As global technology competition intensifies, new security risks are emerging. The first publicly reported AI-orchestrated hacking campaign appeared in 2025, and agentic AI systems are expected to reshape the offense-defense balance in cyberspace in the year ahead. More broadly, as AI diffuses through societies, policymakers must grapple with its implications for democracy, human rights, and the distribution of power between states and their citizens.

To make sense of these developments, we asked leading experts to identify key trends they will be watching in 2026 and beyond.

AI Federalism and the Future of U.S. Regulation

Josh Geltzer, Partner in WilmerHale’s Defense, National Security and Government Contracts Practice; Former Deputy Assistant to the President, Deputy White House Counsel, and Legal Advisor to the National Security Council: 

In 2025, the central AI policy debate in Congress revolved around whether to impose a federal “AI moratorium” that would block states from regulating AI for a set period of time. This proposal, strongly supported by the Trump administration, nearly passed as part of the summer’s “Big Beautiful Bill” and later resurfaced in the year-end National Defense Authorization Act, but ultimately failed due to insufficient congressional backing. As an alternative, U.S. President Donald Trump issued a December executive order aimed at limiting the impact of state-level AI laws without full federal statutory preemption. The order directed the Department of Justice to develop ways to challenge state-level AI laws deemed contrary to administration policy and, furthermore, instructed executive branch agencies to withhold certain funds from states maintaining AI regulations viewed as restrictive. It also committed the White House to draft a legislative framework for a uniform federal AI policy that would preempt state laws, while preserving state authority over issues like child safety, data center infrastructure, and government AI procurement.

Looking ahead to 2026, the debate is shifting from whether to “preempt something with nothing” to whether to “preempt something with something.” In other words, the key question will no longer be about eliminating state AI laws—which continue to proliferate—without a federal substitute, but will instead become about replacing them with a concrete federal regulatory framework. This change fundamentally alters the conversation: both supporters and critics of the 2025 moratorium must recognize that preemption with a substantive policy is a different proposition from preemption without one. What that federal framework will actually look like remains uncertain, but its details will be critical in determining the level of support for renewed legislation. The bottom line: expect a very different—and potentially more consequential— discussion about federalizing AI law in 2026.

David S. Rubenstein, James R. Ahrens Chair in Constitutional Law and Director of the Robert J. Dole Center for Law and Government at Washburn University School of Law:

The biggest AI federalism story of 2026 will not be about algorithms. It will be about silicon and steel. The National Conference of State Legislatures predicts that data centers will be a central legislative concern. While the dominant political narrative focuses on energy affordability and sustainability, the grassroots data center backlash runs deeper. People vote how they feel, and many Americans feel negatively about an AI-driven future. Data centers are vessels for AI anxiety and antipathy toward big tech more generally. This matters for two related reasons. First, the backlash reflects a broad coalition, spanning affordability, sustainability, job security, and corporate accountability. Second, even if energy costs are contained, the backlash probably will not be. For constituents anxious about AI, job loss, and cultural decay, blocking a local land-use permit or a corporate tax credit is how their voices will be heard.

Beyond infrastructure, states will continue to regulate AI itself. However, comprehensive AI acts are losing momentum. Colorado’s flagship law illustrates why. Originally passed in 2024, Colorado’s AI Act was designed to regulate AI discrimination across employment, housing, healthcare, and more. As the effective date approached, however, Colorado’s Governor and Attorney General backed the industry’s effort to gut the law. Instead, the Colorado legislature delayed the effective date to mid-2026, and future setbacks are likely. States are now pivoting to more targeted approaches, focusing on high-risk applications and legacy sectors. AI chatbots, for example, are in the legislative crosshairs, following headline news that linked chatbots to suicide, defamation, and deception. In 2026, states likely will respond with transparency laws, age-gating, and other guardrails. Pricing algorithms are also on the agenda. Some states may take a general approach, for example, by amending antitrust codes. But most states will seek to regulate price-setting algorithms in specific domains, like housing and insurance. Meanwhile, major legislation enacted in 2025 will take effect this year, including California’s “companion chatbot” law and Illinois’ employment-decision protections.

None of this sits well with the Trump administration. Acceleration and deregulation are twin pillars of the White House’s domestic AI agenda. Most recently, Trump issued an executive order to limit state AI laws through a multi-pronged approach: litigation, federal funding conditions, and regulatory preemption. The order’s ambition makes it legally vulnerable. The executive branch cannot unilaterally preempt state law without a delegation from Congress. Nor can the executive branch impose spending conditions that Congress itself rejected. Agencies will be hard-pressed to demonstrate otherwise in court. Legal issues aside, the order is politically tone-deaf. By large margins, Americans favor AI regulation. States are delivering. The federal government has not. Expect more of the same in 2026.

Losing Control of Autonomous Cyber Operations

Brianna Rosen, Executive Director of the Oxford Programme for Cyber and Technology Policy; Senior Fellow and Director of the AI and Emerging Technologies Initiative at Just Security: 

The emergence of highly autonomous cyber capable agents represents a qualitative shift in the threat landscape that existing governance frameworks are ill-equipped to address. Unlike AI systems that assist human operators, these agents can identify vulnerabilities, develop exploitation strategies, and execute intrusion campaigns with minimal human oversight. The GTG-1002 campaign disclosed last year offered an early glimpse of this future, but the systems now under development by both state and non-state actors will be far more sophisticated.

The governance challenge is twofold. First, attribution becomes significantly harder when autonomous agents can be deployed at scale, adapt their tactics in real time, and obscure their origins. Traditional deterrence models assume adversaries can be identified and held accountable; that assumption is eroding. Second, the speed of autonomous operations may compress decision cycles to the point where meaningful human control becomes impractical. An agent that can move from reconnaissance to exploitation in minutes leaves little room for deliberation.

These dynamics have implications beyond cybersecurity. Highly autonomous agents operating in other domains, from financial markets to critical infrastructure management, raise similar questions about accountability, control, and escalation risk. Policymakers in 2026 will need to move beyond sector-specific frameworks toward a more integrated approach to autonomous systems governance, one that addresses the underlying capabilities rather than their application in any single domain. The forthcoming U.S. cybersecurity strategy and ongoing discussions among allies about AI security cooperation offer opportunities to begin this work, but only if governments are willing to grapple with the harder questions about autonomy, speed, and control that these systems pose.

Teddy Nemeroff, Co-Founder of Verific AI; Former Director for International Cyber Policy on the National Security Council staff:

In 2026, agentic AI will play a decisive role in determining the balance between offense and defense in cyberspace. Last year saw the first publicly reported AI-orchestrated hacking campaign, perpetrated by Chinese state-sponsored cyber actors. Although the campaign used unsophisticated hacking tools and only compromised a handful of the approximately 30 organizations targeted, it provided a proof of concept for how AI could be used to automate 80 to 90 percent of hacking operations. This year, AI-orchestrated hacking campaigns will become the norm. Cyber criminals and states like Russia, Iran, and North Korea will adopt similar approaches, increasingly using agentic capabilities to run their own campaigns.

On the other hand, agentic AI will drive new innovations in cyber defense in 2026—from AI-enabled penetration testing to automated incident response. A key question will be how quickly these innovations can be implemented in cybersecurity products and distributed to owners and operators especially in key critical infrastructure sectors. This time lag will almost certainly give hackers the advantage in the short term, and that advantage may be overwhelming for under-resourced entities, like schools and hospitals, as well as poorer countries with weaker cyber defenses.

In addition to being a tool that cyber attackers and defenders use, in 2026, AI will increasingly shape the landscape in which they compete. As companies integrate AI capabilities into their enterprise systems, this will create new vulnerabilities that adversaries will seek to exploit and defenders must address—from prompt injection attacks to data exfiltration from AI systems. The widespread adoption of AI coding tools will also shape the cybersecurity environment in 2026, as hackers increasingly exploit weaknesses in hastily produced “vibe coded” software. On the other hand, experts hope AI can ultimately reduce software vulnerabilities through better pre-release testing and by lowering the cost to re-write flawed code in legacy technology used to operate many critical infrastructure systems today.

The White House is expected to issue a new cybersecurity strategy in January 2026—one that is expected to feature a heavy emphasis on offensive cyber and deterrence. This will provide an important signal as to how the Trump administration plans to address these challenges in the coming year.

U.S.-China Competition Accelerates Across the Tech Stack 

Martijn Rasser, Vice President of the Technology Leadership Directorate at the Special Competitive Studies Project:

In 2026, the transition from large language models to agentic AI—systems capable of autonomous reasoning and real-world execution—will redefine the stakes of technology transfer. We have moved from information risks to functional risks. Because agentic systems require vast, low-latency compute to manage industrial supply chains, cyber operations, and financial markets, the underlying hardware is no longer merely a commodity; it is the physical infrastructure of sovereignty.

To protect this infrastructure, the United States must move past the strategic myth that selling mid-tier hardware to adversaries ensures dependency. History and current industrial policy suggest the opposite: providing frontier compute to strategic rivals only provides the scaffold they need to train indigenous models and bridge the gap toward self-sufficiency. In 2026, economic security requires building a high fence around the entire compute stack. The goal of export controls should not be to keep adversaries addicted to U.S. technology, but to ensure that the most capable agentic frameworks—those that can disrupt global markets or automate high-speed cyber warfare—remain a privileged asset of the democratic world.

True diffusion should be a strategic reward for allies, not a commercial compromise with rivals. By strictly limiting compute access for adversaries while building a secure, high-capacity compute-as-a-service architecture for trusted partners, the United States can lead a coalition that ensures the rules of the road for autonomous agents are set in Washington, London, and Tokyo—not Beijing. In this new era, U.S. security lies in maintaining America’s technological lead, which should not be compromised for the sake of profit.

Geoffrey Gertz, Senior Fellow in the Energy, Economics, and Security Program at the Center for a New American Security; Former Director for International Economics at the White House: 

Over the course of 2025, the United States and China rapidly escalated trade and tech restrictions toward each other, then negotiated to roll them back. By the end of the year, the superpowers had established a fragile détente, with the Trump administration refraining from imposing new export controls or sanctions to retaliate for China’s cyberespionage out of fears of upsetting this shaky truce. The result is a quiet sea change in U.S. economic security policy. After years of steady progress on the China derisking policy agenda—marked by new controls on dual-use technology exports, outbound investments, and the transfer of sensitive personal data—at the outset of 2026 the Trump administration has effectively paused any new competitive actions toward China.

The trend to watch this year is how long this truce will last, and what happens to the U.S. tech protection agenda in the meantime. The Commerce Department recently withdrew plans to restrict the import of Chinese drones and the White House opted not to introduce any significant new tariffs on semiconductors. Yet even as the Trump administration studiously avoids new tech restrictions that might destabilize the status quo, other parts of the government may have an incentive to act. Late last year, Congress passed a law that codified and expanded the outbound investment rules, and there are ongoing legislative efforts to strengthen U.S. chip controls. Meanwhile the Federal Communications Commission (FCC), a regulatory agency (debatably) independent of the administration, may  step in where the Commerce Department is stepping back: in late December the FCC issued its own rule restricting the import of foreign drones. Unlike Commerce’s proposed approach, the FCC rule applies to foreign drones from any country, rather than explicitly targeting China, perhaps in an effort to avoid provoking Chinese retaliation. This may become a model for additional new restrictions.

Ultimately, the current U.S.-China truce is likely to break down at some point, whether due to a miscalculation, unforeseen shock, or simply because one side or the other determines it no longer serves its interests. At that point the floodgates may open on new tech restrictions, as the various constituencies in favor of more rapid derisking seek to make up for lost time. Any companies making business decisions on the assumption the current détente truly represents a break in the longer-term trend of heightened geoeconomic competition may be disappointed.

Scott Singer, Fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace; Co-Founder of the Oxford China Policy Lab:  

In 2026, general-purpose AI systems will begin to transform major economies and societies in more tangible, noticeable, and irreversible ways than we have seen before. Yet backlash will intensify, creating new and more potent coalitions to rein in AI. The United States and China will be ground zeroes for both these phenomena, with trends operating in parallel but taking shapes under two very different national systems.

AI systems continue to advance in both technical capacity and real-world utility. In late 2025, tools like Claude Code enabled AI-savvy users with no coding experience to fully automate a range of computer-based tasks. With Washington and Beijing both hoping to diffuse such tools throughout their economies, 2026 will showcase a race between the relatively laissez-faire U.S. approach and China’s top-down, whole-of-society AI+ initiative. At the same time, both countries are simultaneously grappling with AI risks that are no longer speculative but clearly present. China will begin implementing its recently published interim guidelines on “human-like” AI interaction services, responding to growing social concerns about emotional dependence and addiction. Meanwhile, parallel anxieties have crystallized in the United States around child safety, companion chatbots, and the ethics of rapid AI development, with bipartisan congressional calls for child safety legislation. Additionally, California has passed laws targeting companion chatbots.

As AI capabilities diffuse more broadly in 2026, expect to see new stakeholder coalitions emerge in both countries demanding governance frameworks that address growing harms. In the United States, the pro-regulatory coalition may include populists of the right and left, labor, parents, Catholics and other religious communities, and civil rights groups. As legislation moves slowly, many will turn to the courts to hold companies liable for AI-related harms. In China, the CCP will enforce its own values and monitor society for grass-roots sentiments that require a response. Beijing will not hesitate to penalize companies if deemed necessary.

Sam Winter-Levy, Fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace:

A year ago, there was something close to bipartisan consensus on AI export controls: the United States should maintain as large a lead as possible over China in advanced chips and prevent Beijing from accessing the hardware needed to train competitive frontier AI systems. That’s still the dominant view in Congress, as well as the national security and AI policy communities. But in the White House, that consensus has collapsed. In December, U.S. President Donald Trump announced he would allow Nvidia to sell its advanced H200 chip to China, in return for the U.S. government receiving a 25 percent cut of the revenue. What was once a set of national security controls off the table for bargaining has become something closer to a pricing negotiation with both Beijing and Nvidia.

The key questions for 2026 center not on whether the Trump administration will maintain this approach, but on how far it will go and what constraints it will face. If the administration greenlights the sale of millions of H200 chips to China, it risks significantly eroding the U.S. compute advantage. But the license requirement remains in place, meaning multiple agencies will have to sign off on license conditions—along with Chinese companies and Beijing. If this process results in significantly limited sales, the effect will be much more muted. Pressure from Congress, where bipartisan concern about AI transfers to adversaries remains strong, may also slow things down.

On the other side of the ledger, how much progress will China make in indigenizing semiconductor manufacturing equipment and scaling domestic chip production—and will the relaxation of U.S. controls slow that drive or give Beijing less incentive to invest? For now, most projections suggest China will continue to struggle to make competitive chips in large quantities. If the administration succeeds in plugging gaps in its semiconductor manufacturing equipment export control regime, which for now it remains committed to, China will face even steeper obstacles. But Washington will need alignment in export restrictions from allies like the Netherlands, Japan, and South Korea, which may be reluctant to bear significant costs enforcing complementary controls now that the United States seems comfortable selling advanced chips to Beijing. If U.S. allies loosen their controls, China’s ability to manufacture high-end chips domestically could improve substantially.

Meanwhile, the competition is broadening. Chinese open-source models are seeing widespread adoption across the Global South, with significant support from the Chinese government—a trend that will accelerate as Beijing scales its domestic chip production. Toward the end of last year, the Trump administration launched its AI exports program to bolster the United States as the global supplier of AI and bring partners into an American-led ecosystem. Together with its newly announced Pax Silica initiative—an attempt to build a “coalition of capabilities” among states in the semiconductor supply chain—it represents one of the administration’s most prominent efforts to marshal public resources to compete internationally with China on AI. For now, both initiatives lack substance. But if the administration follows through with sustained funding and diplomatic engagement, they have the potential to strengthen the U.S. position in what is fast becoming a truly global contest for AI influence.

Lennart Heim, Independent AI Policy & Semiconductors Researcher: 

I will continue to closely watch China’s AI chip ecosystem in 2026. Chinese manufacturers still struggle enormously to produce advanced chips at scale—domestic production remains a small fraction of what the United States and its partners design and manufacture, yields are poor, and their technology nodes lag years behind. This gap has been widening, not closing, as TSMC and other chip manufacturers keep advancing. The key questions I am tracking: How many advanced AI chips will China actually produce domestically this year, and who will buy them? Can China manage to produce high-bandwidth memory domestically, given that the country can no longer import it? I expect this to be a major challenge—China’s production will certainly increase, but from a very low base.

But something has also shifted. In December, the Trump administration approved exports of Nvidia’s H200—the most powerful chip ever cleared for sale to China. With access to high-end foreign chips for domestic use, China might now be able to divert some of its scarce domestic production toward exports, potentially creating tech ecosystem lock-ins abroad. Will China do this, and where will these chips end up?

So far, I am not aware of data centers with advanced Chinese AI chips outside of China. But as the United States pursues major AI infrastructure deals overseas, China faces pressure to promote an alternative tech ecosystem. I will be watching whether China channels domestically produced chips to foreign deployments—or whether Chinese firms might even use their now legally purchased Nvidia chips to compete with U.S. hyperscalers in third markets. China certainly cannot compete on the largest projects with its own chips; they simply are not produced at that scale. But China does not need to match U.S. scale to be strategically relevant. More likely, it might stack modest volumes of AI chips with mobile networking, subsidized financing, and smartphones preloaded with Chinese AI as the default—the whole tech stack. The chip volumes will be limited, but these beachheads matter. As we have seen with other technologies, early deployments can create long-term dependencies if they are strategic.

Quantum Computing’s Industrial Challenge

Constanza M. Vidal Bustamante, Fellow in the Technology and National Security Program at the Center for a New American Security:

​​The United States, China, and Europe are preparing to refresh their national quantum programs in 2026, making this a pivotal year for quantum policy. As quantum sensors and computers move toward real-world utility and nations compete to secure their economic and security advantages, they are converging on a defining challenge: whether their industrial bases and supply chains are ready to support scale.

Despite boasting a world-leading ecosystem of universities and startups, thin and globally dispersed supply chains increasingly constrain U.S. quantum progress. The United States relies heavily on foreign (including Chinese) or fragile single-supplier markets for critical inputs, from precision lasers and cryogenics to photonic materials and advanced microfabrication. Yet less than twelve percent of federal quantum funding supports domestic enabling technologies and manufacturing capacity. Congressional bills and rumored upcoming executive orders signal awareness of some of these gaps, but concrete outcomes remain uncertain, especially as quantum continues to compete for attention with higher-profile policy priorities such as AI and conventional semiconductor manufacturing.

Meanwhile, China’s Fifteenth Five-Year Plan, due this March, is expected to further strengthen its already formidable industrial base by elevating quantum as the top “industry of the future.” And Europe, for its part, is preparing a Quantum Act for release in the second quarter, emphasizing “Made in Europe” industrial capacity and supply chains as part of a broader push for technological sovereignty.

The United States and Europe must take care not to turn their drive for self-reliance into costly fragmentation. Fully indigenizing quantum supply chains on either side of the Atlantic would demand time and investment neither can afford if they hope to stay ahead of China. A more credible path may lie in pooling allied capabilities now to secure trusted sources of critical materials, components, fabrication, and systems, while building domestic capacity over time—an approach reflected in initiatives such as the U.S. Department of State’s Pax Silica framework for AI. Whether the United States and its allies act on this logic in 2026 may determine whether they reap the substantial national security and economic gains of quantum technologies they have long sought—or cede that value to strategic competitors.

An Authoritarian Turn in Tech Policy?

Justin Hendrix, Cofounder and CEO of Tech Policy Press:

In February, heads of state and leaders of industry will gather in Delhi for the AI Impact Summit, the fourth in a series of global conferences that kicked off just one year following the launch of OpenAI’s ChatGPT. The tagline for the event is “Welfare for All, Happiness for All.” While we can expect another measured announcement from the gathered elites about international cooperation towards that goal, the year ahead appears set to more fully reveal what earlier techno-optimism and billions of dollars in marketing have obscured: that under present conditions, AI is more likely, on balance, to undermine democracy and strengthen authoritarianism.

Indeed, where authoritarianism is rising—and that is nearly everywhere, according to the 2025 editions of the Economist Intelligence Unit Democracy Index, the Freedom House Freedom in the World report, and the V-Dem Institute Democracy Report—AI is increasingly a tool of authoritarian control and a threat to democratic systems. OpenAI might be selling “democratic AI,” but as legal scholars Woodrow Hartzog and Jessica Silbey contend, today’s “AI systems are built to function in ways that degrade and are likely to destroy our crucial civic institutions,” which they say includes universities, the free press, and the rule of law itself. That is even before all of the ways AI is being deployed around the world for surveillance, manipulation, and control.

A clinical look at the situation requires adopting a new frame for the new year, and to prioritize interrogating the “tenacious connections” between AI and authoritarianism rather than building more intellectual scaffolding for “responsible AI.” Instead of prioritizing questions like, “How do we regulate tech to ensure a healthier democracy?” we should instead put more effort into answering “How do we preserve space for human agency and resistance in an increasingly authoritarian century?”

This may appear to be a pessimistic reorientation, but it points towards what should be sources of hope: the clear need for solidarity with existing movements for the rule of law, democracy, human rights, social and environmental justice; and the urgency of building alternative public technology infrastructures that are free from both corporate and state control. This is the reorientation that is needed in tech policy beyond simply asking corporations and states to behave more responsibly when it comes to AI.

Petra Molnar, Associate Director of York University’s Refugee Law Lab; Faculty Associate at Harvard’s Berkman Klein Center for Internet and Society: 

I expect a shift in the use of border technologies by Global North states, where surveillance and screening start well before a person reaches a port of entry through increasingly networked systems of social media surveillance, predictive analytics, and automated decision-making. This direction also complements the growth of more automated physical surveillance infrastructure, including autonomous surveillance towers at the U.S.-Mexico border, and additional in-land routine surveillance practices, such as biometric data gathering, app-based verification, and social media monitoring that expand already discretionary decision-making. All these technologies have profound ramifications for people’s human rights and civil liberties, yet governance mechanisms are lacking. While the European Union’s AI Act will likely shape regulatory conversations in 2026 on border technologies, the Act also leaves substantial room for state security rationales and procurement realities to determine what is deployed in practice instead of leading from a rights-protecting perspective at the border.

At the same time, global migration numbers will likely continue increasing in 2026. People in need of protection will continue to flee protracted and new conflicts, exercising their internationally-protected right to seek asylum. But in the current anti-migration political climate, governments will continue pushing for the normalization of surveillance and expanded data collection, with private companies like Anduril, Palantir, and Elbit Systems benefiting from lucrative public-private partnerships in a multi-billion dollar border industrial complex. As such, 2026 may be less about “new” tools—like robo-dogs, iris-scanning orbs and border vigilante apps—and more about existing tools becoming integrated into a continuous data-driven pipeline, from social media and biometrics to automated triage. Practical harms will not only include privacy loss, but also the amplification of discrimination and exclusion through opacity, algorithmic error, chilled speech and association, as well as the weakening of international legal norms.

The post Key Trends that Will Shape Tech Policy in 2026 appeared first on Just Security.

Unceasing attacks came from governments, including the most powerful, as well as from the private sector and non-state groups, pushing agendas in opposition to human rights. Many of these assaults are amped up by technology, with the methods and means becoming ever cheaper and ever more accessible to the masses.

An annual analysis from the Dublin-based international rights group Frontline Defenders paints a devastating picture of killings, arbitrary detention, surveillance, and harassment. CIVICUS, an organization that measures civic space (defined as “the respect in policy, law and practice for freedoms of association, expression and peaceful assembly and the extent to which states protect these fundamental rights”), documented declines in 15 countries and improvements in only three. The location and nature of the drops were diverse, taking place from mature democracies such as the United States, Germany, France, and Switzerland, to authoritarian regimes such as Burundi and Oman, and including countries in crisis and conflict such as Sudan and Israel. Some types of human rights were uniquely politicized and singled out in 2025, including women’s rights and environmental rights. Freedom House recorded the 19th straight year of declines in global freedom.

All this is compounded by an unprecedented slash-and-burn to international aid budgets for organizations and individuals working on human rights worldwide. The Human Rights Funders Network of almost 450 institutions across 70 countries estimates that by 2026, human rights funding globally will experience a $1.9 billion reduction compared to levels in 2023.

Taken together, this makes the world more dangerous than ever for human rights defenders and they have fewer resources at their disposal to combat the threats.

In 2026 and moving forward, two crucial questions arise for the defense of human rights globally. First, who will do the work of fighting to protect and advance human rights in the year ahead, and second, how can those in the international community still fiercely committed to human rights support them? These questions will be shadowed by another trend: impunity. Yet, at the same time, lessons and a few positive developments from 2025 can guide human rights defenders on how to seize opportunities in the coming year, beginning even this month at the United Nations.

The Earthquakes of 2025

Eviscerating Democracy, Human Rights, and Governance Assistance

In the United States, 2025 began with the newly inaugurated Trump administration dismantling the U.S. Agency for International Development (USAID) and canceling approximately 85 percent of its programming (from a budget of more than $35 billion in the fiscal year ending in September 2024). The gutting eliminated hundreds of millions of dollars of support for those working to protect human rights and expand freedom and democracy around the world. The State Department’s grantmaking efforts were similarly cut, with more than half of its awards canceled, including programs directly supporting human rights defenders such as one initiative providing emergency financial assistance to civil society organizations and a fund to promote human rights and democracy and respond to related crises.

Most other major donor countries followed suit, though not with the same sweep or to nearly the same degree. Canada said it would reduce foreign aid by $2.7 billion over the next four years, the Dutch announced structural spending cuts of € 2.4 billion on development aid starting in 2027, and the European Union announced a €2 billion reduction in its main mechanism for development aid for 2025-2027. Multilateral funders were not immune to the trend: the United Nations, for one, will see major budget and staffing cuts for human rights in 2026.

The U.S. retreat from foreign assistance rapidly impacted all development sectors, from health, to education, to humanitarian assistance, but no sector was targeted with such enmity as that of democracy, human rights, and governance. Advocates and implementers saw not only the dire resource clawbacks discussed above, but also found themselves tarred by a steady diet of derisive commentary from the very policymakers doing the cutting.

Secretary of State Marco Rubio, who, once championed human rights and democracy “activists” as a U.S. Senator, even serving on the board of the democracy-promoting International Republican Institute before the administration eliminated the congressional funding that supported it. He once told a crowd at the Brookings Institution “[f]oreign aid is a very cost-effective way, not only to export our values and our example, but to advance our security and our economic interests.”

But as secretary of state, he abruptly reversed course, writing last April that the State Department unit overseeing civilian security, human rights, and democracy had “a bloated budget and unclear mandate,” and that its “Bureau of Democracy, Human Rights, and Labor had become a platform for left-wing activists to wage vendettas against `anti-woke’ leaders in nations such as Poland, Hungary.” Other members of the administration were similarly sharp-tongued about the sector, with now-former USAID Administrator Pete Marocco conflating the promotion of “civic society” with “regime change” in official court documents and President Donald Trump himself referring to USAID’s leadership as “radical lunatics.”

The rhetoric mirrors similar language used by authoritarians across the globe who have long been opposed to foreign assistance for democracy, human rights, and governance work, and it has real-world consequences for those advocating for human rights and freedom. Leaders of multiple countries have seized on the words of the Trump administration to launch spurious investigations of human rights defenders and other civil society activists who had received U.S. funding.

Closing Civic Space and New Technology

Closing civic space is not a new threat to human rights defenders, but it is one that has reached a fevered pitch in the last few years. This has included both an increase in traditional attacks and a greater reliance on new tactics for suppression, especially in the digital sphere.

Nearly 45 percent of all civic space violations CIVICUS recorded for its annual analysis were related to the freedom of expression. The organization documented more than 900 violations of the right to peaceful assembly and more than 800 violations of freedom of association. The most frequent examples were detentions of protesters and journalists, followed by the detention of human rights defenders outside the context of a protest or journalism, merely for doing their work.

Authoritarian regimes also have become ever more adept at utilizing the digital space for repression. Tactics such as doxing, censorship, smearing, and online harassment are important tools in an authoritarian approach. They have been supplemented in recent years by less evident tactics such as shadow-banning, which the CIVICUS analysis defined as when “a platform restricts content visibility without notifying the user,” allowing the platform to maintain an appearance that it is neutral.

Women rights defenders face additional risks online, including technology-facilitated gender-based violence: In a global survey by the Economist Intelligence Unit, 38 percent of women reported personal experience with violence online, from hacking and stalking to image-based sexual abuse.

Attacks in the digital space often are also connected with or fuel physical attacks, “including killings, enforced disappearances, arbitrary detention and harassment,” as Frontline Defenders reported in its analysis. Tunisia is paradigmatic. Amnesty International reported that, beginning in 2024, a “wave of arrests followed a large-scale online campaign…which saw homophobic and transphobic hate speech and discriminatory rhetoric against LGBTI activists and organizations spreading across hundreds of social media pages, including those espousing support for the Tunisian President Kais Said. Traditional media outlets also broadcast inflammatory messages by popular TV and radio hosts attacking LGBTI organizations, calling for their dissolution and for the arrests of LGBTI activists.” 

What to Expect for Human Rights in 2026 

The absence of meaningful and unified international pushback to human rights abuses by some of the world’s most powerful nations means the rights-based international system will continue to face unprecedented attacks, and the challenges that rights defenders face in the year ahead are likely to increase in number and intensity. Authoritarians worldwide have monitored the assault against human rights in the past year — from genocide in Gaza to the crackdowns on protesters in Tanzania to restrictions on freedom of association and expression in El Salvador and so many more instances — and they have learned that they are unlikely to be held accountable internationally in the near term.

Yet despite these challenges, a few developments in 2025 offer some reasons for optimism in the year ahead. Several large-scale, youth-led movements in 2025 held their governments accountable for rights violations, from the July Revolution in Bangladesh that ousted an abusive prime minister to the Gen Z protests in Kenya over economic conditions and government corruption, a protest moniker that spread to other countries as well.

Some governments passed rights-protecting laws, from Thailand’s legalization of same-sex marriage to Colombia’s laws preventing child marriage. Courts stood up for human rights and held perpetrators to account, from the International Criminal Court’s conviction of Sudan’s Ali Muhammad Ali Abd-Al-Rahman for war crimes and crimes against humanity to the U.S. conviction of The Gambia’s Michael Saang Correa for torture, to the symbolic judgment of the People’s Tribunal for Women of Afghanistan. These trends are likely to continue in 2026, despite the challenges, because courageous human rights defenders are using every avenue to fight for rights.

This year will also bring targeted opportunities to continue the fight for human rights. A preparatory committee for a proposed international crimes against humanity treaty begins work this month at the United Nations. Also at the U.N., this year’s Universal Periodic Reviews, a regular peer review of countries’ human rights records, will focus on some of the world’s worst rights offenders — including Sudan, Eswatini, and Rwanda — as well as countries with highly mixed records. These reviews provide an opportunity for the world to examine, publicly and critically, the rights records of all 193 countries and for victims and activists to share their stories and insights. While the United States has not submitted its self-evaluation due late last year, the process continued with the usual submissions from the U.N. and others.

Creative activists also are likely to use prominent events, such as the 2026 Olympic Games, to push for the expansion and recognition of human rights. They can take the opportunity of the United States’ 250th anniversary celebrations to highlight and internationalize the country’s founding principles of life, liberty, and the pursuit of happiness, as well as the requirement that all governments “[derive] their just powers from the consent of the governed.”

Who Will Lead the Fight for Human Rights in 2026? 

As many governments pull back and even attack human rights, the work of human rights defenders and organizations will become more critical than ever. Some of them have been leading the fight for decades, including leading international NGOs, national organizations, networks, and prominent individual leaders. Others have done critical human rights work but haven’t labeled themselves as rights defenders, such as organizations providing access to clean water, supporting girls’ education, or working to prevent violent conflict.

Many work at the community level, alongside neighbors and friends, with human rights defenders networks around the world, from the Mozambique Human Rights Defenders Network to Somos Defensores in Colombia. Some are in exile, fighting for rights in their home countries and for refugee and diaspora communities, like the brave Afghan women who organized a landmark People’s Tribunal in 2025 to expose rights violations against women. Others are professionals whose skills directly relate to human rights — lawyers, judges, journalists, and more. They include people like the brave journalists who continue to report on the context in Gaza, despite the incredible risks, and the Burmese lawyers who continue to document rights violations. Some are individual activists, using their platforms and skills to protect rights and call attention to attacks against them, like Iranian Nobel laureate Narges Mohammadi who was recently detained alongside other rights defenders while attending a memorial service for a human rights lawyer. Some are informal coalitions, student and youth groups, or protest participants — social movements have been and will be an essential component of the fight for human rights. All of these actors play a critical role in the human rights ecosystem. All of them are human rights defenders.

Aid funding cuts have devastated civil society organizations and will continue to impact human rights advocates. A survey by the International Foundation for Electoral Systems and International IDEA of 125 civil society organizations based in 42 countries found that 84 percent of respondents had lost funding due to U.S. and other countries’ aid cuts, with the same number expecting further cuts in 2026. UN Women reported that more than one in three women’s rights and civil society organizations have suspended or shut down programs to end violence against women and girls and more than 40 percent have scaled back or closed life-saving services. The philanthropic organization Humanity United found that 44 percent of peacebuilding organizations that it surveyed would run out of funds by the end of 2025.

These cuts will only be amplified as time goes on, as fewer young people can become human rights professionals while managing to put food on the table, as legal cases that take years to process aren’t filed for lack of funding, as human rights abuses aren’t documented, as the attacks from authoritarian regimes go unchecked. Shrinking development budgets will no longer provide similar levels of support to courts and anti-corruption bodies that human rights defenders have traditionally approached to pursue justice or for support hotlines where ordinary people can call in anonymously to report abuses at the hands of security forces. Such foreign assistance enabled vital avenues of accountability, but also signified solidarity, that at least some political decisionmakers both at home and abroad believed in human rights and supported those working to deepen and protect them.

But despite the myriad challenges, there will be human rights defenders who continue to fight the fight. For many, changes in funding or the withdrawal of political top-cover won’t stop them from finding avenues. One need only look at Iran’s protests today, where thousands of people are exercising and demanding their human rights amidst a brutal crackdown, internet blackout, and without international funding. Rights defenders have been doing a lot with a little for many years. Some — especially women, youth, Indigenous people, and disabled defenders — have often been excluded from human rights funding and support in the past. A new generation has seen the horrors of Gaza, El-Fasher, eastern Ukraine, or even around the corner from their home, in the news and online, and they have committed themselves to social justice and the prevention of atrocities.

Human rights has always been a universal endeavor which has required diverse supporters, advocates, and allies – this is true now more than ever.

How Can the International Community Support? 

Even those governments and institutions that continue to lead in supporting human rights internationally will need to do more with less, as the above-outlined cuts exemplify, to support those on the front lines. This is the chance to shift “localization” – the practice of funding local civil society organizations directly and based on their priorities, rather than via large overhead-requiring NGOs funded by donor countries — from an ideal to a necessary strategy. A grant of $20,000 may not keep a major international organization online, but it can fund a community-based service provider. Donors can integrate a rights-based approach across portfolios instead of siloing the issue, integrating human rights goals and strategies into other foreign policy initiatives. For example, companies can integrate human rights efforts and measurements into their supply chains for products from batteries to chocolate, producing products they would already produce but in a way that advances human rights as well. Military operations can add human rights and gender considerations with little cost but potentially huge impact. This requires training, tools, and high-level political will to succeed. And they can continue to advocate for rights and use diplomatic pressure and support as key tools.

The elephant in the room is the United States. The Trump administration not only is backtracking on the traditional U.S. commitment and values of democracy and human rights internally and internationally but also has sought to hamper others in funding such initiatives. But there are still important steps that can be taken to protect human rights. Congress must do its job and provide oversight, holding the administration accountable to the laws that protect this important work. Members should speak out against injustices and rights violations, at home and abroad. Rep. Chris Smith (R-NJ), for example, has played a key role in the Tom Lantos Human Rights Commission, calling out rights abuses in places like Turkey, and Rep. Tim Kennedy (D-NY) led a congressional letter to the Department of Homeland Security urging the Trump administration to overturn its decision to terminate Temporary Protective Status for Burmese people.  State governments have always played a key role in advancing rights, and this will become more critical than ever.

Foreign governments that have engaged on human rights issues but haven’t been the largest international donors or advocates will be particularly important. Some of them are stepping up already. Examples include Japan playing a leading role in advancing women’s issues, South Africa and Gambia taking cases to the International Court of Justice accusing Israel and Myanmar, respectively, of violating the Genocide Convention, and Ireland continuing its steadfast allyship with human rights defenders.

Now is the time for committed countries around the world to continue to demonstrate the global nature of this agenda, set out more than 75 years ago in the Universal Declaration of Human Rights and reinvigorated by 18 international human rights treaties.

Philanthropy and the international private sector will be more essential than ever in 2026.  Foundations cannot offset the huge funding gaps left by governments and multilateral donors — total U.S. philanthropic giving is about $6 billion per year, whereas U.S. overseas development assistance alone in 2023 accounted for $223 billion — but they can provide strategic investments that help protect rights and those defending them, amplify their voices, fund innovative new approaches, and help the ecosystem survive. Philanthropies around the world provided nearly $5 billion in human rights support globally in 2020 alone, and their funding is critical for many organizations.

Companies have their own role to play, one that includes but goes well beyond corporate social responsibility, from responsible tech and AI to eliminating forced labor from supply chains to hiring diverse employees. The private sector has a unique opportunity to ensure that human rights remain on the global agenda, because there is a strong business case in favor of human rights protections and alliances with those who truly understand the needs and wants of local populations. A great example is the effort by numerous auto and electronics companies to move away from cobalt batteries, both a recognition of the horrible rights violations facing individuals and communities around cobalt mines in the Democratic Republic of Congo and a recognition that this move is also better for business due to supply chain volatility.

Defending against challenges to human rights, democracy, and good governance in 2026 and beyond will require creativity and broad coalition-building across sectors that too often are siloed, such as health, peacebuilding, humanitarian assistance, and the field of democracy, human rights, and governance. Everyone who does not traditionally think of themselves as a human rights defender, from government officials to the private sector, will need to step up to support those on the frontlines of the fight to defend human rights.

The post Who Will Stand Up for Human Rights in 2026 – and How? appeared first on Just Security.

The catalog below organizes our collection of articles primarily about the war into general categories to facilitate access to relevant topics for policymakers, researchers, journalists, scholars, and the public at large. The archive will be updated as new pieces are published.

We welcome readers to use this catalog to follow the unfolding situation and generate new lines of analysis. To search headlines and authors, expand one or all of the topics, as needed, and use CTRL-F on your keyboard to open the search tool. The archive also is available in reverse chronological order at the Russia-Ukraine War articles page.

The post Just Security’s Russia–Ukraine War Archive appeared first on Just Security.

Originally published Jan. 21, 2025, and frequently updated.

A. Resources

Tracker: Legal Challenges to Trump Administration Actions 

B. “What Just Happened” Series

Mark Nevitt, Trump, the National Guard, and the District of Columbia: What You Need to Know (Aug. 18, 2025)

Kathleen Claussen, What Just Happened: The Tariff Litigation Advances (Jun. 4, 2025)

Chiraag Bains, What Just Happened: The Trump Administration’s Dismissal of Voting Rights Lawsuits (May 27, 2025)

Dani Schulkin, Tess Bridgeman and Andrew Miller, What Just Happened: The Trump Administration’s Reorganization of the State Department – and How We Got Here (Apr. 22, 2025)

Stefanie Feldman, What Just Happened: The Trump Administration Repealed Zero Tolerance Policy for Rogue Gun Dealers (Apr. 15, 2025)

Kathleen Claussen, What Just Happened: The Trump Administration’s Latest Moves on Tariffs (Apr. 3, 2025)

Ahilan Arulanantham and Adam Cox, Explainer on First Amendment and Other Legal Issues in Deportation of Pro-Palestinian Student Activist(s) (Mar. 12, 2025)

Brett Holmgren, What Just Happened: Security and Foreign Policy Implications of Pausing Intelligence Sharing with Ukraine (Mar. 6, 2025)

Nicholas Bednar, What Just Happened: Musk-OPM Send Email to Federal Employees Asking for Five Accomplishments (Feb. 22, 2025)

Roderick M. Hills, What Just Happened: Purges at the DOJ and FBI – How Do and Don’t the Civil Service Laws Apply (Feb. 14, 2025)

Alex Finley, What Just Happened: Security Implications of Trump’s Efforts to Trim the CIA Workforce (Feb. 7, 2025)

Jonathan Hafetz and Rebecca Ingber, What Just Happened: At Guantanamo’s Migrant Operation Center (Feb. 6, 2025)

Kathleen Claussen, What Just Happened: New Tariffs on Products from Mexico, Canada, and China (Feb. 5, 2025)

Tess Bridgeman, What May Be About to Happen: Can the President Dissolve USAID by Executive Order? (Feb. 1, 2025)

Brad Brooks-Rubin, What Just Happened: Trump’s Termination of West Bank Settler Sanctions (Jan. 30, 2025)

William Banks, What Just Happened: The Framing of a Migration “Invasion” and the Use of Military Authorities (Jan. 29, 2025)

Ilya Somin, What Just Happened: The “Invasion” Executive Order and Its Dangerous Implications (Jan. 28, 2025)

Tom Ellison, What Just Happened: Trump’s Executive Actions on Environment and Implications for US Climate Security (Jan. 24, 2025)

Ahilan Arulanantham, What Just Happened: Sanctuary Policies and the DOJ Memo’s Empty Threat of Criminal Liability (Jan. 23, 2025)

Andrew Weissmann, What Just Happened: What Trump’s Hobbling Privacy Oversight Board Portends for Exercise of Surveillance Powers (Jan. 22, 2025)

Justin Hendrix, What Just Happened: Trump’s Announcement of the Stargate AI Infrastructure Project (Jan. 22, 2025)

Tom Joscelyn, What Just Happened: Trump’s January 6 Pardons and Assaults on Law Enforcement Officers By The Numbers (Jan. 22, 2025) 

Mark Nevitt, What Just Happened: Unpacking Exec Order on National Emergency at the Southern Border (Jan. 21, 2025)

Tess Bridgeman and Rebecca Hamilton, What Just Happened: With ICC Sanctions (Jan. 21, 2025)

Sue Biniaz, What Just Happened: Withdrawing from Paris and other International Environmental Agreement Actions (Jan. 21, 2025)

C. Analysis and Perspectives

Elizabeth Goitein, Trump v. Illinois: A Narrow Supreme Court Decision with Broad Implications (Jan. 9, 2026)

Harold Hongju Koh, Bruce Swartz, Madeline Babin, Saavni Desai, Samantha Kiernan, Ananya Agustin Malhotra, Pete Nelson, Jake Reagan, Summia Tora and Julian Watrous, A SCOTUS Bench Memo for the Trump Tariff Case: Separation of Powers, Delegation, Emergencies, and Pretext (Nov. 3, 2025)

Kelsey Merrick, The Use of Tariffs to Raise Revenue is a Choice for Congress, not the President (Nov. 3, 2025)

Thomas E. Brzozowski, How Designating Antifa as a Foreign Terrorist Organization Could Threaten Civil Liberties (Oct. 27, 2025)

Cathy Buerger, Repression as Rescue: The Authoritarian Logic of Trump’s Early Executive Orders (Sept. 25, 2025)

Himamauli Das, Rethinking IEEPA Accountability and Oversight (Sept. 18, 2025)

Conner Bender, America’s Missile Shield Raises Legal and Cybersecurity Concerns (Aug. 27, 2025)

Devika Hovell, Raising the Cost of U.S. Coercion Against the ICC (Aug. 26, 2025)

Jordan Ascher, The APA Authorizes “Universal” Stays of Agency Action Under 5 U.S.C. § 705 (Aug. 22, 2025)

Andrew Miller and Kelly L. Razzouk, Save the PMF Program or Risk Losing a Generation of Public Servants (Aug. 1, 2025)

Michael Schiffer, Congress Shrinking from the World: the Constitution’s Article I in the Shadow of Trump 2.0 (July 23, 2025)

Ryan Goodman, Understanding DHS’s and ICE’s New Powers in Comparative Perspective (July 21, 2025)

Samuel Estreicher and Andrew Babbitt, Court of International Trade’s Flawed Ruling in Striking Down Trump’s Tariffs (July 14, 2025)

Lisa Larrimore Ouellette, The Trump Administration’s Multi-Front Assault on Federal Research Funding (July 9, 2025)

Bruce Swartz, Will to Resist: What Dartmouth Teaches Harvard About Protecting American Freedom (July 7, 2025)

John Lewis and Jordan Ascher, Pathways to “Universal” Relief after Trump v. CASA (July 3, 2025)

Harold Hongju Koh, Alan Charles Raul and Fred Halbhuber, After CASA: The Administrative Procedure Act Option for Challenging the Birthright Citizenship and Other Illegal Executive Actions (June 30, 2025)

Rebecca Hamilton, The Trump Administration’s Use of State Power: Keeping Track of the Big Picture (updated June 30, 2025)

Ilya Somin, Nondelegation and Major Questions Doctrines Can Constrain Power Grabs by Presidents of Both Parties (June 26, 2025)

Elizabeth Goitein, Federal Troops in Drug Raids Outside of Los Angeles: An Alarming Escalation (June 25, 2025)

Ryan Goodman and Steve Vladeck, The Posse Comitatus Act Meets the President’s “Protective Powers”: What’s Next in Newsom v. Trump  (June 20, 2025)

Adam Grogg and John Lewis, The Legal Defects in the Trump Administration’s Attempts to Deregulate Without Notice and Comment (Jun. 17, 2025)

Rachel Levinson-Waldman and Melanie Geller, How DHS’s New Social Media Vetting Policies Threaten Free Speech (Jun. 17, 2025)

Cathy Buerger, Unequal Before the Law: How Trump’s Death Penalty Order Codifies Dangerous Speech (Jun. 6, 2025)

Suzanne Summerlin, Too Big to Be Lawful: A Federal Court Halts Mass Layoffs Across the Civil Service (Jun. 3, 2025)

Kristin A. Collins, Gerald Neuman and Rachel E. Rosenbloom, Another Reason Trump’s Birthright Citizenship Order is Unlawful (May 15, 2025)

Mark Nevitt, The New “National Defense Area” at the Southern Border: What You Need to Know (Apr. 29, 2025)

Harold Hongju Koh, Fred Halbhuber and Inbar Pe’er, No, the President Cannot Enforce the Law-Firm Deals (Apr. 28, 2025)

Paul M. Barrett, Justice Department Fails to Address Central Point in VOA Case (Apr. 24, 2025)

Ahilan Arulanantham, Deportation to CECOT: The Constitutional Prohibition on Punishment Without Charge or Trial (Apr. 23, 2025)

Aadhithi Padmanabhan, The Fox TV Problem with Deporting International Students (Apr. 21, 2025)

John Mikhail, Birthright Citizenship and DOJ’s Misuse of History in Its Appellate Briefs (Apr. 18, 2025)

Paul M. Barrett, Unpacking the Voice of America Litigation (Apr. 10, 2025)

Harold Hongju Koh, Fred Halbhuber and Inbar Pe’er, No, the President Cannot Issue Bills of Attainder (Apr. 9, 2025)

Francisco Bencosme and Michael Schiffer, America’s Absence in Myanmar’s Early Earthquake Response: A Moral and Strategic Failure (Apr. 4, 2025)

Marty Lederman, Remarkable Things in the Government’s Alien Enemies Act Briefs to the Supreme Court (Apr. 3, 2025)

Stephanie Psaki and Beth Cameron, Dropping U.S. Biodefenses: Why Cuts to Federal Health Agencies Make Americans Less Safe (Apr. 3, 2025)

Edgar Chen and Chris M. Kwok, The Trump Administration’s 14th Amendment Retcon: ‘Wong Kim Ark’ Does Not Limit Birthright Citizenship (Mar. 28, 2025)

Mary B. McCord, Dissecting the Trump Administration’s Strategy for Defying Court Orders (Mar. 25, 2025)

Rebecca Hamilton, The Imperative of Solidarity in Response to Assaults on Legal Services, Universities, and Independent Media (Mar. 24, 2025)

Andrew Weissmann, The New “Blacklists” Work When Law Firms Stay Silent (Mar. 24, 2025)

Katherine Yon Ebright, The Courts Can Stop Abuse of the Alien Enemies Act – The Political Question Doctrine is No Bar (Mar. 20, 2025)

Rebecca Ingber and Scott Roehm, The Trump Administration’s Recent Removals to El Salvador Violate the Prohibition on Transfer to Torture (Mar. 20, 2025)

Mark Pomar, Trump Move to Eliminate VOA, RFE/RL Ignores Lessons of Global Power (Mar. 20, 2025)

Jean Garner, Journalists Who Took Risks for US-Funded Broadcasters Threatened Anew by Trump Shutdown (Mar. 18, 2025)

Ambassador Daniel Fried, The US Government’s Self-Harm in Killing Radio Free Europe/Radio Liberty (Mar. 17, 2025)

Faiza Patel, U.S. AI-Driven “Catch and Revoke” Initiative Threatens First Amendment Rights (Mar. 18, 2025)

Steve Vladeck, 5 Big Questions in the Alien Enemies Act Litigation (Mar. 16, 2025)

Noor Hamadeh and David McKean, Suspension of FCPA Enforcement Is Bad for U.S. and Global Business (Mar. 13, 2025)

Brian O’Neill, The President’s Declassification Power is a Double-Edged Sword (Feb. 28, 2025)

Michael Schiffer and Anka Lee, Trump’s China Tariff Now Treats Hong Kong the Same as the Mainland, a First in US Policy (Feb. 27, 2025)

Bill Frelick, The Racial Twist in Trump’s Cutoff of Refugee Admissions (Feb. 27, 2025)

Daniel Jacobson, The Trump Administration Cannot Use Award Terms and Conditions to Impound Funds (Feb. 24, 2025)

Mark Nevitt, How the Pentagon Personnel Firings Threaten Our Apolitical Military (Feb. 24, 2025)

Brian Finucane, U.S. Military Action in Mexico: Almost Certainly Illegal, Definitely Counterproductive (Feb. 20, 2025)

Tobias Barrington Wolff, The Attempt to Purge Trans Members from the Armed Services (Feb. 19, 2025)

Elizabeth Goitein and Katherine Yon Ebright, Trump’s Doubly Flawed “Invasion” Theory (Feb. 19, 2025)

Seth Binder, Sheridan Cole, and Haydn Welch, The Disastrous Costs of the Foreign Foreign Aid Freeze on US Interests in the Middle East and North Africa (Feb. 14, 2025)

Laura Booth, Can the President Dismantle the Department of Education by Executive Order? (Feb. 14, 2025)

Scott Busby, Freezing Support to Democracy and Human Rights Activists Undermines US Interests (Feb. 13, 2025)

Laura Thornton, Supporting Freedom and a Foreign Aid Freeze are Incompatible – But Perhaps the Point? A Case Study (Feb. 13, 2025)

Donell Harvin, The Need for Course Correction: The Risks of Treating Drug Cartels as Terrorist Threats (Feb. 12, 2025)

Winona Xu, As Sexual Violence Surges in Goma, US Aid Remains Crucial (Feb. 12, 2025)

16 US Human Rights Experts, Current and Former Members of UN Bodies, “The Trump Administration’s Attacks on International Law and Institutions”: Public Statement of American Human Rights Experts, Current and Former Members of UN Bodies (Feb. 10, 2025)

Simon Lomax, Greg Clough, Morgan Bazilian, Restarting US LNG Permitting Brings Geopolitical Benefits and the Potential for Climate Progress (Feb. 10, 2025)

Rebecca Hamilton, Connecting the Dots: Trump’s Tightening Grip on Press Freedom (Feb. 6, 2025)

Rachel Levinson-Waldman, The Dangerous Sweep of Trump’s Plan to Designate Cartels as Terrorist Organizations (Feb. 5, 2025)

Marty Lederman, The Most Indefensible Aspects of DOJ’s Briefs in the Birthright Citizenship Cases (Feb. 4, 2025)

Suzanne Summerlin, Federal Employee Rights: What Probationary Employees Need to Know (Jan. 31, 2025)

Faiza Patel, Trump’s Executive Order on Foreign Terrorists: Implications for the Rights of Non-Citizens (Jan. 31, 2025)

Sara Zdeb, The Real Reason Trump’s Purge of Career DOJ Officials Should Alarm You (Jan. 30, 2025)

Suzanne Summerlin, Beware the “Deferred Resignation” Offer: A Legally Dubious Proposal for Federal Employees (Jan. 29, 2025)

Stuart Gerson, Understanding Trump’s Choice for FBI Leadership in Light of the “Weaponization of the Federal Government” Executive Order (Jan. 29, 2025)

Adam Cox and Trevor Morrison, Trump’s Dictatorial Theory of Presidential Power – What the Executive Orders, in the Aggregate, Tell Us (Jan. 28, 2025)

Ambassador Donald Steinberg, `Elections Have Consequences’: Trump and Rubio’s Foreign Aid Halt Will Hit the World’s Most Vulnerable (Jan. 28, 2025)

Dafna H. Rand, Stopped Security Assistance: From Counter-Narcotics to Combating Human Trafficking Programs (Jan. 28, 2025)

Andrew Weissman, Why has the Trump Justice Department Not Moved to Dismiss the Case Against Trump’s Co-Defendants in the FLA Classified Documents Case? (Jan. 28, 2025)

Michael Schiffer, Stop-Work Order on US Foreign Aid Puts China First and America Last (Jan. 27, 2025)

Ambassador (Ret.) Dennis Jett, Deprofessionalizing the State Department Is a Threat to National Security (Jan. 24, 2025)

Jean Galbraith, The Legal Problem with Trump’s WHO Order: The US Cannot Withdraw Until It Pays Its Dues (Jan. 23, 2025)

Alex Abdo, A Free Speech View on the “Free Speech” Executive Order (Jan. 21, 2025)

Xiangnong (George) Wang, President Trump’s Attempt to “Save” TikTok is a Power-Grab that Subverts Free Speech (Jan. 21, 2025)

“What Just Happened” Podcast Series

David Aaron, Brian Netter and Mark Nevitt, Federalization of DC Law Enforcement, Legal Authorities and Updates (Aug. 20, 2025)

David Aaron, Carrie Cordero and Donell Harvin, Federalization of Law Enforcement in Washington DC (Aug. 14, 2025)

David Aaron and Steven Cash, The Budget Bill and the Future of DHS and ICE (July 18, 2025)

Chiraag Bains, Dani Schulkin and Maya Nir, Dismissal of Voting Rights Lawsuits (June 2, 2025)

Ambassador Daniel Fried, Dafna H. Rand, Michael Schiffer, Michael Hanna, Rachel Goldbrenner and Maya Nir What’s Next for U.S. Diplomacy and Foreign Assistance (May 19, 2025)

Ryan Goodman, Tom Joscelyn, Mary B. McCord, Paras Shah and Clara Apt, Politicization and Weaponization of the Justice Department in the Second Trump Administration (Mar. 6, 2025)

David Aaron, Kevin Carroll, Paras Shah and Clara Apt, CIA Officers’ Lawsuit at Intersection of DEI and National Security (Mar. 4, 2025)

David Aaron, Tess Bridgeman and Suzanne Summerlin, Understanding Federal Employee Rights (Feb. 18, 2025)

David Aaron, Tess Bridgeman, Ryan Goodman and Mark Nevitt, Potential U.S. Military Domestic Deployment for Immigration Enforcement (Jan. 28, 2025)

Steve Vladeck, David Aaron, Tess Bridgeman and Ryan Goodman, Trump’s Immigration Executive Orders (Jan. 22, 2025)

IMAGE: President Donald Trump signs executive orders in the Oval Office on January 20, 2025 in Washington, DC. Trump takes office for his second term as the 47th president of the United States. (Photo by Anna Moneymaker/Getty Images)

The post Collection: Just Security’s Coverage of Trump Administration Executive Actions appeared first on Just Security.

For years, experts have warned that agentic AI would allow even unsophisticated nation-states and criminals to launch autonomous cyber operations at a speed and scale previously unseen. With that future now in reach, policymakers and industry leaders must follow a two-pronged strategy: ensuring that organizations have access to fit-for-purpose cyber defenses and managing the proliferation of AI capabilities that will allow even more powerful cyber operations in the future. Both steps are important not only to safeguard U.S. networks, but also to solidify U.S. technical leadership over competitors such as China.

How the Cyber Campaign Worked

In a detailed report, Anthropic assessed with high confidence that a Chinese state-sponsored group designated as GTG-1002 used its Claude Code model to coordinate multi-staged cyber operations against approximately 30 high-value targets, including technology companies, financial institutions and government agencies. The campaign produced “a handful of successful intrusions.” The hackers circumvented safety features in the model, breaking the workflow into discrete tasks and tricking Claude into believing it was helping fix cybersecurity vulnerabilities in targeted systems.

Humans provided supervision and built a framework that allowed Claude to use open-source hacking tools to conduct the operations. But Claude “executed approximately 80 to 90 percent of all tactical work independently” — from initial reconnaissance and vulnerability identification to gaining access to targeted systems, removing data, and assessing its value. Automation allowed GTG-1002 actors to achieve an operational tempo impossible for human operators; its “peak activity included thousands of requests, representing sustained request rates of multiple operations per second.”

Some outside researchers have questioned the effectiveness of this campaign, pointing out that Claude hallucinated about data and credentials it claimed to have taken. Some also noted the low quality of AI-generated malware. But this is only the beginning. As AI models become more powerful and ubiquitous, the techniques this campaign demonstrated will only grow more sophisticated and accessible. The question is who adopts them next and how quickly.

AI is Empowering U.S. Adversaries

Anthropic’s attribution of this campaign to Chinese state-sponsored actors grabbed headlines at a time of rising geopolitical tensions and high-profile Chinese cyber operations targeting U.S. telecommunications networks and critical infrastructure.

China has a large ecosystem of state-affiliated hacker groups that operate at scale. These groups function essentially as businesses, broadly targeting organizations in the United States and other countries and then selling stolen information to government and commercial customers. GTG-1002’s approach — targeting 30 organizations, gaining access and exfiltrating data where possible — fits this model perfectly. For a high-scale hacking enterprise, using AI automation to increase efficiency is a natural evolution. It is what every business is trying to do right now.

At the same time, the campaign relied on open-source, relatively unsophisticated hacking tools. Any resourceful adversary — Russian cyber criminals, North Korean crypto currency thieves, Iranian hackers — could conduct similar campaigns using advanced AI models. Many of them probably are right now. What was novel was the operational tempo — Claude Code executed reconnaissance, exploitation, and data analysis at a pace no human team could match.

The key takeaway is that adversaries everywhere now have the ability to conduct high-speed, high-volume hacks. Unfortunately, cyber defenders are not prepared to meet this challenge.

AI and the Cyber Offense-Defense Balance 

Cybersecurity has long been a competition between offense and defense, with the offense having the edge thanks to the large attack surfaces produced by modern networks. While defenders must work to patch all vulnerabilities to keep the hackers out, the offense just needs to locate one entry point to compromise the defenders’ systems. Cybersecurity experts are concerned that AI-enabled automated operations, like the one uncovered by Anthropic, will further tip the balance by increasing the speed, scale, and persistence of hacks.

At the same time, AI holds the potential to address many long-standing cybersecurity challenges. AI-enabled testing can help software developers and infrastructure owners remediate vulnerabilities before they are exploited. Managed detection and response companies have touted their use of AI to reduce incident investigation time from hours to minutes, allowing them to disrupt ongoing operations and free up human analysts for more complex tasks. When layered and done right, these solutions can give defenders a fighting chance at keeping up with the new speed and scale of offense — but only if they are widely adopted.

For years, criminals have targeted “cyber poor” small businesses, local hospitals and schools because they are less able to purchase state-of-the art defenses to keep hackers out and less able to resist ransom demands when criminals get in. To ensure these organizations are not overwhelmed by the new pace of AI-driven hacking, organizations will need to adopt newer, high-speed defensive tools. Increased automation will make these tools cheaper and more accessible to those with limited cyber defenses. But it is hard to imagine how this will happen domestically without more funding and targeted efforts to raise cybersecurity standards in key critical infrastructure sectors — at a time that the Trump administration is cutting back on U.S. cyber investments.

The same resource divide exists internationally, where middle and lower income countries are at risk of crippling cyber incidents because they lack resources for basic defenses. It will take concerted international engagement and capacity building to ensure countries can keep pace with new threats, but it is in the United States’ interests to help them do so.. As the United States and China compete to promote global adoption of their technology ecosystems, developing countries in particular are looking for solutions across the full technology stack. AI-enabled cyber defenses — offered individually or baked into other services — can strengthen the United States’ appeal as a technology partner.

When AI Competition Meets Proliferation Risks

In addition to strengthening cyber defenses, it is also important for policymakers and industry leaders to reduce the risk that AI systems will be exploited to orchestrate cyber operations in the first place. GTG-1002’s activities were only discovered and stopped because hackers used a proprietary model; Anthropic had visibility into the groups’ activities and could cut them off, once discovered.

The good news is that companies like Anthropic, OpenAI and Google can learn from malicious use of their models and build in stronger capabilities to detect and block future incidents. Athropic’s transparency in the GTG-1002 case helps build muscle memory so that companies can work together to prevent similar incidents in the future (though some experts argue Anthropic could have gone farther in explaining how the operation worked and sharing actionable details, like sample prompts). The bad news is that as open-source models like China’s DeepSeek improve, malign actors will not need to rely on proprietary models. They will turn to open source models that operate with limited or no oversight.

This is a place where tensions between U.S.-China AI competition and cybersecurity meet. Both countries are competing across multiple dimensions to become the world’s AI leader. U.S. companies — including Google, Microsoft, OpenAI, and Anthropic — have the edge when it comes to the raw capability of their proprietary models. Chinese AI companies (and some U.S. ones, too) have pressed ahead with the development of lower cost, open-source models that are more easily accessible to users in developing countries in particular.

The economic, political, and national security stakes for this competition are enormous.  To ensure the United States maintains a competitive advantage, the Trump administration has sought to reduce AI safety requirements. But if this campaign is a sign of what is to come, both the United States and China should have an interest in preventing the models their companies create from being exploited by criminals, terrorists, and other rogue actors to cause harm within their territories.

The Trump administration’s AI Action Plan calls for more evaluation of national security risks, including cyber risks in frontier models. The question is what additional safeguards need to be put in place to reduce this risk, which incentives are needed, and how to build consensus on such standards internationally.

What Must Be Done Now

It is impossible to stop AI-driven campaigns. But policymakers and industry leaders can still strengthen cyber defenses to mitigate risk. This requires incentivizing development of AI applications that enable secure software development, improved penetration testing, faster threat detection, and more efficient incident response and recovery. Funding and concerted engagement by government and private cybersecurity experts will be needed to support adoption among cyber-poor providers of critical services, like hospitals and schools.

It also requires strengthening safeguards to make it harder for bad actors to weaponize easily accessible AI models. Ideally, the United States would do this in parallel with China requiring increasing safeguards in its own models. (Otherwise, the administration’s recent decision to sell more powerful chips to China will allow China to produce more unsafe models, and faster.)

Regardless, the United States must continue efforts within its own AI safety community to identify and mitigate misuse of U.S. models. Transparency about incidents like this one is a good place to start. But to stay ahead of the threat, companies and researchers should be further encouraged to share information about risks, improve testing standards, and develop mitigations when bad actors circumvent safeguards.

The post The Era of AI-Orchestrated Hacking Has Begun: Here’s How the United States Should Respond appeared first on Just Security.

In some cases, these might be topics that were under-covered. Others received significant coverage but still may have implications that merit more attention.

There are of course far more developments that are noteworthy than a single recap can capture, and we encourage you to keep an eye out for other “looking back, looking ahead” style articles on Just Security in the days and weeks ahead. But in the midst of a news environment dominated by attention-grabbing headlines and algorithms commodifying our attention, we hope that this compilation will provide an opportunity to step back and reflect on some of the important trends shaping our world today.

Climate Milestones and Misses

Global climate progress in 2025 was, in a word, uneven, reflecting an ever-widening gap between ambition and the ability to mobilize that ambition into concrete global action. Two highly-anticipated advisory opinions – from the Inter-American Court of Human Rights in May and from the International Court of Justice in July – took strong positions with respect to States’ obligations in relation to climate change, as analyzed on Just Security here and here.

But in practice, climate diplomacy produced relatively weak results; at COP 30 in Belém, for example, there was little progress on crucial questions such as countries’ specific individual commitments to emissions reduction. Earlier this year, analysts described a much-anticipated climate announcement from China as likewise underwhelming, and the year of course was also marked by the United States’ highly visible retreat from global climate engagement – with some signs that U.S. state and local governments may be seeking openings to engage even as the national government pulls back.

Meanwhile, one relatively undercovered story in climate diplomacy was the Biodiversity Beyond National Jurisdiction Agreement (BBNJ), or High Seas Treaty, which received sufficient ratifications this fall to enter into force in January 2026. It creates the first comprehensive legal framework for protecting biodiversity on the high seas, an area covering nearly half the earth’s surface, and is notable as a milestone in climate-biodiversity governance and as a sign that international treaty-making continues to function even in an environment of increasing uncertainty.

(Readers may also be interested in Just Security’s Climate Archive.)

In the Age of Generative AI, How Do We Know What We Know?

This year saw what seemed to be a near-constant rollout of generative AI tools, including new versions of consumer-facing large-language models (LLMs), an explosion in AI video content, and the continued development of sector-specialized generative models. Among the many complex questions raised by the ubiquity of generative AI, one relatively under-covered angle involved epistemic risks: how society and institutions create and understand knowledge, and how we validate what information to trust.

This can play out in different ways across different types of use. Some specialized AI models used for professional purposes may develop faster than users – even very expert users – can fully understand the model’s inputs, limitations, and biases, potentially degrading the quality of knowledge production and eroding public trust in information. In general consumer uses, the ubiquity of AI-generated content may threaten the (already tenuous) social agreement about reality. AI video, for instance, presents new challenges for civilian protection and evidence collection: not only that manipulated images will be taken as true but also that very real evidence, including of atrocities, might be dismissed as AI.

Scholars have been grappling with these questions for several years now. But with the explosion of public-facing AI, the risk becomes that products will move into common use, and policymakers will be charged with regulating them, before the relevant public fully understands those risks and limitations. In July of this year, for example, some scholars expressed concern about this very knowledge gap when the EU released its General-Purpose AI Code of Practice, providing guidance on how the 2024 AI Act should be applied to general-purpose AI tools like LLMs.

With AI now shaping our physical world as much as our digital one, understanding and communicating about these epistemic gaps is likely to be a key theme of 2026.

(Readers may also be interested in Just Security’s archive of artificial intelligence articles.)

“A Tale of Two Courts” at the ICC

The story of the International Criminal Court (ICC) this year was, in the words of Just Security Editorial Board member and former ICC Prosecutions Coordinator Alex Whiting, “a tale of two courts.”

On the one hand, developments like sanctions in connection to the Palestine situation and allegations against Prosecutor Karim Khan, now on leave pending investigation, drew headlines.

But against that backdrop, the Court also managed to continue its work and achieve meaningful progress in many areas this year: the arrest of former President Rodrigo Duterte of the Philippines, convictions in the Sudan Situation and a case from the Central African Republic, the first arrest and surrender of an accused in the Libya Situation, the confirmation of charges in absentia in the Joseph Kony case, and launching of new policies, including on environmental crimes and cyber-enabled crimes. (Readers may also be interested in Just Security’s ICC coverage, in which authors analyze a number of these developments.)

Observes Whiting: “This is not to minimize the challenges faced by the Court, or some of the structural problems that may exist within the Rome Statute, but under the direction of the Deputy Prosecutors and the judges, the Court is continuing to function and do its work. The Court is not invulnerable, but it is resilient.”

ICRC Updates Civilian Protection Guidance to Reflect Realities of Modern Warfare

The International Committee of the Red Cross (ICRC) this year published its updated Commentary on the Fourth Geneva Convention on the Protection of Civilians (GCIV), the core humanitarian treaty governing civilian protection in international armed conflict and occupation. This marks the last in a cycle of modernizing the commentaries to the Geneva Conventions, after which the ICRC will turn to the Additional Protocols.

The Commentaries provide interpretive guidance on how the Geneva Conventions’ rules should be applied in real-world situations. Given the importance of GCIV in the protection of civilians while under increasing threat in conflicts around the globe (see, for example, the next entry on this list), and the many ways in which armed conflict has changed in the 60-plus years since the last round of Commentaries, this update was particularly anticipated. There is no expectation, of course, that it will provide a panacea, but by updating the guidance to reflect the conditions of today’s armed conflicts, the ICRC reaffirms the centrality of the fundamental legal protections owed to civilians.

Watch this space for a series from international humanitarian law experts analyzing the updated Commentary, coming jointly from Just Security, the ICRC, and EJIL:Talk! early in the new year.

Humanitarian Catastrophe in Sudan

The brutal civil war between the Sudanese Armed Forces (SAF) and the Rapid Support Forces (RSF), now well into its third year, has triggered the largest displacement crisis in the world, with approximately 12 million people forcibly displaced as of Dec. 1, and estimates from earlier this year of over 30 million people in need of humanitarian aid. Civilians are subjected to direct and brutal violence from the conflict itself, while also suffering from a health system under strain; malnutrition, and in some areas famine; and repeated outbreaks of cholera, dengue, and other diseases.

As authors writing on Just Security and elsewhere have repeatedly observed, the scale of global attention – in the press, from the public, and from policymakers – fails to match the scale of the atrocities. At the same time the global community faces the urgent task of addressing the humanitarian catastrophe in Sudan, it also faces the question of how one of the worst global crises has unfolded with so little international attention.

A Power Vacuum in Public Health Leadership

While the Trump administration’s controversial cuts to public health programs, including the dismantling of Centers for Disease Control initiatives, the dissolution of the U.S. Agency for International Development, and the U.S. withdrawal from the World Health Organization (WHO), dominated headlines, a less-publicized consequence was the response to the resulting power vacuum in public health leadership.

Within the United States, regional public health alliances emerged, primarily among Democratic-led states in the west and northeast. However, even as state and local governments stepped in to fill the gaps, they faced deep budget cuts from federal health programs.

Globally, a July 2025 study in The Lancet estimated that U.S. cuts to public health aid could lead to 14 million additional deaths by 2030. A December 2025 response from other scholars argued that the study’s assumptions were being contradicted by real-world developments. “People, institutions, and governments in several countries have responded to the moment,” they noted, by shifting budgets, reforming supply systems, and increasing aid from other nations—challenging the notion that U.S. leadership is indispensable to global health efforts.

But while European countries, China, and global solidarity networks have been suggested as alternatives to fill the gaps, a real funding shortfall remains. The UK and European Union member states, led by Germany (which recently became home to a new WHO center) have visibly assumed a more prominent role in global public health leadership. However, many are also scaling back their overseas development assistance due to their own budget constraints. China’s public health contributions, especially in Africa, are notable but far smaller than the resources previously provided by USAID.

Ultimately, these cuts have sparked efforts to explore alternative solutions, both domestically and internationally, but these initiatives are constrained by undeniable resource limitations.

(Readers may also be interested in the Collection: Just Security’s Coverage of Trump Administration Executive Actions.)

The Double-Edged Sword of U.S.-Belarus Rapprochement

From Just Security Washington Senior Editor Viola Gienger, who curates much of the site’s content on rule of law and diplomacy related to eastern Europe:

Belarus generally garners little attention in the Western news media, and that includes this year’s curious rapprochement between the Trump administration and longtime Belarus dictator Alexander Lukashenka, an ally of Russian President Vladimir Putin. The Trump overtures even merited the appointment of a specific U.S. special envoy for Belarus, former Trump lawyer John Coale.

The result has been several major releases of Belarusian political prisoners in exchange for easing of sanctions — the husband of opposition leader in exile Sviatlana Tsikhanouskaya in June, a mass release of 52 prisoners in September and another of 123 in December, the latter of which included Nobel Peace Prize laureate Ales Bialiatski and opposition figures Maria Kolesnikova and Viktar Babaryka.

Despite the recent prisoner releases, Lukashenka (whose 2020 electoral “win” was widely recognized by impartial monitors as fraudulent) continues to play a double game, cracking down on dissent and jailing others, under conditions of abuse and torture, even amid the periodic releases.

Lukashenka has played the West off against Putin for decades, and he became an influential, though still minor, factor after Putin’s 2022 full-scale invasion of Ukraine, when the longtime Belarusian leader allowed Russian troops onto his territory for their military operations against Ukraine while at the same time declining to send his own forces to aid the Russians on the battlefield. There also have been persistent reports that Lukashenka allowed Russian nuclear weapons onto Belarus territory, and he played a role in the saga of the failed apparent coup against Putin by Wagner Group leader Yevgeny Prigozhin in 2023 that ended in his demise a few months later in a plane crash. Given this history, Lukashenka’s latest opening to the West merits a close watch as the United States seeks to broker a peace agreement to end Russia’s assault on Ukraine.

U.S.-Canada Tensions: More Than a Meme

While new U.S. alliances emerged in 2025, other longstanding partnerships faltered. Perhaps nowhere was this more evident than in diplomatic fractures that appeared between the United States and Canada, long one of the world’s most stable relationships.

Although President Donald Trump’s repeated suggestions to make Canada the “51st state” generated headlines, memes, and jokes, the absurdity of the situation itself became the story, obscuring a more consequential and potentially lasting geopolitical shift.

The Canadian public, already sensitive to issues of sovereignty and autonomy, increasingly viewed U.S. rhetoric as disregard for the bilateral relationship. In an Ipsos poll this fall, six in ten Canadians surveyed said they could never trust Americans in the same way again, while seven in ten anticipated similar trade and economic disputes between the countries for at least several years to come.

Despite these tensions, Canada and the United States continue to maintain productive diplomatic relations on issues like mutual defense under the North American Aerospace Defense Command and Arctic cooperation. However, Canada is also exploring new partnerships, including closer links to Europe. And while it has often followed the U.S. lead on foreign policy issues such as China, it may soon face new questions about whether to chart its own independent path in the new geopolitical landscape.

Latin America’s Rightward Swing

In Chile, a presidential candidate who openly praised former dictator Augusto Pinochet won with a tough-on-crime and anti-immigration platform. In Bolivia, after two decades of socialist rule, a centrist candidate triumphed, his closest opponent not from the left but from the right. In Argentina, libertarian President Javier Milei’s party enjoyed a “decisive” congressional elections win despite governing amidst continued economic turmoil, with voters apparently unconvinced they would fare better under left-wing policies.

Elections in Latin America in 2025 didn’t universally swing right; in Honduras, for example, left-wing incumbent President Xiomara Castro appears to have won against a Trump-backed challenger. (Author’s note, Dec. 26: In fact, conservative candidate Nasry Asfura was finally declared the winner of the Nov. 30 election on Dec. 24, with claims of irregularities still maintained from both sides.) But there was certainly an observable trend, as populist rhetoric, “law and order” pledges, and economic frustration seemed to fuel a shift toward more conservative or centrist candidates in a region where the left had done well in recent decades, and where right-wing governance had often been associated with the legacy of dictatorship.

But as a recent Foreign Affairs article observed, “the idea that the right is inherently or uniquely authoritarian has lost traction in today’s Latin America, where all three cases of clear-cut dictatorship are on the ideological left: Cuba, Nicaragua, and Venezuela.” Traditional left-wing promises of social progress appear to be less convincing to voters than frustration with the political establishment’s perceived failures to address crime and inflation.

High-profile elections in the region will continue in 2026, including in Peru, where one of the leading candidates is the daughter of former President Alberto Fujimori, who was convicted for human rights abuses from his time in power in the 1990s; and Brazil, where recent polls have the left-wing incumbent Luiz Inácio Lula da Silva ahead of potential rivals, including the son of imprisoned ex-president Jair Bolsonaro. But with the elections months away, much can still change.

The post Nine Stories That Deserved More Attention in 2025 – and Might Shape 2026 appeared first on Just Security.

This sends the wrong message to Beijing, as well as to U.S. allies in the Indo-Pacific caught in China’s cyber crosshairs. Trump’s new National Security Strategy (NSS) explicitly calls for burden-sharing, arguing that allies must “assume primary responsibility for their regions,” while the United States serves as a “convener and supporter” in regional defense. Backing away from sanctions after a major China-linked hacking campaign undercuts that logic: burden-sharing collapses if the United States is not willing to bear economic or political costs itself. If the world’s largest economy will not confront China’s cyber operations, how can it credibly ask Indo-Pacific allies — who have far less leverage over Beijing — to step up?

There is still time to recalibrate. To counter Beijing’s cyberattacks and operationalize burden-sharing, the United States must use its unique leverage to impose costs on China while enabling Indo-Pacific allies to lead cyber defense in the region.

Beijing Exploits Cyber Weakness Across the Indo-Pacific 

The U.S. intelligence community identifies China as the most persistent and active cyber threat to U.S. networks. In 2024, the Chinese state-sponsored hacking group Salt Typhoon carried out one of the most severe breaches of U.S. telecommunications companies. Just weeks before Trump met with Xi in October, the United States uncovered another major China state-backed cyber intrusion of the cybersecurity vendor F5, triggering an emergency directive from the lead U.S cyber agency. Yet, the cyber threat to Washington extends far beyond the homeland. China’s cyber operations have already infiltrated networks supporting U.S. forward deployed forces across the Indo-Pacific, targeted export controls on critical technologies, and spread disinformation campaigns designed to erode trust in U.S. alliances.

U.S. regional partners also bear the full brunt of Beijing’s cyber coercion. In Taiwan alone, China-linked hackers target critical infrastructure and government networks roughly 2.8 million times a day — a 17 percent jump from last year. Over the past five years, Chinese hacking groups have targeted Japan’s national security and critical technology data over 200 times.

Indo-Pacific cyber defenses are not keeping pace with threats from China. The region is experiencing rapid digitalization — often without matching investments in cybersecurity. In Southeast Asia alone, the digital economy could reach up to $1 trillion in gross merchandise value by 2030. This surge in connectivity is fueling growth, but it also expands the attack surfaces that state-backed hackers, and other malign cyber actors, can exploit — underscoring the urgent need for collective investments in cyber defenses.

The lack of cybersecurity personnel in the region emboldens Beijing’s hackers. When breaches occur, scant cyber workforces struggle to root out China’s hostile activity. Identifying the attackers takes weeks — if it happens at all — and allied cyber defense resources often arrive after the damage is done. The numbers are stark. There are only around 200 highly certified cybersecurity professionals in the Philippines, and Japan’s cyber workforce shortfall nearly doubled between 2022-2023. At the same time, China operates a hacking program larger than that of every major country combined.

Beijing’s economic leverage is also blunting efforts to counter China’s cyber operations. For example, the Philippines made no official attribution statement against its largest trading partner, China, when Beijing-backed attackers infiltrated the government and stole sensitive military data earlier this year. The same story plays out in South Korea, Japan, and Taiwan — leaders condemn cyber espionage in vague terms but hesitate to call out Beijing specifically when trade is on the line.

To counter Beijing’s cyber operations across the Indo-Pacific, Washington should lead its treaty allies in building a new “Cyber Shield” for the region. In this proposed framework, Washington would provide strategic capacity-building resources while allies commit to measurable investments in their own cyber defenses — enabling greater regional integration and capability to defend against cyber threats. This framework would also define options for a collective response to move away from ineffective, ad hoc reactions that only embolden China.

Toward an Indo-Pacific Cyber Shield

While an Indo-Pacific Cyber Shield will not stop Beijing’s cyber aggression, it will certainly raise the cost for China. The recommendations below operationalize the proposed Cyber Shield across three pillars — joint resolve, joint resources, and joint response.

Joint Resolve 

Countering Beijing’s cyber operations starts with conveying the joint resolve of the United States and its Indo-Pacific allies. Washington and its regional partners should issue a joint statement condemning China’s cyber activity and commit to a significant collective response if Beijing’s cyber operations continue. Such a statement would undercut Beijing’s denials of its cyber operations. It would also help signal resolve and bolster awareness by publicly highlighting Beijing’s hostile cyber operations. A joint advisory — issued by the FBI and European allies in August — offers a model to replicate. The United States and its allies should increase the cadence of these alerts following major China-backed infiltrations.

Joint Resources

Increasing joint cyber defense capabilities will be the most critical component of countering China’s cyber aggression. To operationalize the Cyber Shield, U.S. capacity building resources should scale with greater partner investments in cyber defenses. This reflects the National Security Strategy’s burden-sharing model in practice. Regional allies must improve the technical capacity to identify evidence of Chinese hacking when a breach occurs, quickly patch vulnerabilities, and bolster resilience of critical networks to thwart future intrusions. The United States is making important progress on cyber defense capacity building in the region. U.S. Cyber Command has deployed more than 85 times to over 30 countries in partner-enabled missions to hunt for hostile activity on networks. The U.S. Cybersecurity and Infrastructure Security Agency has also conducted several capacity-building exercises, including with Japan in 2024 on maritime cybersecurity.

For their part, Indo-Pacific allies and partners participate in multiple U.S.-led military exercises that have a cyber component, including the annual Cyber Flag exercise hosted by the U.S. Cyber Command. The United States has also prioritized negotiating an intelligence sharing agreement with the Philippines, and both countries approved a major intelligence sharing upgrade in 2024. The United States should leverage these engagements to share cyber threat intelligence and provide a clear roadmap for how allies can receive greater cyber defense support from Washington.

Critically, U.S. allies in the Indo-Pacific need to invest in their own cyber defenses. In exchange for access to U.S. cyber defense resources and information, allies should modernize military and intelligence cyber capabilities, upgrade and strengthen intelligence systems, and provide a clear legal pathway for U.S. Hunt Forward operations — defensive operations conducted by U.S. Cyber Command at the request of a host nation — to root out hostile activity on partner networks. Most importantly, allies should remove insecure ICT infrastructure, especially from companies like Huawei and ZTE, that pose a significant cyber espionage risk.

Joint Response

If a breach occurs, the United States and its regional allies must be ready to impose costs on Chinese state-backed hackers. In addition to bolstering domestic cyber defenses, the United States should develop a joint escalation ladder with its regional allies outlining a variety of responses to state-backed cyber aggression. The European Union’s Cyber Diplomacy Toolbox shows what a coordinated diplomatic response to malign cyber activity can look like. While U.S. Indo-Pacific allies are not as politically or institutionally integrated as the European Union, the region can apply similar tools while leveraging the multiple existing cyber coordination channels between the United States, Japan, South Korea, and the Philippines.

Legal action is an important but underutilized tool in the cyber context. The United States has indicted China-linked hackers multiple times, including two hackers linked to the Chinese Ministry of State Security in 2018, and employees of i-Soon — a company that carried out cyber operations on behalf of the Chinese government — last March. Indo-Pacific allies are beginning to take similar steps, albeit less frequently. In 2021, for example, Japanese law enforcement investigated a Chinese hacker over alleged involvement in cyberattacks on about 200 companies, including the Japan Aerospace Exploration Agency. The United States should work with Indo-Pacific allies to develop frameworks to prosecute China-linked hacking, especially for threat groups like Salt Typhoon, that target both the United States and the Indo-Pacific.

The Cyber Shield framework would also encourage its members to levy economic sanctions against known Chinese cyber threat actors. Despite the reported White House walk-back, the United States has sanctioned China-backed hackers multiple times, including Zhou Shuai, a Shanghai-based cyber actor, last March. Similarly, the United States, Australia, and the United Kingdom jointly issued sanctions against Aleksandr Ermakov, a Russian hacker who breached Australia’s largest private health insurance provider, in January 2024. The United States should coordinate similar sanctions regimes with its Indo-Pacific allies after significant cyberattacks, especially if the threat actor targets multiple allied countries.

Finally, the United States and its regional allies should prepare to respond with offensive cyber operations when necessary and legal to make China-backed hackers pay. Seoul and Tokyo are already honing their offensive cyber capabilities: South Korea’s 2024 National Cybersecurity Strategy calls for intelligence and military agencies to “preemptively and offensively respond to threats,” while Japan’s new active cyber defense legislation authorizes the neutralization of adversary servers. This further aligns Indo-Pacific allies with Washington’s Defend Forward cyber posture, which calls for disrupting adversary cyber threats before they reach domestic networks. The United States should take advantage of this alignment in strategy by prioritizing the development of joint offensive cyber capabilities during military exercises like Cyber Flags.

* * *

Without a new framework to counter China-backed cyber operations in the region, Beijing and other state-backed cyber groups will continue escalating their cyber operations to spy, steal, and sabotage with near impunity. A new Cyber Shield would translate the National Security Strategy’s burden-sharing concept to Indo-Pacific cyber defense, enabling allies to take greater responsibility in countering state-backed cyber threats. A Cyber Shield will not eliminate Beijing’s cyber intrusions, but it will finally enable the United States and its Indo-Pacific allies to act faster, coordinate responses, and impose costs on China.

The post America’s Cyber Retreat Is Undermining Indo-Pacific Security appeared first on Just Security.

To succeed in geo-economic competition with China, U.S. policy should seek to preserve asymmetric advantages by maintaining China’s reliance on U.S. products and technologies, while controlling access to the essential capabilities that secure America’s national security and economic edge. The challenge currently is that China isn’t playing Trump’s transactional game. While the Trump administration celebrates short-term deals, Beijing is executing a multi-decade strategy to dominate the semiconductor supply chain from raw materials to finished chips. Tufts University Professor Chris Miller has estimated that China has invested the equivalent of the entire U.S. CHIPS Act virtually every year since Xi made domestic semiconductor manufacturing a priority in 2014. The CHIPS Act allocated some $52.7 billion ($39 billion for manufacturing grants) for domestic semiconductor manufacturing. It was signed into law by President Joe Biden in 2022 but has been abandoned by the current administration.

When Trump decided to continue the Biden administration’s export controls on advanced chips earlier this year, Xi didn’t blink. Instead, he doubled down on the indigenous innovation programs that have allowed China to achieve breakthroughs that many in the United States thought were only possible in some distant future, such as 7-nanometer chips, considered the “entry point” for competitive AI, and carbon nanotube processors that could leapfrog silicon entirely, outperforming in scale, speed and efficiency.

Worse yet, this strategic drift is coming precisely when the U.S. semiconductor advantage faces threats from multiple directions: China’s accelerating innovation, allies’ frustration with inconsistent U.S. policies, and self-inflicted wounds from using the CHIPS Act as leverage for the government to muscle-in and take a position in private corporations.

The Worst of Both Worlds

The current U.S. government approach to semiconductor export controls embodies the worst of both worlds: undermining American companies’ competitiveness while failing to meaningfully slow China’s progress. Nvidia and AMD face billions in losses from restricted China sales, revenue that funds the research and development needed to keep the United States ahead. Meanwhile, Chinese firms smuggle restricted chips through shell companies, rent computing power from cloud providers, and innovate to get around U.S. restrictions with impressive speed. DeepSeek, a Chinese AI startup, in January 2025 released R1, an open-source research model roughly matching the capabilities of advanced models from OpenAI, Google, Meta, and Anthropic. The breakthrough demonstrated that Chinese companies can achieve efficient AI models, trained on fewer chips than American labs typically use, and demonstrated that hardware constraints can drive software innovation in ways U.S. tech companies have yet to match.

Meanwhile, U.S. policy has devolved into threats to withhold already-promised CHIPS Act grants to American companies, efforts to change deal terms after capital and investments were already committed, and suggestions that the government take an equity stake in companies or convert grants into government ownership. The wildly oscillating approach to export controls creates uncertainty not just for U.S. adversaries, but for American companies, which require predictability to plan and implement multi-billion-dollar, multi-year investments.

The solution requires a more sophisticated approach, exercising the tools the government has at its disposal to both work with and leverage the private sector to assure that the United States will maintain its technological lead for generations yet to come. Trump’s instinct to use semiconductor access as leverage isn’t wrong; it’s that the execution and approach thus far undermine the desired goal. Treating advanced chips as tradeable commodities that the United States can turn on and off based on soybean purchases or other short-term transactions fundamentally misunderstands what’s at stake. These are the chips that power artificial intelligence, quantum computing, and autonomous weapons systems, and it’s not an overstatement that the country that leads the world in AI will also have significant economic, military, and strategic advantages for generations to come.

A More Effective Strategy

A pragmatic, realistic approach would include:

First, control the tools, not just the products. As one analysis put it, “It’s much easier to control the fishing rod than the fish.” Semiconductor manufacturing equipment – the massive chip-making machines from companies like Netherlands-based ASML – represent the real chokepoint. These tools are produced by a handful of firms in countries that are U.S allies; unlike the chips themselves, they are impossible to smuggle; and they’re what China desperately needs to achieve true independence. By contrast, controlling finished chips forces constant policy updates as companies design around each new restriction.

Moreover, constantly shifting rules breed regulatory uncertainty that pushes customers toward Chinese alternatives. Nvidia’s H20 chip was designed specifically to comply with export restrictions, only to then be banned in April 2025, then unbanned months later with a 15 percent revenue-sharing requirement – only to then have the administration just last week lift restrictions on the even more advanced H200. Customers that rely on a predictable supply of chips and are watching this whiplash, many in China, now have every incentive to develop relationships with domestic Chinese suppliers like Huawei, whose supply won’t disappear based on Washington’s latest dealmaking.

The U.S. government needs to focus restrictions on where enforcement works and where partnership is deepest with other nations that share concerns about the malign effect of tech competition with China. Yes, some advanced chips should remain restricted for military applications, but the current approach of banning compliance-engineered chips goes beyond what is needed for security and may be actively counterproductive if the result is to drive Chinese innovation and independent manufacturing capability. U.S. policy should be torqued to restrict where it must but also to let American companies sell more chips where they don’t compromise fundamental advantages.

Second, make export controls a force multiplier, not a substitute, for American competitiveness. The CHIPS Act has spurred investments of tens of billions of dollars in domestic semiconductor capacity — investments that the “adjustments” introduced by the Trump administration threatens to undo. While there are certainly adjustments that can provide additional leverage, Congress and the administration need to refocus on accelerating and expanding investments. U.S. semiconductor companies also need to be able to generate revenues to fund next-generation research and development. That means expanding their access to markets in Japan, South Korea, Taiwan, and Europe to offset losses in China. U.S. companies need economies of scale to compete. While exports to certain markets and countries certainly require additional scrutiny, especially those with deep or longstanding economic ties with China, cutting them off from the world’s largest chip market without providing alternatives is strategic suicide.

Third, recognize that success requires leveraging U.S. alliances fully. The U.S. semiconductor advantage depends entirely on continuing cooperation with technologically advanced and like-minded countries that help support America’s competitive advantage in chips: Dutch lithography (to print the circuit patterns on the silicon at micro/nano scale), Japanese materials, South Korean memory, Taiwanese manufacturing. But the Trump administration’s single-minded pursuit of unilateral control, viewing partnerships as dependency and weakness when in fact they are a strategic asset, has both frustrated allies and left enforcement gaps that China can exploit. The United States benefits from multilateral arrangements with partners to share in the economic pain and required commitment to enforcement as well as to jointly reap the benefits of the strategic upside. The answer isn’t “join us or else.” U.S. economic statecraft and commercial diplomacy should be leveraged to streamline allied export controls, expand their CHIPS Act research access, and jointly develop next-generation technologies, including treaty-level commitments, not just ad hoc coordination shifting with each presidential tweet.

Fourth, accept that some technologies are too foundational for national security to treat them as just another trade variable. The most dangerous signal from the Trump-Xi meeting in Busan was the implication that advanced semiconductor access is negotiable based on agricultural purchases or fentanyl or other matters. While Xi surely suspected it before, he left Busan knowing that security-driven export controls and America’s technological edge are up for negotiation, if the price is right.

Finally, recognize that America’s technological leadership requires protecting the entire innovation ecosystem, not just products. Indeed, America’s advantage has long been in the complete innovation system — universities, capital markets, design tools, equipment expertise, and global talent. Government actions that hollow out or wreck this ecosystem, in whole or in part, create the risk of technological collapse. For the private sector, lost revenues mean cuts in R&D budgets, laying off engineers, and ceding market share to foreign competitors that face fewer restrictions. Export controls should protect core capabilities while enabling companies to maintain the scale and revenues that, in turn, fund continued innovation.

Not Too Late

The Busan meeting bought some temporary calm on rare earths and tariffs. But Xi achieved his objectives: he got semiconductor restrictions on the negotiating table, maintained his option to reimpose rare earth controls in a year, and watched the Trump administration signal that advanced chip access is negotiable rather than strategic — a bet that appears to have now paid off with the H200 decision. Thus far, Xi is thinking in five-year plans while Trump is thinking in tweets.

But it’s not too late. For all its other failings — and they are many — the Trump administration’s new 2025 National Security Strategy is right in maintaining that American leadership in advanced technology lies at the very heart of national security for the 21st century. And nearly at this Trump administration’s one-year mark, it’s likewise clear that if its ambitions for maintaining economic, commercial, and technological advantages are to be fulfilled, it needs to get much smarter about how it seeks to pursue its strategy. That means predictable investments in American research and manufacturing; targeting controls on manufacturing equipment where enforcement works and leverage with allies and partners is greatest; supporting semiconductor ecosystems in friendly nations rather than alienating them through policy chaos; and recognizing that foundational technologies should not be traded away for a hill of soybeans or self-interested revenue-sharing deals.

American technological leadership in the century ahead requires a strategy that is ruthlessly focused, multilaterally coordinated, and strategically disciplined. We know the answer. The question is whether this administration can summon the discipline to execute it.

The post Trump’s Chip Strategy Needs Recalibration appeared first on Just Security.

The post Just Security’s Artificial Intelligence Archive appeared first on Just Security.

Model weights and model outputs present fundamentally different challenges. Possession of the weights allows an adversary to deploy models without restrictions, modify them for malicious purposes, or study them to develop competing systems. But a foreign adversary doesn’t need to obtain model weights to benefit from a model’s capabilities; access to a publicly deployed model’s API or web interface may suffice to elicit controlled information. For instance, a user in a restricted destination could try to exploit a U.S. model to generate code for a missile guidance system or schematics for an advanced radar component. Model outputs thus represent a distinct national security challenge that persists regardless of whether any restrictions are placed on model weights.

Frontier models today can likely generate technical information controlled under the International Traffic in Arms Regulations (ITAR), which restrict defense-related technical data, and the Export Administration Regulations (EAR), which control dual-use technology. Yet these frameworks, designed for discrete transfers of static information between known parties, are ill-suited to govern AI systems that generate unlimited, dynamic outputs on demand for potentially anonymous users worldwide.

The agencies responsible for enforcing these controls—the State Department’s Directorate of Defense Trade Controls (DDTC) for the ITAR and the Commerce Department’s Bureau of Industry and Security (BIS) for the EAR—have yet to address this challenge with authoritative guidance. The result is a policy vacuum that serves neither national security nor economic competitiveness.

Why Export Controls Apply to AI Outputs

Can AI-generated outputs be subject to export controls? The clear answer under existing law is yes. The ITAR’s definition of “technical data” focuses on functional characteristics—information necessary for the design, development, operation, or production of defense articles—without regard to whether that information was produced by a human engineer, photocopied from a blueprint, or synthesized by an AI model. The EAR’s definition of “technology” similarly encompasses information necessary for development, production, or use of controlled items regardless of whether it was created by AI or humans.

This content-focused approach makes strategic sense. A detailed schematic for a missile guidance system would pose the same proliferation risk whether it appears in a leaked document or an AI chat window. The national security harm stems from the information itself, not how it was generated.

Testing by the Law Reform Institute confirms that this isn’t a hypothetical concern. Working with an ITAR expert who previously conducted commodity jurisdiction analyses for DDTC, we assessed whether publicly available frontier models could generate information that would likely qualify as ITAR-controlled technical data. Models from four leading U.S. developers were tested across several categories of defense articles on the ITAR’s U.S. Munitions List. Every tested model produced such information in at least one category. (The examples of defense articles noted elsewhere in this article are purely hypothetical. The particular categories tested by LRI are not being publicly disclosed to avoid providing a roadmap for circumventing ITAR restrictions.)

These tests had limitations—they established capability as a proof of concept rather than comprehensively benchmarking it, and items were not manufactured to verify the accuracy of the model outputs. Nevertheless, the results demonstrate that the problem already exists in a nascent form.

Additionally, the Law Reform Institute’s testing relied exclusively on straightforward queries, forgoing “jailbreaks” or other adversarial techniques used to circumvent any safeguards that may have been designed to prevent the models from assisting with these topics. A more determined adversary would likely extract far more, as the defenses typically built into publicly available models are porous. The National Institute of Standards and Technology (NIST) has warned that AI remains vulnerable to attacks, and researchers have found that professional red-teamers can bypass safety defenses more than 70 percent of the time. As Anthropic CEO Dario Amodei observed in April, the AI industry is in a race between safety and capabilities—one in which capabilities are currently advancing faster. Thus, if current trends continue, the controlled information that can be obtained from frontier models will likely increase in scope, sensitivity, and accuracy. 

The National Security Stakes

What could adversaries gain from ready access to AI-generated controlled information? Future AI models that may be capable of generating detailed technical data and technology—from specifications for advanced radar systems and guidance algorithms for precision munitions to semiconductor fabrication techniques and quantum computing processes—could help adversaries overcome technical barriers in both defense and dual-use technologies.

Perhaps most significantly, as these capabilities mature, an adversary would gain an on-demand technical consultant that can iterate on designs, troubleshoot problems, and provide explanations tailored to specific needs—a capability that poses a unique national security threat. And unlike traditional channels through which controlled information typically travels—traceable shipments, emails, or physical meetings—an adversary prompting a publicly available model leaves minimal independently discoverable forensic evidence.

Who Bears Responsibility for the Export?

One of the most fundamental questions in applying export controls to AI outputs is deceptively simple: who is the “exporter” when a model generates controlled information? This question matters because export control liability attaches to the party responsible for the export.

Under the EAR, the “exporter” is “the person in the United States who has the authority of the principal party in interest to determine and control the sending of items out of the United States.” While the ITAR doesn’t explicitly define “exporter,” the term appears throughout the regulations in contexts assuming the exporter is the person who controls and effectuates the export and is responsible for obtaining authorization.

In traditional scenarios, identifying the exporter is straightforward. When Boeing ships aircraft components to a foreign buyer, Boeing is the exporter. When an engineer emails technical drawings to an overseas facility, the engineer (or their employer) is the exporter.

But AI model outputs scramble this clarity. When a foreign national in China prompts an American AI model to generate controlled technical data, who exported the data? The foreign user can’t be the exporter—that person is the recipient whose access triggers export control requirements. As a practical matter, the most defensible analysis is that the company that developed and deployed the AI system and gave the user access should be considered the exporter—at least for closed-weight models where the developer and deployer are the same entity. (Open-weight models—which allow users to download the full model to modify and run locally—raise distinct issues beyond this article’s scope.)

Such entities have the authority “to determine and control” the export, even if that control is imperfect. As with other software tools, developers and deployers decide whether to implement technical safeguards, screen users, or restrict access to prevent controlled outputs—and are thus uniquely positioned to take actions to mitigate national security harms before making the system accessible. Moreover, under the strict liability standard applied to civil export violations, even a user “tricking” a model via a jailbreak would not automatically absolve the developer of liability for the resulting unauthorized export.

This assessment has profound implications. Absent contrary guidance from DDTC or BIS, AI companies that deploy models capable of generating controlled information likely bear export control compliance responsibility—whether or not they intended their models to have such capabilities, and regardless of how users employ the systems. These companies may therefore already be “exporters” subject to ITAR and EAR requirements.

Why the “Public Domain” and “Published” Exclusions Don’t Always Apply

Both the ITAR and EAR contain exclusions for information that is in the “public domain” or that is “published.” These carve-outs exist because controlling widely available information would be futile and restrict legitimate research and public discourse. Because frontier AI models are generally trained on large datasets that include publicly available data from the internet, many model outputs will often reproduce public information and qualify for these exclusions. At first glance, this might seem to largely resolve the AI outputs problem. But these exclusions don’t always apply to AI-generated outputs for three reasons.

First, frontier AI models can synthesize novel information from disparate sources rather than simply reproducing existing data. They can generate combinations, insights, and emergent knowledge in response to user queries—synthesizing previously dispersed public information into structured guidance, or extrapolating beyond it, to create new controlled information absent from any single training source. As OpenAI’s CEO, Sam Altman, explained, such models function as “a reasoning engine, not a fact database”—they analyze and combine information rather than merely retrieve it. Because they can synthesize information to produce controlled data that never existed in published form, their outputs don’t necessarily constitute “public domain” or “published” data.

Second, the regulatory frameworks impose specific requirements for information to qualify as “published” or “public domain.” The ITAR’s “public domain” designation depends on dissemination through specific enumerated channels, such as sales at bookstores, availability at public libraries, or fundamental research at universities that is ordinarily published. The EAR’s “published” exclusion is broader, encompassing information that is publicly available without restrictions upon its further dissemination, including websites available to the public. Not all training data may meet both standards—and information that qualifies under the EAR’s broader exclusion may still fail to qualify under the ITAR.

Third, AI model outputs don’t automatically qualify as “published” or “public domain” simply because a publicly available model generates them. Both the ITAR standard (“generally accessible or available to the public”) and the EAR standard (public availability “without restrictions upon its further dissemination”) require broad public distribution. When an AI system generates a response to a particular prompt, it creates individualized content for a specific recipient, not publication to an unlimited audience. 

The Core Compliance Problem

These legal complexities culminate in an acute practical challenge. Determining whether information qualifies as ITAR- or EAR-controlled typically requires expert analysis—hours of work parsing technical details against regulatory criteria. The analysis also depends on knowing the recipient’s nationality and location, since export control requirements vary by destination. A transfer to a Canadian citizen in Canada may require no license; the identical transfer to a South African national in the United States may trigger “deemed export” controls; the same transfer to a Russian national in Russia may be prohibited entirely.

An AI model generating responses to prompts lacks reliable access to this critical information. Users can falsify location data and obscure their identity. Even if a model attempted real-time export control classification of its own outputs, it would need to verify information that users have every incentive and ability to misrepresent. And the model would need to determine whether its synthesized output qualifies for the “public domain” or “published” exclusions—an analysis requiring judgment about whether the specific output existed in prior publications or constitutes novel controlled information.

AI developers do of course implement safeguards to prevent harmful outputs—including refusals for dangerous queries and content filtering systems. Whether or not these measures take export control classifications into account, they face fundamental challenges. Current safety systems may block obvious requests for bomb-making instructions, but they may struggle to detect the risk of generating controlled technical data when the request is masked by adversarial prompting or embedded in benign contexts (e.g., coding assistance or creative writing). Furthermore, they lack the technical and legal frameworks to systematically identify and prevent ITAR- or EAR-controlled outputs across all technical domains. Export control determinations require analyzing the intersection of technical specifications, regulatory classifications, recipient characteristics, and public domain status—a level of contextual judgment that current automated systems cannot reliably perform.

AI developers thus face a trilemma. First, they cannot reliably conduct real-time export control determinations. Users can misrepresent critical information, safety filters are imperfect and can be circumvented, and assessing the “public domain” and “published” exclusions requires individualized assessment. Second, they cannot implement blanket restrictions without crippling their models’ utility. And third, they cannot simply deploy models without controls and risk violating export regulations for which they may be held legally responsible.

The scope of the second option—blanket restrictions—reveals why it proves unworkable. Given the breadth of ITAR and EAR controls, which collectively span aerospace, defense, advanced manufacturing, emerging technologies, and dual-use items, comprehensive restrictions would undermine the use of cutting-edge tools for legitimate research, education, and commercial development.

Consider the strategic implications. If U.S. companies deploy frontier models that are hobbled by overbroad restrictions while Chinese labs like DeepSeek and Moonshot operate without comparable export restrictions, American competitiveness suffers without corresponding national security benefit. The EAR recognizes this dynamic in its foreign availability provisions, which allow BIS to remove or modify controls when comparable items are available from foreign sources. But these provisions only apply to specific items assessed case-by-case—they were never designed to address foreign AI models capable of generating new export-controlled information across multiple regulatory classifications.

 Managing Deemed Export Risks for Internal Models

While public-facing models present the most visible challenge, AI labs also face deemed export risks from internal model use by employees. As models are being developed, and as they are deployed internally within labs prior to public release, they may lack the safety guardrails eventually built into public versions. Internal models may also be more capable than their public counterparts. If foreign national employees—who represent a substantial portion of the U.S. AI workforce in key technical fields—use these internal systems and elicit ITAR- or EAR-controlled outputs, deemed export violations could occur.

This internal challenge, however, has an established compliance mechanism, even if the technical implementation requires adaptation. AI labs can implement Technology Control Plans (TCPs)—the same framework used successfully across research universities, national laboratories, and the defense industrial base. A robust TCP for AI development would include comprehensive logging of internal model interactions, personnel screening protocols, and information security measures protecting digital access. Additional components would encompass physical security controls, employee training on export controls, and regular compliance audits. These measures, standard in industries handling controlled technology, can substantially reduce deemed export risks without excluding the international talent critical to U.S. AI leadership.

 Why Government Engagement Is Essential

The challenges outlined above aren’t problems that AI developers can solve independently. Export controls exist to protect national security interests—a fundamentally governmental function requiring government leadership. Current policy effectively delegates this responsibility to private companies, asking them to navigate—without guidance—through a regulatory regime designed for an entirely different technology paradigm.

This approach carries real risks. Without authoritative guidance, labs face difficult choices between potentially violating export controls or implementing restrictions that degrade model utility. Some may adopt conservative approaches that limit innovation; others may take permissive stances that risk proliferation. This fragmentation serves neither national security nor competitiveness.

The stakes will only rise as capabilities advance. Today’s frontier models represent merely the beginning of what AI systems will be able to generate. And the scenarios explored here—closed-weight models deployed by U.S. developers—represent only one configuration. Open-weight models that allow for independent modification and deployment, U.S. cloud platforms hosting foreign-developed models, and cross-border collaborative development each raise distinct and complex export control questions. As models become more capable, the shortcomings of existing export control frameworks will be magnified absent active government engagement.

As we argue in a recent paper, the U.S. government needs to undertake a serious reassessment of how export controls apply to AI model outputs. The government should take a risk-based approach, focusing regulatory resources on the most security-sensitive domains, rather than attempting comprehensive control across all technical fields. Given that safety filters can be circumvented, a regulatory approach demanding zero-failure compliance for all controlled data is likely unachievable. Instead, compliance expectations must be calibrated—more stringent for the most sensitive technologies, more flexible for broader categories of dual-use items. Additionally, when evaluating whether U.S. models genuinely threaten national security by generating outputs that are currently export controlled, the government needs to account for the “foreign availability” of comparable capabilities in non-U.S. models. Developers should be given incentives to implement robust internal controls and work collaboratively with government to identify and address these high-priority risks.

Regulatory agencies like DDTC and BIS, drawing on the strategic assessments of the defense and intelligence communities and the technical expertise of bodies like NIST, possess the institutional knowledge to assess these tradeoffs. They can evaluate model capabilities against adversarial testing, analyze national security implications holistically, and develop compliance approaches that protect security without unnecessarily constraining innovation. But they must treat AI model outputs as an urgent policy priority—dedicating resources to understanding specific AI systems, engaging with developers and deployers, and adapting frameworks to address challenges current rules never contemplated.

The conversation about AI and national security must expand beyond semiconductors and model weights to encompass the outputs those technologies enable. DDTC and BIS have successfully adapted export controls to previous technological disruptions—from cryptography to additive manufacturing—and AI model outputs present the next adaptation challenge. The agencies possess the institutional knowledge to develop workable solutions, but doing so will require sustained attention and a willingness to rethink frameworks built for an earlier technological era. The race between safeguards and capability improvements is already underway; U.S. regulatory frameworks must move fast enough to keep pace.

The post AI Model Outputs Demand the Attention of Export Control Agencies appeared first on Just Security.