Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Director’s note: Closing the frontier AI gap

President Donald Trump and Chinese premier Xi Jinping at the Temple of Heaven in Beijing on May 14, 2026. (White House photo)
By Frank Cilluffo

Dear readers,

Are frontier AI models and similar advances catapulting forward so fast that labs should agree to take a step back, even as a purportedly safer version of Mythos makes its debut? Anthropic called for this, warning that a point at which AI can build itself “is not inevitable” but “could come sooner than most institutions are prepared for.” As Bradley Olson and Sam Schechner reported at The Wall Street Journal, the company proposed a global agreement on how to potentially slow development and a mechanism for verifying that competitors are respecting it. Dana Nickel and Maggie Miller reported at POLITICO, however, that as Washington races to establish guardrails around increasingly capable AI models, policymakers are confronting an uncomfortable reality: China may be closing the gap faster than many anticipated.

At the White House, a new National Security Presidential Memorandum directs agencies to procure and integrate advanced AI models, and “develop partnerships with willing private-sector companies to help secure America’s most cutting-edge AI technologies.” The NSPM “reflects a growing view inside the White House that U.S. security agencies are moving too slowly to adopt frontier AI tools, even as the evolving technology improves rapidly and rivals like China seek ways to craft their own versions,” David DiMolfetta reported at Nextgov/FCW. Taken together, these developments suggest policymakers are beginning to move beyond abstract debates about AI safety and toward a more practical question: how to responsibly provide defenders with access to powerful capabilities before adversaries exploit them first.

The global cybersecurity community faces a critical inflection point as frontier AI models emerge as dual-use tools for adversaries and defenders alike. On this week’s Cyber Focus, I sat down with Palo Alto Networks Vice President for Global Policy Daniel Kroese, a McCrary Institute senior fellow and former CISA official, to break down the strategic implications of the recently released executive order on advanced AI assessment and deployment. With the industry currently operating within an urgent three- to five-month window to harden systems before foreign adversaries are expected to operationalize comparable capabilities at scale, we discussed practical defensive scaling for resource-poor entities, condensing traditional red-teaming timelines and dramatically shrinking enterprise incident response times, rethinking risk management, the upcoming deluge of vulnerabilities and the threat from Beijing.

Conflict across the Gulf region has highlighted threats to AI infrastructure as Iran’s attacks have hit a handful of data centers. Jason Vogt and Nina A. Kollars wrote at the Modern War Institute at West Point that these strikes “indicate that a broader strategic shift is already underway” putting these large, fixed targets that are interconnected with other critical infrastructure in the crosshairs. “Data centers are now key terrain, and military commanders need to consider not just how best to leverage them to create opportunities but also how to defend them during conflict,” they wrote.

This and other critical infrastructure would get sector-specific updated cybersecurity plans under new legislation introduced by Sen. Mark Warner. The Combat Emerging Threats to Critical Infrastructure Act of 2026 would ensure the updated plans account for threats such as AI-enabled hacking and deepfakes, David DiMolfetta reported at Nextgov/FCW, and would require CISA to work with the Treasury Department on a process for assessing whether future quantum computers could undermine encryption used to protect digital assets.

Collaboration will be a cornerstone of U.S. Cyber Command’s new Cyber Warfare Innovation Center, one of three enabling organizations under the Pentagon’s CYBERCOM 2.0 plan. As Mark Pomerleau reported at Breaking Defense, the center will pair operators and members of industry side by side in order to drive faster capabilities and tactics – “forging this direct link between those who build the tools and those who wield them,” according to Assistant Secretary of Defense for Cyber Policy Katie Sutton.

And a cornerstone of space security for nearly six decades may be approaching a breaking point. Tim McMillan reported at The Debrief on a study that argues the 1967 Outer Space Treaty is inadequate for an era of commercial spaceflight, global political instability and growing militarization of orbit. The weaponization of space is underscored by recent events suggesting that Russian satellites could jam GPS on a continental scale, Jeremy Hsu reported at Ars Technica. Russian satellites have been identified as the cause of mysterious, seconds-long bursts of GPS interference across Europe, but uncertainty still hangs over whether such interference is intentional and if it could be more powerfully weaponized as GPS jamming with continental reach in the future, Hsu writes.

This week by the numbers:

  • Just 22% of chief technology officers say students – the cyber weak link – at their institution receive adequate cybersecurity training. By comparison, 68% say faculty and staff receive adequate training and another 70% say their institution’s leadership prioritizes cybersecurity investments. (Inside Higher Ed)
  • 13 internet domains used to target U.S. persons, including current and former security clearance holders with access to classified and sensitive U.S. government information, were seized by federal authorities. (DOJ)
  • The rate of data breaches at companies that widely use AI tools is significantly higher than the rate at companies that don’t – 43% compared with 11% over the past 12 months. (Cybersecurity Dive)
  • Energy and utilities targets appeared in 66.6% of all observed advanced persistent threat campaigns over the past three months. (Industrial Cyber)
  • 95% of CISOs said they faced pressure to deprioritize or delay reporting of security issues by other parts of the business. As a result, 75% of those surveyed said that their organization had knowingly deployed vulnerable code into a production environment. (Infosecurity Magazine)

Ahead of next month’s release of the 10th Anniversary Edition of Cyber Defense Review, published by the U.S. Army Cyber Institute at West Point, several contributions have been made available online early. The collection brings together some of the leading voices in cybersecurity and national security to examine how the strategic environment is changing – and where longstanding assumptions may no longer be sufficient.

McCrary senior fellow Melissa Hathaway argues that responsible disclosure in the age of AI must evolve from a reactive process into a coordinated national and international resilience effort spanning governments, technology providers, infrastructure operators and emergency responders. McCrary senior fellow and former NSA Director of Cybersecurity Rob Joyce contends that China’s Typhoon campaigns are not routine espionage but deliberate preparations for future conflict – and that U.S. deterrence has fallen short not because of insufficient capability, but because of inconsistent strategy, signaling and resolve. Principal Cyber Advisor to the Secretary of the Army Brandon Pugh outlines four priorities shaping the Army’s cyber transformation, while Acting CISA Director Nick Andersen advocates identifying critical dependencies, prioritizing risk-reduction investments and measuring success through operational outcomes rather than compliance exercises or activity metrics.

In my contribution, “Winning the War, Not Just the Cyber Fight,” I argue that the United States risks preparing for the cyber battles of the past while strategic competition continues to evolve. Cyber power should no longer be viewed as a discrete capability operating on the margins of conflict, but as a core instrument of national power that must be integrated with diplomacy, military operations, intelligence, economic statecraft and critical infrastructure resilience. The ultimate measure of success is not winning individual cyber engagements, but leveraging cyber capabilities to help win the broader strategic competition and, when necessary, the wars of the future.

War Eagle,

Frank Cilluffo

Read More

Click to listen highlighted text!