Unceasing attacks came from governments, including the most powerful, as well as from the private sector and non-state groups, pushing agendas in opposition to human rights. Many of these assaults are amped up by technology, with the methods and means becoming ever cheaper and ever more accessible to the masses.

An annual analysis from the Dublin-based international rights group Frontline Defenders paints a devastating picture of killings, arbitrary detention, surveillance, and harassment. CIVICUS, an organization that measures civic space (defined as “the respect in policy, law and practice for freedoms of association, expression and peaceful assembly and the extent to which states protect these fundamental rights”), documented declines in 15 countries and improvements in only three. The location and nature of the drops were diverse, taking place from mature democracies such as the United States, Germany, France, and Switzerland, to authoritarian regimes such as Burundi and Oman, and including countries in crisis and conflict such as Sudan and Israel. Some types of human rights were uniquely politicized and singled out in 2025, including women’s rights and environmental rights. Freedom House recorded the 19th straight year of declines in global freedom.

All this is compounded by an unprecedented slash-and-burn to international aid budgets for organizations and individuals working on human rights worldwide. The Human Rights Funders Network of almost 450 institutions across 70 countries estimates that by 2026, human rights funding globally will experience a $1.9 billion reduction compared to levels in 2023.

Taken together, this makes the world more dangerous than ever for human rights defenders and they have fewer resources at their disposal to combat the threats.

In 2026 and moving forward, two crucial questions arise for the defense of human rights globally. First, who will do the work of fighting to protect and advance human rights in the year ahead, and second, how can those in the international community still fiercely committed to human rights support them? These questions will be shadowed by another trend: impunity. Yet, at the same time, lessons and a few positive developments from 2025 can guide human rights defenders on how to seize opportunities in the coming year, beginning even this month at the United Nations.

The Earthquakes of 2025

Eviscerating Democracy, Human Rights, and Governance Assistance

In the United States, 2025 began with the newly inaugurated Trump administration dismantling the U.S. Agency for International Development (USAID) and canceling approximately 85 percent of its programming (from a budget of more than $35 billion in the fiscal year ending in September 2024). The gutting eliminated hundreds of millions of dollars of support for those working to protect human rights and expand freedom and democracy around the world. The State Department’s grantmaking efforts were similarly cut, with more than half of its awards canceled, including programs directly supporting human rights defenders such as one initiative providing emergency financial assistance to civil society organizations and a fund to promote human rights and democracy and respond to related crises.

Most other major donor countries followed suit, though not with the same sweep or to nearly the same degree. Canada said it would reduce foreign aid by $2.7 billion over the next four years, the Dutch announced structural spending cuts of € 2.4 billion on development aid starting in 2027, and the European Union announced a €2 billion reduction in its main mechanism for development aid for 2025-2027. Multilateral funders were not immune to the trend: the United Nations, for one, will see major budget and staffing cuts for human rights in 2026.

The U.S. retreat from foreign assistance rapidly impacted all development sectors, from health, to education, to humanitarian assistance, but no sector was targeted with such enmity as that of democracy, human rights, and governance. Advocates and implementers saw not only the dire resource clawbacks discussed above, but also found themselves tarred by a steady diet of derisive commentary from the very policymakers doing the cutting.

Secretary of State Marco Rubio, who, once championed human rights and democracy “activists” as a U.S. Senator, even serving on the board of the democracy-promoting International Republican Institute before the administration eliminated the congressional funding that supported it. He once told a crowd at the Brookings Institution “[f]oreign aid is a very cost-effective way, not only to export our values and our example, but to advance our security and our economic interests.”

But as secretary of state, he abruptly reversed course, writing last April that the State Department unit overseeing civilian security, human rights, and democracy had “a bloated budget and unclear mandate,” and that its “Bureau of Democracy, Human Rights, and Labor had become a platform for left-wing activists to wage vendettas against `anti-woke’ leaders in nations such as Poland, Hungary.” Other members of the administration were similarly sharp-tongued about the sector, with now-former USAID Administrator Pete Marocco conflating the promotion of “civic society” with “regime change” in official court documents and President Donald Trump himself referring to USAID’s leadership as “radical lunatics.”

The rhetoric mirrors similar language used by authoritarians across the globe who have long been opposed to foreign assistance for democracy, human rights, and governance work, and it has real-world consequences for those advocating for human rights and freedom. Leaders of multiple countries have seized on the words of the Trump administration to launch spurious investigations of human rights defenders and other civil society activists who had received U.S. funding.

Closing Civic Space and New Technology

Closing civic space is not a new threat to human rights defenders, but it is one that has reached a fevered pitch in the last few years. This has included both an increase in traditional attacks and a greater reliance on new tactics for suppression, especially in the digital sphere.

Nearly 45 percent of all civic space violations CIVICUS recorded for its annual analysis were related to the freedom of expression. The organization documented more than 900 violations of the right to peaceful assembly and more than 800 violations of freedom of association. The most frequent examples were detentions of protesters and journalists, followed by the detention of human rights defenders outside the context of a protest or journalism, merely for doing their work.

Authoritarian regimes also have become ever more adept at utilizing the digital space for repression. Tactics such as doxing, censorship, smearing, and online harassment are important tools in an authoritarian approach. They have been supplemented in recent years by less evident tactics such as shadow-banning, which the CIVICUS analysis defined as when “a platform restricts content visibility without notifying the user,” allowing the platform to maintain an appearance that it is neutral.

Women rights defenders face additional risks online, including technology-facilitated gender-based violence: In a global survey by the Economist Intelligence Unit, 38 percent of women reported personal experience with violence online, from hacking and stalking to image-based sexual abuse.

Attacks in the digital space often are also connected with or fuel physical attacks, “including killings, enforced disappearances, arbitrary detention and harassment,” as Frontline Defenders reported in its analysis. Tunisia is paradigmatic. Amnesty International reported that, beginning in 2024, a “wave of arrests followed a large-scale online campaign…which saw homophobic and transphobic hate speech and discriminatory rhetoric against LGBTI activists and organizations spreading across hundreds of social media pages, including those espousing support for the Tunisian President Kais Said. Traditional media outlets also broadcast inflammatory messages by popular TV and radio hosts attacking LGBTI organizations, calling for their dissolution and for the arrests of LGBTI activists.” 

What to Expect for Human Rights in 2026 

The absence of meaningful and unified international pushback to human rights abuses by some of the world’s most powerful nations means the rights-based international system will continue to face unprecedented attacks, and the challenges that rights defenders face in the year ahead are likely to increase in number and intensity. Authoritarians worldwide have monitored the assault against human rights in the past year — from genocide in Gaza to the crackdowns on protesters in Tanzania to restrictions on freedom of association and expression in El Salvador and so many more instances — and they have learned that they are unlikely to be held accountable internationally in the near term.

Yet despite these challenges, a few developments in 2025 offer some reasons for optimism in the year ahead. Several large-scale, youth-led movements in 2025 held their governments accountable for rights violations, from the July Revolution in Bangladesh that ousted an abusive prime minister to the Gen Z protests in Kenya over economic conditions and government corruption, a protest moniker that spread to other countries as well.

Some governments passed rights-protecting laws, from Thailand’s legalization of same-sex marriage to Colombia’s laws preventing child marriage. Courts stood up for human rights and held perpetrators to account, from the International Criminal Court’s conviction of Sudan’s Ali Muhammad Ali Abd-Al-Rahman for war crimes and crimes against humanity to the U.S. conviction of The Gambia’s Michael Saang Correa for torture, to the symbolic judgment of the People’s Tribunal for Women of Afghanistan. These trends are likely to continue in 2026, despite the challenges, because courageous human rights defenders are using every avenue to fight for rights.

This year will also bring targeted opportunities to continue the fight for human rights. A preparatory committee for a proposed international crimes against humanity treaty begins work this month at the United Nations. Also at the U.N., this year’s Universal Periodic Reviews, a regular peer review of countries’ human rights records, will focus on some of the world’s worst rights offenders — including Sudan, Eswatini, and Rwanda — as well as countries with highly mixed records. These reviews provide an opportunity for the world to examine, publicly and critically, the rights records of all 193 countries and for victims and activists to share their stories and insights. While the United States has not submitted its self-evaluation due late last year, the process continued with the usual submissions from the U.N. and others.

Creative activists also are likely to use prominent events, such as the 2026 Olympic Games, to push for the expansion and recognition of human rights. They can take the opportunity of the United States’ 250th anniversary celebrations to highlight and internationalize the country’s founding principles of life, liberty, and the pursuit of happiness, as well as the requirement that all governments “[derive] their just powers from the consent of the governed.”

Who Will Lead the Fight for Human Rights in 2026? 

As many governments pull back and even attack human rights, the work of human rights defenders and organizations will become more critical than ever. Some of them have been leading the fight for decades, including leading international NGOs, national organizations, networks, and prominent individual leaders. Others have done critical human rights work but haven’t labeled themselves as rights defenders, such as organizations providing access to clean water, supporting girls’ education, or working to prevent violent conflict.

Many work at the community level, alongside neighbors and friends, with human rights defenders networks around the world, from the Mozambique Human Rights Defenders Network to Somos Defensores in Colombia. Some are in exile, fighting for rights in their home countries and for refugee and diaspora communities, like the brave Afghan women who organized a landmark People’s Tribunal in 2025 to expose rights violations against women. Others are professionals whose skills directly relate to human rights — lawyers, judges, journalists, and more. They include people like the brave journalists who continue to report on the context in Gaza, despite the incredible risks, and the Burmese lawyers who continue to document rights violations. Some are individual activists, using their platforms and skills to protect rights and call attention to attacks against them, like Iranian Nobel laureate Narges Mohammadi who was recently detained alongside other rights defenders while attending a memorial service for a human rights lawyer. Some are informal coalitions, student and youth groups, or protest participants — social movements have been and will be an essential component of the fight for human rights. All of these actors play a critical role in the human rights ecosystem. All of them are human rights defenders.

Aid funding cuts have devastated civil society organizations and will continue to impact human rights advocates. A survey by the International Foundation for Electoral Systems and International IDEA of 125 civil society organizations based in 42 countries found that 84 percent of respondents had lost funding due to U.S. and other countries’ aid cuts, with the same number expecting further cuts in 2026. UN Women reported that more than one in three women’s rights and civil society organizations have suspended or shut down programs to end violence against women and girls and more than 40 percent have scaled back or closed life-saving services. The philanthropic organization Humanity United found that 44 percent of peacebuilding organizations that it surveyed would run out of funds by the end of 2025.

These cuts will only be amplified as time goes on, as fewer young people can become human rights professionals while managing to put food on the table, as legal cases that take years to process aren’t filed for lack of funding, as human rights abuses aren’t documented, as the attacks from authoritarian regimes go unchecked. Shrinking development budgets will no longer provide similar levels of support to courts and anti-corruption bodies that human rights defenders have traditionally approached to pursue justice or for support hotlines where ordinary people can call in anonymously to report abuses at the hands of security forces. Such foreign assistance enabled vital avenues of accountability, but also signified solidarity, that at least some political decisionmakers both at home and abroad believed in human rights and supported those working to deepen and protect them.

But despite the myriad challenges, there will be human rights defenders who continue to fight the fight. For many, changes in funding or the withdrawal of political top-cover won’t stop them from finding avenues. One need only look at Iran’s protests today, where thousands of people are exercising and demanding their human rights amidst a brutal crackdown, internet blackout, and without international funding. Rights defenders have been doing a lot with a little for many years. Some — especially women, youth, Indigenous people, and disabled defenders — have often been excluded from human rights funding and support in the past. A new generation has seen the horrors of Gaza, El-Fasher, eastern Ukraine, or even around the corner from their home, in the news and online, and they have committed themselves to social justice and the prevention of atrocities.

Human rights has always been a universal endeavor which has required diverse supporters, advocates, and allies – this is true now more than ever.

How Can the International Community Support? 

Even those governments and institutions that continue to lead in supporting human rights internationally will need to do more with less, as the above-outlined cuts exemplify, to support those on the front lines. This is the chance to shift “localization” – the practice of funding local civil society organizations directly and based on their priorities, rather than via large overhead-requiring NGOs funded by donor countries — from an ideal to a necessary strategy. A grant of $20,000 may not keep a major international organization online, but it can fund a community-based service provider. Donors can integrate a rights-based approach across portfolios instead of siloing the issue, integrating human rights goals and strategies into other foreign policy initiatives. For example, companies can integrate human rights efforts and measurements into their supply chains for products from batteries to chocolate, producing products they would already produce but in a way that advances human rights as well. Military operations can add human rights and gender considerations with little cost but potentially huge impact. This requires training, tools, and high-level political will to succeed. And they can continue to advocate for rights and use diplomatic pressure and support as key tools.

The elephant in the room is the United States. The Trump administration not only is backtracking on the traditional U.S. commitment and values of democracy and human rights internally and internationally but also has sought to hamper others in funding such initiatives. But there are still important steps that can be taken to protect human rights. Congress must do its job and provide oversight, holding the administration accountable to the laws that protect this important work. Members should speak out against injustices and rights violations, at home and abroad. Rep. Chris Smith (R-NJ), for example, has played a key role in the Tom Lantos Human Rights Commission, calling out rights abuses in places like Turkey, and Rep. Tim Kennedy (D-NY) led a congressional letter to the Department of Homeland Security urging the Trump administration to overturn its decision to terminate Temporary Protective Status for Burmese people.  State governments have always played a key role in advancing rights, and this will become more critical than ever.

Foreign governments that have engaged on human rights issues but haven’t been the largest international donors or advocates will be particularly important. Some of them are stepping up already. Examples include Japan playing a leading role in advancing women’s issues, South Africa and Gambia taking cases to the International Court of Justice accusing Israel and Myanmar, respectively, of violating the Genocide Convention, and Ireland continuing its steadfast allyship with human rights defenders.

Now is the time for committed countries around the world to continue to demonstrate the global nature of this agenda, set out more than 75 years ago in the Universal Declaration of Human Rights and reinvigorated by 18 international human rights treaties.

Philanthropy and the international private sector will be more essential than ever in 2026.  Foundations cannot offset the huge funding gaps left by governments and multilateral donors — total U.S. philanthropic giving is about $6 billion per year, whereas U.S. overseas development assistance alone in 2023 accounted for $223 billion — but they can provide strategic investments that help protect rights and those defending them, amplify their voices, fund innovative new approaches, and help the ecosystem survive. Philanthropies around the world provided nearly $5 billion in human rights support globally in 2020 alone, and their funding is critical for many organizations.

Companies have their own role to play, one that includes but goes well beyond corporate social responsibility, from responsible tech and AI to eliminating forced labor from supply chains to hiring diverse employees. The private sector has a unique opportunity to ensure that human rights remain on the global agenda, because there is a strong business case in favor of human rights protections and alliances with those who truly understand the needs and wants of local populations. A great example is the effort by numerous auto and electronics companies to move away from cobalt batteries, both a recognition of the horrible rights violations facing individuals and communities around cobalt mines in the Democratic Republic of Congo and a recognition that this move is also better for business due to supply chain volatility.

Defending against challenges to human rights, democracy, and good governance in 2026 and beyond will require creativity and broad coalition-building across sectors that too often are siloed, such as health, peacebuilding, humanitarian assistance, and the field of democracy, human rights, and governance. Everyone who does not traditionally think of themselves as a human rights defender, from government officials to the private sector, will need to step up to support those on the frontlines of the fight to defend human rights.

The post Who Will Stand Up for Human Rights in 2026 – and How? appeared first on Just Security.

The catalog below organizes our collection of articles primarily about the war into general categories to facilitate access to relevant topics for policymakers, researchers, journalists, scholars, and the public at large. The archive will be updated as new pieces are published.

We welcome readers to use this catalog to follow the unfolding situation and generate new lines of analysis. To search headlines and authors, expand one or all of the topics, as needed, and use CTRL-F on your keyboard to open the search tool. The archive also is available in reverse chronological order at the Russia-Ukraine War articles page.

The post Just Security’s Russia–Ukraine War Archive appeared first on Just Security.

For years, experts have warned that agentic AI would allow even unsophisticated nation-states and criminals to launch autonomous cyber operations at a speed and scale previously unseen. With that future now in reach, policymakers and industry leaders must follow a two-pronged strategy: ensuring that organizations have access to fit-for-purpose cyber defenses and managing the proliferation of AI capabilities that will allow even more powerful cyber operations in the future. Both steps are important not only to safeguard U.S. networks, but also to solidify U.S. technical leadership over competitors such as China.

How the Cyber Campaign Worked

In a detailed report, Anthropic assessed with high confidence that a Chinese state-sponsored group designated as GTG-1002 used its Claude Code model to coordinate multi-staged cyber operations against approximately 30 high-value targets, including technology companies, financial institutions and government agencies. The campaign produced “a handful of successful intrusions.” The hackers circumvented safety features in the model, breaking the workflow into discrete tasks and tricking Claude into believing it was helping fix cybersecurity vulnerabilities in targeted systems.

Humans provided supervision and built a framework that allowed Claude to use open-source hacking tools to conduct the operations. But Claude “executed approximately 80 to 90 percent of all tactical work independently” — from initial reconnaissance and vulnerability identification to gaining access to targeted systems, removing data, and assessing its value. Automation allowed GTG-1002 actors to achieve an operational tempo impossible for human operators; its “peak activity included thousands of requests, representing sustained request rates of multiple operations per second.”

Some outside researchers have questioned the effectiveness of this campaign, pointing out that Claude hallucinated about data and credentials it claimed to have taken. Some also noted the low quality of AI-generated malware. But this is only the beginning. As AI models become more powerful and ubiquitous, the techniques this campaign demonstrated will only grow more sophisticated and accessible. The question is who adopts them next and how quickly.

AI is Empowering U.S. Adversaries

Anthropic’s attribution of this campaign to Chinese state-sponsored actors grabbed headlines at a time of rising geopolitical tensions and high-profile Chinese cyber operations targeting U.S. telecommunications networks and critical infrastructure.

China has a large ecosystem of state-affiliated hacker groups that operate at scale. These groups function essentially as businesses, broadly targeting organizations in the United States and other countries and then selling stolen information to government and commercial customers. GTG-1002’s approach — targeting 30 organizations, gaining access and exfiltrating data where possible — fits this model perfectly. For a high-scale hacking enterprise, using AI automation to increase efficiency is a natural evolution. It is what every business is trying to do right now.

At the same time, the campaign relied on open-source, relatively unsophisticated hacking tools. Any resourceful adversary — Russian cyber criminals, North Korean crypto currency thieves, Iranian hackers — could conduct similar campaigns using advanced AI models. Many of them probably are right now. What was novel was the operational tempo — Claude Code executed reconnaissance, exploitation, and data analysis at a pace no human team could match.

The key takeaway is that adversaries everywhere now have the ability to conduct high-speed, high-volume hacks. Unfortunately, cyber defenders are not prepared to meet this challenge.

AI and the Cyber Offense-Defense Balance 

Cybersecurity has long been a competition between offense and defense, with the offense having the edge thanks to the large attack surfaces produced by modern networks. While defenders must work to patch all vulnerabilities to keep the hackers out, the offense just needs to locate one entry point to compromise the defenders’ systems. Cybersecurity experts are concerned that AI-enabled automated operations, like the one uncovered by Anthropic, will further tip the balance by increasing the speed, scale, and persistence of hacks.

At the same time, AI holds the potential to address many long-standing cybersecurity challenges. AI-enabled testing can help software developers and infrastructure owners remediate vulnerabilities before they are exploited. Managed detection and response companies have touted their use of AI to reduce incident investigation time from hours to minutes, allowing them to disrupt ongoing operations and free up human analysts for more complex tasks. When layered and done right, these solutions can give defenders a fighting chance at keeping up with the new speed and scale of offense — but only if they are widely adopted.

For years, criminals have targeted “cyber poor” small businesses, local hospitals and schools because they are less able to purchase state-of-the art defenses to keep hackers out and less able to resist ransom demands when criminals get in. To ensure these organizations are not overwhelmed by the new pace of AI-driven hacking, organizations will need to adopt newer, high-speed defensive tools. Increased automation will make these tools cheaper and more accessible to those with limited cyber defenses. But it is hard to imagine how this will happen domestically without more funding and targeted efforts to raise cybersecurity standards in key critical infrastructure sectors — at a time that the Trump administration is cutting back on U.S. cyber investments.

The same resource divide exists internationally, where middle and lower income countries are at risk of crippling cyber incidents because they lack resources for basic defenses. It will take concerted international engagement and capacity building to ensure countries can keep pace with new threats, but it is in the United States’ interests to help them do so.. As the United States and China compete to promote global adoption of their technology ecosystems, developing countries in particular are looking for solutions across the full technology stack. AI-enabled cyber defenses — offered individually or baked into other services — can strengthen the United States’ appeal as a technology partner.

When AI Competition Meets Proliferation Risks

In addition to strengthening cyber defenses, it is also important for policymakers and industry leaders to reduce the risk that AI systems will be exploited to orchestrate cyber operations in the first place. GTG-1002’s activities were only discovered and stopped because hackers used a proprietary model; Anthropic had visibility into the groups’ activities and could cut them off, once discovered.

The good news is that companies like Anthropic, OpenAI and Google can learn from malicious use of their models and build in stronger capabilities to detect and block future incidents. Athropic’s transparency in the GTG-1002 case helps build muscle memory so that companies can work together to prevent similar incidents in the future (though some experts argue Anthropic could have gone farther in explaining how the operation worked and sharing actionable details, like sample prompts). The bad news is that as open-source models like China’s DeepSeek improve, malign actors will not need to rely on proprietary models. They will turn to open source models that operate with limited or no oversight.

This is a place where tensions between U.S.-China AI competition and cybersecurity meet. Both countries are competing across multiple dimensions to become the world’s AI leader. U.S. companies — including Google, Microsoft, OpenAI, and Anthropic — have the edge when it comes to the raw capability of their proprietary models. Chinese AI companies (and some U.S. ones, too) have pressed ahead with the development of lower cost, open-source models that are more easily accessible to users in developing countries in particular.

The economic, political, and national security stakes for this competition are enormous.  To ensure the United States maintains a competitive advantage, the Trump administration has sought to reduce AI safety requirements. But if this campaign is a sign of what is to come, both the United States and China should have an interest in preventing the models their companies create from being exploited by criminals, terrorists, and other rogue actors to cause harm within their territories.

The Trump administration’s AI Action Plan calls for more evaluation of national security risks, including cyber risks in frontier models. The question is what additional safeguards need to be put in place to reduce this risk, which incentives are needed, and how to build consensus on such standards internationally.

What Must Be Done Now

It is impossible to stop AI-driven campaigns. But policymakers and industry leaders can still strengthen cyber defenses to mitigate risk. This requires incentivizing development of AI applications that enable secure software development, improved penetration testing, faster threat detection, and more efficient incident response and recovery. Funding and concerted engagement by government and private cybersecurity experts will be needed to support adoption among cyber-poor providers of critical services, like hospitals and schools.

It also requires strengthening safeguards to make it harder for bad actors to weaponize easily accessible AI models. Ideally, the United States would do this in parallel with China requiring increasing safeguards in its own models. (Otherwise, the administration’s recent decision to sell more powerful chips to China will allow China to produce more unsafe models, and faster.)

Regardless, the United States must continue efforts within its own AI safety community to identify and mitigate misuse of U.S. models. Transparency about incidents like this one is a good place to start. But to stay ahead of the threat, companies and researchers should be further encouraged to share information about risks, improve testing standards, and develop mitigations when bad actors circumvent safeguards.

The post The Era of AI-Orchestrated Hacking Has Begun: Here’s How the United States Should Respond appeared first on Just Security.

This sends the wrong message to Beijing, as well as to U.S. allies in the Indo-Pacific caught in China’s cyber crosshairs. Trump’s new National Security Strategy (NSS) explicitly calls for burden-sharing, arguing that allies must “assume primary responsibility for their regions,” while the United States serves as a “convener and supporter” in regional defense. Backing away from sanctions after a major China-linked hacking campaign undercuts that logic: burden-sharing collapses if the United States is not willing to bear economic or political costs itself. If the world’s largest economy will not confront China’s cyber operations, how can it credibly ask Indo-Pacific allies — who have far less leverage over Beijing — to step up?

There is still time to recalibrate. To counter Beijing’s cyberattacks and operationalize burden-sharing, the United States must use its unique leverage to impose costs on China while enabling Indo-Pacific allies to lead cyber defense in the region.

Beijing Exploits Cyber Weakness Across the Indo-Pacific 

The U.S. intelligence community identifies China as the most persistent and active cyber threat to U.S. networks. In 2024, the Chinese state-sponsored hacking group Salt Typhoon carried out one of the most severe breaches of U.S. telecommunications companies. Just weeks before Trump met with Xi in October, the United States uncovered another major China state-backed cyber intrusion of the cybersecurity vendor F5, triggering an emergency directive from the lead U.S cyber agency. Yet, the cyber threat to Washington extends far beyond the homeland. China’s cyber operations have already infiltrated networks supporting U.S. forward deployed forces across the Indo-Pacific, targeted export controls on critical technologies, and spread disinformation campaigns designed to erode trust in U.S. alliances.

U.S. regional partners also bear the full brunt of Beijing’s cyber coercion. In Taiwan alone, China-linked hackers target critical infrastructure and government networks roughly 2.8 million times a day — a 17 percent jump from last year. Over the past five years, Chinese hacking groups have targeted Japan’s national security and critical technology data over 200 times.

Indo-Pacific cyber defenses are not keeping pace with threats from China. The region is experiencing rapid digitalization — often without matching investments in cybersecurity. In Southeast Asia alone, the digital economy could reach up to $1 trillion in gross merchandise value by 2030. This surge in connectivity is fueling growth, but it also expands the attack surfaces that state-backed hackers, and other malign cyber actors, can exploit — underscoring the urgent need for collective investments in cyber defenses.

The lack of cybersecurity personnel in the region emboldens Beijing’s hackers. When breaches occur, scant cyber workforces struggle to root out China’s hostile activity. Identifying the attackers takes weeks — if it happens at all — and allied cyber defense resources often arrive after the damage is done. The numbers are stark. There are only around 200 highly certified cybersecurity professionals in the Philippines, and Japan’s cyber workforce shortfall nearly doubled between 2022-2023. At the same time, China operates a hacking program larger than that of every major country combined.

Beijing’s economic leverage is also blunting efforts to counter China’s cyber operations. For example, the Philippines made no official attribution statement against its largest trading partner, China, when Beijing-backed attackers infiltrated the government and stole sensitive military data earlier this year. The same story plays out in South Korea, Japan, and Taiwan — leaders condemn cyber espionage in vague terms but hesitate to call out Beijing specifically when trade is on the line.

To counter Beijing’s cyber operations across the Indo-Pacific, Washington should lead its treaty allies in building a new “Cyber Shield” for the region. In this proposed framework, Washington would provide strategic capacity-building resources while allies commit to measurable investments in their own cyber defenses — enabling greater regional integration and capability to defend against cyber threats. This framework would also define options for a collective response to move away from ineffective, ad hoc reactions that only embolden China.

Toward an Indo-Pacific Cyber Shield

While an Indo-Pacific Cyber Shield will not stop Beijing’s cyber aggression, it will certainly raise the cost for China. The recommendations below operationalize the proposed Cyber Shield across three pillars — joint resolve, joint resources, and joint response.

Joint Resolve 

Countering Beijing’s cyber operations starts with conveying the joint resolve of the United States and its Indo-Pacific allies. Washington and its regional partners should issue a joint statement condemning China’s cyber activity and commit to a significant collective response if Beijing’s cyber operations continue. Such a statement would undercut Beijing’s denials of its cyber operations. It would also help signal resolve and bolster awareness by publicly highlighting Beijing’s hostile cyber operations. A joint advisory — issued by the FBI and European allies in August — offers a model to replicate. The United States and its allies should increase the cadence of these alerts following major China-backed infiltrations.

Joint Resources

Increasing joint cyber defense capabilities will be the most critical component of countering China’s cyber aggression. To operationalize the Cyber Shield, U.S. capacity building resources should scale with greater partner investments in cyber defenses. This reflects the National Security Strategy’s burden-sharing model in practice. Regional allies must improve the technical capacity to identify evidence of Chinese hacking when a breach occurs, quickly patch vulnerabilities, and bolster resilience of critical networks to thwart future intrusions. The United States is making important progress on cyber defense capacity building in the region. U.S. Cyber Command has deployed more than 85 times to over 30 countries in partner-enabled missions to hunt for hostile activity on networks. The U.S. Cybersecurity and Infrastructure Security Agency has also conducted several capacity-building exercises, including with Japan in 2024 on maritime cybersecurity.

For their part, Indo-Pacific allies and partners participate in multiple U.S.-led military exercises that have a cyber component, including the annual Cyber Flag exercise hosted by the U.S. Cyber Command. The United States has also prioritized negotiating an intelligence sharing agreement with the Philippines, and both countries approved a major intelligence sharing upgrade in 2024. The United States should leverage these engagements to share cyber threat intelligence and provide a clear roadmap for how allies can receive greater cyber defense support from Washington.

Critically, U.S. allies in the Indo-Pacific need to invest in their own cyber defenses. In exchange for access to U.S. cyber defense resources and information, allies should modernize military and intelligence cyber capabilities, upgrade and strengthen intelligence systems, and provide a clear legal pathway for U.S. Hunt Forward operations — defensive operations conducted by U.S. Cyber Command at the request of a host nation — to root out hostile activity on partner networks. Most importantly, allies should remove insecure ICT infrastructure, especially from companies like Huawei and ZTE, that pose a significant cyber espionage risk.

Joint Response

If a breach occurs, the United States and its regional allies must be ready to impose costs on Chinese state-backed hackers. In addition to bolstering domestic cyber defenses, the United States should develop a joint escalation ladder with its regional allies outlining a variety of responses to state-backed cyber aggression. The European Union’s Cyber Diplomacy Toolbox shows what a coordinated diplomatic response to malign cyber activity can look like. While U.S. Indo-Pacific allies are not as politically or institutionally integrated as the European Union, the region can apply similar tools while leveraging the multiple existing cyber coordination channels between the United States, Japan, South Korea, and the Philippines.

Legal action is an important but underutilized tool in the cyber context. The United States has indicted China-linked hackers multiple times, including two hackers linked to the Chinese Ministry of State Security in 2018, and employees of i-Soon — a company that carried out cyber operations on behalf of the Chinese government — last March. Indo-Pacific allies are beginning to take similar steps, albeit less frequently. In 2021, for example, Japanese law enforcement investigated a Chinese hacker over alleged involvement in cyberattacks on about 200 companies, including the Japan Aerospace Exploration Agency. The United States should work with Indo-Pacific allies to develop frameworks to prosecute China-linked hacking, especially for threat groups like Salt Typhoon, that target both the United States and the Indo-Pacific.

The Cyber Shield framework would also encourage its members to levy economic sanctions against known Chinese cyber threat actors. Despite the reported White House walk-back, the United States has sanctioned China-backed hackers multiple times, including Zhou Shuai, a Shanghai-based cyber actor, last March. Similarly, the United States, Australia, and the United Kingdom jointly issued sanctions against Aleksandr Ermakov, a Russian hacker who breached Australia’s largest private health insurance provider, in January 2024. The United States should coordinate similar sanctions regimes with its Indo-Pacific allies after significant cyberattacks, especially if the threat actor targets multiple allied countries.

Finally, the United States and its regional allies should prepare to respond with offensive cyber operations when necessary and legal to make China-backed hackers pay. Seoul and Tokyo are already honing their offensive cyber capabilities: South Korea’s 2024 National Cybersecurity Strategy calls for intelligence and military agencies to “preemptively and offensively respond to threats,” while Japan’s new active cyber defense legislation authorizes the neutralization of adversary servers. This further aligns Indo-Pacific allies with Washington’s Defend Forward cyber posture, which calls for disrupting adversary cyber threats before they reach domestic networks. The United States should take advantage of this alignment in strategy by prioritizing the development of joint offensive cyber capabilities during military exercises like Cyber Flags.

* * *

Without a new framework to counter China-backed cyber operations in the region, Beijing and other state-backed cyber groups will continue escalating their cyber operations to spy, steal, and sabotage with near impunity. A new Cyber Shield would translate the National Security Strategy’s burden-sharing concept to Indo-Pacific cyber defense, enabling allies to take greater responsibility in countering state-backed cyber threats. A Cyber Shield will not eliminate Beijing’s cyber intrusions, but it will finally enable the United States and its Indo-Pacific allies to act faster, coordinate responses, and impose costs on China.

The post America’s Cyber Retreat Is Undermining Indo-Pacific Security appeared first on Just Security.

To succeed in geo-economic competition with China, U.S. policy should seek to preserve asymmetric advantages by maintaining China’s reliance on U.S. products and technologies, while controlling access to the essential capabilities that secure America’s national security and economic edge. The challenge currently is that China isn’t playing Trump’s transactional game. While the Trump administration celebrates short-term deals, Beijing is executing a multi-decade strategy to dominate the semiconductor supply chain from raw materials to finished chips. Tufts University Professor Chris Miller has estimated that China has invested the equivalent of the entire U.S. CHIPS Act virtually every year since Xi made domestic semiconductor manufacturing a priority in 2014. The CHIPS Act allocated some $52.7 billion ($39 billion for manufacturing grants) for domestic semiconductor manufacturing. It was signed into law by President Joe Biden in 2022 but has been abandoned by the current administration.

When Trump decided to continue the Biden administration’s export controls on advanced chips earlier this year, Xi didn’t blink. Instead, he doubled down on the indigenous innovation programs that have allowed China to achieve breakthroughs that many in the United States thought were only possible in some distant future, such as 7-nanometer chips, considered the “entry point” for competitive AI, and carbon nanotube processors that could leapfrog silicon entirely, outperforming in scale, speed and efficiency.

Worse yet, this strategic drift is coming precisely when the U.S. semiconductor advantage faces threats from multiple directions: China’s accelerating innovation, allies’ frustration with inconsistent U.S. policies, and self-inflicted wounds from using the CHIPS Act as leverage for the government to muscle-in and take a position in private corporations.

The Worst of Both Worlds

The current U.S. government approach to semiconductor export controls embodies the worst of both worlds: undermining American companies’ competitiveness while failing to meaningfully slow China’s progress. Nvidia and AMD face billions in losses from restricted China sales, revenue that funds the research and development needed to keep the United States ahead. Meanwhile, Chinese firms smuggle restricted chips through shell companies, rent computing power from cloud providers, and innovate to get around U.S. restrictions with impressive speed. DeepSeek, a Chinese AI startup, in January 2025 released R1, an open-source research model roughly matching the capabilities of advanced models from OpenAI, Google, Meta, and Anthropic. The breakthrough demonstrated that Chinese companies can achieve efficient AI models, trained on fewer chips than American labs typically use, and demonstrated that hardware constraints can drive software innovation in ways U.S. tech companies have yet to match.

Meanwhile, U.S. policy has devolved into threats to withhold already-promised CHIPS Act grants to American companies, efforts to change deal terms after capital and investments were already committed, and suggestions that the government take an equity stake in companies or convert grants into government ownership. The wildly oscillating approach to export controls creates uncertainty not just for U.S. adversaries, but for American companies, which require predictability to plan and implement multi-billion-dollar, multi-year investments.

The solution requires a more sophisticated approach, exercising the tools the government has at its disposal to both work with and leverage the private sector to assure that the United States will maintain its technological lead for generations yet to come. Trump’s instinct to use semiconductor access as leverage isn’t wrong; it’s that the execution and approach thus far undermine the desired goal. Treating advanced chips as tradeable commodities that the United States can turn on and off based on soybean purchases or other short-term transactions fundamentally misunderstands what’s at stake. These are the chips that power artificial intelligence, quantum computing, and autonomous weapons systems, and it’s not an overstatement that the country that leads the world in AI will also have significant economic, military, and strategic advantages for generations to come.

A More Effective Strategy

A pragmatic, realistic approach would include:

First, control the tools, not just the products. As one analysis put it, “It’s much easier to control the fishing rod than the fish.” Semiconductor manufacturing equipment – the massive chip-making machines from companies like Netherlands-based ASML – represent the real chokepoint. These tools are produced by a handful of firms in countries that are U.S allies; unlike the chips themselves, they are impossible to smuggle; and they’re what China desperately needs to achieve true independence. By contrast, controlling finished chips forces constant policy updates as companies design around each new restriction.

Moreover, constantly shifting rules breed regulatory uncertainty that pushes customers toward Chinese alternatives. Nvidia’s H20 chip was designed specifically to comply with export restrictions, only to then be banned in April 2025, then unbanned months later with a 15 percent revenue-sharing requirement – only to then have the administration just last week lift restrictions on the even more advanced H200. Customers that rely on a predictable supply of chips and are watching this whiplash, many in China, now have every incentive to develop relationships with domestic Chinese suppliers like Huawei, whose supply won’t disappear based on Washington’s latest dealmaking.

The U.S. government needs to focus restrictions on where enforcement works and where partnership is deepest with other nations that share concerns about the malign effect of tech competition with China. Yes, some advanced chips should remain restricted for military applications, but the current approach of banning compliance-engineered chips goes beyond what is needed for security and may be actively counterproductive if the result is to drive Chinese innovation and independent manufacturing capability. U.S. policy should be torqued to restrict where it must but also to let American companies sell more chips where they don’t compromise fundamental advantages.

Second, make export controls a force multiplier, not a substitute, for American competitiveness. The CHIPS Act has spurred investments of tens of billions of dollars in domestic semiconductor capacity — investments that the “adjustments” introduced by the Trump administration threatens to undo. While there are certainly adjustments that can provide additional leverage, Congress and the administration need to refocus on accelerating and expanding investments. U.S. semiconductor companies also need to be able to generate revenues to fund next-generation research and development. That means expanding their access to markets in Japan, South Korea, Taiwan, and Europe to offset losses in China. U.S. companies need economies of scale to compete. While exports to certain markets and countries certainly require additional scrutiny, especially those with deep or longstanding economic ties with China, cutting them off from the world’s largest chip market without providing alternatives is strategic suicide.

Third, recognize that success requires leveraging U.S. alliances fully. The U.S. semiconductor advantage depends entirely on continuing cooperation with technologically advanced and like-minded countries that help support America’s competitive advantage in chips: Dutch lithography (to print the circuit patterns on the silicon at micro/nano scale), Japanese materials, South Korean memory, Taiwanese manufacturing. But the Trump administration’s single-minded pursuit of unilateral control, viewing partnerships as dependency and weakness when in fact they are a strategic asset, has both frustrated allies and left enforcement gaps that China can exploit. The United States benefits from multilateral arrangements with partners to share in the economic pain and required commitment to enforcement as well as to jointly reap the benefits of the strategic upside. The answer isn’t “join us or else.” U.S. economic statecraft and commercial diplomacy should be leveraged to streamline allied export controls, expand their CHIPS Act research access, and jointly develop next-generation technologies, including treaty-level commitments, not just ad hoc coordination shifting with each presidential tweet.

Fourth, accept that some technologies are too foundational for national security to treat them as just another trade variable. The most dangerous signal from the Trump-Xi meeting in Busan was the implication that advanced semiconductor access is negotiable based on agricultural purchases or fentanyl or other matters. While Xi surely suspected it before, he left Busan knowing that security-driven export controls and America’s technological edge are up for negotiation, if the price is right.

Finally, recognize that America’s technological leadership requires protecting the entire innovation ecosystem, not just products. Indeed, America’s advantage has long been in the complete innovation system — universities, capital markets, design tools, equipment expertise, and global talent. Government actions that hollow out or wreck this ecosystem, in whole or in part, create the risk of technological collapse. For the private sector, lost revenues mean cuts in R&D budgets, laying off engineers, and ceding market share to foreign competitors that face fewer restrictions. Export controls should protect core capabilities while enabling companies to maintain the scale and revenues that, in turn, fund continued innovation.

Not Too Late

The Busan meeting bought some temporary calm on rare earths and tariffs. But Xi achieved his objectives: he got semiconductor restrictions on the negotiating table, maintained his option to reimpose rare earth controls in a year, and watched the Trump administration signal that advanced chip access is negotiable rather than strategic — a bet that appears to have now paid off with the H200 decision. Thus far, Xi is thinking in five-year plans while Trump is thinking in tweets.

But it’s not too late. For all its other failings — and they are many — the Trump administration’s new 2025 National Security Strategy is right in maintaining that American leadership in advanced technology lies at the very heart of national security for the 21st century. And nearly at this Trump administration’s one-year mark, it’s likewise clear that if its ambitions for maintaining economic, commercial, and technological advantages are to be fulfilled, it needs to get much smarter about how it seeks to pursue its strategy. That means predictable investments in American research and manufacturing; targeting controls on manufacturing equipment where enforcement works and leverage with allies and partners is greatest; supporting semiconductor ecosystems in friendly nations rather than alienating them through policy chaos; and recognizing that foundational technologies should not be traded away for a hill of soybeans or self-interested revenue-sharing deals.

American technological leadership in the century ahead requires a strategy that is ruthlessly focused, multilaterally coordinated, and strategically disciplined. We know the answer. The question is whether this administration can summon the discipline to execute it.

The post Trump’s Chip Strategy Needs Recalibration appeared first on Just Security.

Model weights and model outputs present fundamentally different challenges. Possession of the weights allows an adversary to deploy models without restrictions, modify them for malicious purposes, or study them to develop competing systems. But a foreign adversary doesn’t need to obtain model weights to benefit from a model’s capabilities; access to a publicly deployed model’s API or web interface may suffice to elicit controlled information. For instance, a user in a restricted destination could try to exploit a U.S. model to generate code for a missile guidance system or schematics for an advanced radar component. Model outputs thus represent a distinct national security challenge that persists regardless of whether any restrictions are placed on model weights.

Frontier models today can likely generate technical information controlled under the International Traffic in Arms Regulations (ITAR), which restrict defense-related technical data, and the Export Administration Regulations (EAR), which control dual-use technology. Yet these frameworks, designed for discrete transfers of static information between known parties, are ill-suited to govern AI systems that generate unlimited, dynamic outputs on demand for potentially anonymous users worldwide.

The agencies responsible for enforcing these controls—the State Department’s Directorate of Defense Trade Controls (DDTC) for the ITAR and the Commerce Department’s Bureau of Industry and Security (BIS) for the EAR—have yet to address this challenge with authoritative guidance. The result is a policy vacuum that serves neither national security nor economic competitiveness.

Why Export Controls Apply to AI Outputs

Can AI-generated outputs be subject to export controls? The clear answer under existing law is yes. The ITAR’s definition of “technical data” focuses on functional characteristics—information necessary for the design, development, operation, or production of defense articles—without regard to whether that information was produced by a human engineer, photocopied from a blueprint, or synthesized by an AI model. The EAR’s definition of “technology” similarly encompasses information necessary for development, production, or use of controlled items regardless of whether it was created by AI or humans.

This content-focused approach makes strategic sense. A detailed schematic for a missile guidance system would pose the same proliferation risk whether it appears in a leaked document or an AI chat window. The national security harm stems from the information itself, not how it was generated.

Testing by the Law Reform Institute confirms that this isn’t a hypothetical concern. Working with an ITAR expert who previously conducted commodity jurisdiction analyses for DDTC, we assessed whether publicly available frontier models could generate information that would likely qualify as ITAR-controlled technical data. Models from four leading U.S. developers were tested across several categories of defense articles on the ITAR’s U.S. Munitions List. Every tested model produced such information in at least one category. (The examples of defense articles noted elsewhere in this article are purely hypothetical. The particular categories tested by LRI are not being publicly disclosed to avoid providing a roadmap for circumventing ITAR restrictions.)

These tests had limitations—they established capability as a proof of concept rather than comprehensively benchmarking it, and items were not manufactured to verify the accuracy of the model outputs. Nevertheless, the results demonstrate that the problem already exists in a nascent form.

Additionally, the Law Reform Institute’s testing relied exclusively on straightforward queries, forgoing “jailbreaks” or other adversarial techniques used to circumvent any safeguards that may have been designed to prevent the models from assisting with these topics. A more determined adversary would likely extract far more, as the defenses typically built into publicly available models are porous. The National Institute of Standards and Technology (NIST) has warned that AI remains vulnerable to attacks, and researchers have found that professional red-teamers can bypass safety defenses more than 70 percent of the time. As Anthropic CEO Dario Amodei observed in April, the AI industry is in a race between safety and capabilities—one in which capabilities are currently advancing faster. Thus, if current trends continue, the controlled information that can be obtained from frontier models will likely increase in scope, sensitivity, and accuracy. 

The National Security Stakes

What could adversaries gain from ready access to AI-generated controlled information? Future AI models that may be capable of generating detailed technical data and technology—from specifications for advanced radar systems and guidance algorithms for precision munitions to semiconductor fabrication techniques and quantum computing processes—could help adversaries overcome technical barriers in both defense and dual-use technologies.

Perhaps most significantly, as these capabilities mature, an adversary would gain an on-demand technical consultant that can iterate on designs, troubleshoot problems, and provide explanations tailored to specific needs—a capability that poses a unique national security threat. And unlike traditional channels through which controlled information typically travels—traceable shipments, emails, or physical meetings—an adversary prompting a publicly available model leaves minimal independently discoverable forensic evidence.

Who Bears Responsibility for the Export?

One of the most fundamental questions in applying export controls to AI outputs is deceptively simple: who is the “exporter” when a model generates controlled information? This question matters because export control liability attaches to the party responsible for the export.

Under the EAR, the “exporter” is “the person in the United States who has the authority of the principal party in interest to determine and control the sending of items out of the United States.” While the ITAR doesn’t explicitly define “exporter,” the term appears throughout the regulations in contexts assuming the exporter is the person who controls and effectuates the export and is responsible for obtaining authorization.

In traditional scenarios, identifying the exporter is straightforward. When Boeing ships aircraft components to a foreign buyer, Boeing is the exporter. When an engineer emails technical drawings to an overseas facility, the engineer (or their employer) is the exporter.

But AI model outputs scramble this clarity. When a foreign national in China prompts an American AI model to generate controlled technical data, who exported the data? The foreign user can’t be the exporter—that person is the recipient whose access triggers export control requirements. As a practical matter, the most defensible analysis is that the company that developed and deployed the AI system and gave the user access should be considered the exporter—at least for closed-weight models where the developer and deployer are the same entity. (Open-weight models—which allow users to download the full model to modify and run locally—raise distinct issues beyond this article’s scope.)

Such entities have the authority “to determine and control” the export, even if that control is imperfect. As with other software tools, developers and deployers decide whether to implement technical safeguards, screen users, or restrict access to prevent controlled outputs—and are thus uniquely positioned to take actions to mitigate national security harms before making the system accessible. Moreover, under the strict liability standard applied to civil export violations, even a user “tricking” a model via a jailbreak would not automatically absolve the developer of liability for the resulting unauthorized export.

This assessment has profound implications. Absent contrary guidance from DDTC or BIS, AI companies that deploy models capable of generating controlled information likely bear export control compliance responsibility—whether or not they intended their models to have such capabilities, and regardless of how users employ the systems. These companies may therefore already be “exporters” subject to ITAR and EAR requirements.

Why the “Public Domain” and “Published” Exclusions Don’t Always Apply

Both the ITAR and EAR contain exclusions for information that is in the “public domain” or that is “published.” These carve-outs exist because controlling widely available information would be futile and restrict legitimate research and public discourse. Because frontier AI models are generally trained on large datasets that include publicly available data from the internet, many model outputs will often reproduce public information and qualify for these exclusions. At first glance, this might seem to largely resolve the AI outputs problem. But these exclusions don’t always apply to AI-generated outputs for three reasons.

First, frontier AI models can synthesize novel information from disparate sources rather than simply reproducing existing data. They can generate combinations, insights, and emergent knowledge in response to user queries—synthesizing previously dispersed public information into structured guidance, or extrapolating beyond it, to create new controlled information absent from any single training source. As OpenAI’s CEO, Sam Altman, explained, such models function as “a reasoning engine, not a fact database”—they analyze and combine information rather than merely retrieve it. Because they can synthesize information to produce controlled data that never existed in published form, their outputs don’t necessarily constitute “public domain” or “published” data.

Second, the regulatory frameworks impose specific requirements for information to qualify as “published” or “public domain.” The ITAR’s “public domain” designation depends on dissemination through specific enumerated channels, such as sales at bookstores, availability at public libraries, or fundamental research at universities that is ordinarily published. The EAR’s “published” exclusion is broader, encompassing information that is publicly available without restrictions upon its further dissemination, including websites available to the public. Not all training data may meet both standards—and information that qualifies under the EAR’s broader exclusion may still fail to qualify under the ITAR.

Third, AI model outputs don’t automatically qualify as “published” or “public domain” simply because a publicly available model generates them. Both the ITAR standard (“generally accessible or available to the public”) and the EAR standard (public availability “without restrictions upon its further dissemination”) require broad public distribution. When an AI system generates a response to a particular prompt, it creates individualized content for a specific recipient, not publication to an unlimited audience. 

The Core Compliance Problem

These legal complexities culminate in an acute practical challenge. Determining whether information qualifies as ITAR- or EAR-controlled typically requires expert analysis—hours of work parsing technical details against regulatory criteria. The analysis also depends on knowing the recipient’s nationality and location, since export control requirements vary by destination. A transfer to a Canadian citizen in Canada may require no license; the identical transfer to a South African national in the United States may trigger “deemed export” controls; the same transfer to a Russian national in Russia may be prohibited entirely.

An AI model generating responses to prompts lacks reliable access to this critical information. Users can falsify location data and obscure their identity. Even if a model attempted real-time export control classification of its own outputs, it would need to verify information that users have every incentive and ability to misrepresent. And the model would need to determine whether its synthesized output qualifies for the “public domain” or “published” exclusions—an analysis requiring judgment about whether the specific output existed in prior publications or constitutes novel controlled information.

AI developers do of course implement safeguards to prevent harmful outputs—including refusals for dangerous queries and content filtering systems. Whether or not these measures take export control classifications into account, they face fundamental challenges. Current safety systems may block obvious requests for bomb-making instructions, but they may struggle to detect the risk of generating controlled technical data when the request is masked by adversarial prompting or embedded in benign contexts (e.g., coding assistance or creative writing). Furthermore, they lack the technical and legal frameworks to systematically identify and prevent ITAR- or EAR-controlled outputs across all technical domains. Export control determinations require analyzing the intersection of technical specifications, regulatory classifications, recipient characteristics, and public domain status—a level of contextual judgment that current automated systems cannot reliably perform.

AI developers thus face a trilemma. First, they cannot reliably conduct real-time export control determinations. Users can misrepresent critical information, safety filters are imperfect and can be circumvented, and assessing the “public domain” and “published” exclusions requires individualized assessment. Second, they cannot implement blanket restrictions without crippling their models’ utility. And third, they cannot simply deploy models without controls and risk violating export regulations for which they may be held legally responsible.

The scope of the second option—blanket restrictions—reveals why it proves unworkable. Given the breadth of ITAR and EAR controls, which collectively span aerospace, defense, advanced manufacturing, emerging technologies, and dual-use items, comprehensive restrictions would undermine the use of cutting-edge tools for legitimate research, education, and commercial development.

Consider the strategic implications. If U.S. companies deploy frontier models that are hobbled by overbroad restrictions while Chinese labs like DeepSeek and Moonshot operate without comparable export restrictions, American competitiveness suffers without corresponding national security benefit. The EAR recognizes this dynamic in its foreign availability provisions, which allow BIS to remove or modify controls when comparable items are available from foreign sources. But these provisions only apply to specific items assessed case-by-case—they were never designed to address foreign AI models capable of generating new export-controlled information across multiple regulatory classifications.

 Managing Deemed Export Risks for Internal Models

While public-facing models present the most visible challenge, AI labs also face deemed export risks from internal model use by employees. As models are being developed, and as they are deployed internally within labs prior to public release, they may lack the safety guardrails eventually built into public versions. Internal models may also be more capable than their public counterparts. If foreign national employees—who represent a substantial portion of the U.S. AI workforce in key technical fields—use these internal systems and elicit ITAR- or EAR-controlled outputs, deemed export violations could occur.

This internal challenge, however, has an established compliance mechanism, even if the technical implementation requires adaptation. AI labs can implement Technology Control Plans (TCPs)—the same framework used successfully across research universities, national laboratories, and the defense industrial base. A robust TCP for AI development would include comprehensive logging of internal model interactions, personnel screening protocols, and information security measures protecting digital access. Additional components would encompass physical security controls, employee training on export controls, and regular compliance audits. These measures, standard in industries handling controlled technology, can substantially reduce deemed export risks without excluding the international talent critical to U.S. AI leadership.

 Why Government Engagement Is Essential

The challenges outlined above aren’t problems that AI developers can solve independently. Export controls exist to protect national security interests—a fundamentally governmental function requiring government leadership. Current policy effectively delegates this responsibility to private companies, asking them to navigate—without guidance—through a regulatory regime designed for an entirely different technology paradigm.

This approach carries real risks. Without authoritative guidance, labs face difficult choices between potentially violating export controls or implementing restrictions that degrade model utility. Some may adopt conservative approaches that limit innovation; others may take permissive stances that risk proliferation. This fragmentation serves neither national security nor competitiveness.

The stakes will only rise as capabilities advance. Today’s frontier models represent merely the beginning of what AI systems will be able to generate. And the scenarios explored here—closed-weight models deployed by U.S. developers—represent only one configuration. Open-weight models that allow for independent modification and deployment, U.S. cloud platforms hosting foreign-developed models, and cross-border collaborative development each raise distinct and complex export control questions. As models become more capable, the shortcomings of existing export control frameworks will be magnified absent active government engagement.

As we argue in a recent paper, the U.S. government needs to undertake a serious reassessment of how export controls apply to AI model outputs. The government should take a risk-based approach, focusing regulatory resources on the most security-sensitive domains, rather than attempting comprehensive control across all technical fields. Given that safety filters can be circumvented, a regulatory approach demanding zero-failure compliance for all controlled data is likely unachievable. Instead, compliance expectations must be calibrated—more stringent for the most sensitive technologies, more flexible for broader categories of dual-use items. Additionally, when evaluating whether U.S. models genuinely threaten national security by generating outputs that are currently export controlled, the government needs to account for the “foreign availability” of comparable capabilities in non-U.S. models. Developers should be given incentives to implement robust internal controls and work collaboratively with government to identify and address these high-priority risks.

Regulatory agencies like DDTC and BIS, drawing on the strategic assessments of the defense and intelligence communities and the technical expertise of bodies like NIST, possess the institutional knowledge to assess these tradeoffs. They can evaluate model capabilities against adversarial testing, analyze national security implications holistically, and develop compliance approaches that protect security without unnecessarily constraining innovation. But they must treat AI model outputs as an urgent policy priority—dedicating resources to understanding specific AI systems, engaging with developers and deployers, and adapting frameworks to address challenges current rules never contemplated.

The conversation about AI and national security must expand beyond semiconductors and model weights to encompass the outputs those technologies enable. DDTC and BIS have successfully adapted export controls to previous technological disruptions—from cryptography to additive manufacturing—and AI model outputs present the next adaptation challenge. The agencies possess the institutional knowledge to develop workable solutions, but doing so will require sustained attention and a willingness to rethink frameworks built for an earlier technological era. The race between safeguards and capability improvements is already underway; U.S. regulatory frameworks must move fast enough to keep pace.

The post AI Model Outputs Demand the Attention of Export Control Agencies appeared first on Just Security.

On March 24, 2025, The Atlantic published the first in a series of articles containing material from the group chat, including screenshots of Signal messages between cabinet-level officials discussing the authorization and operational details of the strikes, which took place on March 15. Hegseth, then National Security Advisor Michael Waltz, and other cabinet members, including the administration’s two most senior intelligence officials, discussed matters including the number of aircraft involved in the attack, the kinds of munitions dropped, specific times for the attack, and targets on the ground, according to The Atlantic.

OIG published its report on the incident alongside a companion report offering recommendations for the handling of sensitive information on “non-DoD controlled electronic messaging systems.” The OIG conducted its evaluation of the incident from April through October 2025, collecting information and documents and conducting interviews with current and former DoD personnel to identify “the factual circumstances and adherence to policies and procedures surrounding the Secretary’s reported use of Signal to conduct official government business from approximately March 14 through March 16, 2025.”

In a previous article on Just Security, Ryan Goodman analyzed the criminal laws that could apply to Signalgate. This fell outside of the scope of the OIG report, which did “not try to identify whether any person violated criminal laws.” Instead, the report assessed whether Hegseth and other DoD officials “complied with DoD policies and procedures for the use of the Signal commercial messaging application for official business” in “compliance with classification and records retention requirements.” The report’s findings and the recommendations raise a number of questions that lawmakers should address.

OIG Report Findings and Recommendations

The OIG found that Hegseth, who declined to be interviewed, shared sensitive, non-public information from a USCENTCOM briefing in the Signal group just hours before the United States conducted strikes in Yemen. In doing so, the report says, “the Secretary’s actions did not comply with DoD Instruction 8170.01, which prohibits using a personal device for official business and using a nonapproved commercially available messaging application to send nonpublic DoD information.”

The OIG explicitly stated that the information shared in the group could have created a risk to U.S. forces, contradicting a written statement by Hegseth.

Although the Secretary wrote in his July 25 statement to the DoD OIG that “there were no details that would endanger our troops or the mission,” if this information had fallen into the hands of U.S. adversaries, Houthi forces might have been able to counter U.S. forces or reposition personnel and assets to avoid planned U.S. strikes. Even though these events did not ultimately occur, the Secretary’s actions created a risk to operational security that could have resulted in failed U.S. mission objectives and potential harm to U.S. pilots.

The report also found that Hegseth and his office failed to retain the messages as required by federal law, since some of the messages were “auto-deleted before preservation.” DoD was only able to provide “a partial transcript of the Signal messages based on screenshots taken from the Secretary’s personal cell phone on March 27, but this record did not include a significant portion of the Secretary’s conversations disclosed by The Atlantic,” according to the report. The OIG therefore “relied on The Atlantic’s version of the Signal group chat.”

The report also detailed procedural issues with the classification of operational information in USCENTCOM communications, including a lack of appropriate markings on certain communications.

With regard to Hegseth’s failure to comply with DoD instructions on the use of a personal device and non-approved commercial app for the conduct of official business, the OIG did not make a recommendation, asserting that “the use of Signal to send sensitive, nonpublic, operational information is only one instance of a larger, DoD-wide issue.” The single actionable recommendation from the OIG evaluation is that USCENTCOM should review its classification procedures and “ensure that clear requirements are communicated” for marking classified information.

The companion report included a number of other recommendations. It suggests that the DoD should take efforts to remove the incentive for personnel to use apps such as Signal by providing better official alternatives, that it should conduct department-wide cybersecurity training, and that senior leadership should receive training and “a knowledge assessment” on the use of mobile devices and applications. The DoD Chief Information Officer agreed with most of the recommendations, but quibbled with creating new department-wide training, arguing they would be expensive and “redundant” to existing efforts.

Questions Lawmakers Should Ask Now 

The OIG report raises questions, including about its drafting and scope. For instance, while Appendix A of the report stipulates that it “does not try to identify whether any person violated criminal laws,” two pages later it says OIG “obtained support from the Administrative Investigations and Defense Criminal Investigative Service Components in the DoD OIG,” which “advised and assisted the project team with analysis of potential criminal conduct and taking recorded and sworn testimony from DoD officials.” Was the inquiry truly limited in its scope, or did OIG implicitly conduct a criminal-adjacent investigation without stating so? Was any material left out of the report that would have been important for Congress or the public to know?

Regardless, the OIG report is far from the “total exoneration” claimed by Hegseth and his aides. Rep. Don Bacon (R-NE) told CNN’s Brianna Keilar that claims the report exonerated Hegseth are “total baloney,” while Sen. Jim Himes (D-CT) told CBS News’ Face the Nation that his Republican colleagues are expressing concern over the findings. But when asked if he would use Signal again, the Secretary told a Fox News correspondent on Saturday that he does not “live with any regrets.”

Given bipartisan concern over the issue, Congress should pursue a more substantial inquiry into the incident, and look into the “DoD-wide issue” that the OIG report says stems from the use of Signal. Perhaps there are legislative solutions. Congress could write a law to require DoD to deploy a secure messaging application to reduce the incentive to use consumer apps, or more clearly codify consequences for senior officials—including Cabinet members—who violate electronic communications or records laws.

That might create accountability for a future Secretary of Defense. It would at least put the same degree of accountability in place for the civilian leader of the military as for his subordinates. As The Atlantic’s Goldberg put it on Friday:

I try not to express my personal views from this chair, but since Signal Gate happened on my phone, let me say that the most disturbing aspect of this whole episode is that if any other official at the Department of Defense and certainly any uniform military officer shared information 1 in 100th as sensitive as Hegseth and others shared on an insecure messaging app, without even knowing that the editor-in-chief of The Atlantic was on the chat, they would be fired or court-martialed for their incompetence.

Perhaps such common sense is insufficient to serve in place of a rule. Congress has the opportunity now to use the OIG report as the starting point to consider what should happen next. If it fails to do so, then the report will be filed away as the endpoint Hegseth claims it is.

The post Questions Lawmakers Should Ask About Inspector General Report on Signalgate appeared first on Just Security.

The process for negotiating a U.N. cybercrime treaty was born in controversy. The initial push for the Convention came from Russia, the largest perpetrator of cybercrime, and the resolution tabled in 2019 to launch negotiations received only minority support. The motivation behind the decade-long pursuit was to replace the Budapest Convention as the most recognised international standard and advance a treaty that would better reflect the ideas of state-controlled internet governance. After close to three years of negotiations, an overwhelming number of stakeholders viewed the final document as flawed, due to state overreach married with weak safeguards, and many civil society organizations have called on countries to reject it.

Despite these hurdles, the text was adopted by consensus in the Ad Hoc Committee tasked with elaborating the treaty and later confirmed in the U.N. General Assembly (UNGA), in what has been hailed a victory for multilateralism. Thanks to the external voices across civil society, the technology industry, and academia that participated in negotiations, the outcome was a more balanced text compared to the initial Russian proposal.

The evolution of the treaty invites the following questions: What happened during negotiations that transformed the text into something that seemingly satisfied almost everyone? And what does that process signify for implementation?

A Growing List of Signatories 

Even as delegations were disembarking from their planes in Hanoi, expectations were that only around 30 countries would sign the treaty on the spot. Disagreements over the Convention’s scope of criminalization, obligations for international cooperation, and the types of safeguards against political abuse and human rights protections created major rifts during negotiations, exemplified by the last-minute extension of talks for an additional session. The precise  number of countries that planned on signing the document in Hanoi was unclear until the very last moment. Few countries published their decisions in advance, such as the United Kingdom, Australia, or the bloc of European countries.

On October 25, host country Vietnam signed the Convention first, followed by Russia and China, the countries that drove treaty negotiations. Other early signatories included Belarus, North Korea, Venezuela, and Nicaragua. Iran, which had attempted to remove the text’s remaining human rights safeguards in an unsuccessful bid on the final day of negotiations, also signed.

Despite early reservations, the European Union became a vigorous supporter of the treaty and also signed in Hanoi. So did 13 E.U. member States, including France, Spain, and Poland. Ukraine abstained from the negotiations for political reasons, with many observers perceiving the treaty as the Russian equivalent of a Trojan horse.

Three members of the “Five Eyes” intelligence alliance — the United States, Canada, and New Zealand — and other key countries, including Japan, India and Israel, actively participated in the negotiations but ultimately did not sign the Convention in Hanoi for internal reasons, ranging from pending domestic review to considerations related to national security. Canada, New Zealand, and Mexico were key advocates for stronger human rights safeguards and drove proposals strengthening related protections. At a minimum, Canada and Mexico are expected to join after internal reviews. Breaking the ranks in the Five Eyes, Australia and the United Kingdom signed, advocating that the Convention will enhance international law enforcement cooperation and that they can help influence implementation from within. The Trump administration, distrustful of multilateralism, is unlikely to ratify the treaty its delegation voted for at the U.N. General Assembly.

The Cybercrime Convention’s signatories also include representation from the African Union (14 signatories), the Shanghai Cooperation Organization (eight signatories), and the Association of Southeast Asian Nations (seven signatories) — though Singapore notably abstained. The Arab League also supported the treaty with eight signatures, including Egypt, Saudi Arabia, and Qatar. The latter opened the UNODC Regional Center for Combating Cybercrime in Doha in 2024 and now encourages member States to engage with the Center to raise capacity throughout the ratification phase. The Caribbean Community, CARICOM, was vocal during the negotiations, but only Jamaica signed in Hanoi.

Fighting Cybercrime or Enabling Authoritarian Control?

The U.N. treaty will co-exist with the Budapest Convention on Cybercrime, spearheaded by the Council of Europe in the late 1990s. Eighty-one countries are party to that treaty. After the Budapest Convention came into force, Russia fueled a narrative that the treaty was “too European,” and could therefore never become universal, and looked to create a global instrument that could replace it.

Russia is the single biggest source of cybercrime in the world. The notorious Russian-speaking ransomware-as-a-service gangs find safe harbor in the country, from where they attack critical infrastructure abroad — not shying away from targeting  hospitals, power grids, water systems, and transportation networks — in Ukraine and in NATO member States. State-linked groups associated with the People’s Republic of China have also quietly infiltrated U.S. communications and lifeline infrastructure and targeted democratic institutions. Both countries, supported by their allies, have brought the international community to the table to address transnational cybercrime. Their recent push — ostensibly aimed at improving global security online — was part of a broader campaign to bring internet governance and the use of information and communication technologies under the control of sovereign States, moving away from today’s multistakeholder Internet governance framework shaped by Western like-minded countries.

During negotiations, Russia, China, Iran, and even India insisted on a long list of additional offenses, including punishments for speech deemed to promote terrorism and extremism or threaten national security. But their efforts to control the debate on what constitutes cybercrime fell short. The final outcome of negotiations was largely determined by a coalition of democratic countries. The authoritarian wish list was never adopted, but this could change as early as 2027, when States will be able to conduct negotiations for an additional protocol.

Russia’s effort to replace the Budapest Convention also backfired. Countries that are party to that treaty took an active role in these negotiations. The final product draws on Budapest’s framework and the two treaties are compatible. Thirty-two countries that signed the U.N. Convention in Hanoi are parties to the Budapest Convention, showing a substantial degree of parallelism and proving that one regime would not displace nor negate the other.

For those who negotiated the Budapest Convention in the late 1990s, the pushback against the new U.N. instrument feels like déjà vu. The Budapest treaty, now hailed as the “gold standard” and an affirmation of Western values, faced stakeholder rejection when concluded, and has been continually criticized by human rights organizations. The Hanoi Convention cannot be understood only as a criminal justice instrument. The process and decision to sign and ratify have been and will be political.

Signing the Convention signaled which countries intend to join in a near future, but the Convention’s legal obligations come only after countries ratify or accede to the treaty. Many States see joining the framework now as a means of later modifying it and shaping how cybercrime standards will be implemented globally.

Not all share this view. A dozen human rights organizations published a joint letter shortly before the Hanoi signing ceremony asking States not to sign. Critics have argued that signing onto the Convention would render States complicit in a treaty that lacks sufficient human rights protections while enabling invasive surveillance and censorship. The private sector, despite actively contributing throughout negotiations, largely abstained from the ceremony, expressing a collective view that the final document did not sufficiently reflect their positions.

This unlikely coalition between human rights organizations and private technology companies is built on concerns that the treaty is susceptible to abuse by authoritarian governments. A lot of ink has been spilled on the sharp contrast between the Convention’s broad electronic surveillance powers to investigate and cooperate on a wide range of crimes, including offenses that do not involve computer crimes, and its human rights safeguards. Human rights groups and tech companies have warned that repressive requests, masquerading as legitimate law enforcement, will be used to target dissidents, harass tech company employees and security researchers, undermine fundamental freedoms, and facilitate censorship and the abuse of people’s privacy.

Advocates for the treaty have countered that it presents a rare opportunity to raise the bar on legal standards and capacity for investigating and prosecuting cybercrimes globally. Parties will have access to a 24/7 network to request police cooperation on investigations and prosecutions, extraditions, and the seizure of criminal proceeds. The Convention will extend the number of countries replying to requests for assistance to provide electronic evidence while allowing Parties to reject requests for mutual legal assistance that discriminate on the basis of sex, race, language, religion, nationality, ethnic origin, or political opinion.

An Imperfect Agreement Requires Continued Engagement 

The U.N. Cybercrime Convention is a living document. Democratic countries must not cede influence to those seeking to redefine cybercrime through the lens of state control and abuse of power. Whether in support or in opposition, engaging with treaty implementation by providing feedback on the review process, how State authorities adopt the provisions — and to what effect — and participate in any future negotiations is vital in a post-Hanoi reality.

By signing, States can ensure they remain at the table, advocate for stronger human rights safeguards, promote accountability mechanisms, and guarantee civil society participation in implementation and oversight. Those planning to ratify the treaty should at minimum conduct a multi-stakeholder review on whether to do so and how. Ratifying States should adjust or clarify domestic frameworks to support strong safeguards for the use of domestic powers and providing mutual legal assistance, allocate adequate investments in human-rights compliant cyber capacities, apply reservations to expansive provisions such as passive personality jurisdiction granting states jurisdiction over crimes committed anywhere in the world against their nationals, and actively participate in the drafting of the U.N. legislative guide to secure compliance with human-rights safeguards.

The treaty also asks for broader reflection. Without a new, ambitious and imaginative cyber-diplomacy agenda — one that is constructive, not defensive; one that prioritizes the root issues of cyber insecurity; and one that engages a wider group of partners across the Global South — Western like-minded countries will be leaving the multilateral agenda to autocratic States.

As the focus shifts to ratification, democracies must remain pragmatic but resolute. It is now up to them to do the utmost to ensure that the Convention is not abused and positively contributes to international cooperation against cybercrime.

The first test comes in January next year, when delegations meet to negotiate the rules of procedure for the new Conference of State Parties. This body will guide and monitor treaty implementation. If the justification for signing the Convention is to strengthen the fight against transnational cybercrime with respect to human rights, States must be ready to argue for stakeholder involvement in implementation with resolve — and potentially call for a vote on this issue. Securing a truly multi-stakeholder oversight mechanism can be the first step to tilting the global agenda back to democratic values, openness, and transparency, and exposing the actions of repressive regimes that are too often hidden behind the pretence of fighting cybercrime.

The post The Promise and Peril of the U.N. Convention Against Cybercrime appeared first on Just Security.

In May 2025, security experts reported finding rogue communication devices in solar power inverters and batteries installed throughout the United States. Those undocumented devices, such as cellular radios, reportedly allowed systems to bypass firewalls and permit unauthorized remote access to solar equipment powering American homes and small businesses. This backdoor access could be used to remotely cut power across the country, destabilise or damage power grids, and even trigger widespread blackouts.

If foreign adversaries or cyber criminals exploited vulnerabilities like these, the impact could be severe. These rogue communication devices affect the same category of distributed energy and industrial microgrids adversaries are already probing to test resilience and sow instability. As security researchers have warned, this convergence of geopolitics, climate technology, and digital dependence has created an expanding — yet insufficiently defended — attack surface. Russia’s repeated strikes on Ukraine’s energy grid are clear acts of cyberwarfare, but the same tools and vulnerabilities are being exploited by criminal and proxy actors worldwide, erasing clearer boundaries between state and non-state operations.

The U.S. Solar Industry and Small Scale Solar

Without measures to build resilience, the U.S. solar industry’s growth will also exacerbate its vulnerabilities. According to the U.S. Energy Information Administration (EIA), solar energy will contribute more than other forms of energy to increased electricity generation in 2025 and 2026. Small-scale solar installations — residential and commercial systems producing less than one megawatt — are growing at the fastest rate. Falling prices, higher efficiency, and ease of installation have fueled widespread adoption.

Solar technology can be deployed at every scale, making it an attractive option for households, businesses, and utilities to achieve energy independence. Today, coupled with solar, there are over 23 gigawatts of battery energy storage capacity installed on the U.S. electric grid, inverters — the digital control systems that regulate solar output — and other components in homes and businesses across the United States for backup generation.

Security Threats and Vulnerabilities in Solar Energy Systems

Solar technology poses several unique security threats because of the importance of electric power and the interconnected nature of the electric grid. Direct threats include:

• Data monitoring and surveillance;
• Extortion;
• Theft or misuse of data and electricity (for example, to launch cyber attacks or simply to mine cryptocurrencies);
• Localized or regional power outages or disruptions; and
• Physical damage to devices.

Solar technology faces two categories of risk: insecure software and vulnerable hardware. Many remote management tools still lack basic protections, such as password complexity and multi-factor authentication. A 2025 study identified nearly 35,000 exposed solar devices from 42 vendors worldwide, while a follow-up analysis found 93 vulnerabilities across 17 manufacturers — one-third critical enough to allow attackers full system control.

Hardware supply chains compound the problem. Roughly 70 percent of solar and battery components—including inverters and sensors—are manufactured in China, and 90 percent of global solar products include at least one critical Chinese-made element. Without independent security testing, the risk of embedded backdoors or manipulated firmware grows as these systems spread across U.S. grids.

These vulnerabilities have already been exploited. A 2019 distributed denial of service attack disrupted 500 megawatts of renewable energy assets across three states in the United States. In 2024, a vulnerability in solar power monitoring software allowed unauthorized actors to access solar power generation facilities, which they used to expand a botnet to steal money from bank accounts. That same year, a Chinese manufacturer remotely disabled inverters, bricking devices nationwide. And in 2025, investigators discovered the rogue communications equipment embedded in imported solar components in the United States. Each event underscores the same reality: distributed power introduces distributed security risks.

States Must Step In Where Federal Policy Stops

The United States still regulates the grid as if energy flows only one way — from centralized power plants to consumers. While a bill was introduced in 2025 to prohibit the Department of Homeland Security from purchasing batteries from countries deemed foreign adversaries, it has not been passed and will not address the full scope of the problem. Federal oversight remains focused on bulk power reliability, leaving distribution-connected assets such as inverters and remote monitoring systems largely ungoverned. These distributed energy resources (DER) now form the soft underbelly of U.S. critical infrastructure.

Responsibility for securing them falls to the states. The federal government has already pushed states to assume greater responsibility for emergency preparedness and cybersecurity, and states have shown leadership in data privacy, AI governance, and cybersecurity. Yet small-scale solar remains largely unregulated.

Large solar farms fall under the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards. Small systems do not. A handful of state laws, like California’s Security of Connected Devices Act, require “reasonable” security features, but they stop short of mandating the safeguards needed to secure remote management software. Broader privacy laws, like those in California, Massachusetts, and New York, protect consumer data, not grid integrity.

The result is a dangerous regulatory blind spot: utilities secure the bulk grid, but no one secures the millions of internet-connected solar devices now feeding into it. Until that changes, the United States’ clean energy transition will remain both a technological triumph and a national security risk.

Recommendations: A Realistic Path to Solar Resilience

The United States lacks a coherent strategy to secure distributed energy resources. States and utilities must move on what is feasible now, while building the foundation for longer-term reform.

Short-Term: Tie Security to Incentives

The fastest wins come from linking renewable energy incentives — rebates, grants, and tax credits — to compliance with existing cybersecurity standards, such as the NARUC Cybersecurity Baselines, NIST IR 8498, and IEEE 1547.3. States can also update grid interconnection rules to require secure defaults like strong passwords, encryption, and multi-factor authentication. These efforts should be paired with cybersecurity education for solar manufacturers and installers, most of whom are not security experts and may not fully appreciate the security risks posed by DER. These steps use existing authorities and funding and can be implemented within months, not years.

Medium-Term: Build Preparedness and Transparency

Next, states should integrate distributed energy attacks into emergency preparedness exercises and require supply-chain transparency from DER manufacturers and installers. Knowing the origin of hardware and firmware components allows states to identify high-risk suppliers and reward trusted manufacturing. These measures can be adopted within two to three years and align security with economic development — an easier political sell than new mandates.

Long-Term: Legislate for a Secure Grid

Over time, states should consider laws and regulations modeled on NERC-CIP standards but tailored for distributed energy resources. States should establish DER cybersecurity task forces to begin working on legislative solutions. Those task forces should also evaluate creating vetted vendor registries, ensuring that only secure-by-design components connect to the grid, with shared registries across states to scale efficiency and strengthen national defense. These steps require coordination and funding, but they would deliver durable protections and set the baseline for a resilient energy future.

What’s Most Realistic?

In the near term, incentivized compliance offers the highest return on effort. Medium-term priorities should focus on institutional readiness and supply-chain visibility. Long-term legislative reform is essential but slower. Taken together, these actions can transform distributed energy from a security liability into a resilient pillar of national power, but only if states act before adversaries.

The post Securing Solar: Why the Next Great Infrastructure Risk Is Distributed appeared first on Just Security.

AI is “democratizing” cybercrime by making cyber tools, such as ransomware-as-a-service, easily available off the shelf. In addition to the human cost — including delays to hospital treatment, lack of power and disruption to education — economic losses are mounting. Last year, 389 healthcare institutions were successfully hit by ransomware in the United States alone. And it is predicted that by 2031, ransomware will attack a device every two seconds and collectively cost victims $265 billion per year.

To date, states have deployed a combination of strategies in response to such cyber operations, such as dialogue (including in the United Nations and between regional bodies), naming and shaming perpetrators or their state sponsors, imposing sanctions on the alleged perpetrators, or disrupting supply chains. But one avenue that has been little used so far is litigation. Few perpetrators of cyber attacks have had to answer for their actions in court.

This post explores some of the ways in which courts might provide a route for accountability for States that are the victims of cyber operations and highlights developments that will make this more viable in the future.

An Inter-State Cyber Claim before an International Court?

Inter-state litigation is increasingly popular, with nine cases filed at the ICJ between April 2023 and 2024 alone — around four times the annual average of earlier years. Two-thirds of all U.N. member states are currently engaged in proceedings before the ICJ, either as applicants, respondents, interveners or participants in Advisory Opinions. But in the cyber context, there are various reasons why a victim state may not wish to bring an inter-state case, even if they can get over the hurdle of assembling sufficient evidence to prove in court that cyber activity can be attributed to another state.

First, many states are reluctant to consent to an independent third party or court deciding on the merits of a dispute. This reluctance is amplified in the cyber context, where operations are typically conducted covertly and the evidence involved is sensitive. Second, as experts have noted, states so far have rarely characterized cyber operations against them as breaches of international law, precluding the existence of a legal “dispute.” One reason for this is that states — particularly major cyber powers — may wish to avoid limiting their own operational freedom, so they often describe cyber operations against them as “malicious” or “irresponsible” rather than “unlawful.” If a state does not consider that there has been a violation of international law — or, because of self-interest, prefers not to characterize it as such — it will not bring the matter before an international court. International litigation is also expensive and slow, so many states are likely to respond in other ways, such as by publicly attributing the cyber operation to another state, expelling diplomats, or imposing sanctions.

The lack of clarity about how international law applies in the cyber context also explains the lack of case law to date. Over 100 states (factoring in regional positions by the African Union and European Union) have published their views on this issue over the last decade. Although states’ views about how international law applies to cyberspace are starting to converge on certain issues, other issues — such as sovereignty and due diligence — remain contested. Powerful states in particular may not want to risk unexpected judgments on an issue that has significant policy implications.

But for less powerful states that are victims of malicious cyber operations, litigation could be an attractive option, especially if it results in meaningful remedies such as compensation. And states have been seeking legal advice on the merits of bringing an inter-state claim in response to cyber operations that have had significant effects on their infrastructure or population.

A new policy brief from the Oxford Institute of Technology and Justice explores this option, examining pathways for legal accountability for malicious cyber operations, including inter-state litigation before international courts and prosecution of individual perpetrators.

The brief surveys the challenges of litigation in the cyber context, including the need to gather evidence to establish the identity of the perpetrators, and whether the cyber activity can be attributed to a state under the rules on state responsibility. Cyber attribution is difficult, although techniques are improving due to strengthened international and public-private cooperation. There have been various proposals, for example by the Atlantic Council and RAND, for independent fact-finding mechanisms that could carry out attribution and, if appropriate, refer the case to the ICJ or U.N. Security Council. But these proposals — which envisage only a limited role for states — have not gained traction. More recently, there have been proposals for state-led mechanisms, such as a treaty-based fact-finding body or a mechanism that could establish standards of evidence for cyber attribution, and a list of experts that States could consult akin to the specialized panels of arbitrators and experts maintained by the Permanent Court of Arbitration in disputes on the environment or outer space. The ICJ also has fact-finding powers and can draw on expert evidence in such cases.

Another challenge in litigation related to cyber operations is establishing jurisdiction over a claim. Over 300 treaties have compromissory clauses that require a dispute involving interpretation or application of the treaty to be submitted to arbitration or the ICJ. When cyber activity interferes with air safety, subsea cables in international waters, or the inviolability of embassies, for example, there may be relevant treaties that contain such clauses. These include the Montreal Convention on the Suppression of Unlawful Acts against the Safety of Civil Aviation, the U.N. Convention on the Law of the Sea and the Optional Protocol to the Vienna Convention on Diplomatic Relations concerning the Compulsory Settlement of Disputes.

Consider, for example, a hypothetical scenario in which a state-sanctioned individual in State A launches a cyber intrusion into the air traffic control systems of State B. The cyber intrusion intentionally causes flight management systems to malfunction and the aircraft to crash, killing all on board. The Montreal Convention on the Suppression of Unlawful Acts against the Safety of Civil Aviation requires States parties to punish with “severe penalties” acts that threaten the safety of civil aviation. If State A refuses to extradite or prosecute the individual, State B may be able to bring a claim relying on the Convention, which refers disputes that cannot be settled by negotiation or arbitration to the ICJ. The Montreal Convention currently has 190 States parties, so its provisions bind most countries in the world. And many States have affirmed that “States should not knowingly allow their territory to be used for internationally wrongful acts using information and communication technologies,” as is reflected in the U.N. Norms of Responsible State Behaviour in Cyberspace adopted by the U.N. General Assembly. Under this scenario, there would be a treaty basis for the victim state to call the perpetrator state to take action against the individuals involved, and a route to an arbitral tribunal or ICJ if that state refused to do so.

It is also possible that inter-state claims concerning cyber operations will come before regional human rights courts. Under the hypothetical scenario above, if States A and B were both parties to the European Convention on Human Rights, State B could bring a case against State A before the European Court of Human Rights alleging a violation of the duty to respect the right to life and of the related duty to investigate the alleged violations if State A did not investigate the killings according to the Convention’s standards.

It would, however, be necessary to establish that State A had jurisdiction over the activities in question under Article 1 of the Convention, which will depend on the facts in question. There is no developed jurisprudence on how the concept of jurisdiction should be applied in relation to cyber operations, with the exception of some cases on surveillance (for example, Wieder and Guarnieri v U.K.). But based on an expansive trend on jurisdiction, in Strasbourg and in other human rights bodies, it is likely that at least some cyber operations will be covered.

The European Court would also need to be satisfied that the cyber activity in question can be attributed to the respondent state. In the recent cases of Ukraine and the Netherlands v. Russia and Carter v. Russia, where all or much of the relevant information was within Russia’s control but the Russian authorities did not carry out an effective investigation or seriously attempt to engage in fact-finding efforts by others, the European Court of Human Rights ruled that the burden was on Russia to show that violations did not occur and made adverse inferences due to Russia’s failure to cooperate with the court. (But cases against Russia would not be possible if the incidents happened today, because Russia ceased to be a party to the European Convention in September 2022 and the court can only deal with facts arising before that date.)

An Advisory Opinion from an international court is another possibility. Recently, there has been a flurry of requests for Advisory Opinions from the ICJ, and it is possible that we may also see one in the cyber context in due course. The number of states setting out their views on how international law applies in cyberspace continues to rise, but states’ views vary, and the legal significance of their “national positions” remains unclear. The ICJ’s views on, for example, the application of sovereignty or due diligence in the cyber context could provide clarification on key questions.

Since states create international law and are still determining how existing rules apply in the cyber context, it might be said that a legal opinion in this area would be premature. But there is some frustration about the lack of progress in discussions at the United Nations. There are also questions about whether a new Global Mechanism to Advance Responsible State Behaviour in Cyberspace, established at the U.N. in July, can lead to meaningful progress. If political dialogue and negotiation fail, it is possible that — as we have seen in the climate context (where advisory opinions have been sought recently before the ICJ, International Tribunal on the Law of the Sea, the Inter-American Court of Human Rights and the African Court of Human and People’s Rights) — some states will decide to turn to the courts.

Prosecution of Cybercrimes under Domestic and International Criminal Law

If a cyber operation can be attributed to an individual, states may also be able to prosecute that individual in domestic courts. The Budapest Convention on Cybercrime and the newly-adopted U.N. Convention against Cybercrime (due to be signed in Vietnam later this month) encourage states to criminalize certain cyber activity and to cooperate in investigating and prosecuting cybercrimes. But so far, there have been very few prosecutions, despite the vast number of cybercrimes committed worldwide.

Cybercrime investigations and prosecutions are challenging, typically involving digital evidence spread across multiple jurisdictions, and perpetrators operating covertly using an array of tactics to hide their tracks. Digital evidence can be damaged or compromised and in cyber cases can involve technically complex data such as malware logs and telemetry reports. Investigators and prosecutors also depend to a significant extent on the private sector to preserve and analyze this evidence. If perpetrators are state officials, doctrines of immunity may protect them. And perpetrators often operate from countries that refuse to extradite their nationals. For instance, the World Cybercrime Index shows that Russia is a major cybercrime hotspot but the Russian constitution prohibits the extradition of a Russian national to another state.

Still, there have been some recent successes. Prosecutions have been employed as part of a broader strategy for tackling malicious cyber activity, including sanctions, disruption operations and diplomatic initiatives such as the Counter Ransomware Initiative and Pall Mall Process. For example, Operation Cronos — an international law enforcement taskforce led by the U.K. National Crime Agency and the FBI, in coordination with Europol and Eurojust — successfully executed an international disruption campaign in 2024 against LockBit, the world’s most prolific and harmful ransomware group. The National Crime Agency assesses that this group has targeted thousands of victims globally, reportedly including the Royal Mail, the U.K. National Health Service, international law firms, aerospace companies and banks. The disruption operation involved law enforcement agencies from 10 countries working together to take control of the website and services of LockBit, compromising LockBit’s primary platform and taking down 34 servers in the Netherlands, Germany, Finland, France, Switzerland, Australia, the United States and the United Kingdom. Two LockBit operatives were arrested in Poland and Ukraine at the request of French judicial authorities and three international arrest warrants and five indictments were issued by the French and U.S. judicial authorities. The United Kingdom, United States and Australia also jointly sanctioned a senior leader of LockBit.

In the past decade, the United States has issued indictments against individuals from Russia, China, Iran and North Korea for malicious cyber operations. While in practice most of those indicted are unlikely to be extradited from their countries of nationality, the indictments show that the United States is prepared to publicly attribute cyber activity to specific perpetrators (as, for example, in the Park Jin Hyok case, involving an alleged North Korean hacker) and can back this up with evidence. Such indictments also send a message to states sponsoring cyber activity while raising awareness among the public and private sector about such activity. Those indicted also remain at risk of extradition if they travel. In 2024, for example, Evgenii Ptitsyn, a Russian national alleged to have coordinated the distribution of Phobos ransomware as part of an international hacking and extortion conspiracy, was extradited from South Korea to stand trial in the United States.

A number of new treaties may facilitate cybercrime investigations and prosecutions in the future. The U.N. Cybercrime Convention expands the possibilities for mutual legal assistance, including access to electronic evidence. The European Union’s e-evidence framework (coming into force in 2026) and the Second Additional Protocol to the Budapest Convention on enhanced cooperation and disclosure of electronic evidence (not yet in force) will also enable states to make requests for evidence directly to private telecom or social media companies.

Civil law proceedings can also play an important role in tackling cybercrime operations. For example, in 2024 the U.S. Department of Justice obtained court authorization to gain access to ransomware networks and swipe decryption keys, disrupting a botnet that targeted more than 200,000 consumer devices, including video recorders and Wi-Fi devices, worldwide.

For the most serious cyber operations, there is another avenue to accountability which has received little attention to date — international criminal law. A draft policy by the Office of the Prosecutor of the International Criminal Court on Cyber-Enabled International Crimes under the Rome Statute, expected to be finalized in the coming months, makes clear that international crimes can be committed or facilitated by cyber means in addition to more traditional means, and that the court has the jurisdictional framework to prosecute them. The policy may also provide useful guidance for domestic courts that have the power to assert jurisdiction over international crimes.

Looking Forward

As state-sponsored cyber operations proliferate around the globe, it is likely that states will start to seek accountability through the courts. Non-state actors are already seeking justice for such harms. For example, the European Court of Justice recently held that a victim of a cyber operation against the Bulgarian National Revenue agency that affected the private data of six million people may be able to claim compensation for certain types of harm. In July 2025, the European Court of Human Rights considered an application brought by individuals alleging that the United Kingdom failed to properly investigate cyber interference in elections. And in two recent cases in the United Kingdom, individuals have successfully challenged the use of spyware by Saudi Arabia and Bahrain.

There are myriad ways in which international and domestic courts can play a role in accountability for unlawful cyber operations. And developments in evidence gathering, attribution and multi-stakeholder cooperation have created clearer pathways to legal accountability. With cyber operations becoming more pervasive and destructive, it is likely that cyber cases will soon appear on the docket as victims seek their day in court.

The post Will Victims of Cyber Attacks Soon Get Their Day in Court? Options for Accountability for Cyber Attacks appeared first on Just Security.