The Cipher Brief

Снявший голову, по волосам не плачут

(When your head is cut off, you don’t cry about your hair)

- Old Russian Proverb

OPINION – Russia is readying for Victory Day celebrations at a time when Moscow is anything but victorious as its unprovoked war on Ukraine enters its fifth year of destruction and devastation. And for the first time, the impact of that war will be on full display in Moscow.

Russian President Vladimir Putin is hoping to remind Russians of the achievements of the Soviet Union in their defeat of Nazi Germany. He also wants them to believe that it is he, Putin, who has returned Russia as a military power to its proper place in the pantheon of world states. But this year’s Victory Day celebration and its centerpiece parade through Red Square will be something quite different ranging from who will be there, to what will be on display.

In part out of concern over potential Ukrainian drone strikes, there will be very few foreign leaders or dignitaries in attendance. There will even be reduced representation of the leadership of the Russian Federation present on Lenin’s tomb - the traditional place of honor. In the parade itself, there will be no Russian military hardware (armored vehicles and missiles) driven through the square.

The diminishment of the parade is a big deal, having witnessed five of them myself, I have seen what the victory celebration means to many Russians. The reduction in the size of the parade is clearly out of concern for a possible Ukrainian attack, but a more honest celebration this year would be for the current leadership of Russia to acknowledge the responsibility of the Soviet Union for the Second World War starting in the first place - with the division of Eastern Europe between Nazi Germany and the Soviet Union as defined in the Molotov-Ribbentrop Pact of August 1939, which became known as the German-Soviet non-aggression pact. It was signed immediately preceding Hitler’s invasion of Poland on September 1 of that same year.

Today, President Putin is reportedly showing excessive concern about his own security both from the threat of Ukrainian drone attacks (anti-drone patrol boats are reportedly visible on the Moscow River near the Kremlin) and the threat of possible attack by Ukrainian or Russian assassins in Moscow.

Putin is reportedly doing most of his work from a bunker complex in Russia’s Krasnodar region and avoiding his usual residences in the Moscow region and Valdai. He is also instituting extraordinary security protocols for visitors reminiscent of those he instituted during the COVID era. He has dramatically reduced public appearances in the past few months. And perhaps also representative of Putin’s growing paranoia, in March, Russian security forces arrested Russian Tsalikov, former Minister of Defense Shoigu’s long time Deputy on corruption charges. But sources in Russia suggest the real reason for the arrest was concern that he was involved in plotting a coup. This, as there is increasing evidence of criticism of Putin’s regime on social media and in military blogger communities, perhaps contributing to the regime’s efforts to limit communications on Telegram and the shutting down of the internet in Moscow, St. Petersburg, and other cities.

Perhaps playing most significant in Putin’s concerns over his own security and regime stability is the efficacy with which Ukraine is attacking energy infrastructure in the Russian Federation and the effect those attacks are having on the Russian economy.

In 2025 alone, Ukraine carried out more than 140 strikes on refineries, ports and logistics hubs in Russia with some targets located deep inside Russian territory. This year, Ukraine has conducted over 40 deep strikes, and the pace of those strikes is increasing, as evidenced by the success of Ukrainian attacks on Russian bases, naval targets in the Black Sea and attacks against ships that are part of Russia’s “Shadow Fleet” operating in the Mediterranean and elsewhere. Those attacks are meaningful but not as economically impactful as the ones targeting Russia’s energy infrastructure.

Throughout the second half of April, Ukraine made the Black Sea resort of Tuapse its primary target. Tuapse is a sprawling oil city - home to a Rosneft oil refinery, one of Russia’s oldest, which operates alongside an export terminal that ships petroleum products overseas. From April 16 to May 1, Ukraine hit the town four times, damaging both the terminal and the refinery. The drone strikes led to a genuine ecological catastrophe.

Video images of the fires at the refinery were shocking. Plumes of smoke were reportedly visible from orbit and toxic black rain fell across the city with burning petroleum pouring down at least one of the city’s streets. Air quality tests reportedly showed high levels of carcinogenic benzene and xylene in the air as well as toxic soot. And despite Putin’s best efforts to control state news media and shut down the internet, he still cannot conceal the effect of attacks such as those on Tuapse as well as the ports of Ust-Luga and Primorsk - from the Russian people.

Ukrainian attacks are economically consequential. According to various sources, there have been over $13 billion in losses to Russia’s oil sector and up to 40% of Russia’s refining capacity has been disrupted or is now operating under reduced conditions. The attacks on Russian ports have resulted in periods of exports dropping by 50% during peak periods. The Ukrainian attacks have reduced Russia’s revenue gain from the ill-timed, if temporary, U.S. lifting of sanctions on Russian energy. For a country that relies significantly on revenues from hydrocarbon sales, this is a serious blow.

There are domestic consequences as well, Russia has been forced to reintroduce a ban on gasoline exports (April–July 2026), while domestic fuel prices have already increased by 6–8%. Most of Russia’s refining capacity was modernized by western energy companies in the post-Soviet period. Those technologies are no longer available to Russia due to sanctions. Putin’s energy challenges are only going to get worse and financing the invasion of Ukraine is only going to get more difficult.

Compounding the problem set for the Russian leader in Krasnodar, former U.S. envoy to Ukraine Keith Kellogg has recently remarked that Russia is losing the war due to “astronomical” casualties, estimating 1.2-1.4 million Russian troops killed or wounded. These are World War Two level losses and compare unfavorably to the 18,000 lost by the Soviet Union in Afghanistan. Moreover, Russia is unable to replace lost troops at the pace they are being killed or wounded without a general mobilization. The troops which are being sent to Ukraine as replacements are even more poorly trained, prepared, and equipped than their predecessors - which may in part explain why Russian casualties are mounting and Russia is still unable to acquire meaningful tracts of Ukrainian territory.

One other risk to consider if Putin is feeling isolated and paranoid is the security services and leadership of the Baltic States that are increasingly expressing concerns of a Russian provocation against their countries under the pretext - especially in the case of Estonia - protecting against repression of the ethnic Russian population.

One will recall that this was part of the rationale for Russia’s occupation of Crimea and support for the insurrections in Donetsk and Luhansk as well as the invasion of Ukraine in February 2022. Similar concerns have appeared in threat assessments by the security services of new NATO members Sweden and Finland. The fear in those countries is that Putin will attack, forcing NATO countries to act in accordance with Article V of the NATO Charter. And Putin is betting that the Trump Administration will refuse to comply, thus ending NATO as it is currently structured. Congress may not let Trump renege on America’s commitment in such a scenario.

Judging from some of the comments coming from Ukrainian and other officials at the recently-concluded Kyiv Security Forum, there is a perceptible sense of optimism in Kyiv and elsewhere that Ukraine may win this war after all - despite the reduction or cessation of support under the Trump Administration. President Trump is famous for his disdain of being associated with “losers.” It would make sense then for him to reconsider his association with Putin and his stance on supporting Ukraine.

Next year at this time, there may be a Victory Day parade on the Maidan Square in Kyiv and neither Trump nor Vice President JD Vance will be invited. Talk about ending up on the wrong side of history.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Last Undefended Perimeter

Russia has industrialized cognitive warfare, producing synthetic media at scale through a modular system that targets soldiers, civilians, and Western publics with distinct engineered effects. A Chinese frontier AI capable of executing the same doctrine is now freely available worldwide, unrestricted and priced within reach of any actor. The U.S. federal institutions built to track and counter these operations are in transition, with no successor architecture yet in place. A proven adversary doctrine, democratized capability, and an unresolved gap in domestic defenses have arrived together. And a major election cycle is coming this year.

The first thing to understand about Russia's cognitive warfare system, documented by researchers at Sensity AI in April 2026, is that it isn't a campaign. Campaigns have beginnings and ends, specific targets, and identifiable decision-makers who can choose to stop. What the research showed was a production system: more than a thousand AI-generated synthetic videos, organized into three distinct assembly lines, each engineered to produce predictable cognitive effects in a specific target population. Ukrainian soldiers at the front received content calibrated around despair, leadership failure, and the futility of continued resistance. Civilians received content designed to induce sustained emotional fatigue, erode institutional trust, and make Russian terms seem, if not acceptable, at least inevitable. Western audiences received a separate product line focused on questioning the value of continued alliance support and amplifying doubts about evidence of Russian conduct.

The strategic objective of this architecture, as the research demonstrates, is not persuasion. Persuasion requires convincing people of a specific proposition. The goal here is something more structurally corrosive: information chaos. When synthetic content reaches critical mass in an information environment, authentic evidence becomes contestable. Documented war crimes can be dismissed as fabrications. Verified reporting becomes just another narrative competing for attention. The epistemic cost of reasoning accurately under those conditions falls entirely on the target population, not the attacker. The adversary pays almost nothing to create that environment. The people living in it pay continuously.

Russian military doctrine describes this approach as cognitive warfare but more recently researchers have given the operational method a new name: the Narrative Kill Chain. Iran, separately, deployed more than 110 synthetic videos targeting the same Western audience during the spring 2026 escalation cycle. A doctrine developed in one theater is spreading. The operating manual is published, and we should expect other actors to study it.

The three-audience segmentation is not scattershot propaganda. It is deliberate targeting, calibrated to different decision nodes: soldier morale, civilian will to resist, Western political will to sustain support. Content is seeded on TikTok and Telegram, where it builds initial engagement, and then amplified algorithmically across X, Facebook, and YouTube. The platforms' own mechanisms do part of the adversary's work at no cost to the adversary.

The deeper danger is what researchers have called the liar's dividend. Once a critical mass of synthetic media circulates in an information environment, even authentic evidence becomes contestable. Adversaries do not need to win arguments. They need to make the process of resolving truth from falsehood expensive enough that most people eventually stop trying. That objective, per Sensity's analysis, is largely being achieved.

The question worth asking is what it takes, both technically and financially, to execute this doctrine at scale. Until recently, the answer pointed toward state-level actors and resources. That has recently changed.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

On April 24, 2026, DeepSeek released V4-Pro and V4-Flash as open weights under an MIT license, meaning anyone can download the full model, run it independently, and use it for any purpose without restrictions. V4-Pro is powerful, nearly matching U.S. frontier models, but at a fraction of the cost and offered as open-source. It’s available on a hard drive, permanently, to anyone who downloads it. Independent assessment by the Tennessee AI Advisory Council found that prior DeepSeek models were susceptible to jailbreaking at substantially higher percentages that comparable U.S. models. There is no meaningful indication that V4 represents a departure from that pattern.

The combination is the point. The doctrine is documented and replicable. The tool is nearly free and unrestricted. Any actor with a grievance, a distribution channel, and an internet connection can now pair the Narrative Kill Chain model with frontier-class AI capability. And the empirical research on what that combination can accomplish is increasingly precise: controlled experiments published in Nature and Science found that conversational AI can shift political attitudes by about 10 points in some settings, and in one U.S. test the effect was roughly four times larger than traditional campaign ads. This is not a projected threat. It is a measured effect.

Much of my career was spent studying adversarial capabilities, plans, and intentions. What that experience teaches, more than any specific technique, is to look at convergences. Capability without doctrine is potential. Capability plus doctrine, freely available, with limited counterparts on the defensive side, is a structural condition. That is where we are at the moment.

The United States previously built institutional architecture to address similar threats, but those functions, that resided across multiple government agencies and departments, are now in transition. They have been restructured, downsized, closed, or dissolved, and a successor architecture is not yet in place.

This is not a simple story, and it should not be seen as one. There are legitimate constitutional questions about how the federal government conducts work in this space. The line between detecting foreign synthetic operations and influencing domestic information environments requires rigorous institutional discipline to protect. Those concerns deserve serious consideration and careful legislative design. What the current moment asks is that those necessary governance debates happen faster. The threat is not waiting for the architecture to be resolved.

What any successor structure needs to accomplish is not difficult to specify, even if it is complex to execute. It needs to set standards for the detection and attribution of foreign synthetic content at scale, identifying what is manufactured, amplified, and deliberately targeted at American society. That is an intelligence and technical function, not a content moderation or speech function. The distinction is essential, and it is the one that any new design must protect. These new institutions, when and if created, should never be in the business of adjudicating truth. Their mission should be to ensure that platforms identify content that is synthetically generated, amplified, and aimed at the public. That simply provides the audience with objective data upon which to evaluate what they are reading or viewing, and it can be performed without crossing into censorship. That mission needs a home.

Thankfully, the private sector is not waiting. Companies with deep forensic capability in synthetic media detection are developing attribution tools that operate at scale. The technical capacity to identify AI-generated content, trace distribution networks, and flag coordinated inauthentic behavior is advancing rapidly in the commercial sector. A successor architecture built as a genuine public-private partnership, pairing government authority and classified context with private sector technical capability, may be better suited to the current environment than a purely governmental structure. What government brings that industry cannot replicate is access to intelligence collection on adversarial plans, allied coordination, and the authority to act on attribution findings, when they veer into criminal conduct. What industry brings is speed, scale, and detection capability that is already operating. The two are complementary. What is missing is the design and the mandate to connect them.

Three developments have arrived simultaneously. The doctrine for industrial scale cognitive warfare has been documented, refined, and is spreading across adversary ecosystems. The tools to execute that doctrine have been democratized to the point where frontier-class AI capability is nearly free, unrestricted, and available worldwide. And the federal institutional architecture charged with tracking and countering foreign cognitive operations against the United States is in transition, without a successor in place.

The effects of this convergence are not limited to elections, though elections are the most visible surface. What is at stake is the shared epistemic ground on which any form of collective decision-making depends. When authentic evidence becomes routinely contestable, when any documented fact can be attributed to a fabrication machine that everyone knows exists, the cost of reasoning accurately rises for every person in the information environment. That cost does not fall on governments or institutions. It falls on individuals; in every judgment they make about what to believe and whom to trust.

The perimeter has always existed. What changes is the technology of assault and the capacity of defense.

The country has organized around threats of this scale before. New structures are needed, designed for the technological moment we are now in, with clear mandates focused on detection and attribution of foreign synthetic operations and civil liberties protections built in from the start. Not structures that tell Americans what to believe. Structures that identify what is being manufactured and aimed at them.

That is achievable. And today, it is necessary.

Views expressed here are the author’s alone and do not represent the positions or policies of the U.S. Government or the Central Intelligence Agency.

Inside the Pentagon’s High-Stakes Nuclear Overhaul

“The unfortunate truth is that it's fallen to the lot of all of us to modernize the entire [U.S.] nuclear triad at once. Probably, in retrospect, we should have been doing pieces of it over the last 30 or plus years. Plus…we're having to modernize the nuclear weapon production [warheads, bombs] as well as the triad platforms [bombers, submarines, missiles]. I refer to it as the pig in the budgetary python. It's a lump that's moving through that we're just going to have to swallow in order to maintain the basic bedrock of our national security strategy, which is [nuclear] deterrence.”

That was Sen. Angus King (I-Maine), speaking on the afternoon of April 20, during a Senate Armed Services Strategic Forces Subcommittee session taking testimony from seven officials on the Fiscal 2027 Authorization for the Department of Energy (DoE) Atomic Defense Activities and the Department of Defense (DoD) Nuclear Weapons Programs.

Only Subcommittee Chairman Sen. Deb Fischer (R-Neb.) and ranking-member King attended the roughly 90-minute session. However, in that time the witnesses described what Sen. King described as DoE’s nuclear weapons building complex, the National Nuclear Security Agency (NNSA), being the busiest since its creation in 1980, and meeting DoD nuclear weapon requirements “while at the same time modernizing Manhattan [Project] era [1940s] production facilities.”

Meanwhile, King said, DoD “is conducting a once-in-a-generation modernization of our triad...ensuring the existing triad of ICBMs, submarines, and bombers can remain safe, secure, and effective as the bedrock of our national defense deterrence policy with two near peer adversaries, Russia and China.”

This subcommittee hearing, I thought, provided the best update on the complexities of this ongoing redo of U.S. nuclear forces and, since it had little-to-no public coverage, it’s worthwhile to present some highlights.

For example, Air Force Gen. Dale R. White, Director of the Critical Major Weapon Systems program, updated for the Senators what’s going on with the Air Force’s Sentinel ICBM program.

Sentinel was designed to replace the aging, 400 deployed Minuteman III ICBMs, but the Sentinel program was halted in 2024 for review after costs rose from an initial $78 billion to over $141 billion, moving initial operating capability (IOC) by at least two years beyond the original 2029 target.

White told the Senators, DoD now annually allocates over $2 billion to operate and sustain Minuteman III with 10 active investment programs that ensure the system meets or exceeds all warfighter requirements. These funds will modernize essential, Minuteman III-specific equipment required for vital aging, surveillance, and nuclear hardness testing.

Meanwhile, in the restructuring of the Sentinel ICBM program, White said the first complete three-stage ground test missile had been assembled last fall, “paving the way for the program's first flight, a missile pad launch scheduled for 2027, which will mark a pivotal moment in our flight test campaign.”

This past February, the program also broke ground on a prototype Sentinel launch silo in Promontory, Utah. He called this, “a key step in tackling one of the program’s most significant engineering challenges.”

White said Sentinel is on a path to its Milestone B decision by the end of this year, which would authorize it to enter engineering and manufacturing development with an initial operational capability scheduled for the early 2030s.

A February Government Accountability Agency (GAO) report said, “As a result of delays to Sentinel, the Air Force may need to operate Minuteman III through 2050, 14 years longer than planned,” adding, “Prolonged operation of the aging system presents sustainment risks. Addressing these risks in a transition risk management plan would help ensure the system meets requirements during the transition.”

To meet the risk, White told the Senators that to manage “the intricate transition from Minuteman III to the deployment of Sentinel,” Air Force Global Strike Command has established Sentinel Site Activation Task Force detachments at each missile wing, test site, and acquisition location.

White is also responsible for the new B-21 Raider strategic bomber, which is in its flight test campaign with the physical production already begun. White said, “The first aircraft remains on track for delivery to Ellsworth Air Force Base in 2027, with a planned fleet of at least 100 aircraft, and a recent agreement with Northrop Grumman to increase annual production capacity by 25 percent.”

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Another subcommittee witness, Air Force Gen. Stephen L. Davis, Commander of Global Strike Command who said he “provides our Nation's combat-ready forces for nuclear and conventional long-range strike.”

The U.S. bomber force of B-1s, B-2s, and B-52s, Davis said, “remain in high demand across multiple theaters.” He said they have played roles in military operations, including Rough Rider, a 2025 operation in Yemen; Midnight Hammer in Iran; Absolute Resolve in Venezuela; and today in Epic Fury in Iran.

In Epic Fury, Davis said, “Global Strike Command conducted over 150 bomber sorties, 48 of which were round-trip from the United States. These missions were a minimum of 18 hours in duration, with those from the U.S. taking as long as 40 hours.”

Davis is also responsible for the Air Force Survivable Airborne Operations Center (SAOC), the so-called “Doomsday” fleet of aircraft that would serve as a command post in the event of a nuclear attack on the homeland.

Davis told the Senators that the $13 billion program will be fully funded in the fiscal 2027 budget and that four aircraft [Boeing 747-8s] are in Dayton, Ohio [where Sierra Nevada Corporation is]… converting [them] into the new platforms.”

Davis added, “We're expecting the first aircraft to show up at Omaha [Nebraska, Offutt Air Force Base] which has been identified as the main operating base in the early 2030s.”

The SAOC aircraft are an important part of the DoD recapitalization of the aging Nuclear Command, Control, and Communications (NC3) system, estimated to cost some $154 billion from 2025–to-2034. This modernization will replace 1980s-era technology with digital systems and integrate with new triad platforms.

The Senators also heard the status of the Navy’s new Columbia-class ballistic missile nuclear submarines (SSBNs), 12 of which are to replace the 14 Ohio-class SSBNs now providing on patrol providing the most secure strategic nuclear deterrence.

Adm. William J. Houston, Director, Naval Nuclear Propulsion Program reported the Columbia nuclear reactor propulsion plant would finalize development in fiscal 2027, adding, “The life of the ship core, now entering serial production, is directly supporting the Navy's number one acquisition priority and a key strategic asset.”

Vice Adm. Johnny R. Wolfe, Jr., Navy Director for Strategic Systems Programs, confirmed the first Columbia sub was “definitely on track” to make the initial, planned 2039 deployment. Wolfe said the biggest risk on the government side “is understanding all the testing that we're going to need to do both from the [test] pad and from the platform [the submarine] before we start deploying in 2039.”

Another witness before the subcommittee was NNSA’s David E. Beck, Deputy Administrator for Defense Programs, who described seven nuclear warhead modernizations and several complex construction programs that were underway.

Two just completed, Beck said, were for the W88 Alt 870 warhead upgrade for the Navy’s Trident II D5 sub-launched ballistic missile and the B61-12 Air Force tactical nuclear bomb. Still underway are upgrades for the B61-13 tactical bomb; the B80-4 warhead for the Long-Range Standoff cruise missile; the W80-5 warhead for the new Navy sub-launched cruise missile; the W87-1 warhead for the Minuteman III and Sentinel ICBMs; the W93, future warhead for the Navy D5.

Beck also said there were two phase one projects, which mean early designs, for future possible nuclear weapons which he did not describe.

Beck did describe forward movement in pit production, the plutonium-based triggers for thermonuclear weapons.

“Our requirement by law is to make 80 pits a year by 2030,” Beck said, “and we have set a goal to make 100 collectively through December of 2028, which means that in order to get there from here, we will have to make between 30 and 50 pits per year. We're moving closer to the objective.”

At the end of the session, Sen. King said, “I just I think it's important to sort of look on this as a bigger picture in terms of appropriations and expenses. This is not something that will continue forever. We'll get through these new [nuclear weapon] programs. It is unfortunate from a budgetary perspective, we're having to do it all at once, but it's nonetheless so critical to national security.”

I expect Congress will pass the fiscal 2027 budget funding these nuclear weapon-related programs the Trump administration is seeking.

From Socialist Surge to Regional Realignment- Latin America’s Pink Tide Is Receding

Latin America’s Pink Tide Recedes as Economic Reality Fractures Socialist Alliance

Latin America’s leftist front is hitting a wall. The momentum that carried leaders like Gabriel Boric and Gustavo Petro to power has stalled, replaced by the harsh realities of inflation and cartel violence. This isn’t just a temporary dip in the polls — it’s a fundamental breakdown of the old order, and it’s reshaping the strategic landscape of the entire hemisphere.

The transformation is most visible in the aftermath of Nicolás Maduro’s arrest in Venezuela, which has sent shockwaves through remaining leftist governments and emboldened opposition movements across the continent. Intelligence analysts are now betting that the so-called pink tide won’t gradually recede but will collapse entirely under the weight of its own contradictions by year’s end.

The shift is both externally driven by the Trump administration’s openly interventionist approach and internally, as socialist policies fail to deliver economic results that maintain electoral support.

Former Revolutionaries Reject the Model

Perhaps nowhere is the ideological fracture more striking than in Colombia.

Enrique Serrano, a Colombian political analyst with over 40 years of studying U.S.-Latin American relations, tells The Cipher Brief that the left’s failure stems from a fundamental misreading of its own base.

“Those left-wing politicians in Latin America didn’t expect a rise within the middle part of our society,” he explains. “The middle class — they are drifting towards the right because they need more money. It’s more important for them that there’s no governmental regulation on income, for example, on economic opportunities.”

The shift is measurable across the region. In Colombia, Serrano notes that approximately 60 percent of the population now identifies as middle class. Yet, Petro’s policies have targeted people experiencing poverty and the working class, who “normally don’t go vote.”

In Argentina, middle-class frustration with inflation exceeding 200 percent annually drove voters to embrace libertarian Javier Milei’s radical free-market platform. Chile’s 2023 rejection of a progressive constitution — despite electing leftist Gabriel Boric in 2021 — reflected similar middle-class concerns about economic stability over ideological purity. Even in Brazil, Lula’s narrow 2022 victory margin has eroded as middle-class voters increasingly question his economic management and tolerance of regional autocrats.

The shift represents a stunning reversal for a region that seemed firmly in socialism’s grip just three years ago.

“I have never noticed such a strong and such a direct impact from the US on Latin America like it is happening today,” Serrano says. “I see that also in the context of Marco Rubio. There is a strong change compared to the last 40 years right now.”

President Gustavo Petro’s administration is hemorrhaging support not just from centrists but from within the left itself. His approval rating has plummeted to 35.7 percent with a 53.7 percent disapproval rating according to January 2026 polling, down from 48 percent approval when he took office in August 2022. Even within his own Pacto Histórico coalition, internal divisions have emerged as 72 percent of Colombians now believe the country is heading in the wrong direction.

Despite winning the presidency in 2022 as Colombia’s first leftist leader, Petro now commands only his core 30 percent base — approximately six to seven million voters out of 24 to 25 million — as the country approaches crucial May elections.

“The left failed because they’re offering politics towards really the poor, or the workers on the street,” Serrano says. “But those people normally don’t go vote. The ones who put in the most votes are the middle class, and the left is not reaching out towards the middle class.”

The electoral math bears this out. In Colombia’s 2022 presidential election, Petro won with just 50.4 percent in the runoff, the narrowest margin in recent history, despite mobilizing his base. Colombia’s economy grew just 1.6 percent in 2025, well below regional averages, while its healthcare reforms triggered a system collapse, and its security policies failed to stem rising crime rates.

Similar patterns are visible across the region. In Chile, despite electing leftist Gabriel Boric in 2021, voters decisively rejected his proposed progressive constitution in 2023 by nearly 62 percent, with middle-class neighborhoods leading the opposition. Despite his narrow victory in Brazil’s 2022 election by less than two percentage points, Lula’s approval rating has fluctuated significantly.

After hitting a historic low of 24 percent in February 2025—the lowest across all his administrations — his numbers have since rebounded to 48 percent by January 2026. However, 45 percent of Brazilians say they would never vote for him. His recovery came largely through confrontations with Trump rather than domestic policy successes. At the same time, critics cite his tolerance for regional autocrats like Maduro and economic challenges, including food inflation, that particularly hurt his traditional support base among the poor.

A senior U.S. intelligence official, speaking to The Cipher Brief on background, confirmed that internal assessments show socialist governments across the region facing simultaneous crises of legitimacy, economics, and security.

Colombia’s Dual Crises

President Petro’s tenure has been marked by contradictions that illuminate broader challenges facing Latin American socialism. While maintaining popularity among his leftist base, his administration has struggled with governance basics while simultaneously drawing scrutiny for connections between leftist politics and transnational criminal networks — a pattern that has implications far beyond Colombia’s borders for U.S. counternarcotics and security efforts.

Petro’s governance has been plagued by scandals that blur the line between politics and criminality. The Trump administration sanctioned Petro in October 2025, accusing him of allowing drug cartels to “flourish” while cocaine production in Colombia reached its highest levels in decades. Though Petro denies direct cartel ties and the New York Times found no evidence of personal criminal connections, his son was arrested in a money laundering scandal involving campaign financing. At the same time, two former cabinet ministers were jailed in December 2025 for orchestrating a vote-buying scheme that diverted public contracts in exchange for legislative support.

It goes beyond Colombia.

The Maduro regime became a haven for Iranian operatives and Hezbollah networks before his arrest, while the Ortega regime in Nicaragua has been accused of providing sanctuary to anti-American forces. This visible fusion of leftist governance with criminal organizations represents a marked shift from previous decades, when corruption, while present, remained more discreet, complicating U.S. counternarcotics efforts and security cooperation throughout the hemisphere.

Petro’s relationship with Washington has been equally contradictory. After months of public confrontations with the Trump administration over deportation flights and trade threats, Petro abruptly shifted course following a phone call with President Trump earlier this year.

On January 26, 2025, Petro blocked two U.S. military aircraft carrying 160 Colombian deportees from landing, declaring he would “never allow Colombians to be brought back in handcuffs.” Within hours, Trump threatened 25 percent tariffs on all Colombian imports, rising to 50 percent within a week, plus visa sanctions on government officials and enhanced customs inspections.

Petro initially responded defiantly, announcing retaliatory tariffs and posting on social media that “your blockade doesn’t scare me.” Yet by that evening, after the White House threat to Colombia’s $28.7 billion in annual exports to the U.S., Petro capitulated completely, agreeing to “all of President Trump’s terms, including the unrestricted acceptance of all illegal aliens from Colombia returned from the United States, including on U.S. military aircraft, without limitation or delay.”

Following the cordial phone call in January, Trump invited Petro to Washington for a February meeting that “dramatically reversed their war of words.” The sudden rapprochement caught observers off guard. The about-face revealed the extent to which even vocal anti-American leftist leaders now recognize their vulnerability to U.S. economic pressure.

Electoral Reckoning Approaches

Colombia’s May elections are shaping up as a referendum on the country’s leftward turn. Iván Cepeda, Petro’s preferred successor, enters the race with heavy ideological baggage. Following years of economic and social volatility, the electorate has become increasingly wary of socialist rhetoric. The 63-year-old senator is the son of a murdered communist party leader, studied philosophy in Bulgaria during the communist era, and has been active in various leftist movements, including the Communist Party and groups linked to former FARC guerrillas.

Cepeda faces political outsider Abelardo de la Espriella, a self-made criminal defense lawyer and businessman. The 47-year-old from Montería built a lucrative law practice defending celebrities and high-profile clients, including the recently arrested Alex Saab, before launching his presidential bid. Recent polling shows de la Espriella leading with 28 percent support versus Cepeda’s 26.5 percent, with the gap widening to 9.3 percentage points in a hypothetical runoff.

“Politics needs fewer politicians and more businessmen,” de la Espriella told Reuters, promising 6-7 percent annual economic growth through infrastructure investment and deregulation — a stark contrast to Colombia’s anemic 1.6 percent growth under Petro’s socialist policies.

The Colombian race also reflects broader regional trends. According to some experts, the pink tide’s momentum has reversed so dramatically that remaining leftist leaders now find themselves isolated.

“Gustavo Petro is facing a situation where he’s standing almost alone right now because the rest of the region turned to the right already, like Chile, like Argentina,” Serrano says. “So he’s only having two strong allies still in the region, which would be Lula and Claudia Sheinbaum in Mexico.”

Even those alliances are crumbling.

“Petro only has as allies Lula, who is almost about to fall, and Sheinbaum, who is alone,” Serrano continues.

The rightward shift in recent years has brought leaders like El Salvador’s Nayib Bukele, Argentina’s Javier Milei, and Ecuador’s Daniel Noboa to power, creating a new conservative bloc that has welcomed closer ties with the Trump administration and rejected the socialist solidarity that characterized the previous decade.

Existential Threats Beyond the Mainland

The potential socialist collapse extends beyond South America. Cuba, long considered impervious to change despite six decades of communist rule, now faces its most serious existential crisis.

Washington’s regional focus has shifted from Cold War ideological containment to pragmatic strategic interests; a calculation that explains the administration’s surgical approach to Venezuela while largely ignoring Havana.

Cuba, which has maintained communist rule since Fidel Castro’s 1959 revolution, now faces its most serious existential crisis in over six decades. The island’s economy has contracted sharply, with GDP shrinking and basic services collapsing. Prolonged blackouts affecting millions have become routine as the electrical grid repeatedly fails, while severe food shortages have driven unprecedented waves of emigration.

“Their situation is worse (than Venezuela) because they don’t have natural resources,” Serrano underscores. “They don’t have electricity. They can’t produce electricity on their own, and they don’t have food either. So it’s very unlikely that the government in Cuba might survive this year.”

The island’s energy infrastructure has repeatedly failed, leaving millions without electricity for days at a time, while food shortages have driven unprecedented emigration.

Nicaragua faces similar pressures under Daniel Ortega’s increasingly isolated regime. Ortega has ruled since 2007, consolidating power through mass arrests of opposition leaders, shuttering of independent media, and the expulsion of international observers. The regime’s systematic repression has driven over 300,000 Nicaraguans into exile while leaving the country economically stagnant and diplomatically isolated.

“Those authoritarian governments like Venezuela, Nicaragua and Cuba — what they in real life try to do is just to gain time,” Serrano told The Cipher Brief. “They will disappear earlier or later. It’s just they try to get as much time as possible.”

The convergence of economic failure, political repression, and technological change has created conditions fundamentally different from those that allowed previous generations of authoritarian leftist governments to survive for decades.

Technology Accelerates Socialist Decline

In addition, the digital revolution has destroyed the old-school socialist playbook. As mobile technology has expanded across Latin America, governments have lost their most powerful tool: the narrative. U.S. analysts are currently monitoring how this decentralized flow of information, from protest coordination on encrypted apps to real-time leaks of government corruption, is creating a level of accountability that previous generations of leftist leaders never had to face.

Beyond Cuba and Nicaragua, other left-wing regimes recently faced Trump administration scrutiny. In Honduras, leftist president Xiomara Castro was defeated in the November 2025 elections by Trump-backed conservative Nasry Asfura, who took office in January 2026. Castro’s tenure had raised concerns in Washington about her government’s ties to China and open support for authoritarian regimes, including Venezuela and Nicaragua.

U.S. Strategic Implications

With the collapse of the pink tide, Washington faces both opportunities and risks. The shift away from socialism aligns with U.S. interests, but it also creates vulnerabilities that adversaries may exploit. The penetration of organized crime, particularly groups with ties to Iran and Hezbollah, remains a persistent concern.

Mauricio Baquero, Venezuelan opposition organizer and María Corina Machado’s representative for Latin America, tells The Cipher Brief that authoritarian governments’ tolerance of malign foreign actors poses direct threats to U.S. security.

“The Nicholas Maduro government allowed Hezbollah and Iran officials to be in Venezuela,” he explains. “So that’s obviously a source of insecurity in the whole region.”

Luis Bustos, spokesperson for Venezuelan opposition party Primero Justicia, tells The Cipher Brief that removing foreign actors remains a critical challenge even after Maduro’s arrest. Regarding whether interim president Delcy Rodríguez continues tolerating Hezbollah’s presence in Venezuela, he explains that “it’s not possible to get them out of the country really quickly.” his reality, he explains, underscores why “it’s not recommendable” to rush elections.

“We need a time of transition where we make sure that all those influences from abroad, among them, Hezbollah, for example, will leave the country,” he says.

Since socialist governments have provided sanctuary to anti-American actors, including Iranian operatives, Russian intelligence services, and Chinese surveillance networks, Washington has made the pink tide’s recession a national security priority, rather than a matter of ideological preference.

According to Serrano and others, the Trump administration’s aggressive approach, particularly in Venezuela, has accelerated changes that might otherwise have taken years.

As several Latin American nations drift rightward, the question is no longer whether the pink tide will recede, but whether any socialist government can survive the decade ahead without dramatic policy reversals that abandon the model’s core premises.

“Not over, but it’s failing,” Serrano adds. “And the region needs to examine why.”

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Human vs. Machine: Operational Realities from Ukraine’s Frontline

A global debate is underway over how much human involvement should be required when artificial intelligence is implemented in military operations. This is typically described on a spectrum: "human-in-the-loop," where a system can select targets and apply force only with human authorization; "human-on-the-loop," where a system selects and applies force without authorization but under human supervision with the ability to override; and "human-out-of-the-loop," where a system selects and applies force without human authorization, supervision, or intervention.

How much human control is necessary remains contested, but the debate is overwhelmingly normative rather than empirical. Ukraine, where these systems are being deployed at scale under active fire, offers a case study for testing those assumptions against battlefield reality.

What emerges is not a clean line between human control and machine autonomy but a continuum shaped by biology, budget, cognition, accountability, and ethics. The harder question — and the one this paper examines — is what happens when human-in-the-loop safeguards are preserved in name but the conditions that make them meaningful have already eroded because the volume of targets exceeds what any operator can review and the tempo of engagement outpaces human reaction time.

Biology

Proponents of autonomous weapons systems consider them a moral imperative. They argue that if technology can remove warfighters from danger, governments have an obligation to use it. Ukraine's leadership has arrived at the same conclusion under considerably more urgent circumstances.

Since 2024, Russia's elite drone unit, Rubicon, has wreaked havoc on Ukrainian forces well behind the frontlines. One brigade reported losing up to seventy percent of its drone operators in a single week. Another lost most of its vehicles, drone launch sites, antennas, and communications equipment. In Kursk, the pressure grew so severe that Ukrainian forces ultimately withdrew.

Compounding the problem is the time it takes to evacuate wounded soldiers. The medical "golden hour" standard has collapsed in Ukraine, where evacuation now takes twenty-four to seventy-two hours. A US veteran fighting in the war lamented that they now face a "golden three days," noting that a friend was hit by shrapnel — which should have been an easy fix — but required a leg amputation due to the long evacuation time.

The situation is also a matter of numbers. Ukrainian Minister of Defense Mykhailo Fedorov disclosed upon taking office that 200,000 troops have gone AWOL and two million men of military age are evading mobilization. Russia holds a significant advantage here. Ukrainian frontline units now operate at fifty to sixty percent of authorized strength, with some as low as thirty percent.

This combination of relentless danger and severe manpower shortages is pushing Ukraine toward autonomous weapons systems across the land, air, and sea.

Fedorov has stated the country "needs to remove UAV operators from the battlefield." The near-term goal is enabling operators to control drones from anywhere in the country. The ultimate objective is full drone autonomy.

Ukraine has also deployed armed ground robots in place of infantry on the battlefield. In late 2025, Ukraine's robot army held frontline positions for forty-five straight days. The systems were controlled remotely from safe locations and reloaded every forty-eight hours. Ukrainian officials called it a first in modern warfare. A commander within the Third Army Corps said, "Robots do not bleed."

By the end of 2025, drones were responsible for more than eighty percent of all enemy targets destroyed in Ukraine, according to officials. "We don't have infantry. We do drones. We kill with drones. We save with drones. We liberate with drones," one commander said.

Ukraine's ambassador to the UK, Valerii Zaluzhnyi, predicts a rapid evolution for these systems. He believes that in the near future, these robots will be used "not just on their own, but as part of large, AI-powered swarms of drones" across all domains.

Budget

Those biological and manpower pressures interact directly with the economics of drone warfare. One-way attack drones can be deployed for as little as $400, and in 2025 Ukraine allocated $2.8 billion to procure millions of them. The sheer volume of cheap drones, paired with AI-driven target identification, compresses the entire kill chain — reducing sensor-to-shooter timelines from days to minutes. The same dynamic is currently playing out in the U.S. and Israeli war with Iran, where both sides are deploying cheap semiautonomous attack drones in the thousands. But this shift is not only about money and hardware; vast numbers of cheap, AI-enabled drones also transform what any human can realistically perceive, decide, and authorize in time.

Cognition

These compressed timelines and target volumes force a rethink of human cognition as the limiting factor in AI-enabled warfare. Ukraine's experience with systems like the Avengers AI platform and the Delta command-and-control environment illustrates how quickly human oversight can be stretched to the breaking point.

The Avengers AI platform, used for offensive targeting and integrated into Ukraine's Delta command and control system, can identify up to 12,000 enemy assets per week through automated analysis of drone and camera feeds. The system does not fire weapons by itself; humans still validate targets, allocate scarce munitions, and manage escalation. Ukrainian officials emphasize that Avengers is meant to filter, not replace, human judgment. But the volume raises a governance question: at what point does human validation become a fiction, as exhausted analysts and commanders "rubber-stamp" AI recommendations they cannot meaningfully re-evaluate? This has already been observed in other conflicts, including Gaza.

By contrast, Ukraine's Octopus interceptor drone is designed to detect and destroy incoming Russian drones mid-air without requiring a human to approve each intercept. Requiring a human to approve every intercept in a saturation drone attack can result in more civilian and military casualties than allowing a supervised-autonomous system to fire within fractions of a second under pre-defined rules of engagement.

This mirrors what the 2023 U.S. Department of Defense Directive 3000.09 refers to as 'operator-supervised autonomous weapon systems,' permitting systems to select and engage targets under human supervision for time-critical defense — especially static defense of installations and defense of platforms against saturation attacks. Full autonomy remains rare: most systems remain operator-in-the-loop or operator-on-the-loop, with autonomy used for terminal guidance, navigation through jamming, or collision avoidance rather than independent target selection.

Systems like Avengers and Octopus show that autonomy is already being used in different parts of the kill chain — filtering targets at scale or firing within fractions of a second under predefined rules of engagement — often at speeds no human can match. As the volume and tempo of AI-generated recommendations rise, the risk grows that operators will "rubber-stamp" system outputs they can no longer meaningfully re-evaluate.

Accountability

As battlefield realities push humans further from direct control, questions emerge around accountability, and when human-in-the-loop oversight is meaningful and when it is theater.

These are not purely technical choices; they are institutional and doctrinal ones. Architecture becomes policy — the way the system is wired effectively decides how tightly humans are tied into day-to-day combat decisions. Documenting intent and assigning responsibility for civilian harm cannot be an afterthought; it must be designed into the system from the start.

The harder ethical question is whether preserving human-in-the-loop safeguards is always the right thing to do — or whether, in some cases, it is more ethical to admit where humans cannot keep pace. The real governance question is not whether to keep a human in the loop in the abstract, but which loops we deliberately anchor in human cognition and institutional authority, and which we are prepared to delegate.

Conclusion

Within the broader discourse on autonomous systems, Ukraine provides empirical evidence that the devolution of human oversight is a systemic reality of modern combat, not a hypothetical risk. The compounding forces of human biological limits — ranging from localized attrition to universal thresholds of reaction time — alongside the proliferation of low-cost drones and unparalleled data velocity, inevitably distance the human operator further from direct control. Consequently, true accountability cannot rest on an operator's final click under fire; it must be deliberately designed into the entire operational process — architectures, workflows, and governance — that lead up to that moment. The governance question is no longer whether to keep a human "in the loop" in the abstract, but which loops humans must own, how much cognitive load they can bear, and how fast wartime institutions can adapt command-and-control (C2) and oversight structures.

To help policymakers and practitioners translate these insights into practice, we offer three mutually reinforcing lines of effort.

First, decide which loops humans own. Make human placement an explicit design decision, not a slogan. For each mission type (for example, air defense; ISR; long-range strike; information operations), require a short statement of where humans sit on the continuum (in/on/out of the loop), why, and what tradeoffs you are accepting in speed, survivability, and escalation risk. Reserve true "human-in-the-loop" control for low-tempo, high-stakes decisions, and use Ukraine's experience to distinguish between high-volume, time-critical defensive engagements — better suited to supervised autonomy like Octopus-style interceptors — and lower-tempo but politically or ethically weighty decisions, where humans should remain the real bottleneck.

In parallel, reframe ethics around actual control, not formalities. Move policy language away from blanket promises that humans will "approve every shot" toward domain-specific statements about where humans truly control outcomes and where they supervise architectures that act faster than they can. Document human intent in system design, not only in rules of engagement, so accountability is anchored in what commanders ask AI systems to optimize, rather than solely in an operator's last-minute approval.

Second, design systems to manage cognitive overload. Treat human cognitive limits as a hard design constraint, not a staffing problem. Cap and structure AI output for human decision-makers by limiting how many "priority" alerts any individual can receive in a given timeframe, using tiered queues and automated de-duplication — especially in environments like Delta/Avengers, which can surface thousands of targets per week. Mandate machine-readable rationales and confidence scores so human review becomes targeted supervision rather than binary approve-or-reject decisions. Instrument "rubber-stamping" as a safety signal rather than a success metric. Treat near-100-percent approval rates under high load as a warning, require periodic audits of how often humans overrule or modify AI outputs, and adjust triage logic and escalation pathways based on those findings.

Third, govern battlefield AI at responsible speed. Align architectures, governance, and professional education with the operational realities Ukraine is already revealing. Build CJADC2-style systems around actual operational needs: follow lessons from Ukraine's Delta by starting with a single web-based common operational picture that fuses multi-domain data, then layering AI analytics on top. Co-design compute and command, recognizing that where you place compute (cloud, theater data centers, edge) determines which forms of human oversight are realistic at different echelons. Create wartime AI-governance playbooks with predefined fast-lane processes for testing, fielding, and monitoring AI tools in combat. Encourage modular autonomy packages that can be certified, updated, and reused, and tie funding to governance metrics such as robust logging, verification and validation, red-teaming, and post-incident review. Finally, prepare people and organizations for AI-enabled campaigns by making AI literacy and "AI tradecraft" core elements of professional military education, exercising AI-failure scenarios in wargames, and embedding small AI and data teams with operational units, as Ukraine and its advisers have already begun to do.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Abu Dhabi Walked Away from OPEC After Nearly 60 Years

When UAE Energy Minister Suhail al-Mazrouei announced Tuesday that Abu Dhabi is leaving OPEC – a cartel it has been a member of since 1967 – he called it a “pure policy change” and a “policy-driven evolution aligned with long-term market fundamentals.” It was considerably more than that.

The exit is the most visible rupture yet in Gulf Arab solidarity: a pointed rebuke of Arab partners who watched Iran batter the UAE with hundreds of missiles and drones for months while offering, in Abu Dhabi’s assessment, next to nothing in return. It is also a strategic bet – on a deepening bilateral relationship with Washington, on unconstrained production capacity once the Strait of Hormuz reopens, and on the proposition that multilateral institutions no longer serve UAE interests the way they once did.

The UAE’s OPEC exit is the product of three overlapping pressures: a chronic quota grievance costing Abu Dhabi more than $50 billion a year in foregone revenue; war-driven fury at Arab inaction; and a US-backed opportunity to monetize ADNOC’s expanded production capacity without cartel constraints. The strategic implications extend well beyond oil markets.

The Long Squeeze

The UAE has been a member of OPEC since 1967 – before the federation itself existed, when Abu Dhabi joined as a standalone emirate four years before the seven emirates formally unified in 1971. In that time, OPEC shaped global oil prices, managed supply shocks, and gave member states a framework for coordinating production in ways that kept revenues relatively stable. For most of its membership, the UAE benefited from that arrangement.

The economics changed when ADNOC began a serious capacity expansion. The Abu Dhabi National Oil Company has invested aggressively over the past decade, reaching 4.85 million barrels per day (bpd) in nameplate capacity and targeting 5 million bpd by end-2026 under a $150 billion capital expenditure plan. The gap between what ADNOC can produce and what OPEC+ quotas allow it to produce became a structural source of frustration – and an increasingly expensive one.

Under OPEC+ constraints, the UAE has been producing roughly 30 percent below its current capacity, with actual output running between 3.4 and 3.8 million bpd before the Iran war disrupted everything. A 2023 Baker Institute analysis estimated that quota constraints cost the UAE upward of $50 billion per year in foregone revenue. Over time, this has amounted to a staggering subsidy of Saudi Arabia’s price management strategy, paid by Abu Dhabi.

This tension erupted publicly in 2021, when the UAE blocked an extension of OPEC+ production cuts unless its individual baseline quota was raised from 3.17 million to 3.65 million bpd. The argument was straightforward: its baseline was set before capacity expanded significantly, making cuts disproportionately punishing. A compromise was eventually reached, and in June 2024 OPEC+ granted the UAE a further increase to 3.5 million bpd for 2025. That still left production well below ADNOC’s 4.85 million bpd capacity.

The fundamental math never changed: the cartel’s quota system was designed for a UAE that no longer exists. Abu Dhabi built its way out of the arrangement.

War Changes Everything

The Iran war removed the last argument for staying. Since the conflict began on February 28, 2026, Iran has launched 537 ballistic missiles, 2,256 drones, and 26 cruise missiles against the UAE – killing 13 people and wounding 224. ADNOC operations were hit. Fires burned at Palm Jumeirah and the Burj al-Arab. Dubai International Airport sustained damage. The UAE’s carefully constructed image of permanent stability – the foundation of its tourism, finance, and services economy – was shattered in a matter of weeks.

The response from fellow Arab OPEC members was, in Abu Dhabi’s assessment, inadequate. The Hormuz closure compounded the economic pain. With the strait effectively shut since February 28, UAE crude production collapsed 44 percent to approximately 1.9 million bpd in March. Abu Dhabi’s alternative export route – the Habshan-Fujairah pipeline (ADCOP), which runs 380 kilometers to the Gulf of Oman and bypasses Hormuz entirely -- provides only partial relief. The pipeline has a capacity of roughly 1.5–1.8 million bpd; the UAE was using about 1.1 million bpd pre-war, leaving limited headroom.

UAE diplomatic adviser Anwar Gargash, speaking at the Gulf Influencers Forum on April 27 – the day before the exit announcement – put it plainly: “The Gulf Cooperation Council countries supported each other logistically, but politically and militarily, I think their position has been the weakest historically. I expect this weak stance from the Arab League, and I am not surprised by it, but I haven’t expected it from the GCC and I am surprised by it.”

Mazrouei’s framing of the exit timing carries its own admission: he told CNN that May 1 was chosen precisely because the strait is closed, limiting the immediate market impact. Abu Dhabi has engineered a clean break at a moment when the exit cannot destabilize oil prices – while positioning itself to ramp production aggressively once the strait reopens.

The logic is clear once the two grievances are placed side by side. The UAE spent years subsidizing OPEC’s price management discipline while absorbing war costs that OPEC Arab members declined to share. Staying would have rewarded both failures simultaneously. Mazrouei’s explicit statement that Saudi Arabia was not consulted is not a diplomatic accident. It is the message.

Washington’s Fingerprint

The timing of the exit also points toward Washington – and a deal that may have been struck in the days preceding the announcement.

Trump has accused OPEC of inflating prices repeatedly and tied US military support in the Gulf to lower oil costs. But the more immediate context is a dollar crisis. In the weeks before the exit, UAE central bank officials raised with Treasury Secretary Scott Bessent the possibility that Abu Dhabi might be forced to conduct some oil transactions in Chinese yuan if dollar liquidity in the Gulf tightened further. This was not an idle threat – it was a structural vulnerability created by the Iran war’s disruption to Gulf financial flows, and it posed a direct challenge to the petrodollar architecture underpinning US financial power.

On April 24, Bessent publicly backed emergency dollar swap lines for Gulf allies, including the UAE. Four days later, Abu Dhabi announced its OPEC exit. The coincidence is striking. Fortune reported on April 28 that the timing “raises the question of whether the US gave implicit backing to the move.” No direct evidence of explicit coordination has emerged, but the incentive alignment is real: the UAE gets a dollar lifeline and freedom from cartel constraints; the US gets a weakened OPEC, a Gulf ally choosing Washington over the cartel, and a medium-term downward price trajectory once Hormuz reopens. The petrodollar threat was neutralized by the swap-line arrangement; the OPEC exit may have been part of what Abu Dhabi offered in return.

This is transactional diplomacy in real time. The Gulf’s multilateral institutions – already strained by a war that none of them were designed to manage – are being quietly sidelined by bilateral arrangements.

What Happens Next

For OPEC, the arithmetic is bleak. The cartel loses its third-largest producer. Saudi Arabia now carries more of the price management burden with less internal buy-in. The cartel was already struggling with chronic compliance cheating – Iraq, Kazakhstan, and Russia have consistently overproduced against their quotas. The UAE’s exit removes the member that had been most vocal about quota fairness. Qatar left OPEC in 2019, becoming the first Gulf departure; the UAE is the second but far more consequential. If smaller Gulf members – Kuwait, Bahrain – conclude that bilateral arrangements offer more than cartel solidarity, OPEC’s coherence deteriorates further.

For UAE production, the real payoff is post-Hormuz. Abu Dhabi cannot ramp output immediately – Hormuz closure limits physical export capacity to the Fujairah pipeline, and ADCOP cannot absorb the full 4.85 million bpd ADNOC is capable of producing. But when the strait reopens, the UAE will be free to increase toward full capacity without cartel permission. This is a bet on capturing market share during the reconstruction cycle.

For Saudi Arabia, the exit is the worst possible timing. Already absorbing war costs – Ras Tanura hit, Red Sea rerouting threatened by Houthi pressure at Bab al-Mandab, desalination infrastructure vulnerable – Riyadh now faces a weakened OPEC position without its closest Gulf ally. The MBS-MBZ personal estrangement that produced the Mukalla strike, the first Saudi military action against GCC-linked assets since the council’s founding, now has cartel-level confirmation. These two are not coordinating.

The Verdict

The UAE’s OPEC exit is a data point in a larger reconfiguration. Gulf states that absorbed Iranian attacks without adequate protection from the multilateral architecture – OPEC, the GCC, the US-led security umbrella – are making their own arrangements. For Abu Dhabi, the calculus is stark: bilateral relationships with Washington, unconstrained production capacity, and a Fujairah bypass provide more durable leverage than cartel solidarity with partners who didn’t show up when it mattered.

The test comes when Hormuz reopens. If UAE production ramps aggressively toward 5 million bpd, it confirms this was always a capacity play layered on security grievance. If Abu Dhabi exercises restraint, the move was primarily a signal about the limits of Arab multilateralism.

Either way, the cartel that shaped global oil markets for six decades has lost one of its most consequential members—not to market forces, but to a war and the fractures it exposed. That is the more important story.

The author is a former CIA intelligence officer with extensive experience on the Near East. This analysis draws on open-source reporting, regional analysis, and publicly available assessments. All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

That Other Nuclear Nightmare: North Korea Sounds New Alarms

DEEP DIVE – As the U.S. grapples with the still-unsolved problem of Iran’s nuclear program, another American adversary is expanding its nuclear arsenal at a dangerous pace. That’s the view of the International Atomic Energy Agency (IAEA) and other experts after a flurry of alarming news from North Korea.

According to the IAEA and the Center for Strategic and International Studies (CSIS), recent satellite imagery of North Korea shows heightened activity at the Yongbyon nuclear complex, the commissioning of a new light water reactor, and evidence that the North has completed – or neared completion – of a new uranium enrichment facility.

"All of them point to a very serious increase in the capabilities of [North Korea] in the area of nuclear weapons production," the IAEA Inspector General Rafael Grossi said during a mid-April visit to Seoul.

The new enrichment facility would be North Korea’s second and allow Pyongyang to grow an arsenal already estimated at 50 nuclear warheads. Experts say the regime has made strides on the delivery side as well – with new intercontinental ballistic missiles (ICBMs) and launch systems. Just five days after Grossi’s statements, North Korea carried out a series of ballistic missile tests.

Victor Cha, the CSIS Korea Chair, said the recent developments reflect a core ambition of North Korean leader Kim Jong Un: to match the capability of some of the world’s major nuclear powers.

“Kim Jong Un intends to develop a modern nuclear weapons arsenal the size of France or the United Kingdom, each of which has over 200 nuclear weapons,” Cha, who served as deputy head of the U.S. delegation at the Six-Party Talks with North Korea, wrote in Foreign Affairs. “And he is well on his way…North Korea has blown past even the most pessimistic predictions.”

The North’s latest nuclear muscle-flexing comes as the U.S. wrestles with a major piece of unfinished business in its war against Iran – the future of that country’s enrichment facilities and stocks of uranium. Some experts worry that the Iran war is drawing attention away from North Korea.

“Now North Korea is not just in possession of the nuclear capability – it is becoming more of a nuclear weapons state, and they can use those weapons against us and our allies,” Joseph DeTrani, who was the U.S. Special Envoy for the Six-Party Talks, told The Cipher Brief.

“People may see Iran as very hostile because they say the U.S. is the enemy,” DeTrani added. “Well, the North Koreans say the U.S. is the enemy too – that’s in their constitution – and I fear that we’ve become very complacent with North Korea.”

A race for more weapons

The new enrichment facility at Yongbon has been under construction for more than a year; satellite imagery analysis by the CSIS showed signs of work at the site as early as mid-December 2024.

On March 2 of this year, Grossi told the IAEA’s Board of Governors that the “the new building is externally complete, and internal fitting is likely underway,” and in early April, the CSIS said new imagery “shows the facility essentially complete, including a probable standby generator, administration/engineering support, and vehicle shed buildings.”

Experts aren’t certain that the facility is operational, but they say that when it is, it will boost the North’s production of enriched uranium and ultimately its stocks of nuclear weapons as well. According to the Stockholm International Peace Research Institute, the North’s arsenal is estimated at 50 nuclear warheads, with enough fissile material to produce up to 40 more.

“They will have more fissile material than ever with this new facility,” DeTrani said. “And so they will likely be producing more nuclear weapons than ever before.”

Beyond Pyongyang’s push for more weapons, there have been other worrying signs.

On April 19, North Korea launched five short-range ballistic missiles armed with cluster munitions against an island target in the Sea of Japan. It was the second test-firing of delivery systems in less than a month. According to North Korean state media, Kim Jong Un and his daughter – who many analysts believe is his heir apparent – supervised the launches in person.

Cha says that North Korea has developed nearly 20 different delivery systems, including long-range ICBMs that can reach targets in the United States. According to the CSIS and others, the regime is also pursuing ballistic missiles that can be launched from nuclear submarines.

Then there is the Russia factor. Not long ago, China was the North’s chief ally and lone supplier of military and financial support; in 2024, Russia sought North Korean help for its war against Ukraine, and the resulting agreement has given Russia thousands of North Korean troops and supplies of ammunition and ballistic missiles, in exchange for technological help for the North’s nuclear program.

“They are learning things from the Russians – that’s another great fear,” John Parachini, Senior International and Defense researcher at RAND, told The Cipher Brief. “They’ve provided weaponry and blood to Russia and I’m sure they’ve gotten something in exchange for it.”

DeTrani warned of a dangerous and unprecedented combination: North Korea’s growing arsenal of weapons, its improved delivery systems, and the burgeoning technical assistance from Russia.

“This is exponentially a different equation when it comes to North Korea and their nuclear weapons program,” he said.

Kim’s long game

North Korea’s latest moves follow a series of pledges to scale up its nuclear capabilities.

In 2023, Pyongyang ordered an “exponential” expansion of its arsenal – effectively a shift from developing and testing existing weapons to creating more of them. A CSIS study of statements from North Korea’s news agency between 1998 and 2023 documented a shift from defense (i.e., keeping a nuclear stockpile to maintain deterrence) to offense (the potential use of nuclear weapons during a war). And in a speech to his parliament last month, Kim declared the country “will continue to consolidate our absolutely irreversible status as a nuclear power.”

As Treston Wheat, chief geopolitical officer at Insight Forward, told The Cipher Brief in November, North Korea has evolved to “a maturing nuclear war fighting state,” with doctrine “trending toward first-use options in extreme regime-threat scenarios.”

Experts say Kim’s strategy is based on the belief that a nuclear arsenal helps guarantee his regime’s survival – and that the U.S.-Israeli war against Iran has buttressed that belief.

This is exclusive Subscriber+Member content.

During the first weeks of the war, Kim boasted that North Korea had been able to resist outside pressure and avoid enemy attacks – and that this validated his refusal to make major concessions at the negotiating table.

“The present situation clearly proves,” Kim said, “how just the strategic option and decision of our state were in rejecting the enemy’s cajolery and perpetuating our nuclear possession.”

“He’s basically saying, we made the right decision to not dismantle, and not denuclearize,” DeTrani said of Kim’s statement. “We made the right decision to keep our nuclear weapons program, and we definitely made the right decision to enhance those capabilities and build more nuclear weapons and delivery systems. We weren’t fooled by the sweet talk, mainly from the United States.”

“The U.S. war on Iran confirms what North Koreans have thought since the bombing of Libya, the invasion of Iraq, and indeed all the way back to the Korean War,” said Yonsei University Professor and Korea expert John DeLury. “Having a nuke is perhaps the only way to prevent being attacked by the United States.”

Recent U.S. dealings with Iran and North Korea support that notion. In the case of Iran, President Trump launched a war with the stated aim of ensuring that the country never obtains a nuclear weapon; in the case of North Korea, Trump held three summits with Kim Jong Un during his first term and has spoken positively since then about their relationship.

“If you’re Kim, and you look at what happened to Iran…Kim is saying to himself that I have really safeguarded my country and I have safeguarded my regime,” Parachini said. “With that nuclear capability, he has survival as I believe he sees it.”

Wanted: Out-of-the-box ideas

Ever since the North first produced a nuclear weapon (in 1994, according to the CIA), U.S. strategy has hinged on a single word: denuclearization. As Cha notes, “American negotiators dealing with North Korea have repeated the same mantra: ‘With denuclearization, all things are possible. Without denuclearization, nothing is possible.’” That has been the approach, more or less, over seven American administrations – a blend of carrots and sticks that has offered humanitarian and other financial aid to Pyongyang in exchange for incremental concessions, while imposing increasingly heavier sanctions for noncompliance.

Experts say that while the strategy has produced occasional “wins” – a freeze on reactor operations, declarations of nuclear inventory, and pledges to pursue denuclearization – these have proved temporary at best. And the North has reneged on every promise to scale back its arsenal.

If anything, experts say Pyongyang may be in a better position now than it was during President Trump’s first term.

“They are in a different space now, because of their military capabilities, their nuclear capability and now they’ve got Russia as their backer,” Parachini said. “They have an ability to reject everything that’s put forward until there’s real fundamental change.”

For all these reasons, experts say the time has come for a recalibration.

“The size and sophistication of North Korea’s nuclear arsenal today shows that these approaches have failed,” Cha said. “No prior combination of hardline measures and incentives has worked.”

Cha and other experts argue that the U.S. should no longer insist on complete and verifiable denuclearization. Instead, they say, the aim should be for lower-threshold concessions.

Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that keeps you up to speed on national security. Sign up today.

“There is, in my view, no longer a negotiated path to denuclearization,” DeLury said. “If the United States and South Korea want to reengage in diplomacy and find a modus vivendi with North Korea, it will have to be done on the basis of the [North] being a nuclear armed state. No amount of sanctions will convince Kim otherwise, and arguably the coercive pressure only gives motivation and rationale for further improvements to the nuclear weapons program. A radical change in policy is needed.”

DeTrani agrees. “We have to change the paradigm,” he said. “What can we offer North Korea? What can we give to North Korea that’s important for Kim Jong Un that would entice him to look at possibly freezing his nuclear weapons program? Stop talking about giving up nuclear weapons – they’re not giving up their nuclear weapons.”

What might a new paradigm look like? Some ideas mirror Cold War-era policies that reduced the risk of U.S.-Soviet confrontation: a graduated lifting of sanctions in exchange for a freeze on uranium enrichment, a halt to nuclear testing, and limits on missile production or testing; a strengthening of multilateral deterrence – in this case with Japan and South Korea; and new communications hotlines and other crisis management mechanisms (Parachini noted that early in his career he had operated the so-called “MOLINK” between Moscow and Washington – a hotline established in 1963 to keep regular communication flowing between the Cold War capitals).

“Let’s talk about arms control with the North Koreans,” DeTrani said. “And make clear: if you stop these things, here’s what we can do for you.”

Among more out-of-the-box ideas, Cha says the U.S. military presence in South Korea could be included in future negotiations. Pyongyang has made no secret of its wish for an end to that deployment – which today numbers 28,500 – and while Cha doesn’t suggest withdrawing all the troops, or doing so simply to appease Pyongyang, he notes that the U.S. has already encouraged South Korea to increase its defense spending and assume more of the burden of defending the peninsula. In other words, if some of the American forces may be coming home anyhow, the U.S. could include the drawdown as part of an incentive package for the North.

Parachini went so far as to suggest that the U.S. pursue a peace treaty and the establishing of diplomatic relations. “It’s kind of a Nixon-goes-to-Beijing move, it’s doing the unlikely, it’s doing the unconventional, it’s taking a big risk,” he said. “But I think that would at least begin to change the dynamic, because that’s what the North Koreans want – and I think what the South Koreans want is stability.”

And while none of the experts believe military action is a viable response – as Cha put it, “North Korea is not Iran: it is a proven nuclear weapons state that could retaliate against the United States and its allies” – they all suggested a bulking up of missile defenses and other deterrent capabilities with Japan and South Korea, and a clear message to Pyongyang that any nuclear strike would bring a devastating response.

“The world would be a safer place if North Korea shed its nuclear weapons,” Cha said. “But getting it to give up its arsenal is simply not within reach any time soon, and proceeding as if it would be detrimental to national security. The best strategy for avoiding a hot war with a nuclear North Korea is to preserve a cold peace.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Britain’s Antisemitism Crisis Is Now a National Security Threat

There has been yet another terrorist attack targeting Britain’s Jewish community. This time, two Jewish men were stabbed on Wednesday in Golders Green, London - a leading center of Jewish life and culture in the UK. The incident follows a series of recent attacks on Jewish targets, including assaults on Jewish ambulances in north London just weeks ago, and comes amid a broader surge in anti-Jewish violence across Australia, the United States, Europe, and beyond.

The reaction to this attack has been more marked than any previous antisemitic attack in the Uk that I can remember. It has dominated headlines here, in the mainstream media including the BBC. Prime Minister Starmer reacted with condemnation within minutes of the attack taking place. Politicians on all sides - almost all sides - have said that British Jews have to feel safe, have to have confident expectations of being able to live a normal life like other communities in the UK. More Jewish people have been interviewed by the media and the messages they have been giving out are consistent. They do not feel safe, they do not feel they are understood.

The man suspected of committing the two stabbings has been named as Esse Suleiman, a British national born in Somalia. Responsibility for the attack has been claimed by a terrorist organization with links to Iran.

I have written about this problem before, and I have two contentions that should make this relevant to all readers of the Cipher Brief. The first, as I have said before, is that antisemitism has to be treated as a national security issue. The second and related is that antisemitism is not just a threat to the Jewish community but to democracy. You cannot have a democracy in which one group of the community is battered into silence, fear and flight.

The issue therefore matters to people everywhere who share the values of democracy and tolerance.

The clear goal of these attacks is to make Jewish people in England - perhaps less than 0.5% of our population - feel so unsafe that they leave the country. If they take the obvious route - to Israel - this will somehow only play to the conspiracy theories of Islamists and the extreme left. So where else do they go?

I do not think most British Jews will be going anywhere, but they need more than words from the political class, more than a few extra police officers, or cameras and fences around synagogues, Jewish schools and other buildings.

The need is for a government strategy that specifically counters antisemitism. It has not been enough for people to unite against racism because many people who claim to be, think they are, anti-racist still wittingly or unwittingly perpetrate antisemitism. So, antisemitism is a distinct problem, with distinct causes and needs distinct solutions. The idea that Jews are somehow not an ethnic minority but people at the top of the pile needs to be countered. The idea that there is an alternative to a homeland for Jews needs to be countered. Conspiracy theories that I do not need to retail, but which continue to flood across social media, have to be identified and refuted.

How? When we recognized we had a problem with violent Islamist extremism after the London bomb attacks in 2005 it was recognized that ideas behind the extremism needed to be challenged. Now the same is true of anti-Semitism. The police and intelligence agencies need more power to stop violent attacks, but the battle of minds has to be fought in the public sector - through how teachers understand their pupils and how they counter anti-Semitic ideas often innocently expressed. Community leaders of all faiths and none need to be educated in what antisemitism is, why they should counter it and how. Politicians need to understand the difference between legitimate criticism of the actions of Israel and statements that strike fear into the hearts of Jews.

We need a government led strategy that will expose, discredit and discard anti-Semitism. Only then will Britain’s Jews feel not only safe but free.

To repeat, this is a national security issue and should be treated as seriously as any other national security issue. Our own people should not be terrorized - by state or non-state groups, or by individuals.

This has to start now. It is getting very late.

CIA Deaths Expose Fragile U.S.-Mexico Security Ties

Around two o’clock in the morning of April 19, an SUV veered off a twisting dirt road in a remote corner of the Sierra Madre, plunged into a ravine and burst into flames. The dead were two Chihuahua state law enforcement officers and two unnamed Americans -- who were identified by Mexican authorities as CIA officers.

A state official initially said that all four of the dead were returning from two days of fairly spectacular raids of methamphetamine super-labs in the highlands near a hamlet called El Pinal. That account was swiftly retracted, and the Americans were described as “instructors” teaching state cops how to pilot drones. Either way, the CIA had just put boots on the ground deep in Mexico’s Golden Triangle, a forbidding terrain infamous for vast fields of opium poppies and marijuana, clandestine landing strips for Colombian cocaine flights, and, lately, synthetic drug labs pumping out tons of methamphetamine and fentanyl. This might be a first, but at the very least it was rare, and the price was terrible.

“Why would CIA personnel go deep into Mexico’s cartel country - to a place that’s considered the turf of an extremely violent, heavily armed transnational group?” CIA clandestine service veteran Ralph Goff asked rhetorically and answered. “CIA officers go where their intelligence missions take them. And that includes dangerous areas like war zones and high crime areas - and Mexico is an unfortunate combination of both, with the added risk of dangerous roads. We are trained to deal with dangerous situations and events, which reduces risk but never eliminates risk, and we are aware of this.”

The Trump administration’s intensifying pressure on Mexico’s organized crime families is stirring furious protests from Mexico City, where political leaders are acutely protective of perceived insults to their national sovereignty. Yesterday, Mexican President Claudia Sheinbaum told reporters that her government had sent Washington a formal "diplomatic note” objecting to the CIA officers actions and suggested they had gone rogue. “The [U.S.] federal government didn't know about the involvement of these people (in the operation) and we hope that it's an exception," Sheinbaum said in her daily morning press conference, according to Reuters. "...From now on, as has been done, our constitution and national security law should be followed." Sheinbaum’s remarks followed a statement issued on Saturday by Mexico's security cabinet, charging that the U.S. officials had not been accredited to participate in security activities in Mexico and complained that one of them had entered Mexico as a tourist.

The deaths of the two CIA officers have aggravated longstanding U.S.-Mexico tensions over security ⁠cooperation, particularly when it comes to operations against Mexico’s multi-billion-dollar cartels, which have diversified from drug trafficking into human trafficking, petroleum pirating, extortion and other lucrative crimes. President Donald Trump has repeatedly pressed for greater use ⁠of U.S. military force to combat Mexican cartels and has threatened unilateral action, even inside Mexican territory.

Sheinbaum has pushed back, asserting the U.S. cannot send U.S. officers or troops across the border but is welcome to share intelligence with Mexican officials.

For CIA, DEA and FBI personnel assigned to Mexico and the border area, passing actionable intelligence about specific high-value targets has often been a non-starter, citing widespread corruption within the Mexican government. A number of U.S. informants have been murdered in recent years, according to U.S. officials, with leaks suspected though usually unproven. U.S. Ambassador Ron Johnson, a former Green Beret and CIA operations officer, appears to have taken the side of U.S. intelligence officers wary of cooperating with their Mexican counterparts because of the risk of corruption. Significantly, last Thursday, Johnson traveled to Los Mochis, the town where notorious cartel kingpin Joaquin “El Chapo” Guzman was captured in 2016, deep in Sinaloa state, also known as the second leg of the Golden Triangle, and spoke at a ground-breaking for a joint U.S.-Mexican methanol plant. “If we want projects like this to succeed – if we want our shared future to be as bright as it can be – corruption and extortion have no place,” Johnson said pointedly. The existing bilateral trade agreement, he said, “requires our governments to criminalize bribery and corruption and enforce codes of conduct for public officials. We may soon see significant action on this front. So, stay tuned.”

This is exclusive Subscriber+Member content.

By “stay tuned,” the Los Angeles Times reported, citing unnamed sources, the American ambassador was signaling an escalating Trump administration anti-corruption campaign, focused on Mexican officials allegedly linked to organized crime. This campaign would be more severe than the administration’s decision last October to revoke ⁠the visas of more than 50 Mexican politicians for “activities ⁠that run contrary to America's national interest."

CIA officers have worked closely with some Mexican military and security units since the Agency’s creation in the early Cold War. Officers based in Mexico City have long cultivated relationships with Mexican officials willing to help keep tabs on suspected Russian, Chinese, and Cuban spies, Middle Eastern extremists and other shady characters suspected of using Mexico City as a base for espionage or violent conspiracies against the U.S.

Now the Agency is casting a broader net, in response to Trump’s second-term push for an all-of-government assault on the Mexican cartels. On his inauguration day in January 2025, Trump designated Mexico’s major cartels as “foreign terrorist organizations” and “specially designated global terrorists.” In March of last year, as The Cipher Brief reported, the administration designated drug trafficking as the nation’s top national security threat, a major departure from past designations. Since then, officials say, the CIA has been looking for ways to apply its technological and human assets to counternarcotics work, in the Triangle and beyond.

Experts say intelligence about the Golden Triangle and its gateway border city, Juarez, has never been more crucial, as that smuggling corridor has become a battleground between two ambitious emerging crime groups: La Linea, loosely aligned with underworld leader od the Cartel Jalisco Nueva Generacion, (CJNG) currently the world’s richest, most powerful cartel, and the Gente Nueva, a splinter of the Sinaloa Federation, a waning but still powerful and storied old-line cartel. Both of the upstarts operate in and around Juarez, on the border across from El Paso, a major American metropolitan area and one of the nation’s most important trade hubs, handling an estimated $106 billion in U.S.-Mexico cross-border trade in 2024 alone.

“Paramilitary officers and Case Officers from the CIA's Directorate of Operations are tasked to fill the gaps that other USG agencies may have in their programs and to bring our unique skills to bear in support of law enforcement agencies like DEA and FBI as well as DoW,” Goff said.

In Mexico, the CIA strives to keep a low profile, because Mexican politicians, influential people and the press are deeply suspicious of Washington, especially its spy agencies. The current exceptional episode began on Sunday, April 19, when Chihuahua state Attorney General César Jáuregui announced news that Pedro Román Oseguera Cervantes, commander of the state agency of investigation, AEI, a state policeman, and two American “instructors” from the U.S. Embassy in Mexico City had been killed in a vehicle accident in southern Chihuahua. He said they had been returning to the state capital of Chihuahua City after taking part in a state police-military operation raiding six industrial-size methamphetamine labs in the thickly forested highlands. The destruction of a major cartel complex was heralded as a win for the good guys, but Jáuregui inadvertently ignited a political firestorm that’s still raging. Questions proliferated when the Washington Post and Associated Press, citing an unnamed U.S. official, reported that the American “instructors” who were killed were working for the CIA.

“There cannot be agents from any U.S. government institution operating in the Mexican field,” Sheinbaum told reporters. “It is very important that something like this not be allowed to go unaddressed.” She said she was considering sanctioning Chihuahua law enforcement officials for dealing directly with the CIA instead of deferring to the central government.

Sheinbaum’s efforts to corral the CIA, and perhaps other U.S. agencies, brought a sharp rebuke from the White House. “I think the president would agree that some sympathy from Claudia Sheinbaum would be well worth it for the two American lives that were lost, considering all that the United States of America is doing currently under this president to stop the scourge of drug trafficking through Mexico to the United States,” White House press secretary Karoline Leavitt said.

Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that keeps you up to speed on national security. Sign up today.

Now Sheinbaum is caught between Trump, who last month issued a proclamation promising the “dismantlement” of the cartels, and Mexican nationalists who view yielding to Washington’s demands as a grave threat to their country’s hard-won sovereignty. Sheinbaum tried to thread the needle by lodging a formal protest over the CIA presence, at the same time forgiving Washington’s transgression, just this once. “Let us hope this is an exceptional case ... and that a situation like this never happens again,” she said.

“It’s appalling to hear how Claudia Sheinbaum has responded to the tragic loss of life of two officers - presumably Agency officers - in the service of our country,” David Shedd, a CIA veteran and former acting Defense Intelligence Agency leader, told The Cipher Brief. “There was absolutely nothing illegal or extrajudicial associated with what these officers were doing in Mexico, as the cooperation to include assisting the Mexican security personnel in forward positions is not new. In fact, the kind of mission that these officers were on has led me to believe with a high degree of confidence that bilateral security cooperation between the U.S. and Mexico has never been better. That cooperation has been sanctioned by Sheinbaum. For her to publicly distance herself from our joint security operations is again, appalling.”

Shedd said that the value of sending the CIA officers on the lab raid would have been to let them examine the labels and markings on the drums and sacks of precursor chemicals, so they could identify the chemicals’ points of origin. According to DEA intelligence reports, most of the precursor chemicals used in meth production come from China. “The mission that these U.S. officers were on was absolutely critical to the efforts, to not only destroy the lab but if at all possible, establish a fact-based pattern of Chinese ties to the Mexican cartels,” Shedd said.

Adding to the cross-border tensions: Mexican officials’ shifting stories about what happened on that dark night in the Sierra Madre. Jáuregui, the Chihuahua attorney general, was publicly chastised by Mexico City, then held a second press conference to say there had been a misunderstanding, and CIA officers hadn’t been anywhere near the actual lab raids. He said they had been in another mountain village – Polanco, pop. 403 – six-and-a-half hours away from the action, training state officials on how to operate drones. He didn’t explain why the state needed drone operators – presumably to spot clandestine labs.

Jáuregui said that once the Americans wrapped up the drone training session, they contacted officials with the Chihuahua state investigation agency, AEI, who were coming back from the lab raid, and asked to hitch a ride to the state capital, so they could catch their flight home to Mexico City. (The number of CIA officers involved is murky. The Los Angeles Times reported that there were four CIA personnel, two in the lead SUV with the AEI’s director, and another two in a pickup truck with other Mexican police officers.) At any rate, the police-military convoy picked up the Americans. Around 2 a.m. the lead SUV, with two CIA employees, went off the road, tumbled into the ravine and exploded. It all happened too fast for others in the convoy to help. So far, no evidence has surfaced to suggest foul play. By all accounts, so far, it was just very bad luck.

“Unfortunately, long days followed by bad roads and being tired – there are car accidents,” says Goff. “There's 140 memorial stars on the wall, and our martyrs there. Not all of them were killed by enemy action. We have colleagues who were killed in car crashes, killed in plane crashes, killed in hotel fires, things like that. But it still makes them our martyrs. And we mourn them and we're saddened by their loss, but it's like any endeavor. It's part of what we take on.”

Houthi's are Positioned to Close the Bab el-Mandeb Strait

Despite suffering heavy losses to combined U.S.-Israeli military strikes, the Iranian regime remains defiant. It’s recent reluctance to send a delegation to Islamabad to resume talks with the U.S. was not—as President Trump asserted—because the regime is too “fractured.” It did not attend because it calculated it is operating from a position of strength, not weakness. Their calculus is rooted in their confidence in their ability to punish the global economy by choking off the Strait of Hormuz, and thereby strike back at the U.S.’ center-of-gravity; our political economy.

But while attention is rightly focused on the Hormuz, it is not the only point of vulnerability. Yemen’s Houthis remain positioned to close the Bab el-Mandeb Strait, which sits astride the vital sea route to the Red Sea and Suez Canal. With the Strait of Hormuz effectively shut, Saudi Arabia is now routing roughly five million barrels per day through the Red Sea port of Yanbu. Every barrel sits within Houthi strike range. The USS George H.W. Bush carrier strike group, deployed from Norfolk in late March, is right now rounding the Cape of Good Hope rather than transit Bab el-Mandeb — a 6,000-mile detour that tells you exactly how seriously the Pentagon takes the threat.

Since the ceasefire took effect, the Houthis have launched at least eight barrages at Israel and have shifted their approach to Red Sea shipping from broad pressure to selective political screening — identifying and targeting vessels by political affiliation rather than nationality, applying the same graduated-pressure formula Iran employed at the Strait of Hormuz. Senior Houthi political official Mohammed al-Bukhaiti has stated publicly that current strikes on Israel constitute only a "first phase," a formulation that signals the movement is managing its escalation options against future contingencies, not simply reacting to current events.

Removing the threat to the Red Sea, however, will not flow automatically from a U.S.-Iranian peace deal, even if one is achieved. Washington’s analytical error is treating the Houthis as a faucet Tehran can open or close. The evidence points the other way. The Houthis are not an Iranian subsidiary taking orders; they are a franchise operator pursuing their own agenda under a shared brand. Their calibrated restraint through most of March, followed by ballistic missile strikes on Israel starting March 28 and a claimed “joint operation” with Iran and Hezbollah on April 1, reflects a Yemeni calculus rooted in Yemeni domestic politics — not Tehran’s stage management. Understanding the distinction matters because it determines whether Bab el-Mandeb closes alongside the Strait of Hormuz. And if it does, the economic shock of this war moves from severe to catastophic.

From “Fingers on the Trigger” to Missiles on Israel

On February 28 — the same day the U.S. and Israel launched Operation Epic Fury — the Houthis threatened to resume Red Sea attacks. Industry bodies reacted immediately. The Baltic and International Maritime Council warned that vessels tied to U.S. or Israeli interests faced elevated risk. UK Maritime Trade Operations issued an advisory flagging increased danger across the Gulf, the Strait of Hormuz, and the Red Sea corridor. Then, nothing.

On March 5, Houthi paramount leader Abdul-Malik al-Houthi declared the group’s “fingers are on the trigger, ready to respond at any moment should developments warrant it.” The statement was conditional, not committing. Through the first three weeks of the war, Hezbollah fired rockets at Israel. Iraqi Shia militias struck U.S. targets in Kuwait and Jordan. The Houthis — Iran’s most geographically advantaged proxy, astride the second most important maritime chokepoint in the region — stayed quiet.

Their hesitancy baffled me and many of my analytic colleagues. Michael Hanna of the International Crisis Group said plainly: “We are not exactly sure, to be honest.” CSIS and Israel’s Institute for National Security Studies each published assessments attempting to account for the reticence. The Times reported on March 16 that the Houthis were awaiting an Iranian signal. Bab el-Mandeb remained the only functioning artery for Saudi crude, with roughly 30 tankers near Yanbu within Houthi range at any given moment.

On March 27, Houthi supporters rallied in Sanaa in “solidarity with Iran and Lebanon.” Military spokesman Yahya Saree warned that the U.S. and Israel would not be permitted to use the Red Sea as a base against Iran. The next day, March 28, the Houthis fired their first ballistic missile at Israel since October 2025. The IDF intercepted it. A second salvo of a cruise missile and drones followed the same day. On April 1, Saree claimed a coordinated “joint operation” with Iranian and Hezbollah forces targeting Israeli military sites. But the Houthi attacks then ceased and the group again went quiet.

On April 7, a senior Iranian source told Reuters that “if the situation gets out of control, Iran’s allies will also close the Bab el-Mandeb Strait.” As of this writing, no commercial vessel has been struck in 2026. The USS George H.W. Bush is off Namibia. Saudi crude still flows through Yanbu. The Houthis have reshaped global naval movement without firing a shot at shipping.

Who They Actually Are

Most American coverage describes the Houthis as “Iran-backed Yemeni rebels” and leaves it there. That shorthand obscures more than it reveals.

The movement emerged from the “Believing Youth” (al-Shabab al-Mo’men) Zaydi revivalist study circles that formed in Yemen’s northern Saada province in the 1990s. The Houthi family’s grievances were not invented in Tehran. They run back to Yemen’s 1962 revolution, which ended a millennium of Zaydi imamate rule in the north and marginalized the Hashemite clerical class from which the al-Houthis claim descent. The founder, Hussein Badr al-Din al-Houthi, was killed by Yemeni government forces in 2004 in the first of six Saada wars with the Saleh regime. His recorded lectures still form the core indoctrination curriculum today.

The current leader is Hussein’s younger brother, Abdul-Malik al-Houthi. He holds the title Alam al-Huda — “Icon of Guidance” — signifying his claim as supreme leader chosen by God and entitled to absolute obedience from his followers. He has not appeared publicly in weeks. Israeli airstrikes in August 2025 killed 12 members of the Houthi cabinet including Prime Minister Ahmed al-Rahawi; Chief of Staff Mohammed al-Ghamari was killed in October 2025. Houthi senior leaders have been instructed to stay off-grid.

Organizationally, the movement is highly personalized and familial. The “preventive security” apparatus — modeled explicitly on Iran’s IRGC and reportedly set up with Hezbollah and Iranian trainers — reports directly to Abdul-Malik al-Houthi rather than to any Yemeni state institution. A U.N. Panel of Experts has described it as the most influential intelligence apparatus in Houthi-controlled areas. The key public figures are Yahya Saree (military spokesman), Mohammed Abdulsalam (chief negotiator, under U.S. sanctions), and Mahdi al-Mashat (formally “commander-in-chief”). But real authority rests with Abdul-Malik and a narrow circle of family and clan figures in Saada.

What motivates them is a blend Washington consistently underestimates: Yemeni nationalism, Zaydi-Hadawi revivalism, Hashemite hereditary entitlement, and an anti-imperial ideology that borrows from Khomeini’s Wilayat al-Faqih but does not depend on it. Their slogan — “Death to America, Death to Israel, Curse the Jews, Victory to Islam” — predates Gaza and is core identity, not opportunistic branding. They are not popular. A 2024 Sanaa Center for Strategic Studies poll found that only 8 percent of Yemenis in Houthi-controlled areas viewed the movement positively. They rule by coercion. Their revenue model — war profiteering, smuggling, extortion of humanitarian aid, racketeering through the port of Hodeidah — has immiserated Yemen rather than developed it.

Franchise, Not Subsidiary

Here is where the analysis matters most. The conventional framing — Houthis as “Iranian proxy” — is useful shorthand but strategically misleading. CSIS Middle East Program director Jon Alterman has put it most plainly in congressional testimony: Iran did not create the Houthi movement, and Iranian support for it is “relatively new” and “largely opportunistic.”

The historical record bears this out. Through the first Saada war in 2004 and the five that followed, Iranian involvement was minimal. The Houthis took the Yemeni capital of Sanaa in September 2014 without significant Iranian support. Serious Quds Force engagement — weapons transfers, training, technical assistance — began only around 2017, after the Houthis had already demonstrated they could hit Saudi Arabia on their own.

What Iran has provided since is real and strategically consequential: ballistic and cruise missiles, anti-ship weapons, long-range drones, training (initially routed through Hezbollah, later direct), intelligence, and increasingly Chinese-sourced dual-use components moved through Iranian logistics networks. But patronage is not command. A franchise pays royalties and flies the brand; it does not take operational orders on schedule.

The distinction is not academic. It shows up in the March-April 2026 pattern in three ways that contradict the proxy frame.

First, Iran reportedly pressed the Houthis to attack Red Sea shipping. Bloomberg reported in late March, citing European officials, that Tehran was pushing Abdul-Malik’s circle to prepare a renewed maritime campaign contingent on further U.S. escalation. The Houthis declined. They launched at Israel instead — a much lower-risk target under the terms of the May 2025 U.S.-Houthi ceasefire, which covered U.S. vessels but not Israeli territory.

Second, credible reporting suggests elements of the IRGC have actively discouraged Houthi escalation at certain moments. Nadwa al-Dawsari of the Middle East Institute has argued that the Guards do not want to “drag the Houthis into a suicidal war” because Tehran may need Yemen as a fallback base if the Iranian regime itself collapses. That is not how a principal treats an agent. It is how one franchise operator protects another.

Third, the Houthis are conducting their own internal debate. Al Jazeera’s reporting from Sanaa and analysis by INSS identify two camps inside the Houthi leadership. A cautious current, shaped by the hard lessons of Operation Rough Rider — the U.S. bombing campaign that ran from March to May 2025 and killed many of the group’s senior missile and drone commanders — argues that direct involvement drains resources, invites Israeli decapitation strikes, and complicates the political track with Saudi Arabia. A maximalist current, aligned with the “unity of fronts” rhetoric coming out of Tehran, argues that this moment is the strategic payoff the movement has spent a decade preparing for. The March 28 strikes on Israel were a compromise between these camps, not an order from Iran.

The May 2025 Omani-brokered U.S.-Houthi ceasefire is the one piece of evidence often cited for the proxy frame. Iranian officials did sway the Houthis to accept it, and the Atlantic Council read this as evidence of Tehran’s “continued command and control.” But the better reading is the INSS one: Iran negotiates with the Houthis, not through them. The ceasefire served Houthi interests — stopping a bombing campaign that had killed their commanders — at a moment when those interests happened to align with Iran’s. Alignment is not subordination.

Why Restraint Now, and What Breaks It

Three drivers account for Houthi restraint through the current phase of the war.

The first is self-preservation after 2024 and 2025. Israeli and U.S. strikes gutted Hodeidah port, killed the cabinet, eliminated al-Ghamari, and degraded the missile and drone arsenal Iran had spent a decade building up. The decapitation playbook Israel ran against Hezbollah — killing Hassan Nasrallah in September 2024 and most of the senior leadership in the weeks that followed — is now a credible Yemen scenario. Abdul-Malik al-Houthi knows this. His survival instinct counsels caution.

The second is the Saudi détente. The 2022 truce between the Houthis and the Saudi-led coalition has held through the Gaza war and survived Operation Rough Rider. Saudi Arabia has spent the last year quietly betting that containment works. More urgently, Riyadh now depends on the Red Sea ports — Yanbu especially — as its Hormuz workaround. Any Houthi strike on shipping off Yanbu shatters the détente and reopens the active Yemen war at a moment when the Saudi-backed internationally recognized government in Aden is stronger than it has been in years.

The third is Yemeni public opinion. Palestine mobilizes the Yemeni street. Iran does not. Most Yemenis view the Islamic Republic as yet another foreign power meddling in their country. Attacking commercial shipping “in solidarity with Gaza” in 2023 and 2024 produced a domestic popularity surge. Attacking shipping “in solidarity with Iran” in 2026 is a much harder sell.

But restraint has a trigger. Three developments would collapse it.

First, U.S. ground operations against Iran. President Trump has deployed an additional 2,500 Marines to the region and has publicly discussed seizing Iran’s Kharg Island. If the war moves from air campaign to ground operation, the calculus inside the Houthi leadership inverts — because the unity-of-fronts logic becomes existential rather than rhetorical.

Second, direct strikes on Houthi infrastructure. If the U.S. or Israel hits Hodeidah, Sanaa, or senior Houthi leadership, the internal debate flips immediately toward the maximalist camp. The cautious current’s entire argument rests on the premise that the Houthis can keep their heads down and preserve the movement. Strikes that negate that premise negate the argument.

Third, an Iranian signal tied to regime survival. Will Todman at CSIS has laid this out clearly: if Tehran judges the regime is existentially threatened, it will squeeze the Houthis hard to join in the fray. New Supreme Leader Mojtaba Khamenei has already hinted at “new fronts in the conflict.” If the IRGC concludes Yemen is the last lever available, they will pull it — and the Houthi maximalist camp will pull with them.

The Bottom Line

What happens at Bab el-Mandeb determines whether this war produces a manageable economic shock or a generational one. Saudi Arabia cannot sustain export volumes without the Red Sea. Egypt cannot sustain its balance of payments without Suez Canal revenues. Asian economies cannot sustain industrial output if both straits close simultaneously. The Bab el-Mandeb is not a secondary concern. It is the keystone of the global response to the Hormuz closure.

The policy implications of the franchise frame are three.

One: any off-ramp with Iran that does not include a separate Houthi track will leave the Red Sea threat intact. Tehran cannot deliver the Houthis. It can influence them, but it cannot guarantee their behavior after a ceasefire.

Two: Riyadh and Muscat are faster levers than Tehran for keeping Bab el-Mandeb open. Oman brokered the 2025 U.S.-Houthi ceasefire. Saudi Arabia has direct back-channels to Abdul-Malik’s circle through the stalled peace roadmap. Those channels should be running hot right now.

Three: direct strikes on Houthi infrastructure should be understood as guaranteeing, not deterring, the Red Sea campaign. Every previous American bombing campaign against the Houthis has ended with more sophisticated Houthi capability and more aggressive Houthi rhetoric. The U.S. Navy is better served by escort operations and deterrent patrols than by strikes that radicalize an internal debate currently running in Washington’s favor.

The image to keep in mind is the USS George H.W. Bush rounding the Cape of Good Hope in mid-April. The Houthis have not fired a shot at a commercial vessel in 2026. They have not sunk a tanker, seized a ship, or mined a shipping lane. And they have still reshaped American naval movement across one of the world’s most critical chokepoints.

That is the franchise at work. Alongside Iran, the Houthis are a consequential variable the Trump administration does not control — and cannot control by treating the Houthis as someone else’s problem to manage.

Follow Chip on X.com and LinkedIn, and watch his Special Competitive Studies Project podcast, Intelligence at the Edge!

This article was originally published on Chip's Substack and is reposted here with permission, give him a follow.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Pakistan’s Terror Landscape Continues to Threaten South Asia

In March 2025, an elderly cleric with a long history in Pakistan’s jihadist circles stood before a gathering at Markaz-e-Taiba and called for “jihad against the kuffaar,” explicitly naming India and Israel. The speaker was Amir Hamza, co-founder of Lashkar-e-Taiba (LeT), and his sermon came just weeks before the Pahalgam attack, in which 26 civilians were killed in India’s Union Territory of Kashmir. One year since the Pahalgam attack, Makraz-e-Taiba—LeT's headquarter in Pakistan—remains destroyed because of an Indian airstrike during Operation Sindoor, and Amir Hamza survived two assassination attempts. However, Pakistan-based terrorist organizations have adopted to changing operational circumstances and expanded their geographical reach under the auspice of Pakistan’s civil-military leadership.

The questions remain whether anything has meaningfully changed at all since the four-day conflict between India and Pakistan unfolded in May last year. The answer, based on evolving patterns of activity, appears to be no. Rather than dismantling these networks, Pakistan-based terrorist organizations have adapted, restructured, and in many ways expanded their reach under the protection of the country’s civil-military establishment. Such accommodations not only reveal the acceptance of terrorist organization but exposes the links that continue to flourish under the leadership of Pakistan’s de-facto leader, Field Marshal Asim Munir. As Pakistan continues to position itself as a peacemaker in the Middle East, Islamabad’s ongoing support for Salafi-Jihadi groups reveals a fresh chapter of Pakistan’s long-troubled history with terrorism.

New Logo, Same Motto

Pakistan has formally banned organizations such as Lashkar-e-Taiba and Jaish-e-Mohammad (JeM), but these actions have not translated into meaningful dismantlement. Indian kinetic operations imposed operational setbacks for terrorist outfits and caused significant damage to the state’s military infrastructure, yet Islamabad has not eliminated these groups but helped mainstream them. These groups have now reoriented themselves through layered organizational structures that preserve their operational capabilities while providing a veneer of legitimacy. This transformation is most visible in the emergence of the Pakistan Markazi Muslim League (PMML), widely understood to function as a political front for LeT.

This dual-track strategy—pairing militancy with political participation—is not new, but it has intensified in recent years, particularly under the consolidation of power by Field Marshal Asim Munir. LeT operatives have increasingly appeared in public political spaces, participating in rallies, community outreach programs, and youth mobilization campaigns. These activities blur the boundary between extremist networks and mainstream political life, making it more difficult to distinguish between state-sanctioned political engagement and covert militant operations.

The presence of figures such as Saifullah Khalid Kasuri, a veteran LeT commander now operating within the PMML framework, highlights the extent of this integration. Kasuri, who resurfaced on US radar in 2024 after meeting Hamas terrorist Khaled Mashal in Doha, has openly acknowledged his ties to the Pakistani military and has been photographed alongside senior officers. Similarly, Hafiz Abdur Rauf, a US-designated terrorist, has been seen leading funeral prayers for Pakistani soldiers in the presence of uniformed officials. These instances reflect a pattern of proximity between militant actors and state institutions that raises serious questions about Pakistan’s commitment to counterterrorism.

Despite failing to secure electoral success, PMML has remained active as an ideological platform, targeting youth through training camps, religious competitions, and public gatherings. On several occasions, LeT leader and son of Hafiz Saed, Talha Saeed, has hosted rallies which have been attended by senior Pakistani politicians. In a picture recently leaked online, PMML-Islamabad chief can be seen sitting with Pakistani Defense Minister Khwaja Asif. Such evidence of close relationship between LeT-led political outfit and high-profile Pakistani politicians reveals the degree of access LeT operatives enjoy under the cover of political activities.

Adaptation and Expansion: New Networks, Old Objectives

The transformation of militant groups is not limited to political rebranding. These organizations have also adapted their operational and financial strategies to evade scrutiny and sustain activity. LeT-linked charity networks such as Falah-i Insaniat Foundation (FIF) continue to raise funds across Pakistan, despite being subject to US sanctions. Meanwhile, groups like JeM have shifted toward digital financing mechanisms, including mobile wallets and decentralized payment systems, allowing them to operate with greater anonymity and reduced reliance on formal banking channels. This shift into digital ecosystems represents a significant evolution in militant financing. It reduces the effectiveness of traditional counterterrorism tools, such as financial monitoring and sanctions, while enabling groups to tap into new sources of funding. The result is a more resilient and adaptive network capable of sustaining operations even under increased international scrutiny.

At the same time, these groups are expanding geographically within Pakistan. On April 14, LeT leaders Saifullah Kasuri and Faisal Nadeem visited Quetta in Balochistan Province held a large gathering of LeT cadres. Hundreds attended the gathering in Quetta, which likely reflects LeT’s attempt to strengthen the organization in Balochistan. Historically concentrated in Punjab, organizations like LeT and JeM are now establishing a presence in regions where they previously had limited influence, particularly in Balochistan and Khyber Pakhtunkhwa (KPK). Recent reporting of recruitment drives by JeM in remote areas of KPK also indicate a deliberate effort to broaden their operational footprint in western Pakistan. This expansion serves multiple purposes. First, it allows these groups to diversify recruitment and funding sources, reducing their dependence on traditional strongholds. Second, it enables them to rebuild organizational capacity following losses inflicted by Indian military operations. Third, and perhaps most significantly, it aligns with Pakistan’s broader security challenges.

Pakistan is currently facing a surge in internal insurgencies, particularly from groups such as the Tehrik-e-Taliban Pakistan (TTP) in Khyber Pakhtunkhwa and the Baloch Liberation Army (BLA) in Balochistan. According to the 13th edition of Global Terrorism Index, TTP and BLA were responsible for more than 1,000 attacks in 2025, making Pakistan one of the most terrorism-affected countries globally. In this context, the expansion of LeT and JeM into western Pakistan takes on a new dimension. Rather than being solely oriented toward external targets such as India, these groups may also be serving as instruments of internal counterinsurgency. By recruiting fighters in regions affected by anti-state violence, Pakistan’s military establishment could be attempting to leverage jihadist networks to counter other militant threats. This strategy, while tactically expedient, carries significant risks. It reinforces the ecosystem of militancy rather than dismantling it, creating a cycle in which one form of extremism is used to combat another. Over time, this approach is likely to deepen instability, as different militant groups compete for influence, resources, and legitimacy.

Conclusion: A Persistent Threat to Regional Stability

The persistence and adaptation of these networks raise a fundamental question: has anything truly changed since the Pahalgam attack and the subsequent India-Pakistan crisis? On the surface, there have been visible actions through Indian military operations. However, this has not addressed the underlying structures that sustain militancy in Pakistan. Instead, Pakistan’s approach appears to have shifted toward managing, rather than eliminating, extremist networks. By allowing these groups to operate through political fronts, charitable organizations, and decentralized financial systems, the state has effectively created a parallel ecosystem in which militancy can evolve without direct confrontation. This approach may provide short-term flexibility, but it undermines long-term stability. It perpetuates a cycle of violence that extends beyond Pakistan’s borders, posing a continuing threat to regional security, particularly in South Asia.

One year after Pahalgam, Pakistan’s militant ecosystem has not weakened but evolved, exposing the reality of its military’s "death by a thousand cuts” doctrine against India. This reality should raise serious concerns in Washington, especially as the United States increasingly relies on Pakistan as a mediator in its engagement with Iran. US policymakers must therefore approach this partnership with caution, recognizing that a state struggling to manage its own militant ecosystem may not be a dependable broker in high-stakes regional diplomacy.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

From Chernobyl to Ukraine: The Enduring Cost of Kremlin Lies

In April 1986, a reactor exploded at Chernobyl and the Soviet Union lied about it. That instinct to conceal, distort, and deny did not just worsen the disaster; it would come to define the collapse of the Soviet state. Forty years later, that same instinct still shapes Russia, the largest of the former Soviet republics and, under Putin, the self-proclaimed legacy of that broken system. From Chernobyl to the Ukraine invasion, the through line is not nuclear energy or military ambition. It is the cost of lies. Putin and his siloviki have made it an official state tradecraft.

Four decades since the Soviet nuclear catastrophe at the Chernobyl plant it is important to remember the cost. Dozens died immediately, thousands more within a few years, and likely tens of thousands over the decades from radiation-related illnesses. The disaster scarred the landscape of Ukraine and Belarus, but it also changed the Soviet Union itself, accelerating its decline under the weight of corruption, deception, and bureaucratic rot. Those were not incidental flaws. They were the system.

Looking back at Chernobyl offers a way to understand Russia today. The same security elite - born of the KGB and now embodied in the FSB, SVR, and GRU - still govern the country. President Vladimir Putin and his inner circle of KGB veterans often invoke the Soviet past with nostalgia. But they do so selectively, avoiding the truths that would indict their own system. Their vision is clouded by the same habits of concealment and self-deception that doomed the USSR.

The central lesson of Chernobyl is simple: lies have consequences. The Soviet system was built on them. From Stalin onward, “five-year plans” set unrealistic production targets divorced from reality. Workers and managers learned to fabricate success rather than report failure. The result was a vast Potemkin façade - an economy and state sustained by alleged performance rather than truth. Eventually, the façade, like Catherine the Great’s village of the same name, collapsed.

At Chernobyl, that culture proved fatal. As Adam Higginbotham recounts in his seminal work, Midnight in Chernobyl, bureaucratic pressure and blind obedience drove operators to conduct a dangerously flawed test. Safety systems were disabled and key procedures were ignored. The goal was not safety, but approval from superiors in a rigid, abusive chain of command. Everyone was trying to get ahead in a corrupt, feudal-like Soviet system.

Worse still, the operators were working in the dark, literally and figuratively. The RBMK reactors used at the Chernobyl plant (there were four of them providing energy to the greater Kiev region at the time) had a known design flaw: its control rods, intended to slow or stop the nuclear reaction, could initially increase reactivity when inserted under certain conditions. This flaw had nearly caused a catastrophe during earlier testing in Leningrad. But it was concealed, not only from the public, but from many within the Soviet nuclear establishment itself.

The reason was simple: RBMK reactors were meant to symbolize Soviet technological prowess. They were bigger than those in the West, safer than those in the West, impossible to explode or compromise. Admitting flaws risked lower output, reputational damage, and political consequences. So, the truth was buried.

On the night of April 26, 1986, that buried truth surfaced catastrophically. When operators attempted to shut down the reactor, the control rods accelerated the reaction instead. All the safeties had been removed in order to “complete the test” and for the bureaucrats in charge to get their Soviet-style bonuses and promotions. And with the concealed flaw, the very system designed to ensure safety triggered the explosion.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

It is an apt metaphor for the Soviet state - and for its successor, Russia. Institutions meant to protect the system instead destroyed it, because they were built on secrecy and lies.

Today’s Russia reflects the same pattern. The security services - once the KGB, now its successors in the FSB/SVR/GRU - have not reformed so much as evolved. Their core function remains the same: to preserve power through control of information and to protect the state and its personage in Vladimir Putin. But in doing so, they distort reality for themselves as much as for others.

That dynamic was evident in the invasion of Ukraine. Russian military and intelligence leaders fed optimistic, often false assessments up the chain of command. The FSB and other “organs” of power told President Putin what he expected to hear - just as Soviet officials had done for decades. The result was a catastrophic miscalculation: the largest land invasion in Europe since World War II, launched on faulty assumptions of a short, decisive war. The failed prognostications have cost Russia over 1 million in dead and wounded.

Again, lies fed more lies. And again, the consequences were devastating. The parallels to Chernobyl are not just abstract. They are all too human and they had and still have devastating human consequences for millions of Ukrainians, and Russians.

In 1986, the town of Pripyat - just miles from the reactor - was not evacuated for 36 hours. Tens of thousands were exposed to dangerous radiation. Thousands of them, including children, would die from cancer. The fallout spread across Belarus, Lithuania, and beyond. My own wife, like countless others, spent those days as a young school “pioneer” outdoors in Lithuania for days during school recess, and after school, unknowingly breathing in radioactive particles with no warning from the Soviet leadership. Citizens in Europe and Scandinavia were warned to avoid going outdoors before Soviet citizens thousands of kilometers closer to the danger.

May Day celebrations proceeded as scheduled in Kiev and Minsk with no concern for their citizens’ safety and health while radioactive particles and fallout fell on them. Decades later, those same hundreds of thousands face elevated cancer risks and lifelong medical monitoring (especially of thyroid cancer, the highest risk for having absorbed radiation in such conditions). Hundreds of thousands, even millions, were exposed needlessly, for no reason but lies.

A state that does not protect its own children defies the laws of nature. Russia is that state today, like the USSR was then.

The true human cost of Chernobyl will never be fully known. The Soviet system was too compromised by secrecy to measure it accurately. That same disregard for truth - and for human life - echoes today in Ukraine. Entire cities have been devastated. Millions displaced. The damage, like radiation, spreads invisibly and endures long after the initial event.

There is also a bitter irony in Chernobyl’s continued relevance. The disaster contributed directly to the collapse of the Soviet Union - what Putin has called the “greatest geopolitical catastrophe of the 20th century.” The financial burden of cleanup, combined with an already strained military economy, hastened the system’s unraveling. The Soviet state, already overburdened trying to keep up in an arms race and devoting over half its economy to military production, buckled under the weight of a massive cleanup involving hundreds of thousands of conscripts and volunteers, and billions of rubles.

And yet, the actual site of the catastrophe remains at risk. Recently, a Russian drone struck the New Safe Confinement structure (NSC) built to contain the reactor. The attack caused significant damage and risked releasing radiation once again. That such a target would be endangered - by the very state that inherited responsibility for the disaster, Russia, and whose own citizens could be put at risk - defies logic. But it follows a familiar pattern: short-term action divorced from long-term consequence. Again, the Ukrainian people are made to suffer and be put at risk, just like 40 years ago; and in the midst of an already costly war with untold suffering brought on by Putin and his lies.

Not a Subscriber+Member? Let's fix that and get you access to expert-level national security insights.

Chernobyl is not just history. It is a warning. The lesson is not limited to nuclear safety or Soviet bureaucracy. It is broader, and more enduring: systems built on lies accumulate hidden risks. Those risks eventually surface - often suddenly, and catastrophically.

Forty years ago, the Soviet Union could not escape the consequences of its own deception. Today, Russia faces a similar reckoning. The same habits persist: suppressing bad realities, rewarding loyalty over truth, and mistaking control for stability. But reality has a way of asserting itself.

As the Chernobyl (HBO) series memorably put it: “Every lie incurs a debt to the truth.” That debt can be delayed, disguised, or denied. But it cannot be erased. The question is not whether it will be paid, but when, and at what cost. Putin has encumbered Russia with more lies than any leader in modern Russian or Soviet history. But he faces no accountability for it. Someone will have to pay the debt. Sadly, it is not Putin, nor the security services who will pay, but ultimately, like in Soviet times, the Russian people.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views.

Pyongyang’s Bet: Nuclear Growth and Great Power Support

OPINION – North Korea is building more nuclear weapons and more sophisticated ballistic missiles to target the region and the U.S., while ensuring that they are closely aligned with China and Russia. Basically, North Korean leader Kim Jong Un has given up on the U.S., even if the U.S. relents and accepts North Korea as a nuclear weapons state.

The International Atomic Energy Agency (IAEA) Chief, Rafael Grossi, while on a recent visit to South Korea, said North Korea is boosting its nuclear weapons capability, saying they made “very serious” advances in their nuclear program. He cited their new uranium enrichment facility at the Yongbyon nuclear complex, noting that satellite images were like the images for their uranium enrichment facility in Kangson.

North Korea’s Highly Enriched Uranium (HEU) program goes back to 2000, when the Intelligence Community (IC) assessed – despite press skepticism -- that North Korea had a clandestine HEU program. To this day, North Korea denies having an HEU program for nuclear weapons. And in the failed 2019 Hanoi Summit with President Donald Trump, Mr. Kim refused to include his HEU sites in any agreement with the U.S.

North Korea reportedly has between 50 and 60 nuclear weapons, with enough fissile material – from HEU and Plutonium -- to increase that number to 100 nuclear weapons within the next few years. I – and others who follow North Korea -- believe North Korea can miniaturize and mate these nuclear weapons to the tip of ballistic missiles.

Impressive progress has been made with North Korea’s ballistic missile programs. Recently, they displayed the Hwasong -20, a large, solid fuel, mobile, multiwarhead (MIRV) Intercontinental Ballistic Missile (ICBM) with a range of 15,000 kilometers. This is the latest in an arsenal of over 400 ballistic missiles, from short-range (SRBM) to long-range ICBMs designed for nuclear and conventional warheads. The focus has been on the solid-fuel systems like the KN-23, KN-24, and the KN-25 and the sophisticated ICBMs, like the Hwasong-17 and Hwasong-19.

North Korea’s nuclear doctrine has evolved from no-first use to “automatic” preemptive use of nuclear weapons if its leadership and command systems are under imminent – or perceived to be imminent attack. Their work on hypersonic systems, to defeat missile defense systems – is impressive, as is their progress with cruise and anti-ship missiles.

Pyongyang made sure the world saw Mr. Kim visiting the 5000-ton Choe Hyun-class destroyer, their second destroyer with a third and fourth destroyer under construction. Plans are for North Korea to exponentially increase the number of nuclear-capable destroyers to twelve by 2030, all armed with cruise and tactical ballistic missiles.

It’s not only North Korea’s rush to acquire more nuclear weapons and missiles to potentially target countries in the region and the U.S., or their new preemptive-use doctrine, it is North Korea’s allied relationship with China and Russia that should be of concern. Historically, North Korea has relied on China for its economic survival and Russia, prior to 1991, for assistance with its nuclear and missile programs. But things have changed. North Korea is closer to China than at any time since Mr. Kim took over in 2011. Indeed, the September 2025 visit to Beijing to stand with China’s Xi Jinping and Russia’s Vladimir Putin was the beginning of a new and closer North Korean relationship with China and its leader, Xi Jinping. China’s Foreign Minister Wang Yi’s visit last week to North Korea to meet with Mr. Kim -- and the attention it got from North Korea’s press -- was indicative of that improved relationship.

North Korea’s relationship with Russia over the past few years has progressed rapidly, with a mutual defense treaty and North Korean assistance – troops and munitions -- to Russia for its war with Ukraine and the likely nuclear, missile and satellite assistance North Korea is receiving from Russia.

North Korea now has two permanent members of the United Nations Security Council (UNSC) who will ensure that no further sanctions are imposed on North Korea for their continued violations of UNSC resolutions.

So, in the final analysis, Pyongyang has probably concluded that they don’t need a normal relationship with the U.S. They have China and Russia who provide economic and military support and apparently accept their nuclear status. And Mr. Kim’s global credibility – important to him -- will be derived from a close allied relationship with China and Russia, and their leadership of the Shanghai Cooperation Organization (SCO), the BRICS (Brazil, Russia, India, China, and South Africa), and their appeal to the Global South.

It appears that Mr. Kim is taking advantage of the U.S. war with Iran – and tension with NATO -- to grow his nuclear arsenal, while strengthening his relationship with China and Russia.

Indeed, if the U.S. relents – which North Korea believes is inevitable – and eventually accepts North Korea as a nuclear weapons state, Pyongyang will pocket the win, and use it to get more from his allies, China and Russia.

This column by Cipher Brief Expert Ambassador Joseph DeTrani, was first published in The Washington Times, and is republished with permission from the author.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why the Navy’s Next Battleship Faces Major Hurdles

“The Navy and Coast Guard need to demonstrate that the approach to these [shipbuilding] programs is not a short-term deviation followed by returning to the long-standing business as usual approach. This is especially true for shipbuilding programs that require new designs, like the future [Golden Fleet Trump-class] BBG(X) battleship…For these and other future programs, fully leveraging the range of leading ship design practices -- like iterative design based on user feedback and robust, in-house ship design capabilities and digital tools -- will be critical to long-term success.”

That’s an excerpt from the prepared testimony of Ms. Shelby Oakley, the Government Accountability Office (GAO), Director of Contracting and National Security Acquisitions, who appeared last Wednesday before the House Armed Services Subcommittee on Seapower and Projection Forces in a hearing on the shipbuilding challenges facing the U.S. Navy and Coast Guard.

Navy shipbuilding design was a central focus of GAO’s Ms. Oakley’s testimony last week. As she put it, “Improving ship design practices is one step that could help drive different outcomes on ship building programs. As I have testified in the past, both Navy and Coast Guard continue to move into construction before designs are sufficiently mature. That's a consistent pattern and it leads to predictable results -- cost overruns, schedule delays, and performance issues.”

I want to apply those words to the Trump-class BBG(X) battleship, which has been controversial since the President first disclosed it at a Mar-a-Lago press conference last December 22. At that time Trump said, “It's my great honor to announce that I have approved a plan for the Navy to begin the construction of two brand new, very large -- the largest we've ever built -- battleships.”

Taking credit for the idea, Trump said, “It started with me in my first term because I said why aren't we doing battleships like we used to? And these are the best in the world. They'll be the fastest, the biggest and by far -- 100 times more powerful than any battleship ever built.”

Trump went on, “I don't know if anyone's seen Victory at Sea [a famous documentary about World War II naval battles], but it was a classic. They'll [BBG(X) battleships] help maintain American military supremacy, revive the American shipbuilding industry and inspire fear in America's enemies all over the world.”

Trump added, “America's battleships have always been unmistakable symbols of national power. We stopped making them for whatever reason, I don't know.”

At that point, Trump congratulated his Palm Beach neighbor and friend, then-Navy Secretary John Phelan, saying, “He [Phelan] came to me -- the first day we met, he talked about battleships and I said you're absolutely on the right track. He said why are we doing other things?”

Trump continued, “The [BBG(X)] battleships are going to be armed just in terms of guns and missiles at the highest level. They'll also have hypersonic weapons, many hypersonic weapons, state-of-the-art electric railguns and even the high-powered lasers that you've been starting to read about. We have lasers where you aim the laser at a target and it just wipes it out. We're going to have…the most sophisticated laser in the world will be on the battleships that we're building.”

I must note that Navy hypersonic, laser and railgun weapons are still in development.

As if that were not enough, Trump added, “They'll also carry the nuclear arms to launch cruise missiles currently under development, which will be instituted pretty quickly. But they're under development and they've proven to be extremely lethal.”

Then Trump stated, “The U.S. Navy will lead the design of these ships along with me, because I'm a very aesthetic person, alongside our partners in American industry.”

Later, during a February 2026 speech to soldiers at Fort Bragg, Trump said, “The new battleship that we have, which I've seen and helped design. I put a little more spirit in the hull, a little more -- give me a little bit more hull and give me -- I want that ship to look gorgeous.”

Although Trump last December said he had approved “a plan for the Navy to begin the construction” of two BBG(X) battleships, Naval News last week more accurately described that Mar-a-Lago announcement as an “initial concept debut” for the vessels.

Last Tuesday, Navy Secretary Phelan in a keynote speech at the Navy League's Sea-Air-Space conference, opened by saying, “President Trump's Golden Fleet Initiative is not an aspiration. It is the framework by which we deliver decisive maritime power at scale. Under his leadership, we are making a generational investment in American sea power that represents the largest sustained ship building order since FDR urged American industry to build the fleet to win World War II.”

As for the BBG(X) battleships, the first currently set to be named the USS Defiant, Phelan described “Battleship strike groups [that] will offer commanders more war options than what exists in today's fleet.” The new battleship will integrate on board a “staff element for forward command and control, network unmanned systems, layered air and missile defense, directed energy, high-speed long-range strike [that] is designed to operate and prevail across all contested domains. They are built to fight and stay in the fight by sustaining fires, maintaining pressure, and outlasting any adversary.”

“But,” Phelan added, “high-end capability alone does not win wars. Wars are won by forces that can adapt faster than the adversary, that can iterate in real time and scale combat power without delay. That requires a true high-low mix, expanding presence without sacrificing producibility -- new frigates, small surface combatants, and fully integrated unmanned systems.”

On the sidelines of Tuesday’s Navy League Sea Air Space exposition, Phelan confirmed to reporters that the Navy is already in talks with vendors about the BBG(X) design.

“We have been talking to two different vendors as we speak right now,” Phelan said, “and then it’ll be a function of how we get through that design process with them, and then their capacity in their yards, what we think they can do, because we’re looking to really get moving on this and lay the keel in [20]28.”

At a Pentagon background session for reporters on the Navy’s fiscal 2027 budget last Tuesday, Assistant Secretary of the Navy for Budget, Rear Admiral Ben Reynolds laid out just how costly the BBG(X) battleship program will be, starting with research and development (R&D) for the battleship, which is already underway.

“I just want to say that we're already in this year, in [20]26, spending at least $134 million already in R&D for the battleship today,” Reynolds said, “as we try to really tighten and refine the requirements process. And I think we'll likely go to try to put more money into that [R&D] in [20]26 as well.” He later said it could be $100 million to $120 million more this year.

The fiscal 2027 Navy budget for the BBG(X) battleship has an additional $837 million in R&D, plus $1 billion for advanced procurement (AP), which is described as for long-lead materials and design work.

Reynolds said, “I think that the R&D work and AP that we do in [20]27 will be incredibly important. And I think through that very disciplined requirements process and then expanding the way we're building ships, I expect us to be able to start construction [on the first battleship] in [20]28. Remember, it's a battleship. It's a large ship, and so we will start construction in [20]28 and then work in construction through the next few years.”

Over the next five years, according to Reynolds, the Navy expects to spend $3.9 billion for R&D and $43.5 billion for actual shipbuilding, for what’s become a three BBG(X) battleship program. That means each BBG(X) battleship’s costs are expected to be $13 billion-to-$15 billion, roughly equal to each of the next three Ford-class aircraft carriers.

Phalen was fired as Navy Secretary last Wednesday by Defense Secretary Pete Hegseth, with no reason given. President Trump told reporters a day later of Phalen, “He’s a very good man. I really liked him, but he had some conflict, not necessarily with Pete. He’s [Phalen’s] a hard charger, and he had some conflicts with some other people, mostly as to building and buying new ships. I’m very aggressive in the new shipbuilding.”

Politico last week suggested Phalen’s firing was related to his promotion of the Trump-class battleships, because Hegseth and Deputy Defense Secretary Stephen Feinberg wanted “to pivot

toward smaller, cheaper uncrewed ships, according to the two people, who…were granted anonymity to discuss sensitive matters.”

That got me thinking that there are other potential blockages to the BBG(X) battleship moving ahead, starting with the GAO’s Oakley’s testimony to the House subcommittee that “early design work helps you kind of stress out what it is you can and can't do.”

That echoed what the Chief of Navy Operations (CNO) Adm. Daryl Caudle said last week during a session with reporters at the Navy League event. Caudle picked up on the design issue saying that one of the “mistakes that we’ve done before, quite frankly,” is “we’ve started to build before the design is mature enough.” The CNO then added, “And we want to make sure that we’re at [sic] least a very, very high level – I won’t try to give a percentage, but you can think like 80% or more design – before the first weld is done.”

Since BBG(X) design work will continue for at least another two years, my bet is that none of these Trump-class battleships will ever actually be built.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

America Is Fighting the Wrong Drone War

For two decades, U.S. drones hunting terrorists across the mountains of South Asia were the symbol of American military power: precise, lethal, and unmatched. That era is now over. Drones are no longer exquisite tools of counterterrorism and have evolved into something far more common and destabilizing: cheap, expendable, and mass-produced tools of attrition. Despite pioneering the technology, the United States is now poorly positioned for the version that matters most. Critical mass is being replaced by a strategy of 'death by a thousand cuts,' as quantity assumes a quality all of its own.

From Ukraine to the Persian Gulf, and increasingly along America’s own borders, expendable drones are reshaping battlefields and quickly rewriting how modern wars are waged. These platforms aren’t winning wars outright, but they are doing something just as important: straining defenses, exhausting budgets, and outlasting the very systems that were designed to counter them. Right now, the United States is least prepared for that reality, and its adversaries know it.

But two things can be true at once: the United States still leads in advanced conventional military power, and cheap drones aren't necessarily subject to those rules. They don’t need to be sophisticated, just cheap and in constant supply. That alone is enough to upend long-held assumptions about how wars are fought and won. Today, America’s adversaries — state and non-state alike — are using drones more effectively while Washington has yet to fully reckon with what that portends, both in the short and long term.

The new drone war runs on a simple, ruthless logic: cheap beats expensive. Take Iran’s Shahed-136 drones. They are simple by conventional standards—noisy, slow, and not particularly precise—yet brutally effective. Costing as little as $20,000, they are mass-produced for saturation, overwhelming defenses through sheer volume. Each drone forces a response, often with a missile costing over $1 million a piece. Do that math a thousand times, and you don't just have a military problem, but a dealbreaker for almost any defense budget.

This strategy is not incidental but deliberate. It is a calculated campaign of economic exhaustion — and it is working. For Western militaries and for those countries that Western militaries supply with weapons and training, this is not just inefficient but a losing equation.

This is what war looks like in 2026, where outcomes are no longer driven solely by large-scale strikes or which side destroys more targets. Conflicts are shaped by persistence through thousands of small hits that stretch resources, exhaust personnel, and wear down resolve of populations, militaries, and governments. Advantage favors the side that can sustain pressure while forcing the other side into a continuous, costly response day after day.

Ukraine offers the clearest example. Russia has used Iranian-supplied drones and domestically produced variants in relentless attacks against cities and infrastructure. In one recent 24-hour period, nearly a thousand drones were launched alongside cruise missiles. Even when most are shot down, the cumulative effect strains defenses, drains resources, and erodes public confidence. Ukraine, meanwhile, has emerged as one of the world’s most adaptive drone ecosystems, scaling production to tens of thousands of systems a month through a decentralized network of engineers, hobbyists, and 3D-printing workshops.

The same playbook is strangling the Red Sea, where Houthi militia forces have used inexpensive drones to disrupt one of the world’s most critical shipping lanes, forcing commercial vessels to reroute around Africa. The result is imposing billions in added costs on global supply chains, all driven by weapons that cost a fraction of the disruption they cause. Powerful nation-states are slowly waking up to the reality that well-trained and well-resourced non-state actors can consistently disrupt the global economy.

A quieter but equally dangerous version of this dynamic is also playing out along the Afghanistan-Pakistan border. The Afghan Taliban and Tehrik-e-Taliban Pakistan (TTP) are using off-the-shelf drones—some costing just a few thousand dollars—for surveillance and limited strikes. Pakistan’s cross-border operations have led to civilian casualties, hardening what began as localized tensions into a steady back-and-forth with both sides testing limits without tipping into full-scale war. Terrorist groups have adapted just as quickly, with ISIS and al-Qaeda affiliates now routinely modifying commercial drones for surveillance and attacks. In doing so, they have gained capabilities and reach they never had before.

Worryingly, the same trend is now visible much closer to home. Mexican cartels and criminal networks are operating drones along the U.S. border at a scale that would have seemed unthinkable a decade ago — for surveillance, tracking law enforcement, smuggling, and increasingly, attacks. More than 30,000 drone incursions were recorded in 2025 alone, including cases involving explosives. In one incident, a drone struck a government building in Tijuana, just miles from California.

The line between foreign battlefield and domestic threat has not just collapsed but has exposed where the United States is least prepared. The uncomfortable truth is that the United States is exquisitely prepared for a war no adversary wants to fight. The Pentagon has spent decades and trillions of dollars optimizing for high-end conflict —the kind built around stealth platforms, precision strikes, and overwhelming technological advantage. But that model assumes short wars, finite adversaries, and dominance through superiority. Cheap drones are invalidating all three assumptions in real time.

That mismatch is increasingly out of step with the wars America is actually facing. China is already moving aggressively in the opposite direction, pursuing a program to field one million tactical drones, while the United States procured roughly 50,000 in 2025 and plans another 200,000 by 2027. At the same time, the economics of defense are becoming harder to ignore. In the early days of the Iran conflict, the United States reportedly spent billions of dollars on interceptor systems in a matter of days. Against adversaries deploying drones that cost a fraction of that, the math is dangerously unfavorable.

Getting serious about this will require more than small adjustments.

First, the United States must treat low-cost, expendable drones not as a supplement but as a core element of how it fights. Quantity has a quality all of its own. Having enough systems matters just as much as having the best ones. The hard reality is that while the United States is not being outmatched technologically, it is still playing a game its adversaries have already changed.

The good news is that the Pentagon’s new $1 billion Drone Dominance program is a step in the right direction aimed at rapidly fielding tens of thousands of low-cost, one-way attack drones. So is the new training for force-on-force drone warfare, where autonomous systems engage each other directly. The U.S. defense budget may also allocate around $7.5 billion toward counter-drone systems in 2026, a belated recognition of just how costly it is to play defense in a war of attrition that adversaries are deliberately engineering.

These are the right instincts, because real competition is no longer about who has the most advanced platforms, but who can produce systems faster and cheaper. Iran’s effective use of low-cost drones to wreak havoc across the Gulf and to pressure the world's strongest military will only guarantee other countries to follow suit, accelerating efforts to develop their own indigenous drone manufacturing programs.

Second, defense ought to become cheaper than offense. Destroying a $20,000 drone with a million-dollar missile cedes the advantage to adversaries by design. Investments in systems like high-power lasers, electronic jammers, and autonomous counter-drone networks are essential if the economics of defense are to make sense again.

Third, the Pentagon must rethink how it buys and builds. The current development cycles measured in years are fundamentally mismatched against adversaries who adapt in days. That means opening the door to smaller manufacturers and startups, leveraging commercial technology, and accepting systems that are “good enough” if they are available at scale when needed. The LUCAS drone - based on the Shahed-136 design, developed by an Arizona startup, and fielded in roughly seven months - shows what is possible when the system moves at the speed of the threat. Such a shift will be uncomfortable for a defense community built around precision and quality, but the alternative is worse.

The United States invented this weapon and turned it into a defining counterterrorism tool. But that advantage is now moot. The technology has diffused and been successfully repurposed by a wide range of actors. The speed of this shift leaves little room for a slow response, with every year spent preparing for the last war only handing the advantage to those fighting the one today.

What is unfolding reflects a broader shift in the changing character of warfare, one that rewards volume over precision, staying power over firepower, and speed over perfection. In this kind of accelerated technological Darwinism, victory will be claimed by those who can sustain pressure, adapt quickly, and outlast their adversary.

Right now, even under the most optimistic scenario, the United States is at a serious disadvantage. Until it adjusts to that reality, it will keep fighting on terms set by others while absorbing costs it cannot afford to bear. This is a competition America cannot afford to lose.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Dangerous Trade of State Secrets

At just after 2 a.m. on January 3, explosions echoed across Caracas. Low-flying aircraft struck military installations. Venezuelan President Nicolás Maduro and his wife were seized by U.S. forces and taken into custody to face narco-terrorism charges.

Mere hours before President Trump announced the operation on Truth Social, a newly created Polymarket account had quietly staked just over $32,000 on Maduro’s exit from power by the end of January. When the news broke, that position paid out $436,759 — a return of more than 1,200 percent in under 24 hours, on an event Polymarket itself had been pricing at roughly 5 to 7 percent odds for weeks. The account had been created less than a week before the operation and had placed bets on only one subject: Maduro’s removal.

Nearly four months later, U.S. Army Special Forces Master Sgt. Gannon Ken Van Dyke is scheduled to be arraigned on Tuesday in the Southern District of New York, where he’s facing charges associated with wire fraud, conspiracy and misuse of national defense information. Neither Van Dyke or his attorney have yet issued a statement, though he is expected to enter a plea in court on Tuesday.

This isn’t the first time something like this has happened. On February 12, an indictment unsealed in Tel Aviv read like something from a different era of espionage — only instead of dead drops and clandestine meetings, the alleged method of exploitation was a cryptocurrency wallet and a prediction market website. An Israeli military reservist and a civilian were charged with placing bets on the online betting site Polymarket regarding the timing of military operations, based on classified information the reservist had accessed by virtue of his military duties.

The investigation, conducted jointly by Israel’s Shin Bet domestic security agency, the Defense Ministry, and the Israel Police, resulted in the arrests of several suspects and was widely believed to be the first public case stemming from classified operational intelligence being used to trade on a prediction market in a kinetic combat environment.

Sixteen days after the bet was made, on February 28, the United States and Israel launched coordinated strikes against Iran under what the Pentagon designated Operation Epic Fury. Before the first explosions were reported in Tehran, on-chain analytics firm Bubblemaps had already flagged six wallets that walked away with roughly $1 million in combined profit on the Polymarket contract “US strikes Iran by February 28, 2026?” Officials say most accounts were funded and activated within 24 hours of the strikes, all concentrated on the same date-specific contract, and all with no prior trading history.

The largest single wallet turned a roughly $61,000 position into a profit of over $493,000. The account bought 560,680 “yes” shares at about 10.8 cents each, when the odds were still at just 17 percent. and walked away with nearly half a million dollars once the contract was resolved. The Iran war-related contracts had, by that point, generated approximately $529 million in total trading volume on the timing-of-attack markets alone, with another $45 million wagered on the single largest contract tied to Supreme Leader Ayatollah Ali Khamenei.

JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief this pattern “has crossed the threshold into a documented, operational counterintelligence vulnerability.”

“Every time a government or military insider places a pre-operational bet, they are effectively broadcasting classified foreknowledge into a public, blockchain-transparent ledger,” he cautions.

This is no longer a story about gambling. It is a counterintelligence crisis.

A new vector for secrets

Polymarket said it reported suspicious trading in the case involving Van Dyke to law enforcement and that it is cooperating with investigators, while stressing that its rules prohibit trading on material nonpublic information.

Online betting outlets work like a stock exchange for real-world outcomes. Users buy and sell shares tied to whether a given event will happen, with prices shifting in real time as new information enters the market. Its founder and CEO, Shayne Coplan, has been unapologetic about the role of informed traders, insisting that insiders “having an edge in the market is a good thing” because it surfaces accurate predictions faster.

That framing might be defensible when applied to corporate earnings or box office projections, but does it hold when the underlying event is a military strike and the “informed trader” holds a security clearance?

The structural problem is not incidental to Polymarket’s design; it is embedded in it. While rival platform Kalshi is regulated by the Commodity Futures Trading Commission and bans contracts involving wars, terrorism, and assassinations, Polymarket has operated an overseas exchange outside the reach of U.S. authorities. That offshore structure has made it a magnet for the most controversial types of prediction-market wagers.

Users in the United States accessed the platform through virtual private networks that masked their identities, and transactions settled in cryptocurrency — pseudonymous, borderless, and largely resistant to subpoena.

Stephen Piepgrass, a regulatory attorney at Troutman Pepper Locke focused on financial enforcement, tells The Cipher Brief that the platform’s design features are precisely what make it so difficult to police.

“The prediction markets are thriving in part because they permit the use of anonymous accounts, allow trading using cryptocurrency, and do not require geofencing,” he explains. “To date, these have been features, not bugs, of this growing market. But these same factors make policing the markets challenging, if not impossible.”

The Israeli case made explicit what many in intelligence circles had long suspected. A senior Israeli source involved in the details of the affair said it would “cause an earthquake,” describing it as “a serious security scandal in which those involved are suspected of committing acts for the sake of money”.

The adversarial intelligence problem

The danger does not run only from insider to market. It runs in the other direction, too. Dennis Kelleher, a financial reform advocate with deep expertise in derivatives regulation, points out that U.S. adversaries already have both the motive and the means to exploit these markets as a live intelligence feed.

“U.S. adversaries can use event contracts on geopolitical events to try to determine if the U.S. is going to undertake an action against their country,” he tells The Cipher Brief. “They can go on prediction market platforms and see the baseline of activity on these event contracts and then monitor for any unusual activity, which could be a spike in activity or a newly opened account that places a large bet in the midst of reporting on a possible action. That could easily tip off an adversary that insiders who know what is going to happen are the ones driving the activity.”

Castellanos echoes the assessment, noting that foreign intelligence services like Russia’s Foreign Intelligence Service and China’s Ministry of State Security are almost certainly already doing exactly that.

A sudden price spike on a “U.S. strikes Iran by a certain date” contract three hours before an operation, he contends, carries actionable intelligence value, potentially providing warning time to Iranian partners or informing Russian diplomatic positioning.

The manipulation vector runs in the opposite direction as well. Kelleher warns that adversaries could just as easily use these markets offensively, placing large bets to manufacture the appearance of insider knowledge and sowing anxiety without firing a shot.

Piepgrass offers a concrete example.

“An adversary could create a new account and place a large bet around, for example, a major regional power grid going down,” he notes. “If U.S. intelligence monitors the markets and believes an attack on the grid is imminent, it could divert resources and focus to that area, leaving the actual target more vulnerable.”

On March 10, Times of Israel military correspondent Emanuel Fabian reported that an Iranian missile had struck an open area outside Beit Shemesh. The attack caused no reported casualties but what Fabian didn’t know at the time was that his dispatch had become the resolution trigger for a Polymarket contract with more than $14 million wagered on whether Iran would strike Israel that day.

What followed was a pressure campaign: emails, WhatsApp messages, fabricated legal threats, and eventually death threats from users who had lost positions worth an estimated $900,000. Some of them demanded he rewrite his reporting. Polymarket condemned the harassment, banned the accounts involved, and said it was cooperating with authorities.

What the episode made plain was something Polymarket’s defenders had not seriously reckoned with: that contracts carrying enough money can turn journalists into targets, with their reporting becoming leverage in someone else’s financial bet.

Matthew Wein, a national security analyst who has studied prediction markets and insider threat dynamics, tells The Cipher Brief that the risk of foreign manipulation is real and relatively easy to execute.

“For a relatively cheap level of investment, an adversary could buy up the price of a certain market to drive news coverage of the change in price or probability,” he says. “Given news organizations’ agreements with prediction markets, the ability to change the narrative of a given news story seems relatively easy.”

Washington moves — slowly

Congress has begun to stir. Federal officials, political appointees, and executive branch staff would be barred from trading event contracts tied to government policy based on nonpublic information under a bill introduced by Representative Ritchie Torres in the House.

Senator Adam Schiff and Representative Mike Levin jointly introduced the DEATH BETS Act on March 10, which would explicitly prohibit any CFTC-registered exchange from listing event contracts referencing terrorism, assassination, war, or an individual’s death.

That same day, Senator Richard Blumenthal introduced the Prediction Markets Security and Integrity Act to address fraud, insider trading, and broader market manipulation. Then, on March 17, Senator Chris Murphy and Representative Greg Casar introduced the BETS OFF Act, which would ban trades on war, terrorism, assassination, non-financial government actions, and events where someone controls or knows the outcome in advance. Senator Blumenthal put it directly, stating that “prediction markets have become a haven for insider trading, market manipulation, and underage gambling” and that these “billion-dollar businesses are turning war into a casino game.”

Yet the legislative momentum faces structural headwinds. Donald Trump Jr. is an adviser to Polymarket, and his venture capital firm 1789 Capital has invested millions in the company. The Trump administration dropped two federal investigations into the platform — one civil, one criminal — that were opened under former President Joe Biden. By November 25, 2025, Polymarket had its CFTC designation in hand, cleared to run a fully regulated United States exchange. Come February 2026, the company was being valued at $9 billion. Three months later, on February 25, the CFTC’s enforcement division issued a public advisory reminding markets that it has full authority to pursue illegal trading practices on any designated contract market — including prediction platforms.

Still, legal analysts note that how insider trading rules apply in practice, particularly to offshore platforms beyond the agency’s direct reach, remains dangerously unresolved.

Matt Motta, a policy expert who has studied the legislative proposals, tells The Cipher Brief that both the Public Integrity Act and the DEATH BETS Act are necessary but insufficient.

“I think we can do more,” he asserts. “Only regular audits of prediction market transaction reports can allow government regulators to survey the full scope of trading on political markets, and assess how those transactions might impact national security.”

The definitional problem compounds the enforcement gap. Piepgrass notes that the Commodity Exchange Act prohibits prediction contracts related to terrorism, assassination, and war — yet those concepts resist precise legal definition.

“The last time Congress formally declared war was during World War II,” he points out. “Is removing a head of state, like Maduro, a form of war? How about the action in Iran?”

Kelleher is more direct about where the fault lies.

“Current law could be sufficient to address these risks from U.S.-based bettors if the law were actually aggressively enforced,” he explains. “However, the administration generally and the CFTC in particular refuse to enforce the law and are cheerleaders for the prediction market industry.”

When asked what it would actually take for Washington to close that gap, Castellanos is blunt.

“The legislative package is a necessary first step and will deter the unsophisticated opportunist,” he adds. “It will not deter the deliberate foreign asset, the sophisticated contractor insider, or the allied military officer.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Half Measures and Maximum Risk in Iran

Over the past month, U.S. and Israeli operations have killed Iran’s senior leadership, destroyed over 155 naval vessels and roughly 300 ballistic missile launchers, and degraded elements of Iran’s nuclear infrastructure. But scorch marks and craters do not equal a strategic victory.

Operation Epic Fury’s initially stated goals were sweeping and maximalist: to fully destroy Iran’s nuclear infrastructure, missile forces, navy, Iranian Revolutionary Guard Corps, and proxy networks. Yet in pursuing these objectives, the Trump administration has constrained itself to accommodate political realities, employing means short of the full-scale occupation typically required to secure such objectives. The problem is compounded by a second, related challenge: even when strikes appear successful, the United States has limited ability to verify whether its objectives have actually been achieved.

This dynamic, of seeking maximalist ends with politically constrained means, creates a strategic tension that precision strikes can’t resolve. While B-2s and Tomahawks can destroy targets, ensuring the dismantlement of a nation’s military capacity has historically required forms of commitment that Washington is reluctant to undertake.

Understandably, Washington appears unwilling to occupy territory in order to follow through completely on its stated aims. The Trump administration, perhaps emboldened by its easy victory in Iran last June, and Venezuela this January, has walked into a trap of its own making. As history shows, half-measures deployed in service of total victory have often proven disastrous — perpetuating conflict, resolving little.

The verification problem

Through the first month of Epic Fury, the U.S. and Israel have conducted thousands of strikes, all geared toward addressing the operation’s stated end goal. Reports suggest that these attacks have been tactically effective, degrading various forms of Iranian nuclear and military infrastructure. But assessing the true damage, and the irreversibility of that damage, presents a logistical problem that remote methods can’t solve.

The U.S. is equipped with the world’s most sophisticated surveillance architecture. America’s toolbox of satellites, drones, and artificial intelligence allow for rapid assessment of the battlespace and the damage wrought. This sophisticated surveillance architecture paints a flattering picture of objectives nearly or fully achieved, but the actual picture remains incomplete.

Remote surveillance cannot determine whether underground nuclear facilities were destroyed; whether mobile missile launchers survived; whether covert logistics chains still flow; and whether proxy militias remain operational. To truly gauge the effectiveness of Epic Fury, the United States would need to inspect tunnels and warehouses, rooting out hidden stockpiles and underground enrichment facilities - feats that can’t be accomplished from afar. Even under the 2015 nuclear deal, the Joint Comprehensive Plan of Action, verification depended on intrusive, on-the-ground inspections, underscoring the limits of remote surveillance in dismantling complex programs.

Battle damage assessment (BDA), which is used to gauge the effectiveness of Epic Fury, measures only the visible destruction at the point of impact but offers limited insight into the resilience of the targeted system. A crater where a nuclear enrichment facility once stood is an encouraging piece of intelligence. But it leaves questions unanswered, like whether critical components from that facility were moved before the strike, or whether redundant systems exist elsewhere, or whether the brainpower that animated the facility lives on.

The limits of BDA are especially present against Iran, which has spent years hardening and dispersing its military infrastructure in preparation for this long-anticipated attack, all in the hopes of remaining intact enough to regenerate.

The tension at play in Epic Fury - between ambitious objectives, constrained means, and limited visibility - has been present in past U.S. conflicts. After Operation Desert Storm, in which President George H.W. Bush stopped short of wreaking total destruction on Saddam’s regime, Washington believed that Iraq’s military capability had been crippled. But uncertainty persisted, resulting in a long standoff, which finally culminated with the disastrous 2003 invasion.

Afghanistan is also instructive. During Operation Enduring Freedom, the U.S. shifted from airstrikes and special forces to a strategy deeply invested in remote counterterrorism. This limited, drone-dependent remote presence failed to eliminate militant groups who were mobile and embedded. The result was a two-decade resource drain, America’s longest war, which ultimately failed to achieve its objectives and concluded with the resurgence of the Taliban.

The takeaway, from both Iran and Afghanistan, is that half measures don’t work for maximalist strategic goals. The lesson, which should have been applied to Epic Fury, is not that the U.S. should have committed more force, but that it should adjust its objectives to the resources it is willing to commit - before the first Tomahawk is ever launched.

Yet, through the opening month of Operation Epic Fury, Washington appears on the verge of repeating its familiar, post-Cold War pattern of half measures. The administration’s sweeping aims - to dismantle Iran’s nuclear program, missile production, IRGC, proxy networks, and navy - are not achievable or verifiable under the constraints Washington has (correctly) imposed on the campaign.

The current methods deployed against Iran threaten to leave behind persistent strategic ambiguity. Without physical verifications, Iran may well retain, or quickly replenish, the missiles and drones and fissile material that inspired Epic Fury in the first place, which in turn could inspire a lingering half-measured U.S. commitment.

In other words, Epic Fury could lock the United States into a repetitive cycle of sporadic violence (what the Israelis call “mowing the lawn”), with each round triggered by signs that Iran is regenerating capabilities that were never fully eliminated. The prospect of a third 21st century quagmire should give warplanners pause - especially given the uncertain strategic value of Epic Fury itself.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Pentagon’s $54 Billion Bet on Autonomous Warfare

The Department of Defense does not always announce structural shifts loudly; often, it buries them in the dense columns of budget lines where only the most attentive analysts can find the seismic activity. The $1.5 trillion FY2027 spending proposal contains exactly such a shift, a profound and subtle transformation that effectively reorders the American approach to conflict. Central to this plan is the Departmental Autonomous Warfighting Group (DAWG), an organization established late last year with a modest budget of $225 million. For the 2027 fiscal year, the Pentagon has requested $54.6 billion for this organization, representing a staggering 24,166% increase in funding; that single line accounts for nearly 15 percent of the total reconciliation and exceeds the gross domestic product of many small nations and is higher than the entire budget request for the US Marine Corps of $52.8 billion.

Internal documents indicate the intent to transform the group into a unified combatant command, a joint entity that would coordinate drone, aircraft, and vessel operations across all warfighting domains. This shift mirrors previous military evolutions, specifically the establishment of Space Command in 2019 and the elevation of Cyber Command in 2017. Historically, Congress has authorized these specialized commands when fragmented service approaches created redundancy or dangerous gaps; the same logic applies here. By consolidating these capabilities, Secretary of War Pete Hegsethwants to streamline the development of autonomous systems, ensuring the service branches do not pursue conflicting tactical goals or incompatible technical standards.

The reflects the hard lessons learned in modern conflicts, particularly the ongoing struggles in Ukraine and Iran. CTO Emil Michael has observed that these wars routinely involve thousands of low cost systems engaging against each other in highly contested environments. To maintain a competitive edge, the Pentagon launched the Replicator program with the ambitious goal to deploy hundreds of thousands of one way attack drones by 2028. However, early efforts faced substantial hurdles regarding hardware reliability and supply chain bottlenecks that delayed delivery targets. These shortcomings led to a fundamental realization within the leadership: hardware is secondary to the AI software that drives it.

The current strategy treats artificial intelligence and physical autonomy as a tandem force, where the software is the primary strategic asset. This perspective has created a unique friction point between the Department of War and the private sector, specifically with Anthropic. While the military requires flexible, decisive models for high stakes environments, Anthropic has maintained strict red lines regarding the use of its Claude model. This impasse prompted the Department of War to designate certain domestic AI firms as supply chain risks, a move that highlights the growing chasm between Silicon Valley and national security. If a model is too restricted to perform in a combat environment, it becomes a liability rather than an asset.

The policy landscape remains contentious as Congress prepares the next National Defense Authorization Act. While the technological advantages are evident, the legislative challenges are substantial. Armed Services Committee leaders like Senator Roger Wicker and Representative Mike Rogers have cautioned against making such massive structural shifts without a clear strategy that accounts for ethical and operational oversight. They have drawn clear lines on executive branch activism regarding autonomy, requiring that any major push receives rigorous scrutiny. Representative Rob Wittman has echoed these concerns, noting that while the military must move fast, it cannot afford to abandon the principles of accountability that define American governance.

Internationally, the pressure is even more pronounced. Recently, 156 nations supported a United Nations General Assembly resolution expressing deep concern over the risks of an autonomous arms race. These nations fear that removing humans from the loop will lower the threshold for conflict and lead to unpredictable escalations. The United States was among the minority that declined to support the resolution, citing the necessity of maintaining a technological lead against competitors like China and Russia who are pursuing their own autonomous capabilities with little regard for international norms. Current U.S. policy prohibits the employment of lethal autonomous systems without senior official approval, but critics argue this is a temporary safeguard that could easily be swept away by the speed of machine warfare.

History suggests that as technical capabilities drift, legal frameworks must evolve to provide clear definitions of what constitutes an autonomous weapon. The transition to a unified command for autonomy is not merely a budgetary or structural change; it is a recognition that the nature of power has shifted from physical platforms to the cognitive software that controls them. Failing to adapt to this reality would leave the United States holding an expensive, manned fleet in an age of attritable, intelligent swarms. The window for this transformation is closing, and the FY2027 budget request is the most significant signal yet that the Pentagon is ready to step through it.

Success will depend on more than just the $54.6 billion requested; it will require a new type of coordination between the warriors who fight and the engineers who build the tools. As the Department of War navigates the friction with firms like Anthropic and the skepticism on Capitol Hill, it must articulate a vision where autonomy enhances human judgment rather than replaces it. If they succeed, the 12th Unified Command will become the backbone of American security for the next century; if they fail, the machines will indeed be at the helm, but we may not like where they are steering us.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Anthropic Mythos - We’ve Opened Pandora's Box

EXPERT OPINION -- For a decade the cybersecurity community was predicting a cyber apocalypse tied to a single event - the day a Cryptographically Relevant Quantum Computer could run Shor’s algorithm and break the public-key cryptography systems most of the internet runs on. We braced for a one-time shock we would absorb and adapt to. The National Institute for Standards and Technology (NIST) has already published standards for the first set of post-quantum cryptography codes.

It’s possible that the first cybersecurity apocalypse may have come early. Anthropic Mythos now tilts the odds in the cybersecurity arms race in favor of attackers - and the math of why it tilts, and how long it stays tilted, is different from anything our institutions were built to handle.

In 2013, Edward Snowden changed what people understood about nation-state cyber capabilities. In the decade that followed disclosures and leaks of nation state cyber tools reduced uncertainty and accelerated the diffusion of cyber tradecraft.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

The defensive playbook that followed - compartmentalization, need-to-know, leak-surface reduction, clearance reform, “worked” because the Snowden leaks and those that followed were one-time disclosures, absorbed over a decade, with the system returning to something like equilibrium.

We got good at responding to the shocks of disclosures. It became doctrine. It was the right doctrine for the wrong future.

Pandora's Box

In 2026, Anthropic Mythos (and similar AI systems) is changing what people can do. Mythos found Zero-day vulnerabilities and thousands of “bugs” that were not publicly known to exist (a must read article here.) Many of these were not just run-of-the-mill stack-smashing exploits but sophisticated attacks that required exploiting subtle race conditions, KASLR (Kernel Address Space Layout Randomization) bypasses, memory corruption vulnerabilities and logic flaws in cryptographic libraries in cryptography libraries, and bugs in TLS, AES-GCM, and SSH.

The reality is a number of these were not “bugs.” There were nation-state exploits built over decades.

What this means is that Anthropic Mythos, and the tools that will certainly follow, has exposed hacking tools previously only available to nation-states and transformed into tools that Script Kiddies will have within a few months (and certainly within a year.) No expertise will be required to apply that tradecraft, compressing both the learning curve and the execution barrier.

All Government’s Will Scramble

When Mythos-class systems are used to analyze the code in critical infrastructure and systems, the hidden sophisticated zero-day exploits that are already in use, (including ones nation-states have been sitting on for years) will be found and patched. That means intelligence agency sources of how to collect information will go dark as companies and governments patch these vulnerabilities.

Every serious intelligence service will scramble, likely with their own AI, to find new access before the visibility gap costs them something they cannot replace. A new generation of AI-driven exploits will rise to replace the ones that have been burned.This will build an arms race with a new generation of AI-driven cyber exploits looking to replace the ones that have been discovered. Whichever side sustains faster AI adoption - not just “procures” it, but ships it into operational systems, holds a widening advantage measured in powers of two every four months.

The binding constraint is not budget. Not authority. Not access to models. It is institutional capacity for change - the rate at which a defender organization can actually change what it deploys.

The Long Tail Will Not Be Patched

Anthropic has given companies early access to secure the world’s most critical software. That will help Fortune 100 companies. But the Fortune 100 is not just a small part of the software attack surface.

The attack surface includes the unpatched county water utility, the regional hospital, the third-tier defense supplier, the school district, the state Department of Motor Vehicles, the municipal 911 system, and the small-town electric co-op. Tens of thousands of systems running software nobody has time to patch, maintained by teams that have never heard of KASLR.

Every one of those systems is now exposed to nation-state-grade tradecraft, wielded by attackers with no expertise required. Mythos-class hardening at the top of the pyramid does not trickle down. The long tail will stay unpatched for years.

Attackers Advantage - For Now

Under continuous exponential growth of AI designed cyberattacks, a cyber defender using traditional tools can't just respond just once and stabilize their systems. They’ll need to keep investing at a rate that matches the offense's growth rate itself. A one-time defensive shock like compartmentalization might work against a sudden attack, but it will fail against sustained exponential pressure because there's no stable equilibrium to return to. The defender's investment rate has to track the offense's growth rate.

Ultimately and hopefully, the next generation of AI driven cyber-defense tools will create a new equilibrium.

What We Need to Do

Mythos and its follow-ons will change how we think about cyber-defense. We can’t just build a set of features to catch every exploit x or y. We need to build cyber systems that can maintain or exceed the capability rate of the attackers.

Here are the three tools governments and cyber defense companies need to build now:

Measure the Gap Between Attackers and Defenders. We need to know the gap between what the attackers can do and what we can defend against. We need to develop instrumented red/blue exercises (a simulation of a cyberattack, where two teams – the red team and the blue team – are pitted against each other) to estimate the number of new vulnerabilities vs cyber defense mitigation. (This can be built in six months, with a small team.)
Measure the Defender Response Time. For each corporate or government mission system, measure how long it takes to implement a change from identification to production deployment. Treat each organizational obstacle as equivalent to technical debt that needs to be remediated.
Specify Speed, Not Features. Any new Cyber Defense tools and architecture - including the next-generation cloud-native systems sitting in review right now - should have explicit ‘rate’ requirements. Claims of “our product delivers X capability is now the wrong specification. “Closes detection gap at rate greater than or equal to the offense growth rate” is the right one.

Buckle up. It's going to be a wild ride - for companies, for defense and for government agencies.

Mythos is a sea change. It requires a different response than what the current cyber security ecosystem was built for, and one the current system is not built to produce. We are not behind yet. The gap between Mythos and what we can build to defend is small enough today that a serious response can still match it. A year from now, the same response will be eight times too slow. Two years, sixty-four.

By the way, the only thing left in Pandora’s Box was hope.

Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.

America’s Cyber Strategy Has a Budget Problem

The threat from cyberattacks has never been more acute, but there is reason to worry America is not rising to the challenge. It is not the lack of a cybersecurity strategy, but rather a growing gap between what the United States says and what it is willing to fund. The Trump administration’s latest budget proposal makes that gap impossible to ignore.

At the center of the proposal is a $707 million reduction to the Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s primary civilian cybersecurity body. The request would bring CISA’s budget down to just over $2 billion. That’s well below the roughly $2.6 billion Congress had been prepared — on a bipartisan level — to provide to the agency prior to the partisan blow up over the Department of Homeland Security’s budget because of a dispute over immigration enforcement.

Over the past year, the agency has already been weakened by layoffs and reduced support for state and local cybersecurity efforts. The new budget would accelerate that trend. The administration has framed the cuts as a refocusing of CISA on its “core mission,” shuttering supposedly unnecessary initiatives like the Stakeholder Engagement Division. But the reality is that modern cybersecurity does not operate in a vacuum. Defending critical infrastructure — energy grids, transportation systems, water utilities, and telecommunications networks — depends on constant coordination with state and local governments, private sector operators, and international partners. Dismantling the very offices designed to enable that coordination undermines the mission the budget claims to prioritize.

At the same time, the broader federal cyber ecosystem is also being thinned. The Office of the National Cyber Director would see a $3 million reduction in funding. The State Department’s cyber apparatus has been reorganized in ways that risk diluting its effectiveness. The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response would see budget $40 million below FY25 enacted levels of $200 million. And there has been a noticeable pullback in engagement with the private sector and international cyber community — two pillars of any credible cyber defense strategy.

The contradiction becomes even clearer when viewed against the broader threat environment. The United States faces sustained cyber pressure from sophisticated adversaries, including China, Russia, Iran, and North Korea. These actors are not just targeting federal systems; they are probing the connective tissue of American society – ports, pipelines, hospitals, and supply chains. Many of these systems are owned and operated by the private sector or local entities that rely on federal support, guidance, and information sharing to defend themselves.

To be clear, not every line in the budget moves in the wrong direction. There is a modest $15 million increase proposed for Treasury’s “critical cyber capabilities, sanctions targeting, and combatting illicit financial activity.” State Department funding to improve its own IT infrastructure would also see a slight boost. These are useful investments, but they are not substitutes for a coherent, whole-of-government approach.

The most striking aspect of this budget is how misaligned it is with widely accepted cybersecurity priorities. For years, policymakers from both parties have emphasized the need for stronger public-private collaboration, improved information sharing, and deeper international partnerships. Yet, the proposed cuts target precisely those functions.

This raises a more fundamental question: what is the administration’s theory of cyber defense?

If the goal is to reduce federal overreach, that is a legitimate policy debate. But the current approach does not simply scale back — it selectively removes the connective infrastructure that enables decentralized defense to work. Without federal coordination, the burden shifts to actors who often lack the resources, visibility, or expertise to manage nation state cyber threats on their own.

Congress has seen this dynamic before. In prior budget cycles, lawmakers from both parties rejected proposals to significantly cut cyber funding, recognizing the mismatch between rising threats and reduced investment. There is little reason to believe the underlying risk calculus has changed. If anything, it has intensified.

The United States is entering a period of heightened geopolitical tension, where cyber operations are increasingly integrated into broader military and economic strategies. In this environment, underinvesting in civilian cyber defense is not a cost-saving measure — it is a strategic liability.

A credible cybersecurity strategy requires more than strong rhetoric. It requires sustained investment in the institutions, partnerships, and capabilities that make defense possible. Right now, the budget and the strategy are moving in opposite directions. Congress should close that gap.

Jiwon Ma is the senior policy analyst at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, where she contributes to the work of CSC 2.0.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Extremist Groups Are Sharing a Global Media Strategy

In the private sector, we analyze competitors to understand where they excel, so we can improve our approach. With this same mindset, I reviewed how 15 adversarial groups utilize media to communicate locally and internationally.

The headline is that the groups, ranging from Al-Shabaab to ISIS-K to Hezbollah, are clearly learning from each other, leading to an informal universal playbook that is consistent across the groups.

This is quite similar to the private sector where innovation is more of an iterative race. We have a tendency to copy what works.

Let’s take a look at these common behaviors by separating them into media strategy and narrative style.

Media Strategy

Telegram is home base. It is the top distribution channel for a reason. Telegram offers broadcast channels with no limit on subscribers, bots for automation, end-to-end encrypted direct messages, minimal content moderation and easy migration after bans via invite links. Narratives often start in Telegram, then content is fed to other platforms.

Each group has a similar distribution strategy that anticipates content takedowns. Groups distribute content, on average, across 3-7 platforms simultaneously. Knowing takedowns will occur, they also upload content to Archive.org, which serves as a holding tank. If content goes down on a social channel, it can be re-uploaded from Archive.org. An example of a media mix may include Telegram, Facebook, TikTok, Element and Archive.org.

A two-tier distribution system. All groups have two-tier distribution – their official channels for direct distribution and unofficial channels for supporters/surrogates (TikTok, Instagram, YouTube) to reshare and amplify content. The supporters help groups maintain a presence despite official account bans. Platform policies have difficulties proactively monitoring and patrolling the surrogate amplification layer.

Enforcement leads to migration. Each group pre-positions on other channels, e.g., Rocket.Chat, Element and Session so they can more easily activate a pre-existing presence in alternative channels or they move to new channels beyond the reach of platform moderation, such as satellite TV (Hezbollah, Houthis) and physical offline media (JI, Boko Haram).

Narrative Style

Groups are expert at establishing a false narrative frame. It is standing protocol to exploit major geopolitical events by immediately inserting their narrative within hours. If they conduct this type of “narrative jacking” within 2-4 hours of the incident they have a chance to lead the first wave of interpretation before mainstream media establishes the dominant frame.

Video accelerates attack claims. Every group releases an official video within hours of any attack. Pre-produced, officially branded with logos, released to Telegram first. Sets the frame and it is often more emotional.

Expertise in parallel audience messaging. The local message is in local language and often focuses on governance legitimacy or grievance. The international message focuses on solidarity, victimhood and humanitarian framing. Dual-narrative analysis will be more instructive than tracking either alone.

Ability to reframe civilian imagery. The footage is often authentic. The deception is in the attribution, the framing, or the claimed scale.

Grievance amplification is a gateway to radicalization. Media strategy often begins by amplifying legitimate grievance – real injustices, real conflicts, civilian suffering. Extreme content gets layered on top over time, and because the foundation is real, platform policies usually don’t flag it.

Overall, if we understand how groups learn from each other, it improves our ability to identify which media, technology and AI trends are being utilized by any of the groups. We know that what breaks new ground will be analyzed and implemented as quickly as possible.

The implication for any counter-messaging team is practical. Watching one group’s innovation is watching all fifteen. The right question to ask inside your own operation is whether you are monitoring the first mover in the playbook — not just the group on your assigned target list.

Note: the groups analyzed include ISIS, Al-Qaeda, Al-Shabaab, Boko Haram/ISWAP, Taliban, Hay’at Tahrir al-Sham, Hezbollah, Hamas, Tehrik-i-Taliban Pakistan, AQAP, ISIS-K, Jemaah Islamiyah, Abu Sayyaf Group, Jaish-e-Mohammed/Lashkar-e-Taiba, Houthis.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Pakistan: Broker of Peace While Still at War

Just a few weeks ago, Pakistan, the host for fragile ceasefire talks aiming to end the war between the U.S. and Iran, was at war with Afghanistan in what has been described as the worst conflict between the two countries in years.

A ceasefire between Pakistan and Afghanistan that was scheduled to run from midnight March 19 to midnight March 24 - and brokered at the request of Saudi Arabia, Qatar, and Turkey - offered the first lull in nearly a month of what was widely described as open warfare. Few analysts were treating it as anything more than a pause, risking

Pakistan’s Information Minister Attaullah Tarar was explicit: Operation Ghazab Lil Haq would resume with greater intensity the moment any cross-border attack, drone strike, or terrorist incident occurred inside Pakistan during the holiday period. On Monday, as the ceasefire approached its midnight deadline, Deputy Prime Minister and Foreign Minister Ishaq Dar reaffirmed that Pakistan’s approach had not shifted. “Pakistan remains firmly committed to eradicating the menace of terrorism,” he said.

Previous ceasefires have not held. The one brokered by the same mediators in October 2025 collapsed within days - Istanbul peace talks broke down on October 29, and Pakistan threatened to “obliterate” the Taliban government shortly after. Saudi-led mediation in December 2025 also failed.

What has changed is the scale of the conflict. Pakistan declared “open war” against Afghanistan. Late February brought Operation Ghazab Lil Haq — air and ground strikes hammering Taliban positions across Kabul, Kandahar, Paktia, Nangarhar, Khost, and Paktika, the most significant cross-border military action since the Taliban retook power in 2021. Pakistani officials now claim more than 684 Taliban fighters killed, over 912 injured, 252 posts destroyed, and 229 tanks, armored vehicles, and artillery guns taken out of action.

The Taliban dispute nearly all of those figures. Pakistani airstrikes have hit Kabul repeatedly, Afghan forces have sent drones and mortars back across the border, and the United Nations has tallied at least 289 Afghan civilian casualties since the fighting began — 104 of them children, 59 women.

The worst single day came on March 16. A Pakistani airstrike hit the Omid Addiction Treatment Hospital in Kabul while patients were inside. Afghan authorities counted more than 400 dead. The UN put the confirmed figure at 143 or more. Pakistan said it had struck only military infrastructure. The following day, mass funerals moved through the capital.

Aparna Pande, Senior Fellow for India and South Asia at the Hudson Institute, tells The Cipher Brief that the ceasefire pattern should surprise no one.

“Historically speaking, these ceasefires have never been durable,” she says. “Each side has simply used the pause in fighting to rebuild and replenish before the next round.”

With the truce now expiring and both sides’ core grievances entirely unresolved, the question pressing analysts is whether Islamabad has a realistic end-state in mind, or whether open war with a nuclear-armed state’s most volatile neighbor has become a policy that Pakistan can start but not finish.

A relationship Pakistan can no longer manage

The roots of this conflict run directly through Islamabad’s own strategic choices. For decades, Pakistan cultivated the Afghan Taliban as a buffer against Indian influence, the doctrine of “strategic depth,” conceived in the 1980s, envisioned a pliant Kabul as an extension of Pakistani security space.

That calculation has collapsed entirely. The immediate trigger for the current war is the Tehrik-e-Taliban Pakistan, the militant group that Islamabad accuses Kabul of sheltering and enabling. TTP attacks inside Pakistan have dramatically escalated since 2021, and Pakistan’s Army Chief Field Marshal Asim Munir said during a March 4 visit to troops in South Waziristan that peace can only exist if the Taliban “renounced their support for terrorism and terrorist organisations.”

The Taliban, meanwhile, have never recognized the Durand Line, the colonial-era border Pakistan regards as sacrosanct, and that dispute alone makes any durable political settlement nearly impossible to achieve.

Aref Dostyar, Director of the Afghanistan Program at the University of Notre Dame and former senior Afghan diplomat, tells The Cipher Brief that Pakistan’s military logic is backfiring on itself.

“If the goal is to weaken the Taliban, Pakistan’s aggression is backfiring because it is triggering a ‘rally round the flag’ effect,” he says. “Even Taliban opponents are being cornered to choose between supporting the current regime’s stance against Pakistan or appearing to justify foreign aggression. Most are choosing the former.”

The strategic paradox here is stark: Islamabad is now at war with an actor it once created, sustained, and expected to serve its interests indefinitely. Pande is equally direct: any durable agreement would require each side to move off entrenched positions that the other has shown no willingness to abandon.

The Afghan Taliban would need to pressure their ideological ally, the TTP, to ease attacks inside Pakistan. For its part, Pakistan would need to accept that “it cannot combat an insurgent movement through conventional means and hence offer some economic and other incentives,” Pande says, underscoring that “there is a reason a compromise has not happened as both sides are sticking to their hardline positions.”

Dostyar also questions Islamabad’s underlying objectives.

“Pakistan cites the TTP as justification for ‘open war,’ but its true aims are unclear,” he analyzes. “Mapping the specific locations of Afghan targets may reveal an agenda that contradicts their stated counter-terrorism goals.”

The Iranian dimension

The war in Afghanistan, however, is not happening in isolation. On February 28, coordinated United States and Israeli strikes on Iran killed Supreme Leader Ayatollah Ali Khamenei and triggered a rapidly expanding Middle East conflict. For Pakistan, already engaged in open fighting on its northwestern border, the implications of Iranian instability on its southwestern frontier are severe.

Pakistan’s western frontier with Iran runs for 565 miles, cutting through territory where both sides of the border — Pakistan’s Balochistan and Iran’s Sistan-Balochistan — have long hosted ethno-separatist insurgencies. Roughly $1.4 billion in goods moved between the two countries in 2024-2025, most of it through barter deals and informal crossings rather than anything approaching a formal trade architecture.

Iranian fuel and food have kept Balochistan’s markets from seizing up entirely since the Afghan border shut in October. That lifeline now runs through a war zone, and the border districts of Balochistan, among Pakistan’s poorest, would feel any disruption most acutely.

Afghanistan shares its own 572-mile border with Iran, and the stakes for Kabul are equally acute. Iran hosts an estimated three to five million Afghan refugees and migrant workers. It serves as Afghanistan’s primary remaining trade route to the sea via Chabahar port, a lifeline that became critical after Pakistan closed its border in October. With that route now disrupted by the war, Afghanistan faces a dual economic squeeze that has no near-term resolution.

Pande points out that the security calculus around Balochistan is shifting fast.

“Groups like the BLA have used Iranian and Afghan Baluchistan to operate inside Pakistani Baluchistan,” she observes.

The BLA, the Balochistan Liberation Army, is the most powerful of several insurgent groups operating in the province, a banned separatist organization designated a foreign terrorist group by the United States that seeks to carve an independent Balochistan from Pakistani territory and has escalated sharply in recent months, carrying out coordinated bombings, train hijackings, and mass casualty attacks.

“Instability inside Iran can be helpful to these groups as it may make it easier for them to move across the borders and also easier to find access to military equipment,” Pande continues, stressing that the picture cuts both ways. “Instability inside Iran and the Iranian state’s focus on the western frontier means the Pakistani state may find it easier to target these Baluch groups, knowing that Iran’s attention is diverted.”

Pakistan is also home to an estimated 15 to 20 percent Shia population, one of the largest outside Iran. Violence erupted in Pakistani cities following news of Khamenei’s death. Jihadist networks, including the Islamic State Khorasan Province, al-Qaeda, and the TTP, have been trying to expand their footprints in Balochistan, and instability in Iran would divert Pakistani security resources toward border management, creating an opening for those networks to grow.

In Balochistan’s Makran coast region, home to the Chinese-operated deep-sea port of Gwadar, local officials have advised residents to avoid Iranian territory entirely.

A nuclear state on three fronts

Then there is India. Last May, the two nuclear-armed neighbors fought their most intense clash since 1971. India launched Operation Sindoor on May 7, striking nine sites linked to militant groups Jaish-e-Mohammed and Lashkar-e-Taiba in Pakistan and Pakistan-administered Kashmir — the first time India had struck inside Pakistan’s Punjab province since the 1971 war.

When reports surfaced that Pakistan had summoned its Nuclear Command Authority, the body that controls decisions over its nuclear arsenal, the crisis took on a different character altogether. Analysts read it as a calculated signal. Pakistani officials later said no such meeting occurred. Fears of escalation to the nuclear threshold drove United States government involvement, with Secretary of State Marco Rubio working the phones before President Trump announced the ceasefire on social media on May 10.

The intervention produced a fragile truce yet left the underlying tensions entirely intact. Delhi has held the Indus Waters Treaty in abeyance since then, a move Islamabad has called an act of war. The Indus basin supplies roughly 80 percent of Pakistan’s irrigated agricultural land and underpins a sector that accounts for nearly a quarter of GDP.

Dostyar does not mince words about where all this leaves Islamabad.

“Pakistan is facing a failing economy, political instability, and internal separatist movements,” he asserts. “In the face of all this, it is an enormous gamble to engage in multiple external conflicts. It may be a ‘distraction’ strategy, but it poses a significant regional risk, particularly regarding the security of Pakistan’s nuclear arsenal.”

Pande agrees the military believes it can manage all three frontiers for now, partly because of what she describes as confidence in Washington’s backing and a mutual defense arrangement Pakistan concluded with Saudi Arabia in September 2025, which stipulates that any aggression against either country is treated as aggression against both. Still, she flags a structural weakness in the information campaign that sustains it.

“The message being sent by the top brass is that events that are happening are a conspiracy against Pakistan, in an attempt to rally the people to support the state and its actions,” she says.

That Washington has left the mediation work entirely to Ankara, Doha, and Riyadh is itself telling and consequential. As Dostyar puts it, “Washington’s apparent absence from mediation is likely driven by either insufficient awareness about what is truly going on or a strategic choice due to competing priorities.” In plain terms, the United States is either not paying close enough attention or has decided this fire is someone else’s to put out.

That calculation carries costs. A nuclear state fighting one neighbor, frozen out by another, and watching a third descend into war on its doorstep is exactly the kind of cascading regional breakdown that tends to pull Washington back in regardless of its intentions.

The security of Pakistan’s nuclear arsenal under simultaneous pressure on three fronts, the risk of jihadist networks exploiting the chaos in Balochistan, and the potential for an escalation that pulls in India — all of these are American national security equities, whether Washington chooses to engage or not.

The Eid pause now expiring gives diplomats the narrowest of windows. Saudi Arabia, Qatar, and Turkey all called this week for a path toward a sustainable agreement. Whether the structural conditions for such an agreement exist is another matter entirely. Pakistan’s preconditions — TTP sanctuaries dismantled, militant leaders handed over — are non-starters for a Taliban government that has staked its domestic legitimacy on refusing to be seen as compliant with Islamabad’s demands. The Taliban’s own precondition, recognition of Afghan sovereignty over the Durand Line, is equally unacceptable to Pakistan’s military establishment.

The underlying drivers are unchanged.

As Pande frames it, the core problem is not a lack of mediation but a lack of political will on both sides.

“The Afghan Taliban believes they are no longer beholden to Pakistan, they are in power, and they are reluctant to act against their ideological ally, the TTP,” she adds. “Pakistan believes that since it helped the Afghan Taliban regain power, the latter should be grateful to Pakistan, should keep Pakistan’s interests in mind and should tame the TTP. The key challenge for Pakistan is the ongoing conflict with its former proxy.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Costly Illusion of the Golden Dome

“The Golden Dome for America strategy [President Trump’s proposed nationwide anti-missile defense system] remains centered on affordable and scalable capabilities. In the short-term, we will leverage battle-proven technologies and systems to provide immediate defense against current threats. By improving, multiplying, and integrating existing systems, we can field a credible defense now. However, defeating an increasing number of sophisticated, lower-cost offensive threats with a limited supply of multi-million-dollar [space- and ground-based] interceptors is an economically untenable proposition in the long term.”

That was from the prepared statement of Space Command General Michael Guetlein, Program Manager for the Golden Dome for America project, who appeared last Wednesday before a House Armed Services Strategic Subcommittee hearing held to provide an update on Golden Dome and other Department of Defense (DoD) missile defense programs along with other senior officers.

In announcing the Golden Dome program on January 27, 2025, Trump, in an Executive Order said, “The United States will provide for the common defense of its citizens and the Nation by deploying and maintaining a next-generation missile defense shield; the United States will deter — and defend its citizens and critical infrastructure against — any foreign aerial attack on the Homeland; and the United States will guarantee its secure second-strike capability.”

Last May, Trump predicted, “Once fully constructed, the Golden Dome will be capable of intercepting missiles even if they are launched from other sides of the world, and even if they are launched from space, and we will have the best system ever built.”

Guetlein, just before the two-hour session ended, again made clear, cost would be a factor in the system. “If we cannot do it affordable we will not go into production and that's something that others have not understood. Because we are looking at the threats from a multi-domain perspective, to make sure I have redundant capabilities, and I don't have single points of failure, so if boost- phase intercept from space is not affordable and scalable, we will not produce it because we have other options to get after it.”

During the hearing, Guetlein and the others made clear what a long, costly and complicated process the Golden Dome will involve.

For example, when Guetlein was asked how many American cities are currently protected by Patriot or Terminal High Altitude Area Defense (THAAD) batteries – the U.S. Army’s existing ground-based anti-missile units he referred to above -- he answered, “Today, none.”

I remember back in the 1950-to-1970 Cold War days when the U.S. Army deployed nuclear-armed Nike surface-to-air missile batteries around major cities such as Washington, D.C., Chicago, Detroit, Minneapolis, and the Florida coast to intercept Soviet missiles or bombers. One example: back then 19 Nike anti-air sites ringed New York City.

As I read Guetlein, Golden Dome will require Patriot and THAAD batteries to be deployed to hundreds of U.S. cities to provide the protection President Trump envisioned.

Today, a single Patriot battery cost $1.1 billion -- $400 million for the radar, control station and launchers plus another $690 million for the interceptor missiles, at some $4 million each. In addition, it takes 90 service personnel to operate that Patriot battery. A single battery can protect an area with a 42-mile defense radius, depending on the surrounding terrain, while its radar can track up to 50 potential targets and engage five simultaneously.

A Patriot battery acts as a terminal-phase shield against tactical ballistic missiles, cruise missiles, drones, and advanced aircraft.

The U.S. Army today operates roughly 15-16 Patriot battalions, consisting of some 60 active batteries, with some 30+ stationed within the U.S., while the remaining are deployed in Europe, the Middle East, and the Indo-Pacific region.

A single THAAD battery, designed to intercept short-, medium-, and intermediate-range ballistic missiles, typically costs between $1 billion and $2.7 billion. A battery is comprised of six truck-mounted launchers, 48+ interceptors, the AN/TPY-2 radar, and fire control units. Again, some 90 personnel are needed to operate a THAAD battery.

As of June 2025, the Army had just eight THAAD batteries with four stationed overseas -- in Guam, South Korea, Israel and Middle East -- and four on U.S. Army bases at home.

Supplementing these terminal-phase defense systems, in considering this new Golden Dome concept, is the Ground-Based Midcourse Defense (GMD), the only operational U.S. system theoretically designed to defend the entire U.S. against long-range ballistic missiles. However, GMD is designed to defend against limited ICBM threats from rogue nations such as North Korea and Iran and not the advanced ICBM capabilities of Russia and China.

GMD consists of a space-based and ground-based global network of sensors and radars to detect and track threats; command, control, battle management and communications; a fire control system that can calculate interception points; and just 44 Ground based Interceptors (GBI), 40 at Fort Greely, Alaska, and 4 deployed to Vandenberg Air Force Base, California. President Trump has requested funding for 20 additional GBI interceptors to be deployed in the United States.

Each GBI has cost roughly $90 million and the GMD system as a whole has been estimated to have cost over $40 billion.

The U.S. Missile Defense Agency (MDA) in 2021 awarded Northrop Grumman and Lockheed Martin contracts to develop a Next Generation Interceptor (NGI) as a follow-on to the GBI. In April 2024, the MDA announced it had selected Lockheed Martin as the sole prime contractor for the NGI program’s development phase.

The NGI plan called for the first new interceptors to be operational by 2028 and the final multi-year contract to be worth an estimated $17 billion.

When Guetlein told the House subcommittee last week “Golden Dome for America is not a single or static weapon system, but an integrated ‘system of systems,’” these three – Patriot, THAAD and GMD -- are the basic systems I believe he was talking about.

There is also the Navy’s AEGIS shipboard anti-missile system, which also provides midcourse and terminal interceptions. But other than the one land-based AEGIS system in Europe, the remainder appear to be needed to protect the fleet.

Guetlein explained, “The architecture that we're building is a very flexible open architecture design system so that we can continuously modernize it as the threat continues to mature. It is not a static architecture. So we will continue to upgrade along the way to get after the threat.”

He claimed his new system “will increase the number of threats we can defend against for a fraction of the cost…by building a modular, layered, defense-in-depth ‘system of systems’ where all components can operate independently and, therefore, can be replaced without having to rebuild the entire enterprise.”

Guetlein said, “We are going to deliver an operational capability by the summer of [20]28 that will be able to protect the homeland against a variety of threats. The ultimate objective architecture is going to be $185 billion. That's $175 billion as identified by the President of the United States and an additional $10 billion to accelerate some space capabilities that were not originally part of our architecture.”

Another House subcommittee witness, Lieutenant General Heath Collins, Director of the Missile Defense Agency, introduced the idea that directed energy weapons, lasers, would also be part of the Golden Dome program.

“We are certainly putting more attention into potentially game-changing directed energy,” Collins said. “Capabilities in an unmanned air platform is what we're focused on so we can bring that capability to the edge of the fight and thin the herd of UAVs [unmanned air vehicles] – potentially air threats and the like. So, we're very into that and we're driving through on that experimentation as we as we move forward.”

Speaking of Patriot and THAAD, Collins said , “We have some very proven systems with incredible capability…We are always driving to figure out how to drive the cost of those down. One through the acceleration in quantities that we're going to talk about. We're going to have a

savings in those. But those are pretty exquisite and unique weapons. As we move forward we are continuing to push directed energy and non-kinetics to change the cost equation.”

Near the close of the hearing, Gen. Guetlein was asked to sum up “in layman’s terms,” why Golden Dome was the right option to meet the current threat.

Guetlein responded in part, “We are seeing threats coming from the multi-domain environment meaning they're coming from air, they're coming from the sea, they're coming from space, they're coming from land. They [U.S. adversaries] have figured out how to get some low-cost threats in there as well to challenge our depth, our defenses.”

Guetlein concluded, “This is driving a demand for increased magazine depth [an adequate supply of interceptors] and a demand for lower cost solutions to get after these sectors. That's what Golden Dome is focusing on…how to change that defense equation. And we're doing that through partnerships with industry, partnerships with academia and partnerships with the national labs.”

I believe the truth is, as the U.S. discovered during the Reagan years, that missile offenses will always defeat missile defenses, and while an Iron Dome defense can be set up for a small country – Israel -- no Golden Dome can be established to protect a large country such as the U.S.

And, ironically, trying to create a defensive system will eventually lead to a more aggressive offensive arms race than exists today.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Trump, Iran, and the Stress Test of Western Alliances

The war with Iran has grown beyond just a regional war; it is also a preliminary test of the cohesion of Western alliances under President Donald Trump. Deep root causes concerning burden-sharing, strategic partnership, and political trust within NATO are being exposed by the United States’ and its allies' reactions as tensions escalate and the shock of disruption through the Strait of Hormuz is felt by the world's energy markets. A broader re-evaluation of how Western alliances function in an increasingly volatile global context is taking place, rather than just a contest of deterrence against Iran.

This war unfolds in a distinct political setting in Washington - different from previous Middle East conflicts. Trump's foreign policy approach throughout his current term has remained consistent with a transactional view of alliances, putting concrete commitments and national advantage over conventional ideas of shared security.

NATO's internal structures are experiencing pressure and uncertainty. European allies are currently dealing with a more nuanced strategic context, where unconditional alignment with the United States is hardly assumed but still anticipated. As a result, the Iran war reveals the political boundaries of alliance unity.

A Regional War with Global Consequences

The war’s global implications are being highlighted by the closure of the Strait of Hormuz. Uncertainty in the Strait, a vital conduit for global energy supply, has direct and major economic repercussions, from rising energy costs to heightened financial market swings. The economic implications caused by the Iran war raised calls for de-escalation for European economies already facing structural strain.

NATO allies' strategic calculations are hampered by this economic element. While local economic factors favour neutrality, security commitments require European states to back U.S. policy. The result is a dual strain that weakens collective decision-making. As a result, the Iran War cannot be viewed simply as a regional security matter; rather, it is a confluence of political, economic, and military concerns that go well beyond the Middle East.

Trump’s Alliance Strategy: Pressure as Policy

Trump's use of external threats to alter alliance behaviour is a larger trend in his foreign policy, which appears in how he managed the situation. The current crisis intensified his repeated criticism of NATO states for inadequate defence spending, with new demands for enhanced European contribution to both military operations and financial commitments.

There could be inconsistent outcomes from such a strategy. On one hand, it could hasten European attempts to strengthen strategic autonomy and increase defence spending. On the other hand, it carries the risk of upsetting allies who see this type of strain as eroding the alliance's cooperative roots. According to political scientist Stephen M. Walt alliances are upheld by bilateral trust as well as common interests, which can be weakened when relationships are laid out mainly in terms of give and take.

However, Trump's strategy does make some sense. The realists argue that greater shared burdens could boost the alliance's overall capabilities. The tough element is achieving this without weakening political cohesion that is vital for successful shared action.

NATO at a Crossroads

The Iran war has exposed long-standing divisions in NATO cohesion. Attempts to develop a cohesive response have been hindered by member countries' varying views of the risk. Russia remains as the key security threat for many Eastern European nations, with Middle East instability seen as a secondary concern. On the other hand, the impact of Middle Eastern unrest is more urgent for Southern European nations, especially about migration and energy security.

Establishing agreement turns tougher because of these conflicting agendas. NATO's viability eventually depends on political agreement among its members, even if it maintains strong bureaucratic procedures. Even in the absence of explicit disagreement, the current crisis highlights the risk of a slow erosion of strategic cohesion.

However, history reveals that crises may also act as a catalyst for adaptation. As political scientist Barry R. Posen points out, alliances often fluctuate in response to changing strategic conditions. The question involves whether NATO can utilise the Iran war to reassess its goals, or if internal division will worsen.

The Expanding Role of Middle Powers

Middle powers have played a significant part in fostering diplomatic dialogue throughout the current war. States like Pakistan and Turkey have emerged as mediators, showing the multipolar character of international diplomacy. Pakistan's recent effort to portray itself as a mediator and host the negotiators from the United States, and Iran is especially notable. Despite an inconsistent track record in regional policy and counterterrorism, Islamabad has utilised its alliances with rival blocs in order to preserve channels of communication at a critical time. In this respect, its role is less about resolving the war and more about preventing further escalation by facilitating dialogue in circumstances where direct engagement is politically constrained.

Their engagement reflects a broader shift away from Western dominance in conflict resolution and highlights the growing role played by regional players in crisis management. For NATO, this development provides both challenges and opportunities. On one hand, reliance on external mediators may indicate an erosion in Western diplomatic dominance. On the other hand, it offers other de-escalation alternatives that can complement formal alliance protocols.

The capability of NATO member countries to interact productively with these actors will be crucial in determining the trajectory of the crisis. Successful diplomacy in such a complicated setting requires cooperation outside conventional alliance agreements.

Future Trajectories: Cohesion, Transnationalism, or Fragmentation

The long-term repercussions of the Iran conflict for Western alliances will ultimately be shaped by how these interactions play out. Three potential pathways can be identified.

The first path is a renewed feeling of cohesiveness. In this scenario, the common challenges caused by the war contribute to greater cooperation among NATO members, strengthening NATO's legitimacy and efficiency. This would signify the continuation of NATO's enduring position as a foundation of Western security.

The second path is a shift towards transnationalism. The alliance persists, but collaboration becomes increasingly conditional, driven by national interests and contributions rather than unified standards. While this could enhance efficiency in certain areas, it also has the potential to weaken NATO's sense of joint missions.

The third path is gradual fragmentation. If internal divisions continue to grow, NATO may struggle to react to future crises as a cohesive alliance. This would not necessarily lead to the alliance's collapse, but it might significantly diminish strategic unity and influence.

The Iran war indicated that it’s more than just a test of military capacity or regional strategy; it also tests Western allies' resilience and adaptation in a shifting geopolitical context. Under President Trump, this test is exacerbated by a leadership style that prioritises power and negotiation above established alliance conventions.

For NATO, the stakes go beyond the current crisis. The alliance must manage a complicated web of security challenges, economic constraints, and political disagreements while retaining its credibility as a collective defensive agency. The capacity to manage these opposing needs will determine whether it emerges stronger or more fractured at the end of this period.

Ultimately, the significance of the Iran war may lie less in its immediate outcomes than in what it reveals about the future of alliance politics. In an era of shifting power dynamics and increasing uncertainty, the capacity of Western alliances to adapt will be a critical determinant of their continued relevance.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

An FBI Perspective on FISA Section 702

I spent twenty years at the FBI supporting investigations into cybercrime, tracking ransomware gangs, and watching foreign adversaries tear through American networks. I've sat across the table from hospital administrators trying to figure out how to care for patients when their systems are locked. I've talked to small business owners who lost everything to a cyber operation traced back to a state-sponsored group operating with near-impunity abroad.

What I can tell you, from that vantage point, is that allowing Section 702 to lapse would create intelligence gaps that our adversaries are already positioned to exploit.

Section 702 is a vital tool. A nimble authority that provides for collection against foreign-based, non-U.S. person threat actors intent on harming Americans. The threats this authority was built to address have not slowed down while Congress deliberates. Iranian-nexus actors are actively probing U.S. critical infrastructure, Chinese operators remain embedded in telecommunications networks, and ransomware groups – some operating with the direct support or tolerance of foreign governments – are targeting hospitals, water systems, and school districts across the country.

The actors dominating today's headlines each represent a different dimension of why 702 matters to the FBI as an investigative and intelligence collection tool.

Iran has demonstrated both the intent and the capability to conduct attacks on US soil. Beyond cyber operations against critical infrastructure – including recent attacks against operational technology in water treatment plants – Iran has sought to assassinate American citizens, including senior government officials, and to silence dissidents operating on US soil. Many of these plots are planned from abroad, coordinated through the internet, and would be invisible to investigators without 702. It is the tool that lets us connect the dots before an attack is executed rather than after.

China is playing a longer game. The campaign to pre-position access inside US critical infrastructure – power grids, water systems, transportation hubs, communications networks – is patient and methodical, designed to be activated at a moment of Beijing's choosing, including in the event of a conflict over Taiwan. In the FBI's own experience, 702 has been the difference between detecting that access early and discovering it only after the damage is done. When Chinese hackers compromised a major US transportation hub, it was 702-derived intelligence and US person queries that allowed the FBI to pinpoint exactly which network infrastructure had been hit, alert operators to the specific vulnerability, and help close the backdoor.

Ransomware, which defined much of my work at FBI, has evolved from a criminal problem into a national security one. Many of the groups responsible for attacks on hospitals and pipelines operate under the protection or direction of state sponsors who understand that ransomware destabilizes the same infrastructure a military adversary would want to disable. Over the past decade, malicious cyber actors have accounted for more than half of the FBI's Section 702 targets. The authority is central to how the FBI does cyber work: identifying victims, warning them before attacks begin, and helping them close backdoors before the next wave hits.

If Section 702 authority expires, active collection against foreign targets stops. Leads go cold. Investigations that depend on 702-derived intelligence hit a wall at exactly the moment continuity is critical. Adversaries don't pause. Every day the authority lapses is a day they move more freely through networks they have already compromised.

On compliance, the record deserves an honest accounting. The FBI's pre-reform querying practices were unacceptable. Director Wray said so plainly, and he was right. But beginning in 2021, there was a genuine institutional reckoning: foundational reforms to training, supervision, and accountability that produced documented, court-verified improvement. The same court that documented FBI’s violations in the first place – the Foreign Intelligence Surveillance Court (FISC) – concluded the reforms are having the desired effect.

The same rigor that produced those improvements is exactly why this reauthorization debate deserves to be evaluated on its own merits. The concern about government acquisition of commercially available data is legitimate, but it is a separate question from 702. Conflating the two risks taking down a well-functioning authority over a fight that belongs elsewhere in statute.

From two decades working to counter these threats, I know what it costs to arrive after the damage is done. The good news is that Congress doesn't have to make that choice. The oversight architecture is working. The reforms are documented. The threats are real and they are not waiting. Reauthorize 702, address commercial data on its own track, and keep the investigative capability that makes the FBI's cyber and national security work possible.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Why Greenland is the Linchpin of the Golden Dome

When President Trump first proposed the purchase of Greenland, the world’s reaction leaned toward mockery. But as the strategic landscape of the 2020s shifts from traditional ground wars to a high-stakes Arctic battlefield and space-based competition, the real estate deal of the century is looking less like a whim and more like a calculated move for national survival.

The logic behind the push for Greenland, whether through outright acquisition or a significantly expanded role as its primary protector, is not about land mass nor rare earth minerals. It is about latitude. As the U.S. develops the Golden Dome system, a revolutionary, layered missile defense shield, Greenland is the one of the only geographic assets that offers the location necessary to protect the American mainland from modern existential threats.

The Ultimate Vantage Point

To understand Greenland’s value, one must look at a globe, not a map. The shortest flight path for an Intercontinental Ballistic Missile (ICBM) launched from Russia, China, or North Korea toward the United States is not across the oceans, but over the North Pole.

Greenland sits directly beneath these routes often referred to as Great Circle routes. By securing unfettered access to this territory, the U.S. can transition the Pituffik Space Base from a mere warning site into an active intercept location. Forward-basing interceptors on Greenland allows the military to engage incoming missiles in their mid-course phase—while they are still coasting through the vacuum of space. This provides a second line of defense that can neutralize threats thousands of miles away, ensuring that any debris or nuclear fallout occurs over the uninhabited Arctic ice rather than North American civilian populations.

Commanding the High Orbit

Beyond missile interceptors, Greenland should be the operational fulcrum for the space-based leg of the Golden Dome. Modern defense relies on the Proliferated Warfighter Space Architecture (PWSA), a mesh network of thousands of small satellites in Low Earth Orbit (LEO).

● Satellite Command: Because polar-orbiting satellites pass over the North Pole on every revolution, a ground station in Greenland can communicate with these satellites more frequently than any site in the continental U.S.

● Atmospheric Clarity: Greenland’s cold, dry air is a scientific miracle for communications. It provides the perfect medium for laser-based satellite links and high-frequency V-band radio, which are far more resistant to enemy jamming than traditional signals.

Beyond Greenland: The Svalbard Puzzle

While Greenland serves as the western anchor of this Arctic shield, it is only one piece of a broader polar puzzle. To truly secure the High North, the U.S. and its allies must eventually address the strategic anomaly of Svalbard.

Located halfway between Norway and the North Pole, Svalbard shares Greenland’s near-perfect latitude for satellite downlinking and missile detection. However, unlike Greenland, which is governed by a bilateral agreement with Denmark, Svalbard is governed by the Svalbard Treaty of 1920. This unique international document recognizes Norway’s sovereignty but with a major catch: the islands must remain demilitarized and open to commercial activity from all 40+ signatory nations (that includes Russia, China, North Korea, Iran and others).

This has led to a bizarre patchwork of land ownership that presents a significant security challenge:

● 34 Plots: Historically, land on Svalbard was divided into 34 distinct claims (aka, plots which were based on mineral or fishing rights).

● Norway (31 Plots): The Norwegian state owns a majority of the land, maintaining the primary administrative hub in Longyearbyen.

● Russia (2 Plots): Through the state-owned mining company Arktikugol, Russia owns two significant plots, including the active mining town of Barentsburg and the "ghost town" of Pyramiden. This allows Moscow a permanent, legal foothold on what is technically NATO soil.

● Private Hands (1 Plot): For years, the last remaining private plot, Søre Fagerfjord, has been a source of geopolitical anxiety. In late 2024 and throughout 2025, the Norwegian government took the unprecedented step of blocking the sale of this Manhattan-sized plot to prevent it from falling into the hands of non-NATO actors, specifically citing concerns over Chinese interest. This included blocking it from being sold to an American firm which would have ensured it could not fall under the control of a foreign power (conveying Arctic status to any such possibly malignant actor).

Conclusion: A Unified Arctic Strategy

If the push for Greenland is the first move in securing the Golden Dome, Svalbard is the inevitable second move. The topography that makes Greenland an ideal interceptor site is mirrored in Svalbard. However, the presence of Russian commercial outposts and the treaty’s strict restrictions on warlike purposes create a diplomatic minefield.

As the U.S. seeks to build an impenetrable shield against trans-polar threats, it must look beyond just buying land. It must navigate a complex web of hundred year-old treaties to ensure that the top of the world remains a vantage point for the West, rather than a loophole for its adversaries.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Most Dangerous Extremist Movement in America Has No Ideology

She Was 13. She'd Been Inside This World Since She Was 8.

A week after her birthday, Audree was dead.

Her mother didn't know why – not until a detective called to say Audree's journal was filled with drawings of school shooters. Not until she searched TikTok and recognized her daughter's artwork everywhere. Not until she learned that the online world her artistic, funny, guitar-playing daughter had been living in for five years had a name.

The True Crime Community. The TCC.

The TCC is one of the most dangerous pipelines operating right now – and most parents have never heard of it.

A Fandom Built Around Killers

It's not an organization. There's no leader, no membership card, no political ideology. Researchers call it nihilistic violent extremism – a fandom built around mass killers, driven by hatred of humanity and a hunger for notoriety.

The Columbine shooting gave this world a look and a feel. Members dress like shooters, draw fan art of them, and celebrate them the way other teenagers celebrate musicians. The community has migrated from Tumblr to TikTok, where a hand making an "OK" sign paired with a photo of boots signals TCC membership – and comment sections do the recruiting.

When a new shooting happens, the perpetrator often becomes the next idol. After the December 2024 shooting at Abundant Life Christian School in Madison, Wisconsin, the 15-year-old shooter became a figure the community celebrated – and three more school shootings in Tennessee, Minnesota, and Colorado followed. Each attack feeds the next.

Since January 2024, researchers have linked TCC to at least 25 attacks or disrupted plots. The FBI reported a 300% increase in this kind of extremism between late 2024 and late 2025. And this week, a school shooting in Argentina was directly tied to TCC by government officials, who said it had nothing to do with bullying – only membership in an international online subculture. This isn't an American problem anymore.

The Signs Are There – Parents Just Don't Know What They're Looking At

There is no recruitment script. No one knocks on your door. Your child doesn't come home saying she joined an extremist group. She asks for a T-shirt. She draws something in her notebook you don't recognize. She uses a username that sounds random.

One mother – Audree's mother – didn't just miss the signs. She helped create them. She made custom T-shirts for her daughter printed with logos tied to the Columbine killers. She had no idea what they meant. "I wanted to vomit," she said when she found out.

These communities target kids who are struggling – isolated, anxious, looking for somewhere to fit in. According to de-radicalization expert Allizandra Herberhold of Parents for Peace, about 95% of TCC participants never harm anyone else – they are far more likely to hurt themselves. This is a self-harm crisis as much as a violence crisis.

One more thing most parents don't know: TCC is roughly half girls, half boys – unusual for any extremist group. Girls often find their way in through online eating disorder communities. Boys typically come in through gore forums. If you think only boys are at risk, you're missing half the picture.

The Cipher Brief applies expert-level context to national and global security stories. Grant yourself full-access to Cipher Brief expert insights, analysis and private briefings in the new year by becoming a Subscriber+Member.

A Phone Call Can Stop It

In January, an Indiana mother called the sheriff after noticing something wrong with her 17-year-old daughter. Investigators found the girl had recorded a walkthrough video of her school and was planning an attack with people she'd met online. The mother's call stopped it.

Another mother, Heather Dioneff, watched her daughter Lilyanna get pulled into the TCC world. Lilyanna idolized killers, wrote a manifesto, and made a list of people she wanted to hurt at school. She eventually told a therapist. The therapist called for help. Lilyanna was hospitalized before anything happened.

Two different families. Two different paths. Same result – someone paid attention and made the call.

The warning signs are about looks, not words. Watch for fixation on specific shooters, drawings of killers, references to Columbine, or usernames and symbols you don't understand. If something confuses you – a meme, a post, an image – search it before you react.

Monitor private channels, not just public profiles. Discord needs close attention. Experts say don't allow children on Telegram at all – it's full of violent and exploitative content.

Don't wait until you're sure. Parents for Peace runs a confidential helpline for families worried about where a child is headed. Their number is 1-844-49-PEACE. No judgment. No obligation. The Anti-Defamation League has sent TCC research to more than 16,000 schools and offers guidance on what to look for. Lawmakers have also introduced a bill that would make it a federal crime to push children toward self-harm – a step in the right direction.

The Adults Closest to These Kids Don't Know What to Look For

We have systems for identifying jihadist radicalization. We are building them for domestic extremism. We have almost nothing in place for this threat at the school and community level. The most sustainable fix, researchers say, is treating this like a public health problem – reduce what makes young people vulnerable before an attack happens, not just respond after. That means youth mental health investment, school-based threat assessment training, and making sure the counselors, coaches, and pediatricians who see these kids every day know what they're looking at.

That gap is where children are dying.

The mothers in that CNN story aren't asking for sympathy. They're asking for accountability – from platforms, from policymakers, and from a public that keeps acting surprised by attacks that researchers saw coming.

Kids are going to seek out secret worlds. That instinct is human – it's the same one that draws them to spy stories, adventure novels, and tales of people who matter and belong to something bigger than themselves. The question is who finds them first and what world they're handed when they arrive.

Resources:

Parents for Peace confidential helpline: 1-844-49-PEACE | parents4peace.org
ADL Center on Extremism: adl.org
K-12 School Shooting Database: k12ssdb.org
If you or someone you know is in crisis: call or text 988

The Trump-Xi Summit: A Chance to Change the Global Narrative

Let’s hope the May summit between Presidents Donald Trump and Xi Jinping is uplifting, giving the world hope that these great powers can cooperate for the common good. The global community is distraught and fatigued with the wars in Ukraine, Gaza and Iran and the sense that war has now become accepted behavior.

The summit of the U.S. and China is an opportunity to change the narrative and instill hope that these two great powers can work through the many issues that divide us and focus on the issues that can lead to the betterment of mankind.

The summit will be an opportunity to discuss a myriad of economic and trade issues that continue to be an irritant in the bilateral relationship: The U.S. trade imbalance with China; industrial subsidies China provides to state-owned enterprises and cheap financing from state banks; U.S. restricted exports to China of advanced semiconductors and chipmaking equipment and AI-related technologies; Intellectual Property theft by China and industrial espionage; U.S. tariffs and de-risking efforts with rare earths, batteries and pharmaceuticals; U.S. investment restrictions and China’s efforts to keep the yuan undervalued to boost exports; and U.S. human rights-related trade restrictions and sanctions on Chinese companies.

China has strong views on each of these issues, accusing the U.S. of economic containment. As major economic competitors, these and other related issues can and should be addressed routinely, in diplomatic and trade negotiations. Indeed, these economic and trade issues can and should be mentioned and discussed at the summit but left to the diplomats and trade negotiators to resolve during routine annual meetings in Beijing and Washington.

What the world needs to hear is how the U.S. and China can cooperate to end wars and make the world more inhabitable.

Indeed, conflict resolutions should be high on the list of issues to discuss. Ensuring that we do not have a repeat of the Belgrade Embassy bombing of 1999 (when the U.S. accidentally bombed the Chinese Embassy in Belgrade) and former President Jiang Zemin refusing to take with President Bill Clinton’s calls to apologize; or the EP-3 incident of 2001 ( a U.S. reconnaissance aircraft collided with a Chinese jet in international airspace, killing the Chinese pilot) when President Jiang Zemin would not take the calls from former President George W. Bush who wanted to apologize for the incident and request the release of the U.S. crew being held in Hainan Island.

We cannot have a repeat of these two tragic events. It is important that our leaders communicate in a timely and secure manner, to ensure that incidents of this type do not escalate. The hotline between our military leaders is equally important, to avoid inadvertent escalation and potential conflict.

Taiwan and the South China Sea are issues requiring immediate presidential attention. These are issues that can escalate quickly and potentially lead to conflict and war. The U.S. Taiwan Relations Act of 1999 clearly states that the issue of Taiwan should be resolved peacefully between the People’s Republic of China and Taiwan, while the U.S. provides Taiwan with arms of a defensive character. Mr. Xi has said he wants a peaceful resolution of issues with Taiwan, but China, he said, is prepared to use military force if necessary. The recent meeting of Taiwan’s opposition leader, Cheng Li-wun, Chairman of Taiwan’s Kuomintang (KMT) with Mr. Xi on April 10 was the first meeting in a decade with Mr. Xi, who has increased military pressure around Taiwan and sees reunification with Taiwan as an important part of his legacy.

The South China Sea is a potential flash point between China and the U.S. Island-building activity by China has been found illegal under the United Nations Convention on the Law of the Sea (UNCLOS). Between 2013 and 2015, China engaged in extensive land reclamation in the Spratly Islands, building artificial islands in areas claimed by the Philippines and Vietnam. An arbitral tribunal ruled in 2016 that China was in violation of UNCLOS. But China persists, insisting – based on dated maps going back to the Qing Dynasty – that China has sovereignty of the South China Sea Islands. The U.S. position is that China’s claim to sovereignty of the South China Seas islands is unlawful and freedom of the seas is consistent with international law.

Discussing Taiwan and the South China Seas is necessary, to avoid conflict that could develop into a war. But these are long-established points of conflict that require close and continued diplomatic and military dialogue with Beijing. A two-day leadership session in Beijing likely will not resolve either of these contentious issues. But continued dialogue is necessary.

What the people would like to see from this summit is how the U.S. and China are prepared to cooperate to resolve conflicts and wars and how the U.S. and China plan to cooperate on global issues requiring immediate attention: Global pandemics, global warming, nuclear proliferation, biosecurity, counterterrorism, counternarcotics, counter international organized crime, and other issues requiring attention.

The May summit between the leaders of the U.S. and China is an opportunity to show the world that two great powers can coexist peacefully and cooperate to make the world a better place for mankind.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

This article was originally published in The Washington Times and is republished here with permission from the author.

What Iran Is Learning from Russia’s War and Why the U.S. Should Be Concerned

KREMLIN FILES/COLUMN: The war in Ukraine is often framed by optimistic academics, and some policymakers as a cautionary tale—an example of how military aggression can backfire, weaken a state, and isolate it from the world. But that assumption may be dangerously incomplete. For regimes like Iran, the more relevant lesson may not be Russia’s failures, but its endurance.

Four years into the conflict, Moscow has not collapsed. Instead, it has adapted militarily remarkably well, particularly in the past two years. Russia has resisted sanctions to make its economy even more domestically oriented and more reliant on China. It has also dramatically strengthened the security and intelligence structures that sustain authoritarian rule. If Iran’s leadership is studying this war—and there is strong evidence that it is—it may come away with lessons that make it more resilient, more technologically capable, and more repressive. That possibility should concern the United States.

The first lesson Iran’s regime might learn is that war fosters innovation, especially when countries must operate under constraints. Even before Russia’s full-scale invasion of Ukraine, Moscow and Tehran were already working together militarily. While not a strategic alliance like NATO, or anything close to approaching the strength of our “Five Eyes” partnerships, Iran supplied Russia early in the war with Shahed drones, which quickly became a key part of Russia’s strike campaign against Ukrainian infrastructure.

But the relationship didn’t stop at the simple transfer and sale of weapons. Throughout the war, both countries have adapted and improved. Russia has modified Iranian drone designs, increased their range and guidance systems, and expanded domestic production for new generations of its GERLAN drone series (based initially on the Shahed, but evolved significantly since). They have also established a new “Unmanned Systems Troops” branch for their military. Some might argue they are ahead of NATO in this innovation (though still behind Ukraine, thankfully).

Meanwhile, Iran has gained battlefield feedback, collecting real-world data on how its systems perform against modern air defenses when the Russians deployed them. That seems to be paying off in some respects now with Iran’s own conflict. Their drones have indeed penetrated U.S. and allied defenses in the region. U.S. airpower remains a dominant force on any battlefield of any potential conflict still, but for how much longer?

The wartime innovation is not limited to drones. Russia has improvised with electronic warfare, missile production, and decentralized command structures under pressure—the latter being particularly difficult for its Soviet-style military to adapt from, but reports are that they have done so. Iran, which already prioritizes asymmetric warfare, is likely absorbing these lessons. The development of new generations of loitering munitions—like Iran’s IRSA-7—illustrates how quickly relatively simple technologies can evolve into more effective and harder-to-counter systems.

For Iran, the takeaway is clear: even under sanctions and technological isolation, war can accelerate military advancement rather than stall it. That has direct implications for U.S. forces now at war in Iran, and partners in the Middle East, who could face more sophisticated and battle-tested Iranian systems if the war continues.

A second lesson Iran might learn is that prolonged conflict doesn't necessarily topple a regime—it can instead make it more resilient. Western policymakers often believe that ongoing economic pressure and battlefield losses will eventually lead to political change. Russia’s experience complicates that argument and shows how an autocratic system can be built to endure a long conflict.

Despite broad sanctions, export controls, and diplomatic isolation, the Russian government has kept functioning. It has shifted its economy toward non-European partners, especially China, maintained energy revenues, and passed the hardships onto its people. Russia’s domestic production of many agricultural and other goods has actually increased during the war. How does this compare with the U.S. and the West? Not very well, of course. If international shipping stopped bringing goods to the U.S. market, our economy would collapse.

Iran is arguably even better positioned to absorb this lesson. It has decades of experience operating under sanctions, developing informal trade networks, and insulating its core institutions from economic shock. What Russia has demonstrated is that a large, resource-rich, authoritarian state can endure far longer than many expected, even under intense pressure. For Tehran, this reinforces the idea that time may be on its side—that it can outlast external pressure campaigns without fundamentally changing its behavior. That belief, in turn, could make Iran more willing to engage in risky or confrontational actions, calculating that the long-term costs are manageable.

The final—and perhaps most troubling—lesson is the strengthening of the security state. Over the course of the war, Russia’s internal security services, particularly the FSB, have not weakened; they have grown more powerful. As I have argued previously in this column, the FSB now has a strong claim to being the most powerful and all-encompassing security service in the history of Russia, pre- and post-USSR. Compared against the Okhrana, the KGB, Cheka, and even Ivan the Terrible’s oprichniki, that is saying something.

But as the conflict dragged on, the Russian government systematically dismantled what remained of independent media, criminalized dissent, and expanded surveillance and repression. In many ways, the war accelerated a process that was already underway: the consolidation of a security-service-driven state.

History offers a grim parallel. By the end of World War II, organizations like the Gestapo and the SS had become central pillars of the Nazi regime, enforcing loyalty and eliminating opposition. Hitler used the failed Valkyrie plot (Colonel von Staufenberg and other senior Wehrmacht officers who planted a bomb at the Wolf’s Lair) to ruthlessly eliminate all dissent in the final year of the war. Could Iran’s regime similarly build on its already brutal suppression of dissent just before this conflict and then crack down even harder?

While the contexts are different, the underlying dynamic is similar: prolonged conflict can empower internal security institutions, making them the backbone of regime survival. In Russia today, the erosion of freedoms has been accompanied by the rise of a system in which dissent is nearly impossible. Many of the country’s brightest young minds left early in the war, and those who remain often operate under intense fear and constraint. Intellectual life is stifled, and opposition is either exiled, imprisoned, or silenced. Even when in prison, though, as in the case of Aleksey Navalny, that is not enough—the regime imposes the “highest measure” and continues to murder the opposition.

For Iran, this is a powerful example, one they have practiced well over the decades. The regime already relies heavily on its own security apparatus, including the Islamic Revolutionary Guard Corps and its many intelligence and security services/police. The Russian experience suggests that war—or even the sustained perception of external threat—can justify further expanding these institutions’ power. It creates a political environment in which repression is not only tolerated but framed as necessary for national survival. The result is a system with little to no space for dissent, where the regime becomes more stable precisely because it is more coercive.

Taken together, these lessons point to a sobering conclusion. Iran’s regime and its new leadership may see Russia’s war not as a warning but as a model: a demonstration that a determined authoritarian regime can innovate under pressure, endure economic punishment, and consolidate power internally even while engaged in a costly conflict. For Russia, they have been telling their people and their claimed allies, like Iran, that they are “fighting all of Europe.” And for Russia, they believe they are prevailing. For Iran, the lesson may be—we can win too.

For the United States, these challenge several core assumptions about deterrence and pressure. If regimes believe they can survive—and even strengthen themselves—through confrontation, then the tools Washington relies on may be less effective than hoped.

The war in Ukraine is not just a regional conflict; it is a global case study in how modern authoritarian states adapt to crises. The danger is not that Iran misreads Russia’s experience, but that it reads it correctly and that we in the West, possibly, have not. And if it does, the next phase of confrontation between Iran and the United States may unfold under conditions far less favorable to deterrence than policymakers expect.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Avoiding Another 9/11: 3 Key Reasons to Reauthorize Section 702

Editor's Note: Section 702 of the Foreign Intelligence Surveillance Act was originally enacted as a post 9/11surveillance program that allows the government to collect electronic communications of foreign nationals located outside the United States without needing a warrant for each target. Supporters have called it 'indispensable' and critics worry about its potential use to surveil Americans. Section 702 is up for Congressional reauthorization this month.

The Cipher Brief asked General Paul Nakasone (Ret.), former director of the National Security Agency and former Commander of U.S. Cyber Command for his take on reauthorization and why it matters to future U.S. national security.

EXPERT PERSPECTIVE – I strongly support the clean reauthorization of Section 702 of the Foreign Intelligence Surveillance Act. Allowing this critical authority to lapse would put our nation at unnecessary risk.

This view is informed not only by my experience leading U.S. Cyber Command and the National Security Agency, but also by the lessons of September 11th—a day I remember vividly from the Pentagon. Our intelligence community was surprised on 9-11, and the consequences were devastating. We cannot afford to repeat that failure.

Section 702 should be cleanly reauthorized for three key reasons:

First, it is a carefully designed authority that balances national security with civil liberties. It is limited to surveillance of foreigners abroad, and it operates under oversight from all three branches of government, with established mechanisms to identify and address misuse. There is no other statutory authority that gives our nation the equivalent information vital to our national security.

Second, it enables targeted—not bulk—collection. Contrary to common misconceptions, Section 702 is not a mass surveillance tool. It is a precise capability that helps us discover, and if necessary, prevent threats like Iranian sponsored attacks in the homeland, Chinese cyber thefts, and Russian espionage.

Finally, we face an increasingly complex and dangerous global environment. Letting this authority lapse risks creating intelligence gaps at the worst possible time. Maintaining an effective and bounded tool like Section 702 helps prevent overreactions in a crisis—when emergency measures might be broader and less protective of civil liberties.

For nearly six years, I relied daily on Section 702 to identify terrorist threats, protect our servicemen abroad, foil cyber intrusions, and prevent attacks against our homeland. It was, and remains, indispensable to our safety and security, while also upholding our values. A clean reauthorization of Section 702 is essential to both ensuring our national security and the protection of our civil liberties.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.

Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

Back to top