves to love. This should be important for the U.S. Active and intense dialogue should follow up this meeting to keep the momentum.”

Yes, to keep the momentum. The Vatican has consistently been opposed to war and nuclear proliferation in favor of peace and stability. Indeed, it was the U.S. after World War II that worked hard to bring peace and stability to a global community exhausted and devastated by the war.

Unfortunately, the Cold War followed, starting with the Korean War. An expansionist Soviet Union was determined to spread communism throughout the world: in Vietnam, Angola, Ethiopia, Mozambique, Yemen, Libya, Czechoslovakia, Nicaragua, Grenada and, in 1979, Afghanistan. Fortunately, they failed.

What contributed to the Soviet Union’s defeat was Reagan’s relationship with Pope John Paul II. Both viewed Soviet communism as an evil that denied the Russian people and the Eastern Bloc their human rights and dignity. Indeed, it was Reagan and John Paul II’s first meeting at the Vatican in June 1982 that initiated their close bond.

What followed was a close working relationship that contributed to the defeat of communism and the dissolution of the Soviet Union in 1991.

The partnership between the U.S. and the Vatican was characterized by intense, behind-the-scenes information sharing about the Soviet Union and coordinating actions in Eastern Europe. The pope provided the spiritual and moral inspiration to the Solidarity movement in Poland, weakening the authority of the Polish communist government.

Both the U.S. and the Vatican sent news into the Soviet Bloc, undermining the communist fake narrative. Indeed, the pope provided the moral voice, and Reagan, the geopolitical pressure.

This partnership peacefully transformed Eastern Europe. Can the partnership of the U.S. and the Vatican be replicated for the war in Iran?

Iran’s nuclear ambitions, the regime’s killing of more than 30,000 Iranian peaceful protesters earlier this year and its acts of terrorism, which have killed hundreds of Americans, are just some of the information we can and should share with the Vatican.

Conversely, the Vatican can share its moral options for changing the behavior of an Iranian regime that is viewed as a pariah state by its neighbors and the international community.

A collaborative U.S.-Vatican partnership to address other global issues, such as the wars in Ukraine and Sudan, and the ongoing conflict in the Gaza Strip, could be valuable. If the Vatican was helpful in bringing an end to the Cold War, then why are we not partnering with it on the multitude of ongoing global conflicts?

Hopefully, Mr. Rubio’s meeting with Pope Leo XIV is the beginning of a productive relationship with the Vatican, one that will bring peace and stability to the world.

This piece was originally published by The Washington Times and is republished here with permission.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Sustaining Decision Advantage: The Case for Analytic Tradecraft Reform

OPINION -- In an era where warfighters and decision-makers have on-demand access to vast data holdings and AI-generated insights, the future of intelligence analysis will be defined by the ability to apply modernized analytic tradecraft to transform data into decision-ready insight. Where others may optimize for speed, scale, and profit, the intelligence community must bring methodological rigor to create decision advantage.

The Promise and the Peril of Analytic Tradecraft

The scripture inscribed on the CIA’s Original Headquarters Building reads: “And Ye Shall Know the Truth and the Truth Shall Make You Free.” The words express an optimistic belief that objective truth can be identified and communicated. This premise, however, is increasingly under strain.

The Cold War-era architects of modern analytic tradecraft understood that intelligence analysts are no less susceptible to cognitive bias than anyone else. This led Sherman Kent, Richards Heuer, and others to develop a framework of analytic methods to ensure the objectivity of intelligence assessments. The methods encourage analysts to “show their work” and take active measures to mitigate cognitive bias, manage uncertainty, and boost decision-makers’ confidence in analytic conclusions.

The intelligence community’s adoption of a universal set of analytic tradecraft standards after the 9/11 terrorist attacks and the flawed assessment of Iraq’s WMD programs marked a high point in the use of analytic tradecraft.

Administrative formalization and the passage of time, however, have increased the risk of over-correction and ossification. Today’s analysts and managers must guard against the danger that tradecraft becomes a performative, backward-looking bureaucratic exercise disconnected from the national security mission.

The New Analytic Ecosystem

The U.S. Intelligence Community’s analytic tradecraft standards were designed for an information environment characterized by scarcity and secrecy, where long-form textual reports were the ultimate decision-support tool. We no longer operate in that world.

As of 2023, the National Geospatial-Intelligence Agency (NGA) was ingesting 70,000 new data points per second. At the same time, virtually anyone with a credit card can now access commercial GEOINT, commercial SIGINT, and millions of unique OSINT sources.

Amid this vast sea of data, political and military leaders now have access to a rapidly growing number of commercial analytic services. Dozens of defense technology companies are now testing these AI-enabled capabilities in Ukraine, Gaza, and Iran with an eye toward marketing battle-tested analytic tools to eager governments around the globe.

These changes in the information environment have given rise to a new analytic ecosystem in which the relative share of information the intelligence community provides to decision-makers is rapidly shrinking, and the community’s primacy as the go-to source for decision advantage is increasingly being challenged.

Operationalizing Modern Tradecraft

Amid revolutionary changes in the information environment and the rise of AI-enabled analytic capabilities, there is an urgent need to reaffirm the core principles of analytic tradecraft while simultaneously modernizing them to serve today’s analysts better.

1. Reaffirming mission relevance. Sherman Kent defined intelligence as knowledge for the purpose of action, and identified usefulness to the decision-maker as a key criterion for evaluating the quality of an analytic assessment. The OSS veteran observed that analysis that is inaccurate, incomplete, late to need, or lacks an obvious linkage to current national security decisions or future threats is—in a word—useless.

Intelligence Community Directive 203 lists decision-maker relevance as the fifth of nine analytic tradecraft standards on the sixth page of an eight-page policy document. It is not unreasonable that some may conclude that customer relevance is not a primary concern.

To be useful, analytic assessments should be decision-relevant, providing information and insights pertinent to U.S. national security and foreign policy, or highlighting emerging issues and threats that may require decision-maker attention. Assessments must be delivered in time to inform the decisions they are meant to support or to provide prompt warning of emerging threats. By necessity, an emphasis on decision-relevance and timeliness will create tension with analytic rigor and completeness. Skillful analysts and managers must actively manage these trade-offs to meet mission needs.

Usefulness is also a function of accuracy and focus. In today’s hyper-saturated information environment, analysts play a vital role in helping decision-makers determine which reporting and data can be independently corroborated. Analysts can also prevent information overload by prioritizing key reports and data essential to understanding an issue, while filtering out unnecessary details and unsupported judgments.

Maximizing the usefulness of analytic assessments for decision-makers requires a functioning relationship between intelligence agencies and the decision-makers they support. This necessitates active engagement and two-way dialogue that provide analysts with a deep and nuanced understanding of decision-makers' requirements and priorities. Without a functioning relationship, discerning decision relevance becomes an exercise in guesswork.

2. Reinforcing analytic objectivity. In a world where decision-makers have near-infinite choices in where they obtain information, the research methodologies, structured techniques, and standards that intelligence analysts use to ensure accuracy, rigor, and objectivity are key differentiators. These methods create decision advantage by helping reduce risk, manage uncertainty, and increase confidence in analytic conclusions.

Objectivity in AI-enabled analytic outputs must be defined technologically and methodologically, and analysts must make the case to decision-makers why they should have confidence in these tools.

The foundation of objectivity is transparency and methodological rigor. Existing tradecraft standards require analysts to provide detailed descriptions of the sources and methods used to form judgments. These descriptions include evaluations of their strengths, limitations, and potential biases. These standards must now be modernized and expanded to incorporate AI data inputs, prompt traceability, and model selection rationales. The standards should also be integrated directly into AI-enabled analytic tools. The recent Intelligence Community Directive on AI includes provisions intended to close this gap, but more work is necessary to fully integrate and align the community’s technology, data governance, and analytic tradecraft standards.

Analysis of alternative competing hypotheses, a long-standing method for detecting and mitigating cognitive bias, is both more important and more achievable with the proliferation of AI. Analysts are obligated to stress-test analytic conclusions against contradictory reports and competing hypotheses and report the results. While this has historically been a time- and labor-intensive task, AI-enabled tools and techniques can now test alternative hypotheses at scale. Establishing community-wide tradecraft standards for integrating these tools and techniques into analytic workflows will be instrumental in maintaining human accountability for analytic outputs.

3. Modernizing intelligence delivery. Current analytic tradecraft standards remain rooted in the analog text era. This technological latency is evident in the frustrations of decision-makers who use tablet computers to access analytic conclusions with the devices’ limited functionality, even though they have been in service for more than a decade. Along the same lines, the guidelines for formatting the endnotes in an analytic product rival the level of detail found in The Chicago Manual of Style, but are largely silent on how to maximize the usefulness and objectivity of visual and digital media. This can create operational risk when extremely high-quality visuals convey a level of certainty and confidence not supported by the underlying intelligence.

The intelligence community should modernize its analytic tradecraft, sourcing, and dissemination standards to better support the delivery of analytic conclusions via dynamic dashboards, visualizations, and structured analytic observations. Uncertainty and confidence must be encoded into these products, just as they are for text-based reports. This can be achieved by developing and consistently applying analytic tradecraft standards for new media that leverage interactive overlays, pop-ups, and uncertainty visualizations.

A Call to Action

The intelligence community now has the opportunity to proactively modernize its analytic tradecraft standards to sustain decision advantage. This window of opportunity will not remain open indefinitely.

The proliferation of AI-enabled analytic tools, in the absence of a shared set of standards and methodologies to mitigate cognitive bias, manage uncertainty, and ensure substantive accuracy, has introduced new risks into the national security decision-making process. The private-sector innovators leading the development of these new tools, and their commercial and foreign government clients, have different incentive structures and risk tolerances than the U.S. government, and they will not wait for the intelligence community to take action.

In today’s competitive analytic ecosystem, analytic tradecraft is a key differentiator. If the intelligence community does not act to reaffirm core tradecraft principles and modernize existing standards to take full advantage of AI-enabled tools, it risks being outpaced by private-sector intelligence providers and bypassed by national security decision-makers.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Bear and the Dragon: The Threat of Sino-Russian Opportunism and Intelligence Miscalculation

KREMLIN FILES/COLUMN: As Washington's attention continues to be diverted with an Iran unwilling to come to a comprehensive peace, a more dangerous question lurks in the strategic shadows: what if America's most daunting rivals, one of whom is already at war, and the other not, decide to act with what they see as a historic imperative to change the global order? A Russian attack, for instance, against the Baltics and a move against Taiwan might not require a secret Sino-Russian war plan—only the same strategic conclusion in Moscow and Beijing that the moment is ripe. In such a scenario, would Russia and China share intelligence, coordinate contingency planning, or align potential operational timelines? Or is the greater risk something subtler: parallel opportunism fueled by intelligence miscalculation about U.S. resolve and capacity.

These questions are no longer theoretical. They spark lively debates among think tanks, military leaders, and allies across Europe and the Indo-Pacific. The idea of simultaneous crises, one in Eastern Europe and another in the Taiwan Strait, has become a common thread in war games and policy papers. War with Iran now also raises the specter of whether one or both of our adversaries may act opportunistically if the U.S. becomes bogged down in a prolonged campaign. However, the debate and war games are often focused on the wrong factor: whether Beijing and Moscow would officially coordinate an attack on the U.S. or its allies.

History suggests a more unsettling possibility. Great powers with converging interests do not need an integrated command structure to complicate American and allied strategy. They need only recognize opportunity when it appears. Could the U.S. and its allies respond effectively if challenged by both China and Russia, or, given recent heavy U.S. involvement now in Iran, might one or both engage in aggression while the U.S.is already at war?

On the eve of the conflagration that became World War II, the United States was content to sit in isolation, and debate raged over whether to pursue those policies or to stand with Europe against the Axis. The UK was fighting for its survival since 1939, France had surrendered to Nazi Germany, and the Soviet Union was on the brink of complete annihilation of its armies by the end of 1941. The Germans in December were 20 km from the Kremlin's towers on the very approaches to Moscow. That same week, Japan attacked the United States in an unprecedented event that FDR labelled "a day which will live in infamy." Americans have not forgotten that day, and we never should.

But we should also not forget, as was revealed after the war, that there was no meaningful collaboration between Nazi Germany and Japan on their war policies, nor on strategy more broadly. Hitler acted on what he saw as an opportunity and declared war on the United States within days of Pearl Harbor, despite little to no consultation or joint planning with Japan. It is an example of two expansionist powers that had an alliance but still acted independently, taking advantage of each other's actions. Similarly, Japan decided not to go to war with the Soviet Union, knowing it could potentially be overwhelmed by China and the USSR in Manchuria. Countries will do what is in their own interest, despite alliances.

Both axis powers suffered from poor strategic intelligence. Hitler had no idea Japan was about to attack the United States, nor did he anticipate the ire and resolve of the American people. In turn, Joseph Stalin would have known more about Germany's attack on the USSR than Japan did if he had only listened to his spy Richard Sorge, who was well placed in Japan among Nazi circles. Sorge, a Russian “illegal” posing as a German, gained the trust of the Nazi ambassador in Tokyo. He accurately reported on the German attack to come but was caught and executed by Japanese counterintelligence. Tragically for the USSR, Sorge’s intelligence, which did not fit the dictator's view of events, was ignored. It is a lesson for our time as well.

Russia and China are not formally aligned like the Axis powers were. Among their intelligence agencies—the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and Main Intelligence Directorate of the General Staff (GRU) on one side, and the Ministry of State Security together with the PLA's Joint Staff Department Intelligence Bureau on the other— there is very little trust. For decades, and despite their claims of an "alliance without limits," they have distrusted each other nearly as much as they do their "main enemy," which the Russian agencies still refer to as the United States.

Fortunately, China and Russia have never had any intelligence-sharing relationships or broad agreements like the U.S. has with NATO, nor anything close to our extensive intelligence-sharing alliances under "Five Eyes." What they do share stems from a common intelligence culture, rooted in the early Cold War, when Moscow served as a training ground for generations of Chinese intelligence leaders, hosted at NKVD and later KGB academies. This tradition persisted throughout the Cold War and continues today, with the SVR keeping long-term training relationships at its "AVR" foreign intelligence academy for students from countries they consider allies, including China. In turn, the Russians try to recruit these guest intelligence students as penetrations into their allies' services. The Chinese do the same with Russian delegations.

Despite their distrust, intelligence systems in both countries could still drive their powers to war against the U.S., even absent joint military policy and potential "war plans." Crucially, internal pressures within both systems may heighten the current risk of global war more than at any time in decades. Russia's intelligence services remain under scrutiny after serious misjudgments that preceded the invasion of Ukraine. Russia’s intelligence agencies, especially the FSB, fed the Kremlin overly optimistic assessments about Ukraine's weakness, in part because institutional incentives discouraged delivering unwelcome truths. Additional embarrassment—from failures surrounding Venezuela and other foreign ventures which have blindsided Putin—has intensified pressure within those same services (for example, Putin reportedly was furious at SVR Director Naryshkin over the latter's failure to give any warning how far the U.S. would go in Venezuela; it continues Putin's long-term dissatisfaction with his foreign intelligence service and its head, as witnessed in February 2022 when he embarrassed Naryshkin publicly, asking him to "speak plainly, Sergey!").

Russia has been at war for four years. If one tunes in to one of the many state-run TV channels any given night, the Russian people are fed a narrative that they have been in a state of war, allegedly with NATO directly, for years. How much of a stretch is it for the SVR and their sister intelligence services —beaten down with Russia's military after four years, but adapting and recovering still from heavy losses —to convince Putin to take advantage of a distracted United States and potentially fractured NATO to make a move, even a limited one, in the Baltics?

There’s another aspect of the three main Russian intelligence services that is not fully understood in the West. They are constantly at each other’s throats, competing for any light from their great leader, and undermining each other at every turn. And in an atmosphere of constant distrust, they are forever in a game of one-upsmanship. This contributes to the risk that, in an effort to impress the boss, the Russian services will continue escalatory hybrid war actions in Europe that could stumble them, and NATO, into a much larger conflagration.

China faces a different but related problem. Purges within the People's Liberation Army and security apparatus have shaken the institutional confidence of Beijing's intelligence community. Analysts in their military intelligence arms tasked with judging whether China is truly ready for war over Taiwan may feel pressure to validate political timelines rather than challenge them. The removal of Xi's "big brother" from the leadership leaves few willing to challenge Xi's decision-making. His services are more likely to tell him what he wants to hear, now more than ever.

When intelligence becomes politicized, the danger is not simply miscalculation. It is acceleration. The United States has experienced this problem in its own history; our own intelligence community did not provide its best analysis for the American people in the pressure-cooker environment after 9/11, and the lead-up to the start of the Iraq war in 2003. Our rivals are hardly immune. The result can be decisions based not on reality, but on what leaders want to hear.

That dynamic—combined with global distraction—is precisely how great-power crises cascade. Germany's decision to declare war on the United States after Pearl Harbor was not a coordinated strategy so much as an opportunistic escalation. The lesson endures: wars spread when adversaries believe the moment is ripe.

Chinese leaders might conclude that the moment to coerce Taiwan (by blockade, for instance), or move directly for reunification has arrived if the U.S. continues to deplete key weapons' stocks in Iran, and with Europe focused on a resurgent Russia. The logic would not require coordination with Moscow or Tehran, and coincides with the 100th year of the PLA’s founding in 2027, a date Xi has long marked on the calendar. Indeed, the scenario is more threatening with sequential opportunism: Russia moves first against the Baltics, even in a limited fashion over some false pretext or minor land grab; but, and this is key, creating a European crisis beyond the already fractured alliance touch points over Ukraine. China then exploits the distraction, or the scenarios are flipped. Both now, regrettably, are equally plausible. Both might also be fed by poor intelligence on all sides.

Certainly, Russia and China would love to divide the world between their aggressive and imperialist ambitions, just like Japan and Germany dreamed of ninety years ago. Their policies demonstrate that. It is up to the United States and our allies to demonstrate a real deterrent, one that will never allow this century to be later termed a Russian century, nor a Chinese one.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

A Bridge Too Small: Why $49 Billion Can’t Fix a $1.5 Trillion Problem

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

At least once per week, I meet well-intended, patriotic investors putting together funds aimed at bolstering our national defense. They are frustrated with the government, they lack confidence that our military has what they need to fight and win the next war, and they want to help. But the scale of the challenge has moved beyond more infusions of capital.

In April 2026, the Department of War (DoW) officially upped the ante, requesting a historic $1.5 trillion for the FY2027 budget. This staggering figure, a 42% increase over previous levels, is a generational attempt to buy back a military edge. But as $49 billion in private capital sits on the sidelines, the question isn’t how much we spend, but whether a bureaucracy built for the 1950s can digest a trillion-dollar modernization.

The incredible levels of military innovation we see today are matched only by the incredible frustration that our defense industry has failed to keep pace. How is this possible when the U.S. spends more on its military than the next nine countries combined? And this spending dominance isn't a new trend; the U.S. has maintained its position as the world's leading military spender since the end of World War II. Yet, more capital alone may not save the day. There are strange forces at play, and we must consider the dangers of reliance on private capital to bridge a gap that only structural reform can fix.

Crowning the Neoprimes: Capital Intensity and the New Barrier to Entry

The global defense technology landscape in 2026 has transitioned into a period of unprecedented capital intensity. We have moved beyond the venture-backed experimentation of the early 2020s into an era of high-rate industrial production. This structural shift is underpinned by a surge in global military spending driven by the private market.

Within the first four months of 2026, more than a dozen neoprimes, vertically integrated technology companies designed to compete directly with traditional defense contractors, announced investment rounds exceeding $100 million. Capital is picking winners. Instead of a thousand flowers blooming, the market is crowning a neoprime class. This creates a new barrier to entry; if you aren't one of the dozen with a nine-figure war chest, you are likely an acquisition target.

Traditional primes have historically competed on scale and exquisite engineering. Neoprimes, backed by $100M+ rounds, are competing on iteration speed and software-defined capabilities. By owning everything from the sensor to the AI, they bypass the sluggish sub-contractor sprawl that stifles innovation while driving up prices. They aren't just selling a product; they are selling a faster refresh rate for the battlefield.

The Forgotten Bench

Beneath the neoprime class sits the forgotten bench, thousands of smaller startups with exceptional technology but dangerously thin runways. These companies aren't building entire airframes; they are building the arteries of the future force: the best drone interceptors, the low-latency communications, and the quantum sensors. They have an exceptional understanding of the technology because they designed every circuit, late nights, on weekends, and during the holidays. Their technology works and they are begging for an opportunity to prove it.

For these firms, the $1.5 trillion budget is a mirage. While neoprimes have the capital to act as their own POM sherpas, smaller firms are trapped in the SBIR Treadmill, a cycle of small research grants that provide just enough oxygen to keep them alive, but not enough fuel to actually reach production. If the neoprimes are the bridge, these smaller companies are the raw materials. If we lose the bench, the neoprimes will eventually find themselves vertically integrating empty shells as the underlying research talent flees to the commercial sector.

Surviving the Requirements Gauntlet

This high-speed industrial engine is currently slamming into a low-speed bureaucratic wall. The journey from a capability gap to the battlefield is a gauntlet of acronyms and competing philosophies. While DoW is making progress, they remain mired in anachronistic processes that prevent innovation.

Historically, the requirements development process (JCIDS) was the starting point for new requirements. JCIDS was an 800-day vetting cycle, a massive bureaucratic brake where good ideas often went to expire in a filing cabinet. The 2026 shift has pushed authority back to the individual services, allowing them to define their own must-haves through the Capability Development Document (CDD). This CDD is a massive improvement, but still painfully slow by industry terms.

To bypass the infamous Valley of Death, the military has also leaned into Middle Tier contracting mechanisms, aiming to field tech within five years. In the Pentagon, five years is considered rapid. In the same timeframe Silicon Valley can birth a unicorn, watch it go public, and see its founder retire to a private island.

The Pentagon has also enacted Operational Test, where new systems must prove they function as advertised, even when operated by an exhausted nineteen-year-old in a sandstorm. Only after surviving both the bureaucrats and the elements can a system reach Full Rate Production. This is a lengthy and frustrating process for smaller defense tech companies, waiting patiently while burning through their capital runway.

The Speed Paradox: Industry Building for the Threat

The strategic implications of this massive infusion of cash is profound: industry is now building for the "objective threat" rather than waiting for bureaucratic requirements. Private industry, neoprimes and startups, are already producing systems with capabilities that the government hasn't even considered drafting requirements for yet.

While the $1.5 trillion budget request includes $756 billion for modernization, a significant portion, including $65.8 billion for the "Golden Fleet", favors the heavy steel of traditional primes. For both the $49 billion neoprime class and the scrappy startups, the $1.5 trillion budget is a massive test. Is it a new market for software-defined defense, or just a bigger life-support system for moribund contractors?

Conclusion: Use It or Lose It

The $1.5 trillion FY2027 request is the Pentagon’s effort to perform in a high-stakes game of global deterrence. But money is the easiest part of the equation. If this historic surge fails to deliver lucrative contracts to those waiting under the defense primes by 2027, the private capital markets will recoil.

There is a risk of creating a "use it or lose it" scenario. If the DoW doesn't reform its programming cycles to catch these companies before their funding runs out, this deluge of private capital will dry up and move back to enterprise SaaS or healthcare. Industry isn't just driving the DoW to move faster; it is stress-testing the Pentagon’s relevance. If the DoW fails to figure out how to buy advanced systems fast, the best engineering talent will leave the defense sector entirely, viewing it as a graveyard for innovators.

The Valley of Death has become a proving ground for national will and the Pentagon is facing a mid-life crisis. It’s no longer asking “Can we build it?” but rather staring at a finished tech and asking, “Does this come with a 400-page manual we can spend three years editing?” We have the capital, we have the tech, and now we have the budget. If we still can't field the newest gear, the capital flight will be devastating, and the "Arsenal of Freedom" will be little more than an expensive, aging museum.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Nuclear Arms Race Is Accelerating — and the U.N. Looks Increasingly Powerless

OPINION – Last week, the 11th Review Conference of the Parties to the Treaty on the Non-Proliferation of Nuclear Weapons, currently in session at the United Nations, elected Iran as one of its 34 vice presidents. It did so despite Iran's noncompliance with International Atomic Energy Agency safeguards. The unfortunate decision undermines trust in a conference that should focus on the proliferation of nuclear weapons and the emerging nuclear arms race.

Nuclear weapons proliferation In April, IAEA Chief Rafael Grossi warned during a visit to South Korea that North Korea was significantly boosting its nuclear weapons capacity with the completion of a new uranium enrichment facility at the Yongbyon nuclear complex. He called it a "very serious increase" in the production of nuclear weapons. North Korea is believed to have 50 to 60 nuclear weapons. In a few years, it will likely have up to 100 nuclear warheads that can be miniaturized and mated to short-range and long-range ballistic missiles (KN-2, KN-24 and Hwasong-18, -19, and -20) capable of targeting South Korea, Japan and the U.S. China is rapidly expanding its nuclear arsenal and is expected to have more than 1,000 operational nuclear warheads by 2030, with estimates of more than 1,500 by 2035. Based on satellite imagery, China recently completed the construction of new nuclear missile silo fields in Gansu and Xinjiang provinces. It is an apparent "strategic nuclear breakout."

Russia's war with Ukraine Since Russia's invasion of Ukraine in 2022, Russian ruler Vladimir Putin has consistently threatened to use nuclear weapons to deter European and U.S. intervention in the war. Mr. Putin updated Russia's nuclear doctrine: a conventional attack on Russia or Belarus by a non-nuclear state, if supported by a nuclear power, will be viewed as a joint attack, allowing Russia's use of nuclear weapons. Mr. Putin's objective is to deter Western involvement in the war, especially its provision of Ukraine with long-range, precision-guided missiles that can be used to attack Russian territory.

Recent polls in South Korea consistently show more than 70% public support for the country having its own, independent nuclear arsenal rather than relying on U.S. extended deterrence commitments (nuclear umbrella). North Korea's exponential increase in the production of nuclear weapons using plutonium and highly enriched uranium, and the number and sophistication of the short-range ballistic missiles that can target South Korea (and Japan), have convinced the public that it needs its own nuclear arsenal. In the 1970s, the Park Chung-hee government had an active clandestine plutonium nuclear weapons program, which the U.S. forced South Korea to cancel in 1976. Japan has a sophisticated civilian nuclear industry and a stockpile of plutonium, so it is viewed as a leading "latent" nuclear power capable of producing nuclear weapons if desired. Indeed, Japan depends on the U.S. "nuclear umbrella" for protection from the threats of North Korea and China. Yet given North Korea's growing nuclear weapons capability, there is now more of a dialogue in Japan about the value of the nation having its own nuclear deterrent.

Iran's status as a threshold nuclear weapons state has been an issue that countries such as Saudi Arabia, Egypt and Turkey follow closely. Indeed, if Iran acquired its own nuclear weapons, then each of these countries, and others in the Middle East, would pursue their own nuclear weapons capability. They all have the infrastructure necessary to go nuclear, if desired. Things are on pause now, given the ongoing war with Iran, but once the war is over and if Iran continues to enrich uranium, it is possible that Saudi Arabia and other countries would eventually consider acquiring their own nuclear capabilities.

The United Nations U.N. Secretary-General Antonio Guterres said efforts to eliminate nuclear weapons have been eroding and there is a need to "breathe life into the NPT once more." He went on to mention the new dangers to nuclear proliferation from artificial intelligence and concerns about the growing use of AI in military conflicts. The president of the NPT Review, Vietnam's Do Hung Viet, said two previous review conferences (in 2022 and 2015) failed to reach consensus, hoping to find agreement this time. Unfortunately, it is unlikely that the NPT review conference, which ends May 22, will reach consensus on the critical issues related to nuclear nonproliferation.

This piece was originally published by The Washington Times and is published here with permission from the author.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Pakistani General Running Washington’s Backchannel to Tehran

OPINION -- As Washington and Tehran edge closer to escalation, the most critical line of communication keeping the crisis from spiraling is being run not by polished diplomats, but by an unlikely figure: a Pakistani general. Field Marshal Asim Munir, Pakistan’s powerful army chief, has quietly become the key intermediary in the U.S.-Iran standoff, managing what may be the most important backchannel between the two sides. The mediation has thrust Pakistan to the center of the crisis while exposing it to enormous risk.

That position is no accident. While others issued statements, Munir helped broker and later extend a temporary ceasefire, facilitated day-long direct talks between American and Iranian officials, and, most importantly, kept communication alive when both sides were pulling back. For those watching closely, his central role is hardly surprising, but it should give others pause. Under his watch, Pakistan has moved aggressively to court the Trump administration, from nominating President Donald Trump for the Nobel Peace Prize to pursuing ambitious deals in critical minerals and cryptocurrency, even as the substance and viability of those efforts remains questionable.

There is no shortage of players trying to mediate the crisis. European governments have floated proposals, China has offered a framework, and Russia has signaled its willingness to help. The United Nations has called for restraint, even as it remains sidelined. Yet behind the scenes, much of the work preventing escalation falls to Munir, a man President Trump has called his “favorite field marshal.” He avoids the spotlight, rarely gives interviews, and conducts much of his mediation quietly and out of sight, often through trusted liaisons.

Still, Pakistan is not the only channel that matters. Qatar appears to be playing a growing role, with recent reporting suggesting Doha has become an increasingly active backchannel between Washington and Tehran. For now, the Qatari and Pakistani tracks appear more complementary than competing. But Doha’s role also suggests Washington may be hedging, keeping Islamabad in play while relying on a mediator with a longer and more established record of quiet diplomacy with Iran.

Pakistan’s role in all this is driven less by neutrality than by pragmatism. Islamabad has stepped in because it has the most to lose from escalation but also the most to gain from renewed relevance. That calculated gamble runs directly through Munir, who has positioned himself as Pakistan’s de facto power center in running the U.S.-Iran channel. There is also a broader regional calculation at work: Pakistani leaders see any renewed relevance in Washington as valuable not only for the Iran file, but also for restoring Pakistan’s weight in a regional order where India has long enjoyed deeper U.S. ties. The Iran backchannel gives Islamabad a rare opportunity to matter again.

Geography explains part of this. Pakistan shares a long border with Iran and sits close enough to the Gulf to feel the effects of escalation immediately, including from energy shocks, security spillover, refugee pressures, and internal strains that have long tested Pakistan's stability. When tensions ease, Pakistan benefits; when they rise, Pakistan pays the price. That reality gives Islamabad a certain credibility and helps explain why both Tehran and Washington are willing to listen.

But geography alone does not explain Munir’s effectiveness. The man himself does. He is not a diplomat, which may be to his advantage. With a background in military and intelligence, he seems to approach mediation differently. According to regional intermediaries familiar with his approach, where traditional mediators tend to focus on managing meetings and timelines, Munir is more focused on shaping perception: how messages are framed, when they are delivered, and how they are likely to be received. In a crisis defined by deep mistrust and bad faith, framing how something is said and heard can matter as much as what is formally proposed.

By some accounts, Munir is known for being his own analyst extraordinaire – arguably less a consumer of analysis than a producer of it – while testing assumptions, connecting intelligence, and weighing risks across nuclear, regional, and economic fronts. That breadth may give him an edge few mediators have. These assessments are based on private conversations with Pakistani officials, regional diplomats, and intermediaries who have dealt directly with Munir and his circle. The views, however, are far from uniform. Some describe him as disciplined, alert, and unusually well-informed. Others describe a far less impressive and more limited figure, questioning whether his reputation exceeds his depth. But even skeptics acknowledge the one point that Munir has developed rare access at a moment when it matters.

What is not in doubt is that access. Munir has cultivated direct lines into the White House while maintaining enough trust with Iranian hardliners to keep conversations going. This dual access allows him to do more than simply relay messages. He acts as a filter, interpreting signals, adjusting tone, calibrating expectations, and reducing the risk of miscalculation. Much of this effort appears to rely on his trusted intelligence chief, viewed by regional officials as the sharper operator behind the scenes.

Of course, none of this makes Pakistan a neutral actor. Islamabad has clear interests, including stability along its volatile border, steady energy access, and stronger security ties with Washington. But neither Munir hides those interests, nor are Washington or Tehran under any illusion about them. For now, both sides appear to see Pakistan’s incentives as aligned with avoiding escalation. In some ways, a mediator that is open about its motivations can be easier to work with than one pretending to have none.

But this is also where the risks begin.

Much of Munir’s mediation process remains opaque. It is unclear who he engages directly on the Iranian side and whether those figures hold real influence, how messages are filtered before delivery, or how much he blends American and Iranian proposals with Pakistani preferences before they reach Washington and Tehran. Those concerns come not only from the secrecy surrounding the talks, but also from private conversations with regional intermediaries familiar with the process, several of whom described Pakistan’s role as extending beyond simply passing messages. Munir may be softening positions, adjusting language, or even creating the impression of agreement before it fully exists.

These are not minor technicalities and cut directly to the credibility of the mediation, raising questions about whether Pakistan is genuinely acting as a neutral intermediary or subtly steering one side in ways that protect its own interests. Recent reports that Pakistan allowed Iranian military aircraft to shelter on its airbases while mediating the crisis have only deepened those questions about how neutral Islamabad’s role really is.

To be sure, keeping talks alive between deeply distrustful parties is never just about relaying information. Each party needs to believe the other is closer to compromise than it may actually be and that walking away would cost more than staying engaged. That same dynamic arguably shaped the secret U.S.-Iran backchannel in Oman that eventually led to the 2015 nuclear deal, as well as the Doha talks with the Taliban, where mediators often kept all sides at the table despite deep mistrust and repeated breakdowns. In both cases, progress depended as much on managing expectations as on the formal terms themselves. Munir’s role is to sustain that belief long enough for it to become real progress. This means deciding not only what to say, but what to hold back, and when.

That is also where things can go wrong.

Every message Pakistan transmits – including every adjustment in framing, tone, or timing meant to speed up or slow down the talks – shapes expectations. Once set, those expectations become difficult to reverse. If either side concludes it has been misled, whether intentionally or not, trust will collapse quickly. At that point, Pakistan would not simply lose its role as mediator but become part of the problem, with consequences for itself.

This is the quiet gamble at the heart of Munir’s approach. The same skills that make him effective today also carry real risks for Pakistan. If talks succeed, Munir will take the credit. If they fail, questions about what was said, what was promised, and who understood what will come quickly.

There are already early warning signs. A recently canceled follow-up visit by a U.S. delegation to Pakistan suggests growing impatience in Washington and possibly a shift away from Pakistani mediation toward other channels. If that holds, it could quickly weaken Pakistan's position as both broker and venue.

For Pakistan, stepping into this role is also nakedly transactional. Years of economic pressure, declining diplomatic relevance, and internal security challenges have pushed the country to the margins. Acting as the bridge between Washington and Tehran changes that, bringing renewed visibility, greater leverage, and potential economic and security gains. If Pakistan becomes essential to managing the crisis, it becomes harder to ignore.

That is not cynicism but how diplomacy works. Countries with something to gain from a crisis tend to move quickly to stay in the game. The question is not whether Pakistan has interests, but whether they will remain aligned with easing tensions. For now, they appear to be, though alignment in crises rarely stay fixed for long and could change quickly.

As the situation grows more fragile, Pakistan also appears more exposed than it did just weeks ago. Iran's public and private signals remain inconsistent, likely reflecting internal divisions within its leadership. At the same time, Washington’s patience seems to be thinning. The Trump administration’s decision to step back from another round of talks in Islamabad has made it harder for Pakistan to sustain the illusion that progress is within reach.

The risks for Pakistan are becoming clearer. If Iran begins to see Munir as too closely aligned with Washington, trust could disappear quickly. If Washington demands results Pakistan cannot deliver, pressure will mount just as fast. And if the ceasefire collapses altogether, Pakistan will feel the consequences first, both across its economy and within its fragile internal security environment.

There is also a deeper, less visible risk. Every conversation Munir facilitates, every message passed, and every signal exchanged creates a record. If talks fail, both Washington and Tehran will look for explanations—and Pakistan, having placed itself at the center, will be an obvious place to look. A mediator who simply transmits messages generally carries limited exposure, but one who shapes them carries far more.

None of this diminishes Pakistan’s role in helping keep a dangerous situation from getting worse. That alone explains why both Washington and Tehran continue returning to Islamabad – even when frustrated, sometimes with Pakistan itself. But this moment also highlights a broader reality: influence today is not simply about size or formal authority, but about being useful at the right moment, having the right access, and being willing to absorb the risks that come with it.

Right now, Pakistan has all of that and has made itself central to what comes next. It may not resolve the U.S.-Iran conflict or even hold the ceasefire together, but it has succeeded in making itself difficult to bypass while accepting the risks that come with it. In a crisis dominated by public statements, Pakistan is working to shape outcomes quietly from behind the scenes, whether that ultimately stabilizes the situation or drives it closer to collapse.

And that risk runs straight through Munir. His profile is a strength – for now. But in crises like this, proximity to success also means proximity to blame. To sit at the center of brokering a deal is to share in its outcome, good or bad. The same “favorite general” helping hold the line today could just as easily become tomorrow’s scapegoat, with consequences for Pakistan itself.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Congress Faces a Growing Blind Spot in the Pentagon’s Expanding Budget

OPINION -- “That brings me to a concern I want to put on the record. In addition to the billions requested for the F-35 [fighter-bomber] enterprise, several of these programs I consider highest priority are being funded through the mandatory [reconciliation bill] request -- $17.5 billion for Golden Dome [anti-missile system], $7.7 billion for air moving-target indicator, $4.6 billion for munitions equipment, and $3.9 billion for space data network. Mandatory funding [via the reconciliation bill] bypasses the annual appropriations process, which is how Congress exercises its oversight responsibility. If these programs are as critical as the [fiscal 2027] budget request suggests, and I believe they are, then they deserve all the full scrutiny and sustained attention that we on the appropriations process provide.”

That was Rep. Ken Calvert (R-Calif.), Chairman of the House Appropriations Defense Subcommittee, during his opening statement at the April 30, hearing called to go over the fiscal 2027 budgets for the U.S. Air Force (USAF) and Space Force (USSF).

There are two reasons I’m focusing on this Appropriations Subcommittee hearing.

One is because the session was cut short after 53 minutes so members could take part in a House floor vote, but then the hearing was not resumed. When the hearing adjourned, only seven of the 13 subcommittee members present had their five minutes to ask questions, although they were at the end given an opportunity to submit questions in writing.

This was one more example of a House subcommittee just not playing its assigned Constitutional role, but a questionable remedy exists which I will discuss further below.

Equally important, as Calvert pointed out above, the Trump administration is playing around with the normal defense budget process, based on what the House and Senate let them do last year when Congress passed an $839 billion fiscal 2026 Defense Appropriations Bill, but then added another $152 billion for defense in the so-called “one, big, beautiful” reconciliation bill.

This year, as part of the Trump administration $1.5 trillion request to fund the Defense Department (DoD) next year, the Pentagon has planned for $1.15 trillion being inside the base budget, with an additional $350 billion coming from a proposed additional second round of reconciliation bills.

By putting that $350 billion in a later reconciliation bill, the administration seeks to avoid the need for 60 votes for passage in the Senate, which regular legislation would require, but the reconciliation bill needs only a majority vote.

Over at the Senate Armed Services Committee that same day, April 30, Sen. Angus King (I-Maine) brought up the reconciliation idea with Defense Secretary Pete Hegseth, who was testifying about the fiscal 2027 DoD budget.

King asked Hegseth, “Why do we suddenly have a two-part [DoD] budget where this committee and the Congress generally has oversight and input to a process where a quarter of the [DoD] budget [the part in the reconciliation bill] is essentially a slush fund?”

Hegseth responded, “I wouldn't characterize a quarter of it as a slush fund, but I recognize that we see it in totality as a $1.5 trillion budget separation.” Hegseth then unsuccessfully tried to explain by adding, “Why the two pieces…why there are multiple vehicles, but we are fully committed with working with the committee to ensure that the right vehicles are utilized to get precisely this amount $1.5 trillion.”

Meanwhile, there is another chance for the House Appropriations Defense Subcommittee members to ask questions about the DoD fiscal 2027 budget today when Hegseth, Joint Chiefs Chairman Gen. Dan Caine and Acting Assistant Defense Secretary (Comptroller) Jules W. Hurst III appear before them to review the $1.5 trillion DoD budget request.

However there will be a time constraint.

It turns out that the Senate Appropriations Defense Subcommittee also is scheduled to hold its hearing today, May 12, with the same witnesses. The House subcommittee hearing is set for 8 a.m. this morning in a room in the Rayburn House Office Building. The Senate group is scheduled to begin at 10:30 a.m. in a room in the Dirksen Senate Office Building, on the other side of Capitol Hill.

I must point out that at best the House Defense Subcommittee members will have much less than 90 minutes for questions, and if all 18 members show up not all will get their allotted five minutes to ask anything. That is not worthwhile oversight.

Remember the 53 minute House Defense Subcommittee meeting where only seven asked questions? They were only dealing with an Air Force fiscal 2027 budget of $339 billion, which by the way is 38 percent greater than this year. Those same members today will be trying to cover questions about a $1.5 trillion DoD budget that is 40 percent larger than the current one.

Having read all testimony from that shortened April 30 session on the fiscal 2027 Air Force budget, I think the public needs to know more about the sixth generation F-47 which is to be the future world’s most stealthy and lethal fighter. Last year, Boeing won a $20 billion contract to build 185 of them. They will exceed Mach 2 in speed, which is twice the speed of sound and faster than 1,500 miles-per-hour with a combat radius of 1,000 nautical miles.

The F-47s are also designed so that their pilots will be the in-the-air directors of up to eight unmanned AI-driven drones, named by the Air Force Collaborative Combat Aircraft (CCAs). According to what Air Force Secretary Dr. Troy E. Meink told the subcommittee back on April 30, the F-47 “and its integration with autonomous CCA represents a generational leap in combat capability that will redefine the battle-space.”

Meink said, “We are allocating over $5 billion in fiscal year 2027 for F-47 engineering and manufacturing development. The USAF is investing $1.4 billion for CCA testing and development, which puts us on a direct path to procure over 150 CCA by the end of the [five year] Future Years Defense Program, rapidly scaling our combat mass.”

How is all of that progressing?

But one question that needs to be asked at today’s hearings with Hegseth is what’s the reason for dividing the $1.5 trillion budget up in the first place?

At the end of the shortened House subcommittee April 30 hearing, Rep. Joe Morelle (D-N.Y.) asked Air Force Secretary Meink if the division of the DoD budget was “a one year anomaly, or is the Department planning to continue to shift defense funding into mandatory accounts [reconciliation bills] going forward, which would give this committee [House Appropriations] far less oversight over defense spending.”

Meink at first said, “We are always happy to come down and walk through with you how we’re spending the resources, fully transparent, whether it’s reconciliation or in the base budget.”

When Morelle persisted and asked about “the out years,” Meink replied, “I can’t speak to the level of conversation or the [Trump administration] strategy going forward Congressman.”

To which Morelle said, “Let me just say this, and then I’ll yield back…I think this is a dangerous precedent. I think Article One [of the Constitution which established Congress] responsibilities and the role that is vested in this committee to do oversight – I’m a new member [of the subcommittee] – but I think this is really important, not only for congressional integrity and for congressional responsibilities and prerogatives for the American people.”

I agree.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Confidence, Interoperability, and the Limits of U.S. Decision Systems

OPINION -- In recent months, U.S. policy debates have increasingly acknowledged that the decisive contests of the 21st century will not be fought primarily on conventional battlefields. They will be fought in the cognitive domain, through influence, perception, legitimacy, and decision velocity. This recognition is important and depends on an adequate technical and institutional layer to deliver durable strategic advantage.

Cognitive advantage cannot be declared. It must be engineered. Today, the United States does not lack data, expertise, or analytic talent. What it lacks is decision-shaping architecture capable of producing consistently high-confidence strategic judgment in complex, adaptive environments. The result is a persistent gap between how confident U.S. decisions appear and how reliable they are - especially in Gray Zone conflicts where informal networks, narrative control, and societal resilience determine outcomes long before failure becomes visible. Afghanistan was not an anomaly. Nor will it be the last warning.

The Confidence Illusion

In U.S. national security discourse, the phrase “high confidence” carries enormous weight. It signals authority, rigor, and analytical closure. Yet extensive research into expert judgment, including studies of national-security professionals themselves, shows that confidence is routinely mis-calibrated in complex political environments.

Judgments expressed with 80–90 percent confidence often prove correct closer to 50–70 percent of the time in complex, real-world strategic settings. This is not a marginal error. It is a structural one.

The problem is not individual analysts. It is how institutions aggregate information, frame uncertainty, and present judgment to decision-makers. While pockets of analytic under confidence have existed historically, recent large-scale evidence shows overconfidence is now the dominant institutional risk at the decision level.

Recent U.S. experience from Iraq to Afghanistan suggests that institutional confidence is often declared without calibration, while systems lack mechanisms to enforce learning when that confidence proves misplaced. In kinetic conflicts, this gap can be masked by overwhelming force. In Gray Zone contests, it is fatal.

Afghanistan: Studied Failure Without Learning

Few conflicts in modern U.S. history have been studied as extensively as Afghanistan. Over two decades, the U.S. government produced hundreds of strategies, assessments, revisions, and after-action reviews. After the collapse of 2021, that effort intensified: inspector general reports, departmental after-action reviews, congressional investigations, and now a congressionally mandated Afghanistan War Commission.

The volume of analysis is not the problem. The problem is that these efforts never coalesced into a unified learning system. Across reports, the same lessons recur – misjudged political legitimacy, overestimated partner capacity, underestimated informal power networks, ignored warning indicators, and persistent optimism unsupported by ground truth. Yet there is no evidence of a shared architecture that connected these findings across agencies, tracked which assumptions repeatedly failed, or recalibrated confidence over time.

Lessons were documented, not operationalized. Knowledge was archived, not integrated. Each new plan began largely anew, informed by memory and narrative rather than by a living system of institutional learning. When failure came, it appeared suddenly. In reality, it had been structurally prepared for years.

Reports Are Not Learning Systems

This distinction matters because the U.S. response to failure is often to commission better reports. More detailed. More comprehensive. More authoritative. But reports - even excellent ones - do not learn. Learning systems require interoperability: shared data models, common assumptions, feedback loops, and mechanisms that measure accuracy over time. They require the ability to test judgments against outcomes, update beliefs, and carry lessons forward into new contexts. Absent this architecture, reports function as historical records rather than decision engines. They improve documentation, not confidence. This is why the United States can spend decades studying Afghanistan and still enter new Gray Zone engagements without demonstrably higher confidence than before.

Asking the Wrong Questions

The confidence problem is compounded by a deeper analytic flaw: U.S. systems are often designed to answer the wrong questions. Many contemporary analytic and AI-enabled tools optimize for what is verifiable, auditable, or easily measured. In the information domain, they ask whether content is authentic or false. In compliance and due diligence, they ask whether an individual or entity appears in a registry or sanctions database. In governance reform, they ask whether a program is efficient or wasteful. These questions are not irrelevant, but they are rarely decisive.

Gray Zone conflicts hinge on different variables: who influences whom, through which networks, toward what behavioral effect. They hinge on informal authority, narrative resonance, social trust, and the ability of adversaries to adapt faster than bureaucratic learning cycles.

A video can be authentic and still strategically effective as disinformation. An individual can be absent from any database and still shape ideology, mobilization, or legitimacy within a community. A system can appear efficient while quietly eroding the functions that sustain resilience. When analytic systems are designed around shallow questions, they create an illusion of understanding precisely where understanding matters most.

DOGE and the Domestic Mirror

This failure pattern is not confined to foreign policy. Recent government efficiency initiatives-often grouped under the banner of “Department of Government Efficiency” or DOGE - style reforms - illustrate the same analytic tendency in domestic governance. These efforts framed government primarily as a cost and efficiency problem. Success was measured in budget reductions, headcount cuts, and streamlined processes.

What they largely did not assess were system functions, hidden dependencies, mission-critical resilience, or second-order effects. Independent reviews later showed that efficiency gains often disrupted oversight and weakened essential capabilities - not because reform was misguided, but because the wrong questions were prioritized. DOGE did not fail for lack of data or ambition. It failed because it optimized what was measurable while missing what was decisive. The parallel to national security strategy is direct.

Why Gray Zone Conflicts Punish Miscalibration

Gray Zone conflicts are unforgiving environments for miscalibrated confidence. They unfold slowly, adaptively, and below the threshold of overt war. By the time failure becomes visible, the decisive contests - over legitimacy, elite alignment, and narrative control - have already been lost.

Adversaries in these environments do not seek decisive battles. They seek to exploit institutional blind spots, fragmented learning, and overconfident decision cycles. They build networks that persist through shocks, cultivate influence that survives regime change, and weaponize uncertainty itself. When U.S. decision systems cannot reliably distinguish between what is known, what is assumed, and what is merely believed, they cede cognitive advantage by default.

What “90 Percent Confidence” Actually Means

This critique is often misunderstood as a call for predictive omniscience. It is not.

According to existing standards, No system can achieve near-perfect confidence in open-ended geopolitical outcomes. But research from forecasting science, high-reliability organizations, and complex systems analysis shows that high confidence is achievable for bounded questions - if systems are designed correctly.

Narrowly scoped judgments, explicit assumptions, calibrated forecasting, continuous feedback, and accountability for accuracy can push reliability toward 90 percent in defined decision contexts. This is not theoretical. It has been demonstrated repeatedly in domains that take learning seriously. What the U.S. lacks is not the science or the technology. It is the architecture.

Cognitive Advantage Requires Cognitive Infrastructure

The central lesson of Afghanistan, Gray Zone conflict, and even domestic governance reform is the same: data abundance without learning architecture produces confidence illusions, not advantage.

Cognitive advantage is not about thinking harder or collecting more information. It is about building systems that can integrate knowledge, test assumptions, recalibrate confidence, and adapt before failure becomes visible.

Until U.S. decision-shaping systems are redesigned around these principles, the United States will continue to repeat familiar patterns - confident, well-intentioned, and structurally unprepared for the conflicts that matter most. The warning is clear. The opportunity remains.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

When a Charismatic and a Machiavellian Meet

ANALYSIS -- President Trump will visit Beijing later this month for the first time in almost a decade. As a former CIA clinical psychologist, I have conducted many remote assessments of world leaders. I believe this summit presents both great opportunities, and great dangers. Not just because of the economic and political stakes, but because of the highly divergent personalities and styles of leadership of the two Presidents.

Xi’s is a cool-headed introvert, whose political superpower is his iron Machiavellian detachment. This type of leader does not allow himself the pleasures of living within commonplace morality, considering this a form of “feel good” self-indulgence a failure in leadership. According to the code described by Machiavell, a Prince (and Xi is the quintessential Red Prince) puts the needs of his City States ahead of all other considerations. The Machiavellian’s task is to perpetually scan, detect, and then eliminate opponents and threats that stand in the way of a strategically advantageous future. Xi’s combination of detachment, attention to detail and abstinence regarding human needs makes him a formidable foe in conflict or negotiations.

Trump has a “hot” extraverted personality. He draws energy from those around him, is attuned to their moods and needs, and automatically seeks to connect with crowds. A true individualist – the quintessential American Maverick – Trump is a fearless instinctive leader with extraordinary charismatic skill. Trump is preternaturally able to grasp the mood of crowds and engage them. He noted in the press conference he gave immediately after a third thwarted assassination attempt that leaders with “the most impact” are commonly targeted by assassins. It is true that extremely talented charismatic leaders such as Trump, Lincoln, Kennedy, Shinzo Abe, Martin Luther King, and Ghandi are loathed as much as they are loved. These types of leaders engage emotions, good or ill, within the collective unconscious of their supporters and detractors.

When a gifted political charismatic such as President Trump is paired in negotiation with an equally gifted Machiavellian such as President Xi, history-making deals may happen. So too can epoch-defining disasters occur. The summit between Mao and Nixon comes to mind as a world-changing success story. Close observer of both past and present summit might quip the history has flipped which country brought a charismatic (or narcissistic) leader and which a Machiavellian (or paranoid) to the table.

Hitler, Chamberlan, and Stalin come to mind in regard to historical catastrophes when leaders with striking difference in personality. Hitler, though unhinged, poorly educated, and seething with genocidal hatred, possessed extraordinary charismatic talent. He was able to deceive classically educated, upper-crust British Prime Minister Neville Chamberlain, as scrupulous man who disdained popularity or glamour, into believing that the Munich agreement would bring “peace in our time.” Hitler managed the same trick with Stalin, who was Hitler’s equal in bloodlust, paranoia, and ruthlessness, but more cunning and detached rather than deranged. The two signed a non-aggression pact that Hitler broke.

Xi and Trump appear to share a consensus that the current post WW-II rule-based order is inimical to their goals. Each may believe that it is time to negotiate a new set of rules for a world order and believe this falls to them because of their positions as co-equals in world power; Trump has referred to a “G-2” with China. However, both also believe that a leader can only dictate international relations if their domestic power is secured and seen to be untouchable, because anything less than a full “hands off” respect from a political counterpart implies that any deals made are shaky. Hitler did not hesitate to break a deal he made with his ostensibly inferior counterpart.

Both Xi’s and Trump’s political ethics and values are founded on dealmaking. A leader destroys his enemies by making them friends – or at least, by making a frenemy who has an equal share of power that allows the negotiation of lasting deals. Both Xi and Trump believe they have unique mastery of the logic as well as the unconscious dynamics of power. In their calculations, the weak and vulnerable in society are not necessarily forgotten but protected and looked after; however, power is not shared with the powerless.

As demonstrated in their respective “big, beautiful [military] parades” both men love to put on a grand performance. A showman at heart, Trump puts himself in the center of the action and loves the unmediated, moment-by-moment audience reactions. Xi is a master behind-the-scenes director, who is essentially an orchestrator and always a watcher, not an immersive participant. Xi composes spectacles of great precision and complexity.

Ultimately, both men are driven by urgency to protect and restore the historic “spirit” of their cultures, seeming to believe that they were chose by fate for highest office. One’s call to action is: “The Great Rejuvenation of the Chinese Nation” and the other’s slogan is “Make American Great Again.” Both believe in the exceptionalism and manifest destiny of their nations. Is it possible for both men to be right?

Xi and Trump may be an odd couple in world leadership, but we must remember they are part of a very exclusive club whose only members are the two most indisputably powerful men on earth. Within this exclusivity, they understand each other very well, share surprising similarities, and some dangerous differences.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why June Is the Oil Market’s Point of No Return

OPINION -- Two months into the U.S.-Iran war, the global oil market has shifted from shock to siege. The Strait of Hormuz — through which roughly 20 percent of the world’s seaborne oil trade normally flows — remains effectively shut. And while Brent crude hovers around $108–$115 per barrel, the real story isn’t the price on screen today. It’s the inventory math that’s quietly counting down to a crisis the world has never faced at this scale.

The Illusion of Plenty

A new JP Morgan flash note, aptly titled “The Illusion of Plenty,” lays out the arithmetic in blunt terms. At the start of 2026, the world held approximately 8.4 billion barrels of oil and oil products — a number that sounds reassuring until you examine what’s actually usable. According to JP Morgan’s analysis, only around 800 million barrels of that stockpile can be drawn without pushing the physical system into what they call “operational stress.” Roughly 35 percent of that accessible buffer had already been consumed by late April.

The distinction between oil-on-paper and oil-you-can-actually-use matters enormously. Much of the global stockpile is locked up in pipeline fill, minimum tank levels, refinery feedstock requirements, and other operational necessities. Draw below those floors and you don’t just run short — you damage the infrastructure itself. Pipelines lose flexibility, terminals seize up, and refineries lose the feedstock they need to function.

Goldman Sachs reinforces the urgency: global oil inventories are draining at a record pace of 11 to 12 million barrels per day, driven by the loss of roughly 14.5 million barrels per day of Middle East crude production. The IEA has called this the largest supply disruption in the history of the global oil market. That’s not hyperbole — it’s the assessment of the institution responsible for coordinating emergency energy responses among developed nations.

June: The Tipping Point

JP Morgan now projects that oil stockpiles will enter “operational stress” territory by early June and hit an “operational floor” by month’s end. At that point, the market isn’t absorbing a shock anymore — it’s depleting its last reserves in real time, and price becomes the only mechanism left to ration supply.

Traders are already warning that the math points to prices well beyond current levels. Macquarie Group has modeled scenarios reaching $200 per barrel if the war extends into June, assigning a 40 percent probability to that outcome. Worst-case modeling — such as Iranian strikes disabling Arabian pipeline alternatives — pushes theoretical prices as high as $370. These aren’t predictions; they’re stress tests. But they reflect the uncomfortable reality that the market is being asked to absorb something historically unprecedented.

The world will need to shed approximately 11 million barrels per day of demand to match remaining supply. For context, the COVID-19 pandemic — which locked down the entire global economy — produced a demand drop of roughly 9 million barrels per day. The oil shocks of 1973, 1979, and 2008 each cut demand by no more than 5 million. What the market is now being asked to do, through price signals alone and on a timeline of weeks rather than years, has never been accomplished.

Asia Is Already There

The crisis isn’t theoretical in Asia. Roughly 84 percent of crude oil that transited Hormuz in 2024 was headed to Asian markets, with China, India, Japan, and South Korea absorbing the bulk. Asian buyers ran through their Gulf-origin supply roughly two weeks before Europe and the United States. The consequences are already visible: factory shutdowns, government-imposed fuel rationing, cooking gas shortages, more than 150,000 flight cancellations, and severe strain on power grids now running on fumes.

Pakistan depends on the Gulf for 99 percent of its LNG. Vietnam sourced 80 percent of its crude from Kuwait. Bangladesh is facing recession-like conditions and has ordered universities and commercial establishments into early closures to conserve energy. The Philippines declared a state of emergency in late March. India, which imports 85 percent of its crude, has slapped export duties on diesel and aviation fuel while racing to connect households to piped natural gas from domestic fields.

This is what the front edge of an energy crisis looks like — and it hasn’t hit the West at full force yet.

The Western Countdown

For now, America benefits from its position as the world’s largest oil producer and LNG exporter. U.S. crude exports have surged to record levels — 6.44 million barrels per day — as global buyers scramble for non-Gulf supply. Gas prices have risen over a dollar a gallon since the war began but remain manageable compared to Asian spikes.

That insulation won’t last forever. Gunvor Group’s head of research has warned that without a reopening, the world faces a macro crisis and recession, with June as the clear inflection point. Macquarie’s strategists caution that the real pain arrives when diesel shortages hit — because diesel is the backbone of global goods movement. When it becomes scarce, the disruption cascades from trucking to manufacturing to retail shelves.

Europe sits in an especially vulnerable position. The continent entered this crisis with historically low gas storage levels after a harsh winter, and its dependence on Qatari LNG transiting Hormuz compounds the energy squeeze. The European Central Bank has already cut GDP growth projections and modeled scenarios where Brent at $145 cuts the eurozone’s growth in half.

The Strategic Question

President Trump has stated his intention to maintain the U.S. naval blockade of Iranian ports for “months,” framing it as maximum economic pressure. Iran’s new supreme leader, Mojtaba Khamenei, has pledged to retain control of the strait and refuses to relinquish nuclear or missile capabilities. Despite a fragile ceasefire announced in early April, ship traffic through Hormuz remains negligible.

This creates what is effectively a mutual chokehold: the U.S. blockade strangles Iran’s economy, while Iran’s closure of the strait bleeds the world’s oil reserves dry. The question now is which pressure point breaks first — and whether the answer arrives before June’s tipping point or after it.

For those of us who spent years studying energy markets during previous Gulf crises, there’s a temptation to assume the system will muddle through as it always has. But the scale here is genuinely different. Previous disruptions removed 2 to 5 million barrels per day from the market. This one has removed closer to 10–15 million. Previous crises had functioning alternative routes and infrastructure. This one has seen physical damage to Gulf production facilities and export terminals. And critically, previous drawdowns unfolded over months or years. This one is compressing into weeks.

June is coming fast. The buffers are thin. And the market is about to find out whether price alone can do what government edicts and pandemic lockdowns struggled to accomplish.

The author is a former CIA intelligence officer with extensive experience on the Near East. This analysis draws on open-source reporting, regional analysis, and publicly available assessments. All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Watch my Special Competitive Studies Project podcast, Intelligence at the Edge!

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The New Extremist Recruitment Funnel Starts With Children

OPINION -- Technology has a way of helping us skip steps.

China skipped mass adoption of credit cards and went straight to mobile payments. Nigeria bypassed landlines and went directly to mobile networks. Indonesia moved past cable and into streaming. That’s infrastructure leapfrogging—when entire systems evolve because a better alternative arrives before the old one fully forms.

Since Covid-19, we’ve seen a different kind of leapfrog—one that operates at the level of behavior, not infrastructure. TikTok replaced the social graph with the algorithm. Gaming platforms replaced traditional social environments. And generative AI has removed the barriers between languages, domains and audiences.

The result is a compression of how people discover, evaluate, and act.

In the business world, we are always wondering how we can compress the marketing funnel. Can we move through the phases of awareness, consideration, evaluation, and purchase faster? With AI, we can as sales cycles that took months can now happen in days. Wonderful.

Unfortunately, extremist groups have come to the same conclusion.

They are no longer pursuing recruits step-by-step over time. That’s old school.

They are engineering systems that compress exposure, trust, and commitment into a single, continuous experience—one that increasingly begins and ends with children.

The data reflects the shift. In 2024, the UK reported that one in five terrorism-related arrests was for a young person under age 18. Better detection explains part of the increase—but not the magnitude. What has changed is the system and it is a system that directly impacts humans under the age of 18, which account for about one-third of the global population.

The Leapfrog

Traditional radicalization followed a sequence: exposure, ideological grooming, social belonging, commitment, and then action. It required time, proximity, and human effort. We know this cycle well.

Today, those stages are no longer sequential. They are compressed—and in many cases, bypassed entirely.

Social media provides reach. Gaming provides trust. Private networks provide control. Language provides conversion efficiency.

On TikTok, algorithmic recommendation engines push content to users without intent. Exposure is passive, continuous, and personalized. A user does not have to search. They are found.

From there, engagement often shifts into gaming environments—platforms that function as trusted social spaces, particularly for younger users. These are not viewed as risky environments. After all, this is where friendships are formed, identities are shaped, and precious time is spent.

That trust matters. Because radicalization rarely begins with ideology. It begins with belonging.

One documented example is a loosely organized online extremist network, the “764 Network,” which often starts in a gaming platform. Initial contact is made in-game. From there, users can be invited into private servers, where interaction becomes more controlled, more persistent, and more difficult to monitor. The conversion event is not belief—it is migration into a closed environment.

This pattern is not new. ISIS and other groups have long used a similar model—broad distribution across open platforms followed by migration to encrypted channels like Telegram. What is new is the speed, scale, and accessibility of the system—and the age of the participants.

Artificial intelligence is now accelerating the process further.

A human recruiter might manage five to ten conversations at once. An AI system can manage thousands in native language. It can triage, profile, and personalize interactions in real time. It can simulate peer relationships, maintain constant engagement, and adapt messaging dynamically.

What once required time and effort now requires only access.

And for younger users, the system is particularly effective.

Children are more exposed to algorithmic content. They spend more time in gaming environments. They are in earlier stages of identity formation, actively seeking belonging and meaning. And they are less likely to distinguish between human and synthetic interaction.

It is reasonable to conclude this system doesn’t just reach children—it is optimized for them.

If we map this to the marketing funnel, the structure becomes clear:

- TikTok provides awareness through algorithmic reach
- Gaming platforms provide consideration through social interaction
- AI enables evaluation through personalized reinforcement
- Private networks like Telegram enable conversion and commitment

What once took months—or years—can now happen in days. The recruitment funnel is compressed.

There are additional accelerants.

Language has become a major force multiplier. Groups like Al-Shabaab now release content simultaneously in multiple languages, dramatically expanding reach and reducing friction for local audiences. AI enables instant localization at scale.

At the same time, platform defenses have not kept pace.

Much of the current counterterrorism framework was built for an earlier version of the internet—one that was public, adult, and relatively easy to monitor. Today’s environments are different: private servers, encrypted messaging, voice chat, and friends-only networks.

Gaming platforms in particular sit largely outside traditional terrorism policy frameworks. Moderation is limited, visibility is constrained, and activity often occurs in spaces that were never designed for oversight.

Even where monitoring exists, it is uneven. Think of it this way. Extremists focus on any language that does not generate enough revenue or political pressure to support investment in human moderators and AI classifiers. Less common languages such as Amharic, Burmese, Pashto, Indonesian, Swahili, Kurdish and many other languages represent platform blind spots that can be exploited at scale.

A New Recruitment Model

This new recruitment funnel can be summarized as the 3Cs.

Capture – attention via algorithm

Connect – trust via social environments

Convert – behavior via AI persuasion

That convergence is the breakthrough.

It is not simply an increase in activity—it is a structural shift.

The age floor of who is targeted for recruitment is dropping because the system now favors it.

It is earlier, faster, and more scalable to reach youth, occurring in environments that were never designed to defend against it.

And that is the point. We are no longer dealing with a content problem. We are dealing with a system design problem.

The question is not whether children will encounter these situations. They will. It is whether the systems around them are built to stop or slow them.

Today, they are not.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Intelligence Community’s Acquisition Revolution: Can Washington Move Fast Enough?

OPINION -- On February 9, the CIA announced a major overhaul of its technology acquisition from the private sector. Director John Ratcliffe described it as “a radical shift towards a culture of speed, agility, and innovation,” while Deputy Director Michael Ellis declared that “CIA is open for business” in areas ranging from AI to microelectronics. With DARPA veteran Efstathia Fragogiannis now leading procurement, the agency is attempting to dismantle structural barriers that have long prevented it from rapidly adopting commercial innovation.

The announcement is significant in its own right. But it is not occurring in isolation. It comprises a broader wave of institutional reforms; at least four major initiatives were launched in rapid succession, all aimed at the same challenge: the national security enterprise must move at the speed of modern technology.

The CIA acquisition overhaul is the most visible. For years, intelligence community procurement timelines have been a frustration for innovative companies. Startups with relevant capabilities have routinely found the contracting process so slow and opaque that many simply walked away. The new framework seeks to fix this problem at a structural level, not just through incremental process tweaks. Fragogiannis’ DARPA background suggests an effort to import that organization’s flexible, high-tempo acquisition model into Langley.

A second reform is the creation of the AI Information Sharing and Analysis Center (AI-ISAC), mandated by the White House’s AI Action Plan and led by the Department of Homeland Security in coordination with Commerce and the Office of the National Cyber Director. In contrast to traditional ISACs, which are organized by infrastructure sector, the AI-ISAC is organized around a technology. This reflects an important shift: AI is now a cross-cutting capability that creates new vulnerabilities across every sector simultaneously.

Third is ANCHOR, the Alliance of National Councils for Homeland Operational Durability, which will replace the long-standing Critical Infrastructure Partnership Advisory Council (CIPAC). CIPAC served for nearly two decades as a principal mechanism for government–industry collaboration on infrastructure security, but its dissolution in 2025 highlighted the demand for a more modern framework. ANCHOR is intended to provide that replacement, with updated structures designed to better reflect today’s threat environment.

The fourth and most consequential change is the forthcoming National Cybersecurity Strategy. National Cyber Director Sean Cairncross has previewed a six-pillar approach focused on shaping adversary behavior, modernizing federal systems, securing critical infrastructure, maintaining dominance in emerging technologies, improving the regulatory environment, and dealing with the cyber workforce gap. The emphasis on deterrence (moving from reactive defense to proactive shaping of adversary behavior) signals a strategic change that will directly affect how agencies rank and procure technology.

For those of us who have spent careers inside the federal government, this pattern is familiar: bold announcements, ambitious frameworks, and then the hard work of implementation against entrenched processes. The distinction today is the nature of the threat.

The rise of agentic AI, autonomous systems capable of planning and undertaking complex operations, has fundamentally changed the offense-defense balance in cyberspace. Adversaries are using these tools rapidly. Meanwhile, the U.S. national security enterprise is attempting to acquire comparable capabilities through legacy processes that were never designed for the pace of AI innovation. Every month of procurement delay is a month in which competitors gain ground.

For defense contractors and technology firms, these converging reforms create both opportunity and uncertainty. Across multiple agencies, the government is communicating a desire to interact more directly with industry and to adopt high-tech capabilities faster than before. The CIA’s explicit invitation to startups and innovators is the clearest expression yet that the Intelligence Community recognizes the immediacy.

But speed alone will not determine success. The companies most likely to benefit will be those that can demonstrate more than technical excellence. They have to demonstrate integration readiness, the ability to deploy solutions securely into government environments, interoperability alongside existing systems, and scalability within demanding compliance frameworks such as CMMC and emerging AI security standards. The era of selling isolated point solutions is ending; government customers increasingly need platforms and capabilities that fit within elaborate, mission-critical ecosystems.

Ultimately, the challenge is not simply to buy faster, but to buy smarter. Real progress will depend on enduring collaboration between government and industry, on integrating security by design, and on building acquisition models that reward outcomes rather than process.

Washington’s intent is clear. The scope of these projects demonstrates genuine recognition that the old ways are no longer sufficient. The real test will be whether that urgency can be maintained over the years, not just weeks.

If execution matches ambition, 2026 may be remembered as the year the national security enterprise finally began to close the gap between the speed of technological change and the speed of government response. That would represent more than an acquisition reform; it would represent a strategic transformation and a critical national advantage.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Two Fronts, One War: Why Ukraine and Iran Are Part of the Same Fight

OPINION -- I recently had the opportunity to take part in a panel discussion on geopolitical issues at the Kyiv Security Forum in Kyiv. One of the key issues covered by the panel was the status of Russia’s continued aggression against Ukraine and continued Western support for Ukraine. This is a topic I have addressed publicly many times since retiring from the CIA during public and private speaking engagements, podcasts, and various news shows. What I stated in Kyiv was no different than what I have argued in the past – the “West”, led by the U.S., should continue to provide Ukraine with the military, economic, diplomatic, political and morale support needed to continue facing down Russian dictator Vladimir Putin and his unjustified war against Ukraine. Ukraine is fighting for its existence, and we need to stand with the Ukrainians as they defend their right to exist. We should never allow Putin, or any other foreign leader, to dictate who has the right to “be”. Thankfully, none of the other panelists disagreed with this point of view. We need to help the Ukrainians defend themselves against foreign aggression and tyranny.

But what was surprising was to hear one of my fellow panelists criticize President Donald Trump and his administration for initiating military operations against the Islamic Republic of Iran (IRI) (Operation “Epic Fury”) in late February 2026. My fellow panelist argued that it was a mistake for the U.S. to start “Epic Fury” because the operation was drawing off resources that should be directed to supporting Ukraine and resulted in the closure of the “Strait of Hormuz”, the rise in energy prices and a decision by the White House to temporarily end sanctions against “Shadow Fleet” tankers that were already at sea carrying Russian oil.

From my optic, some of the statements made against “Epic Fury” have a basis of fact. For example, it is clear that in the run up to “Epic Fury” the U.S. Military directed its limited group of air defense resources to the Middle East to protect U.S. and allied interests given the rising risks of a military confrontation with Iran. The closing of the Strait of Hormuz” has led to a rise in energy prices at a time when the Russian economy was struggling under the pressure of U.S. and European Union (EU) sanctions and the increasingly effective use of “deep strikes” by the Ukrainians against Russia’s energy infrastructure. But the conflict in the Gulf has not resulted in a significant increase in revenue for the Russian State budget and, as one Ukrainian Air Defense officer recently told me, U.S. and Israeli operations targeting Iran’s defense production capacity and armed forces have limited Tehran’s ability to provide Russia with weapon systems and equipment that Moscow had been using before February 2026 to sustain air attacks against Ukraine. Unfortunately, while some argue that the Iran conflict has also distracted the White House from pursuing peace negotiations between Moscow and Kyiv, negotiations have continued but have made little progress, not because of the Iran issue, but because the Russians continue to take a maximalist stance vis a vis talks and Putin has shown little real interest in ending his war against Ukraine.

But more than anything, I am always surprised when I hear Americans and Europeans argue that the operation against Tehran is a mistake, while in the same breath, they demand continued support for Ukraine. For me, as stated above, the U.S. has a responsibility to help Ukraine protect its existence from the terror it faces from Moscow. At the same time, Washington and Brussels also have a responsibility to help Israel defend itself against Putin’s allies in Tehran, who have been threatening to destroy the State of Israel since seizing power in Iran in 1979? Helping Ukraine is the right thing to do. So is helping Israel defend itself against the threat of annihilation.

Those arguing against military operations in Iran view the military conflict with the Islamic Republic as being separate and isolated from our conflict with Russia, but that is not the case. The regimes in Moscow and Tehran formed a strategic alliance against the U.S. and its allies years ago and have both been working to undermine Western interests for years. Iran has been supplying Russia’s war machine with Unmanned Aerial Vehicles (UAVs), ballistic missiles, munitions and spare parts since the start of Moscow’s full-scale invasion of Ukraine in February 2022. In turn, Russia has been providing the Iranians and their proxies with weapons systems, advanced technology, diplomatic and political support for years. Importantly, the Russians have also been providing Tehran with direct intelligence support, including targeting data on U.S. forces in the Middle East. Ukraine’s fight for its survival and the U.S. – Israel operations against the IRI are not two separate “wars”, but are two fronts in one common war. The demise of Putin’s allies in Tehran will be a victory for Ukraine. Ukraine’s defeat of Russia will be a victory for the U.S. and collective West, including Israel.

I cannot agree with those who attack President Trump for finally responding to Iranian threats against the U.S. and its allies with force. That action was long overdue and, while the President gave the Iranian’s a year to try to negotiate a resolution to the serious differences we had with the Islamic Republic, when those efforts failed, President Trump should be given credit for showing the type of resolve on Iran that his predecessors failed to show for far too long. It is likely that the U.S. President understood that in making the decision to start “Epic Fury”, he recognized that this decision would be attacked by his opponents and unpopular with many of his supporters, especially the “isolationist camp” in the Republican Party. Making the decision in advance of mid-term elections would be difficult for any President and President Trump deserves credit for taking a principled stand in support of U.S. and allied interests.

Unfortunately, while the President is “right” on Iran, since returning to the Oval Office he has been wrong on Russia. Like the Iranians, he gave Putin over a year to negotiate an end to the war in Ukraine and contrary to the Kremlin’s ongoing efforts to blame Kyiv for the failure of those negotiations, it is Moscow that has refused to make any concessions needed to end the fighting. Instead, he has consistently tried to manipulate the President and his inner circle and lied to the White House about who started the war and who is standing in the way of peace.

In October 2025, President Trump appeared to have reached his limit with Putin’s game playing when he canceled a planned summit with Putin in Budapest and slapped new sanctions on Russia’s major energy companies. In a clear sign of desperation, Putin panicked and immediately sent his “American Whisperer” Kirill Dmitriyev to the U.S. to try to convince Trump’s inner circle that Putin was ready to negotiate. The Kremlin then executed an effective covert influence operation by making sure some aspects of Dmitriyev’s discussions with U.S. officials were leaked to the media, undermining U.S. credibility, driving a wedge between Washington and its European partners and creating the false impression that the U.S. and Russia were in “cahoots” and ready to sell out Ukraine in order to secure potentially lucrative business deals in Russia in the future.

President Trump has criticized his predecessors for allowing Putin to “outplay” them. To date, he allows Putin to do the same to him. But it is not too late for Trump to reverse that trend and demonstrate to the world that he will not be outsmarted by Putin. The President should sign the bipartisan sanctions package prepared by Republican Senator Lindsey Graham which would send a powerful message to the Kremlin that the U.S. is no longer willing to tolerate Putin’s stalling on negotiations and place enormous additional pressure on Putin to agree to make necessary concessions needed to end the war.

President Trump can send a strong message to Kyiv and other U.S. allies that the U.S. Administration will not be deceived or manipulated by the Kremlin and it is ready to show the same resolve towards Moscow that it is showing on Iran. It will also send a message to America’s enemies that the U.S. will take a consistent stand against those countries that threaten the U.S. and its allies. This message not only needs to be heard in Moscow, but should also be heard in Pyongyang, Beijing and any other capital where a dictator or autocratic regime is considering attacking one of America’s allies.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Getting Our Adversaries Out of Cuba Should be our Immediate Goal

OPINION -- Since 1959, the U.S. and Cuban relationship has been defined by gray zone operations that have occasionally broken out into open confrontation. At the same time, Cuba has been the proxy area for US adversaries to spy on the US homeland and endanger US security. Due to a convergence of events, Cuba and the US are poised for a monumental change in the relationship that could move from gray zone activities to a more positive transactional diplomatic relationship, but there is a long way to go before we get there and the US must stay focused on its goal of increased security for the homeland.

Cuba is a master at gray zone activity with the US as the focus. In July 2024, the National Intelligence Council defined gray zone activity as:

The deliberate use of coercive or subversive instruments of power by, or on behalf of, a state to achieve its political or security goals at the expense of others, in ways that exceed or exploit gaps in international norms but are intended to remain below the perceived threshold for direct armed conflict. Gray zone campaigns are commonly characterized by a sustained, multi-domain approach, indirect methods, and deliberate ambiguity about their aims and sponsorship.

When Fidel Castro came to power in 1959, he disrupted the geopolitical landscape with promises of wealth, education, and medical care for all. Cuba supported revolutions across the globe. It was a leader in the nonaligned movement. It exported doctors and supported medical education from countries across Latin America and Africa and then used those Cuban educated doctors to provide pro-communist propaganda to local populations along with their medicine. These were classic, gray zone activities.

As part of its multi-faceted approach to foreign policy, the Cuban government also worked with US adversaries to counter US national security. The Cuban missile crisis is a memorable and important example. Over time, Cuba developed the island into a listening post for US adversaries willing to pay for the privilege.

After the Cold War ended, the U.S. tried different approaches with the island. President Bill Clinton signed the Cuban Liberty and Democratic Solidarity Act, which strengthened the U.S. embargo and set stringent conditions for the lifting of sanctions. President Barack Obama kept the trade embargo intact but restored diplomatic relations with Havana, relaxed economic sanctions, and removed Cuba’s designation as a state sponsor of terrorism. Obama’s Secretary of State, John Kerry, called the Monroe Doctrine dead. This opened the island to US tourism and separated families were able to visit each other. In 2017, President Trump rolled back Obama’s normalization efforts and enacted more than 240 measures tightening sanctions against Cuba. Now the administration has administered a blockade, arrested the leader of Cuba’s closest supporter, President Maduro in Venezuela, and put Cuba’s other two supporters, Russia and China, on notice that the US is expecting them to back off the relationship. On January 29, President Trump signed an executive order that says:

Cuba hosts Russia’s largest overseas signals intelligence facility, which tries to steal sensitive national security information of the United States. Cuba continues to build deep intelligence and defense cooperation with the PRC. Cuba welcomes transnational terrorist groups, such as Hizballah and Hamas, creating a safe environment for these malign groups so that these transnational terrorist groups can build economic, cultural, and security ties throughout the region and attempt to destabilize the Western Hemisphere, including the United States.

On 1 May, President Trump signed a new executive order strengthening sanctions against Cuba and Cuban leaders and again calling out its relationship with Hizballah.

While the Cuban government neglected and mismanaged the economy, it has continued to support US adversaries and focused on anti-US activities. Meanwhile, the country is in a humanitarian crisis, with electrical grid failure, hospitals canceling surgeries, and schools and businesses closing. In the last several years nearly 3 million people have left the island. The government is in survival mode with its once well-respected military and spy services riddled with corruption and hollowed out. These trends began before the US kicked away the lifelines that kept the economy barely hobbling along. Cuba’s allies, Russia and China, have provided minimal economic support while maintaining their presence in Cuba’s national security institutions. Without much else to lose, some Cubans are lashing out at their leadership. Some are lashing out at the US. Most are trying to make it through each day.

Understanding the US-Cuba Dynamic

As an intelligence analyst for the US government, I worked with academia to develop insights into nation states that would help us analyze leadership reactions to specific events. Florida International University (FIU) spearheaded a series for us on Strategic Culture in Latin America. We defined strategic culture as the combination of internal and external influences and experiences—geographic, historical, cultural, economic, political and military—that shape and influence the way a country understands its relationship to the rest of the world, and how a state will behave in the international community. In FIU’s 2009 report, the experts they gathered explained:

·Cuban strategic culture is offensive, nationalist, and wary of US intentions;

·Regime change will have to be a Cuban affair;

·The elite in Cuba came to power on a wave of anti-US vitriol and lived firsthand through US efforts to undermine their government;

·If the US wants to change the relationship with Cuba, it must reduce the sense of threat ingrained in the elite’s strategic culture.

These insights should help our government develop strategies that will meet US goals.

Next Steps

If the US administration stays true to form, it will not force a new democratically disposed government in Cuba. This is currently an unrealistic goal. This US administration, following its pattern in Venezuela and Iran, will insist on a government that will work with it. Ever the optimist, I believe that this transactional approach to diplomacy might be the beginning of the change that has eluded the island for nearly seventy years; if the US approaches Cuban leaders in the appropriate way.

Given the entrenched elites and what we know about the nation’s strategic culture, the US will have to take a long-term approach to force the changes it is looking for. Appealing to the elites’ economic needs while foregoing coercive or inflammatory language will have the best reaction and should have a trickle-down effect on the rest of the Cuban population. Focusing on pushing the Russian and Chinese national security institutions from the island is an area that might have some success. It is specific, understandable, and the Cuban leadership cannot realistically expect either country to offer much more than rhetoric and a little aid to counter the US.

What is to be Gained?

There is little for the US to gain economically from forcing Cuba to work responsibly with Washington. Cuba has few natural resources, it is a small market, and it will take vast resources to rebuild the infrastructure and reverse the decades of environmental damage that will give Cubans the opportunity to redevelop the agriculture and tourist sectors.

A clear message on why the US is focused on Cuba is important. Concentrating that message on homeland security sets the tone for our adversaries that says that we will not tolerate their spying on our borders. It tells the Cuban government leadership that we are focused on how they are affecting us and not on removing them from power. This goal of a Cuba, free of Russian and PRC listening posts is a stretch, but it is realistic and would be significant.

There are two clear victories in creating closer ties between the US and Cuba. One is humanitarian. With increased interaction between the US and Cuban governments, there will be more freedom when it comes to information but I am not yet convinced that in the short term, a new regime will treat its people any better. Such a sea change will take new leaders that have exposure to the west and that will take time if not a generation to happen.

The second victory and one that I believe is more achievable would be in the national security sphere. Winning the strategic competition vis a vis Russia and China and securing US borders would be an important milestone. To move forward with the relationship, the US must insist that Havana offer the U.S. guarantees that it will reverse its security relationship with U.S. competitors like Russia and China. By demanding that Cuba strip itself of Russian and Chinese intelligence presence on the island, the US helps secure our own supply chains and the important national security infrastructure that resides close to Cuba in Florida with the multiple combatant commands and military bases. This would be a sea change from the 70 years of sharing our southern waters with adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Corporate Cybersecurity Is the New Frontline of National Security

OPINION -- For decades, national security was defined by geography: borders, terrain, and physical infrastructure shaped how nations defended themselves and projected power. The private sector, while important, was largely adjacent to this domain. Companies built products and generated wealth, but they were not themselves considered strategic terrain.

That distinction no longer holds. Governments do not own the terrain on which this conflict is being fought. Today, the frontlines of national security run directly through corporate networks.

The Collapse of the Public–Private Divide

Modern conflict is no longer confined to military domains. It unfolds continuously across digital infrastructure, in cloud environments, software supply chains, and data platforms, most of which are owned and operated by private companies.

Adversaries have adapted accordingly. Rather than confronting states directly, a new strategy has emerged: target the systems that states depend on. This includes logistics platforms, financial networks, cloud providers, and energy grids. The result is a fundamental shift: corporations are no longer adjacent to conflict; they are participants in it.

This shift is already here. Ransomware campaigns now disrupt healthcare systems at scale, producing effects once associated with geopolitical bombing campaigns without crossing a border. Nation-state actors maintain persistent access inside critical infrastructure not to destroy, but to position. In each case, the battlefield is corporate, the targeting is consequential, and the effects are systemic.

Synthetic Asymmetry and the Corporate Target

Understanding why corporations have become the primary terrain in this conflict requires a framework that explains the underlying logic. Synthetic Asymmetry, a concept I introduced in The Cipher Brief in 2025, describes the ability of actors to generate disproportionate impact through the convergence of inexpensive, networked, and rapidly iterating technologies.

Asymmetry was once a condition. Synthetic Asymmetry is a strategy.

The key insight is that the cost-to-impact ratio of offensive operations has inverted. Traditional military power required mass and industrial capacity; Synthetic Asymmetry requires only access. A modestly resourced exploit developed by a small team, or even an AI, can now paralyze a $50 billion logistics firm, effectively neutralizing a nation's supply chain without a shot being fired.

Corporate environments are, by design, optimized for exactly the kind of interconnection that Synthetic Asymmetry exploits. A single vulnerability in widely used enterprise software can cascade across borders. A compromised cloud environment can simultaneously expose entire sectors. These are state-level operations, executed through corporate infrastructure, against national interests.

The Incentive Misalignment Problem

Despite this reality, most corporations remain structured as if cybersecurity were a cost center rather than a national security function. Boards prioritize efficiency and shareholder returns. Security investments are justified via risk reduction or compliance, not systemic resilience.

National security logic demands redundancy and layered defense. Corporate logic treats both as inefficiencies. This tension is structural — the predictable result of asking private actors to bear geopolitical costs that the current incentive environment does not reward.

The Expansion of Corporate Sovereignty

As corporate systems become more critical to national outcomes, a subset of companies is increasingly exercising forms of de facto authority once associated with states. We have seen this play out in real-time in the Ukraine theater:

Starlink became a literal lifeline for Ukrainian command and control, yet its availability was subject to the shifting calculus and jurisdictional constraints of a private entity.

Microsoft acted as a first responder and a digital intelligence agency, moving Ukrainian government data to the cloud and neutralizing Russian "wiper" malware before many state actors had even characterized the threat.

These decisions carry consequences normally associated with states, made by organizations that often lack formal mandates or the full intelligence context required for such high-stakes choices. The gap this creates cuts both ways: reactive and inconsistent decision-making on one side; a form of national-scale capacity that no government can replicate unilaterally on the other.

Strategic decision-making authority is now being exercised by entities that were never designed to hold it.

Toward a New Security Model

If corporate cybersecurity is now a frontline, our models must evolve:

Treat Corporate Networks as Critical Terrain. Deepen integration between governments and the private sector beyond simple information-sharing. Coordinated response models must reflect the reality that consequential national infrastructure is privately owned and operated.

Reward Resilience Instead of Penalizing It. Market structures currently punish resilience as inefficiency. Sector-specific liability frameworks should balance accountability for under-investment with "safe harbors" for those who meet a defined floor of systemic resilience.

Build Executive Strategic Literacy. Corporations need access to relevant threat intelligence at the appropriate classification level, and leadership that understands where business risk and geopolitical stability intersect.

The Stakes

The character of conflict has changed. It is continuous, distributed, and fought through the systems that underpin modern life. Policymakers and executives who still view cybersecurity as an IT risk are operating with a map that no longer matches the terrain.

In the era of Synthetic Asymmetry, strategic advantage belongs to those who understand the environment in which they are actually operating. The network is now part of the national security perimeter. The question is whether we are prepared to defend it accordingly.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Russia’s Victory Day Parade Signals Anything But Victory

Снявший голову, по волосам не плачут

(When your head is cut off, you don’t cry about your hair)

- Old Russian Proverb

OPINION – Russia is readying for Victory Day celebrations at a time when Moscow is anything but victorious as its unprovoked war on Ukraine enters its fifth year of destruction and devastation. And for the first time, the impact of that war will be on full display in Moscow.

Russian President Vladimir Putin is hoping to remind Russians of the achievements of the Soviet Union in their defeat of Nazi Germany. He also wants them to believe that it is he, Putin, who has returned Russia as a military power to its proper place in the pantheon of world states. But this year’s Victory Day celebration and its centerpiece parade through Red Square will be something quite different ranging from who will be there, to what will be on display.

In part out of concern over potential Ukrainian drone strikes, there will be very few foreign leaders or dignitaries in attendance. There will even be reduced representation of the leadership of the Russian Federation present on Lenin’s tomb - the traditional place of honor. In the parade itself, there will be no Russian military hardware (armored vehicles and missiles) driven through the square.

The diminishment of the parade is a big deal, having witnessed five of them myself, I have seen what the victory celebration means to many Russians. The reduction in the size of the parade is clearly out of concern for a possible Ukrainian attack, but a more honest celebration this year would be for the current leadership of Russia to acknowledge the responsibility of the Soviet Union for the Second World War starting in the first place - with the division of Eastern Europe between Nazi Germany and the Soviet Union as defined in the Molotov-Ribbentrop Pact of August 1939, which became known as the German-Soviet non-aggression pact. It was signed immediately preceding Hitler’s invasion of Poland on September 1 of that same year.

Today, President Putin is reportedly showing excessive concern about his own security both from the threat of Ukrainian drone attacks (anti-drone patrol boats are reportedly visible on the Moscow River near the Kremlin) and the threat of possible attack by Ukrainian or Russian assassins in Moscow.

Putin is reportedly doing most of his work from a bunker complex in Russia’s Krasnodar region and avoiding his usual residences in the Moscow region and Valdai. He is also instituting extraordinary security protocols for visitors reminiscent of those he instituted during the COVID era. He has dramatically reduced public appearances in the past few months. And perhaps also representative of Putin’s growing paranoia, in March, Russian security forces arrested Russian Tsalikov, former Minister of Defense Shoigu’s long time Deputy on corruption charges. But sources in Russia suggest the real reason for the arrest was concern that he was involved in plotting a coup. This, as there is increasing evidence of criticism of Putin’s regime on social media and in military blogger communities, perhaps contributing to the regime’s efforts to limit communications on Telegram and the shutting down of the internet in Moscow, St. Petersburg, and other cities.

Perhaps playing most significant in Putin’s concerns over his own security and regime stability is the efficacy with which Ukraine is attacking energy infrastructure in the Russian Federation and the effect those attacks are having on the Russian economy.

In 2025 alone, Ukraine carried out more than 140 strikes on refineries, ports and logistics hubs in Russia with some targets located deep inside Russian territory. This year, Ukraine has conducted over 40 deep strikes, and the pace of those strikes is increasing, as evidenced by the success of Ukrainian attacks on Russian bases, naval targets in the Black Sea and attacks against ships that are part of Russia’s “Shadow Fleet” operating in the Mediterranean and elsewhere. Those attacks are meaningful but not as economically impactful as the ones targeting Russia’s energy infrastructure.

Throughout the second half of April, Ukraine made the Black Sea resort of Tuapse its primary target. Tuapse is a sprawling oil city - home to a Rosneft oil refinery, one of Russia’s oldest, which operates alongside an export terminal that ships petroleum products overseas. From April 16 to May 1, Ukraine hit the town four times, damaging both the terminal and the refinery. The drone strikes led to a genuine ecological catastrophe.

Video images of the fires at the refinery were shocking. Plumes of smoke were reportedly visible from orbit and toxic black rain fell across the city with burning petroleum pouring down at least one of the city’s streets. Air quality tests reportedly showed high levels of carcinogenic benzene and xylene in the air as well as toxic soot. And despite Putin’s best efforts to control state news media and shut down the internet, he still cannot conceal the effect of attacks such as those on Tuapse as well as the ports of Ust-Luga and Primorsk - from the Russian people.

Ukrainian attacks are economically consequential. According to various sources, there have been over $13 billion in losses to Russia’s oil sector and up to 40% of Russia’s refining capacity has been disrupted or is now operating under reduced conditions. The attacks on Russian ports have resulted in periods of exports dropping by 50% during peak periods. The Ukrainian attacks have reduced Russia’s revenue gain from the ill-timed, if temporary, U.S. lifting of sanctions on Russian energy. For a country that relies significantly on revenues from hydrocarbon sales, this is a serious blow.

There are domestic consequences as well, Russia has been forced to reintroduce a ban on gasoline exports (April–July 2026), while domestic fuel prices have already increased by 6–8%. Most of Russia’s refining capacity was modernized by western energy companies in the post-Soviet period. Those technologies are no longer available to Russia due to sanctions. Putin’s energy challenges are only going to get worse and financing the invasion of Ukraine is only going to get more difficult.

Compounding the problem set for the Russian leader in Krasnodar, former U.S. envoy to Ukraine Keith Kellogg has recently remarked that Russia is losing the war due to “astronomical” casualties, estimating 1.2-1.4 million Russian troops killed or wounded. These are World War Two level losses and compare unfavorably to the 18,000 lost by the Soviet Union in Afghanistan. Moreover, Russia is unable to replace lost troops at the pace they are being killed or wounded without a general mobilization. The troops which are being sent to Ukraine as replacements are even more poorly trained, prepared, and equipped than their predecessors - which may in part explain why Russian casualties are mounting and Russia is still unable to acquire meaningful tracts of Ukrainian territory.

One other risk to consider if Putin is feeling isolated and paranoid is the security services and leadership of the Baltic States that are increasingly expressing concerns of a Russian provocation against their countries under the pretext - especially in the case of Estonia - protecting against repression of the ethnic Russian population.

One will recall that this was part of the rationale for Russia’s occupation of Crimea and support for the insurrections in Donetsk and Luhansk as well as the invasion of Ukraine in February 2022. Similar concerns have appeared in threat assessments by the security services of new NATO members Sweden and Finland. The fear in those countries is that Putin will attack, forcing NATO countries to act in accordance with Article V of the NATO Charter. And Putin is betting that the Trump Administration will refuse to comply, thus ending NATO as it is currently structured. Congress may not let Trump renege on America’s commitment in such a scenario.

Judging from some of the comments coming from Ukrainian and other officials at the recently-concluded Kyiv Security Forum, there is a perceptible sense of optimism in Kyiv and elsewhere that Ukraine may win this war after all - despite the reduction or cessation of support under the Trump Administration. President Trump is famous for his disdain of being associated with “losers.” It would make sense then for him to reconsider his association with Putin and his stance on supporting Ukraine.

Next year at this time, there may be a Victory Day parade on the Maidan Square in Kyiv and neither Trump nor Vice President JD Vance will be invited. Talk about ending up on the wrong side of history.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Last Undefended Perimeter

Russia has industrialized cognitive warfare, producing synthetic media at scale through a modular system that targets soldiers, civilians, and Western publics with distinct engineered effects. A Chinese frontier AI capable of executing the same doctrine is now freely available worldwide, unrestricted and priced within reach of any actor. The U.S. federal institutions built to track and counter these operations are in transition, with no successor architecture yet in place. A proven adversary doctrine, democratized capability, and an unresolved gap in domestic defenses have arrived together. And a major election cycle is coming this year.

The first thing to understand about Russia's cognitive warfare system, documented by researchers at Sensity AI in April 2026, is that it isn't a campaign. Campaigns have beginnings and ends, specific targets, and identifiable decision-makers who can choose to stop. What the research showed was a production system: more than a thousand AI-generated synthetic videos, organized into three distinct assembly lines, each engineered to produce predictable cognitive effects in a specific target population. Ukrainian soldiers at the front received content calibrated around despair, leadership failure, and the futility of continued resistance. Civilians received content designed to induce sustained emotional fatigue, erode institutional trust, and make Russian terms seem, if not acceptable, at least inevitable. Western audiences received a separate product line focused on questioning the value of continued alliance support and amplifying doubts about evidence of Russian conduct.

The strategic objective of this architecture, as the research demonstrates, is not persuasion. Persuasion requires convincing people of a specific proposition. The goal here is something more structurally corrosive: information chaos. When synthetic content reaches critical mass in an information environment, authentic evidence becomes contestable. Documented war crimes can be dismissed as fabrications. Verified reporting becomes just another narrative competing for attention. The epistemic cost of reasoning accurately under those conditions falls entirely on the target population, not the attacker. The adversary pays almost nothing to create that environment. The people living in it pay continuously.

Russian military doctrine describes this approach as cognitive warfare but more recently researchers have given the operational method a new name: the Narrative Kill Chain. Iran, separately, deployed more than 110 synthetic videos targeting the same Western audience during the spring 2026 escalation cycle. A doctrine developed in one theater is spreading. The operating manual is published, and we should expect other actors to study it.

The three-audience segmentation is not scattershot propaganda. It is deliberate targeting, calibrated to different decision nodes: soldier morale, civilian will to resist, Western political will to sustain support. Content is seeded on TikTok and Telegram, where it builds initial engagement, and then amplified algorithmically across X, Facebook, and YouTube. The platforms' own mechanisms do part of the adversary's work at no cost to the adversary.

The deeper danger is what researchers have called the liar's dividend. Once a critical mass of synthetic media circulates in an information environment, even authentic evidence becomes contestable. Adversaries do not need to win arguments. They need to make the process of resolving truth from falsehood expensive enough that most people eventually stop trying. That objective, per Sensity's analysis, is largely being achieved.

The question worth asking is what it takes, both technically and financially, to execute this doctrine at scale. Until recently, the answer pointed toward state-level actors and resources. That has recently changed.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

On April 24, 2026, DeepSeek released V4-Pro and V4-Flash as open weights under an MIT license, meaning anyone can download the full model, run it independently, and use it for any purpose without restrictions. V4-Pro is powerful, nearly matching U.S. frontier models, but at a fraction of the cost and offered as open-source. It’s available on a hard drive, permanently, to anyone who downloads it. Independent assessment by the Tennessee AI Advisory Council found that prior DeepSeek models were susceptible to jailbreaking at substantially higher percentages that comparable U.S. models. There is no meaningful indication that V4 represents a departure from that pattern.

The combination is the point. The doctrine is documented and replicable. The tool is nearly free and unrestricted. Any actor with a grievance, a distribution channel, and an internet connection can now pair the Narrative Kill Chain model with frontier-class AI capability. And the empirical research on what that combination can accomplish is increasingly precise: controlled experiments published in Nature and Science found that conversational AI can shift political attitudes by about 10 points in some settings, and in one U.S. test the effect was roughly four times larger than traditional campaign ads. This is not a projected threat. It is a measured effect.

Much of my career was spent studying adversarial capabilities, plans, and intentions. What that experience teaches, more than any specific technique, is to look at convergences. Capability without doctrine is potential. Capability plus doctrine, freely available, with limited counterparts on the defensive side, is a structural condition. That is where we are at the moment.

The United States previously built institutional architecture to address similar threats, but those functions, that resided across multiple government agencies and departments, are now in transition. They have been restructured, downsized, closed, or dissolved, and a successor architecture is not yet in place.

This is not a simple story, and it should not be seen as one. There are legitimate constitutional questions about how the federal government conducts work in this space. The line between detecting foreign synthetic operations and influencing domestic information environments requires rigorous institutional discipline to protect. Those concerns deserve serious consideration and careful legislative design. What the current moment asks is that those necessary governance debates happen faster. The threat is not waiting for the architecture to be resolved.

What any successor structure needs to accomplish is not difficult to specify, even if it is complex to execute. It needs to set standards for the detection and attribution of foreign synthetic content at scale, identifying what is manufactured, amplified, and deliberately targeted at American society. That is an intelligence and technical function, not a content moderation or speech function. The distinction is essential, and it is the one that any new design must protect. These new institutions, when and if created, should never be in the business of adjudicating truth. Their mission should be to ensure that platforms identify content that is synthetically generated, amplified, and aimed at the public. That simply provides the audience with objective data upon which to evaluate what they are reading or viewing, and it can be performed without crossing into censorship. That mission needs a home.

Thankfully, the private sector is not waiting. Companies with deep forensic capability in synthetic media detection are developing attribution tools that operate at scale. The technical capacity to identify AI-generated content, trace distribution networks, and flag coordinated inauthentic behavior is advancing rapidly in the commercial sector. A successor architecture built as a genuine public-private partnership, pairing government authority and classified context with private sector technical capability, may be better suited to the current environment than a purely governmental structure. What government brings that industry cannot replicate is access to intelligence collection on adversarial plans, allied coordination, and the authority to act on attribution findings, when they veer into criminal conduct. What industry brings is speed, scale, and detection capability that is already operating. The two are complementary. What is missing is the design and the mandate to connect them.

Three developments have arrived simultaneously. The doctrine for industrial scale cognitive warfare has been documented, refined, and is spreading across adversary ecosystems. The tools to execute that doctrine have been democratized to the point where frontier-class AI capability is nearly free, unrestricted, and available worldwide. And the federal institutional architecture charged with tracking and countering foreign cognitive operations against the United States is in transition, without a successor in place.

The effects of this convergence are not limited to elections, though elections are the most visible surface. What is at stake is the shared epistemic ground on which any form of collective decision-making depends. When authentic evidence becomes routinely contestable, when any documented fact can be attributed to a fabrication machine that everyone knows exists, the cost of reasoning accurately rises for every person in the information environment. That cost does not fall on governments or institutions. It falls on individuals; in every judgment they make about what to believe and whom to trust.

The perimeter has always existed. What changes is the technology of assault and the capacity of defense.

The country has organized around threats of this scale before. New structures are needed, designed for the technological moment we are now in, with clear mandates focused on detection and attribution of foreign synthetic operations and civil liberties protections built in from the start. Not structures that tell Americans what to believe. Structures that identify what is being manufactured and aimed at them.

That is achievable. And today, it is necessary.

Views expressed here are the author’s alone and do not represent the positions or policies of the U.S. Government or the Central Intelligence Agency.

Inside the Pentagon’s High-Stakes Nuclear Overhaul

“The unfortunate truth is that it's fallen to the lot of all of us to modernize the entire [U.S.] nuclear triad at once. Probably, in retrospect, we should have been doing pieces of it over the last 30 or plus years. Plus…we're having to modernize the nuclear weapon production [warheads, bombs] as well as the triad platforms [bombers, submarines, missiles]. I refer to it as the pig in the budgetary python. It's a lump that's moving through that we're just going to have to swallow in order to maintain the basic bedrock of our national security strategy, which is [nuclear] deterrence.”

That was Sen. Angus King (I-Maine), speaking on the afternoon of April 20, during a Senate Armed Services Strategic Forces Subcommittee session taking testimony from seven officials on the Fiscal 2027 Authorization for the Department of Energy (DoE) Atomic Defense Activities and the Department of Defense (DoD) Nuclear Weapons Programs.

Only Subcommittee Chairman Sen. Deb Fischer (R-Neb.) and ranking-member King attended the roughly 90-minute session. However, in that time the witnesses described what Sen. King described as DoE’s nuclear weapons building complex, the National Nuclear Security Agency (NNSA), being the busiest since its creation in 1980, and meeting DoD nuclear weapon requirements “while at the same time modernizing Manhattan [Project] era [1940s] production facilities.”

Meanwhile, King said, DoD “is conducting a once-in-a-generation modernization of our triad...ensuring the existing triad of ICBMs, submarines, and bombers can remain safe, secure, and effective as the bedrock of our national defense deterrence policy with two near peer adversaries, Russia and China.”

This subcommittee hearing, I thought, provided the best update on the complexities of this ongoing redo of U.S. nuclear forces and, since it had little-to-no public coverage, it’s worthwhile to present some highlights.

For example, Air Force Gen. Dale R. White, Director of the Critical Major Weapon Systems program, updated for the Senators what’s going on with the Air Force’s Sentinel ICBM program.

Sentinel was designed to replace the aging, 400 deployed Minuteman III ICBMs, but the Sentinel program was halted in 2024 for review after costs rose from an initial $78 billion to over $141 billion, moving initial operating capability (IOC) by at least two years beyond the original 2029 target.

White told the Senators, DoD now annually allocates over $2 billion to operate and sustain Minuteman III with 10 active investment programs that ensure the system meets or exceeds all warfighter requirements. These funds will modernize essential, Minuteman III-specific equipment required for vital aging, surveillance, and nuclear hardness testing.

Meanwhile, in the restructuring of the Sentinel ICBM program, White said the first complete three-stage ground test missile had been assembled last fall, “paving the way for the program's first flight, a missile pad launch scheduled for 2027, which will mark a pivotal moment in our flight test campaign.”

This past February, the program also broke ground on a prototype Sentinel launch silo in Promontory, Utah. He called this, “a key step in tackling one of the program’s most significant engineering challenges.”

White said Sentinel is on a path to its Milestone B decision by the end of this year, which would authorize it to enter engineering and manufacturing development with an initial operational capability scheduled for the early 2030s.

A February Government Accountability Agency (GAO) report said, “As a result of delays to Sentinel, the Air Force may need to operate Minuteman III through 2050, 14 years longer than planned,” adding, “Prolonged operation of the aging system presents sustainment risks. Addressing these risks in a transition risk management plan would help ensure the system meets requirements during the transition.”

To meet the risk, White told the Senators that to manage “the intricate transition from Minuteman III to the deployment of Sentinel,” Air Force Global Strike Command has established Sentinel Site Activation Task Force detachments at each missile wing, test site, and acquisition location.

White is also responsible for the new B-21 Raider strategic bomber, which is in its flight test campaign with the physical production already begun. White said, “The first aircraft remains on track for delivery to Ellsworth Air Force Base in 2027, with a planned fleet of at least 100 aircraft, and a recent agreement with Northrop Grumman to increase annual production capacity by 25 percent.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Another subcommittee witness, Air Force Gen. Stephen L. Davis, Commander of Global Strike Command who said he “provides our Nation's combat-ready forces for nuclear and conventional long-range strike.”

The U.S. bomber force of B-1s, B-2s, and B-52s, Davis said, “remain in high demand across multiple theaters.” He said they have played roles in military operations, including Rough Rider, a 2025 operation in Yemen; Midnight Hammer in Iran; Absolute Resolve in Venezuela; and today in Epic Fury in Iran.

In Epic Fury, Davis said, “Global Strike Command conducted over 150 bomber sorties, 48 of which were round-trip from the United States. These missions were a minimum of 18 hours in duration, with those from the U.S. taking as long as 40 hours.”

Davis is also responsible for the Air Force Survivable Airborne Operations Center (SAOC), the so-called “Doomsday” fleet of aircraft that would serve as a command post in the event of a nuclear attack on the homeland.

Davis told the Senators that the $13 billion program will be fully funded in the fiscal 2027 budget and that four aircraft [Boeing 747-8s] are in Dayton, Ohio [where Sierra Nevada Corporation is]… converting [them] into the new platforms.”

Davis added, “We're expecting the first aircraft to show up at Omaha [Nebraska, Offutt Air Force Base] which has been identified as the main operating base in the early 2030s.”

The SAOC aircraft are an important part of the DoD recapitalization of the aging Nuclear Command, Control, and Communications (NC3) system, estimated to cost some $154 billion from 2025–to-2034. This modernization will replace 1980s-era technology with digital systems and integrate with new triad platforms.

The Senators also heard the status of the Navy’s new Columbia-class ballistic missile nuclear submarines (SSBNs), 12 of which are to replace the 14 Ohio-class SSBNs now providing on patrol providing the most secure strategic nuclear deterrence.

Adm. William J. Houston, Director, Naval Nuclear Propulsion Program reported the Columbia nuclear reactor propulsion plant would finalize development in fiscal 2027, adding, “The life of the ship core, now entering serial production, is directly supporting the Navy's number one acquisition priority and a key strategic asset.”

Vice Adm. Johnny R. Wolfe, Jr., Navy Director for Strategic Systems Programs, confirmed the first Columbia sub was “definitely on track” to make the initial, planned 2039 deployment. Wolfe said the biggest risk on the government side “is understanding all the testing that we're going to need to do both from the [test] pad and from the platform [the submarine] before we start deploying in 2039.”

Another witness before the subcommittee was NNSA’s David E. Beck, Deputy Administrator for Defense Programs, who described seven nuclear warhead modernizations and several complex construction programs that were underway.

Two just completed, Beck said, were for the W88 Alt 870 warhead upgrade for the Navy’s Trident II D5 sub-launched ballistic missile and the B61-12 Air Force tactical nuclear bomb. Still underway are upgrades for the B61-13 tactical bomb; the B80-4 warhead for the Long-Range Standoff cruise missile; the W80-5 warhead for the new Navy sub-launched cruise missile; the W87-1 warhead for the Minuteman III and Sentinel ICBMs; the W93, future warhead for the Navy D5.

Beck also said there were two phase one projects, which mean early designs, for future possible nuclear weapons which he did not describe.

Beck did describe forward movement in pit production, the plutonium-based triggers for thermonuclear weapons.

“Our requirement by law is to make 80 pits a year by 2030,” Beck said, “and we have set a goal to make 100 collectively through December of 2028, which means that in order to get there from here, we will have to make between 30 and 50 pits per year. We're moving closer to the objective.”

At the end of the session, Sen. King said, “I just I think it's important to sort of look on this as a bigger picture in terms of appropriations and expenses. This is not something that will continue forever. We'll get through these new [nuclear weapon] programs. It is unfortunate from a budgetary perspective, we're having to do it all at once, but it's nonetheless so critical to national security.”

I expect Congress will pass the fiscal 2027 budget funding these nuclear weapon-related programs the Trump administration is seeking.

From Socialist Surge to Regional Realignment- Latin America’s Pink Tide Is Receding

Latin America’s Pink Tide Recedes as Economic Reality Fractures Socialist Alliance

Latin America’s leftist front is hitting a wall. The momentum that carried leaders like Gabriel Boric and Gustavo Petro to power has stalled, replaced by the harsh realities of inflation and cartel violence. This isn’t just a temporary dip in the polls — it’s a fundamental breakdown of the old order, and it’s reshaping the strategic landscape of the entire hemisphere.

The transformation is most visible in the aftermath of Nicolás Maduro’s arrest in Venezuela, which has sent shockwaves through remaining leftist governments and emboldened opposition movements across the continent. Intelligence analysts are now betting that the so-called pink tide won’t gradually recede but will collapse entirely under the weight of its own contradictions by year’s end.

The shift is both externally driven by the Trump administration’s openly interventionist approach and internally, as socialist policies fail to deliver economic results that maintain electoral support.

Former Revolutionaries Reject the Model

Perhaps nowhere is the ideological fracture more striking than in Colombia.

Enrique Serrano, a Colombian political analyst with over 40 years of studying U.S.-Latin American relations, tells The Cipher Brief that the left’s failure stems from a fundamental misreading of its own base.

“Those left-wing politicians in Latin America didn’t expect a rise within the middle part of our society,” he explains. “The middle class — they are drifting towards the right because they need more money. It’s more important for them that there’s no governmental regulation on income, for example, on economic opportunities.”

The shift is measurable across the region. In Colombia, Serrano notes that approximately 60 percent of the population now identifies as middle class. Yet, Petro’s policies have targeted people experiencing poverty and the working class, who “normally don’t go vote.”

In Argentina, middle-class frustration with inflation exceeding 200 percent annually drove voters to embrace libertarian Javier Milei’s radical free-market platform. Chile’s 2023 rejection of a progressive constitution — despite electing leftist Gabriel Boric in 2021 — reflected similar middle-class concerns about economic stability over ideological purity. Even in Brazil, Lula’s narrow 2022 victory margin has eroded as middle-class voters increasingly question his economic management and tolerance of regional autocrats.

The shift represents a stunning reversal for a region that seemed firmly in socialism’s grip just three years ago.

“I have never noticed such a strong and such a direct impact from the US on Latin America like it is happening today,” Serrano says. “I see that also in the context of Marco Rubio. There is a strong change compared to the last 40 years right now.”

President Gustavo Petro’s administration is hemorrhaging support not just from centrists but from within the left itself. His approval rating has plummeted to 35.7 percent with a 53.7 percent disapproval rating according to January 2026 polling, down from 48 percent approval when he took office in August 2022. Even within his own Pacto Histórico coalition, internal divisions have emerged as 72 percent of Colombians now believe the country is heading in the wrong direction.

Despite winning the presidency in 2022 as Colombia’s first leftist leader, Petro now commands only his core 30 percent base — approximately six to seven million voters out of 24 to 25 million — as the country approaches crucial May elections.

“The left failed because they’re offering politics towards really the poor, or the workers on the street,” Serrano says. “But those people normally don’t go vote. The ones who put in the most votes are the middle class, and the left is not reaching out towards the middle class.”

The electoral math bears this out. In Colombia’s 2022 presidential election, Petro won with just 50.4 percent in the runoff, the narrowest margin in recent history, despite mobilizing his base. Colombia’s economy grew just 1.6 percent in 2025, well below regional averages, while its healthcare reforms triggered a system collapse, and its security policies failed to stem rising crime rates.

Similar patterns are visible across the region. In Chile, despite electing leftist Gabriel Boric in 2021, voters decisively rejected his proposed progressive constitution in 2023 by nearly 62 percent, with middle-class neighborhoods leading the opposition. Despite his narrow victory in Brazil’s 2022 election by less than two percentage points, Lula’s approval rating has fluctuated significantly.

After hitting a historic low of 24 percent in February 2025—the lowest across all his administrations — his numbers have since rebounded to 48 percent by January 2026. However, 45 percent of Brazilians say they would never vote for him. His recovery came largely through confrontations with Trump rather than domestic policy successes. At the same time, critics cite his tolerance for regional autocrats like Maduro and economic challenges, including food inflation, that particularly hurt his traditional support base among the poor.

A senior U.S. intelligence official, speaking to The Cipher Brief on background, confirmed that internal assessments show socialist governments across the region facing simultaneous crises of legitimacy, economics, and security.

Colombia’s Dual Crises

President Petro’s tenure has been marked by contradictions that illuminate broader challenges facing Latin American socialism. While maintaining popularity among his leftist base, his administration has struggled with governance basics while simultaneously drawing scrutiny for connections between leftist politics and transnational criminal networks — a pattern that has implications far beyond Colombia’s borders for U.S. counternarcotics and security efforts.

Petro’s governance has been plagued by scandals that blur the line between politics and criminality. The Trump administration sanctioned Petro in October 2025, accusing him of allowing drug cartels to “flourish” while cocaine production in Colombia reached its highest levels in decades. Though Petro denies direct cartel ties and the New York Times found no evidence of personal criminal connections, his son was arrested in a money laundering scandal involving campaign financing. At the same time, two former cabinet ministers were jailed in December 2025 for orchestrating a vote-buying scheme that diverted public contracts in exchange for legislative support.

It goes beyond Colombia.

The Maduro regime became a haven for Iranian operatives and Hezbollah networks before his arrest, while the Ortega regime in Nicaragua has been accused of providing sanctuary to anti-American forces. This visible fusion of leftist governance with criminal organizations represents a marked shift from previous decades, when corruption, while present, remained more discreet, complicating U.S. counternarcotics efforts and security cooperation throughout the hemisphere.

Petro’s relationship with Washington has been equally contradictory. After months of public confrontations with the Trump administration over deportation flights and trade threats, Petro abruptly shifted course following a phone call with President Trump earlier this year.

On January 26, 2025, Petro blocked two U.S. military aircraft carrying 160 Colombian deportees from landing, declaring he would “never allow Colombians to be brought back in handcuffs.” Within hours, Trump threatened 25 percent tariffs on all Colombian imports, rising to 50 percent within a week, plus visa sanctions on government officials and enhanced customs inspections.

Petro initially responded defiantly, announcing retaliatory tariffs and posting on social media that “your blockade doesn’t scare me.” Yet by that evening, after the White House threat to Colombia’s $28.7 billion in annual exports to the U.S., Petro capitulated completely, agreeing to “all of President Trump’s terms, including the unrestricted acceptance of all illegal aliens from Colombia returned from the United States, including on U.S. military aircraft, without limitation or delay.”

Following the cordial phone call in January, Trump invited Petro to Washington for a February meeting that “dramatically reversed their war of words.” The sudden rapprochement caught observers off guard. The about-face revealed the extent to which even vocal anti-American leftist leaders now recognize their vulnerability to U.S. economic pressure.

Electoral Reckoning Approaches

Colombia’s May elections are shaping up as a referendum on the country’s leftward turn. Iván Cepeda, Petro’s preferred successor, enters the race with heavy ideological baggage. Following years of economic and social volatility, the electorate has become increasingly wary of socialist rhetoric. The 63-year-old senator is the son of a murdered communist party leader, studied philosophy in Bulgaria during the communist era, and has been active in various leftist movements, including the Communist Party and groups linked to former FARC guerrillas.

Cepeda faces political outsider Abelardo de la Espriella, a self-made criminal defense lawyer and businessman. The 47-year-old from Montería built a lucrative law practice defending celebrities and high-profile clients, including the recently arrested Alex Saab, before launching his presidential bid. Recent polling shows de la Espriella leading with 28 percent support versus Cepeda’s 26.5 percent, with the gap widening to 9.3 percentage points in a hypothetical runoff.

“Politics needs fewer politicians and more businessmen,” de la Espriella told Reuters, promising 6-7 percent annual economic growth through infrastructure investment and deregulation — a stark contrast to Colombia’s anemic 1.6 percent growth under Petro’s socialist policies.

The Colombian race also reflects broader regional trends. According to some experts, the pink tide’s momentum has reversed so dramatically that remaining leftist leaders now find themselves isolated.

“Gustavo Petro is facing a situation where he’s standing almost alone right now because the rest of the region turned to the right already, like Chile, like Argentina,” Serrano says. “So he’s only having two strong allies still in the region, which would be Lula and Claudia Sheinbaum in Mexico.”

Even those alliances are crumbling.

“Petro only has as allies Lula, who is almost about to fall, and Sheinbaum, who is alone,” Serrano continues.

The rightward shift in recent years has brought leaders like El Salvador’s Nayib Bukele, Argentina’s Javier Milei, and Ecuador’s Daniel Noboa to power, creating a new conservative bloc that has welcomed closer ties with the Trump administration and rejected the socialist solidarity that characterized the previous decade.

Existential Threats Beyond the Mainland

The potential socialist collapse extends beyond South America. Cuba, long considered impervious to change despite six decades of communist rule, now faces its most serious existential crisis.

Washington’s regional focus has shifted from Cold War ideological containment to pragmatic strategic interests; a calculation that explains the administration’s surgical approach to Venezuela while largely ignoring Havana.

Cuba, which has maintained communist rule since Fidel Castro’s 1959 revolution, now faces its most serious existential crisis in over six decades. The island’s economy has contracted sharply, with GDP shrinking and basic services collapsing. Prolonged blackouts affecting millions have become routine as the electrical grid repeatedly fails, while severe food shortages have driven unprecedented waves of emigration.

“Their situation is worse (than Venezuela) because they don’t have natural resources,” Serrano underscores. “They don’t have electricity. They can’t produce electricity on their own, and they don’t have food either. So it’s very unlikely that the government in Cuba might survive this year.”

The island’s energy infrastructure has repeatedly failed, leaving millions without electricity for days at a time, while food shortages have driven unprecedented emigration.

Nicaragua faces similar pressures under Daniel Ortega’s increasingly isolated regime. Ortega has ruled since 2007, consolidating power through mass arrests of opposition leaders, shuttering of independent media, and the expulsion of international observers. The regime’s systematic repression has driven over 300,000 Nicaraguans into exile while leaving the country economically stagnant and diplomatically isolated.

“Those authoritarian governments like Venezuela, Nicaragua and Cuba — what they in real life try to do is just to gain time,” Serrano told The Cipher Brief. “They will disappear earlier or later. It’s just they try to get as much time as possible.”

The convergence of economic failure, political repression, and technological change has created conditions fundamentally different from those that allowed previous generations of authoritarian leftist governments to survive for decades.

Technology Accelerates Socialist Decline

In addition, the digital revolution has destroyed the old-school socialist playbook. As mobile technology has expanded across Latin America, governments have lost their most powerful tool: the narrative. U.S. analysts are currently monitoring how this decentralized flow of information, from protest coordination on encrypted apps to real-time leaks of government corruption, is creating a level of accountability that previous generations of leftist leaders never had to face.

Beyond Cuba and Nicaragua, other left-wing regimes recently faced Trump administration scrutiny. In Honduras, leftist president Xiomara Castro was defeated in the November 2025 elections by Trump-backed conservative Nasry Asfura, who took office in January 2026. Castro’s tenure had raised concerns in Washington about her government’s ties to China and open support for authoritarian regimes, including Venezuela and Nicaragua.

U.S. Strategic Implications

With the collapse of the pink tide, Washington faces both opportunities and risks. The shift away from socialism aligns with U.S. interests, but it also creates vulnerabilities that adversaries may exploit. The penetration of organized crime, particularly groups with ties to Iran and Hezbollah, remains a persistent concern.

Mauricio Baquero, Venezuelan opposition organizer and María Corina Machado’s representative for Latin America, tells The Cipher Brief that authoritarian governments’ tolerance of malign foreign actors poses direct threats to U.S. security.

“The Nicholas Maduro government allowed Hezbollah and Iran officials to be in Venezuela,” he explains. “So that’s obviously a source of insecurity in the whole region.”

Luis Bustos, spokesperson for Venezuelan opposition party Primero Justicia, tells The Cipher Brief that removing foreign actors remains a critical challenge even after Maduro’s arrest. Regarding whether interim president Delcy Rodríguez continues tolerating Hezbollah’s presence in Venezuela, he explains that “it’s not possible to get them out of the country really quickly.” his reality, he explains, underscores why “it’s not recommendable” to rush elections.

“We need a time of transition where we make sure that all those influences from abroad, among them, Hezbollah, for example, will leave the country,” he says.

Since socialist governments have provided sanctuary to anti-American actors, including Iranian operatives, Russian intelligence services, and Chinese surveillance networks, Washington has made the pink tide’s recession a national security priority, rather than a matter of ideological preference.

According to Serrano and others, the Trump administration’s aggressive approach, particularly in Venezuela, has accelerated changes that might otherwise have taken years.

As several Latin American nations drift rightward, the question is no longer whether the pink tide will recede, but whether any socialist government can survive the decade ahead without dramatic policy reversals that abandon the model’s core premises.

“Not over, but it’s failing,” Serrano adds. “And the region needs to examine why.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Human vs. Machine: Operational Realities from Ukraine’s Frontline

A global debate is underway over how much human involvement should be required when artificial intelligence is implemented in military operations. This is typically described on a spectrum: "human-in-the-loop," where a system can select targets and apply force only with human authorization; "human-on-the-loop," where a system selects and applies force without authorization but under human supervision with the ability to override; and "human-out-of-the-loop," where a system selects and applies force without human authorization, supervision, or intervention.

How much human control is necessary remains contested, but the debate is overwhelmingly normative rather than empirical. Ukraine, where these systems are being deployed at scale under active fire, offers a case study for testing those assumptions against battlefield reality.

What emerges is not a clean line between human control and machine autonomy but a continuum shaped by biology, budget, cognition, accountability, and ethics. The harder question — and the one this paper examines — is what happens when human-in-the-loop safeguards are preserved in name but the conditions that make them meaningful have already eroded because the volume of targets exceeds what any operator can review and the tempo of engagement outpaces human reaction time.

Biology

Proponents of autonomous weapons systems consider them a moral imperative. They argue that if technology can remove warfighters from danger, governments have an obligation to use it. Ukraine's leadership has arrived at the same conclusion under considerably more urgent circumstances.

Since 2024, Russia's elite drone unit, Rubicon, has wreaked havoc on Ukrainian forces well behind the frontlines. One brigade reported losing up to seventy percent of its drone operators in a single week. Another lost most of its vehicles, drone launch sites, antennas, and communications equipment. In Kursk, the pressure grew so severe that Ukrainian forces ultimately withdrew.

Compounding the problem is the time it takes to evacuate wounded soldiers. The medical "golden hour" standard has collapsed in Ukraine, where evacuation now takes twenty-four to seventy-two hours. A US veteran fighting in the war lamented that they now face a "golden three days," noting that a friend was hit by shrapnel — which should have been an easy fix — but required a leg amputation due to the long evacuation time.

The situation is also a matter of numbers. Ukrainian Minister of Defense Mykhailo Fedorov disclosed upon taking office that 200,000 troops have gone AWOL and two million men of military age are evading mobilization. Russia holds a significant advantage here. Ukrainian frontline units now operate at fifty to sixty percent of authorized strength, with some as low as thirty percent.

This combination of relentless danger and severe manpower shortages is pushing Ukraine toward autonomous weapons systems across the land, air, and sea.

Fedorov has stated the country "needs to remove UAV operators from the battlefield." The near-term goal is enabling operators to control drones from anywhere in the country. The ultimate objective is full drone autonomy.

Ukraine has also deployed armed ground robots in place of infantry on the battlefield. In late 2025, Ukraine's robot army held frontline positions for forty-five straight days. The systems were controlled remotely from safe locations and reloaded every forty-eight hours. Ukrainian officials called it a first in modern warfare. A commander within the Third Army Corps said, "Robots do not bleed."

By the end of 2025, drones were responsible for more than eighty percent of all enemy targets destroyed in Ukraine, according to officials. "We don't have infantry. We do drones. We kill with drones. We save with drones. We liberate with drones," one commander said.

Ukraine's ambassador to the UK, Valerii Zaluzhnyi, predicts a rapid evolution for these systems. He believes that in the near future, these robots will be used "not just on their own, but as part of large, AI-powered swarms of drones" across all domains.

Budget

Those biological and manpower pressures interact directly with the economics of drone warfare. One-way attack drones can be deployed for as little as $400, and in 2025 Ukraine allocated $2.8 billion to procure millions of them. The sheer volume of cheap drones, paired with AI-driven target identification, compresses the entire kill chain — reducing sensor-to-shooter timelines from days to minutes. The same dynamic is currently playing out in the U.S. and Israeli war with Iran, where both sides are deploying cheap semiautonomous attack drones in the thousands. But this shift is not only about money and hardware; vast numbers of cheap, AI-enabled drones also transform what any human can realistically perceive, decide, and authorize in time.

Cognition

These compressed timelines and target volumes force a rethink of human cognition as the limiting factor in AI-enabled warfare. Ukraine's experience with systems like the Avengers AI platform and the Delta command-and-control environment illustrates how quickly human oversight can be stretched to the breaking point.

The Avengers AI platform, used for offensive targeting and integrated into Ukraine's Delta command and control system, can identify up to 12,000 enemy assets per week through automated analysis of drone and camera feeds. The system does not fire weapons by itself; humans still validate targets, allocate scarce munitions, and manage escalation. Ukrainian officials emphasize that Avengers is meant to filter, not replace, human judgment. But the volume raises a governance question: at what point does human validation become a fiction, as exhausted analysts and commanders "rubber-stamp" AI recommendations they cannot meaningfully re-evaluate? This has already been observed in other conflicts, including Gaza.

By contrast, Ukraine's Octopus interceptor drone is designed to detect and destroy incoming Russian drones mid-air without requiring a human to approve each intercept. Requiring a human to approve every intercept in a saturation drone attack can result in more civilian and military casualties than allowing a supervised-autonomous system to fire within fractions of a second under pre-defined rules of engagement.

This mirrors what the 2023 U.S. Department of Defense Directive 3000.09 refers to as 'operator-supervised autonomous weapon systems,' permitting systems to select and engage targets under human supervision for time-critical defense — especially static defense of installations and defense of platforms against saturation attacks. Full autonomy remains rare: most systems remain operator-in-the-loop or operator-on-the-loop, with autonomy used for terminal guidance, navigation through jamming, or collision avoidance rather than independent target selection.

Systems like Avengers and Octopus show that autonomy is already being used in different parts of the kill chain — filtering targets at scale or firing within fractions of a second under predefined rules of engagement — often at speeds no human can match. As the volume and tempo of AI-generated recommendations rise, the risk grows that operators will "rubber-stamp" system outputs they can no longer meaningfully re-evaluate.

Accountability

As battlefield realities push humans further from direct control, questions emerge around accountability, and when human-in-the-loop oversight is meaningful and when it is theater.

These are not purely technical choices; they are institutional and doctrinal ones. Architecture becomes policy — the way the system is wired effectively decides how tightly humans are tied into day-to-day combat decisions. Documenting intent and assigning responsibility for civilian harm cannot be an afterthought; it must be designed into the system from the start.

The harder ethical question is whether preserving human-in-the-loop safeguards is always the right thing to do — or whether, in some cases, it is more ethical to admit where humans cannot keep pace. The real governance question is not whether to keep a human in the loop in the abstract, but which loops we deliberately anchor in human cognition and institutional authority, and which we are prepared to delegate.

Conclusion

Within the broader discourse on autonomous systems, Ukraine provides empirical evidence that the devolution of human oversight is a systemic reality of modern combat, not a hypothetical risk. The compounding forces of human biological limits — ranging from localized attrition to universal thresholds of reaction time — alongside the proliferation of low-cost drones and unparalleled data velocity, inevitably distance the human operator further from direct control. Consequently, true accountability cannot rest on an operator's final click under fire; it must be deliberately designed into the entire operational process — architectures, workflows, and governance — that lead up to that moment. The governance question is no longer whether to keep a human "in the loop" in the abstract, but which loops humans must own, how much cognitive load they can bear, and how fast wartime institutions can adapt command-and-control (C2) and oversight structures.

To help policymakers and practitioners translate these insights into practice, we offer three mutually reinforcing lines of effort.

First, decide which loops humans own. Make human placement an explicit design decision, not a slogan. For each mission type (for example, air defense; ISR; long-range strike; information operations), require a short statement of where humans sit on the continuum (in/on/out of the loop), why, and what tradeoffs you are accepting in speed, survivability, and escalation risk. Reserve true "human-in-the-loop" control for low-tempo, high-stakes decisions, and use Ukraine's experience to distinguish between high-volume, time-critical defensive engagements — better suited to supervised autonomy like Octopus-style interceptors — and lower-tempo but politically or ethically weighty decisions, where humans should remain the real bottleneck.

In parallel, reframe ethics around actual control, not formalities. Move policy language away from blanket promises that humans will "approve every shot" toward domain-specific statements about where humans truly control outcomes and where they supervise architectures that act faster than they can. Document human intent in system design, not only in rules of engagement, so accountability is anchored in what commanders ask AI systems to optimize, rather than solely in an operator's last-minute approval.

Second, design systems to manage cognitive overload. Treat human cognitive limits as a hard design constraint, not a staffing problem. Cap and structure AI output for human decision-makers by limiting how many "priority" alerts any individual can receive in a given timeframe, using tiered queues and automated de-duplication — especially in environments like Delta/Avengers, which can surface thousands of targets per week. Mandate machine-readable rationales and confidence scores so human review becomes targeted supervision rather than binary approve-or-reject decisions. Instrument "rubber-stamping" as a safety signal rather than a success metric. Treat near-100-percent approval rates under high load as a warning, require periodic audits of how often humans overrule or modify AI outputs, and adjust triage logic and escalation pathways based on those findings.

Third, govern battlefield AI at responsible speed. Align architectures, governance, and professional education with the operational realities Ukraine is already revealing. Build CJADC2-style systems around actual operational needs: follow lessons from Ukraine's Delta by starting with a single web-based common operational picture that fuses multi-domain data, then layering AI analytics on top. Co-design compute and command, recognizing that where you place compute (cloud, theater data centers, edge) determines which forms of human oversight are realistic at different echelons. Create wartime AI-governance playbooks with predefined fast-lane processes for testing, fielding, and monitoring AI tools in combat. Encourage modular autonomy packages that can be certified, updated, and reused, and tie funding to governance metrics such as robust logging, verification and validation, red-teaming, and post-incident review. Finally, prepare people and organizations for AI-enabled campaigns by making AI literacy and "AI tradecraft" core elements of professional military education, exercising AI-failure scenarios in wargames, and embedding small AI and data teams with operational units, as Ukraine and its advisers have already begun to do.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Ambassador Joseph DeTrani

Rear Adm. (Ret.) Mike Studeman

The Collapse of the Public–Private Divide

Synthetic Asymmetry and the Corporate Target

The Incentive Misalignment Problem

The Expansion of Corporate Sovereignty

Toward a New Security Model

The Stakes

Back to top