The Cipher Brief

EXPERT PERSPECTIVE — We are currently witnessing a mobilization of technical ambition reminiscent of the Manhattan Project, a realization that data and compute are the new defining elements of national power. I am deeply energized by recent bold moves in Washington, specifically the White House’s launch of the "Genesis Mission" this past November—an initiative designed to federate vast federal scientific datasets for integrated AI training—alongside the real-world deployment of GenAI.mil.

Yet, when I look at the velocity of the commercial sector—from OpenAI launching its dedicated Science division and NVIDIA attempting to simulate the planet with Earth-2, to Google’s DeepMind aggressively crossing their AI breakthroughs into the geospatial domain—it becomes clear that we are still aiming too low. These projects are not just modeling data; they are attempting to model reality itself. American technical leadership is paramount, but that leadership is meaningless if it is not ruthlessly and immediately applied to our national security framework. We must take these massive, reality-simulating concepts and focus them specifically on the GEOINT mission.

A perfect example of this is that earlier this year, in July 2025, the geospatial world shifted. Google DeepMind released the AlphaEarth Foundations (AEF) model, and through the hard work of the Taylor Geospatial Engine (TGE) and the open-source community, those vector embeddings are now publicly available on Source Cooperative.

The excitement is justified. AlphaEarth is a leap forward because it offers pixel-level embeddings rather than the standard patch-level approach. It doesn’t just tell you “this 256x256 square contains a city”; it tells you "this specific pixel is part of a building, and it knows its neighbors."

But as I look at this achievement from the perspective of national security, I see something else. I see a proof of concept for a capability that the United States is uniquely positioned to build—and must build—to maintain decision advantage.

Google has the internet’s data. But the intelligence community holds the most diverse, multi-physics, and temporally deep repository of the Earth in human history.

It is time for the United States to propose and execute a National Geospatial-Intelligence Embedding Model (NGEM).

The Proposal: Beyond RGB

The AlphaEarth model is impressive, but it is limited by its training data—primarily commercial optical imagery. In the national security domain, an optical image is just the tip of the spear. We don't just see with light; we see with physics.

I am proposing that we train a massive, pixel-level foundation model that ingests all of its holdings. We aren't talking about just throwing more Sentinel-2 data at a GPU. We are talking about a model that generates embeddings from a unified ingest of:

Multi-INT Imagery: Electro-optical (EO), Synthetic Aperture Radar (SAR), Infrared/Thermal, Multispectral, and Hyperspectral.
Vector Data: The massive stores of Foundation GEOINT (FG)—roads, borders, elevation meshes.
The Critical Missing Modality: Text. We must embed the millions of intelligence reports, analyst notes, and finished intelligence products ever written.

The Approach: "The Unified Latent Space"

The approach would mirror the AlphaEarth architecture—generating 64-dimensional (or higher) vectors for every coordinate on Earth—but with a massive increase in complexity and utility.

In AlphaEarth, a pixel’s embedding vector encodes "visual similarity." In an NGA NGEM, the embedding would encode phenomenological and semantic truth.

We would train the model to map different modalities into the same "latent space."

If a SAR image shows a T-72 tank (through radar returns), and an EO image shows a T-72 tank (through visual pixels), and a text report describes a "T-72 tank," they should all map to nearly the same mathematical vector.
The model becomes the universal translator. It doesn't matter if the input is a paragraph of text or a thermal signature; the output is a standardized mathematical representation of the object.

The Outcomes: What Does This Give Us?

If we achieve this, we move beyond "computer vision" into "machine understanding."

1. The "SAM Site" Dimension In the AlphaEarth analysis, researchers found a "dimension 27" that accidentally specialized in detecting airports. It was a serendipitous discovery of the model's internal logic. If we train NSEM on NGA’s holdings, we won’t just find an airport dimension. We will likely find dimensions that correspond to specific national security targets.

Dimension 14 might light up only for Surface-to-Air Missile (SAM) sites, regardless of whether they are camouflaged in optical imagery, because the thermal and SAR layers give them away.
Dimension 42 might track "maritime logistics activity," integrating port vectors with ship signatures.

2. Cross-Modal Search (Text-to-Pixel) Currently, if an analyst wants to find "all airfields with extended runways in the Pacific," they have to rely on tagged metadata or run a specific computer vision classifier. With a multi-modal embedding model, the analyst could simply type a query from a report: "Suspected construction of hardened aircraft shelters near distinct ridge line." Because we embedded the text of millions of past reports alongside the imagery, the model understands the semantic vector of that phrase. It can then scan the entire globe’s pixel embeddings to find the mathematical match—instantly highlighting the location, even if no human has ever tagged it.

3. Vector-Based Change Detection AlphaEarth showed us that subtracting vectors from 2018 and 2024 reveals construction. For the intelligence community, this becomes Automated Indications & Warning (I&W). Because the embeddings are spatially aware and pixel-dense, we can detect subtle shifts in the function of a facility, not just its footprint. A factory that suddenly starts emitting heat (thermal layer) or showing new material stockpiles (hyperspectral layer) will produce a massive shift in its vector embedding, triggering an alert long before a human analyst notices the visual change.

The Intelligence Use Cases

Automated Order of Battle: Instantly generating dynamic maps of military equipment by querying the embedding space for specific signatures (e.g., "Show me all vectors matching a mobile radar unit").
Underground Facility Detection: By combining vector terrain data, gravity/magnetic anomaly data, and hyperspectral surface disturbances into a single embedding, the model could "see" what is hidden.
Pattern of Life Analysis: Since the model is spatiotemporal (like AlphaEarth), it learns the "heartbeat" of a location. Deviations—like a port going silent or a sudden surge in RF activity—become mathematical anomalies that scream for attention.

Conclusion

Google and the open-source community have given us the blueprint with AlphaEarth. They proved that pixel-level, spatiotemporal embeddings are the superior way to model our changing planet.

But the mission requires more than commercial data. It requires the fusion of every sensor and every secret. By building this multi-modal embedding model—fusion at the pixel level—we can stop looking for needles in haystacks and start using a magnet.

This is the future of GEOINT. We have the data. We have the mission. It’s time to build the model.

Follow Mark Munsell on LinkedInThe Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Invisible Conflict: Defending Against Hybrid Non-Kinetic Warfare

War doesn’t always look like war anymore. Hybrid non-kinetic warfare is an increasingly popular means for threat actors to orchestrate prolonged campaigns aimed at achieving political and security objectives by destabilizing the adversary, eroding its strength and social cohesion, while avoiding the creation of a pretext for military retaliation. The goal is to wreak chaos with invisible hands from an anonymous cloak, absent a military, uniforms or declaration of war.

The Iranian conflict is a real-time case study in how warfare is being reshaped. In recent weeks, Iran-linked hackers have targeted critical infrastructure in the US, disrupting multiple oil, gas and water facilities. Tehran-linked hackers likewise disrupted operations at a major US medical device maker – among other things, they hacked into an emergency system that first responders use to communicate patient data to hospitals. A high-ranking US security official saw his personal email hacked and exposed by Iranian affiliates. Iranian hacktivists celebrated efforts like this with – of all things – Lego propaganda.

Hybrid non-kinetic warfare is not confined to the physical battlefield and has no regard for borders. Hybrid tactics are low-cost, low-risk and hard to trace. These tactics are effective where traditional firepower isn’t, and they’re quietly reshaping the future of conflict.

They’re also exposing how unprepared many governments remain for threats that don’t arrive with missiles or tanks. Modern warfare and defense preparedness hinges on our ability to adapt to the new realities of hybrid non-kinetic warfare. The technologies used to combat these threats must likewise adapt.

AN AMORPHOUS ARSENAL

The tools of hybrid non-kinetic warfare are varied and very dangerous in and of themselves – especially so when applied in concert.

High-impact sabotage operations are a frequent, favored tactic. Russia, for example, is known to target civilian infrastructure via hybrid pressure campaigns intended to influence Ukraine war outcomes. In Poland, these attacks include an arson attack on a massive shopping center that gutted 1,400 shops, and more recently, an orchestrated railway explosion. Dozens of these vandalism, arson and sabotage attacks have been mounted and documented since the February 2022 Russian invasion into Ukraine.

Disinformation and propaganda are likewise commonly employed. We see this in coordinated campaigns – online and offline – to spread false narratives, divide societies and support politicians who align with the attackers’ goals. Sounding the alarm, Italy’s Defense Minister has urged the European community to protect itself from Russian disinformation tactics seen recently in Italy.

“We are under attack, and the hybrid bombs keep falling,” he said.

Cyberattacks play a role too. These can target critical infrastructure – power grids, hospitals, transportation systems, government websites – and they’re often timed to sow confusion or weaken public trust.

In a recent twist, cyberattacks have been blended with traditional warfare – investigations have uncovered Iran’s use of "cyber-enabled kinetic targeting" before and after real-world missile attacks against ships and land infrastructure. By hacking into CCTV cameras, among other methods, Iranian advanced persistent threat (APT) groups have successfully gathered intelligence on real-world targets.

Irregular or engineered migration is increasingly employed in hybrid non-kinetic campaigns. In some cases, governments deliberately funnel large numbers of migrants toward their adversary’s borders – not to help the migrants, but to overwhelm border systems and create political tension. We’ve seen this tactic used at the Belarus-Poland border, and between Russia and Finland, and it works because it creates pressure from every direction – on border patrols, on social services, on local communities and governments and beyond.

Political interference is another established tactic that’s gained new relevance in contemporary hybrid non-kinetic warfare. Russia’s known interference in the states of Ukraine, Georgia and Moldova is aimed at preventing them from shifting allegiances toward the West. This interference often peaks during election seasons.

These tactics on their own are often regarded as isolated threats. In combination, they comprise a potent, long-term war campaign – a strategy to reshape a community or region without ever sending in troops.

THE ART OF HYBRID WAR

Hybrid non-kinetic warfare looks disorganized on its surface, but there’s a logic behind it – a playbook. In plain terms, these are the core principles.

Be flexible and move fast. These operations are constantly evolving. If threat actors see an opportunity – like a protest, an election, a scandal – they join the fray and make it worse. The goal is to stir the pot, to cause unrest.

Destabilize from within. These attackers seek to weaken the glue that holds communities and countries together – trust, unity, stability. They want people to feel divided, unsafe and unsupported.

Use every tool available – military and civilian. Physical sabotage, cyberattacks, media campaigns, migrant flows and financial pressures are all part of the hybrid non-kinetic playbook. Shadowy attacks spur dark rumors that metastasize into fear. Anything that causes confusion or disruption is fair game.

Think long-term. These aren’t one-off attacks. They’re slow, strategic campaigns – sometimes unfolding over months or years. They’re designed to wear a country down, applying constant stress.

Make it hard to know what’s really happening. There are no uniforms, no flags, no announcements to make sense of – just a series of “incidents” that seem disconnected – until you step back and connect the dots.

HOW TO CONNECT THE DOTS

Combatting hybrid non-kinetic warfare requires closer security and intelligence collaboration, and a coordinated, systematic, multi-agency response that extends across borders. It requires a fresh approach to defense spending that prioritizes continuous intelligence monitoring and analysis in parallel with conventional battlefield weaponry.

Resilience doesn’t just come from defense. It comes from understanding, and this clarity can only be achieved with a holistic view of the threat landscape and the ability to surface patterns from the chaos.

At the technology layer, homeland security and intelligence organizations will benefit from a centralized architecture that unites border protection, financial investigations, tactical operations and cyber intelligence in a single cohesive view. The advent of data fusion technology, AI investigative analytics and decision intelligence automation makes it possible to sift mountains of disparate data streams to gain immediate, actionable insights.

Warfare is no longer measured in terms of physical destruction and territorial command because the boundaries of warfare are blurring. Acts of hybrid non-kinetic warfare may look like random crimes and provocations to the untrained eye – their amorphous nature is what makes them so insidious and effective.

To help investigators understand how and why these seemingly random acts intersect and identify the proxy groups responsible, it’s essential to employ an early warning system that invites and unites intelligence from diverse disciplines and geographies. In this way, we can equip intelligence agencies to recognize acts of hybrid non-kinetic warfare in real-time and anticipate them before they happen again.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Deterrence Is Not Enough in the Age of Synthetic Asymmetry

Events have moved faster than doctrine. Part 1 of this series diagnosed the rise of synthetic asymmetry, an era where technological convergence allows small actors to impose disproportionate costs on states and institutions. Unlike the guerrillas of the past, today's asymmetric threats are engineered by design. This essay asks the harder question: How should democracies respond to a threat that is diffuse, deniable, and constantly mutating?

The Failure of Traditional Deterrence

The foundational flaw in applying Cold War security strategies to synthetic asymmetry is the breakdown of attribution and retaliation. Deterrence requires a clear threat of punishment against a visible state actor. Synthetic attackers thrive in gray zones: non-state groups, state proxies, or anonymous cyber operators whose acts are plausibly deniable, and whose tools can blur or obscure attribution by design.

When ransomware shuts down a critical pipeline, the target state faces a genuine conundrum. Is this an act of war demanding a kinetic response? Or a crime demanding law enforcement? That ambiguity makes the nuclear-era playbook obsolete. The attacker's goal is often strategic paralysis: erode trust, impose economic costs far exceeding the effort required to launch the operation.

The costs of these attacks, typically low-cost, remote, and cross-border, are negligible compared to the billions required for a proportional kinetic response. Traditional punitive deterrence buckles under that math.

The answer is to supplement deterrence with a doctrine of synthetic resilience: the capacity of democratic societies to absorb, adapt to, and recover from engineered multi-domain disruption before it produces strategic paralysis or loss of legitimacy. A powerful kinetic threat must remain, but democracies must also assume they will be attacked across multiple domains simultaneously. Survival depends on absorbing disruption, adapting rapidly, and ensuring the continuity of core societal functions and political legitimacy.

What the intervening period has clarified is that this assumption is no longer theoretical. Advanced AI and synthetic media are turning this from a theoretical concern into a systemic global risk (the World Economic Forum and allied intelligence communities have reached this conclusion independently) with opportunistic actors exploiting psychological profiling and emotional triggers to manipulate public perception at scale. The threat environment Part 1 described has accelerated.

The predictable objection is that synthetic resilience sounds resource-intensive and risks replicating the bureaucratic complexity it claims to replace. The cost-of-failure data argues otherwise. The 2021 Colonial Pipeline attack cost the company $4.4 million in ransom, but the downstream economic disruption across the eastern United States ran into the billions. The 2024 CrowdStrike outage, which involved no adversary at all, produced an estimated $10 billion in global losses from a single software update. The NotPetya campaign of 2017 caused over $10 billion in damage across multiple sectors and countries from a single piece of malware. Against those losses, resilience is not a fiscal luxury. It is actuarially rational. The question is never whether democracies can afford to build it. It is whether they can afford not to.

Principles of a New Doctrine

A coherent strategy cannot be built on isolated, domain-specific efforts. It must rest on three integrated principles, Alignment, Adaptation, and Agility, woven into national security planning, budgetary decisions, and interagency cooperation.

1. Alignment over Silos

Defense planners have historically treated cyber, space, and economic security as separate verticals, managed by different agencies with distinct budgets and legal authorities. Adversaries operate horizontally, leveraging convergence to create effects greater than the sum of their parts. A modern influence campaign is simultaneously a cyber attack (to steal data), a financial operation (to fund bot networks via crypto), and a kinetic risk (to incite real-world violence), often without a shot fired.

Nations must respond in kind. That means permanent interagency teams pulling together financial regulators, public health officials, and economic ministers alongside military and national security planners, trained together on synthetic asymmetry scenarios that force convergence. It also means a national risk framework that maps cascading dependencies: how a cyber attack on a single grain futures exchange could trigger a financial crisis, which enables a cognitive influence campaign built on food scarcity fears. The unit of analysis must shift from individual assets to systemic functions.

Recent events illustrate why. Rapid, uncoordinated changes to critical IT infrastructure, where operational decisions bypass standard security review, create systemic confusion between authorized and unauthorized system changes. When the mechanisms for coordination and attribution are themselves disrupted, adversaries inherit a structural advantage at no cost. This is a doctrinal vulnerability, not just an operational one.

2. Adaptation over Retaliation

The priority must shift from punishment to continuity. Against a deniable actor, resilience ensures the adversary gains nothing even if an attack succeeds (the same logic by which the internet routes around failures regardless of cause).

This requires reallocating resources toward the "invisible victory" of hardened defense over the more politically visible power projection of offense. The practical mechanism is hardening-in-depth: mandatory standards for redundancy, self-healing networks, and decentralized systems across the grid, finance, and logistics. Resilience cannot stop at government networks. It must be built into the economy itself, with strategic national reserves of critical goods and supply chains diversified enough that no single political event can halt production of essential materials.

The lesson is direct. When critical cybersecurity functions, including incident reporting oversight, real-time vulnerability monitoring, and analytical data systems, are degraded during periods of institutional restructuring, recovery timelines run into adversary windows. Denying adversaries strategic impact requires institutional capacity to be intact when the attack arrives.

3. Agility over Bureaucracy

Threats emerge at machine speed, powered by generative and agentic AI and automated reconnaissance. Acquisition cycles and regulatory processes measured in years are becoming strategically untenable.

The solution is defense architecture built around interchangeable, open-source, and rapidly updateable components. The Modular Open Systems Approach offers a workable template: technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, can compress the path from lab to deployment substantially.

The goal is simple: evolve as fast as the threat. That requires institutional depth to sustain capabilities across political transitions. Agility without continuity is a vulnerability, not a strategy.

Putting the Doctrine to Work

The three-principle framework only has force if it connects to concrete action. What follows is not a comprehensive policy platform. It is an illustration of how Alignment, Adaptation, and Agility translate into operational commitments across the domains where synthetic asymmetry is already active.

Alignment: Interagency Teams, Systemic Risk Mapping, Private-Sector Crisis Agreements

Alignment means building the interagency connective tissue that adversaries already assume democracies lack. Every national security council should maintain a standing synthetic-asymmetry cell with authority to convene defense, finance, health, energy, intelligence, and private-sector infrastructure leaders before a crisis begins. A national risk framework that maps cascading dependencies, such as how a cyber attack on a grain futures exchange could enable a food-scarcity influence campaign, shifts the unit of analysis from individual assets to systemic functions.

The private sector belongs inside this framework, not adjacent to it. Corporations are no longer adjacent to national security conflict, they are participants in it, operating on infrastructure adversaries deliberately target. Legally robust agreements with critical technology and infrastructure providers, covering roles, responsibilities, and pre-agreed crisis protocols, are the mechanism. These agreements must be written to survive leadership transitions. Tax benefits and procurement preference tied to resilience standards convert security from a state-imposed cost into a financially rational business position.

Adaptation: Infrastructure Redundancy, Cognitive Inoculation, Public Health Surge Capacity

Adaptation means building systems that deny adversaries strategic effect even when attacks succeed. For physical infrastructure, that requires legally mandated geographical diversity, making single-point failure structurally impossible, and jointly funded international rapid-response capacity targeting repair times measured in days, not weeks. On space systems, rapid reconstitution matters more than norms compliance: pre-negotiated commercial surge contracts for replacement satellite launches, hardened ground stations continuously monitored for intrusion. A jammed satellite is a setback. A seized ground station is a disaster.

In the cognitive domain, adaptation means inoculation before manipulation takes hold, not crisis management after. Sweden’s model is the operational benchmark: psychological defense embedded within total defense doctrine, with a dedicated national agency running continuous environmental monitoring. Several NATO allies are already looking closely at this model. Digital provenance, verifiable watermarks and metadata on all AI-generated or heavily altered content, must become a global standard. Without it, citizens and news organizations cannot reliably distinguish reality from synthetic manipulation. An allied intelligence-sharing entity focused exclusively on influence operations would allow attribution data on foreign manipulation tactics to move across borders before the manipulation has time to work.

Public health resilience belongs in this category too. The democratization of tools like CRISPR means engineered pathogen capability is no longer exclusive to state WMD programs. Permanently maintained, distributed vaccine manufacturing facilities and stockpiles of broad-spectrum antivirals represent the same logic as military pre-positioning: make the local response fast enough that the epidemic phase never gains traction. International agreements must move beyond bans toward regulating access, with mandatory safeguards on DNA synthesis services and flagging of suspicious orders, before the capability is in widespread use.

Agility: Modular Systems, Regulatory Sandboxes, Commercial Surge Capacity

Agility means closing the gap between threat speed and response speed. Defense architecture built around interchangeable, open-source, rapidly updateable components, along the lines of the Modular Open Systems Approach, enables technology insertion on the order of weeks, not years. Regulatory sandboxes where government agencies partner with startups to test and certify next-generation tools, from quantum-resistant encryption to AI-driven attribution models, compress the path from lab to deployment. The financial domain requires the same logic: cooperative regulatory frameworks for crypto and DeFi across allied jurisdictions create a unified digital perimeter that forces transparency on illicit cross-border flows, closing the sanctions-evasion channel that currently funds a significant share of adversary low-cost operations.

Democracies hold one structural advantage that agility can amplify but authoritarians cannot replicate: decentralized command cultures that empower local actors to respond faster than centralized systems allow. The spontaneous, bottom-up innovation visible in Ukraine’s use of commercial technology is the template, capability flowing upward from the edge, not downward from the center. Alliances provide redundancy and burden-sharing no single state can match. A vulnerability in one ally’s financial system can be compensated by the strength of another. Allied nations that have invested in psychological defense, infrastructure redundancy, and cross-border intelligence sharing are likely better positioned today. That gap is widening. Maintaining trust and legitimacy under attack is the ultimate measure of democratic power. A democracy that comes through a crisis with its institutions functional and trusted has, in the most consequential sense, won.

The Path Forward

Synthetic asymmetry is not a temporary challenge. The period since this series began has confirmed that it is already shaping outcomes.

The choice before democracies has sharpened. The question is no longer simply whether they will update Cold War playbooks. It is whether they will recognize that the preconditions for synthetic resilience, including institutional depth, continuity of expertise, and coordinated capability, are themselves potential targets and must be treated as strategic assets accordingly.

Resilience infrastructure is not self-sustaining. It must be actively maintained, resourced, and insulated from the same political volatility it is designed to help societies weather. When incident reporting mechanisms, real-time vulnerability monitoring, and the talent pipelines that sustain them are degraded for any reason, the recovery timeline runs into adversary windows. The "invisible victory" of hardened defense becomes invisible in a different and more dangerous sense: it disappears precisely when it is most needed.

Synthetic resilience cannot be built after the disruption arrives. It must exist before.

Governments that adapt now will be better positioned to survive and to operate from strength. Those that inadvertently erode the institutional foundations of resilience while pursuing other priorities risk watching synthetic asymmetry become not just an adversary's tool but a permanent feature of global order.

Nuclear weapons reshaped the strategic logic of the 20th century. Synthetic asymmetry may do the same for the 21st. The choice is clear: write the doctrine of synthetic resilience, resource it, protect it, or be overtaken by disruption engineered to exploit the void.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How America’s Adversaries Compete Across Peace and War

Author’s Note: This article does not introduce “Endless Warfare” as another term in an already crowded national security lexicon. It examines an increasingly visible pattern in which U.S. adversaries pursue persistent strategic advantage both below and above the threshold of open conflict. The aim is not to argue terminology, but to clarify the character of the competition we are already in.

This article is also not about “endless wars” as a critique of U.S. interventions over the past two decades; that debate belongs elsewhere. Here, “Endless Warfare” describes how our adversaries wage continuous, long-term competition and conflict against the United States across peace and war.

Endless Warfare – Part I

How Gray-Zone Tactics, Cognitive Warfare, and Asymmetric Strategies Are Reshaping Global Conflict

On 28 February, the United States and Israel began a campaign against Iran. The strikes were precise, lethal, and decisive from a conventional standpoint. Despite these destructive attacks and Iran’s significantly weakened military capabilities, it did not surrender or collapse; Iran is fighting a different war.

Iran’s objectives are not to win on the battlefield—an impossible outcome against the U.S. and Israel—but to ensure the survival of the regime; create regional and global political, diplomatic, and economic chaos that shapes U.S. decision-making; and end the war on terms favorable to Tehran. Iran views this as an opportunity to turn these attacks into a long-term strategic advantage.

Iran’s arsenal of terrorist surrogates and partners, drones and missiles as weapons of coercion in the Strait of Hormuz and elsewhere, cyber capabilities, cognitive warfare, an empowered and battle-hardened IRGC, and transactional relationships with Russia and China have allowed it to believe it can still achieve these goals—improbable as they seemed in the early days after the U.S. and Israeli strikes.

Ultimately, Iran may not succeed, but it has already shaped the war in ways that complicate U.S. strategy. Much as we are learning from Ukraine’s adaptive, asymmetric resistance to Russia’s invasion, we are likewise drawing lessons from the clash with Iran. Changes in modern warfare aren’t just academic issues; they are playing out in real time.

This is not conventional war for Iran; it is a continuum of full-spectrum pressure and attacks both above and below the threshold of open conflict. For Iran, this is about pursuing regional dominance through surrogate networks and control of vital resources and sea lanes. Even when this round of fighting ends, Iran will almost certainly resume its gray zone campaign and its long war against the U.S. and its partners.

In Washington, where “forever wars” are a political liability, U.S. leaders tend to see engagements with Iran as finite in time and objectives where conventional military power ultimately prevails.

In contrast, Iran sees its struggle against the U.S. as existential and unending, where winning is measured less by battlefield victory than by political, economic, and coercive leverage and the ability to shape the decision space of its adversaries.

For Iran, this is about securing freedom of action regionally and globally, constraining adversaries, and expanding political, economic, and military advantage. Iran’s gray zone and asymmetric posture reflect this strategy. Iran has been preparing for this moment for decades. For Tehran, this is Endless Warfare.

Endless Warfare

For the purposes of this article, Endless Warfare refers to a calculated and persistent state of confrontation that operates both below and above the level of open warfare in which preparation for the next conflict is always underway. It is never formally declared, has no clear starting or end points, and provides our adversaries viable alternatives to conventional warfare.

At its core, Endless Warfare is a long-term strategy to prevail through cumulative gains and exhausting the strategic resolve of an adversary.

Navigating the Threshold.

Below the threshold of open conflict, the gray zone is a space of ambiguity, plausible and implausible deniability, and persistent, incremental aggression where weaknesses and gaps are identified and exploited. The gray zone—and gray warfare—allow adversaries to conduct operations to advance their own national interests, attack and undermine their adversaries, and set the conditions for a future war without triggering a military response. Preparation and setting conditions in the gray zone enable asymmetric warfare and fuel an endless cycle of conflict.

Above the threshold of open conflict, asymmetric warfare becomes the counterpart to gray warfare for militarily outmatched countries, such as Iran. The tools are the same. For Iran, asymmetric warfare is not a desperate last resort but a long‑planned survival strategy: a deliberate way to impose costs, buy time, and pursue broader regional objectives against a militarily superior United States and Israel.

Beyond countries like Iran, Endless Warfare is also the strategy for Russia and China. Although their strategic approaches differ, both countries are engaged in a continuum of full-spectrum pressure and attacks against the U.S. Their goal is the slow erosion of American relative power, autonomy, and influence across multiple domains and reshaping the existing world order in their favor.

China’s Approach to Endless Warfare

For China, patience is a strategic weapon. While Beijing does not use the term “Endless Warfare,” its doctrine of protracted, whole-of-society warfare that can last decades or generations reflects that it emphatically embraces the underlying thinking. For example:

Mao Zedong emphasized wearing down a stronger adversary through time, space, and political mobilization rather than seeking decisive battles.

Unrestricted Warfare, the influential 1999 doctrinal work by PLA colonels Qiao Liang and Wang Xiangsui, calls for extending conflict beyond traditional military operations into economic, technological, legal, psychological, cyber, space, and information domains. In this framework, “war” is reframed as permanent competition across all instruments of national power.

China’s official “Three Warfares” doctrine—public opinion, psychological, and legal warfare—formalized in 2003, focuses on shaping the battlefield before and often instead of kinetic conflict.

As Elizabeth Economy details in Foreign Affairs, “China is executing a patient, multi-decade campaign to dominate the “new frontiers of power”—deep seabed, Arctic routes, space, cyber protocols, and financial infrastructure. This is not episodic aggression but a continuous effort to set conditions, rewrite rules, and erode U.S. advantages below the threshold of open conflict.”

Michael Pillsbury also persuasively argues in The Hundred-Year Marathon that China’s approach centers on a long-term strategy of “winning without fighting” — drawing on traditions of extreme patience over decades or generations, inducing complacency in competitors, and pursuing the patient displacement of American primacy over decades or generations.

China’s activities in the South China Sea, cyber pre-positioning in critical infrastructure, and expansion of global port access reflect a strategy focused less on immediate confrontation and more on a persistent approach to reshape power and influence order in China’s favor. In short, Beijing’s strategy is built for a marathon of protracted competition to weaken American primacy and expand China’s own political, economic, technological, and military influence.

Russia’s approach to Endless Warfare:

In contrast to China’s patient, multi-decade campaign, Russia is a committed global disrupter on a permanent war footing against the West.

This posture is driven, in part, by Russia’s long-standing obsession with defending the homeland—a besieged fortress mentality—the conviction that Russia is existentially threatened and surrounded by enemies seeking its destruction. Russia considers the U.S. and NATO first among those enemies.

According to CEPA, Russia sees warfare as “continuous and ubiquitous” and believes that true lasting peace with the West is impossible—only temporary pauses in confrontation exist. This worldview and deeply embedded ideology of Endless Warfare by other names have resulted in persistent and evolving gray zone attacks against the West across political, economic, cyber, informational, and social domains.

Russia often appears less concerned about the success or failure of individual operations than with generating disruption, uncertainty, cognitive impact, and strategic effects over time.

As RAND has noted, “All of the many thousands of hostile and often costly interactions between Western and Soviet states or Russia since the 1917 revolution have taken place in the so-called gray zone short of war.” This long-standing reality makes the gray zone a continuous challenge…” This reflects that Endless Warfare by other names is long-standing Russian strategy.

Mechanisms of Endless Warfare

Persistent Gray Zone Attacks:

The gray zone is where great power competition increasingly plays out every day—below the threshold of open conflict and often below the threshold of credible deterrence.

Russia and China employ persistent gray-zone attacks because they have calculated that the strategic gains outweigh the risks and that the likelihood of provoking decisive retaliation remains low.

As argued in earlier work on China’s Gray War on America, strategic defeat in the gray zone—or through gray warfare—emerges not through decisive military power, but through the cumulative loss of relative power, autonomy, and influence across multiple domains of national power.

Russia and China’s gray zone attacks against the United States reflect this strategy. Their objective is not necessarily to directly confront and defeat America through conventional military power, at least not as a primary strategy, but to decisively, even patiently, weaken American at home and abroad over the long term—the framework of Endless Warfare.

Russia’s gray-zone campaign in Europe illustrates this approach. Russia seeks to disrupt and dissuade support for Ukraine while weakening and fracturing NATO—a combination of immediate operational goals and long-standing strategic objectives. For decades, Russia has penetrated institutions, organizations, and networks across Europe, shaping conditions for future conflict. This access provides Russia with the leverage, reach, and insight necessary to conduct a broad spectrum of persistent disruptive activities over the long-term below the threshold of war.

The same approach increasingly extends to the United States. Russia has conducted cyber intrusions; penetrated critical infrastructure; stolen sensitive government, corporate, and personal information; cultivated strategic access, and employed influence operations and other gray zone tools intended to impose costs and create long-term strategic advantage.

Russia’s broader efforts to confront U.S. actions globally through disruption in Syria, across Africa, in the Arctic, and throughout other contested regions—while compelling the United States to respond across multiple theaters and placing sustained stress on allied unity—reflect an approach intended not to engage the United States militarily, but to gradually erode America’s capacity to sustain long-term global competition.

China’s gray zone campaign against the United States has included the penetration of critical infrastructure networks, industrial-scale theft of intellectual property, the compromise of sensitive personal data on millions of Americans, persistent cyber espionage directed at government, defense, and commercial sectors, and influence operations intended to exploit social and political divisions and erode confidence in American institutions. These activities are designed not merely to achieve immediate impact but to gain an advantage over time that will be difficult to reverse.

Cognitive warfare:

The most pervasive adversary activity in the gray zone—and one of the central drivers of Endless Warfare—is cognitive warfare. Our adversaries use cognitive warfare to influence individuals, groups, and societies at the cognitive level—not only through traditional information and influence activities, but also through political, economic, technological, and societal pressures that can influence or disrupt cognition itself.

We should not see cognitive warfare as merely another challenge in the information domain; we should recognize it as a new frontier of power—a deliberate effort to subvert how free societies know, deliberate, and decide.

The ultimate objective of cognitive warfare is to undermine America’s decision autonomy—our ability to accurately perceive global events, to trust the knowledge we have and the information we receive, and to make confident, independent decisions free from external manipulation or coercion.

Adversaries use persuasive disinformation, weaponized narratives, AI-enabled deepfakes, synthetic realities, coercion, intimidation, and other evolving tools to erode trust in institutions, amplify social and political division, manipulate public perception, and increase uncertainty at every level of society: private citizens, business leaders, military commanders, and policymakers.

In the cognitive domain, truth is a strategic asset—precious, powerful, and fragile, and cognitive warfare is a contest for that truth and knowledge.

Cognitive warfare does not need to result in major actions or decisions that directly benefit an adversary to be effective. It succeeds when our decisions become slower, more hesitant, more internally contested, or result in inaction or false choices due to erosion of resolve, coercion, or intimidation.

Proxies and Surrogates

The use of proxies and surrogates offers countries options to the potentially devastating consequences of direct conflict. Proxies and surrogates add essential capability, deflect attribution, and externalize the burden and consequences of Endless Warfare.

Iran has built one of the most developed proxy and surrogate networks in modern conflict. This network allowed Iran to indirectly attack Israel, intimidate regional states, serve as a spoiler in Syria, attack U.S. forces in Iraq, and disrupt international shipping—all while largely keeping itself at arm’s distance. This network also served as a defensive shield, helping dissuade attacks from Israel or the West, and advanced Iranian strategic interests for decades.

Yet surrogacy in Endless Warfare is evolving as modern conflict evolves.

In Endless Warfare, surrogacy is increasingly defined not by the hierarchy or control associated with traditional surrogate relationships, but by the persistent pursuit of strategic outcomes by multiple actors against a common adversary.

In this evolving form of pragmatic surrogacy, adversaries do not necessarily need formal coordination if their independent actions against a common adversary are mutually beneficial.

For example, China and Russia do not share identical strategic objectives. Russia is not a traditional surrogate, but it is also not an equal partner in the relationship. China provides economic, diplomatic, and broader strategic support that helps Russia sustain its war in Ukraine. In turn, Russia takes action to impose costs on the U.S. and it allies and that generates strategic outcomes that benefit China’s broader Gray War against America—consuming U.S. war reserves and resources, diverting attention from the Indo-Pacific and other global priorities, stressing domestic and allied resolve, and exposing potential military vulnerabilities.

Similar dynamics are visible in the Middle East. Iran pursues its own regional ambitions and is not subordinate to either Moscow or Beijing. Yet Iran’s persistent confrontation with the United States can benefit both Russia and China—including increased Russian fossil fuel revenue, discounted energy flows to China, strategic observations relevant to Taiwan, depletion of U.S. military reserves, diversion of U.S. strategic attention, and challenges to U.S. influence in the Middle East.

Russia and China may also benefit from pragmatic surrogate behavior by a much broader range of countries. Rather than build surrogate structures, both countries increasingly persuade, incentivize, induce, or coerce states into actions that strengthen their broader competitive position against the United States. Continuous purchases of Russian energy, participation in alternative financial systems, diplomatic shielding, sanctions evasion, strategic infrastructure access, or agreements providing future military utility can all favor Russia and China while disadvantaging the United States.

Because much of Endless Warfare occurs in ambiguous spaces below the threshold of traditional war, this pragmatic surrogacy may become one of the most effective and scalable mechanisms available to America’s adversaries.

Weaponizing Negotiations.

Negotiations do not necessarily represent the end of conflict; in Endless Warfare they often represent the continuation of it by other means—a new phase where strategic advantage can still be lost or gained.

It is a mistake to assume that entering negotiations means that an adversary will approach them in good faith to seek genuine resolution.

In their negotiations with the U.S., Russia and Iran both posture to seek concessions in advance, set maximalist demands they know are unacceptable, slow diplomatic processes, complicate U.S. decision-making, and erode allied political will and resolve. Most importantly—our adversaries use negotiations to gain time to reconstitute, make adjustments on the battlefield or in the gray zone, and strengthen their overall political and military position.

Russia’s approach under Vladimir Putin particularly reflects a negotiations strategy that is not a bridge to peace, but another instrument of conflict and Endless Warfare.

This pattern was clearly visible after the 2008 war with Georgia. The six-point ceasefire agreement brokered by French President Sarkozy was meant to restore peace and secure Russian withdrawal. Instead, Moscow used the negotiations to consolidate control over Abkhazia and South Ossetia, formally recognize their “independence,” establish permanent military bases, and evade full compliance with the deal.

The same playbook was repeated in the Minsk process after the 2014 intervention in eastern Ukraine. Russia exploited agreements designed to reduce hostilities to freeze the conflict on terms favorable to Russia, preserve leverage, buy time for rearmament, and weaken Western cohesion.

Today, Russia engages in talks to end the war with Ukraine while maintaining military pressure on Ukraine, insisting on maximalist demands, and using the process to weaken Western unity and improve its battlefield position. For Putin, negotiations are rarely about ending the conflict—they are about advancing it by other means.

In the logic of Endless Warfare, negotiations are less about compromise and resolution than about deception, gaining time, shaping perception, extracting concessions, and improving strategic position for the next phase of conflict. An agreement by an adversary to participate in negotiations may not be a diplomatic victory; just a new phase of conflict.

This article has focused on defining Endless Warfare and how our adversaries employ it. Part II will discuss approaches to countering this emerging reality of modern conflict.

All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Your AI Isn’t My AI: The Quiet Splintering Ahead

One of the most consequential geopolitical and technological races underway is the competition to shape the future of large language models. For a moment, it looked like a race to build one dominant cognitive operating system for humanity. But that is not what the next five to ten years will look like. Three forces will define the LLM landscape of the next decade: fragmentation across countries and cultures, the shift from chatbots to autonomous agents, and a quiet transformation in how each of us receives, interprets and shares information.

Search engines organize our information. Social media channels figure out how to grab and keep our attention. Large language models now shape our interpretation.

The first two layers concentrated power. The LLM layer, by contrast, is decentralizing along political, cultural and commercial lines.

Almost overnight, LLMs have become the front door to knowledge. Increasingly, they do not simply retrieve information; they interpret it for us. We consult them as experts, rely on them as filters for decision-making, and use them to help make sense of our world. In the process, we are outsourcing judgement to machines we have never met and never will.

This should not surprise us. Humans naturally apply social rules and expectations to computers – a phenomenon described by Byron Reeves and Clifford Nass in their “Computers are Social Actors” (CASA) framework in The Media Equation (1996). If a machine can communicate fluently, express emotion and simulate empathy, our social instincts engage almost automatically. That tendency will become far more consequential as LLMs continue to evolve.

Fragmentation — many models, many worldviews

Every LLM embeds assumptions.The key question for any model is not whether it is biased. It is “what are its biases and how transparent are they?” Each LLM can embed its own historical framing, level of censorship, moral assumptions, geopolitical narratives and definitions of what is acceptable. There is no globally accepted governance framework that consistently defines these boundaries across models. Rather, it can be different for each LLM today.

This challenge becomes even more complex across languages.Biases in Hindi, Mandarin, Arabic, Portuguese, Bahasa Indonesia, Russian and Spanish may receive far less international scrutiny than English-language outputs.The world may therefore experience not one AI ecosystem, but several competing cognitive ecosystems.

Fragmentation and Sovereign AI

A major structural shift underway is the rise of sovereign AI.

Countries increasingly want domestic models, local compute infrastructure, regulatory control, cultural alignment, and strategic independence.

China already operates a distinct AI sphere through systems such as DeepSeek, Qwen, ERNIE, and Hunyuan. India is pursuing Sarvam and Indus. France backs Mistral.Canada’s Cohere and Germany’s Aleph Alpha are in a planned merger to create a transatlantic sovereign AI vendor. UAE has Falcon and Jais through TII and G42. Singapore’s AI Singapore program backs SEA-LION, a national open-source LLM family. Saudi Arabia’s Public Investment Fund backs HUMAIN, a sovereign AI company focused on Arabic-language models.

It is logical that each of these LLMs will be influenced by language, regulation, compute access, procurement ecosystems, and cognitive alignment.

Open-weight models and asymmetric power

Another major development is the rapid spread of open-weight models.Techniques such as Low-Rank Adaptation (LoRA) allow organizations or individuals to fine-tune powerful models cheaply and quickly. Models can be modified for specialized capability, ideological alignment, style adaptation, or the removal of alignment and safety constraints.

Many open-weight ecosystems contain uncensored variants, often available on platforms, such as Hugging Face, a central hub for open-source AI models. This creates a strategic asymmetry. Advanced AI capabilities are no longer confined to major state actors or frontier labs. Adversaries, extremist groups, criminal organizations and foreign influence operations increasingly have access to highly capable systems.

The Rise of Agentic Systems

While the world fragments into competing models, a second transformation is changing what those models actually do. Today, we still think about AI as chatbots, but that framing is already becoming outdated. LLMs are evolving into agentic systems that call APIs, execute code, coordinate workflows, verify outputs, and operate semi-autonomously. In practical terms, agents will book the travel, draft the contract, monitor the competitor, screen the resumes, reconcile the invoices, prepare the briefing and flag what changed overnight — often calling other agents along the way.

Within five years, much of the information arriving at our desks will likely have been gathered, filtered and summarized by an agent before we read a word of it.The interface shifts from “asking questions” to “delegating objectives.” In this sense, the LLM itself disappears into the background — much like relational databases disappeared into modern computing infrastructure.

The Battle Over Cognitive Infrastructure

Put these two forces together and the picture changes for every leader, every citizen, every reader.

How we receive information. Each of us will increasingly see the world through whichever LLM sits between us and it. That model carries its own training data, its own guardrails, its own omissions. Two colleagues asking the same question of two different systems may get two materially different answers — and neither will know what was left out.

How we interpret information. Agents will not deliver raw material. They will deliver conclusions, summaries, and recommendations. The intermediate steps — the sources weighed, the alternatives discarded — will happen out of sight. We will be tempted to accept what arrives, because the cost of checking will be high and the appearance of competence will be persuasive.

How we share information. Increasingly, the message I send is drafted by my agent and read by yours. Provenance gets murky. Tone gets averaged. Persuasion runs through systems neither of us fully controls. Citizens can gradually lose trust in institutions, experts and media altogether – and societies with weakened shared trust become far more vulnerable to manipulation, polarization and coercion.

For intelligence services, this represents a shift in who controls the collection, preprocessing and interpretation layers that sit between raw data and national-level judgement.

What this asks of us

The United States currently retains major advantages (frontier research, semiconductor ecosystems, hyperscale cloud infrastructure, venture capital, and global platform reach), but the strategic environment is changing quickly. American developers increasingly use Chinese open-weight models because of cost-performance advantages. Open-weight models are publicly available, allowing anyone to run, modify, fine-tune or adapt them to their liking. The visible layer of perhaps dozens of major frontier models understates the true landscape. The real surface area lies in the derivatives, adapters and localized systems proliferating worldwide. The battle over AI and LLMs is not simply about economic advantage or technology leadership. It is about who will shape the cognitive architecture through which billions of people understand truth, authority, identity and reality.

The defining question of the next decade may be “Which system do we collectively trust — and what do we still insist on judging for ourselves”. Because whichever systems mediate knowledge, memory, interpretation, persuasion, and trust will increasingly shape the operating system of human society itself. The good news is the infrastructure is being built, the rules and guidelines are yet to be formalized, governance is an emerging topic and major consolidation has not yet taken place. Our future depends on who preserves human judgement, freedom and trust as our world is transformed by technological advance.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Before Funding a Record Defense Budget, Congress Should Demand Answers on Iran

As I listened to Defense Secretary Hegseth testify about the proposed $1.5 Trillion defense budget, the quote from Robert Heinlein, the science fiction writer, kept running through my mind: “The most expensive thing in the world is a second-best military establishment, good but not good enough to win.”

The U.S. military has no peer. U.S. military personnel are a stunningly impressive group, the best trained and equipped to ever fight a war. But despite continued tactical excellence, and the highest tech and the (already) most expensive military in the world, the U.S. has had a hard time turning that into durable strategic outcomes.

The War in Afghanistan ended in a collapse of its government and U.S. withdrawal. Getting Iraq to a fragile, deeply sectarian, often-Iranian-dominated, and corrupt democracy, took years, thousands of U.S. lives, many multiples of that of Iraqi lives, and billions of dollars. And the current Iran war seems likely to end in a way that is neither beneficial for U.S. security nor a successful escalation beyond what can be accomplished with coercive diplomacy—as of right now, the war did not remove the Iranian regime, its highly enriched uranium nor Iran’s capacity to shut down the Strait of Hormuz at will. As a bonus, we likely have confirmed the view among nations that the only real way to ensure that no one will attack you is to acquire a nuclear weapon. These three wars are not a track record of strategic wins.

While Congress considers authorizing and appropriating the largest defense budget since World War II, they should undertake a formal, concerted effort to understand why this disconnect exists. In the case of Afghanistan, such an effort is well underway with the Afghanistan War Commission. But a myriad of questions, ranging from the purely tactical to the political and strategic, need to be answered in the case of the Iran War. While the Administration will certainly argue that it’s too soon for a commission like the one for the Afghanistan War to be contemplated, that should not stop Congress from seeking answers on its own as it determines whether, and how, to provide the requested defense spending.

Congress should demand to know why the U.S. military was underprepared for the threat of Iranian drones, which killed U.S. servicemembers, destroyed aircraft, damaged U.S. facilities across the Gulf, and damaged commercial facilities in multiple countries. This seeming under-preparedness is despite the ubiquity of Iranian-supplied drones in the Russia-Ukraine war. Congress should seek to determine if the intelligence on Iran’s drone programs was accurate and, if so, was DOD unprepared? Or, alternately, did DOD determine this level of damage was an acceptable risk—after all, one rarely fights wars without losses. But it’s equally likely, perhaps much more likely, that we overestimated our capacity and that of our allies to suppress drone launches and intercept airborne drone attacks.

Similar questions relate to Iran’s missile capability, which has done damage all over the region. Again, those authorizing and carrying out the war would have strong insight into Iran’s capacity to conduct such strikes. And the U.S. may have understood, assuming media reports are correct, that Iran could rebuild these capabilities reasonably quickly. But Congress should ask about this and the capabilities and decision-making given the costs that have been imposed. Would the systems that would be funded in this year’s budget request fix that problem? Or do we need to do something else?

Iran has been, as noted, able to close the Strait of Hormuz. Did DOD develop workable options for this foreseeable possibility? If not, why not given that such a closure has been contemplated in many, many war games and written about publicly for years? Bad planning? Or did DOD assume they had the capability to deal with the Iranian systems? If so, why was that wrong and what do we need to do to ensure that this can’t happen in the future, for example in the Strait of Malacca or the South China Sea?

Congress should also ask hard questions about military planning. The Department of Defense is extremely defensive about sharing details of war plans with Congress, for understandable reasons, but the Secretary of Defense and Chairman of the Joint Chiefs have not been shy about broadcasting, for example, the number of targets hit and ships sunk. How did the planners envision striking these targets in those numbers would achieve strategic goals, whatever they were?

The largest problems appear to come from confused and wildly over-optimistic goals and misaligned strategies between allies. And one cannot envision the Administration agreeing to answer questions about how the President made the decision to attack or why he made that decision when he did. But Congress can and should press the Department and the Intelligence Community on what options were presented and how risks and benefits were presented. The Executive Branch will resist this, but also cannot be trusted to grade its own homework. And the country deserves to have some faith in the process by which the President is presented and weighs strategic options and risk even if the President resists explaining how he came to make those decisions.

It would be ideal if Congress would conduct these inquiries publicly. But given the political environment, that seems likely to break down in partisan infighting. Instead, Congress, through the Armed Services Committees and to a lesser extent the Intelligence Committees, could simply explore these questions through a series of closed-door briefings, hearings, and interviews. Responsible members, and the Chairman and Ranking Members on both Armed Services committees are in that category, can agree to lock arms and work together to understand what happened—the Senate Select Committee on Intelligence investigation into Russia’s attempts to interfere in the 2016 election provides a good example of just this kind of effort (full disclosure—I was the Minority Staff Director on SSCI during this time). Such effort may not fully satisfy anyone, will irritate partisans on both sides of the aisle, and will certainly provoke conflict between the branches. But such checks and balances are essential to war fighting by a democratic state. We need to understand why we’ve failed in the past if we want to win in the future and avoid Heinlein’s curse.

All views, positions, and conclusions expressed in this publication should be understood to be solely those of the author.

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Anonymous Wikipedia Editors Influence Global Narratives — and AI Systems

OPINION -- If you ask Google what Al Jazeera is, the answer you receive draws heavily on Wikipedia. The same is true if you ask ChatGPT, Perplexity or many other large language models. Wikipedia has become the working baseline of public knowledge, whether for reporters, students or congressional staffers.

Look up Al Jazeera on Wikipedia today and the encyclopedia describes it as “a Qatari news media organization” that is “a statutory private foundation for public benefit” “primarily funded by the government of Qatar.” Its flagship article assures readers that Al Jazeera was “launched with a mandate of independence,” was “noted for its journalistic professionalism,” and is recognized by scholars as having driven a democratizing “Al Jazeera effect” across the Arab world. This is the conventional wisdom hundreds of millions of people now casually believe.

It is also, in many important respects, wrong.

The ground truth is that Al Jazeera is a state-owned broadcaster of an absolute monarchy, funded and effectively controlled by the ruling Al Thani family of Qatar. The network's own former director general told the BBC in 2017 that “90% maybe” of its budget comes from the Qatari government. Its founding chairman has been Sheikh Hamad bin Thamer Al Thani, a member of the royal house. Qatari law makes criticism of the Emir, his family or his policies a punishable offense, and Reporters Without Borders ranks the country among the world's least free for journalism.

The U.S. Department of Justice has determined Al Jazeera to be “controlled and funded by the government of Qatar” and has ordered its U.S.-targeted digital outlet, AJ+, to register as a foreign agent — an order it has refused to comply with. Israel banned the network in 2024. Four neighboring Arab states demanded its closure as a condition of restoring relations with Qatar in 2017. By every functional measure that matters, Al Jazeera is a state influence enterprise. That is not the picture Wikipedia paints. And it is not an accident.

Wikipedia, the fifth-most-visited website in the world, is written by anonymous volunteers. Anyone with an internet connection can edit nearly any article, and editors are under no obligation to disclose their real identity. The platform's paid-editing rules require editors who are compensated by clients to declare it on their user page, but enforcement depends entirely on volunteer detection. Articles on contentious topics, like the Israel-Palestine conflict, can be placed under so-called “Extended Confirmed Protection,” restricting edits to established accounts. But within those restrictions, the system runs on the assumption of good faith. Once an account passes the threshold for tenure, it can shape any article it chooses, in any direction, behind whatever username it likes.

One user dominates Wikipedia's coverage of Al Jazeera. Originally registered as Gsgdd in November 2022 and later renamed Cinaroot, the account is now responsible for more than 40 percent of the current text on the main Al Jazeera Media Network article (nearly quadruple the second most active editor), more than 27 percent on Al Jazeera English (triple the next editor), and 68.2 percent on Al Jazeera effect, the entry that explains the network's broader significance (five times greater than the second most active editor).

Who is Cinaroot? Honestly, no one outside Wikipedia's internal moderators knows. The account presents no biographical information, lists no affiliations, and has renamed itself twice — from Gsgdd to Astropulse in mid-2024, then to Cinaroot in early 2025 — making earlier activity harder to trace. There is no public evidence directly linking the account to the Qatari government, to Al Jazeera, or to any contractor working for either. What can be established is the pattern of edits, their volume, their direction, their timing, and the institutional environment in which the work is taking place. Whether Cinaroot is one person, a team operating from Doha's information ministry, or a contractor compensated by a third party can only be inferred. The inference is strong. The proof of who sits at the keyboard remains, by design, out of reach.

What can be analyzed is the account's behavior, and it would interest any analyst of influence operations. Cinaroot was registered on Nov. 12, 2022, ten days before Qatar opened the 2022 World Cup — the centerpiece of more than a decade of Qatari soft-power spending and an event Doha treated as the small Gulf monarchy's arrival as a global actor. The account made a handful of minor, unrelated edits and then, for nine months, fell silent. That itself is unusual. Most organic users' activity fluctuates, but rarely do they go fully dormant for months. Most important is when the account “woke up.”

On Oct. 25, 2023, eighteen days after Hamas's attack on Israel, Cinaroot's first substantive act was a political statement. The edit was a post on the Talk page of the October 7 attacks article, where editors discuss (and often fight over) changes. The account, citing UN Secretary-General António Guterres, asserted that the massacre of 1,200 people in Israel “did not happen in a vacuum,” and enumerated alleged Israeli responsibilities for the violence.

Two days later, the account began what would become a years-long campaign focused on Al Jazeera. But what it did first would set the template for everything that followed.

In 2017, Saudi Arabia, the United Arab Emirates, Bahrain and Egypt severed relations with Qatar, blockaded its borders, and demanded the closure of Al Jazeera as one of thirteen conditions for restoring them. Four Arab governments — Qatar's closest neighbors and the states that had lived with the network's regional role for two decades — had judged Al Jazeera consequential enough that its shutdown was a key demand. That fact sat in the lead section of the Al Jazeera Arabic Wikipedia entry, the first thing a reader would see — and as damaging a claim as any for an organization trying to manage its credibility.

Cinaroot, an account that, at the time, had almost no recorded experience on the platform, swiftly moved the statement out of the lead and into a controversies section further down, where fewer readers would encounter it. In its place, favorable language about the network's journalism went in at the top. The same kind of move would be repeated across the cluster for the next two and a half years: critical material relocated, compressed or contained; favorable material elevated; disputes about Qatari control reframed as procedural questions about sourcing and balance.

Examples accumulated. In November 2023, Cinaroot removed the names of senior Qatari figures — including the network's chairman, a member of the Al Thani royal house — from the lead of the Al Jazeera Media Network article, visually distancing the network from its royal leadership at the top of the page. The same month, the account rewrote the article's account of the U.S. foreign-agent ruling to apply only to the subsidiary AJ+, isolating the legal classification from the parent organization. In June 2024, Cinaroot removed Al Jazeera English's “state media” categorization tag from its Wikipedia infobox, arguing in the edit summary that “partial funding by Qatar govt itself is not enough for categorization.” In September 2025, when another editor proposed describing the network as “essentially state media,” Cinaroot reverted them with the justification: “essentially is not enough, legally is what matters.” On a single day in January 2026, the account deleted 39,544 bytes — roughly 6,500 words, or a month of accumulated work by another editor — covering the network's funding, governance and editorial policy.

Cinaroot has not gone uncontested. Another editor, operating under the Arabic-language username Ghawwas Al-Ilm — “diver of knowledge” — has spent years expanding the same pages with sourced material on Al Jazeera's funding, leadership and operational ties to the Qatari state. That material is the substance Cinaroot has repeatedly removed. The pattern across the cluster is one of expansion by Ghawwas, then constraint by Cinaroot — additions accumulate over weeks; one structural edit erases them. Because Cinaroot has the higher tempo and the procedural fluency, the constraint side has, over time, prevailed.

The cumulative effect, edit by edit, is more than a sanitized story. It is a Wikipedia certification of Al Jazeera as independent — the most valuable endorsement the network could ask from any platform. That certification flows outward. It feeds Google's answer panels, trains the major large language models, and shapes the first paragraph of countless news stories, term papers and policy memos. The result is one of the most consequential acts of historical revision in the digital age.

Al Jazeera's 1996 founding, originally rooted in the 1995 palace coup that brought Sheikh Hamad bin Khalifa Al Thani to power — and that produced a satellite broadcaster to project his new government's voice almost immediately — has been stripped of that political context. The phrase “primarily funded by Qatar,” used in earlier versions of the article, has been softened. In reality, the network's funding, launched reportedly with more than $1 billion, mostly from the Emir of Qatar himself, has not changed.

The most striking work is on the Al Jazeera effect article — a page that does not simply describe the network but theorizes it as a democratizing political-science phenomenon. The article today asserts in its own voice that there is a “broad consensus that the network has revolutionized Arab television news,” enjoying an “unprecedented margin of freedom” and “democratizing media in the Middle East.” In effect, this is a complete inversion of the journalistic reality behind the network, which is funded and effectively controlled by the rulers of an autocratic petro-state. Cinaroot wrote 68.2 percent of it. This isn't ancient history: the account is responsible for 71 of the page's 83 edits since the beginning of this year.

The Al Jazeera effect article leans on the work of Mohamed Zayani, a scholar at Georgetown University's Doha campus, which Qatar has funded with more than $1.06 billion in disclosed payments to the university. The Wikipedia article's signature claim, that Al Jazeera enjoys an “unprecedented margin of freedom,” is taken from a paywalled Zayani paper that Cinaroot personally paid $37 to access, noting “thanks Sage” in the edit summary. Volunteer encyclopedia editors working in their spare time do not typically reach for their credit card to buy paywalled academic articles in order to cite them.

Wikipedia insiders have a term for this kind of loop: citogenesis. In the classic case, an editor adds an unsourced claim to Wikipedia; a reporter reads it and repeats it in print; the printed article is then cited back into Wikipedia as the source. A claim has been validated by the loop it produced. What appears to be happening on the Al Jazeera pages is citogenesis at an institutional scale. Qatar funds the news network. Qatar funds the prestigious university. Scholarship that emerges from inside that funded ecosystem then appears in Wikipedia as if it were neutral authority. Wikipedia trains Google's answer panels and the major large language models. By the time the information reaches a reader, the original political circumstance has been removed at three stages, and the constructed “truth” separated from the context that produced it.

Cinaroot is not alone. A second editor, Mo2010, has built out much of the secondary infrastructure across the Al Jazeera ecosystem — and has done particularly consequential work on the AJ+ article, which Mo2010 created from scratch in February 2014. AJ+ is the brand U.S. regulators ordered to register under the Foreign Agents Registration Act, and the network's most aggressively distributed property on American social media. On the AJ+ page, the way that foreign-agent order is described — as a press-freedom issue rather than a Justice Department determination of state control — shapes how American readers, and the AI systems that increasingly answer their questions, encounter a foreign government's most active U.S. media presence.

This is not the first Wikipedia editing operation linked to Qatar's interests. In January, the Bureau of Investigative Journalism — a London-based nonprofit newsroom — documented a covert editing operation by London PR firm Portland Communications on behalf of Qatari-linked clients: a network of anonymous accounts deployed to reshape politically sensitive articles, particularly those connected to the crown jewel of Qatar's brand empire — its global sports-related partnerships and the executives behind them. That investigation established the capability and the precedent. The Al Jazeera cluster is what the same playbook looks like applied to Qatar's most consequential media asset.

None of this is a hidden conspiracy. Every edit is in the public Wikipedia record. Anyone with a browser can read them. That is also the design: each individual edit is defended on its face as sourcing improvement, neutrality balancing or style cleanup. Wikipedia's culture rewards those rationales. The pattern is only visible when one reads the edits together.

Wikipedia will not solve this on its own. The platform's editorial culture is designed to assume good faith and to treat procedural arguments as conclusive. That is its strength, and its vulnerability. Foreign-influence work that arrives in the language of “sourcing” and “balance” passes through without resistance. It also helps when the platform has been cultivated. The Qatar Foundation, a state-owned non-profit, was a six-figure donor to the Wikimedia Foundation in the early 2010s. The Qatar Computing Research Institute — owned by the Qatar Foundation — entered a formal partnership with Wikimedia in 2011 to expand Arabic-language Wikipedia, train editors and integrate Wikipedia editing into university curricula in the emirate.

In 2013, Wikipedia co-founder Jimmy Wales delivered a keynote at a Qatar Foundation event in Doha. And in December 2025, Al Jazeera Media Network announced an expanded partnership with Google Cloud to integrate Google's AI tools into its newsroom — the same Google whose answer panels are fed in part by the Wikipedia articles Cinaroot has shaped. None of these touchpoints proves editorial control. They demonstrate that Qatar has, for more than a decade, engaged the encyclopedia and its commercial neighbors at the institutional levels at which platforms decide which actors' claims should be treated as credible and which should be scrutinized.

There are concrete steps Wikipedia and its parent foundation could take. Articles about state-funded media organizations could be designated as a contentious topic class, requiring identity verification through the Wikimedia Foundation for editors making more than a defined number of substantive changes — without exposing those identities publicly. Single-editor authorship dominance above an established threshold (say, 40 percent of an article on a politically sensitive subject) could trigger automatic review. Edit summaries that justify content removal on procedural grounds could require linking to a documented Talk-page consensus rather than a single editor's policy invocation. Wikipedia's existing paid-disclosure rules could be enforced not only against editors who declare themselves paid, but against accounts whose editing patterns — concentrated topical focus, procedural sophistication, persistent directional outcomes — diverge measurably from organic editing. None of these would compromise the open ethos that makes Wikipedia what it is. They would simply close the gap the current rules leave open.

What governments, technology platforms and the encyclopedia itself owe their readers is a more honest accounting of who writes the entries that now train the world's information systems. Until then, the answer to the question “What is Al Jazeera?” will be whatever a small number of editors, backed by a much larger set of institutional relationships, have together determined.

Ashley Rindsberg is founder and chief investigative officer of NPOV. Toby Dershowitz is senior adviser at the Foundation for Defense Of Democracies, a non-partisan research Institute focused on national security and foreign policy issues. Follow them on X @ashleyrindsberg and @tobydersh

The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Part II: When a Machiavellian and a Charismatic Met

In our pre-summit piece on the Xi/Trump meeting [When a Charismatic and a Machiavellian Meet 12 May] we wrote: "When a gifted political charismatic such as President Trump is paired in negotiation with an equally gifted Machiavellian such as President Xi, history-making deals may happen. So too can epoch-defining disasters." At the end of the summit, the two Presidents parted ways in an atmosphere of comity – and with the possibility of hammering out between them this year (with three more summit opportunities) a modus vivendi on Artificial Intelligence with incalculable value to all of humanity.

Beijing's and Washington's announcement of their commitment to establish the first ever "intergovernmental dialogue" on AI received scant attention in the noisy and highly divergent post-summit parlor game commentary about who gained what, who gained most, who gained nothing, and who lost what. This is probably because of deep skepticism that mutual trust can be achieved in the midst of the current breakneck international competition to win the AI race.

Those of a certain age can remember the despondent faces of Reagan and Gorbachev, great friends and partners in peace, when they failed at their October 1986 summit in Reykjavík to reach an agreement that had the potential to eliminate all nuclear weapons. Soon after the summit — in 1990, four years later — Gorbachev was awarded the Nobel Peace Prize "for the leading role he played in the radical changes in East-West relations" but ever after spoke about his sense of personal failure in not making a deal with Reagan.

At the time, these two leaders of the world's recognized superpowers – the two most politically powerful men on earth in 1986 -- were working in a world where "mutually assured destruction" had become the de-facto solution to avoiding global nuclear war. What Xi and Trump are proposing now is getting ahead of an equally potentially cataclysmic global problem. They are proposing, as the Chinese announcement said, "working together to promote the development and governance of AI, so that AI can better serve the progress of human civilization and the common wellbeing of the international community." In other words, they are committing to using their individual power in their separate global spheres of influence to avoid a cyberspace era of "mutually assured destruction" – let's call this CyberMAD – this time based on weaponizing AI, versus nuclear power that we can call NuclearMAD.

The AI agreements they may strike – a new "rules based" order that only they will be able to enforce in their own regions – might only be possible when the negotiations occur between "frenemies," two counterpart leaders at the apex of world power who negotiate in good faith despite differences in temperaments, competing political systems, widely divergent cultures and histories.

Paradoxically, what stands out against the backdrop of Xi and Trump's numerous and salient differences are their very similar understandings of the logic and dynamics of political power and their shared political ethics regarding only negotiating with true equals in power. The combination of such extreme differences alongside similar political philosophies may pave the way to forging an AI accord.

Should they succeed, history will judge these men as belonging among the ranks of great world leaders, and history will forgive them much.

Let's review some events from the summit that signal why such a deal is possible.

No Big Fat Hug, but a Counter-Cultural Handshake

With his usual seemingly slightly over-caffeinated gusto the extroverted American President declared prior to their meeting that the Chinese President will greet him with "a big, fat, hug." Trump may have been channeling the classic comedy dynamic between a "funny man" up against a deadpan "straight man." In response to this possible wisecracking from President Trump, the austere introverted Chinese President maintained his usual imperturbable silence, though we can imagine him chuckling — or eye rolling — as this sally from his fellow member of the "superpower leaders' club" – that most exclusive club with a current membership of two.

In the end, Trump was greeted in Beijing not with a big hug from Xi, but with Xi accepting Trump's characteristic long two-handed grip handshake and penetrating stare into the other leader's eyes — something highly culturally uncomfortable for a Chinese leader. For the Chinese such a full in-the-face stare is usually interpreted as a deliberate act of aggression or dominance.

We cannot overlook how much these two Presidents are working to accommodate each other, despite their real differences.

Though Their Drawbridges May be Down, Their Battlements Remain Armed

Xi and Trump share a philosophy of power whereby lasting international deals can only be made if domestic – meaning personal -- power remains balanced between the two dealmakers. Enforceable deals are only secure if individual domestic power is advertised and equally respected by both parties.

Xi's team made this reminder clear regarding his domestic power when China's Foreign Ministry spokesperson tweeted in the middle of the summit that, "the Taiwan question is the most important issue in China-U.S. relations…If it is handled properly, the bilateral relationship will enjoy overall stability. Otherwise, the two countries will have clashes and even conflicts, putting the entire relationship in great jeopardy." The resulting outcry by the American media at this piece of "disrespect" was predictable.

Trump's team made their own statement of defiance regarding domestic power by dramatically chucking any non-organic technology (burner phones and computers) and Chinese representation gifts into a large wastebin at the foot of Air Force One as they departed. This was an unsubtle for-the-cameras reminder to their Chinese counterparts that: "we won't help you spy on us at home." Predictable Chinese commentary ensued over what was labelled an unnecessarily provocative, rude, and "disrespectful" gesture.

Each leader's current stance with regard to their domestic power appears to be enough said and point made (without direct confrontation) and no long-term harm was done. Each leader can make – and take -- political displays of domestic toughness from the other because both understand that each must test their frenemy's strength and resolve. Xi and Trump tolerate and respect each other's political skills on this level, like lions roaring at each other in the wild to mark their territories.

Domestic Postures and Personalities Aside – An AI Deal for the Ages

Xi is a Machiavellian who understands the dangers of yielding to AI control over the material infrastructures of civilization. Trump is a charismatic and intuitively understands the dangers of outsourcing to AI mastery over the intangible psychological ties that shape the social contract between a populace and governance. Humanity missed the mark in WWII with nuclear weapons — each nation hellbent on making such weapons their own and ignoring the global implications of proliferation. This fierce self-interested competitiveness between the world's nations led us to a world where accepting the well-named MAD – mutually assured destruction – made sense as the only way to keep the peace, and therefore all of humanity alive. Today, as we watch the dynamics between the two leaders of the world's superpowers we can hope for a different outcome. Xi and Trump understand the politics that led to NuclearMAD in the past, and how the current politics of AI can lead to the new calamity of CyberMAD. This time however they appear to be taking steps to guide humanity away from making a new set of science-based self-destructive global mistakes.

These leaders — powerful, intimidating, each in his own way brilliant — are best positioned — temperamentally and politically — to hammer out, put on record, and police a deal to curb the dangers of AI and secure humanity's future.

Who knows what marvels future generations will achieve with the aid of AI, if its dangers are curbed through the joint leadership of the Presidents of China and the United States.

[1]"All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author's views."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Narco-Terrorism as Grey-Zone Warfare: Pakistan’s Hidden Front Against India

The United States has long framed its South Asia policy around countering China’s rise, managing the fallout from Afghanistan, and preventing terrorist safe havens. Yet, Pakistan-facilitated narcotics trafficking into India remains a persistent and under-appreciated threat that demands greater attention in Washington. This is no longer an organized crime syndicate but a strong case of narco-terrorism – a deliberate grey-zone strategy that blends profit with subversion.

Drug proceeds fund anti-India Salafi-Jihadist groups, erode social stability in a key democratic partner, and sustain the very transnational networks that the United States has targeted for decades. Recent Indian operations and intelligence reports reveal Pakistan’s role as both a transit hub and active enabler, turning the Golden Crescent into a direct vector against Indian society. For American policymakers, ignoring this pipeline risks undermining Indo-US strategic convergence at a critical moment in the Indo-Pacific and the Middle East.

The Enduring Golden Crescent Nexus

Afghanistan continues to dominate global opium production, even after the Taliban’s 2022 cultivation ban dramatically reduced planted hectares. Vast pre-ban stockpiles, combined with a surge in methamphetamine labs reliant on chemical precursors, have kept the trafficking ecosystem alive and adaptable. Pakistan remains the indispensable transit corridor, channeling Afghan-origin heroin, hashish, and synthetics eastward into India while also moving product westward toward Europe. A 2025 US State Department Presidential Determination on major drug transit countries explicitly listed Pakistan among the 23 nations central to the global illicit drug trade, citing “geographic, commercial, and economic factors” that sustain the flow despite enforcement gaps. Indian analysts and security officials frame this as narco-terrorism. Proceeds from these shipments are alleged to finance groups such as Lashkar-e-Taiba (LeT), with hawala networks and cryptocurrencies providing the laundering backbone.

The human cost inside India is stark as border states like Punjab confront epidemic youth addiction, rising crime rates, and generational damage that weakens internal cohesion. What begins as a criminal enterprise quickly becomes a tool of hybrid warfare that imposes asymmetric costs on India without crossing the threshold of conventional conflict. For the United States, this matters because the same financial pipelines that move drug money have historically overlapped with terrorist financing streams that once threatened American lives and interests.

From Drones to Deep-Sea Handovers

Pakistan-linked networks have proven agile, shifting tactics to evade Indian border defenses and capitalize on new technologies. The most alarming innovation is the sudden rise of drug-laden Pakistani drones along the western land border, particularly in Punjab. According to India’s Narcotics Control Bureau (NCB) 2024 Annual Report, drone-related trafficking cases along the India-Pakistan border skyrocketed from just three in 2021 to 179 in 2024, with 163 incidents concentrated in the bordering districts of the Indian state of Punjab. The trend escalated further in 2025 with India’s Border Security Force seizing 272 drones coming from Pakistan into Punjab and recovering more than 367 kg of heroin between January and November 2025. The NCB explicitly warns that these unmanned systems constitute a “significant threat to India’s internal security,” as they bypass physical fencing, evade patrols, and deliver precise payloads of heroin and opium in minutes. Recoveries in these operations have included hundreds of kilograms of narcotics, highlighting the scale and sophistication.

Maritime routes across the Arabian Sea offer another high-volume artery. In April 2024, the Indian Coast Guard, NCB, and state police forces intercepted a Pakistani vessel west of Porbandar in Gujarat, seizing approximately 86 kg of narcotics valued at nearly $62 million and detaining 14 Pakistani crew members. A parallel case from December 2021, adjudicated in April 2026, saw a Gujarat special court sentence six Pakistani nationals to 20 years’ rigorous imprisonment each for smuggling 76.9 kg of heroin worth $39 million; the boat was intercepted 35 nautical miles off the Gujarat coast after intelligence pinpointed mid-sea handovers originating from Karachi. These sea operations frequently involve coordinated transfers from ports such as Karachi or Gwadar, exploiting India’s 7,500-kilometer coastline as both a destination and a transit node toward Gulf markets. Traditional land corridors through Jammu and Kashmir and Rajasthan persist, often synchronized with drone drops in hybrid tactics.

Narco-Terrorism as Grey-Zone Warfare

Beyond the statistics lies Pakistan’s deeper strategic intent. By flooding Indian border regions with narcotics, these networks corrode the social fabric, generate revenue for Pakistan-backed jihadist outfits, and force New Delhi to divert resources toward internal security. This mirrors grey-zone tactics Washington has criticized in other theaters, including persistent, below-threshold pressure designed to weaken an adversary without provoking open war. Recent National Investigation Agency (NIA) chargesheets, including an October 2025 filing in an LeT-linked narco-terror case, have traced drug proceeds directly to financing of proscribed terrorist outfits, with international hawala channels routing funds to operatives in India and Pakistan-administered Kashmir. Furthermore, Indian border forces’ confiscation of 10.2 kg of explosive material, 12 hand grenades, and 200 small arms with ammunition alongside drug shipments in 2025 alone offers strong evidence that narcotics, arms, and terror financing now operate as one ecosystem.

For the United States, the implications are concrete and immediate as terror groups sustained by narco-profits have repeatedly targeted American citizens and allies. The same laundering mechanisms that shield drug profits also obscure terrorist financing, creating overlapping threats that US law enforcement and intelligence agencies have long tracked. Moreover, India is America’s indispensable partner in the Indo-Pacific. As Washington deepens defense, technology, and intelligence cooperation with New Delhi to counter Chinese assertiveness, allowing a Pakistan-enabled narco-pipeline to undermine Indian stability undercuts that partnership. The post-Operation Sindoor landscape has already demonstrated how quickly South Asian flashpoints can escalate. Layering narcotics-fueled instability atop existing tensions only heightens crisis risks. In short, what happens in Punjab or Gujarat does not stay there, but it reverberates across the QUAD and into America’s broader strategic calculus.

Time for a Smarter US Approach

US policymakers should stop treating India’s narcotics challenge as a narrow bilateral issue and elevate it from the margins of policy on three fronts:

First, Washington should expand real-time intelligence sharing between US agencies and India’s Narcotics Control Bureau and Coast Guard to accelerate interdictions. The Arabian Sea route matters to Western interests because the same waters used for narcotics trafficking are also vital to global energy flows and commercial shipping. If Washington is investing in maritime domain awareness and Indian Ocean security, narcotics interdiction should be part of that conversation, not an afterthought.

Second, the United States should use targeted sanctions against key traffickers, facilitators, and financial enablers by leveraging existing counter-narcotics and counterterrorism authorities. Raising the cost of operating across these networks would help disrupt the financial architecture sustaining narco-terror activity.

Third, US diplomatic engagement with Islamabad should explicitly link counter-narcotics performance to broader security assistance discussions, making clear that grey-zone destabilization carries consequences.

The post-Sindoor era has shown how quickly South Asia’s security architecture can evolve. Yet the narcotics threat has intensified, adapting faster than the countermeasures designed to contain it. For the United States, treating Pakistan’s role in this pipeline as a peripheral law-enforcement matter is no longer tenable. Confronting it is a necessary investment in protecting a vital democratic partner, disrupting terror financing, and preserving long-term stability across South Asia.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

AI, Autonomous Weapons, and the Pentagon’s $55 Billion Bet on Future War

“The [Defense] Department (DoD) is requesting a massive increase for DAWG. For those in the audience that may not know, DAWG is the Defense Autonomous Warfare Group [tasked with rapidly developing, testing, and fielding large numbers of un-crewed systems and drones] and it's going from the $225 million [in fiscal year 2026] up to the $55 billion for fiscal year 2027. And at the same time, we're integrating the AI-driven [Artificial Intelligence-driven] targeting with those autonomous munitions at a pace that DoD directive 3000.09 was not designed to contemplate.”

That was Senate Armed Services Subcommittee Chairman Sen. Joni Ernst (R-Iowa) on May 19, speaking during a hearing on the science and technology priorities contained in the Fiscal Year 2027 Defense Authorization Bill and the Future Years Defense Program.

The 85-minute subcommittee session covered not only the proposed sharp budget increase in new autonomous weaponry, but also the race that’s going on between the U.S., China and other countries to integrate AI into offensive and defensive warfare. Ernst was questioning Defense Undersecretary for Research and Engineering Emil Michael when she brought up DoD directive 3000.09 which, as updated in 2023, established policy “for developing and using autonomous and semi-autonomous functions in weapon systems, including armed platforms that are remotely operated or operated by onboard personnel.”

Ernst asked: “Secretary Michael, has the department formally reviewed whether the current governance framework is actually keeping pace with DAWG’s growth and then how do we overcome that?”

Michael responded, “It absolutely needs updating…because of the threat environment -- what's possible by the adversary -- and partly because of the lessons we learned in Iran.” He explained that the U.S. wants “autonomous mine-seeking capabilities” for the Hormuz Strait, and the Trump anti-missile Golden Dome “has an autonomous element to it, a space-based interceptor that could …hopefully get a Chinese hypersonic missile in the first 90 seconds of launch before it separates into decoys and multiple munitions. So there are going to be different risk levels with autonomous and we have to account for them in our policies. My belief is that will change more frequently than it has in the past than it ought to, to be consistent with our values, consistent with the threat environment, and consistent with the technology development.”

In his opening remarks, Michael described concerns with China, when it comes to the AI competition.

“From a national security standpoint, this is another case of our adversary, the main adversary, China, you know, taking our IP [intellectual property] from our American development labs that have spent hundreds of billions of dollars [on AI] by the end of the next couple of years…And they're “distilling” those [AI] models, which means effectively copying them for a fraction of the

price, taking off the guard rails for them, which means they could be used in ways that they're not intended to be used, which is very dangerous for us, whether it's cyber as a cyber weapon, as a biological weapon, as a chemical weapon.”

“So the threat is real,” Michael said, adding, “We have to stay ahead on chips, power, innovation and capital formation and that gives us this six to 12 month lead and maybe we could extend it. In the last Commerce [Department] NIST (National Institute of Standards and Technology) evaluation, our lead had increased by a few months against the Chinese.”

Discussion of AI in directed energy/laser weaponry was one area that caught my eye.

“Directed energy is one of my top critical technology areas,” Michael said, “So it is a focus by us. The science for directed energy is largely done and now we're in the engineering phase of it. So the engineering part of it makes it cheaper, smaller and more proliferated. We now have a suite of directed energy products that go from low-end to high-end and now we have to scale production of those. The things that are helping are Golden Dome [anti-missile defense systems], because they have a big reliance on directed energy…And because the commitment was made to the President [Trump] that we're going to have a demonstration that includes directed energy in our Golden Dome architecture, there's a lot of energy going into that.

Michael added, “While we're going to have multiple demonstrations, the primary demonstration where it [laser technology] demonstrates a lot of capabilities will be summer of [20]28.”

When Subcommittee Chairman Ernst asked Undersecretary Michael, “What are we doing to ensure that the transition pathway from that [AI weapons] prototype to actual production is actually functioning,” he gave as an example Castelion, a company he said, “developing low-cost hypersonics less than half-a-million-dollars per missile relative to the $50 million per missile we pay today.”

Backing up his statement, I found that last April 24, the U.S. Navy announced it had awarded Castelion a $105 million to continue efforts to integrate its Blackbeard hypersonic strike weapon onto the F/A-18 fighter/bomber and transition the system to an Early Operational Capability in 2027 for carrier-based operations.

And on May 13, DoD announced “once Castelion achieves testing and validation, the Department will award a two-year multi-year procurement contract for a minimum of 500 Blackbeard missiles annually, with options to extend for up to five years. To further encourage Castelion's self-funded facility expansion, the Department is actively seeking the necessary authorizations and appropriations to purchase over 12,000 Blackbeard missiles over five years.”

Subcommittee Ranking Minority Member Sen. Elissa Slotkin (D-Mich.) raised two questions that took up a good part of the panel’s time.

“Given the strategic importance of winning, I cannot for the life of me understand two decisions that have been made,” Slotkin said. “Number one [was] the decision to sell Nvidia chips to the

Chinese, giving them not our most sophisticated, but some of our most sophisticated chips and chips they do not have.”

“Secondly,” she said, “I do not understand picking a fight with one of the few [AI] companies, Anthropic, that's in all of your [DoD] systems. All of you [the military services] use Anthropic right now, to the point where we've named them a supply chain risk, and all of you are supposed to be divesting from Anthropic in the next two months.”

“On the chips question,” Michael said, “this is a debate within the technology industry which is if you sell an adversary older chips, do you slow down their domestic production of equivalent chips because they become reliant on your technology?…If they become used to the American stack, is that net better for the American AI proliferation? And that's a debate.”

Michael added, “And the White House has decided that if we gave them two versions behind chips that we'd be able to preserve our dominance on the programming language, and make it less encouraging for them to develop their own domestic chip industry to catch up.”

As for the withdrawal from Anthropic, Michael said, “What we're worried about with the terms of service that they [Anthropic] had, and their posture toward the department [DoD], which when they questioned the [Venezuela President] Maduro raid, and whether their software was used inappropriately [in his kidnapping], gave us the sense that this was not a reliable partner to deal with…in conjunction with their written terms of service which prevent the use cases that we would like to advance into -- battlefield management, directing interceptions, developing weapons systems.”

Michael explained, “Google, who's been a longtime partner of the [Defense[ Department, Microsoft, Nvidia, real big companies with proper corporate governance, went through their legal teams and agreed to our terms of all lawful use cases, where Anthropic would not. So that should say something that our terms weren't unreasonable.”

However, last week news stories reported that White House Chief of Staff Susie Wiles personally overruled the Pentagon's supply chain risk designation for Anthropic when it came to the company’s contract with the National Security Agency (NSA), which collects and processes electronic foreign intelligence communications.

The revised Anthropic contract with NSA drops the previously contested "any lawful use" Pentagon language, and adds an explicit clause restricting use of Anthropic tools for processing data on American citizens.

In this case, the White House appears to have supplanted the Pentagon in setting the rules for AI contracts. It remains to be seen how these conflicting decisions will be worked out.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Remembering the Americans Who Made Ukraine’s War Their Own

This Memorial Day, The Cipher Brief is remembering the Americans who answered the call after Russia launched its unprovoked, deadly invasion of Ukraine in February of 2022. What follows is a deeply personal account of the war through the eyes of two Americans who have lived it. This piece was written by Dr. Douglas Davis in cooperation with Colonel Sam Hartwell (Ret.).

PERSPECTIVE / OPINION – I did not set out to become someone who counts or names the dead. But years of working in Ukraine have a way of reorienting what you thought your life was all about. Our families have a high price dating back to 2014, when Russia invaded Crimea and uprising in the Donbas.

My wife’s 25-year-old cousin, Mykola Zabavchuk, was killed while serving as a sniper near Bakhmut in the first summer of Russia’s invasion. We visit his grave and the memorial bearing his posthumous Order of Courage medal from Ukrainian President Volodymyr Zelensky every time we’re in Lviv. It changes you and keeps a solemn perspective on those who are fighting for their freedom.

But the reality is that the loss of Ukrainian lives is tragic but understood, even expected, in the cold calculus of this war. But that’s not the whole story. What we find most difficult to reconcile is this: America says it is not at war in Ukraine - and officially that’s true - yet some of America’s most experienced warriors cannot ignore the call to defend freedom and have volunteered to fight and die there. Very few outside their military community are talking about it.

My collaborator for this article, Sam Hartwell is a West Point graduate and former U.S. Army intelligence officer who has spent much of the past three decades living and working in Ukraine. He knows what I am talking about better than most. He lost one of his closest friends, Mark Paslawsky, a West Point classmate and former 82nd Airborne Division artillery officer on August 19, 2014, in Donbas.

Paslawsky was the first American killed in Russia’s war on Ukraine at the Battle of Ilovaisk. He was posthumously awarded the Order of Danylo Halytsky by then-Ukrainian President Petro Poroshenko. Sam now lives in his friend's former apartment in Kyiv, not far from a memorial wall that bears Mark’s portrait. Sam does not talk about this often. That restraint is itself, a kind of testimony.

As a global health physician, I came to this story through a different door than Sam did. My medical work in Ukraine brought me into close contact with a remarkable and unlikely community: American veterans who came to Ukraine not under orders, not under contract, but under conscience. Many applied the lessons learned in war and national security to fight for freedom alongside Ukrainian brothers and sisters in arms. Others came principally to support humanitarian causes.

Crisis of Conscience

I had the honor of serving on the board of one such humanitarian group, Mountain Seed Foundation, alongside its founder, Lieutenant Colonel Nathan Schmidt, USMC ret., and Navy SEAL Lieutenant Commander Dan Cnossen, USN ret., two Naval Academy classmates whose service in Iraq and Afghanistan, respectively, left marks that never fully heal.

Nathan's wounds are the kind that don't show up in physical exams. He came home carrying the weight and burden of friends and colleagues who were lost both above and below his command, and he built something redemptive from that grief.

Dan's injuries were immediate and visible: both of his legs were taken above the knee by an IED during combat operations. He went on to become one of the most decorated American Winter Paralympians of his generation.

Two different kinds of loss. Two extraordinary responses to it.

Together we have climbed mountains in the Austrian Alps and the Carpathians of Ukraine with Ukrainian veterans and their families, part of a healing process that I will admit freely, has been as transformative for me as for anyone on those steep slopes and ledges. Nathan and Dan are two of the finest human beings I have encountered in my life, and they represent something larger: the remarkable community of similarly extraordinary American veterans who have quietly extended their service into the humanitarian domain long after their official obligations ended.

"Kaprun, Austria at the Mooserboden Dam in Hohe Tauern National Park in Summer 2023. Mountain Seed Foundation ‘climbing to heal’ alongside veterans and Ukrainian Gold Star families in the Austrian Alps. Pictured (left to right): Volunteer Courtney Brilliant, Davis, Lt Commander Dan Cnossen, Lt Colonel Nathan Schmidt, Dr. Davis, MSF co-founder Iryna Prykhodko." Photo provided by Dr. Davis.

I have also encountered American warfighters who, like Sam’s friend Mark, resolved their crisis of conscience over this war by making it their own. Individuals like Bryan Pickens, a twenty-year Special Forces (SF) veteran, left retirement not for a contractor's paycheck but to volunteer to lead a combat and drone team of former US. .Special Operations Forces (SOF) operating in active fighting and training. With Russian language skills and extensive combat experience, Bryan first came to Ukraine in 2019 while still in uniform as an official adviser with U.S. Army Special Forces. He later retired and returned to Ukraine in 2022 as a volunteer. He has not looked back.

The men around him are cut from the same cloth. Xen is an accomplished Navy SEAL veteran, sniper and Ukraine drone pilot who brings to this fight the quiet, fierce conviction that defines the best of that community. Bryan, Xen, and others from their circle first came into my life to provide security for me and my colleagues when our humanitarian work brought us into proximity to the front lines. That practical necessity became something else over time. The relationships deepened into a kind of mutual mentorship, each of us coming to understand this war through the other's eyes, and my admiration for all of them has only grown. We have since written and spoken publicly together trying to convey the urgency of what is happening and to close the gaps in understanding that still persist in Washington and beyond.

Joshua Ransford, a former U.S. Marine and another member of Bryan's team, traces a similar arc. He has been working in Ukraine since early 2022, starting as infantry, reconnaissance, and a sniper before evolving into drone operations as the battlefield transformed into an environment where unmanned systems became decisive. He has led counter-electronic warfare and security for our medical teams, including in situations where we found ourselves amid active drone and missile strikes.

What he, Bryan, Xen and others have taught me about the realities of modern war - far beyond anything the medical spectrum captures - is profound. I may never find the right forum to share all of it. But this account of what’s really happening would not exist without Joshua and the other veteran combatants who have trusted me with what they know. As the conflict with Iran has made clear, the lessons carried by this community are not abstractions. They are operational intelligence that the United States cannot afford to ignore.

The Cost of Showing Up

First of all, let me be clear about what these veterans are and what they are not. They are not mercenaries. They are not reckless adventurers seeking a second act or a story to tell. They are among the most disciplined, experienced, and morally serious people I have ever known, and the war has not made them harder so much as it has made them more clear on the realities that exist. They did not ask to be named or recognized. Those whom Sam and I identify in this account acquiesced to sharing their stories only after persuasion that sharing serves a larger cause. They are unsung American heroes operating in Ukraine as often unpaid, largely unsupported volunteers, at enormous personal risk and at real cost to their lives back home.

That last point deserves a moment of reflection. Veteran volunteers like Bryan Pickens have had to periodically leave Ukraine entirely, return stateside, and take contract work simply to finance their ability to go back. The war does not pause while they earn the money to fight it as volunteers. Nor do their mortgages and other obligations at home.

Incidentally, some readers may recognize Bryan in a different context: he served as a military adviser and a role player alongside Sean Penn in the Oscar-winning film One Battle After Another.

The title is unintentionally poetic. Bryan moves back and forth between that work stateside and a calling that keeps pulling him back to the Ukrainian front. I learned this only after the film debuted, from Bryan's teammates — because self-promotion is not in his DNA, almost to a fault. That is the reality for many of these veterans. Little to no salary. No benefits. No official recognition. Just the conviction that the work matters and the discipline to keep showing up for it. One. Battle. After. Another.

That is no small thing. In a moment when official policy has struggled to match the clarity of the moral stakes, these individuals have provided their own answer. For too many of them, that answer has been written in blood, and paid for with their lives.

In February of 2023, Pete Reed, a former U.S. Marine and seasoned humanitarian worker, was killed in Bakhmut. The New York Times documented his death in detail, as it was caught on film. I knew Pete through the overlapping networks of American volunteers and veterans working in Ukraine, and I arrived in Lviv for one of my early trips of this war on the very day he died. His loss hit his community hard. What the coverage captured was the human cost. What it did not fully capture was an emerging pattern.

Detecting a Quiet Pattern

I began to see that pattern first through Pete, and more so later as I became drawn into the care coordination of several international veterans wounded in Ukraine. Among them was an American Marine veteran named Cristiano Zeledon, who was working in a humanitarian capacity when he was severely wounded in a missile strike on a pizzeria in Kramatorsk in June 2023. That same strike killed several other aid workers, including the celebrated Ukrainian writer and war crimes researcher Victoria Amelina, whose death drew significant international attention and outrage. It also killed American veteran Ian Tortorici, who had been serving in combat with the Ukrainian International Legion.

What the coverage at the time did not report, and what was suggested to those of us working in these networks afterward, is this: a Russian intelligence asset had been monitoring not just the foreign aid workers who were killed in that pizzeria, but specifically, American veterans and they called in the strike to kill them. If true, then this was not just a random act of war. It was a targeted assassination of Americans on foreign soil, planned and executed opportunistically by Russian intelligence.

The attack barely registered in the West, in part because the public visibility of American involvement in Ukraine was being carefully managed as Washington sought to avoid any appearance of escalation. One can also blame the saturated news cycle, which moves rapidly from one atrocity to the next, leaving yesterday's events forgotten before they are fully understood.

It should have registered. Because that strike was not an isolated incident. It was another data point in a pattern the American public has not yet been compelled to reckon with. People like Bryan Pickens and his community helped me see it more clearly and soberly.

Rocki, Tiny & Sandy

That pattern is perhaps best exemplified by retired U.S. Marine First Sergeant Corey Nawrocki, widely recognized as one of the most decorated Americans killed while defending Ukraine. Nawrocki, known as "Rocki" was operating alongside other American veterans when he died in October 2024.

I met an experienced combat operator and medic who goes by the callsign "Tiny” at a medical conference in Kyiv, where his frontline experience helped shape our discussions on the evolving realities of combat casualty care. He later shared the details of Corey's death on the condition of anonymity for security reasons.

Tiny was the primary medic on the mission. When the team crossed into Bryansk, Russia on a sabotage and reconnaissance operation under the direction of Ukrainian Military Intelligence, they encountered a large Russian force. In the firefight that ensued, Tiny was treating a teammate with a gunshot wound to the head when he himself was wounded and evacuated by ATV to a hospital in Semenivka, Ukraine. Corey died courageously and selflessly under heavy fire while attempting to rescue another wounded teammate. The details of his final hours that Tiny shared with me remain among the most sobering things I have encountered in years of working in this war. Tiny shared the account of the battle and of Corey's final moments, which has been corroborated by recordings and testimony from other teammates. I am haunted by what he showed me.

Corey approaches a Russian position during a raid into Bryansk Oblast, Russia. Photos provided by Sandy Nawrocki with permission to publish.

Corey and teammate during a raid into Bryansk Oblast, Russia. Photos provided by Sandy Nawrocki with permission to publish.

Corey Nawrocki, during the raid into Bryansk Oblast, Russia, one of the last images of him alive. Nawrocki, a U.S. Marine Corps veteran and two-time Purple Heart recipient, was killed on October 27, 2024, during the operation while attempting to rescue a wounded teammate. Photos provided by Sandy Nawrocki with permission to use.

But death was not the end of it. Indignity followed. Russian soldiers stood over Nawrocki's body, displayed his military ID, and broadcast the image to the world. A distinguished Marine Corps veteran, reduced to a trophy. His identity paraded before a global audience while his family was still learning what had happened. And it did not stop there.

Following his death, Corey’s mother, Sandy Nawrocki, says she was the target of a deliberate digital campaign of cruelty. In a CNN interview, she described being targeted online after Corey’s death, saying trolls posted a picture of her home and her full address, and in an act that can only be described as calculated brutality, posted smiling emojis on social media posts about Corey. Sandy has also spoken publicly, including at a Congressional Ukraine Caucus press conference, about her son’s sacrifice and the broader toll on American families whose loved ones have fought for Ukraine.

The haunting we already felt only intensified after conversations with Sandy, who faced not only the unimaginable grief of losing her son and the torment of a malicious Russian campaign against her, but a separate and frustrating battle to bring Corey’s body home and secure him a military burial at Arlington National Cemetery. That is a struggle that never should have happened. It tells you something important about how this country has chosen to account for its sons in Ukraine's war. But stories like these have barely registered in the American news cycle.

Corey was killed alongside three other international volunteers: U.S. veteran Bradley Jennison, known as “Super Dave,” Canadian Mandeep Singh, known as "Poet," and Swedish volunteer Simon Rajakisto, known as "Rauta." These were men who showed up to fight for what they believed in, an ad hoc coalition of Western veterans operating without formal government acknowledgment or protection. That is what makes the repatriation difficult and the propaganda exploitation of their bodies so damning.

Corey's name appears on no official list of American soldier casualties in Ukraine. America has no such list for a war it is not officially fighting. Corey is, in the ledger of this conflict, ambiguous — if not invisible. That ledger is difficult to reconcile, and the numbers we can piece together paint a sobering picture, even if they remain only an approximation of the truth.

The Invisible Ledger

Since February 2022, the United States has officially lost no active-duty service members in Ukraine. That is technically true. What it obscures is something that those of us working on the ground have understood for years: a significant number of America's most elite veterans, including Special Forces, SOF, and similar warfighters, have gone to Ukraine as civilians and have not come home. The New York Times reported at least 92 American veterans killed in action in Ukraine as of September 2025, but many within the community believe the true number is much higher. Online (and unofficial) estimates suggest elite American veteran deaths since 2022 fall somewhere between 100 and 150, and possibly more. No official U.S. entity is keeping count. Because none of them were officially there.

To put that figure in context: the total number of U.S. Special Operators killed across the entire two-decade global war on terror is reported in the low 600s . If current estimates from Ukraine are even close to accurate, the annual rate of loss among American SOF veterans in Ukraine is near or exceeds the per-year casualty rate of the entire war on terror. Read that again. In a war the United States is officially not fighting, America’s top war fighters are dying at a pace that rivals the wars we were officially fighting up to our withdrawal from Afghanistan. And if you were to include veterans coming from other NATO-aligned countries, the numbers increase considerably.

To be clear, this is not a comparison between the war on terror and the war in Ukraine. These are fundamentally different conflicts across every meaningful dimension: geography, doctrine, technology, and geopolitical stakes. Nor is it a comparison between special operators and conventional warfighters. The point is not equivalence. The point is scale, motivation, and the character of the men and women who are making the sacrifice.

A Verdict, Not an Accident

These are not green volunteers swept up in idealism. These are the most capable, most experienced, most thoroughly trained fighters the United States and NATO has ever produced. They have seen war up close. They understand the odds. They are making a deliberate choice, with no orders, little to no salary, no benefits, no official recognition, and no government waiting to bring their bodies home, to put themselves in the line of fire for a country that is not theirs. That choice deserves to be known and understood by the American public.

But the reality is that the American military and political establishment has largely looked away from this reality, partly for legal and diplomatic reasons, partly because acknowledging it complicates the official narrative of non-involvement, and partly because the men and women doing this work are by training and temperament, disinclined to seek attention. They are called quiet professionals for a reason. They do not hold press conferences. They do not post on social media except to the extent necessary to support their volunteering. They go, they fight, they bleed, and when they do not come back, their families grieve privately while Washington issues no statements. And the American public, by and large, has little to no idea they were ever there.

Sam Hartwell lives inside that grief.

He walks past his friend's portrait almost daily. He understands in a way that no policy paper can convey, what it means that America's best are choosing Ukraine. It is not a coincidence or an accident of individual temperament. It’s a verdict.

Sam’s grief is compounded by a particular sorrow that comes not just from personal loss but from watching something he believed in turn away from itself. For soldiers of his generation, witnessing America step back from the principles that have anchored the rules-based international order for nearly a century is professionally and personally devastating in ways that resist easy description. Yet the men we write about here did not abandon those ideals. They did not wait for permission or policy to catch up with their conscience. That is why they came. That is why they stayed.

These veterans have lived and studied warfare and geopolitics at the highest levels. They have operated in every major theater of conflict of the past two to three decades. They have seen what American power can do and what happens when it retreats. They have looked at what is happening in Ukraine with clear eyes and concluded that the stakes are worth dying for. They recognize what a Russian victory would mean for the security architecture of Europe and the world. They understand what it would do to the credibility and readiness of American power at a moment when that credibility is already under strain. They know that the strategic center of gravity for this century is China, and that pressing demands in Latin America, Africa, and the Middle East complicate the math — but that the thread running through this era of great power competition also runs directly through Ukraine. And they understand what hangs in the balance for the rules-based international order that American blood and treasure built across the last century and that is now, for the first time in a generation, genuinely at risk of unraveling.

They are voting with their lives. The least the rest of us can do is count the votes honestly.

The quiet professionals ask for almost nothing except our support. They do not ask to be called heroes, though they are. But the story of what they have given, and what they continue to give, in a war that Washington officially says does not involve American casualties, is one the American people deserve to know. Not to inflame. Not to escalate. But to reckon honestly with what is being sacrificed, by whom, and why.

Pete Reed knew why. Ian Tortoricci knew why. Corey Nawrocki knew why. Sam’s friend Mark Paslawsky knew why. So does every American volunteer in Ukraine, whether they fight or support those fighting for Ukraine's freedom and Ukraine's very existence. So does every name on the memorial wall in Kyiv, and on walls like them across the country. Memorials that most Americans will never see. They all answered the question of why – not with words, but with action.

Eyes Wide Open

The question that remains is what to do with this story. Sam and I make no claim that this account is comprehensive. It is not. Others may interpret what we have described differently than we do. But it is a beginning, a handful of names and stories pulled from a much larger ledger that our country has not yet fully reconciled. We offer them here because they deserve to be named, because the silence around them is not neutral, and because meaningful dialogue, honest reckoning, and sound policy can only follow from what we are first willing to see. And that begins with eyes wide open.

Honoring the fallen is not optional. But to honor them without learning what they learned would be a compounding tragedy.

The lessons carried home from Ukraine by some of our most elite veteran volunteers, written in blood on a battlefield that has become the proving ground for modern warfare, are directly applicable to active duty service members in other theaters of conflict and to the new and emerging threats facing our homeland defenders. It would be a disgrace to leave them unexamined.

Ukraine is doing its part to honor and memorialize the foreign veterans who have fallen on its soil. My friend Vitali Ostapchuk, a retired Ukrainian Military Intelligence officer, has dedicated himself almost entirely to this mission. In addition to memorial walls and other honors for international veteran volunteers across the country, Vitali is working to establish a national memorial to fallen American veterans and other international volunteers in Bucha, not far from the mass grave site marking the Russian massacres that were carried out in the early weeks of Moscow’s full-scale invasion. Sam and I fully support Vitali and his colleagues in this endeavor. I have visited Bucha many times to honor Ukraine’s dead. I will have even more reason to return now to honor our own. Sam and I have suggested that they call the memorial "The Quiet Professionals."

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

DHS Has Become Central to American Strategy, But Its Strategy Has Not Caught Up

A generation after 9/11, the homeland has returned to the center of American national security strategy. The 2025 National Security Strategy, the National Defense Strategy (NDS), and last week's Counterterrorism Strategy each push in that direction. Parity is the right destination, but it is also a long road. Closing the distance requires a Department of Homeland Security that can chart its own course over the years it will take. The institutional strategy capable of guiding that transition still does not exist.

The security environment that produced these documents is one where the line between foreign and homeland threats has thinned. Cartels are now treated as national security threats. Fentanyl trafficking is no longer viewed solely as a criminal issue, with its precursors now being classified as weapons of mass destruction. Domestic violent extremism remains a core homeland concern.

America's ongoing conflict with Iran has reinforced the same dynamic. Iranian state-affiliated actors targeted U.S. medical technology firm Stryker in March, and the Cybersecurity and Infrastructure Security Agency (CISA) has issued joint advisories on Iranian cyber actors probing U.S. critical infrastructure. Threats once treated primarily as overseas contingencies increasingly carry direct homeland implications across cyber operations, critical infrastructure security, public gatherings, and lone-actor violence.

The department’s strategic architecture has not kept pace. As Customs and Border Protection (CBP) manages the border, the Coast Guard secures the maritime domain, and FEMA prepares for disasters, DHS still lacks a strategic lodestar capable of aligning its disparate components around a coherent departmental vision.

The first Trump administration did not produce a Quadrennial Homeland Security Review (QHSR). The Biden administration produced the 2023 review six months behind the strategic cycle, and the US Government Accountability Office (GAO) found it deficient against ten of twenty-one statutory requirements. This pattern is institutional, not partisan.

Counter-UAS operations increasingly illustrate how rapidly the homeland security mission is evolving. The mission cuts across CBP at the border, CISA at critical infrastructure, the Secret Service at major events, and the Transportation Security Administration (TSA) in aviation. The FY2026 NDAA extended DHS counter-UAS authorities through 2031, ending years of short-term reauthorization fights, and designated the World Cup and 2028 Olympics as a pilot program for state and local counter-UAS deployment.

With the legal architecture now in place, DHS must build the strategic architecture necessary to operationalize those authorities across components, federal partners, and state and local agencies. Counter-UAS operations are only one of many emerging missions where authorities have outpaced strategy.

The 76-day DHS shutdown earlier this year was the longest in American history. It demonstrated how easily DHS appropriations can fracture around the department’s most politically contentious missions rather than broader enterprise-wide priorities. TSA officers and Coast Guardsmen missed paychecks while FEMA preparedness and recovery operations slowed under mounting resource constraints. The operational consequences continued long after funding resumed, with department officials warning it could take months for components to fully recover.

The final agreement funded most of DHS through September while excluding immigration enforcement. The episode showed how vulnerable DHS remains when its missions are not bound by a coherent strategic framework.

That matters more now than when Congress first mandated the QHSR two decades ago. The department was built for an era defined by post-9/11 domestic protection. American strategic planning was focused outward, with counterinsurgency campaigns in the Middle East and power projection in the Pacific. Homeland security was treated as a defensive enterprise running parallel to it.

That world is gone. The mission set has converged with the American national security strategy itself, and the institutional architecture meant to carry that strategy has not changed with it.

This administration has more reason than any of its predecessors to take the QHSR seriously. No previous White House has positioned DHS this close to the center of its national security identity. The mission set the administration has prioritized runs through DHS components first. A functional QHSR is what would translate that political emphasis into a department capable of executing it. Without a strategic reference point, components will continue defaulting toward inherited institutional habits rather than department-wide strategic priorities.

The fix is institutional. The NDS carries weight because it sits at the top of an institutional chain. Serving as the Pentagon's unifying strategic reference, it forces priority trade-offs the department cannot defer. It connects directly to resourcing decisions that translate strategy into what the military buys, builds, and deploys. Congress also chartered an independent commission to review each NDS and test its logic and resource assumptions in public. Congress should give the QHSR the same architecture: a strategy that pulls components into coherence, priorities that drive resource decisions, and an independent commission that scrutinizes its logic.

As the youngest department in the national security apparatus, DHS's strategic infrastructure remains underdeveloped relative to the mission it now carries. A Goldwater-Nichols-style restructuring will eventually come when the politics allow it. Until then, anchor the department around a credible QHSR. A strategy with the architecture Congress has already built around the NDS would not require reorganizing components or rewriting authorities. It would require Congress to treat DHS strategic planning with the same rigor it applies to defense strategic planning.

While America's strategic turn inward is underway, parity will not arrive on its own. The strategy documents prescribe missions for a DHS that does not yet exist. Without a working QHSR, the gap between presidential ambition and institutional coherence will continue to widen.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The G-2: Takeaways from Trump's Trip to Beijing

By most accounts, President Donald Trump’s trip to Beijing ended ambiguously for the U.S. From Air Force One on his way back to the U.S., Trump touted a few concrete achievements that include an agreement for Beijing to purchase $17 billion per year in U.S. agricultural products and a purchase of 200 Boeing aircraft. Beijing’s final read out of the visit did not directly confirm those agreements but did acknowledge a mutual desire to promote “expanded two-way trade”. Chinese President Xi Jinping used the visit to reinforce Beijing’s narrative that China and the United States are co-equal global powers, even referring to the two countries as “the G-2.” But despite the lack of clarity around more urgent issues such as China’s potential role in resolving the Iran conflict or U.S. support for Taiwan, the trip was certainly significant. As many have observed, it is a positive step any time the leaders of the two most powerful countries meet for dialogue. As the U.S.’ only near peer adversary, the relationship with China, including the competition in economic, technology and military domains is the most consequential bi-lateral relationship the U.S. has by a wide margin.

The diplomatic choreography that followed the Trump- Xi summit was equally significant. Soon after Trump’s visit, Russian President Vladimir Putin traveled to Beijing for what was described as a “warm” and “substantive” meeting with Xi. The two leaders have now met more than 40 times, underscoring the depth of the China-Russia relationship. For Xi, the back-to-back meetings with a strategic rival and one of China’s closest partners offered a powerful opportunity to cast Beijing as a stabilizing force in the world at a time when both Washington and Moscow are managing active wars and mounting geopolitical pressure.

Following their summit, Xi and Putin issued a joint statement criticizing what they called “irresponsible” U.S. foreign policy, including a direct reference to Trump’s planned “Golden Dome” missile defense program. Xi also described China-Russia relations as being at an “unprecedented high,” reinforcing the message that Beijing sees its partnership with Moscow as central to its broader challenge to U.S. influence.

For Trump and Xi, the diplomatic track is expected to continue, with a potential Xi visit to the White House in September.

But the Beijing summit left unresolved the larger question at the center of U.S.-China relations: whether a shared interest in stability can meaningfully reduce the risk of confrontation, particularly over Taiwan.

Xi Tries to Show the World China Is America’s Equal

The larger message Xi appeared intent on sending throughout Trump’s visit was that China is no longer a junior power-seeking accommodation from Washington, but a peer competitor that expects to be treated as an equal leader of global order.

Chinese state media framed the summit as a diplomatic win for Beijing, emphasizing that the relationship now operates “on a more equitable basis” and portraying Xi as an equal - if not a more disciplined and strategic - counterpart to Trump. Beijing’s growing confidence in its own position was evident throughout the visit. Xi did not appear compelled to offer major concessions and instead used the moment to reinforce China’s position that the world’s two superpowers have a shared responsibility to manage competition and preserve stability.

That message drew heavily on the logic of the “Thucydides Trap” - the idea that conflict between a rising power and an established power is not inevitable but becomes more likely if rivalry is mismanaged. Xi’s public emphasis on competition, cooperation and “strategic stability” was designed to present Beijing as both confident and restrained: prepared to compete with Washington, but eager to avoid open confrontation.

The rhetoric was notable because it marked a shift from Beijing’s posture just a few years ago, which during the Biden-Xi summit appeared more resistant to the idea of “managed competition”. Like the Trump-Xi summit, the Biden-Xi dialogue similarly sought to establish guardrails to prevent strategic rivalry from escalating into direct military conflict, but at the time, Beijing rejected that framework as a veiled effort to contain China. Xi’s willingness now to publicly embrace the language of competition and strategic stability suggests that Beijing may see advantage in adopting the terminology - particularly if it reinforces the perception that China is negotiating with the United States from a position of parity.

Against that backdrop, we asked two Cipher Brief experts and longtime China watchers how they interpreted the Trump-Xi summit, particularly Xi’s willingness to publicly accept the language of “competition,” and what the summit signaled on the critical question of Taiwan.

Ambassador Joseph DeTrani

Ambassador Joseph DeTrani served as the U.S. Representative to the Korea Energy Development Organization (KEDO), as well as former CIA director of East Asia Operations. He also served as Associate Director of National Intelligence and Mission Manager for North Korea, was the Special Envoy for the Six-Party Talks with North Korea, and served as the Director of the National Counter Proliferation Center, ODNI. He currently serves on the Board of Managers at Sandia National Laboratories.

Rear Adm. (Ret.) Mike Studeman

Rear Adm. (Ret.) Mike Studeman was former Commander of the Office of Naval Intelligence. He also served as Director of the National Maritime Intelligence-Integration Office (NMIO) and as principal advisor to the Director of National Intelligence as National Intelligence Manager-Maritime, as well as the Director of Intelligence (J2) at U.S. Indo-Pacific Command, Honolulu and Director of Intelligence (J2) at U.S. Southern Command, Miami (2017-2019.)

On the US-China Relationship

What is your overall reaction to the summit and is Xi now more confident in China’s relationship with the U.S. and less concerned about whether that is interpreted as trying to contain China?

Detrani

I think Xi Jinping and China feel very good about the summit. I think we should feel relatively good about the summit. I think the president managed it well. We don't have the particulars on what was discussed. We did see very clearly that Xi Jinping prioritized Taiwan, but we don't have the particulars on our side. But I think overall, the summit went well.

Studeman

The CCP remains perennially allergic to allowing any other power, especially the U.S., dictate the language describing the Sino-U.S. relationship. For the Chinese, words carry great meaning. Whoever crafts the narrative, controls their destiny. Naming things is information superiority in action. The key phrase Xi used is "moderated competition," which is designed to show that Beijing is willing to absorb more friction in the U.S. relationship to protect its interests. The new verbiage essentially recognizes U.S. attempts to derisk, diversify, and distance itself from a deleterious overreliance on China. Xi's "moderated competition" signals his effort to stop the death spiral of unrestrained weaponization of interdependence and prevent any hasty departure from China by corporate America. The Chinese idea is to keep clinching the U.S. economically (intertwining like boxers trying to prevent the other from swinging a free arm), while not letting the increasingly tough choices that Washington and Beijing are forced to make spill over into outright confrontation. Using the word "competition" also makes it seem as if the superpower contestation is governed by transparent rules and fair play, which of course it isn't given Beijing's model of a state-driven market and other consequential distortions of global trade practices, including continued massive intellectual property theft. The CCP hopes American journalists, commentators, and political leaders begin adopting the "moderated competition" phrase, which would be a huge psychological warfare win for Beijing, particularly if it tranquilizes the White House into softening its strategic choices related to the Sino-U.S. rivalry.

The US-Taiwan-China Relationship

Taiwan emerged as the most consequential issue of the summit. Analysts note that despite the friendly nature of the talks, Xi’s warning to Trump on Taiwan underscores the longstanding rivalry between Washington and Beijing on the issue of Taiwan.

Following meetings with Xi, Trump declined to clearly commit to future U.S. arms sales to Taiwan or direct military defense of Taiwan in a cross-strait conflict. When questioned by reporters if the U.S. would defend Taiwan if it came to it, Trump answered, “I don’t want to say that. I’m not going to say that” adding later that, “I’m not looking to have somebody go independent, and we’re supposed to travel 9,500 miles to fight a war. I’m not looking for that.”

A $14 billion arms sale to Taiwan is also currently awaiting Trump’s approval. Following the Beijing Summit, Trump described the potential arms sale as a “very good negotiating chip” with China, adding that he needs to speak with the President of Taiwan, Lai Ching-te. He revealed that he and President Xi talked at great length about Taiwan, and notably, the Taiwan arms package. Trump said he would “make a determination over the next fairly short period” on whether he would approve the deal. When asked about the Six Assurances, the 1982 agreement that the U.S. would not consult with China on U.S. military support to Taiwan, Trump downplayed the longstanding norm observed by all previous U.S. presidents, saying, “So what am I going to do? Say ‘I don’t want to talk to you about it?’ Because I have an agreement that was signed in 1982? No, we discussed arms sales.”

This is a familiar practice Trump has used with allies before- framing an issue as more transactional than ideological. His emphasis on maintaining “the status quo” rather than backing Taiwanese independence reinforced concerns in Taipei and among U.S. allies that Taiwan could in fact become a bargaining chip in broader U.S.-China negotiations. Following Trump’s remarks, Taiwan’s government issued a statement reiterating that not only are arms sales to Taiwan a matter of security and deterrence for the U.S., but they are also stipulated in the Taiwan Relations Act.

Trump’s foreign policy messaging is obviously much less predictable than that of previous administrations, but what it means in terms of Taiwan and whether it points to the White House potentially prioritizing short-term U.S.-China stability over steadfast support for Taiwan remains to be seen.

US-Taiwan Relations Following the Trump-Xi Summit

How do you assess the impact to US-Taiwan relations following the Trump-Xi summit? What’s your reaction to Trump breaking with norms and discussing potential U.S. military arms sales to Taiwan, with Xi Jinping?

Detrani

I think the president handled it well enough and I think understandably he responded to Xi Jinping's comments on it. I think Xi understands very clearly the six assurances that President Ronald Reagan memorialized 1982. This was to reassure the [US] Congress and the American people and Taiwan that the United States would be there for Taiwan. This was President Ronald Reagan making it very clear, we're not walking away from arm sales. And this is between the United States and Taiwan. So, it's a very powerful memorialized document in the archives. But I think the president responded to Xi Jinping and I think Xi skillfully brought this up because this was the one issue Xi wanted to pursue with vigor during his summit discussions with President Donald Trump.

Overall, I don't think there were any big surprises. Although Xi made it very clear that there's one primary issue between the U.S. and China, and that's Taiwan and he made that the core element of the summit. So, I think China and Xi feel very good about the summit. I think they've accomplished what they wanted to accomplish. Xi is on the world stage, he's got the President of the United States saying some very nice things about him and the U.S. relationship with China. Xi made it very clear that Taiwan is something that the two sides must get right, otherwise we can have conflict, and we can go to war.

Studeman

Readouts from the summit indicate the President told Xi he did not support Taiwan independence or a change in the status quo, which aren't new policy positions. Multiple Presidents have said the same. But in a significant breach of one of the longstanding 1982 Six Assurances to Taiwan developed under President Reagan, specifically that the U.S. "has not agreed to consult with the PRC on arms sales to Taiwan," Trump flung open the door to letting the CCP negotiate down any foreign military sales deals with Taipei. Trump's aim is to use the Taiwan arms sales issue as a bargaining chip for a better trade deal and China's help in pressuring Iran to end the war. This shift in policy represents one of the biggest wins for China from the summit. China already leveraged its KMT proxies in Taiwan's Legislative Yuan (parliament) to weaken Taiwan's defense bill from $40B to $25B over the next five years, and now China is in the driver's seat to extract further arms sales concessions. These "inside out" and "outside in" successes for Beijing will only end up weakening Taiwan relative to rising PLA capability and presence around the island, in turn reducing strategic deterrence against Chinese aggression in any form.

The US, China and Artificial Intelligence

Despite the attendance of several U.S. tech CEOS, there were no breakthroughs on tech, and little evidence of a concrete technology framework or export-control agreement. The U.S. and China remain firmly positioned on the competitive side of emerging technology. Trump did state that the two sides “talked about possibly working together for guardrails” on AI, describing them as “standard guardrails that we talk about all the time”. During the visit, China’s Foreign Ministry and Chinese media portrayed the U.S. and China as equally leading in AI models, computing power, and ecosystems.

Just before the Beijing Summit, Washington approved the sale of Nvidia’s advanced H200 chips to China, a move that has long been contested by national security and China hawks. However, China has not yet signaled any commitment to buy H200 chips. U.S. Trade Representative Jamieson Greer said it was up to Beijing whether Chinese companies would make more purchases from the American chip giant.

How should we interpret the US decision to sell H200 chips, and the Chinese decision, so far, not to buy them?

Detrani

I think China is feeling good about their progress on artificial intelligence and the work they're doing and now they have the option of purchasing these H200 semiconductors which would be very helpful to them with their work on artificial intelligence. I think, Xi Jinping's strategy on artificial intelligence competition with the U.S. may be to show the world that this is not the China of the 19th century or the 20th even, but this is the new China. I think the Nvidia chips announcement is something Xi has in his pocket now and he probably feels that this is an option that he can use whenever he needs it.

Studeman

The PRC is becoming more self-reliant in indigenizing its key industries, including by stealing tech secrets and coopting foreign engineers, steadily eroding the chip gap. Given its paranoia about backdoors, dead switches, or info tech corruption of any sort, the PRC remains leery of becoming dependent on distrusted foreign suppliers as it rushes to catch up on raw compute power. At the same time, the PRC has achieved scale in less capable chips and is achieving tangible progress in developing more advanced ones. If China buys more Nvidia chips, it will be more likely to curry favor with the U.S. and keep an open door to future tech transfers.

Annabelle Darby contributed to this report

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Sweden and Denmark are in a Position of Power Over Russia

Two straits, six thousand kilometers apart, are defining the global balance of power in 2026. The first, Hormuz, is closed by force and heavily impacting the world economy. The second, the Øresund, is open, and through it passes 60% of the oil that funds Russia's war in Ukraine. One chokepoint is being used against the West; the other could be used to protect it. The difference is not legality, capability, or geography; it is political will. And as the conflict in Iran has consumed Washington's attention, the question of whether Europe will close the Øresund Strait to Russia's shadow fleet could become one of the most consequential decisions in Europe.

The Strait of Hormuz is 54 kilometers wide at its narrowest point, with 20% of the world's seaborne oil passing through it. After US and Israeli strikes on Iran and Iran's retaliation, it has been closed, held shut by a combination of high-end US warships and aircraft on one side and large-scale, low-cost Iranian sea mines and missiles on the other. The asymmetry is itself a lesson: a regional power with cheap munitions can deny a waterway against the most advanced navy in the world.

The consequences arrived quickly with oil passing $120 per barrel, which the IMF called the largest oil supply disruption in history. Kuwait, Iraq, Saudi Arabia and the UAE cut production of both oil and fertilizer because of a lack of available storage and without an ability to export it. East Asia, who gets a majority of its oil from the Middle East, has been badly hurt. The deepest damage, though, is in South Asia and Africa, where it translated into higher fertilizer prices, higher food prices, and empty shelves.

Iran will not reopen the strait while under military threat. Washington will not pull back while Tehran pursues a nuclear weapon. Both governments accept the global cost of the standoff and neither signals willingness to change their stance. The lesson is that a strait only tens of kilometers wide can do more to reshape the global economy than years of sanctions, summits, or shooting wars. Geography, used correctly, is leverage.

In May Donald Trump arrived in Beijing for the first US presidential visit to China in nearly a decade. The two leaders spoke of being "partners, not rivals." Although the choreography was immaculate, the substance was thinner. While trade deals were signed, both leaders affirmed that the Strait of Hormuz must be reopened. This was an unsurprising position, given that China depends heavily on Persian Gulf oil.

The summit is best read not as a negotiation but as two rivals agreeing that open confrontation has become too expensive, and looking for a way to coexist without conceding anything that matters.

European capitals watched with growing unease. Ukraine was not on the agenda. Neither was enforcement against Chinese firms supplying the Russian war economy. No joint language on Russian sanctions emerged, and no European leader was in the room. What Europe's leaders saw was something many had already suspected: Washington and Beijing are arranging a coexistence between themselves, and the multilateral order Europe is left out.

Europe is now responsible for its own security and its own pressure on Russia. And one of the most powerful tools they can use is geography.

Map of showing NATO member countries around the Baltic Sea after Sweden joining (Graphic by Valentin RAKOVSKY and Valentina BRESCHI / AFP via Getty Images)

Three thousand kilometers from Iran, Russia is stuck in a war of attrition with Ukraine, and with an economy that is hurting. Official 2026 growth was revised down to 0.4%, a figure many Western analysts deem falsified. Real wages are stagnant against high inflation. Its oil and gas industry is reporting sharp declines in profit. Ukrainian drone strikes on export terminals in the Baltic and Black Sea have already cut Russia's oil export capacity by roughly a million barrels per day, close to 20%.

Oil and gas are the foundation of the state with roughly a quarter of all government revenue, which funds the military, sustains the loyalty of the elite, and keeps basic services running. Putin's choice to keep Russia structurally dependent on oil is a regime strategy. A diversified economy would produce independent wealth, independent power centers, and political constituencies the Kremlin does not control.

The strategy is beginning to show strain. Money that once flowed to well-connected Russians is now flowing to the war. The elites and media are starting to complain publicly. Putin's regime can absorb financial pressure, but not financial pressure that turns the country against him. That is the pressure Europe is in a position to apply.

The opportunity is unusually clean. A consistent campaign of boardings and inspections in the Øresund could cut between a third to half of Russia's seaborne oil exports. No budget maneuver could replace that revenue. Russia's war funding would face a shortfall it could not absorb, and the political costs inside Russia would drastically sharpen.

The legal authority is already in place. Ships sailing under false flags, without valid insurance, or on sanctions lists can be lawfully stopped and inspected under existing maritime law. Sweden and Denmark control both shores of the strait. Acting in coordination, they can make it practically impossible for sanctioned vessels to transit, without firing a shot and without stepping outside the rules-based order they have spent decades defending.

What has been missing is political will. Denmark is hesitant, both to protect commercial interests and out of concern about Russian retaliation. Moscow has worked to keep that concern alive, and is actively using naval assets to project power.

Sweden has over the past three months taken a more active approach with five boardings of shadow fleet vessels done by a mix of Coast Guard, the National Task Force and unnamed military units. Boldness, once demonstrated, is contagious.

The next step is to make this routine. Every vessel transiting the Øresund under a false flag, without valid insurance, or on a sanctions list should be inspected. Sweden has proven its agencies can execute these operations. Denmark, on the other shore, has the same legal authority and strategic interest. Coordinated action would convert the Øresund from a loophole in the sanctions regime into the choke point it geographically already is.

The wider Ukrainian campaign is already in motion elsewhere. From bases in Libya, Ukrainian naval drones have struck Russian shadow fleet vessels in the Mediterranean. This is part of a deliberate Ukrainian naval strategy aimed at the economic infrastructure of the Russian war effort.

Hormuz has demonstrated, at enormous global cost, how a single narrow waterway can reshape the calculations of governments. Beijing has demonstrated that even the world's two largest powers will look for an exit when the price of confrontation becomes high enough. Putin has not yet reached that price. The Øresund is an important opportunity.

What remains is the political decision to treat the Øresund as a chokepoint for Russia's illicit oil trade. Unlike the deserts of the Middle East or the frozen lines of the Donbas, the Øresund is a place where Sweden and Denmark hold the keys, and where international law is already on their side.

The question is no longer whether Europe has the tools to pressure Russia without American leadership. The question is whether Europe will use them.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Iran's Digital War Machine Targeting U.S. Infrastructure

The first missile strikes hadn’t even cooled before Iranian-linked hackers were moving. When the U.S. and Israel launched military operations against Iran on February 28, 2026, Tehran’s cyber forces answered not with silence but with a systematic campaign against American infrastructure, one that has since moved well beyond reconnaissance into confirmed, disruptive attacks on United States soil.

The most striking blow came on March 11, when the Handala group — widely assessed as a front for an IRGC-sponsored threat actor — hit Michigan-based medical technology giant Stryker, wiping nearly 80,000 Windows devices, stealing 50 terabytes of data, and causing severe disruptions that materially impacted the company’s first-quarter earnings. Emergency responders across Maryland lost access to the electrocardiogram transmission system used to relay patient data to hospitals. The FBI later seized two domains that Handala used to leak the stolen data. It was, analysts noted, only the beginning.

Israel wiped out a major military hub in southeastern Tehran, hitting a site that Western intel says was the nerve center for the IRGC. The facility didn’t just house the Quds Force and Basij; it served as the literal “brain” for Iran’s global hacking campaigns and internal security operations.

The facility coordinated intrusion campaigns against adversaries across multiple continents. Yet even as satellite imagery confirmed the compound’s destruction, cybersecurity analysts were documenting a spike in reconnaissance activity emanating from Iranian-linked networks.

Tehran’s digital arsenal has proven more resilient than the bombing runs suggest. Handala — the persona behind the Stryker attack and now assessed as a front for Void Manticore, an MOIS-affiliated state actor — exemplifies exactly this. It operates as a hack-and-leak engine optimized for psychological disruption: breaking into accessible systems, wiping data, and timing the release of stolen material to maximize pressure on targets.

The earlier assassination of Deputy Intelligence Minister Seyed Yahya Hosseini Panjaki, once the man pulling the strings behind Handala and Karma Below, did not collapse the operation. Rather than dissolving, the apparatus evolved.

“State-aligned threat actors began utilizing out-of-band communication methods and alternative infrastructure, such as Starlink IP ranges, to bypass the degraded domestic grid,” JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief.

In simpler terms, Iranian hackers quickly shifted to alternative internet connections and encrypted communication channels that operate outside Iran’s damaged infrastructure, allowing cyber operations to continue even as domestic networks faltered.

Critical Infrastructure in the Crosshairs

The fallout from the February strikes has moved well past network probing. Iranian-linked hackers have successfully targeted and disrupted multiple U.S. oil, gas, and water sites — forcing some facilities to abandon automated systems entirely and operate manually, triggering financial losses, and, in some cases, deploying destructive wiper malware designed to erase data from victim networks. The IRGC’s CEC-affiliated group CyberAv3ngers has been confirmed to be targeting programmable logic controllers across U.S. government facilities, water and wastewater systems, and energy sectors — exploiting internet-facing industrial devices to create openings not just for disruption but for modifications to operating parameters with direct physical consequences. The campaign represents an escalation: where earlier Iranian cyber operations tested access, these attacks are weaponizing it.

Past operations attributed to IRGC-affiliated hackers include the 2011–2013 distributed denial-of-service attacks against major U.S. banks that disrupted online banking services for millions of customers. There was also the 2013 intrusion into the control systems of a small dam in New York, which demonstrated that Iranian hackers could potentially manipulate physical infrastructure.

“Iranian cyber strategy has consistently prioritized the targeting of ‘low-hanging fruit’ within critical infrastructure sectors where high societal impact can be achieved with relatively low-sophistication techniques,” Castellanos tells The Cipher Brief.

Much of this activity now comes from pro-Iran and pro-Russian hacktivist groups working in coordination. The current wave of activity suggests that Iranian operators are positioning themselves for potential retaliatory strikes, while American defense agencies operate under constrained circumstances.

“The Cybersecurity and Infrastructure Security Agency has been hampered by budget cuts, a significantly reduced workforce, and a lack of leadership over the last year,” Dave Chronister, Founder of Parameter Security, tells The Cipher Brief. “What makes it worse is that many of the remaining staff were effectively reassigned to support immigration enforcement operations rather than protecting critical infrastructure. That’s a significant misalignment of mission at exactly the wrong moment.”

The numbers now on record make that assessment concrete. CISA’s FY2026 budget dropped to $2.4 billion, with 2,649 funded positions, down from $3.0 billion and over 4,000 positions the prior year. By January 2026, the agency had logged at least 998 departures, layoffs, and transfers since the administration took office. The Trump administration also moved to reprogram $144 million from CISA’s 2025 budget to Immigration and Customs Enforcement operations.

Now, a proposed FY2027 budget would cut an additional $707 million. During an ongoing DHS shutdown, the acting CISA director has publicly stated that the agency cannot conduct the outreach and preparatory work necessary to counter cyber threats.

“The lapse of appropriations at CISA is impacting the depth and consistency of information sharing about Iranian cyber threats as well as coordinated planning for attacks that may occur,” Bob Kolasky, Senior Vice President at Exiger and founding director of CISA’s National Risk Management Center, tells The Cipher Brief.

Soft Targets and Hard Truths

Many water utilities, hospitals, and local governments still run unpatched systems with known vulnerabilities — exactly the soft targets Iranian hackers seek.

“Generally speaking, the most significant threat right now is what we call the n-day. These are known, but unpatched vulnerabilities, and Iranian threat actors are very aggressive at trying to exploit them,” Chronister points out.

The financial sector, despite its resources and experience defending against nation-state threats, remains vulnerable.

“Of all our critical sectors, the financial system is probably best positioned to weather an escalating Iranian threat, but ‘best positioned’ is not the same as immune,” Chronister says. “The sectors that keep me up at night are healthcare, industrial operations such as energy utilities, water systems, manufacturing, and non-federal government agencies. Those are the soft spots, and adversaries know it.”

The Stryker attack put the abstract into concrete terms. When Handala hit the Michigan-based medical technology giant on March 11, Maryland emergency responders lost access to the Lifenet system used to relay electrocardiogram data to hospitals, prompting a statewide alert that instructed EMS clinicians to switch to radio consultation.

The attack wiped nearly 80,000 Windows devices, stole 50 terabytes of data, and materially impacted the company’s first-quarter earnings. The FBI later seized two domains that Handala used to leak the stolen data. It is precisely the community-level harm the experts had forecast — now documented, not hypothetical.

Kolasky’s assessment aligns with this hierarchy of vulnerability.

“The Iranian playbook seems to suggest taking advantage of vulnerabilities in weaker parts of critical infrastructure cyber defenses. These include under-resourced sectors such as water and wastewater, food and agriculture, government services and healthcare, as well as areas of outdated technology, which can include operational technology,” he underscores.

In a conflict scenario, Tehran aims to harm critical functions that affect daily life across American communities. Water systems are failing. Hospitals are losing access to patient records. Local government services are grinding to a halt. These scenarios represent asymmetric warfare designed to erode public confidence and create pressure on policymakers without crossing thresholds that might trigger an overwhelming military response.

The Reach of Tehran’s Digital Operations

This geographic dispersion makes Iran’s cyber apparatus resilient to kinetic strikes like the weekend bombing.

“Cyber warfare depends far more on people than on high-end equipment, which means these operations can be dispersed across dozens of physical locations, down to a single operator working from a laptop,” Chronister tells The Cipher Brief. “While targeted strikes no doubt disrupt Iran’s overall tempo, the distributed nature of cyber makes total elimination of the apparatus virtually impossible.”

That assessment is no longer theoretical. During the twelve-day Israel-Iran conflict in June 2025, analysts from SecurityScorecard documented over 250,000 messages exchanged across 178 active Iranian proxy and hacktivist groups — with phishing campaigns, malware delivery, and data dumps timed precisely to kinetic strikes. Cyberattacks surged 700% within 48 hours of the opening salvos. When Iran’s domestic internet was largely cut off, operators shifted to Starlink and VSAT services to maintain tempo. The lesson was already written before the current conflict began.

Yet physical infrastructure still matters in the opening phases of conflict.

“Physical destruction of infrastructure such as data centers, cell phone towers, satellite communication channels, radar systems — all these systems destroyed or degraded by kinetic strike are usually high priority targets in the start of any conflict, as it prevents Iranian command and control from communication to lower echelon units,” Castellanos explains.

Essentially, destroying the communications infrastructure temporarily prevents Iranian commanders from directing their cyber operators on the ground. Nonetheless, the impact is likely to be temporary rather than decisive. Using alternative networks and encrypted channels to bypass damaged infrastructure entirely, cyber operatives quickly adapt.

“Effective cyber campaigns depend on access to technical infrastructure for carrying out attacks, personnel, and some level of command and control,” Kolasky asserts. “United States and Israeli operations have the proven ability to degrade Iran’s cyber capability and seem to have done so again. The question of how resilient the Iranian cyber warfare apparatus is remains an open one, but, thus far, it seems like we have limited Iran’s cyber offensive ability and, in the short term, I would expect that will remain the case.”

In simpler terms, the strikes have disrupted Iran’s ability to coordinate large-scale cyber operations for now, but it remains unclear how quickly Tehran can rebuild its offensive capabilities.

Meanwhile, Iranian operators have cultivated relationships with cybercriminal groups that provide technical services and operational cover. When Iranian-linked hackers targeted Albanian government networks in 2022, investigators traced the operation through multiple layers of contractors and intermediaries before establishing definitive state sponsorship.

Right now, pro-Russian hacktivist groups such as NoName057(16), the Z-Pentest Alliance and Killnet have joined with pro-Iran groups targeting Israel and its Western allies, launching DDoS attacks against Israeli and United States financial services in coordination with Iranian goals. These attacks aim to disrupt online banking and payment systems, creating public frustration and economic uncertainty while demonstrating Iran’s ability to strike back without firing a missile.

Moreover, DieNet, a pro-Palestinian hacktivist group that emerged in March 2025 and has since claimed responsibility for DDoS attacks against U.S. energy, financial, healthcare, government, transit, and communications systems — deploying DNS amplification, TCP SYN floods, and NTP amplification in operations that intensified following the arrest of activist Mahmoud Khalil.

“This international distribution of operations ensures that even if Iran is ‘offline’ domestically, its ‘second front’ in the cyber domain remains fully operational,” Castellanos tells The Cipher Brief.

Iran’s malicious cyber activities are made more difficult by this operational model, which complicates attribution efforts. Iran uses proxy forces to advance its strategic objectives while maintaining an official distance from their activities as part of its regional strategy. In the cyber domain, this approach allows Iranian intelligence services to conduct operations that would be politically costly if directly attributed to Tehran.

Since the February 28 strikes, Iranian-aligned groups have claimed numerous operations across the Middle East and beyond. Pro-Iran hacktivists have targeted energy infrastructure in Jordan, payment systems in Israel, and government portals across Gulf states. While many claims remain unverified, the volume and coordination of activity suggest a systematic campaign to demonstrate continued operational capability despite the degradation of Iran’s domestic infrastructure.

“It makes it very hard to identify them from a geolocation aspect, as well as identifying the fingerprint of the attack. It creates more resilience in these operations since there is no single point of infrastructure that you can attack,” Chronister tells The Cipher Brief. “It also means that as Iran’s leadership withers, and there is less coordination with their various cyber forces, these groups could act on their own initiative, which will make an already complex situation even worse.”

The loss of centralized control cuts both ways for Iran. Cyber operations conducted by dispersed groups can withstand missile strikes, but rogue proxy groups operating independently may unintentionally escalate conflicts.

Bombing a building does not stop hackers with laptops scattered across multiple countries, which highlights another fundamental challenge. Iranian cyber operatives can resume operations from new locations within hours, rendering traditional military strikes largely ineffective against digital threats.

“Like with proxy terrorist groups, Iran has the ability for a diffuse set of actors to work on behalf of the IRGC cause, but those actors are limited in the scale of what effects they can produce,” he adds. “This diffusion will allow for a continued exploitation of vulnerable systems that I would expect to be targeted for propaganda victories, to shift public opinion, and to cause harm at the community level. This necessitates broad information sharing engagement across critical infrastructure for the United States cyber defense community.”

The threat horizon extends well beyond the immediate conflict. Analysts are now flagging two upcoming high-profile moments on the U.S. calendar, the World Cup in June and the midterm elections in November, as likely priorities for Iranian cyber targeting. Security experts warn the tournament could see a 30 to 40 percent surge in fraud attempts, with Iranian-linked actors expected to focus specifically on airports, transportation systems, and critical infrastructure in host cities. Iran’s track record of infiltrating U.S. systems ahead of strategic moments — elections, geopolitical flashpoints, major public events — suggests these will not be missed opportunities.

The message is clear: Iran’s distributed cyber army may lack the power to cripple America’s infrastructure, but it has more than enough capability to disrupt daily life — and only coordinated defense can stop it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Proscribing the IRGC Will Make Britain Safer

The United Kingdom must act to proscribe Iran’s Islamic Revolutionary Guard Corps, or IRGC, before it’s too late. The IRGC must be proscribed before more places of worship are torched, more citizens are violently harassed, more ambulances intentionally destroyed, more peaceful gatherings threatened. The IRGC has the capability and the intent to harm people on British soil with increasing ease. This threat could be nipped in the bud with the right measures, right now.

The IRGC views the United Kingdom as a permissive environment. For the IRGC, the United Kingdom is not just a place to launder money or recruit British citizens to post the regime’s propaganda on social media, though both are certainly happening there. The IRGC is also conducting hostile intelligence operations, evading sanctions, hiding millions of pounds from illicit shadow fleet oil sales in high-end real estate portfolios, incorporating shell companies, running banned media offices, and sheltering their spendthrift children. And, most recently, the IRGC freely influenced local gangs in London under the banner of Harakat Ashab al-Yamin al-Islamia, or HAYI, to torch and destroy half a dozen Jewish-linked targets there over the span of just a few weeks.

The situation in today’s United Kingdom is not unlike Argentina in 1994. Back then, a young IRGC veteran of the Iran-Iraq War named Ahmad Vahidi worked with local Shi’a militants in Buenos Aires to attack the AMIA Jewish center, killing 85 people. Two years earlier, he had planned an attack on the Israeli embassy there that killed 29 people.

That same Ahmad Vahidi is now leading the IRGC in Iran after the U.S. and Israel killed the previous leaders on February 28, 2026. Vahidi is directing the IRGC to use the same toolkit he personally honed in Argentina to kill, maim, and terrorize people, Jewish or not, in Britain, Belgium, France, and elsewhere across Europe.

The IRGC must be proscribed in Parliament before an AMIA tragedy comes to London. But some argue that proscribing the IRGC may spook Iran into pulling its embassy out of London. Others fear crucial diplomatic and intelligence channels may dry up.

The UK has already sanctioned 1,238 Iranian persons and entities, including sanctions on 84 IRGC affiliates in 2023. And yet Iran’s embassy remains open for business. And so does a branch of the sanctioned, Iran-owned Bank Melli, right across the street from the Whole Foods Market in London’s affluent Kensington neighborhood. Across town, the IRGC’s banker, Ali Ansaari, received the go-ahead to build 33 luxury flats in north London despite UK sanctions specifically designating him the previous year for his help in bringing billions of pounds of IRGC money into British banks. Another beneficiary of the UK’s permissive environment for the IRGC is Mojtaba Khamenei, the erstwhile hidden successor of Iran’s late Supreme Leader. The sanctioned Khamenei counts luxury real estate holdings in London’s Bishop’s Avenue as a crown jewel in his £100 million European real estate portfolio.

Although hundreds of people and entities affiliated with the IRGC are sanctioned by the US, UK, and EU, the IRGC continues viewing the UK as a comfortable place to work. Sanctions are clearly an insufficient antidote to this unscrupulous organization. Sanctions are toothless unless paired with enforcement mechanisms that can cut through the shadowy layers of banks, shell companies, and cutouts the IRGC uses to slip right through onto the streets of London.

Asset freezes under the Sanctions and Anti-Money Laundering Act of 2018 and the Iran (Sanctions) Regulations of 2023 are a helpful start. But, as Bank Melli, Ali Ansari, and Khamenei’s son demonstrate, these measures remain largely ineffectual without actually proscribing the IRGC as a Proscribed Organisation. And with people like Ahmad Vahidi in charge of the IRGC, the clock is ticking ever closer to the next attack on British soil. But none of this is inevitable. Indeed, there is a way to stop it.

Keir Starmer noted recently that he has been “very worried” about the IRGC’s ability to use violent surrogate actors inside the UK. Worry is no substitute for action. And the proper action for this moment is a full proscription of the IRGC. People’s lives depend on it.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Limits of Human Oversight at Machine Speed

OPINION — Warfare has always operated at human speed, but we now have the capability to operate at machine speed. The risks are high, but so are the risks of failing to adapt. Our adversaries are moving toward machine speed faster than we are, and the gap is widening faster than our processes can evolve.

Many companies are developing AI tools that accelerate the decision cycle and shrink OODA (Observe, Orient, Decide, Act) loops, augmenting analysts so they can triage alerts, draft courses of action, and surface recommendations in a fraction of the time it used to take. The tools are good and getting better, and the companies building them are doing important work.

But there is a ceiling. So long as a human sits at the “decide” step, the cycle runs at human speed. Augmented human speed, but human speed nonetheless. The AI can compress the observe and orient steps to near-zero, but it cannot compress the human decision process. The human is, in this configuration, the limitation.

That limitation is not inherently a problem. For most of the decisions we care about, we want a human making them. Across most of the defense enterprise, in planning, intelligence analysis, logistics, personnel, and countless workflows where judgment, accountability, and context matter, humans add real value. The argument that follows is not a blanket case for autonomy. It is about a specific class of decisions, in a specific class of operational environments, where the speed differential between offense and defense is becoming the determining factor.

The problem is that our adversaries may not accept the same ceiling. If they are willing to close the loop entirely, letting the machine observe, orient, decide, and act without a human gate, then their cycle runs at machine speed and ours runs at augmented-human speed. Those are not comparable tempos. Orders of magnitude separate them, and the gap is growing.

This is the context for every conversation about keeping humans in the loop. In a contest where one side operates at machine speed and the other does not, a human review step can be both a safeguard and a structural disadvantage. The question is no longer whether we can afford to keep humans in the loop. The question is whether the humans we claim to have in the loop are actually doing anything, and whether their presence reflects meaningful oversight or has quietly become a fiction we maintain because the alternative is uncomfortable.

This is a hard conversation, and hardest on the kinetic side, where autonomous lethal decisions raise questions we are not ready to answer. It is more tractable in cyber. Not because the stakes are zero, but because cyber effects do not place lives directly at stake on the same scale as kinetic strikes. The competitive pressure is already forcing decisions in cyber that the kinetic debate has been able to defer. That is where this piece starts.

The Cyber Case

In cyber, the argument for accelerating decision cycles isn't philosophical. It's arithmetic.

The Zero Day Clock, an industry tracker maintained by a coalition of cybersecurity researchers, measures when the mean time from vulnerability disclosure to first observed exploit crosses key thresholds. The one-year threshold was reached around 2021. One month in 2025. One week and one day were both crossed in 2026. One hour is projected for later this year. One minute by 2028.

The interval between milestones is collapsing. It took roughly four years to go from year-scale to month-scale exploitation, one year to go from month to week, and week to day happened in the same calendar year. Defenders who designed their patch cycles around the assumption of months are now operating against adversaries who weaponize disclosed vulnerabilities in hours.

Cyber operators today use AI tools to work through alerts and incidents faster, and those tools genuinely help. For routine work, the current model of AI surfacing and human deciding is fine. But for a contested environment against a capable adversary moving at the speeds the data describes, the math becomes harder to defend.

Tools that scan codebases for vulnerabilities are not new. What is new is the next step: these tools are starting to generate patches and mitigations for the vulnerabilities they find. The AI identifies the problem, proposes a fix, and routes the recommendation to a human for review before implementation. That review takes time. Not much by human standards, but enormous by the standards of what is happening on the other side.

Anthropic's Mythos preview is one indication of where this is headed. According to Anthropic's published descriptions, Mythos can find zero-day vulnerabilities and exploit them with minimal or no human input, closing the entire kill chain across the MITRE ATT&CK matrix. It is not alone. Google's Big Sleep was reported in late 2024 to have found the first publicly disclosed AI-discovered zero-day in SQLite, found by an AI before any human defender. Anthropic's red team reported in early 2026 that Claude had identified over 500 high-severity vulnerabilities in widely used open-source software, many of which had survived decades of expert review.

As Sean Heelan put it: the limiting factor on a capable state's ability to generate exploits is no longer the number of skilled hackers it can recruit. It is token consumption.

Bruce Schneier, Heather Adkins, and Gadi Evron published a joint essay in 2025 warning that we are approaching a singularity moment for cyber attackers, the point at which AI systems can discover vulnerabilities, write exploits, and launch attacks faster than any human defender can respond. The attackers' AI singularity is well underway; the defenders' is significantly behind. Reasonable people can disagree about how far behind. Few disagree about the direction.

The crucial point is this: just a few years ago, having a human in the loop wasn't really a choice. The technology wasn't capable enough to close the kill chain. AI tools could surface candidates, but the actual decision-making and execution was done by humans because nothing else could. That is no longer true. The technology can now close the chain end-to-end, and in some narrow tasks it can do so better than the humans it is supplementing. Whether to let it is a real question now, not a technical limitation pretending to be a policy choice.

If an adversary's AI can identify a vulnerability and weaponize it in minutes while our response workflow routes the patch recommendation through a human for review, we are not in the same race. The human review step that felt prudent in 2020 is, in some operational contexts, the step that ensures we lose.

This is the easier version of the conversation. The capabilities are concrete, the failure mode is a compromised network rather than a destroyed building, and the competitive pressure is undeniable. And yet even in cyber, we are struggling to have it honestly. Some of that is appropriate caution; some is risk aversion; some is the difficulty of holding AI capability providers accountable in a field evolving faster than the frameworks for evaluating it.

The Kinetic Case

The kinetic version of this conversation is harder because the stakes are final and the cultural resistance is more deeply entrenched.

For most of the history of weapons, humans were the end operators. Small arms, artillery, and dumb bombs all relied on a human for aiming and firing. Laser-guided munitions shifted some of the guidance burden to the technology, but a JTAC on the ground still had to mark the target. GPS-guided munitions moved further; the operator inputs coordinates and the weapon does the rest, but humans still chose what to target. Through every generation, the kill chain was executed by humans because nothing else could.

We are now fielding systems that can handle targeting, firing, guidance, and delivery of effects without a human at any of those steps. The technology has caught up; in some narrow tasks, it has surpassed us. The cultural framing has not. We still talk about autonomous weapons as though the question is whether to cross a line. The line has been moving for forty years, and we have been crossing it incrementally the whole time. What is new is that the technology is now capable of completing the trajectory.

That does not mean we should rush to full autonomy in lethal decisions. It means the conversation we need to have is not "should we ever remove humans from the loop" but "at what point have we effectively done so already, and are we being honest about it?"

What Is the Human Actually Doing?

This is the question the rest of the debate hinges on.

When we say there is a human in the loop, what is the human actually doing? Are they independently verifying or re-doing the AI system's work? If so, it defeats much of the purpose of using the AI. If not, it defeats much, if not all, of the purpose of having the human there. If the answer depends on the situation (which it almost always will), how are we deciding which situations justify fully autonomous action?

These questions have real answers in some contexts. There are workflows where a human reviewer genuinely catches errors the AI missed, including obvious ones the AI is structurally bad at recognizing. This is the most critical reason today, but the errors are becoming fewer and farther between. Human verification can also serve a second purpose: providing the feedback signal that helps train and improve the model. In those contexts, the human in the loop is doing real work, and the right policy is to keep them there. The argument here is not that human oversight is always theater. It is that we need to be honest about which contexts it is and which it isn't.

Consider AI-generated targeting. During an operation, an AI system ingests real-time intelligence feeds (signals, imagery, pattern-of-life data, network traffic) and produces a list of targets. A human is assigned to review the list before strikes are authorized. What does that review actually consist of?

The human does not have time to review all of the intelligence data the AI processed, and could not do it at the speed of the operation even if they had the analytical capacity. What they can do is a sanity check. They can ask whether the targets look roughly like the kind of targets they expect to see and flag obvious errors, the kind that come from the AI getting confused in ways a human would not. That catch is genuinely valuable. They can also provide a feedback signal that, over time, makes the system better. What they cannot do is verify that the AI's reasoning was correct. When speed matters, that limitation becomes a liability.

Reports of the Israeli military's use of the Lavender system during operations in Gaza illustrate what happens when this dynamic meets operational pressure. According to reporting by +972 Magazine and Local Call, lower-level operators faced extreme pressure to strike targets at a high pace and leaned on Lavender to generate target lists they could not meaningfully verify at the tempo demanded. Human review existed in name. In practice, the operators were approving AI-generated decisions they did not have the bandwidth to assess. What they were doing was signing off.

A non-AI parallel sharpens the point. Microsoft's "Digital Escort" program, reported by ProPublica in 2025, was designed to comply with Pentagon restrictions on foreign nationals accessing sensitive systems. Microsoft used lower-cost engineers in China to maintain government cloud systems and hired U.S.-based "digital escorts" to formally implement the code changes on the engineers' behalf. The escorts were less technically skilled than the engineers whose work they were approving and often did not understand what they were implementing. In practice, they rubber-stamped the work. The ‘American in the loop’ was theater.

This is the pattern we should expect with AI systems operating at the edge of human capacity. If the AI is doing work the human could not do themselves, or at a speed they cannot match, the human's role collapses from verification to approval, and under operational pressure, to rubber-stamping. The loop is closed in name only.

When human oversight collapses to rubber-stamping, we end up with the worst of both options. We have slowed the system down, accepting the operational disadvantage of human-speed decision cycles, without preserving the safety benefit that human review was supposed to provide. The risk is still present; we have simply added latency. It is a self-imposed disadvantage with none of the benefits that justified it.

In some current deployments, we already have this dynamic and we are not acknowledging it. The human in the loop comforts us. It satisfies the policy requirement and provides someone to name as the accountable decision-maker after the fact. It does not meaningfully alter what the AI would have done on its own.

Accountability When the Human Can't Keep Up

The accountability question follows directly from the verification question, and it breaks a chain we have relied on for a century.

When a rifle round hits the wrong target, we do not blame the rifle manufacturer; we investigate the shooter. When a dumb bomb misses, we investigate the pilot and the targeting process. When a laser-guided bomb hits the wrong building, we investigate the JTAC, the target designation, and the command chain. When a GPS-guided munition hits a school, we investigate whether the coordinates were correct and whether the targeting cell followed proper procedure. Through every generation, accountability has run to the human operator or the humans in the decision chain above them.

This works because the human operator is meaningfully in control. They choose the target, input the data, pull the trigger. They have both the authority and the capacity to be responsible for the outcome.

Autonomous systems strain this chain. If the human in the loop is functionally rubber-stamping AI-generated decisions made at speeds and against data volumes they cannot independently evaluate, it is not coherent to hold them solely responsible. We can name them as accountable in an after-action review. We cannot credibly claim they were the decision-maker.

This shifts accountability upstream. If the human at the edge cannot meaningfully verify the decision, then responsibility lies more heavily with the people who decided what the system would be allowed to do: the developers, the testers, the commanders who set the authorities, the policymakers who approved the capability for deployment. The operator at the terminal is executing a decision that has, in important respects, already been made.

Developing autonomous control layers and targeting systems is not like developing a rifle. A rifle manufacturer ships a tool and trusts the operator to use it responsibly. An AI targeting system manufacturer is shipping something closer to a decision-maker, a system that will, in practice if not in policy, determine outcomes that human operators cannot meaningfully override. That shift in function requires a shift in how we think about responsibility. The builder does not get to hand off the system and walk away.

This is not an argument against building these capabilities. The companies and labs developing autonomous defense systems are doing essential work, and the United States and its allies need them to keep doing it. It is an argument for building them with full awareness of what is being built and how it is being used. These labs are not just providing tools. They are making strategic and ethical decisions that will shape how force is used. The more honest we are about this, the better the systems will be.

Trust, and the Honest Conversation

We arrive at a gap that defines the current moment. We cannot keep humans meaningfully in the loop at machine speed in every context. We do not yet trust the systems enough to take them out. Both propositions are true.

The temptation is to resolve the gap by picking one side: full autonomy in the name of competitive necessity, or full human control in the name of moral responsibility. Neither is serious. Full autonomy without adequate trust risks catastrophic errors we cannot unwind. Full human control against an adversary at machine speed guarantees we lose before we can control anything.

So why are we struggling to have this conversation honestly? Several reasons, none unreasonable on their own. Senior decision-makers do not yet have the basis to trust autonomous systems with consequential decisions, because the evidence base hasn't been built. Risk aversion in defense institutions is a feature, not a bug; it has prevented many bad outcomes, even if it now imposes costs. We don't have mature frameworks for holding AI capability providers accountable. An autonomous lethal force, even when bounded and tested, raises moral questions that the Department is right to take seriously.

None of this is a reason to avoid the conversation but it is a reason to have it more carefully. That requires building the evidence base for trust. Trust is the product of testing, adversarial red-teaming, operational evaluation under realistic conditions, and accumulated evidence that the system behaves as intended across the range of situations it will face. We do not have this evidence for most of the autonomous capabilities being fielded or contemplated. Building it is not optional, and it cannot be skipped because the adversary is moving fast.

It also requires being honest about which loops have humans in name only. If the human reviewer cannot meaningfully verify the AI's decision, claiming they are in the loop is a fiction. The right response is to either make the human's role genuine, by slowing the system or narrowing its scope so review is possible, or to acknowledge that the decision is effectively autonomous and design the controls and accountability structures accordingly.

And it requires distinguishing between cases. Autonomous patching of a vulnerability in an isolated system is a different decision than autonomous targeting for lethal strikes. We need frameworks that distinguish between reversible and irreversible actions, between contained and uncontained effects, between narrow and broad consequences. A blanket "human in the loop" policy treats all these cases as identical. They are not.

The decision about whether to remove humans from certain loops has, in some narrow domains, already been made by the math. Our choice is whether to acknowledge that and build the systems and accountability structures that make it responsible, or to maintain a comforting fiction until something forces a reckoning we are not prepared for.

The adversaries are not waiting for us to decide.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Rethinking the Intelligence Cycle for the AI Era

There’s a profound assumption embedded in much of today’s conversation about AI and intelligence: better technology will solve our core problems. We need new infrastructure, better models, and faster processing—all tied to our unique data.

But step inside most intelligence workflows and a different reality emerges.

We are not constrained by what we can collect. We are constrained by what we can prioritize, interpret, and act on in time to matter.

The System Was Built for a Different Problem

The modern intelligence system was designed for a world defined by scarcity. Collection was difficult. Access was limited. Processing was slow. The intelligence cycle—collection, processing, analysis, dissemination—reflected those constraints. It imposed structure, discipline, and rigor on a problem set where information was hard to come by. That system worked because it matched the environment but the environment has changed.

Today, across open sources, commercial capabilities, and traditional collection, we operate in a world of persistent access and expanding data. AI is accelerating that shift, enabling faster processing, broader pattern recognition, and near-instantaneous assessments.

And yet, the underlying system—the way we task, integrate, evaluate, and deliver intelligence—has not fundamentally adapted.

The Constraint Has Moved

Much of the current focus remains on improving inputs: faster infrastructure, better models, more data. These are necessary but insufficient.

The constraint is no longer what we can collect or even what we can analyze. It is how effectively we prioritize what matters, integrate signals across sources, apply judgment at speed, and connect insight to decision in time to matter

In short, the constraint has moved from capability to tradecraft.

AI Is Compressing the Cycle—But Only at the Edges

AI is already changing parts of the intelligence workflow. Signals and geospatial intelligence processing that once took hours can now happen in minutes. Pattern recognition is functionally limitless and immediate. The era of the needle in the haystack is over. Draft assessments can be generated in seconds.

These capabilities are real but have not been fully implemented—nor can they be because the system still operates sequentially. Tasking decisions remain episodic; data integration is still a manual fight; and validation and coordination follow legacy timelines.

The result is a growing mismatch between what technology enables and what the system can absorb. We are accelerating pieces of the intelligence cycle without redesigning the cycle itself.

Tradecraft, Not Technology, Is Now the Limiting Factor

This is the call to action that will define the American Intelligence Community’s success in the next decade. If intelligence continues to operate as a linear process optimized for scarcity, then adding speed and scale at individual stages will produce diminishing returns.

The harder problem—and the more important one—is rethinking how intelligence is done:

How do we move from periodic tasking to dynamic prioritization?
How do we integrate AI into workflows as a default starting point, not an add-on?
How do we preserve rigor while operating at machine speed?
How do we ensure intelligence is informing faster, more diffuse, policy?

The Most Important Shift—Flattening the Intelligence Cycle.

The intelligence cycle was designed as a sequence: tasking, collection, processing, analysis, dissemination. Each step informs the next. Each stage has ownership. Each handoff introduces control—and delays.

This structure makes less sense today because collection is persistent, data is abundant, and processing is near-instantaneous. More importantly, policymaking is now dynamic—minute by minute—not defined by a once-a-day President’s Daily Brief and not constrained to the Oval Office.

How can we reimagine the intelligence cycle to account for these realities?

Let’s start by leveraging the real world and admitting that this change is not as radical as it sounds. During fast-moving crises, analysts often bypass formal cycles—pulling from multiple sources in real time, integrating signals as they arrive, and engaging directly with policymakers in an ongoing dialogue rather than through finished products.

For example, we did this out of necessity for counterterrorism operations over the last 25 years. Intelligence and operations were increasingly fused out of necessity. Collection and analysis informed action in near real time, and action reshaped collection and analysis priorities just as quickly. The formal cycle existed—but it was not how the work happened. Counterterrorism operational tradecraft set a model for where the system is heading.

The traditional cycle moves information through stages. The flattened cycle moves decisions through a system. The difference is subtle but profound.

In a flattened intelligence cycle:

Collection and analysis are intertwined. Some of the best analysts I know were case officers serving in the field.
Processing is not a step. It is largely automated with humans on the loop.
Dissemination is not an endpoint—it is an iterative relationship with policymakers.

Flattening the intelligence cycle does not mean abandoning rigor or structure. It means redesigning the system to move at the speed of the real world, automating rote tasks, and putting our nation's best and brightest minds on the hardest truly-human tasks.

What Comes Next

This is the first in a series examining how emerging technology—particularly AI—is reshaping the intelligence system in practice.

In my following posts, I’ll focus on where this tension is most visible today, especially in collection and analysis.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

How Russia and China are keeping Iran lethal

The ceasefire between the United States and Iran is barely holding. Pakistani mediators are still shuttling between capitals, fighting has flared in recent days, and President Trump is now sitting across from Xi Jinping in Beijing for a high-stakes summit covering trade, Iran, and Taiwan.

Yet American intelligence has reached a different conclusion about what Beijing is actually doing: China is preparing to move man-portable air-defense systems, MANPADs, to Iran through third-country cutouts, according to CNN, which cited three sources familiar with recent intelligence assessments. The shipments would reach Tehran while Beijing holds itself out as the party that helped stop the war.

The CCP, however, is deliberately doing both things at once.

The intelligence indicates Iran may be using the ceasefire as an opportunity to replenish weapons systems with the help of key foreign partners, with indications that Beijing is working to route the shipments through third countries to mask their true origin. The MANPADs in question are shoulder-fired, infrared-guided missiles — systems that require little infrastructure, minimal operator training, and can be concealed inside civilian vehicles, urban terrain, or dispersed military positions.

On April 3, an American F-15E Strike Eagle was shot down over Iran by a shoulder-fired heat-seeking missile — a fact Trump later confirmed publicly, saying the Iranians “got lucky.” Whether that system was Chinese-manufactured remains unconfirmed; Iran also produces its own Misagh MANPAD series, reverse-engineered copies of Chinese QW-series designs, meaning the Chinese origin of any given shoulder-fired missile over Iranian airspace may never be definitively established.

What is confirmed is that Tehran noticed what worked, and Beijing appears to be resupplying accordingly.

“The sending of MANPADs to Iran would represent an escalation in Chinese assistance, moving beyond traditionally supplying spare parts to Iran’s missile and drone program to the transfer of actual complete weapons systems,” Jason Brodsky, policy director at United Against Nuclear Iran, tells The Cipher Brief.

Neither Russia nor China fired a shot against American forces. They didn’t need to. For years, Moscow and Beijing have quietly supplied Tehran with the intelligence, technology, and weapons components needed to keep Iran capable of threatening United States forces — before wars start. At the same time, they’re being fought, and during the ceasefires in between. The pause in fighting did not stop that effort. It created cover for the next round.

Russia’s contribution: orbits and operational intelligence

Beyond diplomacy, Russia provided Iran with intelligence to aid strikes against United States forces in the region. According to reporting by the Washington Post, Moscow shared the locations of United States warships, aircraft, and radar systems with Tehran during the opening days of the conflict — what one official described as a “pretty comprehensive effort.”

The Wall Street Journal reported that the assistance went beyond location data: Russia was also feeding Iran satellite imagery from its Aerospace Forces, giving Tehran a clearer picture of what its strikes had hit and what to aim at next.

The results were visible in the strike patterns themselves. Meanwhile, satellite imagery found that at least 228 structures or pieces of equipment were hit at United States military sites across the Middle East, with radar installations, communications facilities, and air defense equipment among the most heavily targeted — a level of precision that exceeded Iranian strike patterns in the 12-day war between Iran and Israel in June 2025.

That precision has a signature. Iran had spent years supplying Russia with Shahed drones for use against Ukraine; Moscow was now returning the knowledge investment with interest. Russia shared battlefield lessons from its drone war in Ukraine with Iran, including guidance on strike altitudes and how many drones to deploy in a single wave — drone swarms used to overwhelm radar, followed by precision missile strikes against command-and-control nodes. Moreover, Iranian strike patterns in the Gulf increasingly resembled Russian tactics honed in Ukraine.

Jennifer Kavanagh, senior fellow and director of military analysis at Defense Priorities, tells The Cipher Brief that Russian and Chinese assistance is a direct reason for Iran’s improved targeting between June 2025 and the most recent conflict.

“However, the United States provided similar intelligence to Ukraine, so it is hard for the Trump administration to push back,” she explains.

The groundwork Russia laid before the first shot was fired made the intelligence-sharing during the war far more lethal. Russia built and launched the Khayyam satellite in August 2022, a Kanopus-V Earth-observation platform with a resolution of 1.2 meters, giving Tehran the ability to conduct near-continuous surveillance of specific United States and Israeli military facilities.

S-400 air defense components began arriving in Iran from Russia in 2024, with at least one battery deployed near Isfahan. Years earlier, Moscow had also delivered the Rezonans-NE, an over-the-horizon radar that can track stealth aircraft and ballistic missiles out beyond 400 miles.

What greeted United States and Israeli aircraft over Iran in February 2026 was not purely Iranian. The detection infrastructure had Russian fingerprints on it — years of deliberate investment in Tehran’s ability to see and track what was coming.

China’s fingerprints: navigation, components, and the dual-use pipeline

What China offered Iran wasn’t firepower. It was independence. Folding Tehran into BeiDou — Beijing’s military-grade satellite navigation system — meant Iran’s drones and missiles no longer depended on GPS signals that the United States and Israel had already demonstrated they could disrupt. During the June 2025 twelve-day war, Israeli jamming knocked out Iranian GPS-guided weapons almost immediately.

By the fourth day, Iran had shifted its drones, cruise missiles, and ballistic weapons onto BeiDou-3, and the jamming stopped working. The system’s encrypted military signals, defense analysts say, are essentially unjammable.

The dual-use component pipeline ran deeper still. In February 2025, the United States Treasury Department sanctioned Chinese front companies supplying gyro navigation devices to enhance Iranian-made UAVs. In November 2025, a separate network connected to Iran’s Aircraft Manufacturing Industrial Company was accused of using shell firms to acquire Chinese sensors and navigation equipment. Since China gave Iran access to BeiDou in 2021, Tehran has also used the system to produce decoy signals to confuse threat analysis and conceal actual Iranian military movements.

There is a pattern worth noting in how Chinese dual-use exports to Iran have moved. They rose after Trump signed a maximum pressure memorandum on Iran in early 2025. They rose again after the United States strikes on Iranian nuclear facilities in June 2025. Beijing has not acted despite American escalation. It has acted because of it.

Multiple sanctioned Iranian ships believed to be carrying sodium perchlorate, a precursor material for solid-propellant rockets, have traveled from China to Iran since the war began. Shanghai-based MizarVision — which holds a Chinese National Military Standard certificate and, like all Chinese companies, operates under Beijing’s national security law — systematically published AI-enhanced satellite imagery of United States military movements throughout the conflict, including carrier strike groups and F-22 positions at regional bases.

Iranian strikes later hit a number of the sites MizarVision flagged. Jing’an Technology was doing much the same. For Beijing, the arrangement was convenient — private firms, at least on paper, doing work the Chinese government could disavow.

Washington also accused SMIC, China’s largest chipmaker, of supplying chipmaking tools and technical training to Iran’s military industrial complex, beginning roughly a year before the war. Beijing denied each allegation in sequence.

The reconstitution problem

The deeper strategic problem is not what Russia and China did during the war. It is what they are positioning to do after it.

After suffering major battlefield losses during the October 2024 Israeli campaign and the June 2025 twelve-day war, Iran was able to rapidly reconstitute key elements of its missile and military infrastructure with external support — restoring its ability to threaten the United States and its regional allies in a matter of months. The pattern repeated itself after February 2026. The ceasefire may have halted the kinetics, but it did not halt the resupply.

MANPADs fit the reconstitution requirement precisely — lightweight, dispersible, and effective against the low-flying aircraft that United States and Israeli forces would rely on in any renewed campaign.

Not everyone thinks sanctions were ever the right tool here.

“This is not new,” Kavanagh notes. “China provided Iran with new weapons and air defense systems after the 12-day war and has assisted Iran’s military in other ways for years.”

Sanctions, meanwhile, are losing their bite. “Sanctions and export controls slow reconstruction as they temporarily disrupt procurement networks,” Brodsky says, “but the challenge is the Iranian regime has been adept at establishing new workarounds and evasion mechanisms — sometimes faster than the United States government can dismantle them.”

“U.S. sanctions have begun to lose their effect,” Kavanagh says. “China and Russia have proven adept at avoiding them and are willing to ignore them. Sanctions won’t prevent Iran from rearming.”

Defense analyst John Wood tells The Cipher Brief that the physical resupply is already moving. During the ceasefire, he says, Russia has been pushing assets across the Caspian Sea while China has been using overland rail routes to do the same — a coordinated, parallel effort to rebuild Iranian capacity before any renewed hostilities. “The objective is obvious,” he says. “Bleed the United States and Europe economically and militarily.”

Asked about the MANPAD intelligence on April 12 as he left the White House, Trump issued a terse warning: “If China does that, China will have big problems.” Whether that threat lands before the shipment does remains the operative question — particularly given that the joint statement from the Beijing summit includes agreement that Iran must never obtain a nuclear weapon and that the Strait of Hormuz must remain open, but contains no explicit commitment from Xi on weapons transfers to Tehran.

Beijing’s leverage over Washington is not limited to the battlefield. The late October 2025 exchange in South Korea, Washington's suspension of the Bureau of Industry and Security Affiliates Rule, and Beijing's pause on rare-earth export controls were a pointed illustration of how much the United States’ defense industrial base depends on materials that China controls and can restrict at will.

It holds cards over Tehran’s survival. And it is playing both — publicly mediating while quietly rearming, letting Russia absorb the harder accusations while preserving its own deniability.

Both Moscow and Beijing share a structural interest in the outcome, even if their calculus differs.

“Beijing and Moscow are happy to watch the United States waste its military power in the Middle East,” Kavanagh says, “but both also suffer costs from the war. For Beijing, higher energy prices and the precedent created by the closure of the Strait of Hormuz are worrisome even if they are glad to see Washington entangled in the Middle East.”

Both, she argues, would like to see the war end, but on terms favorable to Iran. Brodsky puts the longer-term stakes more plainly.

“If the United States meaningfully erodes the Iranian regime’s capability to project power beyond its borders, that actually harms Russia and China in the long run — as they now have a weakened partner.”

Neither Moscow nor Beijing wants an Iranian collapse that would invite American consolidation across the region. What they want is a Tehran that survives, reconstitutes, and keeps Washington consumed. The ceasefire is not the end of the strategy. For both powers, it is the condition under which the next phase begins.

“The longer the war goes on, the more it works to China’s advantage,” Wood says. “And raises the likelihood of a Taiwan blockade.”

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Inside the FBI’s New Push to Track Leaks and Monitor Employees

OPINION — “The FBI requests $7 million to procure and deploy a digital watermarking solution capable of embedding unique digital forensic watermarks in commonly shared documents to mitigate unauthorized disclosures from the FBI’s classified and unclassified networks. Digital watermarking embeds a unique overt or covert forensic marker into emails and other commonly used file types, making it possible to attribute leaked information via screen photography or other non-traditional means back to the user. If information is exfiltrated from an FBI-managed endpoint, the watermarking solution can trace the document back to an employee or group of employees.”

That’s a quote from the 94-page FY 2027 FBI Budget Request to Congress that was released in March under a section entitled “Transparency of Government and Promoting Public Trust.”

I was aware of the investigative use of watermarks to track down confidential government documents, but I had never believed I would find a government agency, particularly the FBI, acknowledging publicly they were using it to keep tabs on their own employees.

Much to my surprise, the FY 2027 FBI Budget Request to Congress showed other FBI programs to catch leakers inside the Bureau. The Bureau budget document also describes other programs that are worth some public disclosure which I will discuss below.

First, some explanation.

I had decided to look into the proposed FY 2027 FBI budget after reading some nasty exchanges that took place at the May 12, Senate Appropriations Committee hearing on the Bureau’s budget. FBI Director Kash Patel was a witness and several Senators raised questions about recent news stories about Patel’s personal activities, to which he made a strong vocal defense of the activities.

After one bitter argument over stories about Patel’s alleged excessive use of alcohol, Sen. Chris Van Hollen (D-Md.) asked the FBI Director if he had ordered polygraph tests for FBI personnel to determine the sources of these leaked stories.

Patel responded, “There's an internal inspection review process for any and all leaks -- especially of baseless information -- at the FBI that's been in place for the last 30 years. Those processes are followed by career intelligence and agents on the ground.”

My interest in the FBI’s “internal inspection review process for any and all leaks” led me to the FY 2027 FBI Budget Request to Congress and there under a section called “Transparency of Government and Promoting Public Trust,” were descriptions of not only the watermark program, described above, but also one entitled User Activity Monitoring (UAM) Technology.

With UAM, according to the FBI budget document, “The FBI is strategically shifting its insider risk identification posture from traditional reactive activities to enhanced proactive approaches, allowing for early detection and mitigation.”

It then says that the FBI planned to purchase a “risk management suite” and, once procured, the Bureau will need $11.4 million in FY 2027 to support operation of the system.

Back in December 2025, the FBI awarded a five-year, $7 million contract to Everfox LLC to provide an Insider Threat Management Suite with UAM capability and User and Entity Behavior Analytics capabilities.

According to the FBI Budget document, “The UAM module will serve as the FBI’s primary monitoring and logging tool, capturing and analyzing all employee activity…The system generates real-time alerts, audit logs, and reports to notify insider threat analysts of potential risks, such as unauthorized access to sensitive data or files.”

As for the Behavior Analytics capabilities, that module uses “advanced analytics across all FBI-managed endpoints to detect anomalous and high-risk user activity indicative of insider threats.”

In short, to track down leaks the FBI has put in place a system to monitor employee computer usage and analyze that usage to detect any that is unusual. Although the Everfox systems purchased are directed at monitoring FBI employees to prevent leaks of any kinds of information, the FBI budget justifies this approach by referring to an Executive Order signed in 2011 by then-President Barack Obama which was aimed to protect Bureau classified information from outside hackers.

So far, however, the stories questioning Patel actions continue, as seen Sunday with the New York Times story headlined, “Patel’s Pearl Harbor Snorkeling Trip Adds Concerns About his travels.” The authors claim they spoke with “more than a dozen current and former FBI and law enforcement agents,” as well as Freedom of Information material.

Another FBI program disclosed in the FY 2027 FBI Budget Request to Congress relates to implementing President Trump’s September 2025 National Security Presidential Memorandum-7 (NSPM-7), Countering Domestic Terrorism and Organized Political Violence.

According to the FY 2027 FBI budget document, “In recent years, heinous assassinations and other acts of political violence in the United States have dramatically increased. Commonly, this violent conduct relates to views associated with anti-Americanism, anti-capitalism, and anti-Christianity; support for the overthrow of the U.S. Government (USG); extremism on migration, race, and gender, and hostility towards those who hold traditional American views on family, religion, and morality.”

To meet this challenge, the budget document says, the FBI now oversees the “recently created NSPM-7 Joint Mission Center (JMC),” which is “composed of personnel from 10 [Federal] agencies who possess CT (counterterrorism) and criminal operational and analytical expertise. The JMC is working to counter DT (domestic terrorist) and organized political violence by integrating intelligence, operational support, and financial analysis to proactively identify networks and prosecute domestic terrorist and related criminal actors.”

So far, there have been no reported activities of the JMC, but organizations such as the Brennan Center For Justice point out that NSPM-7 excludes high-profile examples of domestic political violence that do not comport with its storyline, such as the January 6, 2021, attack on the Capitol.

I close with one element of his time as FBI Director that Patel seems most proud of.

As he put it during his May 12 testimony, “Before I got in the [FBI Director] seat, over one-third of the entire FBI workforce was located in the National Capital Region. When I got here, I put a thousand agents into the field permanently. Every single state got more agents than they've ever had. Behind that, I sent 300 intelligence analysts into the field permanently. Behind that, I sent 500 support staff and program managers into the field permanently. And that's only Conus [within continental U.S.]. We've also expanded our overseas footprint. So, decentralizing the bureaucracy of Washington, removing the red tape in the bureaucracy, putting agents in the field…is how we're getting the mission done.”

Time will tell how that Patel action has worked out.

Patel also added to the above statement, “no one at this FBI is allowed to politicize or weaponize law enforcement. If you do, you don't get to work there anymore.” Reviewing the number of FBI officials and special agents that have been summarily dismissed since Patel’s appointment, including those who were assigned to participate in Trump-related investigations, I don’t believe that statement can be considered accurate.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Roses, Trees, and Power: The Symbolism Behind the Trump-Xi Summit

Last week’s high-level summit in Beijing between President Trump and President Xi achieved few traditional ‘deliverables’ between the two leaders, and this led many outside observers to dismiss its singular importance. No significant trade deals were made, and there was little diplomatic progress with respect to ending the wars between Iran and America, or Russia and Ukraine. There was no mention of North Korea, or China’s possible influence with respect to a resumption of diplomatic negotiations between America and North Korea regarding the latter’s nuclear program. President Xi and President Trump pledged to work towards “constructive strategic stability” in the US-China relationship. But Xi’s comments about Taiwan – which could be interpreted as an indirect threat – in which he warned Trump, “If handled poorly, the two countries will collide or even clash, putting the entire US-China relationship in an extremely dangerous situation,” set the background tone of the summit. Despite other cordial words by both leaders – Trump repeatedly praised Xi as a “great leader” - many observers suggested that the summit had no significant or measurable outcomes, except for optics, symbolism, and body language. But for President Xi, these were – and are – the key ‘deliverables,’ making the summit, where he and Trump acted as equals (e.g. “G-2,” in Trump’s words), a critical success for him and China.

For some, President Trump’s trip to Beijing might remind one of Lord Macartney’s 1793 mission to China. Xi proved a gracious host, showcasing China’s achievements, history, culture, and ancient beauty. To truly understand Xi’s perspective, the setting, symbolism, and body language are critical. On the last day, Xi and Trump held an informal meeting in the lovely and historic Imperial Gardens of Zhongnanhai, where they strolled together while conversing and later, enjoying tea. Xi pointed out trees that are 490 years old, and in other cases, over 1000 years old. He asked Trump to touch the trees, highlighting their place in the gardens’ history. When President Trump commented on the beauty of the roses, President Xi offered to send some seeds from the Imperial rose garden back to the White House. For Xi, such symbolism is key, with a subtle framing of his message being, America is celebrating its 250th anniversary this year. But China is a civilization – like these trees – that has been in existence for thousands of years. Xi could not have said it better — or been more pleased.

Xi’s sophisticated diplomacy and aspirations (“The Chinese Dream of Rejuvenation”) have always been paired with strategic thinking (the concept of shi, described by Professor David Lai as “the alignment of forces, the propensity of things, or the potential born of disposition”), ruthlessness, and an increasingly confident posture regarding China’s domestic and international interests. The Xi-Trump summit showed them interacting as complete equals. For Xi and China, such images at last week’s summit serve to erase more than a century of humiliation. And China’s goal of becoming the world’s dominant superpower by 2049 (the centenary of the PRC’s founding) has not changed. Nor has it altered its gray zone strategy targeting America and the West, its cyber-attacks, its espionage efforts, its desire to dominate the key industries of the 21st Century, its military buildup in the South China Sea, its theft of intellectual property, its aggressive moves towards Taiwan, or its economic reach with respect to the Belt and Road Initiative. Today’s President Xi is unchanged from 2017, when he first hosted President Trump on a state visit to Beijing.

But Xi ought to be careful, as he prepares for his next summit with President Trump in late 2026. It is convenient for Xi to assert, as he has frequently done, that the East is rising, while the West is in decline. And many critics would agree that given a divided, polarized America, a lame-duck President with falling poll numbers, and a nation bogged down by military conflicts in the Middle East, Xi is correct. But I’d argue that they and Xi have a potential blind spot. Such an analysis of American and western decline, coupled with China’ remarkable achievement in lifting 800 million citizens out of poverty since 1949, while becoming the world’s 2nd-largest economy, risks ignoring America’s resilience, as it approaches its 250th birthday in July 2026. President Trump has always showcased his mastery of media and spectacular events too. At his next summit with President Xi, he ought to highlight America’s exceptionalism, and walk with Xi along the Mall, George Washington’s home in Mt. Vernon, and let Xi touch and feel not a tree nor roses, but Philadelphia’s famed Liberty Bell. Such symbols and gestures can matter. President Trump’s optics can thereby say, this too, is America. Freedom. Courage. Faith. Nationhood. Endurance. And Liberty. Old concepts, old values, which stand the test of time.

Dr. Kenneth Dekleva served as a Regional Medical Officer/Psychiatrist with the U.S. Dept. of State from 2002-2016 and is currently the CEO of Blackwood Advisory Solutions LLC and Professor of Psychiatry, UT Southwestern Medical Center, Dallas, TX. The views expressed by Dr. Dekleva are entirely his own and do not represent the views of the U.S. Government, the U.S. Dept. of State, or UT Southwestern Medical Center.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The administration needs a better relationship with the Vatican

President Reagan formed an alliance with Pope John Paul II in the 1980s that contributed to the dissolution of the Soviet Union in 1991.

This is a powerful precedent for two world leaders — Pope Leo XIV and President Trump — to work together to oppose evil and seek global peace and stability.

Secretary of State Marco Rubio’s meeting with the pope on May 7 was a powerful gesture that showed the U.S. government wants a close, cordial relationship with the Vatican. According to the Vatican, both pledged to improve bilateral relations after Mr. Trump accused Leo of being “terrible for foreign policy.” The pope had commented that Mr. Trump’s “threat to destroy Iran’s whole civilization” was “truly unacceptable.”

Francesco Sisci, an Italian sinologist, author and columnist who maintains close ties with the Vatican, said Mr. Rubio’s meeting with the pope went well. He said: “The pope tells the world there’s another America besides the controversial president. The pope’s America is the one the world loves to love. This should be important for the U.S. Active and intense dialogue should follow up this meeting to keep the momentum.”

Yes, to keep the momentum. The Vatican has consistently been opposed to war and nuclear proliferation in favor of peace and stability. Indeed, it was the U.S. after World War II that worked hard to bring peace and stability to a global community exhausted and devastated by the war.

Unfortunately, the Cold War followed, starting with the Korean War. An expansionist Soviet Union was determined to spread communism throughout the world: in Vietnam, Angola, Ethiopia, Mozambique, Yemen, Libya, Czechoslovakia, Nicaragua, Grenada and, in 1979, Afghanistan. Fortunately, they failed.

What contributed to the Soviet Union’s defeat was Reagan’s relationship with Pope John Paul II. Both viewed Soviet communism as an evil that denied the Russian people and the Eastern Bloc their human rights and dignity. Indeed, it was Reagan and John Paul II’s first meeting at the Vatican in June 1982 that initiated their close bond.

What followed was a close working relationship that contributed to the defeat of communism and the dissolution of the Soviet Union in 1991.

The partnership between the U.S. and the Vatican was characterized by intense, behind-the-scenes information sharing about the Soviet Union and coordinating actions in Eastern Europe. The pope provided the spiritual and moral inspiration to the Solidarity movement in Poland, weakening the authority of the Polish communist government.

Both the U.S. and the Vatican sent news into the Soviet Bloc, undermining the communist fake narrative. Indeed, the pope provided the moral voice, and Reagan, the geopolitical pressure.

This partnership peacefully transformed Eastern Europe. Can the partnership of the U.S. and the Vatican be replicated for the war in Iran?

Iran’s nuclear ambitions, the regime’s killing of more than 30,000 Iranian peaceful protesters earlier this year and its acts of terrorism, which have killed hundreds of Americans, are just some of the information we can and should share with the Vatican.

Conversely, the Vatican can share its moral options for changing the behavior of an Iranian regime that is viewed as a pariah state by its neighbors and the international community.

A collaborative U.S.-Vatican partnership to address other global issues, such as the wars in Ukraine and Sudan, and the ongoing conflict in the Gaza Strip, could be valuable. If the Vatican was helpful in bringing an end to the Cold War, then why are we not partnering with it on the multitude of ongoing global conflicts?

Hopefully, Mr. Rubio’s meeting with Pope Leo XIV is the beginning of a productive relationship with the Vatican, one that will bring peace and stability to the world.

This piece was originally published by The Washington Times and is republished here with permission.

The author is a former associate director of national intelligence. All statements of fact, opinion or analysis expressed are those of the author and do not reflect the official positions or views of the U.S. government. Nothing in the contents should be construed as asserting or implying U.S. government authentication of information or endorsement of the author’s views.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Sustaining Decision Advantage: The Case for Analytic Tradecraft Reform

OPINION -- In an era where warfighters and decision-makers have on-demand access to vast data holdings and AI-generated insights, the future of intelligence analysis will be defined by the ability to apply modernized analytic tradecraft to transform data into decision-ready insight. Where others may optimize for speed, scale, and profit, the intelligence community must bring methodological rigor to create decision advantage.

The Promise and the Peril of Analytic Tradecraft

The scripture inscribed on the CIA’s Original Headquarters Building reads: “And Ye Shall Know the Truth and the Truth Shall Make You Free.” The words express an optimistic belief that objective truth can be identified and communicated. This premise, however, is increasingly under strain.

The Cold War-era architects of modern analytic tradecraft understood that intelligence analysts are no less susceptible to cognitive bias than anyone else. This led Sherman Kent, Richards Heuer, and others to develop a framework of analytic methods to ensure the objectivity of intelligence assessments. The methods encourage analysts to “show their work” and take active measures to mitigate cognitive bias, manage uncertainty, and boost decision-makers’ confidence in analytic conclusions.

The intelligence community’s adoption of a universal set of analytic tradecraft standards after the 9/11 terrorist attacks and the flawed assessment of Iraq’s WMD programs marked a high point in the use of analytic tradecraft.

Administrative formalization and the passage of time, however, have increased the risk of over-correction and ossification. Today’s analysts and managers must guard against the danger that tradecraft becomes a performative, backward-looking bureaucratic exercise disconnected from the national security mission.

The New Analytic Ecosystem

The U.S. Intelligence Community’s analytic tradecraft standards were designed for an information environment characterized by scarcity and secrecy, where long-form textual reports were the ultimate decision-support tool. We no longer operate in that world.

As of 2023, the National Geospatial-Intelligence Agency (NGA) was ingesting 70,000 new data points per second. At the same time, virtually anyone with a credit card can now access commercial GEOINT, commercial SIGINT, and millions of unique OSINT sources.

Amid this vast sea of data, political and military leaders now have access to a rapidly growing number of commercial analytic services. Dozens of defense technology companies are now testing these AI-enabled capabilities in Ukraine, Gaza, and Iran with an eye toward marketing battle-tested analytic tools to eager governments around the globe.

These changes in the information environment have given rise to a new analytic ecosystem in which the relative share of information the intelligence community provides to decision-makers is rapidly shrinking, and the community’s primacy as the go-to source for decision advantage is increasingly being challenged.

Operationalizing Modern Tradecraft

Amid revolutionary changes in the information environment and the rise of AI-enabled analytic capabilities, there is an urgent need to reaffirm the core principles of analytic tradecraft while simultaneously modernizing them to serve today’s analysts better.

1. Reaffirming mission relevance. Sherman Kent defined intelligence as knowledge for the purpose of action, and identified usefulness to the decision-maker as a key criterion for evaluating the quality of an analytic assessment. The OSS veteran observed that analysis that is inaccurate, incomplete, late to need, or lacks an obvious linkage to current national security decisions or future threats is—in a word—useless.

Intelligence Community Directive 203 lists decision-maker relevance as the fifth of nine analytic tradecraft standards on the sixth page of an eight-page policy document. It is not unreasonable that some may conclude that customer relevance is not a primary concern.

To be useful, analytic assessments should be decision-relevant, providing information and insights pertinent to U.S. national security and foreign policy, or highlighting emerging issues and threats that may require decision-maker attention. Assessments must be delivered in time to inform the decisions they are meant to support or to provide prompt warning of emerging threats. By necessity, an emphasis on decision-relevance and timeliness will create tension with analytic rigor and completeness. Skillful analysts and managers must actively manage these trade-offs to meet mission needs.

Usefulness is also a function of accuracy and focus. In today’s hyper-saturated information environment, analysts play a vital role in helping decision-makers determine which reporting and data can be independently corroborated. Analysts can also prevent information overload by prioritizing key reports and data essential to understanding an issue, while filtering out unnecessary details and unsupported judgments.

Maximizing the usefulness of analytic assessments for decision-makers requires a functioning relationship between intelligence agencies and the decision-makers they support. This necessitates active engagement and two-way dialogue that provide analysts with a deep and nuanced understanding of decision-makers' requirements and priorities. Without a functioning relationship, discerning decision relevance becomes an exercise in guesswork.

2. Reinforcing analytic objectivity. In a world where decision-makers have near-infinite choices in where they obtain information, the research methodologies, structured techniques, and standards that intelligence analysts use to ensure accuracy, rigor, and objectivity are key differentiators. These methods create decision advantage by helping reduce risk, manage uncertainty, and increase confidence in analytic conclusions.

Objectivity in AI-enabled analytic outputs must be defined technologically and methodologically, and analysts must make the case to decision-makers why they should have confidence in these tools.

The foundation of objectivity is transparency and methodological rigor. Existing tradecraft standards require analysts to provide detailed descriptions of the sources and methods used to form judgments. These descriptions include evaluations of their strengths, limitations, and potential biases. These standards must now be modernized and expanded to incorporate AI data inputs, prompt traceability, and model selection rationales. The standards should also be integrated directly into AI-enabled analytic tools. The recent Intelligence Community Directive on AI includes provisions intended to close this gap, but more work is necessary to fully integrate and align the community’s technology, data governance, and analytic tradecraft standards.

Analysis of alternative competing hypotheses, a long-standing method for detecting and mitigating cognitive bias, is both more important and more achievable with the proliferation of AI. Analysts are obligated to stress-test analytic conclusions against contradictory reports and competing hypotheses and report the results. While this has historically been a time- and labor-intensive task, AI-enabled tools and techniques can now test alternative hypotheses at scale. Establishing community-wide tradecraft standards for integrating these tools and techniques into analytic workflows will be instrumental in maintaining human accountability for analytic outputs.

3. Modernizing intelligence delivery. Current analytic tradecraft standards remain rooted in the analog text era. This technological latency is evident in the frustrations of decision-makers who use tablet computers to access analytic conclusions with the devices’ limited functionality, even though they have been in service for more than a decade. Along the same lines, the guidelines for formatting the endnotes in an analytic product rival the level of detail found in The Chicago Manual of Style, but are largely silent on how to maximize the usefulness and objectivity of visual and digital media. This can create operational risk when extremely high-quality visuals convey a level of certainty and confidence not supported by the underlying intelligence.

The intelligence community should modernize its analytic tradecraft, sourcing, and dissemination standards to better support the delivery of analytic conclusions via dynamic dashboards, visualizations, and structured analytic observations. Uncertainty and confidence must be encoded into these products, just as they are for text-based reports. This can be achieved by developing and consistently applying analytic tradecraft standards for new media that leverage interactive overlays, pop-ups, and uncertainty visualizations.

A Call to Action

The intelligence community now has the opportunity to proactively modernize its analytic tradecraft standards to sustain decision advantage. This window of opportunity will not remain open indefinitely.

The proliferation of AI-enabled analytic tools, in the absence of a shared set of standards and methodologies to mitigate cognitive bias, manage uncertainty, and ensure substantive accuracy, has introduced new risks into the national security decision-making process. The private-sector innovators leading the development of these new tools, and their commercial and foreign government clients, have different incentive structures and risk tolerances than the U.S. government, and they will not wait for the intelligence community to take action.

In today’s competitive analytic ecosystem, analytic tradecraft is a key differentiator. If the intelligence community does not act to reaffirm core tradecraft principles and modernize existing standards to take full advantage of AI-enabled tools, it risks being outpaced by private-sector intelligence providers and bypassed by national security decision-makers.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Threat of Sino-Russian Opportunism

KREMLIN FILES/COLUMN: As Washington's attention continues to be diverted with an Iran unwilling to come to a comprehensive peace, a more dangerous question lurks in the strategic shadows: what if America's most daunting rivals, one of whom is already at war, and the other not, decide to act with what they see as a historic imperative to change the global order? A Russian attack, for instance, against the Baltics and a move against Taiwan might not require a secret Sino-Russian war plan—only the same strategic conclusion in Moscow and Beijing that the moment is ripe. In such a scenario, would Russia and China share intelligence, coordinate contingency planning, or align potential operational timelines? Or is the greater risk something subtler: parallel opportunism fueled by intelligence miscalculation about U.S. resolve and capacity.

These questions are no longer theoretical. They spark lively debates among think tanks, military leaders, and allies across Europe and the Indo-Pacific. The idea of simultaneous crises, one in Eastern Europe and another in the Taiwan Strait, has become a common thread in war games and policy papers. War with Iran now also raises the specter of whether one or both of our adversaries may act opportunistically if the U.S. becomes bogged down in a prolonged campaign. However, the debate and war games are often focused on the wrong factor: whether Beijing and Moscow would officially coordinate an attack on the U.S. or its allies.

History suggests a more unsettling possibility. Great powers with converging interests do not need an integrated command structure to complicate American and allied strategy. They need only recognize opportunity when it appears. Could the U.S. and its allies respond effectively if challenged by both China and Russia, or, given recent heavy U.S. involvement now in Iran, might one or both engage in aggression while the U.S.is already at war?

On the eve of the conflagration that became World War II, the United States was content to sit in isolation, and debate raged over whether to pursue those policies or to stand with Europe against the Axis. The UK was fighting for its survival since 1939, France had surrendered to Nazi Germany, and the Soviet Union was on the brink of complete annihilation of its armies by the end of 1941. The Germans in December were 20 km from the Kremlin's towers on the very approaches to Moscow. That same week, Japan attacked the United States in an unprecedented event that FDR labelled "a day which will live in infamy." Americans have not forgotten that day, and we never should.

But we should also not forget, as was revealed after the war, that there was no meaningful collaboration between Nazi Germany and Japan on their war policies, nor on strategy more broadly. Hitler acted on what he saw as an opportunity and declared war on the United States within days of Pearl Harbor, despite little to no consultation or joint planning with Japan. It is an example of two expansionist powers that had an alliance but still acted independently, taking advantage of each other's actions. Similarly, Japan decided not to go to war with the Soviet Union, knowing it could potentially be overwhelmed by China and the USSR in Manchuria. Countries will do what is in their own interest, despite alliances.

Both axis powers suffered from poor strategic intelligence. Hitler had no idea Japan was about to attack the United States, nor did he anticipate the ire and resolve of the American people. In turn, Joseph Stalin would have known more about Germany's attack on the USSR than Japan did if he had only listened to his spy Richard Sorge, who was well placed in Japan among Nazi circles. Sorge, a Russian “illegal” posing as a German, gained the trust of the Nazi ambassador in Tokyo. He accurately reported on the German attack to come but was caught and executed by Japanese counterintelligence. Tragically for the USSR, Sorge’s intelligence, which did not fit the dictator's view of events, was ignored. It is a lesson for our time as well.

Russia and China are not formally aligned like the Axis powers were. Among their intelligence agencies—the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and Main Intelligence Directorate of the General Staff (GRU) on one side, and the Ministry of State Security together with the PLA's Joint Staff Department Intelligence Bureau on the other— there is very little trust. For decades, and despite their claims of an "alliance without limits," they have distrusted each other nearly as much as they do their "main enemy," which the Russian agencies still refer to as the United States.

Fortunately, China and Russia have never had any intelligence-sharing relationships or broad agreements like the U.S. has with NATO, nor anything close to our extensive intelligence-sharing alliances under "Five Eyes." What they do share stems from a common intelligence culture, rooted in the early Cold War, when Moscow served as a training ground for generations of Chinese intelligence leaders, hosted at NKVD and later KGB academies. This tradition persisted throughout the Cold War and continues today, with the SVR keeping long-term training relationships at its "AVR" foreign intelligence academy for students from countries they consider allies, including China. In turn, the Russians try to recruit these guest intelligence students as penetrations into their allies' services. The Chinese do the same with Russian delegations.

Despite their distrust, intelligence systems in both countries could still drive their powers to war against the U.S., even absent joint military policy and potential "war plans." Crucially, internal pressures within both systems may heighten the current risk of global war more than at any time in decades. Russia's intelligence services remain under scrutiny after serious misjudgments that preceded the invasion of Ukraine. Russia’s intelligence agencies, especially the FSB, fed the Kremlin overly optimistic assessments about Ukraine's weakness, in part because institutional incentives discouraged delivering unwelcome truths. Additional embarrassment—from failures surrounding Venezuela and other foreign ventures which have blindsided Putin—has intensified pressure within those same services (for example, Putin reportedly was furious at SVR Director Naryshkin over the latter's failure to give any warning how far the U.S. would go in Venezuela; it continues Putin's long-term dissatisfaction with his foreign intelligence service and its head, as witnessed in February 2022 when he embarrassed Naryshkin publicly, asking him to "speak plainly, Sergey!").

Russia has been at war for four years. If one tunes in to one of the many state-run TV channels any given night, the Russian people are fed a narrative that they have been in a state of war, allegedly with NATO directly, for years. How much of a stretch is it for the SVR and their sister intelligence services —beaten down with Russia's military after four years, but adapting and recovering still from heavy losses —to convince Putin to take advantage of a distracted United States and potentially fractured NATO to make a move, even a limited one, in the Baltics?

There’s another aspect of the three main Russian intelligence services that is not fully understood in the West. They are constantly at each other’s throats, competing for any light from their great leader, and undermining each other at every turn. And in an atmosphere of constant distrust, they are forever in a game of one-upsmanship. This contributes to the risk that, in an effort to impress the boss, the Russian services will continue escalatory hybrid war actions in Europe that could stumble them, and NATO, into a much larger conflagration.

China faces a different but related problem. Purges within the People's Liberation Army and security apparatus have shaken the institutional confidence of Beijing's intelligence community. Analysts in their military intelligence arms tasked with judging whether China is truly ready for war over Taiwan may feel pressure to validate political timelines rather than challenge them. The removal of Xi's "big brother" from the leadership leaves few willing to challenge Xi's decision-making. His services are more likely to tell him what he wants to hear, now more than ever.

When intelligence becomes politicized, the danger is not simply miscalculation. It is acceleration. The United States has experienced this problem in its own history; our own intelligence community did not provide its best analysis for the American people in the pressure-cooker environment after 9/11, and the lead-up to the start of the Iraq war in 2003. Our rivals are hardly immune. The result can be decisions based not on reality, but on what leaders want to hear.

That dynamic—combined with global distraction—is precisely how great-power crises cascade. Germany's decision to declare war on the United States after Pearl Harbor was not a coordinated strategy so much as an opportunistic escalation. The lesson endures: wars spread when adversaries believe the moment is ripe.

Chinese leaders might conclude that the moment to coerce Taiwan (by blockade, for instance), or move directly for reunification has arrived if the U.S. continues to deplete key weapons' stocks in Iran, and with Europe focused on a resurgent Russia. The logic would not require coordination with Moscow or Tehran, and coincides with the 100th year of the PLA’s founding in 2027, a date Xi has long marked on the calendar. Indeed, the scenario is more threatening with sequential opportunism: Russia moves first against the Baltics, even in a limited fashion over some false pretext or minor land grab; but, and this is key, creating a European crisis beyond the already fractured alliance touch points over Ukraine. China then exploits the distraction, or the scenarios are flipped. Both now, regrettably, are equally plausible. Both might also be fed by poor intelligence on all sides.

Certainly, Russia and China would love to divide the world between their aggressive and imperialist ambitions, just like Japan and Germany dreamed of ninety years ago. Their policies demonstrate that. It is up to the United States and our allies to demonstrate a real deterrent, one that will never allow this century to be later termed a Russian century, nor a Chinese one.

A Bridge Too Small: Why $49 Billion Can’t Fix a $1.5 Trillion Problem

Welcome to The Iron Triangle, the Cipher Brief column serving Procurement Officers tasked with buying the future, Investors funding the next generation of defense technology, and the Policy Wonks analyzing its impact on the global order.

At least once per week, I meet well-intended, patriotic investors putting together funds aimed at bolstering our national defense. They are frustrated with the government, they lack confidence that our military has what they need to fight and win the next war, and they want to help. But the scale of the challenge has moved beyond more infusions of capital.

In April 2026, the Department of War (DoW) officially upped the ante, requesting a historic $1.5 trillion for the FY2027 budget. This staggering figure, a 42% increase over previous levels, is a generational attempt to buy back a military edge. But as $49 billion in private capital sits on the sidelines, the question isn’t how much we spend, but whether a bureaucracy built for the 1950s can digest a trillion-dollar modernization.

The incredible levels of military innovation we see today are matched only by the incredible frustration that our defense industry has failed to keep pace. How is this possible when the U.S. spends more on its military than the next nine countries combined? And this spending dominance isn't a new trend; the U.S. has maintained its position as the world's leading military spender since the end of World War II. Yet, more capital alone may not save the day. There are strange forces at play, and we must consider the dangers of reliance on private capital to bridge a gap that only structural reform can fix.

Crowning the Neoprimes: Capital Intensity and the New Barrier to Entry

The global defense technology landscape in 2026 has transitioned into a period of unprecedented capital intensity. We have moved beyond the venture-backed experimentation of the early 2020s into an era of high-rate industrial production. This structural shift is underpinned by a surge in global military spending driven by the private market.

Within the first four months of 2026, more than a dozen neoprimes, vertically integrated technology companies designed to compete directly with traditional defense contractors, announced investment rounds exceeding $100 million. Capital is picking winners. Instead of a thousand flowers blooming, the market is crowning a neoprime class. This creates a new barrier to entry; if you aren't one of the dozen with a nine-figure war chest, you are likely an acquisition target.

Traditional primes have historically competed on scale and exquisite engineering. Neoprimes, backed by $100M+ rounds, are competing on iteration speed and software-defined capabilities. By owning everything from the sensor to the AI, they bypass the sluggish sub-contractor sprawl that stifles innovation while driving up prices. They aren't just selling a product; they are selling a faster refresh rate for the battlefield.

The Forgotten Bench

Beneath the neoprime class sits the forgotten bench, thousands of smaller startups with exceptional technology but dangerously thin runways. These companies aren't building entire airframes; they are building the arteries of the future force: the best drone interceptors, the low-latency communications, and the quantum sensors. They have an exceptional understanding of the technology because they designed every circuit, late nights, on weekends, and during the holidays. Their technology works and they are begging for an opportunity to prove it.

For these firms, the $1.5 trillion budget is a mirage. While neoprimes have the capital to act as their own POM sherpas, smaller firms are trapped in the SBIR Treadmill, a cycle of small research grants that provide just enough oxygen to keep them alive, but not enough fuel to actually reach production. If the neoprimes are the bridge, these smaller companies are the raw materials. If we lose the bench, the neoprimes will eventually find themselves vertically integrating empty shells as the underlying research talent flees to the commercial sector.

Surviving the Requirements Gauntlet

This high-speed industrial engine is currently slamming into a low-speed bureaucratic wall. The journey from a capability gap to the battlefield is a gauntlet of acronyms and competing philosophies. While DoW is making progress, they remain mired in anachronistic processes that prevent innovation.

Historically, the requirements development process (JCIDS) was the starting point for new requirements. JCIDS was an 800-day vetting cycle, a massive bureaucratic brake where good ideas often went to expire in a filing cabinet. The 2026 shift has pushed authority back to the individual services, allowing them to define their own must-haves through the Capability Development Document (CDD). This CDD is a massive improvement, but still painfully slow by industry terms.

To bypass the infamous Valley of Death, the military has also leaned into Middle Tier contracting mechanisms, aiming to field tech within five years. In the Pentagon, five years is considered rapid. In the same timeframe Silicon Valley can birth a unicorn, watch it go public, and see its founder retire to a private island.

The Pentagon has also enacted Operational Test, where new systems must prove they function as advertised, even when operated by an exhausted nineteen-year-old in a sandstorm. Only after surviving both the bureaucrats and the elements can a system reach Full Rate Production. This is a lengthy and frustrating process for smaller defense tech companies, waiting patiently while burning through their capital runway.

The Speed Paradox: Industry Building for the Threat

The strategic implications of this massive infusion of cash is profound: industry is now building for the "objective threat" rather than waiting for bureaucratic requirements. Private industry, neoprimes and startups, are already producing systems with capabilities that the government hasn't even considered drafting requirements for yet.

While the $1.5 trillion budget request includes $756 billion for modernization, a significant portion, including $65.8 billion for the "Golden Fleet", favors the heavy steel of traditional primes. For both the $49 billion neoprime class and the scrappy startups, the $1.5 trillion budget is a massive test. Is it a new market for software-defined defense, or just a bigger life-support system for moribund contractors?

Conclusion: Use It or Lose It

The $1.5 trillion FY2027 request is the Pentagon’s effort to perform in a high-stakes game of global deterrence. But money is the easiest part of the equation. If this historic surge fails to deliver lucrative contracts to those waiting under the defense primes by 2027, the private capital markets will recoil.

There is a risk of creating a "use it or lose it" scenario. If the DoW doesn't reform its programming cycles to catch these companies before their funding runs out, this deluge of private capital will dry up and move back to enterprise SaaS or healthcare. Industry isn't just driving the DoW to move faster; it is stress-testing the Pentagon’s relevance. If the DoW fails to figure out how to buy advanced systems fast, the best engineering talent will leave the defense sector entirely, viewing it as a graveyard for innovators.

The Valley of Death has become a proving ground for national will and the Pentagon is facing a mid-life crisis. It’s no longer asking “Can we build it?” but rather staring at a finished tech and asking, “Does this come with a 400-page manual we can spend three years editing?” We have the capital, we have the tech, and now we have the budget. If we still can't field the newest gear, the capital flight will be devastating, and the "Arsenal of Freedom" will be little more than an expensive, aging museum.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Nuclear Arms Race Is Accelerating — and the U.N. Looks Increasingly Powerless

OPINION – Last week, the 11th Review Conference of the Parties to the Treaty on the Non-Proliferation of Nuclear Weapons, currently in session at the United Nations, elected Iran as one of its 34 vice presidents. It did so despite Iran's noncompliance with International Atomic Energy Agency safeguards. The unfortunate decision undermines trust in a conference that should focus on the proliferation of nuclear weapons and the emerging nuclear arms race.

Nuclear weapons proliferation In April, IAEA Chief Rafael Grossi warned during a visit to South Korea that North Korea was significantly boosting its nuclear weapons capacity with the completion of a new uranium enrichment facility at the Yongbyon nuclear complex. He called it a "very serious increase" in the production of nuclear weapons. North Korea is believed to have 50 to 60 nuclear weapons. In a few years, it will likely have up to 100 nuclear warheads that can be miniaturized and mated to short-range and long-range ballistic missiles (KN-2, KN-24 and Hwasong-18, -19, and -20) capable of targeting South Korea, Japan and the U.S. China is rapidly expanding its nuclear arsenal and is expected to have more than 1,000 operational nuclear warheads by 2030, with estimates of more than 1,500 by 2035. Based on satellite imagery, China recently completed the construction of new nuclear missile silo fields in Gansu and Xinjiang provinces. It is an apparent "strategic nuclear breakout."

Russia's war with Ukraine Since Russia's invasion of Ukraine in 2022, Russian ruler Vladimir Putin has consistently threatened to use nuclear weapons to deter European and U.S. intervention in the war. Mr. Putin updated Russia's nuclear doctrine: a conventional attack on Russia or Belarus by a non-nuclear state, if supported by a nuclear power, will be viewed as a joint attack, allowing Russia's use of nuclear weapons. Mr. Putin's objective is to deter Western involvement in the war, especially its provision of Ukraine with long-range, precision-guided missiles that can be used to attack Russian territory.

Recent polls in South Korea consistently show more than 70% public support for the country having its own, independent nuclear arsenal rather than relying on U.S. extended deterrence commitments (nuclear umbrella). North Korea's exponential increase in the production of nuclear weapons using plutonium and highly enriched uranium, and the number and sophistication of the short-range ballistic missiles that can target South Korea (and Japan), have convinced the public that it needs its own nuclear arsenal. In the 1970s, the Park Chung-hee government had an active clandestine plutonium nuclear weapons program, which the U.S. forced South Korea to cancel in 1976. Japan has a sophisticated civilian nuclear industry and a stockpile of plutonium, so it is viewed as a leading "latent" nuclear power capable of producing nuclear weapons if desired. Indeed, Japan depends on the U.S. "nuclear umbrella" for protection from the threats of North Korea and China. Yet given North Korea's growing nuclear weapons capability, there is now more of a dialogue in Japan about the value of the nation having its own nuclear deterrent.

Iran's status as a threshold nuclear weapons state has been an issue that countries such as Saudi Arabia, Egypt and Turkey follow closely. Indeed, if Iran acquired its own nuclear weapons, then each of these countries, and others in the Middle East, would pursue their own nuclear weapons capability. They all have the infrastructure necessary to go nuclear, if desired. Things are on pause now, given the ongoing war with Iran, but once the war is over and if Iran continues to enrich uranium, it is possible that Saudi Arabia and other countries would eventually consider acquiring their own nuclear capabilities.

The United Nations U.N. Secretary-General Antonio Guterres said efforts to eliminate nuclear weapons have been eroding and there is a need to "breathe life into the NPT once more." He went on to mention the new dangers to nuclear proliferation from artificial intelligence and concerns about the growing use of AI in military conflicts. The president of the NPT Review, Vietnam's Do Hung Viet, said two previous review conferences (in 2022 and 2015) failed to reach consensus, hoping to find agreement this time. Unfortunately, it is unlikely that the NPT review conference, which ends May 22, will reach consensus on the critical issues related to nuclear nonproliferation.

This piece was originally published by The Washington Times and is published here with permission from the author.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The Pakistani General Running Washington’s Backchannel to Tehran

OPINION -- As Washington and Tehran edge closer to escalation, the most critical line of communication keeping the crisis from spiraling is being run not by polished diplomats, but by an unlikely figure: a Pakistani general. Field Marshal Asim Munir, Pakistan’s powerful army chief, has quietly become the key intermediary in the U.S.-Iran standoff, managing what may be the most important backchannel between the two sides. The mediation has thrust Pakistan to the center of the crisis while exposing it to enormous risk.

That position is no accident. While others issued statements, Munir helped broker and later extend a temporary ceasefire, facilitated day-long direct talks between American and Iranian officials, and, most importantly, kept communication alive when both sides were pulling back. For those watching closely, his central role is hardly surprising, but it should give others pause. Under his watch, Pakistan has moved aggressively to court the Trump administration, from nominating President Donald Trump for the Nobel Peace Prize to pursuing ambitious deals in critical minerals and cryptocurrency, even as the substance and viability of those efforts remains questionable.

There is no shortage of players trying to mediate the crisis. European governments have floated proposals, China has offered a framework, and Russia has signaled its willingness to help. The United Nations has called for restraint, even as it remains sidelined. Yet behind the scenes, much of the work preventing escalation falls to Munir, a man President Trump has called his “favorite field marshal.” He avoids the spotlight, rarely gives interviews, and conducts much of his mediation quietly and out of sight, often through trusted liaisons.

Still, Pakistan is not the only channel that matters. Qatar appears to be playing a growing role, with recent reporting suggesting Doha has become an increasingly active backchannel between Washington and Tehran. For now, the Qatari and Pakistani tracks appear more complementary than competing. But Doha’s role also suggests Washington may be hedging, keeping Islamabad in play while relying on a mediator with a longer and more established record of quiet diplomacy with Iran.

Pakistan’s role in all this is driven less by neutrality than by pragmatism. Islamabad has stepped in because it has the most to lose from escalation but also the most to gain from renewed relevance. That calculated gamble runs directly through Munir, who has positioned himself as Pakistan’s de facto power center in running the U.S.-Iran channel. There is also a broader regional calculation at work: Pakistani leaders see any renewed relevance in Washington as valuable not only for the Iran file, but also for restoring Pakistan’s weight in a regional order where India has long enjoyed deeper U.S. ties. The Iran backchannel gives Islamabad a rare opportunity to matter again.

Geography explains part of this. Pakistan shares a long border with Iran and sits close enough to the Gulf to feel the effects of escalation immediately, including from energy shocks, security spillover, refugee pressures, and internal strains that have long tested Pakistan's stability. When tensions ease, Pakistan benefits; when they rise, Pakistan pays the price. That reality gives Islamabad a certain credibility and helps explain why both Tehran and Washington are willing to listen.

But geography alone does not explain Munir’s effectiveness. The man himself does. He is not a diplomat, which may be to his advantage. With a background in military and intelligence, he seems to approach mediation differently. According to regional intermediaries familiar with his approach, where traditional mediators tend to focus on managing meetings and timelines, Munir is more focused on shaping perception: how messages are framed, when they are delivered, and how they are likely to be received. In a crisis defined by deep mistrust and bad faith, framing how something is said and heard can matter as much as what is formally proposed.

By some accounts, Munir is known for being his own analyst extraordinaire – arguably less a consumer of analysis than a producer of it – while testing assumptions, connecting intelligence, and weighing risks across nuclear, regional, and economic fronts. That breadth may give him an edge few mediators have. These assessments are based on private conversations with Pakistani officials, regional diplomats, and intermediaries who have dealt directly with Munir and his circle. The views, however, are far from uniform. Some describe him as disciplined, alert, and unusually well-informed. Others describe a far less impressive and more limited figure, questioning whether his reputation exceeds his depth. But even skeptics acknowledge the one point that Munir has developed rare access at a moment when it matters.

What is not in doubt is that access. Munir has cultivated direct lines into the White House while maintaining enough trust with Iranian hardliners to keep conversations going. This dual access allows him to do more than simply relay messages. He acts as a filter, interpreting signals, adjusting tone, calibrating expectations, and reducing the risk of miscalculation. Much of this effort appears to rely on his trusted intelligence chief, viewed by regional officials as the sharper operator behind the scenes.

Of course, none of this makes Pakistan a neutral actor. Islamabad has clear interests, including stability along its volatile border, steady energy access, and stronger security ties with Washington. But neither Munir hides those interests, nor are Washington or Tehran under any illusion about them. For now, both sides appear to see Pakistan’s incentives as aligned with avoiding escalation. In some ways, a mediator that is open about its motivations can be easier to work with than one pretending to have none.

But this is also where the risks begin.

Much of Munir’s mediation process remains opaque. It is unclear who he engages directly on the Iranian side and whether those figures hold real influence, how messages are filtered before delivery, or how much he blends American and Iranian proposals with Pakistani preferences before they reach Washington and Tehran. Those concerns come not only from the secrecy surrounding the talks, but also from private conversations with regional intermediaries familiar with the process, several of whom described Pakistan’s role as extending beyond simply passing messages. Munir may be softening positions, adjusting language, or even creating the impression of agreement before it fully exists.

These are not minor technicalities and cut directly to the credibility of the mediation, raising questions about whether Pakistan is genuinely acting as a neutral intermediary or subtly steering one side in ways that protect its own interests. Recent reports that Pakistan allowed Iranian military aircraft to shelter on its airbases while mediating the crisis have only deepened those questions about how neutral Islamabad’s role really is.

To be sure, keeping talks alive between deeply distrustful parties is never just about relaying information. Each party needs to believe the other is closer to compromise than it may actually be and that walking away would cost more than staying engaged. That same dynamic arguably shaped the secret U.S.-Iran backchannel in Oman that eventually led to the 2015 nuclear deal, as well as the Doha talks with the Taliban, where mediators often kept all sides at the table despite deep mistrust and repeated breakdowns. In both cases, progress depended as much on managing expectations as on the formal terms themselves. Munir’s role is to sustain that belief long enough for it to become real progress. This means deciding not only what to say, but what to hold back, and when.

That is also where things can go wrong.

Every message Pakistan transmits – including every adjustment in framing, tone, or timing meant to speed up or slow down the talks – shapes expectations. Once set, those expectations become difficult to reverse. If either side concludes it has been misled, whether intentionally or not, trust will collapse quickly. At that point, Pakistan would not simply lose its role as mediator but become part of the problem, with consequences for itself.

This is the quiet gamble at the heart of Munir’s approach. The same skills that make him effective today also carry real risks for Pakistan. If talks succeed, Munir will take the credit. If they fail, questions about what was said, what was promised, and who understood what will come quickly.

There are already early warning signs. A recently canceled follow-up visit by a U.S. delegation to Pakistan suggests growing impatience in Washington and possibly a shift away from Pakistani mediation toward other channels. If that holds, it could quickly weaken Pakistan's position as both broker and venue.

For Pakistan, stepping into this role is also nakedly transactional. Years of economic pressure, declining diplomatic relevance, and internal security challenges have pushed the country to the margins. Acting as the bridge between Washington and Tehran changes that, bringing renewed visibility, greater leverage, and potential economic and security gains. If Pakistan becomes essential to managing the crisis, it becomes harder to ignore.

That is not cynicism but how diplomacy works. Countries with something to gain from a crisis tend to move quickly to stay in the game. The question is not whether Pakistan has interests, but whether they will remain aligned with easing tensions. For now, they appear to be, though alignment in crises rarely stay fixed for long and could change quickly.

As the situation grows more fragile, Pakistan also appears more exposed than it did just weeks ago. Iran's public and private signals remain inconsistent, likely reflecting internal divisions within its leadership. At the same time, Washington’s patience seems to be thinning. The Trump administration’s decision to step back from another round of talks in Islamabad has made it harder for Pakistan to sustain the illusion that progress is within reach.

The risks for Pakistan are becoming clearer. If Iran begins to see Munir as too closely aligned with Washington, trust could disappear quickly. If Washington demands results Pakistan cannot deliver, pressure will mount just as fast. And if the ceasefire collapses altogether, Pakistan will feel the consequences first, both across its economy and within its fragile internal security environment.

There is also a deeper, less visible risk. Every conversation Munir facilitates, every message passed, and every signal exchanged creates a record. If talks fail, both Washington and Tehran will look for explanations—and Pakistan, having placed itself at the center, will be an obvious place to look. A mediator who simply transmits messages generally carries limited exposure, but one who shapes them carries far more.

None of this diminishes Pakistan’s role in helping keep a dangerous situation from getting worse. That alone explains why both Washington and Tehran continue returning to Islamabad – even when frustrated, sometimes with Pakistan itself. But this moment also highlights a broader reality: influence today is not simply about size or formal authority, but about being useful at the right moment, having the right access, and being willing to absorb the risks that come with it.

Right now, Pakistan has all of that and has made itself central to what comes next. It may not resolve the U.S.-Iran conflict or even hold the ceasefire together, but it has succeeded in making itself difficult to bypass while accepting the risks that come with it. In a crisis dominated by public statements, Pakistan is working to shape outcomes quietly from behind the scenes, whether that ultimately stabilizes the situation or drives it closer to collapse.

And that risk runs straight through Munir. His profile is a strength – for now. But in crises like this, proximity to success also means proximity to blame. To sit at the center of brokering a deal is to share in its outcome, good or bad. The same “favorite general” helping hold the line today could just as easily become tomorrow’s scapegoat, with consequences for Pakistan itself.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Congress Faces a Growing Blind Spot in the Pentagon’s Expanding Budget

OPINION -- “That brings me to a concern I want to put on the record. In addition to the billions requested for the F-35 [fighter-bomber] enterprise, several of these programs I consider highest priority are being funded through the mandatory [reconciliation bill] request -- $17.5 billion for Golden Dome [anti-missile system], $7.7 billion for air moving-target indicator, $4.6 billion for munitions equipment, and $3.9 billion for space data network. Mandatory funding [via the reconciliation bill] bypasses the annual appropriations process, which is how Congress exercises its oversight responsibility. If these programs are as critical as the [fiscal 2027] budget request suggests, and I believe they are, then they deserve all the full scrutiny and sustained attention that we on the appropriations process provide.”

That was Rep. Ken Calvert (R-Calif.), Chairman of the House Appropriations Defense Subcommittee, during his opening statement at the April 30, hearing called to go over the fiscal 2027 budgets for the U.S. Air Force (USAF) and Space Force (USSF).

There are two reasons I’m focusing on this Appropriations Subcommittee hearing.

One is because the session was cut short after 53 minutes so members could take part in a House floor vote, but then the hearing was not resumed. When the hearing adjourned, only seven of the 13 subcommittee members present had their five minutes to ask questions, although they were at the end given an opportunity to submit questions in writing.

This was one more example of a House subcommittee just not playing its assigned Constitutional role, but a questionable remedy exists which I will discuss further below.

Equally important, as Calvert pointed out above, the Trump administration is playing around with the normal defense budget process, based on what the House and Senate let them do last year when Congress passed an $839 billion fiscal 2026 Defense Appropriations Bill, but then added another $152 billion for defense in the so-called “one, big, beautiful” reconciliation bill.

This year, as part of the Trump administration $1.5 trillion request to fund the Defense Department (DoD) next year, the Pentagon has planned for $1.15 trillion being inside the base budget, with an additional $350 billion coming from a proposed additional second round of reconciliation bills.

By putting that $350 billion in a later reconciliation bill, the administration seeks to avoid the need for 60 votes for passage in the Senate, which regular legislation would require, but the reconciliation bill needs only a majority vote.

Over at the Senate Armed Services Committee that same day, April 30, Sen. Angus King (I-Maine) brought up the reconciliation idea with Defense Secretary Pete Hegseth, who was testifying about the fiscal 2027 DoD budget.

King asked Hegseth, “Why do we suddenly have a two-part [DoD] budget where this committee and the Congress generally has oversight and input to a process where a quarter of the [DoD] budget [the part in the reconciliation bill] is essentially a slush fund?”

Hegseth responded, “I wouldn't characterize a quarter of it as a slush fund, but I recognize that we see it in totality as a $1.5 trillion budget separation.” Hegseth then unsuccessfully tried to explain by adding, “Why the two pieces…why there are multiple vehicles, but we are fully committed with working with the committee to ensure that the right vehicles are utilized to get precisely this amount $1.5 trillion.”

Meanwhile, there is another chance for the House Appropriations Defense Subcommittee members to ask questions about the DoD fiscal 2027 budget today when Hegseth, Joint Chiefs Chairman Gen. Dan Caine and Acting Assistant Defense Secretary (Comptroller) Jules W. Hurst III appear before them to review the $1.5 trillion DoD budget request.

However there will be a time constraint.

It turns out that the Senate Appropriations Defense Subcommittee also is scheduled to hold its hearing today, May 12, with the same witnesses. The House subcommittee hearing is set for 8 a.m. this morning in a room in the Rayburn House Office Building. The Senate group is scheduled to begin at 10:30 a.m. in a room in the Dirksen Senate Office Building, on the other side of Capitol Hill.

I must point out that at best the House Defense Subcommittee members will have much less than 90 minutes for questions, and if all 18 members show up not all will get their allotted five minutes to ask anything. That is not worthwhile oversight.

Remember the 53 minute House Defense Subcommittee meeting where only seven asked questions? They were only dealing with an Air Force fiscal 2027 budget of $339 billion, which by the way is 38 percent greater than this year. Those same members today will be trying to cover questions about a $1.5 trillion DoD budget that is 40 percent larger than the current one.

Having read all testimony from that shortened April 30 session on the fiscal 2027 Air Force budget, I think the public needs to know more about the sixth generation F-47 which is to be the future world’s most stealthy and lethal fighter. Last year, Boeing won a $20 billion contract to build 185 of them. They will exceed Mach 2 in speed, which is twice the speed of sound and faster than 1,500 miles-per-hour with a combat radius of 1,000 nautical miles.

The F-47s are also designed so that their pilots will be the in-the-air directors of up to eight unmanned AI-driven drones, named by the Air Force Collaborative Combat Aircraft (CCAs). According to what Air Force Secretary Dr. Troy E. Meink told the subcommittee back on April 30, the F-47 “and its integration with autonomous CCA represents a generational leap in combat capability that will redefine the battle-space.”

Meink said, “We are allocating over $5 billion in fiscal year 2027 for F-47 engineering and manufacturing development. The USAF is investing $1.4 billion for CCA testing and development, which puts us on a direct path to procure over 150 CCA by the end of the [five year] Future Years Defense Program, rapidly scaling our combat mass.”

How is all of that progressing?

But one question that needs to be asked at today’s hearings with Hegseth is what’s the reason for dividing the $1.5 trillion budget up in the first place?

At the end of the shortened House subcommittee April 30 hearing, Rep. Joe Morelle (D-N.Y.) asked Air Force Secretary Meink if the division of the DoD budget was “a one year anomaly, or is the Department planning to continue to shift defense funding into mandatory accounts [reconciliation bills] going forward, which would give this committee [House Appropriations] far less oversight over defense spending.”

Meink at first said, “We are always happy to come down and walk through with you how we’re spending the resources, fully transparent, whether it’s reconciliation or in the base budget.”

When Morelle persisted and asked about “the out years,” Meink replied, “I can’t speak to the level of conversation or the [Trump administration] strategy going forward Congressman.”

To which Morelle said, “Let me just say this, and then I’ll yield back…I think this is a dangerous precedent. I think Article One [of the Constitution which established Congress] responsibilities and the role that is vested in this committee to do oversight – I’m a new member [of the subcommittee] – but I think this is really important, not only for congressional integrity and for congressional responsibilities and prerogatives for the American people.”

I agree.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Confidence, Interoperability, and the Limits of U.S. Decision Systems

OPINION -- In recent months, U.S. policy debates have increasingly acknowledged that the decisive contests of the 21st century will not be fought primarily on conventional battlefields. They will be fought in the cognitive domain, through influence, perception, legitimacy, and decision velocity. This recognition is important and depends on an adequate technical and institutional layer to deliver durable strategic advantage.

Cognitive advantage cannot be declared. It must be engineered. Today, the United States does not lack data, expertise, or analytic talent. What it lacks is decision-shaping architecture capable of producing consistently high-confidence strategic judgment in complex, adaptive environments. The result is a persistent gap between how confident U.S. decisions appear and how reliable they are - especially in Gray Zone conflicts where informal networks, narrative control, and societal resilience determine outcomes long before failure becomes visible. Afghanistan was not an anomaly. Nor will it be the last warning.

The Confidence Illusion

In U.S. national security discourse, the phrase “high confidence” carries enormous weight. It signals authority, rigor, and analytical closure. Yet extensive research into expert judgment, including studies of national-security professionals themselves, shows that confidence is routinely mis-calibrated in complex political environments.

Judgments expressed with 80–90 percent confidence often prove correct closer to 50–70 percent of the time in complex, real-world strategic settings. This is not a marginal error. It is a structural one.

The problem is not individual analysts. It is how institutions aggregate information, frame uncertainty, and present judgment to decision-makers. While pockets of analytic under confidence have existed historically, recent large-scale evidence shows overconfidence is now the dominant institutional risk at the decision level.

Recent U.S. experience from Iraq to Afghanistan suggests that institutional confidence is often declared without calibration, while systems lack mechanisms to enforce learning when that confidence proves misplaced. In kinetic conflicts, this gap can be masked by overwhelming force. In Gray Zone contests, it is fatal.

Afghanistan: Studied Failure Without Learning

Few conflicts in modern U.S. history have been studied as extensively as Afghanistan. Over two decades, the U.S. government produced hundreds of strategies, assessments, revisions, and after-action reviews. After the collapse of 2021, that effort intensified: inspector general reports, departmental after-action reviews, congressional investigations, and now a congressionally mandated Afghanistan War Commission.

The volume of analysis is not the problem. The problem is that these efforts never coalesced into a unified learning system. Across reports, the same lessons recur – misjudged political legitimacy, overestimated partner capacity, underestimated informal power networks, ignored warning indicators, and persistent optimism unsupported by ground truth. Yet there is no evidence of a shared architecture that connected these findings across agencies, tracked which assumptions repeatedly failed, or recalibrated confidence over time.

Lessons were documented, not operationalized. Knowledge was archived, not integrated. Each new plan began largely anew, informed by memory and narrative rather than by a living system of institutional learning. When failure came, it appeared suddenly. In reality, it had been structurally prepared for years.

Reports Are Not Learning Systems

This distinction matters because the U.S. response to failure is often to commission better reports. More detailed. More comprehensive. More authoritative. But reports - even excellent ones - do not learn. Learning systems require interoperability: shared data models, common assumptions, feedback loops, and mechanisms that measure accuracy over time. They require the ability to test judgments against outcomes, update beliefs, and carry lessons forward into new contexts. Absent this architecture, reports function as historical records rather than decision engines. They improve documentation, not confidence. This is why the United States can spend decades studying Afghanistan and still enter new Gray Zone engagements without demonstrably higher confidence than before.

Asking the Wrong Questions

The confidence problem is compounded by a deeper analytic flaw: U.S. systems are often designed to answer the wrong questions. Many contemporary analytic and AI-enabled tools optimize for what is verifiable, auditable, or easily measured. In the information domain, they ask whether content is authentic or false. In compliance and due diligence, they ask whether an individual or entity appears in a registry or sanctions database. In governance reform, they ask whether a program is efficient or wasteful. These questions are not irrelevant, but they are rarely decisive.

Gray Zone conflicts hinge on different variables: who influences whom, through which networks, toward what behavioral effect. They hinge on informal authority, narrative resonance, social trust, and the ability of adversaries to adapt faster than bureaucratic learning cycles.

A video can be authentic and still strategically effective as disinformation. An individual can be absent from any database and still shape ideology, mobilization, or legitimacy within a community. A system can appear efficient while quietly eroding the functions that sustain resilience. When analytic systems are designed around shallow questions, they create an illusion of understanding precisely where understanding matters most.

DOGE and the Domestic Mirror

This failure pattern is not confined to foreign policy. Recent government efficiency initiatives-often grouped under the banner of “Department of Government Efficiency” or DOGE - style reforms - illustrate the same analytic tendency in domestic governance. These efforts framed government primarily as a cost and efficiency problem. Success was measured in budget reductions, headcount cuts, and streamlined processes.

What they largely did not assess were system functions, hidden dependencies, mission-critical resilience, or second-order effects. Independent reviews later showed that efficiency gains often disrupted oversight and weakened essential capabilities - not because reform was misguided, but because the wrong questions were prioritized. DOGE did not fail for lack of data or ambition. It failed because it optimized what was measurable while missing what was decisive. The parallel to national security strategy is direct.

Why Gray Zone Conflicts Punish Miscalibration

Gray Zone conflicts are unforgiving environments for miscalibrated confidence. They unfold slowly, adaptively, and below the threshold of overt war. By the time failure becomes visible, the decisive contests - over legitimacy, elite alignment, and narrative control - have already been lost.

Adversaries in these environments do not seek decisive battles. They seek to exploit institutional blind spots, fragmented learning, and overconfident decision cycles. They build networks that persist through shocks, cultivate influence that survives regime change, and weaponize uncertainty itself. When U.S. decision systems cannot reliably distinguish between what is known, what is assumed, and what is merely believed, they cede cognitive advantage by default.

What “90 Percent Confidence” Actually Means

This critique is often misunderstood as a call for predictive omniscience. It is not.

According to existing standards, No system can achieve near-perfect confidence in open-ended geopolitical outcomes. But research from forecasting science, high-reliability organizations, and complex systems analysis shows that high confidence is achievable for bounded questions - if systems are designed correctly.

Narrowly scoped judgments, explicit assumptions, calibrated forecasting, continuous feedback, and accountability for accuracy can push reliability toward 90 percent in defined decision contexts. This is not theoretical. It has been demonstrated repeatedly in domains that take learning seriously. What the U.S. lacks is not the science or the technology. It is the architecture.

Cognitive Advantage Requires Cognitive Infrastructure

The central lesson of Afghanistan, Gray Zone conflict, and even domestic governance reform is the same: data abundance without learning architecture produces confidence illusions, not advantage.

Cognitive advantage is not about thinking harder or collecting more information. It is about building systems that can integrate knowledge, test assumptions, recalibrate confidence, and adapt before failure becomes visible.

Until U.S. decision-shaping systems are redesigned around these principles, the United States will continue to repeat familiar patterns - confident, well-intentioned, and structurally unprepared for the conflicts that matter most. The warning is clear. The opportunity remains.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

When a Charismatic and a Machiavellian Meet

ANALYSIS -- President Trump will visit Beijing later this month for the first time in almost a decade. As a former CIA clinical psychologist, I have conducted many remote assessments of world leaders. I believe this summit presents both great opportunities, and great dangers. Not just because of the economic and political stakes, but because of the highly divergent personalities and styles of leadership of the two Presidents.

Xi’s is a cool-headed introvert, whose political superpower is his iron Machiavellian detachment. This type of leader does not allow himself the pleasures of living within commonplace morality, considering this a form of “feel good” self-indulgence a failure in leadership. According to the code described by Machiavell, a Prince (and Xi is the quintessential Red Prince) puts the needs of his City States ahead of all other considerations. The Machiavellian’s task is to perpetually scan, detect, and then eliminate opponents and threats that stand in the way of a strategically advantageous future. Xi’s combination of detachment, attention to detail and abstinence regarding human needs makes him a formidable foe in conflict or negotiations.

Trump has a “hot” extraverted personality. He draws energy from those around him, is attuned to their moods and needs, and automatically seeks to connect with crowds. A true individualist – the quintessential American Maverick – Trump is a fearless instinctive leader with extraordinary charismatic skill. Trump is preternaturally able to grasp the mood of crowds and engage them. He noted in the press conference he gave immediately after a third thwarted assassination attempt that leaders with “the most impact” are commonly targeted by assassins. It is true that extremely talented charismatic leaders such as Trump, Lincoln, Kennedy, Shinzo Abe, Martin Luther King, and Ghandi are loathed as much as they are loved. These types of leaders engage emotions, good or ill, within the collective unconscious of their supporters and detractors.

When a gifted political charismatic such as President Trump is paired in negotiation with an equally gifted Machiavellian such as President Xi, history-making deals may happen. So too can epoch-defining disasters occur. The summit between Mao and Nixon comes to mind as a world-changing success story. Close observer of both past and present summit might quip the history has flipped which country brought a charismatic (or narcissistic) leader and which a Machiavellian (or paranoid) to the table.

Hitler, Chamberlan, and Stalin come to mind in regard to historical catastrophes when leaders with striking difference in personality. Hitler, though unhinged, poorly educated, and seething with genocidal hatred, possessed extraordinary charismatic talent. He was able to deceive classically educated, upper-crust British Prime Minister Neville Chamberlain, as scrupulous man who disdained popularity or glamour, into believing that the Munich agreement would bring “peace in our time.” Hitler managed the same trick with Stalin, who was Hitler’s equal in bloodlust, paranoia, and ruthlessness, but more cunning and detached rather than deranged. The two signed a non-aggression pact that Hitler broke.

Xi and Trump appear to share a consensus that the current post WW-II rule-based order is inimical to their goals. Each may believe that it is time to negotiate a new set of rules for a world order and believe this falls to them because of their positions as co-equals in world power; Trump has referred to a “G-2” with China. However, both also believe that a leader can only dictate international relations if their domestic power is secured and seen to be untouchable, because anything less than a full “hands off” respect from a political counterpart implies that any deals made are shaky. Hitler did not hesitate to break a deal he made with his ostensibly inferior counterpart.

Both Xi’s and Trump’s political ethics and values are founded on dealmaking. A leader destroys his enemies by making them friends – or at least, by making a frenemy who has an equal share of power that allows the negotiation of lasting deals. Both Xi and Trump believe they have unique mastery of the logic as well as the unconscious dynamics of power. In their calculations, the weak and vulnerable in society are not necessarily forgotten but protected and looked after; however, power is not shared with the powerless.

As demonstrated in their respective “big, beautiful [military] parades” both men love to put on a grand performance. A showman at heart, Trump puts himself in the center of the action and loves the unmediated, moment-by-moment audience reactions. Xi is a master behind-the-scenes director, who is essentially an orchestrator and always a watcher, not an immersive participant. Xi composes spectacles of great precision and complexity.

Ultimately, both men are driven by urgency to protect and restore the historic “spirit” of their cultures, seeming to believe that they were chose by fate for highest office. One’s call to action is: “The Great Rejuvenation of the Chinese Nation” and the other’s slogan is “Make American Great Again.” Both believe in the exceptionalism and manifest destiny of their nations. Is it possible for both men to be right?

Xi and Trump may be an odd couple in world leadership, but we must remember they are part of a very exclusive club whose only members are the two most indisputably powerful men on earth. Within this exclusivity, they understand each other very well, share surprising similarities, and some dangerous differences.

Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

I just want to read the news

Get the news and only the news!

Guardian

Back to top

Kaupunki

Back to top

Yle

Back to top

CNN

Back to top

Hesari

Back to top

Al Jazeera

Back to top

New York Times

Back to top

Reuters

Back to top

NPR

Back to top

The Cipher Brief

The Proposal: Beyond RGB

The Approach: "The Unified Latent Space"

The Outcomes: What Does This Give Us?

The Intelligence Use Cases

Conclusion

Ambassador Joseph DeTrani

Rear Adm. (Ret.) Mike Studeman

Back to top