In 1939, a handful of physicists knew that uranium fission could be scaled into a weapon. By 1945, a nation-state had used two of them. The lag between interesting physics and geopolitically decisive was six years. The history of consequential technology is the history of that lag shrinking.
For AI, it's already zero. Autonomous drones are being deployed in active conflict. Deepfake-driven disinformation is a standing feature of every national election. Cyberwarfare has been AI-augmented for nearly a decade. Intelligence agencies in every major capital are running internal AI programs whose details we can only infer.
This course is about AI as a security technology — not in the abstract but as actors (governments, militaries, intelligence services, and non-state adversaries) are actually using it in 2026. It covers autonomous weapons systems, cyber offense and defense, election integrity, the geopolitics of AI compute, and the question that sits under all of it: what responsible security policy looks like when the technology moves faster than the policy can be written.
If you finish every module, here's who you become:
In the spring of 2020, a United Nations Panel of Experts report documented an engagement during the Libyan civil war in which a Kargu-2 loitering munition — a Turkish-built autonomous drone — hunted down and attacked retreating Haftar-affiliated forces without requiring a human operator to authorize each strike. The UN report, released in March 2021, described the system as having been programmed to attack targets autonomously, marking what many analysts identified as the first documented lethal engagement by an autonomous weapons system without direct human control over individual targeting decisions.
The event passed with little public attention. No international treaty was violated — because no such treaty yet exists.
Military AI does not arrive as science fiction. It arrives incrementally, in layers. The U.S. Department of Defense describes autonomous weapons along a spectrum defined by human involvement in the "kill chain" — the sequence of steps from target identification to weapons release.
At one end: human-in-the-loop systems require a human to authorize every engagement. The MQ-9 Reaper drone, though highly capable, still requires a human operator to press the trigger. At the other end: human-out-of-the-loop systems act entirely on their own. In between lies human-on-the-loop — systems that can engage autonomously but allow a human to intervene if they're watching and fast enough.
In April 2017, the U.S. Department of Defense launched Project Maven (formally the Algorithmic Warfare Cross-Functional Team), tasking Google's TensorFlow AI to analyze full-motion drone video and automatically identify objects — vehicles, buildings, people — to assist human analysts. At its peak, the system was processing over one million minutes of drone footage per day from operations in Iraq and Syria.
In 2018, approximately 4,000 Google employees signed an open letter opposing the project, citing ethical concerns about AI in warfare. Google declined to renew its contract. The Pentagon continued the program with other contractors, including Palantir and Anduril. Project Maven remains active today under the National Geospatial-Intelligence Agency.
Maven's controversy crystallized a tension that defines the field: AI dramatically accelerates military effectiveness, but the corporations building the most capable AI systems are staffed by engineers who may refuse to build weapons.
DoD Directive 3000.09, updated in 2023, continues to require that autonomous weapons be designed to allow commanders to exercise "appropriate levels of human judgment." Critics note the directive contains a national-security waiver that allows the Secretary of Defense to override these requirements — and that "appropriate" is never precisely defined.
Israel's Iron Dome air defense system, deployed since 2011, operates in an effectively automated mode during high-volume rocket attacks. The system uses radar and AI to track incoming projectiles, calculate intercept trajectories, and launch interceptors — all within seconds, far faster than any human decision loop. Human operators can technically intervene, but at the volume of attacks Iron Dome faces (it intercepted over 1,500 rockets in a single week during May 2021), meaningful human review of each intercept decision is operationally impossible.
Iron Dome is widely viewed as a defensive system and attracts little ethical controversy. But defense analysts point out that the precedent it establishes — machines autonomously engaging targets because humans cannot act fast enough — applies equally to offensive systems as adversarial speeds increase.
Modern electronic warfare, hypersonic missiles, and cyberattacks operate at speeds that make human-in-the-loop authorization increasingly impractical. The military logic for AI autonomy is partly a product of adversarial timelines: if a hypersonic missile arrives in 90 seconds, a human authorization chain may take longer than that.
You are a policy analyst advising a Senate Armed Services subcommittee on autonomous weapons regulation. The AI assistant will play the role of a DoD doctrine expert. Engage in a substantive discussion about where to draw the line on autonomous targeting authority.
Complete at least 3 exchanges to finish this lab.
Documents released by Edward Snowden and reported by The Intercept in 2015 revealed that the NSA operated a machine learning program called SKYNET — its actual name — that analyzed metadata from Pakistan's mobile phone network to identify potential couriers for al-Qaeda leadership. The algorithm processed call records, travel patterns, and behavioral signatures for 55 million Pakistanis to produce a ranked list of terrorism suspects.
Data scientists who reviewed the methodology publicly assessed the algorithm's accuracy at roughly 50 percent — no better than a coin flip — when applied to the tiny fraction of the population it flagged as highest-risk. At least one person executed in a drone strike, Afghan journalist Ahmad Muaffaq Zaidan of Al Jazeera, appeared on the SKYNET list. He was never charged with any offense.
Intelligence, Surveillance, and Reconnaissance (ISR) was already the domain of massive data collection before AI. What AI changes is the ability to process and correlate that data at scale. A single Global Hawk drone produces roughly 1 terabyte of imagery per day — far more than human analysts can review. AI provides automated screening, object detection, pattern-of-life analysis, and anomaly flagging that allows small teams of analysts to effectively supervise surveillance of entire regions.
The NSA's XKeyscore program — also disclosed in the Snowden documents — used rule-based and statistical classifiers to triage internet traffic from over 150 global collection points. More recent systems like the Pentagon's MAVEN Smart System and the intelligence community's Sentient program (operated by the National Reconnaissance Office) apply deep learning to satellite and aerial imagery to track moving objects, detect construction changes, and identify military vehicles across millions of square miles.
Palantir Technologies has held contracts with the U.S. Army, Special Operations Command, and intelligence agencies since 2005. Its Gotham platform ingests data from disparate military and intelligence databases and presents fused, correlated intelligence pictures — effectively converting raw signals into actionable targeting information. In 2021, the Army awarded Palantir a $823 million contract for its Tactical Intelligence Targeting Access Node (TITAN) system, designed to use AI to connect ground-based sensors to targeting data for long-range precision fires.
TITAN represents a shift: rather than AI helping analysts understand a battlefield, AI helps compress the time between data collection and weapons employment. The human analyst remains in the loop, but the loop gets shorter — and the AI's role in shaping what the analyst sees, and therefore what they decide, grows correspondingly larger.
When applied to populations where the true base rate of the thing being detected (terrorism) is extremely low — perhaps 1 in 1,000,000 — even a 99.9%-accurate classifier produces thousands of false positives for every true positive. This statistical reality, known as the base rate fallacy, makes AI targeting systems inherently dangerous when applied to large, low-prevalence threat populations. The SKYNET program's reported 50% accuracy on its highest-confidence outputs illustrates how far short of acceptable current systems can fall.
China's People's Liberation Army (PLA) has invested heavily in AI-enabled ISR, including the Sharp Eyes (雪亮工程) program, which links hundreds of millions of surveillance cameras with AI-powered facial recognition across Chinese territory. Publicly available PLA documents describe plans for "intelligentized warfare" in which AI fuses data from space, air, sea, ground, and cyber domains in real time to present commanding officers with a continuously updated operational picture. The U.S. Department of Defense's 2023 China Military Power Report assessed that China views AI-enabled ISR as central to achieving information dominance — the ability to see and act faster than an adversary — in any future conflict.
You are a civil liberties attorney presenting to the UN Special Rapporteur on extrajudicial executions. The AI assistant represents a military ISR program director defending algorithmic targeting. Interrogate the accuracy standards, error accountability, and legal frameworks governing AI-generated kill lists.
Complete at least 3 exchanges to finish this lab.
Stuxnet, the joint U.S.-Israeli cyberweapon that destroyed roughly 1,000 Iranian uranium centrifuges at the Natanz enrichment facility between 2007 and 2010, was meticulously hand-crafted. Analysts at Symantec and Kaspersky estimated it contained over 15,000 lines of code, required years of development by a team with deep knowledge of Siemens industrial control systems, and was tested on replica centrifuge arrays in the United States. Its precise, surgical design was a feature: the weapon was engineered to affect only specific Siemens PLCs running at specific speeds — to destroy centrifuges while leaving surrounding infrastructure intact.
What took a nation-state team years to build, AI-assisted code generation can now approximate in weeks. The implications for cyber proliferation are severe.
Traditional cyberweapons require specialized human expertise: finding zero-day vulnerabilities, writing exploit code, building command-and-control infrastructure, and testing against target systems. Each step is time-intensive and requires rare skills. AI is compressing all of these phases simultaneously.
Vulnerability discovery: Large language models fine-tuned on software codebases can identify security vulnerabilities in code at scale. In 2023, researchers demonstrated that GPT-4 could identify and suggest exploits for 87% of "one-day" vulnerabilities — publicly disclosed but unpatched flaws — when given their CVE descriptions. DARPA's AI Cyber Challenge (AIxCC), launched in 2023 with $18.5 million in prizes, explicitly tasks AI teams with autonomously finding and patching vulnerabilities in critical infrastructure software.
Malware generation: Security researchers have demonstrated that AI tools including WormGPT (a jailbroken LLM) and purpose-built tools can produce functional malware code. In 2023, CrowdStrike reported a 71% increase in cloud intrusions, with AI-assisted attack tools cited as a contributing factor to the acceleration of attack timelines.
Electronic warfare (EW) — jamming, spoofing, and intercepting radio-frequency signals — has always been a contest of speed and signal processing. AI is reshaping this domain by enabling systems to adaptively learn an adversary's radio signatures in real time and adjust jamming strategies faster than any human operator could.
The U.S. Air Force's SPAR (Self-Protected Approach and Landing Capability for Rockets and Missiles) program and the Navy's Next Generation Jammer both incorporate machine learning for adaptive spectrum management. DARPA's Spectrum Collaboration Challenge (2019) demonstrated that AI radio systems could negotiate spectrum sharing with greater efficiency than human-managed systems — a foundational capability for AI-controlled battlefield communications and jamming.
China's PLA Electronic Systems Department has published research on AI-enabled cognitive electronic warfare — systems that learn adversary radar waveforms from intercepted signals and generate optimal countermeasures autonomously. Russian military doctrine documents obtained and published by the European Council on Foreign Relations describe "reflexive control" — manipulating adversary decision-making through information operations — as a domain where AI provides decisive advantage.
AI-generated cyberattacks are harder to attribute than human-crafted ones. Distinctive coding styles, tooling fingerprints, and infrastructure reuse — the clues forensic analysts use to attribute attacks to specific nation-states — can be deliberately randomized by AI. The 2021 Microsoft Exchange Server breach (attributed to Chinese group HAFNIUM) and the 2020 SolarWinds supply chain attack (attributed to Russian SVR) both demonstrated sophisticated supply chain and evasion techniques that AI could further automate and obscure.
You are a cybersecurity policy director at the State Department. The AI assistant represents a national security hawk arguing that the U.S. must develop and deploy AI-enabled offensive cyber capabilities at scale before adversaries do. Engage critically on the question of AI cyberweapon proliferation, escalation risk, and arms control.
Complete at least 3 exchanges to finish this lab.
In May 2014, the United Nations' Convention on Certain Conventional Weapons (CCW) hosted its first formal discussion on Lethal Autonomous Weapons Systems. A decade later, nations are still meeting, still discussing, and still producing no binding agreement. The United States, Russia, China, Israel, South Korea, and Australia have all formally opposed a binding treaty ban on autonomous weapons. The International Committee of the Red Cross called in 2021 for new rules establishing mandatory human control over lethal force — its most explicit demand to date. As of 2024, the CCW process has produced a set of non-binding guiding principles that carry no legal enforcement mechanism.
Meanwhile, the Kargu-2 was sold. The Switchblade was deployed. Loitering munitions proliferated to over 40 nations.
Traditional arms control — from the Nuclear Non-Proliferation Treaty to the Chemical Weapons Convention — relies on three foundations: a clear definition of the prohibited item, a verification mechanism (inspections, satellites, forensics), and a small number of states possessing the technology. AI weapons satisfy none of these conditions.
Definition problem: Where does "autonomous targeting" begin? Is an air defense system that automatically intercepts incoming missiles autonomous? Is a loitering munition that searches for radar emissions? Different states answer these questions differently, and no consensus definition of a LAWS exists in international law.
Verification problem: Unlike nuclear facilities (which are large, expensive, and detectable by satellite) or chemical precursors (which have distinctive signatures), autonomous weapons software can run on commercially available hardware and be updated without physical evidence of change. There is no inspection regime that could reliably verify compliance.
Proliferation problem: The foundational technologies — computer vision, machine learning, edge computing — are commercially available globally. A nation that signs a LAWS treaty faces adversaries who can develop equivalent capability from commercial drones and open-source AI frameworks.
The U.S. National Security Strategy (2022) identifies China as the "most consequential geopolitical challenge" and lists AI as a primary domain of competition. China's "New Generation AI Development Plan" (2017) explicitly set the goal of global AI leadership by 2030, with defense applications listed as a priority. Russia's 2030 AI strategy, published in 2019, similarly frames AI leadership as essential to strategic parity with the United States.
This competitive framing creates a powerful dynamic against arms control: any nation that agrees to limit AI weapons development risks falling behind adversaries who may defect from or simply ignore such limits. The structure mirrors the early nuclear era — before Hiroshima — when each power reasoned it could not afford to be second.
A coalition of more than 270 NGOs from 70 countries, the Campaign to Stop Killer Robots has lobbied since 2013 for a binding international treaty banning fully autonomous weapons. The campaign counts support from 70 UN member states as of 2024. Among the major military powers — the U.S., China, Russia, U.K., France, and Israel — none supports a binding prohibition. The gap between civil society consensus and state behavior reflects the perceived strategic value of autonomous weapons to those who currently lead in their development.
The Biden Administration's October 2023 Executive Order on AI included a classified annex on military AI applications. The publicly visible elements of U.S. policy — including the DoD's Responsible AI Strategy (2022), the Political Declaration on Responsible Military Use of AI (2023, endorsed by 50+ nations), and Pentagon Directive 3000.09 — attempt a middle path: permitting AI in defense applications while requiring "appropriate" human control and ethical use standards.
Critics argue this approach avoids the hard questions. "Appropriate human control" over a system engaging targets at machine speed is not defined with operational precision. The Political Declaration is explicitly non-binding. And the nations whose practices raise the most concern — Russia, China, Iran, North Korea — did not sign it.
The governance gap is not primarily a technical problem. The technology to implement meaningful human control exists. It is a problem of political will: nations that believe autonomous weapons provide decisive military advantage have strong incentives to preserve that advantage by resisting binding constraints.
The most likely near-term governance outcome is not a comprehensive LAWS treaty but rather fragmented national regulations, informal norms, and escalating incidents that gradually — and perhaps catastrophically — pressure states toward more binding agreements. The parallel to chemical weapons is instructive: the Chemical Weapons Convention was negotiated after widespread use in World War I had established the horror of these weapons in international consciousness. For autonomous weapons, that formative event has not yet occurred at sufficient scale.
You are a diplomat leading a new UN working group tasked with drafting a framework for governing lethal autonomous weapons. The AI assistant will play a skeptical Chinese diplomatic counterpart who supports developing AI weapons but is open to limited norms. Your challenge: find workable governance mechanisms that might actually attract state consent.
Complete at least 3 exchanges to finish this lab.