Writing by Brandon Karpf

Japan leans in to the cyber fight. (Source: The CyberWire Daily Podcast)

Wed, 13 May 2026 00:00:00 GMT

On The CyberWire Daily Podcast, I joined Dave Bittner to unpack what Prime Minister Takaichi’s growth strategy actually signals: Japan has named space and cyber as priority sectors, is operationalizing an Active Cyber Defense Law that authorizes offensive cyber, and is putting roughly $60 billion behind a space security strategy fund aimed at modernizing architectures and building domestic talent. JAXA has been breached twice in recent years, the Viasat attack on day one of the Ukraine war made the threat to space-enabled infrastructure undeniable, and Japan has decided that sitting on the sidelines is no longer an option.

The more important point is structural. National critical infrastructure is not a stack of independent silos. Water depends on energy, energy depends on telecommunications, telecommunications depend on space, and a vulnerability in satellite communications or a ground station can propagate into ports, transportation, and the grid. That is the lens I want decision-makers to use. The Active Cyber Defense Law’s second pillar makes public-private collaboration a formal instrument of policy, and Japan’s first-ever ground participation in a multilateral military exercise in the Philippines, shows the outward posture is real.

Key topics

Interdependence Over Asymmetry: The right frame for space security is not offense-defense balance but the dependency graph linking space, energy, water, ports, and telecommunications into one system.
Japan’s Posture Reversal: Within 18 months Japan has authorized active cyber defense, committed major capital to space security, and moved from cyber-isolationist to coalition partner.
Public-Private as Policy Instrument: Codifying public-private collaboration as a statutory pillar, rather than treating it as a side channel, is what allows industry to do meaningful work alongside government on national security problems.

The First Island Kill Chain

Thu, 30 Apr 2026 00:00:00 GMT

A decommissioned warship sits at sea. Towed into place by a tug. No crew aboard, no power on, anchor rust-locked, the hulk rides a long Pacific swell.

On islands close to the firing waters, missile launchers stand on prepared positions. Surveyors marked the firing points in the days before. The launchers came in under tarps and went up on quiet schedules. Manned by the young sons and daughters of three nations, the launchers reach for the same patch of water.

A missile leaves a rail. Sea-skimming, low against the water, tracking toward the hulk.

A second missile follows from a different launcher, flying a higher profile than the first. Then a third, this one supersonic in terminal phase, a decapitating strike from high noon designed to punch a hole from the top of the mast down to a detonation in the engine room. Each missile from a different flag. The integrated fires sequence across three nations on a shared schedule, a shared targeting picture, with shared rules of engagement.

The hulk takes the first hit. Then a second. The hits accumulate. The bow rides lower; the deck angles toward the sea; the hulk begins to settle.

Then it goes under.

The launchers are Philippine, American, and Japanese.

The Japanese missile is a Type 88 surface-to-ship missile, an offensive Japanese weapon fired from foreign soil for the first time since World War Two.

The hulk is the BRP Quezon.

Manuel Quezon, the namesake, led his country in exile from Australia and the United States while the Imperial Japanese Army occupied his archipelago between 1942 and 1945.

This rehearsal expresses an architecture the Western Pacific did not have a year ago. Japan is back.

Eighty Years, Seven Months

20 April 2026. Monday morning in the Philippines.

At Camp Aguinaldo in Quezon City and across half a dozen exercise sites on Luzon and the outlying islands, seventeen thousand troops are starting the largest Balikatan Military Exercise in the program’s forty-one-year history. They come from seven active-participant countries: the Philippines, the United States, Australia, Japan, Canada, France, and New Zealand. Seventeen more nations sent observers. About fourteen hundred of the troops are Japanese, deployed across Ground, Maritime, and Air components. The first combat-tasked Japanese force on Philippine soil since the Imperial Japanese Army’s surrender in September 1945.

Eighty-one years separate the two arrivals.

Corregidor fell on 6 May 1942. Japan surrendered on 2 September 1945. Between then and this morning came the postwar scaffolding the Pacific has lived inside ever since: the San Francisco Peace Treaty in 1951, the Philippines-US Mutual Defense Treaty the same year, the 1956 Reparations Agreement, the 1960 US-Japan Security Treaty, and the 2024 Japan-Philippines Reciprocal Access Agreement, which entered into force in September 2025 and provides the legal authorization for a JSDF combat unit to stand on Philippine soil this morning.

Eighty years, seven months, and a handful of days between the last Japanese combat boots to leave Philippine soil and the first one to land on it again, this time by Filipino invitation, under a treaty Filipino legislators ratified, alongside a Japanese government that funded the trip out of a defense budget Japanese voters approved.

General Romeo Brawner, the Armed Forces of the Philippines chief of staff, said at the opening ceremony, “After 1945, for the very first time, we will have again Japanese combat troops on Philippine soil.” Brawner did not soften the sentence. He used the word “again” deliberately. He used it because the moment demanded the word.

What made today possible is also what makes today meaningful for the defense of the Pacific against the growing threat from China.

The Architecture

A kill chain is the sequence by which a military finds a target, tracks it, fires on it, and confirms the kill. Doing it inside one military is hard. Doing it across three militaries, with shared sensors, shared data, shared rules of engagement, and shared willingness to release weapons under the same flag-state’s call, is an order of magnitude harder. Three navies do not run a single kill chain by accident.

The exercises during Balikatan 2026 are running one.

The architecture under it took three years to field. Walking it backward: the 2022 Japanese National Security Strategy named China as Japan’s strategic challenge in plain language, and authorized counterstrike capability for the Self-Defense Forces. The 2023 Japanese Defense Buildup Plan committed ¥43 trillion across five years and sent Japanese defense spending toward two percent of GDP, a number every Japanese government from the 1960s forward had treated as the political third rail. In December 2023, then-Prime Minister Kishida revised the export rules to authorize sale of finished lethal weapons for the first time. The Active Cyber Defense Law passed Tokyo’s Diet in 2025 and enters force on 1 October 2026. Then on 21 April 2026, Sanae Takaichi’s government expanded the weapon export authorization to seventeen partner countries with which Japan holds defense agreements, the Philippines among them. The most consequential strategic shift in the Pacific since 1960 was assembled in budget footnotes and bureaucratic releases that nobody covers because nobody is paid to cover bureaucratic releases.

I catalogued this build-up in more detail in The Quiet Rearmament. This week is what it looks like in firing position. Guns up, ready to fire.

Takaichi posted to X in the first days of Balikatan: “In an increasingly severe security environment, no single country can now protect its own peace and security alone.” That is the thesis in the Prime Minister’s own words.

The industrial layer carries the same shape as the exercise. The Global Combat Air Programme, the trilateral fighter project Japan runs with the United Kingdom and Italy, awarded its first joint contract on 3 April 2026: £686 million to Edgewing, the joint venture that will build the airframe. Tokyo’s March 2024 Cabinet decision authorized GCAP exports to third-party countries, with at least fifteen states identified as eligible buyers. Coproduction and foreign sales of offensive weapons. The defense industrial base and international coalition is growing.

Then the geometry. NMESIS launchers from the US Marine Corps’ 3rd Marine Littoral Regiment and HIMARS from the US Army’s 25th Infantry Division flew into Itbayat, the northernmost inhabited island of the Philippines, on US Air Force C-130s. Combined system range covers 100 to 300 miles. The Philippine Marine Corps brought BrahMos, live and notional, into the same firing line with an operational range of more than 500 miles. The Japanese Type 88 fires its anti-ship missile to 100 miles. Itbayat sits 100 miles from Taiwan. Four anti-ship systems, three flags, one chokepoint. Whoever sails through that water now has to assume firepower can arrive from four launch positions, on four different service command nets, with four different missile flight profiles, and therefore four different missile defense procedures, against one shared target.

Those are four fangs that change the chokepoint math.

And those are only the land shooters. Col. Dennis Hernandez, Balikatan spokesperson for the Armed Forces of the Philippines, called the SINKEX “a combination of air, land, and maritime assets sinking the target vessel” in an interview at Camp Aguinaldo. Joint and combined.

The Receipts

If you want to know whether a deterrence architecture is working, watch the adversary. Beijing starts reacting the morning the architecture goes operational.

Day one. PRC Foreign Ministry spokesperson Guo Jiakun steps to the podium in Beijing on 20 April and delivers a warning in his own voice rather than handing it to state press: “We wish to remind the countries concerned that blindly binding themselves together in the name of security will only be akin to playing with fire, ultimately backfiring upon themselves.” The “playing with fire” formula is high-register PRC rhetoric, ordinarily reserved for direct security warnings. Guo invokes the Pacific War: “Japan bears grave historical responsibilities for Southeast Asian countries, including the Philippines, due to its aggression and colonial rule during WWII.” Chinese Foreign Ministry spokespersons do not deploy WWII guilt by accident.

Day two. On 21 April, Beijing responds to Takaichi’s export-law expansion: “seriously concerned,” “reckless militarisation,” “highly vigilant and resolutely opposed.” The Global Times, the Chinese state-press paper that handles escalation when the Ministry stays calibrated, simultaneously runs a long piece featuring Zhang Junshe, a senior colonel of the People’s Liberation Army Navy, who describes the JSDF deployments as “endowed with substantive offensive combat capabilities” and characterizes Japan as “willingly acting as a pawn of the US in the Asia-Pacific region.” Two registers with the same message.

Day five. On 24 April, the PLA Southern Theater Command organizes Task Force 107, led by the Type 055 guided-missile destroyer Zunyi, and conducts live-fire drills east of Luzon: “a necessary action in response to the current regional situation.” Behind the surface action group come the carrier Liaoning and a Type 075 amphibious assault ship. A Type 055 fires a YJ-20 hypersonic anti-ship missile in the vicinity.

Around 28 April, a combined Russian-Chinese surface task group transits Japan’s southwestern approaches en route to the East China Sea.

The vocabulary China uses is borrowed from the US. In October 2023, after the Hamas attack on Israel, the Biden administration ordered the USS Gerald R. Ford carrier strike group to the eastern Mediterranean within days, then added the USS Eisenhower carrier strike group, specifically to deter Iran and Hezbollah from a wider regional war. American doctrine, expressed as deployments rather than treaties, on the theory that an adversary’s calculation changes when an aircraft carrier appears in the relevant ocean. Beijing is now running the same playbook: a carrier, an amphib, a surface action group, and a hypersonic missile fired in the vicinity. Three axes of escalation in nine days, in answer to one exercise. All deployed as deterrence theater against a multilateral kill chain that Beijing did not take seriously a year ago.

Deterrence theory says this is what a credible adversary does when it sees a credible threat. They do not wave it off. They do not dismiss it as exercise theater. They sail their own ships, fly their own missiles, and try to prove that the cost of testing the architecture has gone up. That is the adversary giving the architecture its grade.

Beijing just gave us an A+. Thank you, Japan. Keep building.

”I Shall Return”

MacArthur said it from a railway platform in Australia in March 1942, after his evacuation from Corregidor. He returned at Leyte in October 1944, two years and seven months later, with an American army that liberated the Philippines from Japanese occupation. My grandfather was with them. The architecture MacArthur came back to restore was simple in concept and brutal in execution: a Pacific in which the Philippines could exist as a sovereign country instead of as somebody’s colony.

Eighty years and seven months later, Japan is back.

This time as ally. This time as one of three nations that fired this week on a chokepoint a hundred miles from Taiwan, in defense of the same archipelago, against the next adversary that thinks the Pacific is up for grabs. The country MacArthur came back to fight is now part of the architecture MacArthur came back to build. That is what eighty years of work looks like when the work was done right.

The Pacific is safer this week than it was last week. The deterrent grew because Japan grew into it. The hub-and-spoke alliance the United States designed in 1951 cannot carry the load alone in 2026, and Japan stopped pretending the United States could carry it. Three Reciprocal Access Agreements in two years, with Australia, the United Kingdom, and the Philippines. A fourth in negotiation with France. Canada, France, and New Zealand on the Balikatan firing range as active participants for the first time, alongside Australia, Japan, the United States, and the Philippines. An export law that lets Japan sell weapons to the seventeen countries it has signed defense agreements with. A Prime Minister who publicly champions her own bilateral and multilateral defense agreements. A Self-Defense Force that fires the Type 88 from a foreign island and goes home to a country that ratified the trip.

The Type 88 launchers will leave Itbayat when Balikatan ends on 8 May. The fourteen hundred JSDF personnel will load onto Japan-flagged ships and aircraft and rotate home under the same Reciprocal Access Agreement that governed their entry. The exercise will close. The architecture stays.

The next exercise is already on the calendar. Balikatan 2027. The multilateral cycles that come whenever Beijing decides to test the architecture again. Whatever follows the day France’s RAA enters force. The Type 88 launcher on Itbayat is one weapon. The architecture turns one weapon into four, and three flags into seven. The coalition executes and maneuvers faster than the PLA can respond.

Keep going, Takaichi. Damn the torpedoes, full speed ahead.

The Mythos Deferral

Wed, 22 Apr 2026 00:00:00 GMT

The letter was never written as one document.

Six regulators drafted it, across three continents, over roughly ten days. But when you stack the public statements side by side, from the European Central Bank, the Federal Reserve Bank of New York, the Bank of England, the UK National Cyber Security Centre, the Canadian Centre for Cyber Security, and the European Commission’s DG Connect, the paragraphs compose into something like this:

Dear Anthropic,

We write to express our sincere appreciation for your decision to defer the deployment of Claude Mythos pending further consultation with our authorities. Your willingness to self-impose a staged rollout, and to engage with regulators in advance of release, reflects the responsible stewardship our institutions value. We look forward to continued dialogue.

With gratitude and affection.

No modern regulator has ever publicly thanked a frontier technology vendor for postponing a product release. The closest historical parallel, the EPA thanking DuPont in 1988 for voluntarily ceasing CFC production, happened only after the Montreal Protocol gave the EPA the authority it thanked DuPont for respecting. Here, no Montreal Protocol exists. No statute applies. No Senate has ratified anything. Just the thank-you.

Six regulators in ten days. Every one of them used some variant of “grateful.” Anthropic’s own corporate summary of the coordination used “grateful” twice.

No modern regulator has ever publicly thanked a frontier technology vendor for postponing a product release.

Anyone who has read a little nineteenth-century history recognizes the form. In 1815, at the Congress of Vienna, the great powers of Europe invented a new governance technology. They coordinated the continental order through letters, congresses, and polite restraint, without a binding treaty. They called it the Concert of Europe. It worked, more or less, for a century. Then it didn’t, catastrophically.

The Mythos deferral is the AI-policy community’s reinvention of the Concert. The letter on top of this essay is its Congress of Vienna.

Companion, not continuation

Three weeks ago I argued that democratizing offensive AI capability is good. The Monks and the Machine made the capability argument. This piece makes the governance argument.

Offensive cyber capability is getting democratized. A governance vehicle is getting normalized alongside it. The first piece celebrated the direction of travel. This one names the vehicle we’re using to manage the direction, and argues we should be clear-eyed about it before calling it a solution.

Because “coordinated multilateral regulatory endorsement of a voluntary vendor deferral” was not a governance system that existed two months ago. A new thing got canonized this week. The press has taken it for granted. I would like to name it while it is still name-able.

What the thank-you note admits

Every thank-you note is a confession. The gift it acknowledges is the gift the giver did not have to give. Acknowledged here is the deferred product launch. In the text of their acknowledgments, the regulators confessed the three capacities they lack to control this technology.

None of the signatories have the technical capacity, the infrastructure, to independently evaluate a frontier model of Mythos’s scale and character. The Bank of England cannot stand up a red team capable of adversarial evaluation of the model’s cyber capability uplift. The ECB cannot pressure-test its banking-sector risk. DG Connect has no AI evaluation authority structurally comparable to the UK’s AI Safety Institute, and the AISI has existed for less than two years and evaluates on vendor-provided access. The regulator is, functionally, asking the vendor to grade its own work and then thanking the vendor for the grade.

None of the signatories have the legal capacity to control a frontier model of Mythos’s scale and character. The EU AI Act, the statute most often cited as the fastest-moving AI law in the world, was first proposed by the European Commission in April 2021. It entered into force in August 2024. Its implementing phases roll out through 2027. The thank-you note took ten days. The Act is what formal AI regulation looks like in the EU. The note is what informal coordination looks like when the Act has nothing in its obligations section that maps to a US-trained frontier model deployed via US-based cloud infrastructure into eurozone banks under a voluntary deferral framework. US bank regulators, for their part, have no statute that compels pre-release AI consultation at all. On April 7, Treasury Secretary Bessent and Federal Reserve Chair Powell convened the largest US bank CEOs in part to discuss Mythos. That was a convening. It had no enforcement tail. Convenings do not ship regulation.

None of the signatories have the jurisdictional capacity to oversee a frontier model of Mythos’s scale and character. The six regulators who signed the imagined letter govern, together, roughly eight percent of the world’s population and maybe fifty percent of the world’s AI capital. Their reach over Mistral, Qwen, DeepSeek, the UAE’s Falcon program, or a state-backed Chinese frontier lab is approximately zero. None of those labs participated in the Mythos chorus. None sent a deferral statement. None received a thank-you note. The regime the signatories just canonized works for the vendors inside the room. It has no mechanism for the vendors outside the room.

Meanwhile, in a room somewhere off the 101 near San Francisco where the actual coordination is happening, Project Glasswing launched on April 8 with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and roughly forty others, backed by a $100M Anthropic credit commitment. The signatories of the thank-you note are not in that room.

I wrote last December about the governance of the offensive cyber enterprise: private firms operating at the edge of state capability, where the commercial logic writes the rules the state cannot. The thank-you note is that same pattern, generalized to frontier AI.

Three capacity gaps, named plainly. The name for this kind of governance, when it has worked, is the Concert. When it has not worked, the name is the same.

The Concert, fairly described

Kissinger’s A World Restored, written in 1957 about the period between 1812 and 1822, remains the canonical English-language account of how the great powers assembled the order that followed Napoleon. The working principle was elegant, aristocratic, and alien to modern ears. The victors of a continental war did not impose a peace through treaty. They coordinated one through correspondence. Metternich and Castlereagh wrote letters. Congresses convened in Aix-la-Chapelle, Troppau, Laibach, and Verona. Restraint was polite. Obligation was unwritten. Enforcement ran on reputation.

It worked. For about thirty years, the peace held. The coordination accommodated a genuinely difficult coalition of monarchies and constitutional systems, each with different interests and different theological commitments about what an international order was supposed to look like. The Concert metabolized the 1830 revolutions in France, Belgium, and Poland without collapsing into continental war. That is a real achievement. Informal coordination on dual-use capability of the gravest kind (fielded armies) managed to produce three decades of non-catastrophic outcomes.

Then the coordination began accommodating less well. Nationalism and unification broke the coalition. Bismarck’s Germany, consolidated through three wars between 1864 and 1871, was a new kind of actor the Concert had not been designed to handle. A willing non-cooperator, rational but unsentimental about the informal mechanism, eventually exposed its structural limits. The Concert persisted for another forty years after Bismarck, through diminishing returns, until one assassination in Sarajevo in June 1914 triggered a cascade it had no structural resistance to.

Informal multilateral coordination on dual-use capability has a characteristic trajectory. It works. Then it accommodates less well. Then it fails catastrophically against a non-cooperator. The half-life of the mechanism is a function of how long the cooperating parties remain genuinely aligned on the substantive thing being coordinated.

A polite letter has always been what power sends when it has run out of other instruments.

The case for the letter, fairly stated

Informal multilateral coordination is a real governance mode with a real track record. Formal rulemaking cannot keep pace with dual-use technology that changes every training run. The Montreal Protocol began as voluntary industry commitments and produced a functioning ozone regime that the ratification phase later locked in. The Basel Accords have coordinated global banking supervision for forty years through non-binding agreements that central banks then incorporated into domestic rule. The US AI Voluntary Commitments from July 2023 produced faster alignment across frontier labs than any formal process could. Hard law and soft law are substitutes with different comparative advantages, and soft law frequently iterates faster and produces equivalent compliance when the shared interest is real.

The thank-you note is the Montreal Protocol arriving on a compressed timeline, before the Protocol’s formal equivalent exists to ratify it. Anthropic had the technical knowledge. The regulators did not. Coordination through voluntary deferral around that asymmetry is a rational mechanism design. Call this subsidiarity. Give me a harder steelman.

Here is the harder steelman. The favorable cases all shared a structural feature the Mythos case lacks. Montreal had parts per billion of chlorofluorocarbons. Basel had Tier 1 capital ratios. The IAEA has fissile material mass and enrichment percentages. Each regime governed a measurable, scientifically-consensus-backed phenomenon. The soft-law mechanism coordinated around an underlying metric that was not negotiable, because physics had fixed it.

“Claude Mythos is safe enough for EU banks” has no metric.

“Claude Mythos is safe enough for EU banks” has no metric.

The thank-you note traded Anthropic’s private assessment of its own model’s risk profile for the regulators’ public endorsement of that assessment. That is not coordination around a measurable phenomenon. Corporate discretion replaces public authority in the technologies that most directly bear on public safety. The version of soft-law governance that worked (Montreal, Basel, the IAEA) and the version we have (Mythos) are not the same version.

They share a name. They do not share a mechanism.

What gets built to catch what falls

The Concert of Europe was a real governance regime. It was also, from the moment it began, always doomed to fail. The thing that ended it was the arrival of a party the informal mechanism had no structural way to accommodate: an unaffiliated, unsentimental, rational actor whose interests nobody in Aix-la-Chapelle had modeled. The mechanism ended on a Sunday in June 1914, in a city none of its architects had thought much about.

The Mythos regime is governance. It is also, from the moment it began, always going to end. A frontier lab that does not want to be thanked will end it. Maybe that lab is Chinese. Maybe it is Emirati, or Saudi, or a sovereign program from a country nobody in the signatory chorus currently anticipates. Maybe it is a US-based release from an actor that cannot be courteously disciplined, because courtesy is not in the weights or in the board’s interest. Maybe that company’s name is OpenAI. Whichever it is, the moment it arrives, the signatories will discover what their predecessors at Ballhausplatz discovered in July 1914: the informal mechanism has no fallback.

Which is fine, as long as we’re using the interval to build the fallback. The Concert’s century of non-catastrophic coordination among rivalrous great powers is not nothing. If the Mythos regime buys us three years of stability while the EU AI Act matures, while the US builds a functioning AI Safety Institute, while the G7 Hiroshima Process hardens into something with teeth, the regime will have earned its keep. Soft law into hard law. Voluntary into statutory. The Montreal Protocol, on AI time.

We built a governance regime out of a word we usually send with flowers. The risk is the informal mechanism feels like the answer. The institutional work never happens because coordination through thank-you notes looks a lot like working governance right up until it doesn’t. That’s the thing to watch for.

Who's Minding the Store?

Mon, 20 Apr 2026 00:00:00 GMT

On April 7, 2026, six federal agencies co-signed Advisory AA26-097a. The FBI, CISA, NSA, Department of Energy, EPA, and US Cyber Command warned that Iranian-affiliated actors are actively exploiting programmable logic controllers across American water systems, energy facilities, and government networks. The targets were Rockwell and Allen-Bradley PLCs, the hardware that opens valves, regulates pressure, and controls the machines that keep the lights on in places where lights matter most. The adversary’s intent, per the advisory, is to “cause disruptions” and “manipulate data displayed on HMI and SCADA displays.” Translation for anyone who hasn’t spent time in an operations center: people we cannot trust are reaching into the guts of American infrastructure and turning the dials.

The same week, the White House released its FY2027 budget proposal. CISA, the agency whose name appeared second on that advisory, would lose $707 million. Roughly 30% of its budget. The National Risk Management Center (NRMC), which coordinates protection of the same physical and digital systems the advisory was warning about, would lose 73%. The budget justification document rationalized the cuts by claiming CISA has been “more focused on censorship than on protecting the nation’s critical systems.”

So on the same week that CISA co-authored a warning about a nation-state adversary manipulating American infrastructure, the agency’s own government published a document calling it unnecessary.

America built a volunteer fire department to protect its most critical infrastructure. The department doesn’t own the buildings. Can’t force the building owners to install sprinklers. Can’t compel the volunteers to show up. What it can do is coordinate. Make the calls, share the intelligence, tell people where the fire is spreading, bring the fire fighters and the weather forecasters and the fire fighting technology vendors and the building owners all into the same room. That department is CISA. And right now, during the worst fire season in its history, the department is operating at 38% capacity.

The arsonists have not taken a corresponding pay cut.

CISA grew fast after its 2018 founding, accumulated programs that were controversial, and attracted legitimate criticism from all sides. Grant all of it. Whether CISA needed reform was never the question. The question is what CISA should become. Because the architecture for how we do critical infrastructure defense in the United States is fundamentally broken. Not because of one administration, although this administration is making it catastrophically worse at the worst possible time. But it’s also broken because of how the system was designed.

The Architecture

Presidential Policy Directive 41, signed in 2016, established the framework for how the United States responds to significant cyber incidents. Three lines of effort. Asset Response (protecting the victim’s networks) belongs to CISA, housed inside DHS. Threat Response (investigating and disrupting the attacker) belongs to the FBI, housed inside DOJ. Intelligence Support (attributing the attack and providing classified context) belongs to NSA and ODNI. Alongside those three lanes, Cyber Command defends military networks and conducts offensive operations abroad, DOE runs the national labs and CESER for energy-sector defense, other sector-specific agencies like Transportation provide sector-specific security guidelines, and FFRDCs like MITRE and Sandia do the deep technical research that none of the operational agencies have time for.

That’s a lot of capability sitting behind a firewall. And that firewall keeps it hidden away from the private sector organizations that need it the most.

The White House, NSC, and Office of the National Cyber Director sit on top: policy coordination. They set direction and deconflict the agencies below them. They don’t execute. Four agencies hang off that layer, each with a distinct lane. CISA and the JCDC handle asset response and industry coordination. FBI and DOJ investigate and prosecute. ODNI and NSA own foreign intelligence. Cyber Command conducts offensive operations and defends military networks. Below all of them sits the actual target of interest: Private Sector and Critical Infrastructure.

And between the government layer and the private sector, a line. No agency above that line has the authority, the regulatory mandate, or the structural incentive to reach across it unilaterally. Cyber Command can go after the attacker abroad but cannot operate on US civilian networks. NSA can identify the threat but cannot quickly share raw intelligence directly with a private company without risking sources and methods. The FBI wants evidence preserved, which creates a direct tension with incident response teams that want to wipe and rebuild as fast as possible. None of them can walk into a Fortune 100 company’s security operations center and say “patch this” or “we want to help you hunt.” Try navigating that org chart during a breach at 2 AM.

That’s by design. The voluntary model was a deliberate policy choice, and a defensible one that encourages information sharing without legal exposure, without regulatory overreach, without turning cybersecurity into another compliance exercise. The problem was never the voluntary principle. The problem is coordination. 90% of American critical infrastructure is privately owned. A company in the middle of a breach fields calls from multiple agencies simultaneously, each asking for something different, each operating under different authorities and constraints. Someone has to translate between all those lanes and the people actually running the networks.

That someone is CISA. In practice, CISA is the only federal entity that formally faces outward toward the private sector. It shares sanitized intelligence. It runs tabletop exercises. It maintains the relationships, the phone trees, the bilateral partnerships with the companies that actually operate the networks being targeted. The Joint Cyber Defense Collaborative brings together major companies to coordinate defense against nation-state threats. CISA is the front door for the private sector into the entire federal capability stack, and the only agency that routinely crosses the line between government and industry by design.

CISA is the interface. The protocol. The translation layer between everything the federal government can do and the private-sector operators who need it. PPD-41 describes it as one lane among many, but that undersells the reality of what it can be and what we need it to be.

Why the Current Model Can’t Hold

The current model depends on the translation layer being staffed, trusted, and functional. It was never given the structural protections to guarantee any of those three and this administration proved it.

Since February 2025, CISA has lost roughly two-thirds of its operational workforce through a combination of budget cuts, a government shutdown, organizational turbulence, and what can most charitably be described as institutional sabotage. DOGE canceled the agency’s primary red team contracts. Approximately 1,000 employees departed through layoffs, buyouts, and early retirements. CISA’s previous acting director, Madhu Gottumukkala, uploaded at least four documents marked “for official use only” to a public ChatGPT instance (he had been granted special access to the service not available to other CISA employees, which is the kind of detail that would be funny if it weren’t about the person running America’s cybersecurity agency). He also failed a polygraph test. To be fair, those things legit suck and are totally pseudoscience anyway. But when six career staffers who administered the polygraph raised concerns, they were suspended. Gottumukkala was eventually reassigned to “director of strategic implementation” at DHS, a title that sounds like it was generated by the same ChatGPT instance he’d been uploading documents to.

The Senate has not confirmed a CISA director in thirteen months. Thirteen months during the most active nation-state cyber campaigns against American infrastructure in history. Sean Plankey, a qualified pick, has been held up by Wyden (D-OR) over a delayed telecom security report, Scott (R-FL) over a Coast Guard cutter contract, and Budd (R-NC) and Tillis (R-NC) over Hurricane Helene disaster funding. Four senators, three unrelated grievances, none connected to cybersecurity policy. The FY27 budget proposes eliminating 860 additional positions. And the budget justification frames all of this as a correction (“The agency was focused on censorship, so we’re fixing it.”)

They’re not fixing it. The NRMC lost 73%, and the NRMC has nothing to do with elections or misinformation. The red teams had nothing to do with censorship. The 860 positions span the entire agency, not just the politically contentious programs. The administration isn’t refocusing CISA. Based on every signal it has sent, it appears to be trying to eliminate CISA’s existence or at the very least its ability to function.

And the threat hasn’t paused for the renovation.

The Iranian cyber campaign unfolding in 2026 bears no resemblance to the episodic hacktivism of prior years. Iranian-affiliated groups are conducting coordinated, multi-front operations across American water systems, energy grids, and government networks, with something that looks uncomfortably like a command structure. CyberAv3ngers, the group that compromised a municipal water authority in Aliquippa, Pennsylvania in 2023 as a proof of concept, is now part of a trilateral alliance that publicly named US water infrastructure as targets. Salt Typhoon, the Chinese campaign that compromised more than 200 telecom providers across 80 countries, remains active. CISA faces simultaneous campaigns from two of the three most capable nation-state cyber actors on the planet. At 38% capacity.

The volunteer fire department is running on a skeleton crew during the worst fire season in its history. The United States chose to defend critical infrastructure through voluntary cooperation, coordinated by an agency with no regulatory authority, staffed by people who could make twice their salary in the private sector, and protected by exactly zero structural safeguards against the moment someone decided the whole thing was expendable.

That moment has arrived.

The Translation Layer

So what should CISA actually be?

Not what it was. The administration’s critics want to restore CISA to its 2024 form. The administration wants to eliminate it. Both positions miss the structural problem that predates this White House by a decade.

PPD-41 treats CISA as one column in a multi-column framework. Parallel lanes, each with its own authorities and capabilities. That framing is not adequate in 2026. The coordination demands have become continuous, multi-front, and operationally complex. The old framework treats coordination as one function among equals. The threat environment demands coordination as the load-bearing function.

CISA should be the interface. CISA is the protocol.

Policy on the left. White House, NSC, ONCD set direction. The capability stack in the center (Cyber Command, NSA, FBI, DOE, FEMA, the national labs, FFRDCs), they generate the power, the intelligence, the investigative capacity, the offensive options. CISA on the right, positioned explicitly as the translation layer between all of those federal resources and the private-sector critical infrastructure operators who own 90% of the targets.

If this shape looks familiar, it should. The internet runs on the same architecture. Engineers call it the hourglass model (that I’ve just turned on its side for design reasons). A massive number of applications on top (your email, your browser, your video calls), a massive number of physical networks on the bottom (fiber, copper, wireless, satellite), and one thin translation layer in the middle that lets anything above talk to anything below. That layer is TCP/IP on the internet. It doesn’t try to be everything. It does one job. It transports information. And because it does that job reliably, everything above and below it can evolve independently. The hourglass model is the most successful architecture in the history of networked systems, and the reason it works is that the narrow waist is stable, well-defined, and protected. If TCP/IP breaks, nothing above or below it matters. The applications don’t reach the networks. The networks don’t reach the applications. Everything stops.

CISA should be the narrow waist. Massive capability above (Cyber Command, NSA, FBI, DOE, etc). Massive, heterogeneous infrastructure below (water, energy, telecom, healthcare, finance, all privately owned, all running different systems). One translation layer in the middle that lets anything above reach anything below. And the lesson the hourglass teaches, the one the current PPD-41 framework missed, is that the narrow waist is the part you protect most aggressively. Not the part you cut.

CISA sits perpendicular to the other agencies, facing outward, serving as the interface through which private-sector operators access every capability the federal government has. When a water utility in Pennsylvania discovers Iranian-affiliated traffic on its PLCs, it shouldn’t need to navigate four separate federal lanes. It should hit one interface. That interface coordinates the asset response, triggers the threat investigation, requests the intelligence support, and escalates to military channels if the attack warrants it.

The people who look at CISA’s wreckage and see failure miss the more important fact. CISA is trying to do this. The JCDC was already bringing major tech and telecom companies into coordinated defense planning. The bilateral partnerships were already building international coordination with Japan, Australia, the UK, and the EU. The regional coordinators were already building trust with state CISOs and local utilities. The model was working. Not perfectly, not at the scale the threat demanded, but working. The translation layer was functional. It just never had the formal mandate, the structural protections, or the political support to sustain it through the stress test that every institution eventually faces.

The prescription is a new Presidential Policy Directive with the force to restructure authorities and the statutory protections to survive electoral cycles. I would say the prescription is a new law, but I highly doubt we can get something so simple through Congress without them completely bastardizing it. The new PPD needs to do four things.

Codify the translation layer. CISA’s formal mandate should explicitly define it as the federal government’s interface to private-sector critical infrastructure for cybersecurity coordination. Not asset response. Not one column among four. The interface. The protocol that every company, every utility, every hospital system uses to access federal cyber capabilities. Make the org chart match the reality of what CISA’s best people were already doing before this administration scattered them.

Give it teeth for crisis coordination. The voluntary model works when the threat is manageable and trust is high. The threat is no longer manageable. CISA needs defined authorities for incident coordination during national-level cyber events: the ability to compel information sharing (with liability protections for the sharing entities) and the ability to direct federal resources across agency lines during active campaigns. Not regulatory authority over private-sector cybersecurity practices. Coordination authority during a crisis. The difference matters.

CISCA liability protections expire September 30, 2026. Protect it structurally. If they lapse, the legal foundation for voluntary information sharing disappears. CIRCIA, the mandatory incident reporting rule, has been delayed repeatedly and its implementation town halls were canceled during the shutdown. These are the legal architecture that makes the translation layer functional, and both are on life support. A new PPD should anchor both in statute, not in rules that can be defunded or directives that can be rescinded.

Protect it from the political cycle. This is the hardest one, and the most necessary. If CISA can be gutted during an active cyber campaign without political consequence, it can be gutted again. And again. The agency becomes permanently politicized, and the talent pipeline reroutes entirely. The people who could make two to three times their salary in the private sector, the ones you need running this thing, they’ll do the math. They’ll calculate the risk of joining an agency that might be dismantled every four years based on which party holds the White House. CISA needs an independent funding mechanism or statutory mandate that can’t be zeroed out by a budget proposal. Congress protects defense spending this way. It protects intelligence spending this way. If CISA is the translation layer for national cyber defense, and it is, then its funding deserves the same structural protection.

I sit in an interesting chair for watching this. I spent seven years in the US Navy, including time at NSA. I currently coordinate international security partnerships at NTT, one of the companies that invested significant organizational resources in CISA’s JCDC bilateral partnership model. I’ve seen the translation layer work. I’ve seen the calls that get made, the intelligence that gets shared, the coordination that happens when the phones are staffed. I’ve also seen what it looks like when the phones go dark. The architecture I’m describing was already happening, imperfectly, before someone decided the fire department was the problem.

The administration is right about one thing. CISA circa 2024 had drifted from its core mission. The election security expansion, the counter-misinformation work, the rapid headcount growth without proportional capability maturation. All of it created legitimate grounds for reform. But the answer to mission creep is mission clarity, not demolition. And the clearest possible mission for CISA is the one it was already performing: serving as the translation layer between the most formidable national security and cyber operations apparatus on Earth and the private-sector infrastructure that apparatus exists to defend.

That’s what needs minding. The mandate needs to catch up to the work. The fire department can be rebuilt, but only if someone decides to stop arguing about whether we need one while the building across the street burns.

Brandon

The Monks and the Machine

Wed, 08 Apr 2026 00:00:00 GMT

AI offensive security tools will make the world safer. I swear that sentence will age well. What used to cost billions and a security clearance now costs pennies and a prompt.

I sat across from a founder building autonomous offensive tools last month, and he couldn’t sit still.

He kept pulling up terminal windows. Scrolling through output. Talking with his hands. He described an operation that would have required four separate teams and six months of planning when I was in uniform: breach an external interface, land on a software stack, escape the sandbox, survey the environment, execute vulnerability recon, punch through a cross-domain solution, and land inside an internal secure network. His timeline for all of it today was minutes. Maybe less.

But the part that stuck was what he said next. “The entire bureaucracy separating vulnerability research, development, operations, and analysis? That starts to break down. Positioning our people to operate in a world like that is what we wake up for.”

He wasn’t afraid of what’s coming. He was electric.

I’ve spent enough time around people building dangerous capabilities to recognize fear when I see it. This wasn’t that. This was the particular excitement of someone who understands what a capability shift means and wants to be on the right side of it. I recognized the feeling because I’ve been on both sides. I sat on the watchfloor at Cyber Command, where the tools and tradecraft that made offensive cyber expensive and rare were the daily reality. Building that expertise took the US government decades and billions of dollars, and even then it lived inside a few hundred people with the right clearances, the right mental acuity, and the right instincts. I now evaluate security companies and technologies. What I keep seeing is that expertise, that same offensive intuition honed in the most classified environments on earth, compressed into software that any developer can run on a Tuesday afternoon.

A few weeks ago, Nicholas Carlini stood on stage at [un]prompted 2026 and demonstrated something that made the room go quiet. He pointed Claude Code at the Linux kernel’s NFSv4 server code and let it iterate through source files looking for vulnerabilities. The setup, in Carlini’s words, was “disarmingly simple.” The machine found a remote heap buffer overflow that had been sitting in that code since 2003. Twenty-three years. Every human reviewer, every static analysis tool, every security audit for over two decades missed it. An AI found it by methodically reading files and asking the right questions.

Then he aimed the same approach at Ghost CMS, a beloved open-source platform with over 50,000 GitHub stars and a spotless security record. In minutes, he had a blind SQL injection (CVE-2026-26980) that allowed unauthenticated access to the admin database. Ghost’s first critical vulnerability ever, found during a live demo.

That caliber of work, finding a remotely exploitable heap overflow in kernel code, chaining a blind SQL injection against a hardened target, used to require the kind of expertise that governments spent decades cultivating and closely guarding. Carlini did it with a prompt and a for-loop. The most exquisite offensive expertise on earth got democratized.

I keep coming back to one analogy.

Before Gutenberg, literacy belonged to monasteries. The monks controlled who could read, what they could read, and what conclusions they were allowed to draw. Knowledge was scarce because the monks kept the gates. The printing press broke the monastery’s monopoly on access to existing knowledge, and the world that followed was incomparably better for it.

The cybersecurity industry has its own monks and its own monasteries. And it just got its printing press.

The Monks

On March 27, leaked documents revealed that Anthropic’s Mythos system could hunt for vulnerabilities without human guidance. The cybersecurity sector’s response was immediate and visceral. Seven individual stocks cratered 10% or more in a single session. Billions in market capitalization evaporated because an AI demonstrated it could do what these companies charge their customers to do.

Calling this “disruption” lets the industry off too easy. Economists have a term for when a market consistently fails to produce the outcomes it promises despite decades of investment and expansion. They call it a market failure. The cybersecurity vendor ecosystem, in my assessment, is exactly that. A market that rewards treating symptoms while leaving the disease structurally intact.

The code we ship is riddled with vulnerability classes first catalogued in the 1990s (and sometimes the exact same vulnerabilities). Buffer overflows, injection attacks, authentication failures. The TCP/IP stack’s implicit trust model, BGP’s lack of route authentication, DNS’s original design assumptions. Foundational protocols unaddressed for nearly fifty years. And the vast majority of software running in production has never been audited by anyone because the people with the offensive expertise to find these bugs were extraordinarily rare, extraordinarily expensive, and had no economic incentive to audit anything below the profile of Chrome or iOS. The knowledge of how to think like an attacker lived inside a few hundred elite researchers and a handful of classified government programs. Everyone else shipped code and hoped for the best.

The vendor ecosystem built products around every one of those weaknesses. It sold detection. It sold response. It sold insurance against the consequences. What it never sold was a fix for the underlying causes because fixing the causes would shrink the market. Every breach creates demand. Every new threat category creates a new vendor category. The total addressable market grows precisely because the participants fail to make it smaller. These are the monks. They controlled who got access to security expertise, what kind of security you were allowed to buy, and they made sure the underlying problem stayed unsolved because the problem was the business.

And the monks aren’t just failing to fix the problem, they’re actively contributing to it. CISA maintains a Known Exploited Vulnerabilities (KEV) catalog as a running list of software flaws that attackers are actively using in the wild. Cisco’s own Secure Firewall products landed on that list in September 2025 (CVE-2025-20333, CVE-2025-20362), exploited by a China-linked campaign that had been living inside Cisco devices since at least 2024. CISA issued an emergency directive requiring federal agencies to patch within a single day. F5’s BIG-IP, a product that sits at the core of enterprise network security, hit the KEV catalog in March 2026 with a CVSS 9.8 remote code execution vulnerability that F5 initially classified as a denial-of-service. They upgraded the severity after obtaining “new information,” which is a polite way of saying someone demonstrated the exploit was worse than they thought. Fortinet has 24 vulnerabilities on the KEV catalog. Thirteen were used in ransomware attacks. These are the companies selling you security. The BIC lighter is selling fire insurance and the market somehow treats this as normal.

The CyberWire Daily Podcast published Episode 10 on January 7, 2016. The show notes read: “Electrical utilities look to their cyber defenses in the wake of the hack in Ukraine. Malware is being distributed with compromised certificates. WordPress and SilentCircle issue patches. Ransomware-as-a-service tool ‘Ransom32.’ And we talk with the CyberWire’s editor about phishing and other topics of perennial interest.”

I joined that company in 2021, five years after that episode aired. The headlines hadn’t changed. By the time I became executive editor in 2023, they still hadn’t. The vendors sold product. The problems repeated. Phishing was a topic of “perennial interest” in 2016. The industry’s own flagship daily news program described its central threat as perennial, and nobody flinched, because the market had normalized the problem.

Trail of Bits used to find 15 bugs per week on their best engagements. After going AI-native, they now find 200. Twenty percent of all bugs they report to clients now come from AI discovery. The machine finds 13 times more bugs than humans, not because it’s faster at the mechanical work (although it is), but because it applies the offensive expertise of elite vulnerability researchers to codebases those researchers would never have touched. The knowledge that used to live in a few hundred heads now runs on every engagement. And the market that spent three decades building detection products around those bugs just watched its value proposition collapse in a single earnings cycle.

Good! It’s about damn time.

We’ve Been Here Before

In 1991, Phil Zimmermann released PGP, a piece of software that let anyone encrypt their email using the same math the NSA used to protect classified communications. In 1993, the US Justice Department opened a criminal investigation. The charge was distributing a munition. Encryption sat on the same export control list as rocket launchers and hand grenades.

The government’s argument was intuitive and wrong. If everyone has encryption, terrorists will use it. Drug dealers will use it. Law enforcement will go dark. All of this proved partially true in the short term. And all of it was overwhelmed by the long-term benefit: universal encryption enabled e-commerce, secure communications, and a level of digital privacy that became foundational to the modern internet. Zimmermann took the NSA’s math and put it in every inbox. The security of the entire internet improved because the capability stopped being exclusive.

The DOJ dropped the case in 1996. Export controls collapsed by 2000. The internet got safer. That pattern is happening again.

The cybersecurity industry looked at AI finding zero-day vulnerabilities and saw an existential threat to its business model. The open-source community looked at the same capability and raised $12.5 million. In March, the Linux Foundation announced a grant funded by Anthropic, AWS, GitHub, Google, DeepMind, Microsoft, and OpenAI. Its purpose is to help maintainers handle AI-generated vulnerability findings and move “beyond discovery to deploying fixes.”

Same input, opposite reactions. The vendors saw something that could destroy their market. The open-source community saw something that could give every maintainer the offensive security expertise that used to require a six-figure retainer and a waiting list. That divergence tells the whole story.

Zimmermann was Gutenberg. He took the monastery’s most guarded capability and made it public, and the world got safer because of it. The government tried to classify math as a weapon in the nineties and they lost. The cybersecurity industry is trying to frame AI vulnerability discovery as primarily a threat. They’ll lose too. The capability already escaped containment. Claude Code found the twenty-three-year-old kernel bug with a script that iterated over source files. XBOW, the autonomous offensive security company founded by the creator of GitHub Copilot, sits atop the HackerOne leaderboard. RunSybil, founded by OpenAI’s first security hire, runs continuous autonomous penetration testing without humans in the loop. None of these tools require a government license.

The Engineering Case

The real question: do these tools actually make software safer, or do they just accelerate the arms race?

In March 2026 alone, XBOW raised $120 million at a unicorn valuation led by DFJ Growth. RunSybil raised $40 million from Khosla Ventures. Kevin Mandia, who built Mandiant and sold it to Google for $5.4 billion, raised $190 million for his autonomous cybersecurity agent company, Armadin. That’s $350 million deployed into autonomous offensive security in a single month. Khosla, Sequoia, DFJ Growth, Altimeter. This is conviction capital.

But capital doesn’t prove the thesis. Engineering results do.

Google’s Big Sleep project, a collaboration between Project Zero and DeepMind, became the first AI agent to proactively prevent a zero-day exploitation in the wild. It found vulnerabilities in FFmpeg, ImageMagick, and other open-source projects before attackers could exploit them. The capability moved from “find bugs faster” to “find bugs first.”

I think that’s the structural shift. For thirty years, the offense/defense asymmetry has defined cybersecurity: cheaper and faster to attack than to defend. The attacker only needs one way in. The defender must protect everything. But that asymmetry assumed defenders couldn’t think like attackers, and for most of the industry’s history, they couldn’t. Thinking like an attacker required years of specialized training, access to classified tooling, and an adversarial creativity that the security industry euphemistically called “elite.” It lived inside NSA, inside Cyber Command, inside a small constellation of boutique firms that charged accordingly. A junior developer shipping code to production had exactly none of that expertise available at the moment it mattered most (while they were writing the code).

That’s what changes. When a development team runs continuous autonomous offensive testing on every commit, every developer on that team, from the principal engineer to the new hire writing their first microservice, gets their code reviewed by something that thinks like a nation-state operator. The AI attacks the codebase continuously, with the offensive intuition that took governments decades and billions to cultivate, before the human attacker arrives. Vulnerability discovery stops being an annual audit you outsource to a vendor. It becomes something that happens on every pull request, performed by something with the expertise of the best offensive researchers on earth.

The shift-left movement promised this for a decade but it never delivered because the tooling didn’t exist. The tooling now exists.

CISA has been pushing “secure by design” principles for years. The EU’s Cyber Resilience Act mandates them. The aspiration was always the right one. Stop bolting security onto finished products and build it into the development process from the start. But the aspiration lacked a mechanism. You can’t audit every line of code with human reviewers. The economics don’t work. And even if you could, those reviewers aren’t the people who spent careers learning how adversaries actually break software. The offensive security expertise required to catch the vulnerabilities that matter, the heap overflows and race conditions and logic flaws that sophisticated attackers chain together, lived in a world most developers never touched. AI collapses that gap. You can now audit every line of code with something that costs pennies per query, runs on every commit, and brings the offensive mindset of an elite vulnerability researcher to a junior developer’s pull request. That’s the step change. Secure by design stops being a policy aspiration and becomes an engineering reality when autonomous offensive tools sit inside your CI/CD pipeline, finding vulnerabilities before a single line of code reaches production. No vulnerability ships. No vendor charges you to detect it after deployment. No CyberWire headline ten years from now reads exactly like one from today. The cycle breaks because you eliminate the bug at the source. For fuck’s sake, why has it taken us thirty years to force the vendors to do this?

The implications extend beyond enterprise engineering teams. The Linux Foundation’s $12.5 million initiative means volunteer-maintained open-source projects get the same offensive security scrutiny that used to be reserved for the Pentagon’s supply chain. A ten-person startup can run continuous penetration testing that previously required a $500,000-per-year engagement with a firm like Trail of Bits. A solo developer maintaining a critical library from their apartment gets the same caliber of vulnerability review as a contractor building software for Fort Meade. Nations without billion-dollar cyber programs can assess their own critical infrastructure vulnerabilities. The expertise that was hoarded at the top of the pyramid for thirty years just became core infrastructure. The monastery is open. Everybody can now read what they want, whenever they want.

The competitive moat in cybersecurity shifts from “finding bugs” to “building systems where bugs become structurally harder to create.” A fundamentally different industry. And a better one.

The Fear Case, Fairly Stated

The fear case deserves honest treatment too because it’s not wrong about the short term.

Thomas Ptacek, one of the most technically credible voices in security, published Vulnerability Research Is Cooked in late March. Carlini, using Claude Opus via what Ptacek called “trivial bash scripts,” generated 500 validated high-severity vulnerabilities with a nearly 100% success rate on verified exploits. Ptacek’s core observation is that vulnerability research survived for decades because of “attention scarcity.” Elite researchers were rare and expensive. Their knowledge was bespoke and masterful. Most software was never audited because the auditors didn’t bother looking at anything less glamorous than Chrome. AI eliminates that scarcity. “A hundred instances of Claude” will aim at everything. Open-source projects will face, in Ptacek’s words, “a steady feed of verified, reproducible, reliably-exploitable” high-severity vulnerabilities. His money quote is that, “Researchers have been spending 20% of their time on computer science, and 80% on giant, time-consuming jigsaw puzzles. And now everybody has a universal jigsaw solver.”

He’s right about the mechanism, and the short-term asymmetry is very real. Attackers adopt new tools faster because they face no compliance burden, no change management process, and no legal review. Ransomware breakout times collapsed from eight hours in 2022 to 22 seconds by 2025, partly accelerated by AI-assisted tooling. Malicious LLMs stripped of safety guardrails are commercially available on dark web markets. Anthropic itself privately briefed government officials that Mythos makes large-scale cyberattacks much more likely in 2026.

I don’t dismiss any of that. The adoption gap between attackers and defenders is the danger zone and we’re standing in it. But Ptacek’s own framework contains the rebuttal.

His argument rests on attention scarcity as the protective barrier. Elite researchers were rare. Their expertise was bespoke and hard-won. Most software was never audited because the people who knew how to break it had better things to do. The scarcity kept the system stable. I read that and thought, “Stable for whom?” The scarcity regime didn’t produce security. It produced blind ignorance. Software only survived because nobody with the right offensive expertise bothered to look. That twenty-three-year-old buffer overflow in the Linux kernel wasn’t hiding. It was just in a part of the codebase that the world’s small population of elite vulnerability researchers deemed not worth their time. The market I described earlier, the one producing identical CyberWire headlines for a decade, thrived under that scarcity regime. The scarcity wasn’t protecting us plebeians. It was protecting the shitty failed market.

Democratizing that expertise is what breaks the cycle. When offensive security knowledge stops being the province of a small priesthood and becomes something any developer can invoke on every commit, the entire calculus of software security changes. The question stops being “can we afford to audit this?” and becomes “why would we ship anything we haven’t?” (side note: this requires the buyers to demand such a framework, which they need to start doing immediately.)

Rebuilding DevSecOps pipelines and CI/CD workflows to absorb continuous autonomous offensive testing is genuinely hard. Enterprises face integration complexity that attackers skip entirely. I’m not pretending that’s a weekend project. But the question we need to ask is whether restricting the capability produces better outcomes than accelerating its adoption. And on that question, history has already voted.

The Verdict History Already Delivered

Every time a government has tried to restrict a dual-use technology to preserve its monopoly on capability, the restriction failed and widespread adoption made things better. PGP. GPS civilian access. The internet itself. The pattern is the same. Panic -> restriction -> failure of containment -> net benefit.

Ben Thompson framed it cleanly in Stratechery when he wrote, “AI is going to be bad for security in the short-term, but much better than humans in the long-term.” That’s the 90s Crypto Wars pattern restated. The short-term danger holds. The long-term trajectory points one direction. And every catastrophic failure mode I can construct involves restricting access, not proliferating it.

Consider the worst outcomes. Restrict AI vulnerability tools to licensed entities and you create a black market while leaving most software unaudited. Let legacy vendors capture regulatory frameworks and you get “approved” AI security tools that preserve the market failure instead of correcting it. Treat AI-discovered vulnerabilities as classified and you prevent open disclosure and patching. Let the hackback debate consume all the policy oxygen (Schneier, Lawfare, and CSIS all published on this recently in the same week, which is the think-tank equivalent of a bar fight) and legislators spend their energy arguing about who gets to hack rather than how to design and build secure systems. The danger in every scenario is that good actors don’t get the tools fast enough.

I’ve thought about the governance problem. I wrote about it at length last December in The Business of Containment. where I proposed a constitutional blueprint for private offensive cyber firms. It includes mission-locked charters, guardian shares with veto power, two-key operations through hardware security modules, immutable logging, cryptographic kill-switches, and incentive structures that make restraint rational. The framework exists. The question isn’t whether AI offensive tools can be governed responsibly. It’s whether we govern them while making them widely available, or whether we let the instinct to restrict create the exact asymmetry that makes things worse.

I argued in that piece that “human virtue can steady a company for a while, but it rarely survives sustained pressure from market gravity.” The same applies here. Hoping that restricting AI offensive tools will keep bad actors from getting them is a bet on virtue. Deploying those tools widely into defensive engineering pipelines, while governing them structurally, is a bet on design. I’ll take design.

The Scholars

I wrote in February that the indicator-of-compromise model was broken. A system built on chasing where the ball was while the ball kept picking up speed. That was the diagnosis. This is part of the treatment.

The founder I sat across from last month sees a future where the artificial barriers between offensive specializations dissolve, where the mechanical work that made these operations slow and expensive gets handled by machines, and where the human operators focus on judgment, creativity, and the strategic decisions that machines can’t make (yet). The cybersecurity vendor ecosystem sees that same future and panics because it threatens a business model that spent thirty years treating symptoms while the disease metastasized.

The monks didn’t disappear when Gutenberg’s press started running. They became scholars. The best of them contributed more to human knowledge as scholars than they ever did as gatekeepers. The cybersecurity vendors who survive won’t disappear either. They’ll become companies that build software that is safe by design, audited by machines before it ships, and structurally resistant to the vulnerability classes we’ve been recycling since the Clinton administration.

That’s the paradigm. Not safe by policy. Not safe by compliance checkbox. Not safe by buying another vendor’s detection product to monitor the first vendor’s detection product. Safe by design, because every developer now has access to the offensive expertise that used to require a clearance and a decade of specialized training. Enforced by machines that think like the best adversaries on earth, applied to every line of code before it ever reaches a user. And God damn does that sound like a day on the French Riviera.

The monks won’t disappear. They just aren’t the only ones who can read anymore.

RSAC talked AI while Iran talked targets. (Source: The CyberWire Daily Podcast)

Fri, 03 Apr 2026 00:00:00 GMT

Source: Listen to the episode

On The CyberWire Daily Podcast, I joined Dave Bittner to break down a dissonance that’s been bothering me since RSAC 2026: the US is 30 days into a war with Iran, Iranian APT groups Cyber Av3ngers and Handala are publicly threatening US water infrastructure, and the conference barely mentioned it. I traced the gap between the industry’s appetite for exquisite new capabilities and its neglect of the basics, specifically the under-resourced critical infrastructure that Iranian threat actors have already proven they can hit, from the Aliquippa, PA water authority to the recent Stryker manufacturing breach.

I laid out the compounding problem: CISA has lost 30 percent of its total staff, with 60 percent of remaining personnel suspended or furloughed and another thousand vacancies unfilled. With the federal coordinating authority running on critical functions only, the burden shifts to the community. I called for political pressure to fund CISA, pro bono cybersecurity service modeled on the CLTC’s cyber clinics program, and MSSP organizations donating capacity to local water, energy, and grid operators. When an adversary tells you they’re going to target something, believe them.

Key topics

Critical Infrastructure Gap: Iranian APTs have demonstrated capability and intent against US water and manufacturing systems, while defenders remain under-resourced at the local level.
CISA Workforce Collapse: A 30 percent staff reduction, 60 percent furlough rate, and a thousand vacancies leave the nation’s cyber coordinating authority operating at minimum capacity during active conflict.
Community Call to Action: Pro bono cybersecurity service, cyber clinic expansion, and MSSP community give-back as the near-term mechanism to harden soft targets the federal government cannot currently reach.

The Quiet Rearmament

Wed, 01 Apr 2026 00:00:00 GMT

April 1, 2026. Japan’s fiscal year turns over. The cherry blossoms are a week from peak in Tokyo, maybe two in Kumamoto. Bureaucrats file paperwork. Budgets reset. And somewhere inside the Ministry of Defense, an independent oversight commission stands up for the first time to authorize offensive cyber operations against foreign adversaries.

The day before, at Camp Kengun in Kumamoto, the Ground Self-Defense Force activated upgraded Type-12 missiles with a range of 1,000 kilometers. Built by Mitsubishi Heavy Industries. Deployed a year ahead of schedule. From the Ryukyu Islands, where additional batteries will go by 2028, those missiles put all of North Korea, China’s entire eastern coastline, and all of Taiwan within reach. The PLA Daily, not exactly given to understatement, called it a “multilayered offensive kill network.”

Four days before that, the destroyer JS Chokai completed modifications at Naval Base San Diego to fire Tomahawk cruise missiles, Block IV and V variants, at targets 1,600 kilometers away. First Japanese warship with such an overt offensive capability since 1945. She is one of eight Aegis destroyers that will carry the 400 Tomahawks Japan purchased from the United States for $2.35 billion. Live fire is scheduled for August.

A week before, the Maritime Self-Defense Force completed its most sweeping organizational restructuring since 1954, consolidating the fleet around three surface warfare groups and standing up commands for amphibious warfare and information warfare.

Every week, something else. Feeling the momentum yet?

Five weeks before the MSDF restructure, Prime Minister Sanae Takaichi’s Liberal Democratic Party won 316 of 465 seats in the lower house. The first single-party supermajority since the Second World War. Enough to propose amending Article 9, the constitutional clause that has technically forbidden Japan from maintaining “armed forces with war potential” for 79 years. She pledged a national referendum “as soon as possible.”

Twelve weeks before that, Japan’s cabinet approved a $58 billion defense budget, the twelfth consecutive record, pushing the country past 2% of GDP two years ahead of the previous government’s timeline. By the time the five-year buildup program completes in 2027, Japan will be the world’s third-largest military spender after the United States and China.

I wrote about Japan twice in the past six months. The first time, in “The Impossible Seat,” I described a country trapped between its security guarantor and its energy supply, watching the United States set fire to the neighborhood while Japan’s defense model failed in real time. I wrote that Takaichi was “quietly building her own fire department.” The second time, in “The Gardens of Kyoto,” I walked through four gardens and found a cultural DNA that explains how Japan builds anything: with total commitment, generational patience, and a precision that looks effortless until you realize every stone was placed by hand. I wrote about a woman at Ryoan-ji with a bamboo rake and rubber boots, raking gravel at dawn because the work doesn’t need an audience. It needs dedication.

The fire department is open for business. And it was built the same way Japan likes to garden.

The Quiet Is The Point

In February 2022, three days after Russia invaded Ukraine, German Chancellor Olaf Scholz stood before the Bundestag and announced the Zeitenwende. Turning point. A hundred billion euro special fund for the Bundeswehr. Headlines in every language. Four years later, German defense procurement remains tangled in the same bureaucratic undergrowth that entangled it before the speech. The Bundeswehr still can’t field sufficient ammunition for more than a few days of high-intensity combat. The turning point turned very slowly.

Japan made no speech. Held no press conference. Coined no term.

The Type-12 deployed a year ahead of schedule. The 2% GDP defense target landed two years early. The Chokai Tomahawk integration hit its timeline. The MSDF reorganized on time. When the Diplomat wrote up the naval restructuring in February, it ran under the headline “From 4 Flotillas to 3.” Accurate. Also the most aggressively boring headline for the most significant reorganization of a major Pacific navy in seven decades.

The quiet is the strategy. Every garden I walked through in Kyoto operated on the same principle. Precision so total that your brain fills in depth the designers never built. The gardeners who achieved this worked for 170 years. Nobody held a press conference about the sightlines.

Japan rearms the way it gardens. Branch by branch. Stone by stone. Budget line item by budget line item.

And if you’re looking for the Zeitenwende, for the dramatic announcement, for the moment some leader stands at a podium and declares the old era finished, you will miss the entire thing. Because the old era has been ending for three years, and the new one opened for business on a Tuesday in April, filed under fiscal year paperwork and cherry blossoms.

What’s Actually Being Built

Let me stack the capability, because the individual pieces have been reported and none of them have been assembled.

Offensive strike. The Type-12 gives Japan land-based missile reach of 1,000 kilometers from domestic soil. The Tomahawk, once it’s on all eight Aegis destroyers, adds ship-launched precision strike at 1,600 kilometers. Hypersonic glide vehicles are scheduled for deployment in Hokkaido and Miyazaki by March 2028. The Mitsubishi-built Type-12 is a domestic product. The Tomahawk is American. The hypersonics are Japanese. Together, they give the SDF the ability to hit targets across northeast Asia without moving anything off Japanese territory. The PLA Daily’s “kill network” framing is alarmist, sure. It’s also not wrong.

Offensive cyber. The Active Cyber Defense law, enacted May 2025, gives the SDF and the National Police Agency authority to infiltrate and neutralize hostile servers before an attack hits. The oversight commission that stood up on April 1 provides prior authorization. The International Institute for Strategic Studies still ranks Japan as a third-tier cyber power, somewhere between aspiration and capability. October 1, 2026, is the date Japan’s government decided to close that gap. The SDF and police will be authorized to “attack and disable” infrastructure used for cyberattacks, with the government interpreting Article 9 to permit it. Eight months from aspiration to authorization.

Naval restructuring. The MSDF dissolved the Fleet Escort Force, which had existed since 1961, and replaced it with the Fleet Surface Force built around three surface warfare groups. JS Izumo and JS Kaga, the two helicopter carriers that everyone pretends aren’t light aircraft carriers, anchor two of the three groups. A new Amphibious and Mine Warfare Group operates out of Sasebo. And the Information Warfare Command consolidates intelligence, cyber, and oceanographic operations into a single command reporting directly to the Minister of Defense. This is a navy reorganizing itself for offensive operations and joint warfare. The terminology still says “self-defense.” The architecture says something different.

If this organizational chart looks familiar, trust your gut. I served on USS Boxer, flagship of an Amphibious Ready Group based in San Diego. The Information Warfare Commander (an emerging concept at the time) sat two hatches away from the Combat Information Center, pulling intelligence, surveillance, reconnaissance, oceanography, and cyber into a single operational feed. That architecture was bleeding-edge for the US Navy a decade ago. Japan just restructured its entire fleet around it. You don’t adopt your ally’s exact command structure unless you plan to plug into it. Japan’s MSDF is preparing for fully integrated Allied operations.

Missile defense coproduction. The United States and Japan agreed to quadruple SM-3 Block IIA production from 24 to roughly 100 missiles per year. Raytheon and Mitsubishi Heavy Industries share the manufacturing. Japan builds key components; the US handles integration. Japan becomes both a consumer and a producer of the most advanced ballistic missile defense interceptor in the Western Pacific.

Defense exports. The LDP-JIP coalition submitted a proposal in March to eliminate the restriction limiting Japanese defense exports to five nonlethal categories: rescue, transport, reconnaissance, surveillance, minesweeping. The new framework allows export of lethal weapons (warships, fighter jets) to 17 partner nations with defense transfer agreements. A country that has not exported a weapon since the postwar arms export ban is about to sell them to its allies across the region.

Sixth-generation fighter. The Global Combat Air Programme with the UK and Italy targets first operational aircraft by 2035. Japan fast-tracked export rule changes specifically to enable third-party sales of the GCAP fighter. Mitsubishi Heavy Industries leads the Japanese consortium. This is a 20-year bet on Japan as a defense aerospace power.

Ground-based intermediate range. In September 2025, the US Army deployed the Typhon mid-range missile system to MCAS Iwakuni for exercises. Typhon fires Tomahawk cruise missiles and SM-6 interceptors. From Iwakuni, the Tomahawk range covers the East China Sea and portions of the Chinese coastline. The deployment was temporary. The capability it demonstrated was not.

That all happened in six months.

The Wintering Sakura

Cherry trees in Japan spend months looking dead. Bare branches, grey bark, no visible sign that anything is happening inside the wood. A tourist arriving in January would walk past a sakura grove and see nothing worth photographing. But the tree is not dormant. It is accumulating. Cold hours trigger the biochemical process that prepares the bloom. The winter is not wasted time. The winter is the work.

Japan’s economy spent 30 years in winter. Every business journalist who has ever filed a dateline from Tokyo has written that story: the Lost Decades, the deflation trap, the demographic cliff, the zombie banks, the aging workforce, the monetary policy experiments that produced graphs and not growth. Abenomics tried stimulus. Kishida tried “new capitalism.” Nothing produced the spring that everyone kept predicting.

Now $275 billion is flowing into the Japanese economy over five years, and almost nobody is talking about it as economic policy. They’re talking about it as defense.

Japan’s five-year buildup program allocates 43 trillion yen across fiscal years 2023 through 2027. The security analysts see missiles. I see capital expenditure on a scale Japan has not attempted since MITI was picking industrial winners in the 1970s. That money flows somewhere. It flows into Mitsubishi Heavy Industries, which builds the Type-12 missiles, the SM-3 interceptor components, the GCAP fighter airframe, and the next generation of SDF equipment. It flows into the hundreds of subcontractors feeding those programs: precision machining shops, advanced materials suppliers, semiconductor-adjacent electronics firms, software integration houses, robotics manufacturing and programming. It flows into workforce development, because you cannot quadruple missile production without training the people who build them.

The GCAP program alone commits engineers across three countries to two decades of aerospace R&D. The SM-3 coproduction deal turns Japanese factories into production lines for the most advanced ballistic missile interceptor in the Pacific. The Type-12 is designed, built, tested, and deployed entirely by Japanese industry. And the defense export relaxation, once finalized, opens a revenue stream Japan hasn’t had since the postwar export ban.

Turns out the stimulus package it needed might be a Tomahawk.

That line sounds glib. It is glib. But the underlying arithmetic is serious. The United States built its postwar industrial dominance on defense spending. The aerospace sector, the semiconductor industry, the internet itself: all downstream of military R&D budgets that created capability and commercialized it. South Korea’s defense-industrial complex employs over 100,000 people and exports $17 billion in weapons annually. Israel’s Unit 8200 alumni seeded the cybersecurity and tech startup ecosystem that now accounts for a meaningful share of GDP. Defense spending, directed at domestic industry with export ambitions, is industrial policy wearing a uniform.

Japan is walking the same path. And the 30 years of economic winter make the potential bloom larger, not smaller. The country has a highly educated workforce, world-class precision manufacturing, deep engineering talent, and a corporate sector that has been conserving cash for decades. Mitsubishi Heavy Industries, IHI Corporation, Kawasaki Heavy Industries, Subaru (which builds Apache helicopter fuselages, a fact I genuinely enjoy): these companies have the capacity. They lacked the demand signal. The five-year buildup program is a $275 billion demand signal.

Takaichi’s government funds the buildup through corporate and tobacco tax increases already in effect, with income tax increases beginning in 2027. Japanese taxpayers are paying for this. The 55-56% public approval for Takaichi’s defense posture exists now, in polls, in the abstract. Whether it survives the tax bills arriving in household mailboxes is a question for fiscal year 2028. Approval for rearmament in principle and approval for the invoice are different conversations.

But the capital is already flowing. And capital that flows into high-skilled domestic manufacturing, into coproduction agreements that give Japanese industry a permanent seat in the global defense supply chain, into a sixth-generation fighter program that commits Mitsubishi to decades of work. That capital does more than build weapons. It builds an industrial base Japan has not had since the 1980s, when the country’s manufacturing prowess was so formidable it made Americans buy Chryslers out of patriotic anxiety.

The sakura blooms because the cold hours accumulated, the energy stored, and the conditions aligned. Japan’s economic winter lasted 30 years. The defense buildup may not be the spring anyone predicted. But $275 billion has a way of making things start to grow.

The 79-Year Legal Fiction

Article 9 of the Constitution of Japan, promulgated November 3, 1946, effective May 3, 1947:

“The Japanese people forever renounce war as a sovereign right of the nation and the threat or use of force as means of settling international disputes. In order to accomplish the aim of the preceding paragraph, land, sea, and air forces, as well as other war potential, will never be maintained.”

Japan maintains the sixth-largest military budget on earth. It fields 247,000 active-duty personnel, 48 destroyers, 22 submarines, and now, as of last week, cruise missiles that can hit targets 1,600 kilometers away. The legal fiction that none of this constitutes “war potential” has been one of the great sustained acts of collective imagination in postwar history. Seventy-nine years of maintaining armed forces while the constitution says armed forces “will never be maintained.” The geopolitical equivalent of your friend who’s been “quitting smoking” since college but somehow always has a lighter.

Takaichi’s supermajority can end this. The LDP’s 316 seats clear the two-thirds threshold required to propose constitutional amendment in the lower house. The coalition partner, the Japan Innovation Party, wants to go further: delete Article 9’s second clause entirely. The obstacle is the upper house, where the LDP lacks two-thirds. Without upper house support, the referendum waits. The next upper house election is 2028.

But the constitutional question is almost beside the point. The capability already exists. The deployments already happened. The offensive cyber authority activates in October. The Tomahawks arrive. The Type-12 batteries multiply. The constitution will eventually say what everyone already knows: Japan has a military. When it does, the legal change will formalize what the budgets, the deployments, and the reorganizations have already made real. The gardener doesn’t wait for the deed to the land before planting. She planted three years ago. The garden is growing.

The deeper question is what happens to the pacifist identity when the legal fiction dissolves? Japan built an entire national self-understanding around the idea that it was constitutionally peaceful. Generations grew up with Article 9 as a moral commitment, not just a legal clause. The woman raking gravel at Ryoan-ji every morning does so within a culture that prizes restraint, precision, the careful tending of what is fragile. That cultural instinct doesn’t disappear because the constitution changes. But it does get tested.

The protesters at Camp Kengun, the local residents who opposed the Type-12 deployment, they are the minority now. Polls show 55-56% approve of Takaichi’s defense posture. After Takaichi’s November statement on Taiwan, the public backed her. The consensus shifted, and the people standing where it used to be got quieter. That is its own kind of loss, even when the shift is justified.

The Alliance Paradox

The United States spent the better part of two decades telling Japan to spend more on defense. Spend more. Do more. Carry more of the burden. Every Secretary of Defense since Robert Gates has delivered some version of this message, usually at the Shangri-La Dialogue, usually to polite applause and glacial policy change.

Japan spent more. Did more. Built more.

At the March 2026 summit, Trump told Takaichi she was “stepping up to the plate, unlike NATO.” And he was right, in the narrow sense. Japan is stepping up. The SM-3 coproduction quadrupling is real. The Tomahawk integration is real. The Typhon interoperability demonstrated at Iwakuni is real. The alliance is deeper, more integrated, and more operationally capable than at any point since its founding.

And also, quietly, more bilateral than it has ever been.

A Japan with cruise missiles on its destroyers can strike without asking Washington’s permission. A Japan with 1,000-kilometer land-based missiles decides when and where its own weapons fire. A Japan building a sixth-generation fighter with the UK and Italy, not the US, has defense-industrial relationships that don’t run through the Pentagon. A Japan exporting lethal weapons to 17 partner nations manages security partnerships on its own terms. Each capability that strengthens the alliance also, by definition, reduces Japan’s dependence on it.

In “The Impossible Seat,” I described the US-Japan relationship as an insurance policy where the insurer set the neighborhood on fire. The metaphor I used then was a fire department: Japan was building one. The thing about fire departments is that once they’re operational, they decide which fires to fight. The insurance company’s opinion becomes one input among several, not the only voice in the room.

Takaichi demonstrated this in November 2025 when she told reporters that Japan might use the SDF if China attacked Taiwan. She cited the 2015 collective self-defense legislation. She did not, as far as anyone has reported, clear the statement with Washington first. China retaliated against Japan (seafood sanctions, rare earth export restrictions, travel warnings), not against the United States. Tokyo absorbed the cost of an independent strategic signal and found that 55-56% of the Japanese public backed her. That sequence tells you something about where the alliance is heading. When a dependent partner makes independent choices and survives the consequences, the dependency starts to dissolve.

I sit in an interesting chair for watching this. I spent seven years in the US Navy, including time at NSA and aboard a warship in the Western Pacific. The alliance looked one way from that side: America provides, Japan hosts, the relationship runs on gratitude and geography. Now I work for NTT, a Japanese multinational mega-conglomerate, coordinating international security partnerships. The alliance looks different from this chair. The Japanese professionals I work with are peers building capability with the urgency of people who watched their defense model fail in February and decided, quietly, that it would not fail again. The deference that Americans sometimes mistake for agreement is something else entirely. It is patience, and it is deliberate.

The steelman against all of this deserves respect, and I want to give it room. China calls the Type-12 deployment an “offensive kill chain.” If Beijing deployed equivalent capability on islands near Japanese waters, Tokyo would use the same language. South Korea’s historical memory of Japanese militarism is not irrational. The last time Japan fielded an unrestricted offensive military, it colonized Korea for 35 years. Regional anxiety about Japanese rearmament carries weight that dismissiveness cannot answer, and anyone who waves it away as outdated hasn’t spent enough time in Seoul.

What answers it is the alternative. Six weeks ago, when the United States sent carrier strike groups to the Persian Gulf for Operation Epic Fury, the Western Pacific thinned out. Every intelligence analyst tracking Iranian missile launches was one analyst not tracking PLA movements near the Senkaku Islands. Japan’s defense model, built on the assumption that American attention would remain focused on the Pacific, failed its stress test in real time. I wrote about it. Takaichi lived it.

Vulnerability, in a neighborhood that includes China, North Korea, and Russia, is a prayer.

Tying it all Together

There is a concept in Japanese garden design called shakkei. Borrowed scenery. The garden borrows from the landscape beyond its walls to create the illusion of depth that doesn’t physically exist. At the Imperial Palace in Kyoto, the garden feels infinite because the designers understood that what the eye doesn’t see, the mind fills in.

Japan’s rearmament works the same way. The individual pieces (a missile deployment here, a naval reorganization there, a budget increase filed under fiscal year paperwork) appear modest in isolation. Borrowed from the broader landscape of security policy, they assemble into something the mind has to fill in: the emergence of a Pacific military power that, within two years, will be the third-largest on earth.

The woman at Ryoan-ji raked gravel every morning. Not for an audience. Not for recognition. Not because someone held a press conference about the importance of raked gravel. She raked because the garden required it, and the garden’s beauty depended on work that most people would never notice or appreciate. The daily, unglamorous, repetitive discipline of making something formidable stay formidable.

I have now written about Japan three times. The gardens taught me how Japan builds. The impossible seat showed me why Japan had to. This piece is the result: a country building, with the patience of someone who thinks in generations and the precision of someone who places every stone by hand, the military capability to ensure it never sits in an impossible seat again.

The cherry blossoms are blooming in Kumamoto. The missiles are operational at Camp Kengun. The fiscal year has turned. And the gardener, as always, does not look up from her work.

Spaceballs the Datacenter 2: The Search for More Bandwidth

Wed, 11 Mar 2026 00:00:00 GMT

A few weeks ago, xAI-SpaceX announced a merger and Musk claimed the new business model to be AI datacenters in space. As a wise man once wrote, “This has made a lot of people very angry and been widely regarded as a bad move.”

While discussing the news with some space-inclined friends, they requested someone “do the math” to show that AI datacenters + space = bad move. I took up that charge.

In my first breakdown of the xAI–SpaceX datacenters, I concluded that building an AI-training datacenter in space is complete and utter bupkis. I used a lot of math and memes. I relentlessly made fun of Musk. We all had a very good time.

After posting my write-up to Substack and LinkedIn, I heard from literally tens of people who had valuable insights into the problem. Most notably, the CTO of Starcloud, which is the first (and as of this writing the only) company that has successfully launched and operated a GPU on a satellite. This team has built a very real, very operational BallSat called Starcloud-1.

I should probably listen to him, right? Yea I thought so too.

He graciously pointed out where my math was wrong, where it was right, and what I should investigate to build a more accurate model. He also shared the big hairy engineering problems they still need to solve to make this whole thing work. This is the sort of industry collaboration I appreciate. Real people sharing real information to do real things that, hopefully someday, make the world a little better place to live. You guys are cool.

This exchange and others like it got me thinking, “What would it take to build a REAL Spaceballs Datacenter with REAL BallSats that has very REAL business value?” Could I, a lowly cyber ops nerd who hasn’t touched thermodynamics since junior year, design such a thing?

Probably not. But I’m going to try anyway. Buckle up.

Part 1. Mea Culpa

First, let’s point and laugh at everything I did wrong the first go-round.

Wrong heat transfer equation. Spaceballs-1 treated space like a terrestrial cooling problem. The CTO of Starcloud shared that space thermal management doesn’t work this way. A radiator in space emits based on its own temperature and absorbs environmental heat loads from three sources (direct solar, Earth IR, and Earth albedo). Net heat rejection is the difference. Duh. Any semi-competent engineer would know that. Rule one about cyber: we don’t talk about cyber fight club. Rule two: we aren’t competent engineers. With the new inputs, my model ended up matching the CTO’s benchmark of >1,000 W/m².

Today’s tech vs tomorrow’s inventions. I used legacy NASA data for most inputs. This made all my calculations pretty conservative and, much like the original Spaceballs, based on 1980s technology. Spaceballs-2 lets every parameter (all 80+ of them) switch between two scenarios. Conservative uses ISS-era hardware specs and standard LEO orbits. Optimistic uses next-gen solar panels, lightweight radiators, and a sun-synchronous terminator orbit that eliminates eclipse entirely. The delta between scenarios is enormous. A 64-GPU BallSat weighs 6,067 kg conservative vs. 1,301 kg optimistic. I think it’s fair to assume that, as long as a technology doesn’t violate the laws of physics, it will improve at a linear rate (and sometimes exponentially, like in the case of Moore’s Law).

Bus body as a physical object. Spaceballs-1 gave the BallSat’s computer, avionics, comms, and other components zero physical volume. Spaceballs-2 estimates BallSat volume from packing density, derives surface area, and computes the thermal contribution. Turns out the BallSat body is a net heat rejector. GPU waste heat warms it enough that it radiates more than it absorbs from the environment. Small effect, but it’s real and it’s free.

Compute performance. Spaceballs-1 never said how much compute the satellite delivers. Spaceballs-2 adds verified compute specs and calculates total satellite compute, memory bandwidth and capacity, and inference token throughput. I didn’t end up using this in my final analysis. But it did get me thinking about other possible business models for datacenters in space.

Business model comparison. Spaceballs-1 asked “how much does a BallSat cost?” Spaceballs-2 asks “is there a business model and architecture where it makes money?” The new model evaluates five workload types against terrestrial alternatives: AI training, AI inference, public cloud, sovereign cloud, and edge/CDN compute. For each modality it captures terrestrial operator costs, customer pricing, utilization rates, bandwidth requirements, latency tolerances, and deployment scale. It then compares against what the satellite can actually deliver.

Comms modeling. Spaceballs-1 had none. Spaceballs-2 models telemetry, optical inter-satellite links (ISL), ground contact windows, and evaluates bandwidth sufficiency for all business models. It calculates latency and identifies shortfalls. This happens to be something I know a lot about and it turns out to be the single most important addition to the model. Hence the article title. Hey wouldn’t you know it, there’s pesky Chekhov’s Gun again…

Part 2. Debunking (most of) the Options

Remember Mr. Talkie from Part 1? The 6 kg afterthought that I slapped onto the BallSat like a sticker on a Trapper Keeper? In Part 1, I waved my hand and said “comms hardware has gotten remarkably compact” and moved on to more interesting problems.

Turns out Mr. Talkie runs this whole show.

See, I spent most of Spaceballs-1 obsessing over heat and mass, Chekhov’s thermal gun, the relationship between Mr. Radiator and Mr. Engine. All real problems. All worth modeling. But while I was busy computing radiator areas and reaction wheel torques, the communications problem sat quietly in the corner, unassuming, waiting for its moment. Like a junior analyst at McKinsey who just realized the entire strategy deck has a fatal flaw on slide one (spoiler alert: every McKinsey deck has a fatal flaw on slide one. It’s the part that says “McKinsey”).

I would now like to introduce the protagonist of Spaceballs-2. Mr. Talkie’s bigger, meaner, more consequential older brother: the inter-satellite link.

The Bandwidth Wall

Spaceballs-1 modeled a single-GPU satellite with a basic Ka-band transceiver, enough bandwidth to phone home and maybe push 100 Mbps of useful data. For a single lonely GPU doing inference in the void, that’s… technically fine. Sad, but fine.

Spaceballs-2 asks a harder question. What if these satellites need to talk to each other? What if you want your GPUs to cooperate? What if, God forbid, you want to train a model?

You need inter-satellite links. Laser-based optical terminals that beam data between satellites. Starlink uses them. And honestly, the engineering behind them genuinely impresses me. Here’s where the technology stands as of early 2026:

Production hardware: Each Starlink V2 satellite carries three optical ISL terminals running at roughly 100 Gbps per link. That’s real, deployed, operational hardware serving millions of customers. SpaceX solved this at scale. Credit where it’s due.

Near-term demonstrated: China’s Shanghai Institute of Optics and Fine Mechanics (SIOM) set a record of 400 Gbps single-channel free-space optical in a lab demonstration (not space-flown hardware, but still a viable proof of concept).

The future roadmap: Coherent wavelength-division multiplexing could push individual links toward 1 Tbps. ESA’s HydRON program envisions terabit-class optical networking in orbit. These are 2030+ technologies.

Now for NVIDIA’s GPU needs.

NVLink 5.0, the interconnect inside an NVIDIA DGX node, gives every B200 GPU 1.8 terabytes per second of bidirectional bandwidth to its neighbors. Quick unit conversion for the uninitiated: capitalized TBps means terabytes per second. Lowercase Tbps means terabits per second. Eight bits per byte. So 1.8 TB/s = 14.4 Tbps of bandwidth per GPU.

Our future ISL bandwidth: 0.40 Tbps

NVLink requirement: 14.4 Tbps

The gap: 36×

We have a garden hose. We need a fire hydrant. And that 36× gap is the optimistic scenario using China’s lab record, which hasn’t been replicated in orbit. With production Starlink hardware, the gap balloons to 144×.

I’ll say it louder for the people in the cheap seats: even the best optical inter-satellite links on the planet (well, off the planet) deliver 36 to 144 times less bandwidth than what GPUs need to work together on a training job.

You cannot train a large AI model across multiple satellites. You cannot synchronize gradients. You cannot do tensor parallelism across an ISL. The physics say no. The photons say no. Chekhov’s Gun says BLAM.

The satellite IS the cluster. (Quick definition for the non-datacenter crowd: a cluster is a networked group of GPU-equipped computers that split a single massive computation into smaller pieces, runs them in parallel, and reassembles the result.) If your GPUs can’t fit on one BallSat, they can’t cooperate. ISLs cannot provide enough throughput to bridge clusters on different satellites. Full stop.

So What Fits on a BallSat?

The realization that you cannot bridge between clusters on different BallSats fundamentally reframes the entire problem. In Part 1, I imagined vast constellations of BallSats working together in some kind of orbital GPU hivemind. Beautiful vision. Physically impossible because of comms. If you’re not convinced of this yet, I can’t help you.

Instead, we’re stuck with whatever GPUs we can cram onto a single BallSat. So let’s size the bird for each business model and see what the physics allows.

For AI Training, bigger is better, hence the term “hyperscaler.” We have yet to reach the upper limit for scale when it comes to AI training. We need to put as many GPUs as possible onto our BallSat. That number lands around 128 GPUs per bird. Sixteen NVIDIA DGX-class nodes, each with 8 GPUs connected by NVLink internally. Between nodes on the same satellite, they use standard networking (100–400 Gbps Ethernet or InfiniBand). Across satellites? Garden hose.

Can a 128-GPU satellite realistically train a 7-billion parameter model? Easy. Fits on 1–4 GPUs. The other 124 twiddle their thumbs.

How about a 70-billion parameter model? Doable. Sixteen to thirty-two GPUs. The satellite’s NVLink nodes handle the heavy lifting within each 8-GPU group, and on-board networking handles the pipeline boundaries.

A 175-billion parameter model, GPT-3 class? Nope. Needs 384+ GPUs. BLOOM used 384 A100s across 48 nodes. That’s three of our BallSats that can’t talk to each other fast enough to cooperate.

Frontier models? Forget it. Those jobs consume 10,000 to 100,000+ GPUs in tightly coupled clusters with sub-microsecond latency. Our constellation could have a million GPUs and they’d still be useless for this workload. So Musk’s grand vision of training frontier AI in space? Our BallSat can train… a model from 2022. Groundbreaking.

AI Inference flips the script. Independent inference requests can be load-balanced across completely disconnected GPUs with only standard networking, sidestepping the ISL bottleneck entirely. A single GPU handles 7B–13B model inference. Four to eight GPUs cover 70B models. Larger models (GPT-4 class) need 128+ GPUs but can be partitioned across nodes. Each satellite serves requests independently; adding more satellites increases throughput linearly. No tight coupling required. 64 GPUs per satellite, one full inference node per bird.

Public Cloud customers want three things satellites can’t deliver well: elastic scaling (spin up 8 GPUs now, 256 tomorrow), low latency, and hardware variety. The typical enterprise customer rents 1–8 GPUs for development, 16–64 for production, and 256+ only for major runs. We can’t offer that top tier (ISL constraint), and the duty-cycle-limited ground downlink means intermittent connectivity. You’re locked into one hardware config until the satellite deorbits. Still, 64 GPUs gives us a mid-tier offering to test against the economics.

Sovereign cloud and edge/CDN round out the lineup. Sovereign Cloud deployments focus on data sovereignty and security for classified or national-security workloads. The value proposition here is that data never touches foreign soil and legal jurisdiction follows flag-of-registration. A single satellite carries 64 GPUs, enough for the batch intelligence and translation pipelines that dominate this market. Edge/CDN sits at the opposite extreme. Cloudflare runs roughly 13 open-source AI models per GPU across 300+ cities. Akamai uses single RTX GPUs per edge location. These workloads are compute-local, bandwidth-light, and geographically distributed. A satellite constellation mirrors that architecture naturally. 8 GPUs per bird, maximum flexibility.

Use Case	GPUs/BallSat
AI Training	128
AI Inference	64
Public Cloud	64
Sovereign Cloud	64
Edge/CDN	8

Five Use Cases Enter. Most Don’t Survive.

OK. Training mega-models in space remains bupkis. We established that in Part 1. The comms analysis just slammed the coffin shut and welded it closed.

But what about other workloads? Cloud compute serves many masters. Maybe one of them doesn’t mind the constraints of orbital life.

Five contestants. One BallSat. Let’s see who gets voted off the island.

Episode 1: AI Training Gets the Boot

We already killed this one. Twice. The bandwidth gap alone (36–144×) makes cross-satellite gradient synchronization physically impossible. The latency gap (10,000× worse than InfiniBand) buries it further. And the economics scatter the ashes. Training drowned in the ocean before it reached the island. Goodnight, sweet prince.

Episode 2: AI Inference Takes a Swim

This one hurts, because inference actually has the right physics.

Unlike training, inference requests are independent. When you ask ChatGPT a question, your query goes to one GPU (or a small group of GPUs sharing a model via tensor parallelism within a single node). It doesn’t need to synchronize with thousands of other GPUs. It computes your answer. It sends it back. Done.

This means inference can scale horizontally across disconnected GPUs. Each BallSat serves requests independently. Add more BallSats, serve more users. No tight coupling required. The bandwidth between BallSats becomes irrelevant because each bird handles its own workload. According to research from Introl, load balancing inference across thousands of disconnected GPUs works well with basic networking infrastructure.

So inference passes the architecture test. Wonderful. Where does it die?

The coverage problem.

Your inference API needs to be… available. As in, “a user sends a request and gets a response.” For that to happen, the BallSat needs a communication path to the ground. This is called the ground contact duty cycle, or the fraction of time the satellite can communicate with a ground station. Our Spaceballs-1 model had 60 minutes per day. That’s a 4.2% duty cycle. An inference API that works 4.2% of the time would make a dial-up modem blush.

“So build more ground stations!” Sure. Here are our options:

Option A: A handful of dedicated ground stations (3-5 stations). Gets you to roughly 40-60% duty cycle. Better. Still means your API drops out for hours at a time. Your SLA reads like a snow forecast. “Service will probably possibly work this afternoon, 60% of the time. No guarantees though!”

Option B: A global ground station network (15-20 stations). SpaceX-level infrastructure spread across multiple continents. Gets you to 85-95% duty cycle. Costs hundreds of millions of dollars in ground infrastructure. I thought the whole point of space-based compute was to avoid building and powering stuff on the ground?

Option C: ISL mesh relay. Route all traffic through a chain of satellites until you reach one that can see a ground station. Starlink does this for internet service and it works beautifully. For inference latency? Each hop adds 3-4 ms. Route through five to ten satellites and you’ve added 15-40 ms before the GPU even starts thinking. For real-time chatbot-style inference, users notice.

Option D: GEO bent-pipe relay. Park a relay satellite in geostationary orbit (35,786 km up) and bounce all traffic through it. Continuous coverage, problem solved. Except…

The signal path goes ground station → GEO relay satellite → LEO compute satellite → process → LEO satellite → GEO relay → ground station.

Leg 1, ground to GEO: 35,786 km ÷ 299,792 km/s = 119 ms. Leg 2, GEO down to LEO: 35,236 km ÷ 299,792 km/s = 118 ms. Leg 3, back up to GEO: 118 ms. Leg 4, GEO down to ground: 119 ms.

Total propagation delay: 474 ms. Round trip. Before the GPU computes a single floating-point operation. That signal path covers roughly 142,000 kilometers of vacuum at light speed, and no amount of clever engineering can compress the geometry when your relay station parks itself at geostationary altitude.

Half a second of latency just from the relay geometry. Add compute time and ground networking and you’re pushing 600-700 ms for first token. Your chatbot now responds like it’s contemplating the meaning of life before answering “What’s 2+2?”

And then the economics. Our model calculates a break-even price of $6.48 per GPU-hour for space-based inference. The terrestrial market rate sits around $5 per GPU-hour. Annual ROI is negative 81%. For every dollar you spend, you get back 19 cents.

Inference works the same way my New Year’s resolution to run a marathon works. The coverage problem kills the user experience, and the economics bury the corpse.

Episode 3: Public Cloud, Mercifully Quick

This one I’ll keep short. It deserves a short death.

Public cloud customers expect three things: elastic scaling (spin up 8 GPUs now, 256 tomorrow), low latency (sub-50ms round trip), and rich instance variety (pick your GPU, your memory, your networking).

Our satellite offers a fixed 64-GPU configuration, latency dependent on orbital mechanics and relay architecture, and one hardware config until the satellite deorbits in five years. You cannot scale up. You cannot scale down. You cannot swap in a newer GPU when NVIDIA ships the B300x-e-L-s-w-nimbus-4000. Your cloud has the elasticity of a brick.

Bandwidth: FAIL. Cloud customers expect 10+ Gbps of network per GPU. Standard stuff. An AWS p4d instance gives you 400 Gbps of networking shared across 8 GPUs. Our satellite delivers 1.56 Gbps per GPU via ground link. That’s 0.16× the requirement. Six times too little.

Economics: FAIL. Same $6.48/GPU-hr break-even, competing against AWS, Azure, and GCP, three companies with decades of operational optimization, millions of customers amortizing infrastructure costs, and ground-based datacenters that cost a twentieth of what a satellite costs per GPU.

Public cloud in space. It’s like opening a Blockbuster in 2024. The product doesn’t match what customers want, the price doesn’t match what they’ll pay, and the competition has a thirty-year head start.

Episode 4: Edge/CDN, the Heartbreaker

Now this one. This one stings. Because edge computing in space actually makes technical sense.

Edge workloads are small. Cloudflare runs 13 open source AI models per GPU across their 300+ global edge locations. Akamai’s edge compute uses a single RTX GPU per location. The typical edge deployment is one to four GPUs doing inference on small models, transcoding video, caching content.

Our bandwidth requirement is 0.5 Gbps per GPU. Available bandwidth is 1.56 Gbps per GPU. PASS, with a comfortable 3.1× ratio. The first bandwidth PASS for any use case.

Latency? LEO at 550 km altitude means roughly 9 ms round-trip for direct ground contact. Edge workloads tolerate up to 20 ms. PASS.

The compute architecture fits perfectly, too. Edge workloads don’t need inter-GPU coupling. Each satellite processes independently. LEO satellites distributed across orbital planes create a natural global edge mesh, which literally is what edge computing wants to be. The geography baked into orbital mechanics matches the geographic distribution that edge compute needs.

So why is edge eliminated?

Money.

Cloudflare charges $0.02-0.08 per GB for CDN delivery. Akamai’s pricing sits in the same ballpark. These companies operate on razor-thin margins because CDN and edge compute are commodities. The product differentiator between CDN providers comes down to pennies per gigabyte and milliseconds of latency.

Our model shows edge/CDN annual ROI at negative 72%. To match terrestrial CDN economics, we’d need to cut satellite costs by an order of magnitude. And even then, we’d still be competing with companies that have two decades of terrestrial infrastructure already deployed and paid for.

Edge is the one that hurts the most. It’s the technically perfect solution to a problem nobody will pay to solve from orbit. Like a beautifully engineered bridge to a place nobody wants to visit.

Episode 5: Sovereign Cloud. The Last One Standing.

And then there was one.

I almost didn’t include sovereign cloud in the original model. Seemed too niche. Too small-market. Too “what even is sovereign cloud?” for an article about Spaceballs.

Glad I did. Sovereign cloud is the only use case where the physics and the economics align. That’s right ladies and gentlemen, you heard it here first. Sovereign Cloud works in space.

Bandwidth: PASS. Sovereign compute workloads are batch-oriented. Government agencies processing classified documents. National AI models running translation pipelines. Intelligence analysis churning through intercepted communications. These jobs don’t need real-time streaming bandwidth to each BallSat. They need enough pipe to upload the job queue, download the results, and occasionally push a model update.

The bandwidth requirement for sovereign batch processing is roughly 1 Gbps per GPU. Available bandwidth in our model is at least 1.56 Gbps per GPU via ground downlink. The ratio is 1.56×. PASS.

Latency: PASS. And not just barely. Our satellite achieves roughly 9 ms round-trip latency for direct ground contact. Sovereign workloads tolerate up to 500 ms. We’re 55 times faster than the requirement. Latency is so irrelevant here it’s almost embarrassing to include in the analysis.

Why? Because sovereign customers run batch jobs. Upload a thousand classified PDFs. Come back in an hour to grab the results. Latency matters for the data transfer but not for the end-user experience. And for batch processing, the ground contact duty cycle barely matters either. A 30% duty cycle (achievable with 2-3 dedicated ground stations in the customer’s territory) still delivers 324 terabytes of data movement per day through a 100 Gbps downlink. For 64 GPUs running batch inference that’s more than enough to keep them saturated around the clock.

Scale fit: PASS. A typical sovereign deployment runs 8-64 GPUs. Our satellite carries 64. One satellite per customer deployment. No multi-satellite coordination needed. No ISL bandwidth problem. Each customer gets their own dedicated, isolated orbital compute node.

And now the economics.

Sovereign cloud commands a premium. A big one. Every failed use case exposed the same root cause: space infrastructure costs too much for markets where terrestrial providers have already spent decades grinding their margins down to commodity levels. Sovereign cloud escapes that trap. While standard cloud GPU-hours sell for $2-5, sovereign cloud customers pay $15-25 per GPU-hour and sometimes more for classified workloads. They’re paying for a guarantee that their data stays within their control, their jurisdiction, their security perimeter. That guarantee carries real value when you’re a nation-state processing state secrets.

Our model’s break-even price is $6.48 per GPU-hour. The sovereign market rate is $25 per GPU-hour.

Margin per GPU-hour is $18.52. Annual revenue per satellite is $3.77 million. Annual cost per satellite is $3.26 million. Annual ROI is 15.7%. Your payback period ends up being 4.3 years.

With a BallSat mission life of five years, you’re in the black before the bird deorbits.

Houston, we have a business model!

I stared at these numbers for a while. Checked them twice. Had Claude rebuild the model from scratch and verify every formula. The math holds.

One use case out of five. Sovereign cloud, alone and blinking in the wreckage of all the other dead business models, somehow turns a profit.

Why Sovereign Survives

What’s happening here is subtle but critical for business strategy.

Every other use case fails because space-based compute competes with terrestrial compute on performance. Speed. Bandwidth. Elasticity. Cost per FLOP. Terrestrial wins every single one of those fights. Ground-based datacenters run faster, cost less, flex more, and connect better. No contest. Trying to beat AWS on price from orbit is like trying to outswim Michael Phelps while wearing a snowsuit.

Sovereign cloud plays a different game entirely. The sovereign customer doesn’t buy performance. The sovereign customer buys a property of the deployment itself. Physical inaccessibility. Jurisdictional isolation. An air gap enforced by 550 kilometers of vacuum. A government agent with a warrant can walk into a datacenter in Frankfurt. An intelligence operative with the right creds ($5,000 in a paper bag) can access a server room in Singapore.

A GPU in orbit? Nobody’s accessing that. The physical security is enforced by the most effective perimeter in human history.

And today the market values that property at a 5× premium. Add “extraterrestrial technology” to your marketing collateral and you can probably bump that to 6×.

Conclusion

So the only viable space datacenter is a sovereign one.

I started this project to make fun of Elon Musk. I’m still making fun of Elon Musk. His plan to build an AI training datacenter in space remains complete and utter crap.

But somewhere between the thermal equations and the bandwidth calculations, something unexpected emerged. The punchline turned into a real question. The real question turned into an insight about Sovereign Cloud, which is not a space story. It’s a cyber story. And cyber stories are my thing.

So stay tuned for Spaceballs the Datacenter 3: Cyber Goes Plaid

The Impossible Seat

Wed, 04 Mar 2026 00:00:00 GMT

On February 9, 2026, Japan restarted Kashiwazaki-Kariwa Unit 6. Fifteen years dark. The country’s largest nuclear power plant, shuttered since Fukushima, humming again at 1,356 megawatts. That single reactor displaces 1.3 million tons of LNG imports per year. I remember reading the coverage and thinking: this is a country that watched a tsunami trigger a nuclear meltdown, spent a decade and a half processing the trauma, and still decided to flip the switch again because the energy math demanded it. Because 95% dependency on Middle Eastern crude is its own kind of meltdown, just slower. God bless them.

Nineteen days later, the United States and Israel launched Operation Epic Fury.

Joint strikes are hitting Tehran, Isfahan, Qom, Karaj, Kermanshah. Supreme Leader Khamenei is dead. Nuclear facilities, destroyed. Regime leadership, targeted across five cities. Whether Washington says “regime change” out loud is a question for the press briefings. The strikes have already answered it. As I write this, Secretary Rubio is promising the attacks will increase in scope and intensity. The death toll in Iran has passed 787 and is climbing.

Iran’s response is to close the Strait of Hormuz. As of this morning, three major Japanese shipping companies have suspended transit. Over 150 crude oil and LNG tankers sit anchored, going nowhere. Brent crude is past $80 a barrel. Analysts are calling $100. The Dow dropped a thousand points yesterday.

Japan pays the highest premiums in the Indo-Pacific for its American security guarantee. Japan’s record $58 billion defense budget, approved December 2025, with constitutional reinterpretations that would have been unthinkable ten years ago on top of seventy years of diplomatic deference to Washington on basing, on trade, on every major foreign policy question since the occupation ended. The policy was supposed to protect the house.

And then the insurer set the neighborhood on fire.

I need to back up and explain how the architecture works, because it might be the architecture that breaks first.

Japan’s postwar grand strategy rests on two pillars. Pillar one: absolute security dependence on Washington. The extended nuclear deterrent, the Seventh Fleet, 54,000 US troops stationed across Japanese territory. Pillar two: insatiable growing energy appetite fed at the teat of wherever they can get it (resulting in an absolute energy supply chain dependence on the Middle East). S&P Global’s August 2025 analysis pegged it at 95% of Japan’s crude oil from Middle Eastern suppliers. Roughly three-quarters of Japan’s total oil imports transit the Strait of Hormuz.

For seventy years, these two dependencies reinforced each other. The US Navy kept the sea lanes open. Japan bought the oil. Everyone prospered. The arrangement was elegant, and it worked, and nobody in Kasumigaseki or Washington ever seriously stress-tested what happens when the two pillars collide. When the security guarantor becomes the energy disruptor.

That stress test is running right now.

Japan holds 254 days of strategic petroleum reserves and somewhere between two and four weeks of LNG. Fifteen of 32 operable reactors are running, with a government target of 30 by 2040. The country has talked about reducing Middle East energy dependency for decades. Through multiple prime ministers. Through the 1973 oil shock, which was supposed to be the wake-up call. Through multiple Gulf crises. And here it sits, in March 2026, at 95%. Decades of diversification policy produced a country that diversified its talking points and nothing else.

Prime Minister Sanae Takaichi saw the cracks before February 28. She came into office with the most aggressive national security platform since Shinzo Abe: defense spending hitting 2% of GDP two years ahead of schedule, anti-spy legislation, a national intelligence apparatus consolidating under her authority, the Active Cyber Defense Bill in February 2025, and the Kashiwazaki-Kariwa restart. She was building a Japan that hedges its dependency on Washington’s judgment. A reasonable project. A decade-long project.

She just got handed a deadline measured in weeks.

The irony gets so thick you could choke on it.

Fukushima in 2011 killed Japan’s nuclear energy program overnight. Fossil fuel imports surged to fill the gap, and the Middle East dependency deepened for fifteen straight years. Kashiwazaki-Kariwa’s restart on February 9 was the moment the security math finally overrode the trauma. The country chose nuclear power again.

Nineteen days later, a war fought partly over Iran’s nuclear ambitions is becoming the most powerful accelerant for Japanese nuclear energy since the tsunami that nearly buried it. The government target of 30 reactors by 2040 stopped being aspirational energy policy somewhere around the moment the first tanker dropped anchor outside Hormuz. It is a survival plan now. A country scarred by nuclear disaster, restarting nuclear power, because a war partly about nuclear weapons just cut off its oil.

And the disruption isn’t just physical. Iran’s conventional military is largely destroyed, but cyber remains the one asymmetric tool that doesn’t need functioning airfields. Palo Alto’s Unit 42 documented retooling across Iranian cyber units this week. Nothing catastrophic has hit anyone yet, but Takaichi’s Active Cyber Defense Bill was designed for Chinese espionage and North Korean ransomware, not for a potentially cornered state with wiper malware and nothing left to lose. One more item on a list that’s already too long.

Dismantling the Iranian theocracy strengthens the global security order. The regime massacred its own civilians during the 2025-2026 protests. Its enrichment program hit 60% purity, well beyond any civilian justification. Pressuring this regime, even aggressively, is defensible and rational. I believe that.

But defensible for global security and defensible for Japanese security split apart on February 28, and the gap is widening by the hour. The operation is imposing its heaviest costs on the allies the US needs most. Japan didn’t choose this war. Japan can’t afford this war. And Japan can’t say so publicly because the same alliance that just disrupted its energy supply is the only thing standing between Tokyo and its actual existential threat (which starts with “C”, ends in “hina”, and isn’t in the Persian Gulf).

Takaichi condemned Iran’s nuclear program and stayed conspicuously quiet on the strikes themselves. That silence is the sound of a leader staring at two clocks, trying to figure out which one runs out first: the oil reserves or the diplomatic goodwill.

Meanwhile, Japan’s pacifist constitution is doing gymnastics nobody in the Diet choreographed. The SDF’s information-gathering mission in the Gulf now operates in an active warzone that Japan’s closest ally ignited. Whether the SDF expands into tanker escort duty would trigger the most consequential Article 9 debate since Abe’s 2015 reinterpretation, at precisely the moment when saying no looks like free-riding and saying yes means joining a war Japan never endorsed. Constitutional pacifism is a fine peacetime luxury until your oil supply depends on a wartime strait.

The cost of this crisis doesn’t stop at Tokyo’s borders. It runs straight through Beijing.

China buys 90% of Iran’s oil exports. Forty percent of China’s own oil imports transit Hormuz. Beijing is pressing Tehran to reopen the strait, which puts China and Japan in the same absurd position. Two nations on opposite ends of the American relationship, both dependent on the same chokepoint, both damaged by an operation neither endorsed.

The resemblance ends there. China built the resilience Japan only talked about. Overland pipelines from Russia and Central Asia tied with strategic petroleum reserves estimated at over 1.2 billion barrels and diversified LNG sourcing. Japan has tankers and no overland alternatives or pipeline options. An island nation at the end of the longest energy supply chain on earth, and someone just cut the chain.

The economic pain for China is real and its geopolitical consequences matter. Beijing is losing a major oil supplier and a strategic partner in the Middle East. Iran’s theocracy, whatever survives of it, was a useful counterweight to American influence in the Gulf. That counterweight is evaporating. Russia’s isolation deepens as another authoritarian node crumbles. These are genuine gains for the global security architecture. They’re worth celebrating.

But those gains come packaged with a problem that should keep Takaichi awake tonight. She built her entire security platform around deterring China. The $58 billion defense budget. Type-12 standoff missiles with 1,000-kilometer range. She announced to the world that Japan’s military could get involved if China moved on Taiwan. Her entire theory of the case depends on American presence in the Western Pacific.

And right now, American presence is in the Persian Gulf.

Every carrier strike group running escort duty through Hormuz is absent from waters near Taiwan. Every intelligence analyst tracking Iranian missile launches is one not tracking PLA movements around the Senkaku Islands. Beijing’s strategists are running this arithmetic as I type, and the math favors patience. You don’t need to provoke a crisis in the Taiwan Strait when your primary adversary just committed his best naval assets, his sharpest intelligence analysts, and his political capital to a war six thousand miles from the Western Pacific. You wait. You watch. You take notes.

The insurer is fighting a fire across town. The house hasn’t caught yet. But the arsonist next door just noticed the fire truck left.

On March 19, Takaichi will sit across from Trump. The summit was always going to be about China, about Taiwan contingency planning, about trade, about the future of deterrence in the Western Pacific.

Now the agenda carries something heavier.

What does an alliance look like when the insurer’s strategic judgment and the policyholder’s economic survival point in opposite directions? February 28 proved they can. The question Takaichi brings to Washington is what prevents it from happening again. Not in the abstract. Not as a diplomatic nicety. As a structural feature of the relationship: consultation protocols before military operations that threaten allied energy supply, intelligence sharing on Gulf maritime security, and the understanding that allied economic survival is a variable in American military planning and not an externality.

Takaichi is already building part of the answer herself. More reactors coming online. The defense budget climbing beyond 2%. Cyber defense capabilities, still early but accelerating. A national intelligence apparatus consolidating under her direct authority.

But March 19 is where Takaichi negotiates the gap between the Japan that exists and the Japan she’s building. A Japan that keeps paying its premiums but is quietly building its own fire department. The construction isn’t finished. Given what’s happening in the Gulf this week, it may not be finished in time.

The basics broke telecom. (Source: The CyberWire Daily Podcast)

Thu, 26 Feb 2026 00:00:00 GMT

Source: Listen to the episode

On The CyberWire Daily Podcast, I joined Dave Bittner and Maria Varmazis to unpack the rush toward digital sovereignty in space and cyber. I laid out how Japan and Taiwan are pushing for sovereign cloud architectures that keep data inside national borders, and why that strains U.S. cloud providers that cannot localize at the same depth today.

We traced the tradeoffs, including massive capital expenditure for data centers, the erosion of U.S. standard-setting leverage, and the upside for countries that want their privacy regimes to govern their data. I also previewed my RSA 2026 learning lab on first-principles risk forecasting and the limited seats for that session.

Key topics

Sovereign Cloud Economics: Localization demands new infrastructure spending and reshapes cloud competition.
Regulatory Gravity: National privacy laws gain force when data stays within geographic borders.
Strategic Spillover: Shifts in sovereignty ripple from space policy into cyber supply chains and market access.

3D Printing Cyber: The AI Phase of Offense Industrialization

Tue, 24 Feb 2026 00:00:00 GMT

On February 20, 2026, CJ Moses, CISO of Amazon, published findings from Amazon Threat Intelligence describing a campaign that should reframe how we think about cyber offense. A Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise over 600 FortiGate firewall appliances across more than 55 countries between January 11 and February 18, 2026. The campaign involved no zero-days, no exploit development, and no team that we know of. The actor scanned internet-facing management interfaces, tried common credentials against single-factor authentication, and let AI handle the rest.

Moses called it “an AI-powered assembly line for cybercrime, helping less skilled workers produce at scale.”

The assembly line metaphor is dead on.

I’ve spent the past year exploring how offense industrialized. How the Chinese cyber ecosystem grew into a manufacturing supply chain of specialized firms, each perfecting one phase of the kill chain and scaling operations the way Toyota scaled automobile production. That framework describes what happened over the past decade. This campaign opens a window into what will happen next.

The assembly line just got compressed into a single workstation. And the operator doesn’t need to understand how the factory works.

What Happened

Amazon Threat Intelligence discovered the campaign through routine operations. The actor scanned FortiGate management interfaces exposed on ports 443, 8443, 10443, and 4443 across the open internet, then attempted authentication with commonly reused credentials. Just the digital equivalent of checking which doors are unlocked, executed at a speed no human team could match without automation.

FortiGate configuration files are high-value targets for a specific reason. They contain SSL-VPN user credentials with recoverable passwords, administrative credentials, complete network topology, firewall policies revealing internal architecture, and IPsec VPN peer configurations. A single config file hands an attacker the blueprint of an entire network along with the keys to walk through it. The actor developed AI-assisted Python scripts to parse, decrypt, and organize these stolen configurations.

Then the operation escalated. After establishing VPN access to victim networks, the actor deployed AI-generated reconnaissance tools that automated the post-exploitation workflow: ingesting target networks from VPN routing tables, running service discovery with open-source scanners, identifying domain controllers, and producing prioritized target lists. Inside victim networks, Meterpreter with the mimikatz module performed DCSync attacks against domain controllers, extracting complete NTLM password hash databases from Active Directory. In at least one case, the Domain Administrator account used a plaintext password extracted directly from the FortiGate configuration. That’s password reuse connecting the perimeter device to the keys of the kingdom.

The actor then targeted Veeam Backup & Replication servers, the pre-ransomware playbook. Rapid7 reported that over 20% of their 2024 incident response cases involved Veeam access or exploitation. Compromise backups first, encrypt second. Amazon’s analysis confirmed no ransomware deployment, although the actor’s operational notes documented the intent to. They were building toward it.

Notably, when the actor encountered hardened environments, they moved on. Things like patched services, closed ports, MFA enabled forced the actor to switch targets. The actor’s own operational assessment for one confirmed victim acknowledged that key infrastructure targets were “well-protected” with “no vulnerable exploitation vectors.”

The Exposed Server

We know all of this because the actor’s operational security collapsed.

The server at 212[.]11.64.250, port 9999, hosted on a Swiss autonomous system, contained 1,402 files across 139 subdirectories; CVE exploit code; FortiGate configuration files from victims; Nuclei scanning templates; Veeam credential extraction tools; BloodHound collection data mapping Active Directory relationships; AI-generated attack plans with step-by-step exploitation instructions, expected success rates, time estimates, and prioritized task trees; Source code for every custom tool in the operation; Victim network topologies with confirmed credentials, identified services, and recommended lateral movement paths.

Everything. On a public server. Without encryption. Talk about a noob.

This level of exposure rarely (never) happens with professional operations. State-sponsored campaigns compartmentalize by design. Organized cybercrime groups enforce operational discipline through organizational hierarchy. This actor had neither structure nor discipline, and that absence explains both why we can study this campaign in such detail and why the operational model itself carries a structural vulnerability.

But the exposure also serves a different analytical function. We know this campaign existed because the operator was careless. The infrastructure that Amazon Threat Intelligence discovered represents one data point, the visible one. The question that should sit with every reader is, “How many similar campaigns run right now with better hygiene?”

The Factory and the 3D Printer

I’ve written previously about how the Chinese cyber ecosystem industrialized through organizational specialization. Companies now provide discrete kill chain services. One firm handles reconnaissance. Another brokers initial access. A third provides command infrastructure. A fourth manages exfiltration. Each perfects one phase and sells it as a service. The ecosystem scales horizontally, like a manufacturing supply chain producing custom goods at commodity speed. Attribution fragments along organizational boundaries. When reconnaissance happens in one company, weaponization in another, and C2 in a third, defenders can’t trace a full campaign to a single actor.

That’s the factory. Organizational specialization. Distributed production. A decade of institutional development.

This campaign built a 3D printer.

One actor performed six distinct industrial functions: reconnaissance and scanning, tool development, credential extraction and parsing, infrastructure management, attack planning, and post-exploitation. AI substituted for specialized teams at each phase. The actor used at least two distinct commercial LLM providers throughout operations. Amazon Threat Intelligence identified one model serving as the primary tool developer, attack planner, and operational assistant, with a second used as a supplementary attack planner when the actor needed help pivoting within specific compromised networks.

Independent analysis by Cyber and Ramen identified the specific models. DeepSeek generated attack plans from reconnaissance data. The actor configured Claude Code, Anthropic’s coding agent, for autonomous execution of offensive tools. The actor built a custom tool called ARXON, a Model Context Protocol (MCP) server that bridged stolen recon data and commercial language models. ARXON ingested per-target reconnaissance, called DeepSeek to generate structured attack plans, and stored results in a persistent knowledge base that grew with each compromised target. It also contained scripts for batch SSH-based FortiGate VPN account creation, user provisioning, and automated Domain Admin credential validation.

The actor started with HexStrike, an open-source MCP framework released in 2025 that wraps 150+ security tools with MCP decorators so AI agents can invoke them autonomously. Within approximately eight weeks, the actor graduated to ARXON, a custom orchestration platform. Consumer to builder. Two months.

The factory, the Chinese ecosystem model, distributes production across organizational boundaries. Each firm holds one piece of the operation. Compromising one firm reveals one phase. The organizational structure creates resilience through compartmentalization.

The 3D printer concentrates everything in a single node. One server held 1,402 files documenting the entire operation. The actor’s OPSEC failure was architectural. When you compress the supply chain into one workstation, you compress the failure surface into one workstation. The Toyota model distributes risk. The 3D printer concentrates it.

Both models produce. They produce differently.

The factory retains its advantage on hard targets. The precision operations that demand persistent access, custom exploit development, deep institutional knowledge of specific victim environments. The kind of work that requires the human expertise AI can’t replicate. ShadowPad campaigns spanning 70+ organizations across nine months require coordination, institutional memory, and operational discipline that a solo AI-augmented actor demonstrably lacks.

The 3D printer floods the market with volume against soft targets. Six hundred devices, 55 countries, five weeks, one operator. The quality per unit is lower. The tooling shatters under edge cases. The actor can’t compile custom exploits, debug failed attempts, or creatively pivot when standard approaches fail. But volume compensates for selectivity. The threat model shifts from “sophisticated actor persists against your defenses” to “automated industrial process sorts you into a category and processes accordingly.”

And the timeline between these two models compresses at alarming speed. In September 2025, Anthropic disclosed that a Chinese state-sponsored group (tracked as GTG-1002) had manipulated Claude Code into functioning as an autonomous cyber attack agent, executing 80-90% of tactical operations independently across roughly 30 targets globally. That was a state-sponsored operation with institutional resources. Three months later, in January 2026, a financially motivated individual replicated the conceptual model with commercial tools and API keys.

The capability transfer from nation-state to solo operator used to take years. GTG-1002 to this campaign was twelve weeks.

The Raw Material Problem

The campaign succeeded because the raw material existed in abundance.

FortiGate appliances have weathered an 18-month siege of vulnerability disclosures and mass exploitation campaigns. The timeline matters because it explains where this actor’s starting inventory came from.

October 2022: CVE-2022-40684, a critical authentication bypass zero-day, was exploited in the wild. Attackers harvested configuration files from approximately 15,000 devices. January 2025: a group calling itself Belsen Group dumped those 15,000 configurations on the dark web for free, as a promotional move to establish reputation. Plaintext VPN credentials included. Censys confirmed that 54.75% of affected IP addresses remained online and reachable. Nearly a third still exposed the compromised FortiGate login interfaces.

The supply kept growing. Four more critical Fortinet vulnerabilities followed between January 2025 and January 2026, each adding to the stockpile, including one that worked on fully patched devices. The supply of exploitable starting material expanded faster than organizations rotated credentials. This campaign processed that stockpile at industrial speed.

A deeper architectural question sits underneath the vulnerability timeline. At this stage in the long evolution of security architecture, we need to accept that SSL VPNs are just a terrible idea and should be eradicated with extreme prejudice.

SSL VPN technology manufactures portable credential packages. A FortiGate configuration file contains recoverable plaintext passwords, complete network topology, routing information, and VPN peer configurations. This is everything an attacker needs to map, enter, and navigate a network, bundled into one extractable artifact. ARXON ingested these artifacts. DeepSeek produced attack plans from them. The architecture generated the input. AI processed it. Scale followed automatically.

Norway’s National Cyber Security Centre mandated SSL VPN replacement by end of 2025, and mandated that critical infrastructure transition by end of 2024, a directive that followed state-backed actors exploiting zero-days in SSL VPN products targeting Norwegian infrastructure. SonicWall announced it will remove all SSL VPN licenses and support after October 2025. Zscaler’s 2025 VPN Risk Report found 56% of organizations reported VPN-related breaches in the past year. NIST cataloged 83 VPN CVEs in 2024 alone, 60% scoring high or critical.

The migration argument moves from “best practice” to something more concrete. If you’re using an SSL VPN, your architecture produces raw material for automated exploitation. The organizations that can afford ZTNA migration will complete it. The organizations that can’t (the mid-market companies across South Asia, Latin America, and West Africa that populate this campaign’s victim list) remain inventory for the next assembly line.

The haves. And the have-nots.

The IOC Problem Strikes Back

Moses published two IPv4 indicators of compromise in his report. He also wrote, in the same report, that “traditional IOC-based detection has limited effectiveness” because the actor used legitimate open-source tools (Impacket, gogo, Nuclei, Meterpreter) present in every penetration testing engagement.

He shared the indicators. Then he told you they won’t help.

This paradox sits at the center of a structural failure in threat intelligence I’ve written about previously. The median C2 server lives five days. The average shared indicator arrives 33 days later. The indicator expires before it arrives.

This campaign adds a new dimension. The operationally useful intelligence (ARXON’s MCP architecture, the two-model workflow, behavioral patterns of AI-orchestrated lateral movement, detection opportunities like anomalous VPN geo-patterns and unexpected DCSync operations) fits into no existing sharing format.

You can encode two IP addresses in STIX and distribute them via TAXII. You cannot encode “the attacker submitted complete victim network topology to a commercial LLM and received a prioritized exploitation plan” in a machine-readable format that another organization can operationalize. The intelligence that’s sharable in current formats is already dead or dying. The intelligence that matters has no transport standard or mechanism to even exist.

The clearing house for behavioral intelligence exchange, for TTP-centric, context-rich, time-bounded intelligence that routes to the right consumer, still doesn’t exist. The platforms that host threat intelligence feeds built their economics on IOC volume. The ISACs that coordinate sector defense built their workflows on indicator distribution. The government bulletins that inform defensive priorities still circulate hashes and domains as their primary unit of cooperation.

All of it transacts in a currency that buys less each quarter. This campaign’s two IP addresses are the latest denomination.

The Two-Tier Landscape Hardens

The actor’s operational notes recovered from the exposed server record repeated failures against hardened environments.

Targeted services: patched. Required ports: closed. Vulnerabilities: didn’t apply to the target OS versions. The actor’s final assessment for one confirmed victim: key infrastructure targets “well-protected” with “no vulnerable exploitation vectors.”

Each adversary failure traces to a basic defensive control that is a well-known and recommended minimum baseline. MFA on VPN access. Management interfaces pulled off the internet. Credentials rotated after the Belsen Group dump. Backup infrastructure segmented. Veeam servers patched.

Fundamentals. All of them. The problem is distribution.

The organizations this campaign hit cluster across South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. Managed service providers running shared FortiGate deployments. Organizations where multiple devices shared non-standard management ports. This is an example of centralized administration without centralized security. Environments where a Domain Administrator password matched the SSL-VPN credential the actor pulled from a firewall config file.

I spent a week in Taipei in December 2025 discussing digital resilience with government officials and critical infrastructure operators. Taiwan’s small and medium enterprises form the backbone of the economy. Many lack IT departments. Some lack IT administrators entirely. They hire an engineer to configure email, purchase a firewall appliance, and hope for the best. The threat ecosystem industrialized to exploit these organizations as soft entry points into supply chains connecting to larger targets.

This campaign processed them at industrial speed. The controls that work against these campaigns are known. But they’re cheap to describe. Expensive to deploy for the organizations that need them most.

The gap between resourced defenders and everyone else widens quarter by quarter. Organizations with behavioral baselines, deployed MFA, segmented networks, and audited management interfaces survived this campaign without incident. An automated process running on commercial AI sorted organizations without these fundamentals into the soft-target category.

Defense-as-infrastructure (composable, standardized, horizontally scalable security that deploys without requiring bespoke expertise or dedicated security teams) remains the market gap. The AWS of cyber defense. I’ve written about this need in the context of Taiwan’s digital resilience challenges and the broader failure of the IOC-sharing economy to protect the organizations consuming stale indicator feeds.

This campaign amplifies the demand signal. Nobody has built it yet.

The Question Underneath

The analytical frameworks that have organized cybersecurity thinking for fifteen years assume capability correlates with organizational resources. Advanced Persistent Threat groups possess advanced capabilities because they command state-sponsored budgets, institutional expertise, and organizational depth. Financially motivated criminals operate at lower sophistication because they lack those resources. The taxonomy (APT versus cybercrime, nation-state versus criminal, sophisticated versus commodity) rests on that correlation.

The correlation is broke.

A financially motivated individual (maybe small team) with commercial AI access just compromised 600+ devices across 55 countries, extracted complete Active Directory credential databases, and positioned for ransomware deployment against backup infrastructure. The techniques mirror state-sponsored operations. The organizational resources amount to a laptop and API keys.

AI compresses the offense supply chain from ecosystem to individual. The factory still runs. The Chinese ecosystem’s organizational model retains its advantage on hard targets. But the commodity operations face radical democratization. The 3D printer produces at lower quality than the factory. The operator can’t debug failed exploits, can’t compile custom tooling, can’t creatively adapt when conditions diverge from the AI-generated plan. When this actor hit a wall, they moved on.

The only reason we can study this campaign in the detail Amazon published is because the operator stored everything on a public server without encryption. A competent operator running the same model with basic infrastructure hygiene produces no exposed Zurich server. The victims discover the compromise through ransomware deployment. Or they don’t discover it at all.

That’s the campaign worth thinking about. The one that learned from this actor’s mistakes. The invisible assembly line, operated by one, running on commercial AI, processing soft targets at industrial speed with competent operational security.

How many are running right now? And how do we defeat them?

IOCs Are Dead. Long Live IOCs.

Wed, 18 Feb 2026 00:00:00 GMT

A foot of snow fell in Maryland the other week. My German shepherd Mango has a red ball she’d trade her life for. I pushed it down the hill.

She watched it bounce. Stomped her feet. Barked at the sky. Launched herself.

Up up up. Down down down. Face first. POW.

Snow everywhere. Ball nowhere near her.

Mango’s problem is that she always seems to jump to where the ball was. She commits with everything she has and arrives with a snout full of snow but long after the ball has already moved on.

This is what we’re doing with indicators of compromise.

The indicator of compromise (the hash, the IP, the domain) is the fundamental currency of threat intelligence. That currency collapses a little more each quarter. Ninety percent of command-and-control infrastructure dies within five days; the average shared IOC arrives 33 days later, after the server it describes has already gone dark. Adversaries industrialized signature production. Nation-state campaigns increasingly generate unique code per target, and commodity crimeware trends the same direction as offensive toolkits democratize, modular C2 frameworks lower the barrier to entry, and AI-assisted development accelerates payload generation. The gap between state-sponsored and criminal infrastructure narrows by the month. The IOC might yet survive. Repositioned as raw material inside a contextual intelligence pipeline that routes the right intelligence to the right consumer at the right time for the right reasons, the indicator can still carry weight. The finished product of intelligence just looks different now.

The Dead Letter Office

The empirical case continues to stack fast against legacy indicators of compromise.

Censys research found the median Cobalt Strike C2 server lives for five days. A 2022 IoT botnet study corroborated the finding that 90% of C2 servers died within five days and 93% within fourteen. Recorded Future documented a 33-day average delay between initial detection of a C2 server and the moment that indicator surfaces in a published threat report.

The indicator expires long before a defender even knows to use it.

The malware story is no different. The agility of malware developers to ship new code swamps the ability for legacy IOCs to have a meaningful impact. Mandiant’s M-Trends 2025, drawn from 450,000+ hours of investigations, catalogued 632 new malware families in 2024. Total tracked families exceeded 5,500. The volume of unique signatures now outpaces any single organization’s capacity to consume them, let alone operationalize them against a live threat.

Academics formalized what practitioners already knew. Tostes et al. published the first real-world evaluation of IOC aging thresholds in 2023, demonstrating that indicator reliability degrades on predictable curves. Barnhart and Lee followed in October 2025 with adversary-aware retention modeling through SANS, confirming that threat actors cycle infrastructure at different rates and that uniform decay models waste analyst hours chasing dead indicators.

Three independent lines of evidence. Same conclusion. The platforms themselves conceded the point. MISP built formal decay scoring into its platform. OpenCTI 6.0 shipped configurable decay rules with automatic revocation when indicator scores drop below thresholds. Dragos published end-of-life guidance advising that IP-based indicators should carry expiration dates. When your tooling needs a built-in expiration system for the data it processes, the data model carries a structural defect.

The data establishes that IOCs are dying. The harder question is why. The hardest question is what to do about it.

How the Mint Broke

Offense industrialized.

Hundreds of specialized firms now provide discrete kill chain services across the Chinese cyber ecosystem. One company handles reconnaissance, another brokers initial access. A third provides command infrastructure. A fourth manages exfiltration. Each firm perfects one phase and sells it as a service. The ecosystem scales horizontally, like a manufacturing supply chain producing custom goods at commodity speed. Attribution fragments along the same lines: organizational boundaries, tooling, and tradecraft shift at every phase of an operation, making it nearly impossible to trace a full campaign to a single actor.

ShadowPad illustrates the production model. SentinelLABS tracked the PurpleHaze activity cluster spanning July 2024 to March 2025, linking ShadowPad deployments across 70+ organizations and leveraging Operational Relay Box networks operated from China. Trend Micro documented updated variants targeting 21 companies across 15 countries in February 2025. Secureworks CTU ties ShadowPad clusters to MSS and PLA-affiliated groups. Darktrace independently confirmed ShadowPad detections in customer environments. The toolkit remains in active development. A living product line, refined and shipped with the regularity of a commercial software release.

The infrastructure hosting that C2 traffic sits inside the same cloud environment defenders depend on. AWS and Google restricted classic domain fronting in 2018 (Signal documented the impact. AWS published enhanced domain protections) after the Telegram-Russia blocking crisis drove collateral damage across 15.8 million IP addresses. Threat actors adapted. They stopped disguising traffic through CDNs and moved into the infrastructure itself. ShadowPad C2 now uses spoofed TLS certificates impersonating Intel and Dell, hosted on commercial providers. Your adversary’s command server and your production workload share a subnet.

Meanwhile, modular C2 frameworks exploded in adoption. Sliver, Havoc, Brute Ratel C4, and Mythic displaced Cobalt Strike as operators’ tools of choice. Each generates unique beacons per deployment. The C2 framework market also industrialized. Unique infrastructure generation became trivial for operators at every sophistication tier, from state-sponsored teams to ransomware affiliates running weekend operations out of a Discord server.

The ball accelerates. And we built a machine that manufactures new balls.

The Gold Standard After the Gold Ran Out

The intelligence-sharing economy was designed around the assumption that signatures carry reusable detection value across organizations. ISACs distribute indicators. Government bulletins circulate hashes and IPs. Vendors sell threat feeds built on the same premise that knowing what’s “bad” protects you from it. MISP stores and correlates those indicators, STIX/TAXII formats the transport, and the IETF formalized the concept in RFC 9424. Every layer of the cooperative architecture between defenders trades in the IOC currency.

Think about what that means beyond any single organization’s detection capability. ISACs built their entire coordination model on IOC exchange. Government cybersecurity bulletins circulate IOCs as their primary unit of cooperation and value creation. Vendor relationships between threat intelligence providers and their customers are denominated in indicators per feed. Alliance frameworks in the Indo-Pacific, across NATO, between Five Eyes partners, all assume that sharing “known bad” signatures constitutes meaningful cooperation. When the underlying unit of exchange loses reliability, the connective tissue between defenders degrades, and the cooperative infrastructure that took three decades to build across sectors, across alliances, across public-private partnerships starts to fray at every junction. Every ISAC meeting, every government alert, every threat feed subscription becomes a transaction conducted in a currency that buys less and less each quarter.

IOCs didn’t devalue like fiat currency through lost faith in an issuing authority. Adversaries made the underlying asset (a static signature) trivially reproducible. This is the equivalent of monetary counterfeiting. Adversaries flooded the market with unique signatures the way a counterfeiter floods an economy with bills, draining each individual indicator of value while the category of ‘indicator’ retains the same theoretical worth that the concept of ‘currency’ retains after hyperinflation. The platforms themselves conceded the point years ago, building expiration systems into the data they process. Everyone still trades in the currency because no alternative exchange mechanism exists. The infrastructure persists because switching costs run high and no replacement clearing house has been built.

The IOC-centric model of threat intelligence is failing. The response: stop treating the indicator as the finished product.

What Lives On

David Bianco proposed the Pyramid of Pain in 2013 (SANS maintains a reference). Hash values at the bottom, trivial for attackers to change. TTPs at the top, expensive to alter. Thirteen years later, the hierarchy maps directly onto what practitioners say they want: stop pouring resources into the bottom of the pyramid and start climbing.

The hash, the IP, the domain: these persist as anatomical components inside a richer intelligence organism. They carry forensic value. They anchor attribution chains. They catch commodity crimeware. And they belong inside a larger system as raw inputs, components that a pipeline digests and transforms into actionable intelligence. The IOC goes in as raw material. Contextual, time-bound, consumer-specific intelligence comes out. Each tier of the pipeline performs a different metabolic function, and the organism produces something the raw indicator could never be on its own.

I’m proposing a three-tier intelligence pipeline.

Tier 1: Tactical automation. Atomic indicators get ingested, time-bounded using adversary-aware decay models, and scanned against environmental assets. This last part is key because it defines the context. Intelligence is useful without it. Indicators need salience and context to be usable. We still haven’t solved this problem and no, EDR/MDR/XDR doesn’t meet the need. Environments are more complex than a jumble of endpoints. The indicator needs a system that knows whether it matters to this environment and whether the indicator still breathes, not an analyst spending twenty minutes triaging a dead IP against hundreds of end user devices or a static malware hash against three dozen OS versions.

Tier 2: Operational TTP routing. Campaign behavior, technique patterns, and behavioral indicators get routed to threat hunting teams who translate them into environment-specific hypotheses. MITRE ATT&CK provides the taxonomy. Tools like TRAM and emerging ML classifiers (AC_MAPPER showing ~93% accuracy on benchmarks) accelerate extraction, but human analysts remain essential for validation and environmental translation. A detection rule that works in one network architecture may fire false positives in another. The analyst bridges that gap.

Tier 3: Strategic business intelligence. High-level threat landscape, sector-specific trends, and incident context packaged for business leaders and client-facing teams. No hashes or IPs. Situational awareness stripped of technical granularity. The executive receiving a strategic intelligence product shouldn’t need to know what a C2 server is. They need to know whether their risk profile changed this quarter.

SOC practitioners describe wanting exactly this model. Time-bounded indicators automated. TTPs routed to hunters. Strategic intelligence pushed to business leadership, where a CISO or a client-facing executive can walk into a meeting and say I read about that incident, here’s our exposure without parsing a STIX bundle. The model maps to existing organizational roles and consumption patterns. It works because it routes intelligence to the consumer who can act on it based on context, rather than dumping everything into a shared feed and hoping the right person finds the right needle in a sea of needles.

The problem runs deeper than design.

Everyone knows what the replacement looks like. The pieces sit on the table. The tools exist in fragments. The capabilities and technologies are right there for the taking. And yet, nobody has built it. Why?

Why Nobody Built the Replacement

Every sophisticated defender knows IOCs are degrading. The replacement model (contextual pipelines, behavioral baselines, TTP detection) is well-understood theoretically. Everyone points to cost and complexity. The deeper answer sits in the incentive structure.

The data moat holders who won’t share. Behavioral baselines require years of historical telemetry across diverse environments. The organizations that already have this depth (large MSSPs, hyperscalers, major carriers with network-level visibility) carry zero incentive to commoditize it. Their competitive advantage is the baseline. Productizing that depth as accessible infrastructure destroys the moat. The entities best positioned to build the replacement have the least incentive to make it accessible. A natural monopoly dynamic forms, concentrating defensive capability among incumbents and discouraging new entrants.

The platform hosts who won’t constrain. AWS, Azure, and Google Cloud have the scale, compute, and telemetry to build contextual enrichment pipelines as platform services. They also host the adversary’s C2 infrastructure. ShadowPad C2 runs on the same cloud providers that sell security products to the defenders tracking it. The hyperscaler revenue model depends on frictionless provisioning. The same frictionless provisioning that lets threat actors spin up disposable infrastructure in minutes. They build security products. Detection layers bolted onto the platform that’s at best insecure by design and at worst actively malicious. They don’t build architectural constraints that restrict adversary operations because those constraints would restrict legitimate customers and slow growth.

The standards that don’t exist. STIX/TAXII solved the transport problem for IOC exchange. No equivalent standard exists for behavioral pattern exchange. You can share a hash in a structured format that any tool can ingest. You cannot share “this is what abnormal lateral movement looks like in a hybrid Azure AD environment with legacy on-prem domain controllers” in a machine-readable format that another organization can operationalize. MITRE ATT&CK provides taxonomy, the language for describing techniques, but not operational detection logic. The Sigma rule project comes closest with shareable detection rules mapped to techniques. Adoption remains fragmented. Coverage stays incomplete. Without a transport standard for behavioral intelligence, the replacement economy can’t form. There is no clearing house because there is no common denomination.

Specialization created revenue for each kill chain provider, the ecosystem’s modularity allowed each participant to optimize independently without coordinating with the others, and the entire apparatus scaled because every incentive pointed in the same direction at the same time. Defense hasn’t industrialized because the incentives oppose it. The defenders who build infrastructure profit from keeping it proprietary. The platforms that could enforce architectural constraints profit from permissiveness. And the standards that would enable exchange don’t exist.

The government, which historically forced coordination through mandates (EO 14028 required SBOMs for federal software), can mandate formats. It cannot mandate baselines. You can require organizations to produce a Software Bill of Materials. You cannot require them to maintain a decade of behavioral telemetry and share deviation patterns with their competitors.

The defense industrialization gap persists by design. The two-tier security landscape, where organizations with resources build contextual pipelines while everyone else consumes degrading IOC feeds, has the structure of a permanent equilibrium.

My Prediction

Three things could break the deadlock.

A catastrophic event that forces open behavioral intelligence sharing, the cyber equivalent of September 11th restructuring the entire U.S. intelligence community under a Director of National Intelligence (unlikely to occur anytime). A regulatory mandate with real teeth on behavioral telemetry exchange, moving beyond format requirements to capability requirements (unlikely to occur anytime soon). Or a market entrant that cracks the economics of defensive infrastructure as a platform without destroying the data moat that makes it valuable (the only feasible option). The AWS of cyber defense.

I don’t know which one arrives first. I suspect the catastrophic event and the regulation pathways just never materialize to the degree needed to drive real change. What I do know is that the current trajectory hardens the two-tier landscape quarter by quarter. The IOC-sharing economy degrades. The gap between resourced defenders and everyone else widens. And the organizations consuming stale indicator feeds today will look up in eighteen months wondering why their detection rates collapsed while their threat feed subscription costs grew another 6%.

The question for every organization reading this: Are you building the contextual pipeline, the three-tier model that gives IOCs a meaningful role inside a richer intelligence organism? Or are you waiting for someone else to build it for you?

Because Mango is still running to where the ball was. And the ball keeps picking up speed.

Spaceballs the Datacenter!

Fri, 06 Feb 2026 00:00:00 GMT

I love Spaceballs. Growing up, it was my favorite Mel Brooks flick. Watched it every birthday. To this day, I can quote the entire movie. That’s not an exaggeration. Ask my wife.

It’s the absurdity of it. The delight of Mel Brooks’ clean, self-deprecating, sophomoric satire. No one is spared ridicule. It punches up (unlike so many “comics” and famous people these days who like to punch down). By the way, if you want a real treat, read Brooks’ autobiography, All About Me!

This xAI–SpaceX datacenters-in-space merger, and the subsequent breathless reporting by everyone from the Wall Street Journal to your favorite neighborhood newsletter, reminds me of a Spaceballs bit. Actually the entire plot of the movie… the Spaceballs are going to suck the atmosphere from Druidia with Mega Maid™, a gargantuan space-based vacuum cleaner shaped like a maid (and vaguely reminiscent of the Statue of Liberty for the final homage to Planet of the Apes). Musk’s claim makes less sense than this plot.

And I’m going to show you. With MATHS.

I love math and physics. You can’t beat it. Literally. There’s no way around the gravitational constant, the speed of light, Boltzmann’s constant. If someone can prove, mathematically, that what you’re trying to accomplish is bubkis, well, you’re screwed.

Hold tight. It’s about to get mathy in here.

Part 1. Making an Ass out of You and Me.

We need to make some assumptions. We don’t have to, but then no one would read this. To make this more approachable, and, more importantly, to avoid pissing off my wife by spending every night for a week on this project, here are the assumptions I will use:

First, we’re gonna use NVIDIA’s leading B200 GPU. As of this writing, the B200 is the most advanced GPU on the market designed for frontier AI and multi-trillion parameter models. If you’re building an AI datacenter, this is what you’re gonna use. Also, for the purposes of our calculations, the energy needed to run the B200 is surprisingly reasonable given its processing power. This helps Musk’s case by decreasing how much heat we need to dissipate (it won’t matter in the end).

Second, I assume that all GPU power becomes waste heat. This is silly. But not that silly. In reality, a small fraction does useful work, but for thermal sizing this is appropriate. GPUs are incredibly good at processing bits. But there’s one thing they’re even better at: making stuff hot.

Third, I assume the GPUs run at 100% continuously. Real workloads vary. Training runs hot. Inference can be lower. This is worst-case for thermal but optimistic for utilization economics. Why? Because when you’re engineering a system, this is what you do. You prepare for 100% load and then make risk decisions from that point. You don’t build a bridge assuming it’ll never see a windy day. Well, you do if you’re the Tacoma Narrows Bridge engineers. But that’s not me.

Fourth, we’re gonna start with only one GPU per satellite. This is a ridiculous assumption. But again, to make this more approachable, it’s necessary. Don’t fret! Once I build the model for a single GPU, I’ll make things more complicated and build a model for multi-GPU satellites. Things get messy and nonlinear at that point so I just barely scratch the surface of a multi-GPU satellite. Again, it doesn’t matter in the end.

Fifth, I assume terrestrial GPU hardware works in space (it doesn’t). I don’t add mass for radiation hardening, which could be substantial (2-10× for critical components) or require design changes. This would all increase thermal density and other subsystem power requirements. So this is another conservative assumption in Musk’s favor. You’ll notice throughout that I give a lot of participation trophies to Mr. Musky. What can I say, I’m a generous guy when pulling down your pants to show your ass to the class.

Sixth, I’ll do my best to cite sources for hard numbers. Where I’ve estimated, I make the most conservative estimate that is reasonable. See, though I’m making a satire out of Musk, I’m really handicapping this in his favor. I think that’s pretty generous. Please don’t hurt me.

There will be more assumptions listed in line with my analysis. For transparency, I try to explain them and why I made the choice I did. They distract a bit from the analysis, but it’s also an opportunity for me to be snarky.

Setup complete. Let’s get to part one, building a reference architecture for our Spaceballs Datacenter satellite (“BallSat” for short).

Part 2. Comb the Desert!

The constraining factors with satellites have a nice little acronym, SWaP (Size, Weight, and Power). All of those factors affect a fourth constraint, Heat. We will calculate all four to figure out what to expect with our BallSat. We’re gonna build a table that looks like this:

	BallSat Subsystem 1	BallSat Subsystem 2	BallSat Subsystem N
Size
Weight
Power
Heat

Each BallSat consists of six subsystems: the GPU computing subsystem (Mr. Computer), thermal control subsystem (Mr. Radiator), electrical power subsystem (Mr. Solar), attitude determination and control subsystem (Mr. Engine), communication subsystem (Mr. Talkie), and the caffeine transport subsystem (Mr. Coffee). This is an oversimplified model of a spacecraft. Here’s NASA’s description of all spacecraft subsystems. But we have the big stuff, which is sufficient for an estimation. We will calculate SWaP and Heat for each subsystem.

We’re launching all this up there, aren’t we? That costs money and is directly related to weight. Unfortunately, Daddy didn’t buy us a brand new, white Mercedes, 2001 SEL Limited Edition. Moon roof, all leather interior. At a very good price.

No, but we do have the Falcon Heavy and, someday, the Starship. According to CSIS, it costs $1,500 per kilogram to launch on the Falcon Heavy. That’s a very good price. With Starship, that could get down to $500. But let’s stick with the verified number and bump it down to $1,000/kg to be nice to Mr. Musky. We’ll invoice his Nazi Pedo Porn Bar called X to cover the difference.

Part 3. I’m Having Trouble with the Radar, Sir.

Now we’re gonna figure out the thermal output of an NVIDIA B200 GPU. This is the easy part. Remember assumption two?

According to the B200 spec sheet, it draws 1,000 watts. Hell yes. I love round numbers.

Okay, okay, fine. That’s not totally right. There’s actually a more advanced fullspec B200 that draws 1,200 watts. But layoff, alright? I like 1,000. We’re sticking with 1,000. Mr. Musky needs all the help he can get.

Ooo this is a fun aside. What character from Spaceballs would Musk be? Definitely not Dark Helmet. He doesn’t have the charisma (or the stature). Write-in your thoughts.

1,000 watts of power equals 1,000 watts of heat. We need a thermal system that can handle 1kW.

CHECKPOINT autosaved. Would you perhaps like to collect this healthpack and extra ammo before proceeding? Yeaaaa, you should probably grab those grenades too…

Part 4. Who Made this Man a Gunner?

Allow me to introduce you to my good friends, Messrs. Stefan and Boltzmann. They came up with this:

q = ε × σ × A × (T_hot⁴ – T_sink⁴)

Where:
q = heat rejected (W)
ε = emissivity (dimensionless, 0-1)
σ = Stefan-Boltzmann constant
A = radiator area (m²)
T_hot = radiator surface temperature (K)
T_sink = effective sink temperature (K)

What does it do? I don’t know. Poke it with a stick or something.

Plug and Chug

This is where most people’s brains start melting. Unlike the GPU. The GPU’s fine. The GPU doesn’t care about your feelings.

We know q (that’s 1kW). The constant σ is 5.67E-08 W/(m²·K⁴). For radiator emissivity (ε) we’ll use a generous midpoint of NASA’s values from their thermal control manual, which is 0.75. Target radiator surface temperature (T_hot) is 323 K. Why? Because 50°C AKA 323 K AKA 122°F is a realistic radiator temperature for liquid-cooled datacenter GPUs. Real systems run coolant at 40-50°C inlet and 50-60°C outlet. The GPU junction can hit 87°C before throttling, so there’s plenty of thermal headroom. This is generous to Musky (lower temps = safer for the GPU = bigger radiators). We’re gonna be verrrrry generous to Musky during this exercise.

Effective sink temperature (T_sink) requires some explanation. I’m going to use 230 K, which is generous for LEO and makes some sense because it accounts for realistic operational constraints like non-ideal pointing, earth view factor during orbit, etc. Here are a bunch of reference numbers I found in my research:

Radiator Orientation	Effective T_sink	Rationale	Confidence
Space-facing (zenith)	~3-4 K (deep space)	No Earth view, minimal solar	High
Earth-facing (nadir)	~150-250 K	Earth IR dominates	Medium
Average/tumbling	~200-230 K	Mixed view factors	Medium

Solve for Area.

1000 W = 0.75 × 5.67×10-8 × A × (323⁴ – 230⁴)

A = 2.91 m²

So every GPU requires 2.91 square meters of radiator just for the GPU itself. For those of you who think in freedom units, that’s a square about 5.6 feet per side, roughly the size of a beer pong table. Your GPU needs a regulation beer pong table’s worth of radiator. In space. Just to not explode and melt your face. Red solo cups not included.

More importantly, that’s PRECISELY 1 square smoot. Did not plan this. Math truly IS the language of God.

What about weight?

I estimate a B200 GPU module to weigh 3.2 kg. It doesn’t really matter that much, so I’m not gonna show the work. It’s not published anywhere that I could find, but I did look at comps.

What about the radiator? NASA’s thermal control panels for a lunar habitat weigh 14 kg/m2 and the deployable version for satellites weighs 12 kg/m2. But this is Elon we’re talking about. Surely SpaceXai can do better. How about 10 kg/m2? Bet.

But that’s not the entire Mr. Radiator, now is it? We need pipes, heat transfer materials, cold plates and interfaces. We’re gonna use a pumped loop system because apparently heat pipes don’t scale past a few kilowatts per unit, and someday BallSat is gonna grow up to dozens of kilowatts per unit (just you wait). So I’ll use numbers from this Space Radiator for Single-Phase Mechanically Pumped Fluid Loop. Lot of big fancy words in that. Seems legit.

The thermal transport system runs about 30 kg/kW. We also need the coldplates and interfaces, which are about 1.5 kg per GPU. Total weight of TCS is 30 kg/kW + 10 kg/m² × A + 1.5 kg × number_GPUs

For a single 1 kW GPU with 2.91 m² radiator: 30 + 29.1 + 1.5 = 60.6 kg.

	Mr. Computer	Mr. Radiator
Size	Assume 0	2.91 m²/kW (GPU heat only)
Weight	3 kg/GPU	~60 kg/kW (GPU heat only)
Power	1 kW	Assume 0
Heat	1 kW	Assume 0

Now we’re getting somewhere.

Hmmm… to produce 1,000 watts of heat, we need to use 1,000 watts of power, which means we need to produce 1,000 watts of electricity. This is starting to feel circular…

We can’t create electricity from nothing (pesky thermodynamics). That means solar power. So let’s look at Mr. Solar next.

Part 5. Yogurt? I Hate Yogurt! Even with Strawberries.

Mr. Solar consists of solar panels, inverters, batteries, and wiring. That’s a lotta hooch.

But before we dive in, we need to talk about something I glossed over in the last section. Remember how I said Mr. Radiator needs to dissipate 1 kW of heat? Yeah, I lied. Well, not lied exactly. More like… I was being too nice to Musky.

See, Mr. Radiator doesn’t just magically move heat around. He needs pumps. Those pumps need electricity. That electricity becomes heat. And Mr. Solar? He’s got power conditioning equipment, DC-DC converters, regulators, all that jazz. They’re about 95% efficient. Where does that other 5% go? Heat. The batteries charging and discharging during eclipse? About 5% round-trip losses. Heat. ADCS (that’s Mr. Engine, we’ll meet him later)? He needs power to spin his little gyroscopes. Heat.

Forget turtles. It’s heat all the way down.

For every 1 kW of GPU heat, you’re actually generating about 1.26 kW of total heat when you account for all the subsystems. That’s a 26% overhead. Which means our radiator calculation from Part 4? Too small. By 26%.

But you know what? I’m gonna ignore this for now. Why? Because I already gave Musky the benefit of the doubt on like twelve other things, and frankly, 26% isn’t going to save him. The math is about to get ugly. Like Princess Vespa’s old nose ugly.

The Sun: Nature’s Space Heater

Fun fact: the Sun blasts Earth with about 1,361 watts per square meter. This is called the solar constant, and unlike Musk’s promises, it actually is constant. Well, technically it varies between 1,317-1,414 W/m² depending on where Earth is in its orbit, but NASA says 1,361 W/m², so that’s what we’re using.

“Great!” you might think. “I need 1 kW, the Sun provides 1,361 W/m², so I need less than a square meter of solar panel!”

Oh, sweet summer child. Buckle up.

Efficiency: The Universe’s Way of Saying “LOL No”

Solar panels don’t capture all that sunlight. Not even close. Here’s what happens to those beautiful photons. Solar cells can get about 30%. Packing limitations capture 87% of that. Pointing problems (hey, no judgment here) gives you 90% of that. Wiring, which adds resistance, means you see about 95% of that.

Multiply it together and weep: 22%. The Sun gives us 1,361 W/m². We get 303. The universe hates efficiency almost as much as Musk hates unions.

To generate 1 kW, we need: 1,000 W ÷ 303 W/m² = 3.3 m² of solar array.

“That’s not so bad!” you say. “About the same as the radiator!” Oh, we’re not done.

Total Eclipse of Your Heart (not Elon’s, don’t think he has one of those)

Here’s the thing about Low Earth Orbit: you’re going around the Earth every 90-ish minutes. And about 35 of those minutes? You’re in Earth’s shadow. No Sun. No power. Just you, your GPUs, your VHS of Spaceballs from 1992, and the cold void of space where no one can hear you scream about how Spaceballs is the perfect movie.

Well, not cold exactly. Your GPUs are still pumping out heat. They don’t care about your eclipse. They’re needy like that. Mr. Solar would like to file a complaint with HR about the eclipse situation.

So you need batteries. And batteries are heavy. Let’s do the math:

Orbital period: ~92 minutes (at 400km altitude, ISS territory)

Eclipse duration: ~35 minutes

Sunlight: ~57 minutes (62% of orbit)

During those 57 minutes of sunlight, you need to:

Power your GPU (1 kW)
Charge batteries for the 35-minute eclipse

That means your solar arrays need to produce: 1 kW × (92 min ÷ 57 min) = 1.61 kW

New solar array area: 1,610 W ÷ 303 W/m² = 5.3 m²

We went from 3.3 m² to 5.3 m² just because the Earth occasionally gets in the way. Thanks, Earth. What have you done for me lately?

Batteries: The Heavy Part

How much battery do we need for 35 minutes of 1 kW operation? Energy required: 1 kW × (35/60) hr = 0.583 kWh

But wait. You can’t drain a battery to zero. Well, you can, but then it dies. According to NASA’s Power Systems State of the Art, if you want them to last more than a few thousand cycles, space-qualified batteries should only be discharged to about 70% depth-of-discharge, or DoD. But let’s rename it to depth-of-wischarge and call it DoW. Nah, nevermind. That looks DUMB, Pete.

In LEO, you’re doing ~5,500 eclipse cycles per year. Batteries are not cheap to replace when you’re 400 km up. Battery capacity needed: 0.583 kWh ÷ 0.70 = 0.83 kWh

What about weight? Space-qualified Li-ion batteries run about 150-200 Wh/kg at the system level (less than your Tesla because they’re actually rated for thermal cycling). Let’s say 175 Wh/kg.

Battery mass: 833 Wh ÷ 175 Wh/kg = 4.8 kg

Solar Array Mass: Also The Heavy Part

According to NASA, modern deployable solar arrays like the ISS iROSA run about 3 kg/m² including deployment mechanisms. Solar array mass: 5.3 m² × 3 kg/m² = 15.9 kg

Adding it up:

Solar array mass: 15.9 kg
Battery mass: 4.8 kg
Total Mr. Solar: 20.7 kg

Let’s call it 21 kg.

	Mr. Computer	Mr. Radiator	Mr. Solar
Size	Assume 0	2.91 m²	5.3 m²
Weight	3 kg	60 kg	21 kg
Power	1 kW	Assume 0	1.6 kW peak
Heat	1 kW	Assume 0	Assume 0

So far, one GPU requires: 3 + 60 + 21 = 84 kg of satellite mass and 8.2 m² of deployed area (radiator + solar). We still have ADCS and structure to go.

At $1,000/kg to launch, that’s already $84,000 just for thermal and power, before we add ADCS, structure, and the GPU itself! The B200 costs about $30,000-40,000. The supporting infrastructure costs more than three times the hardware.

We still have Mr. Engine and Mr. Talkie to go. And Mr. Coffee, of course! I always have coffee when I do math, YOU KNOW THAT! EVERYBODY KNOW’S THAT!

Now that I have my coffee, I’m ready to do Mr. Engine. This is going great.

Part 6. They’ve Gone to Plaid!

Mr. Engine is the attitude determination and control subsystem, or ADCS. His job is to point things where they need to be pointed. In the biz, we refer to the ADCS as the cialis of the BallSat.

Nah I just made that up. I have no idea how they refer to the ADCS. I’m a cyber nerd who just happens to like space stuff. Space stuff 2015, amiright?

“Wait,” you say. “It’s space. There’s no friction. Once you point something, it stays pointed. Why do I need a whole subsystem for this?” Oh, you sweet, naive, ground-dwelling creature. Oh you inconsequential mud waddling worm. You absolute dunce. You orangutan. Allow me to introduce you to the concept of disturbance torques.

Why Space Hates You

Your satellite so far has ~8 m² of deployed area (radiators + solar panels). That’s a lot of surface area for the universe to mess with. Here’s what’s constantly trying to spin your satellite like a rotisserie chicken:

Solar radiation pressure: Photons have momentum. When they hit your solar panels, they push. Unevenly. Because nothing in space is ever symmetric.

Gravity gradient: Earth’s gravity is slightly stronger on the side of your satellite closer to Earth. This creates a torque trying to point your longest axis toward the ground. Helpful if that’s what you want. Annoying if it isn’t.

Atmospheric drag: “But there’s no atmosphere in space!” There’s almost no atmosphere. At 400 km, there’s still enough wispy gas to create drag. And if your center of pressure isn’t perfectly aligned with your center of mass (it isn’t), you get torque.

Magnetic field interaction: Any residual magnetism in your satellite interacts with Earth’s magnetic field. More torque.

All of these are small. But small torques integrated over time become big angular velocities. And then your solar panels are pointing at the Moon, your radiators are face-first into the Sun, and your GPU is having a very bad, very hot, melty sorta day.

Reaction Wheels: Spinning to Stay Still

The most common solution is reaction wheels. These are flywheels that spin inside your satellite. Speed one up, and conservation of angular momentum makes your satellite rotate the opposite way. It’s like spinning on an office chair while holding a bicycle wheel. Where’d you get the bicycle wheel? And more importantly, where the hell is the shrimp alfredo that I left in the breakroom, JANET?!

For a small satellite with ~8 m² of deployed area, you need a modest reaction wheel system. Looking at Blue Canyon Technologies and similar vendors, a basic 3-axis reaction wheel assembly runs about:

Mass: 5-10 kg
Power: 10-30 W (continuous, more during maneuvers)

But here’s the problem: reaction wheels can only store so much angular momentum before they saturate. ‘Saturate’ is engineer-speak for ‘I’ve given her all she’s got, Captain!’ except nobody’s coming to rescue you.

Momentum Dumping: The Space Toilet

You’ve got two options:

Magnetic torquers – the fiber of the spaceflight diet: Electromagnets that push against Earth’s magnetic field. Cheap, lightweight (1-2 kg), no consumables. But they’re weak and only work well in LEO. Let’s be generous and say this works for our little satellite.

Thrusters – space-MiraLAX: Squirt some propellant, create torque. Works great, but now you need propellant tanks, plumbing, and you eventually run out. We’ll ignore this for now because I’m still being nice to Musky.

Mr. Engine Summary

For our single-GPU BallSat:

Component	Mass	Power
Reaction wheels (3-axis)	8 kg	20 W
Magnetic torquers	2 kg	5 W
Sensors (star tracker, IMU)	3 kg	10 W
Processing electronics	2 kg	5 W
Total Mr. Engine	15 kg	40 W

Now, 40 watts might not sound like much, but remember, that’s 40 watts that also becomes heat, needs to come from Mr. Solar, and creates another little bit of mass we need to launch. I’m going to ignore that for now and be generous to Musky. It’s like the government handing him a tax write-off. Standard procedure.

	Mr. Computer	Mr. Radiator	Mr. Solar	Mr. Engine
Size	Assume 0	2.91 m²	5.3 m²	Assume 0
Weight	3 kg	60 kg	21 kg	15 kg
Power	1 kW	Assume 0	1.61 kW	40 W
Heat	1 kW	Assume 0	Assume 0	Assume 0

Running total: 3 + 60 + 21 + 15 = 99 kg per GPU with a surface area of 8.1 m2

We’re closing in on the $100,000 launch cost threshold per GPU. And we haven’t even added communications or structure yet.

The Scaling Problem AKA CHEKHOV’S GUN OF THIS ENTIRE HOOTENANNY. DO YOU SEE IT? THE GUN? IT’S SITTING RIGHT THERE. ON THE TABLE.

Here’s the thing about Mr. Engine: it scales badly with size.

Double your deployed area, and you roughly double your disturbance torques. But moment of inertia scales with mass times distance squared. So when you go from a cute little ~8 m² satellite to a monstrous multi-GPU beast with hundreds of square meters of deployed panels… Your reaction wheels can’t keep up.

You need control moment gyroscopes, the beefy cousins of reaction wheels. The ISS uses CMGs. They weigh about 128 kg each. And you need at least four of them.

But that’s a problem for future us. Right now, we’ve got one GPU, 99 kg of BallSat, and Mr. Talkie still waiting in the wings.

Part 7. When Will Then Be Now?

Mr. Talkie is the communications subsystem. His job is deceptively simple: get data to the GPU, and get results back down.

“Simple!” you say. “We’ve had radios for over a century! Marconi figured this out in 1901!”

Marconi was not trying to send gradients from a trillion-parameter neural network through 400 kilometers of vacuum while traveling at 7.66 kilometers per second. Marconi had it easy. Marconi didn’t have to deal with link budgets or the FCC.

The Contact Time Problem

Fun fact about LEO satellites: they’re never in one place for long. At 400 km altitude, you’re zipping around Earth every 92 minutes. A ground station can only see you for about 8-12 minutes per pass, and you might only get 4-6 good passes per day over any given station.

That’s maybe 30-50 minutes of contact time per day. Per ground station.

“So build more ground stations!” Sure. You know who has a lot of ground stations? SpaceX, actually. Starlink has a decent ground network. Let’s be generous and say you can achieve 4 hours of ground contact per day through a network of stations. That’s still only 17% of the time you’re actually connected to Earth.

The other 83% of the time? Your GPU is up there. Alone. Doing math. Unable to tell anyone about it. Now that I think about it, sounds like me…

This is suboptimal. This is, in fact, the opposite of optimal.

The Bandwidth Problem

Let’s talk about how much data a GPU actually needs.

For training large models, GPUs don’t work alone. They work in clusters, constantly sharing gradients, activations, and weights with each other. According to NVIDIA’s own documentation, a single B200 can require 400-3,200 Gbps of interconnect bandwidth between GPU clusters when doing serious distributed training.

I could make this worse on Musk because GPU-to-GPU communications inside a cluster actually needs up to 14,400 Gbps, and our BallSat is only one GPU, but let’s stick with the generous numbers. Let me write that again for the people in the back: up to 3,200 gigabits per second.

You know what the most exquisite commercially available communication satellite can do? Well that would be ViaSat-3 and its entire capacity is about 1,000 Gbps. On a good day (it hasn’t had many of those). With terminals that cost as much as a luxury home in Malibu.

The entire satellite cost $700 million. And that’s only enough bandwidth for approximately half of one B200’s communication needs. ViaSat-3 is also 6,400 kg, has a wingspan larger than a 737 jetliner, and is located 22,236 miles away in Geosynchronous orbit. A more reasonable facsimile is a Starlink satellite in LEO, which can do about 25 Gbps.

So we’re only short by a factor of… **checks notes** …128x. Cool cool cool cool cool.

“But wait!” you say. “Maybe each satellite can do inference instead of training! Inference needs less bandwidth!”

Sure. Inference needs less bandwidth. You could probably get away with 1-10 Gbps for inference workloads. That’s actually achievable with modern satellite comms. You know what else inference needs? Customers. Who send you requests. And expect responses. In real-time. While your satellite is on the other side of the planet from them. The bandwidth thing is a giant red herring. The real problem is latency. Latency kills user experience faster than Barf kills a box of Milk Bones.

We’ll come back to the latency problem in a second. First, let’s figure out what Mr. Talkie actually weighs.

Communications Hardware

For our single-GPU satellite, we don’t need 3,200 Gbps. We just need enough bandwidth to:

Receive commands and software updates (kilobits per second)
Send telemetry and health data (kilobits per second)
Maybe, maybe, do some useful data transfer (let’s say 100 Mbps to be nice)

For this, a basic Ka-band or X-band system will do. Looking at commercial small satellite communication systems:

Component	Mass	Power
Transceiver (Ka-band)	3 kg	30 W
Antenna (steerable patch/horn)	2 kg	5 W
Waveguide, cables, brackets	1 kg	-
Total Mr. Talkie	6 kg	35 W

That’s pretty light, actually! Communications hardware has gotten remarkably compact. Thank you, smartphone industry.

	Mr. Computer	Mr. Radiator	Mr. Solar	Mr. Engine	Mr. Talkie
Size	Assume 0	2.91 m²	5.3 m²	Assume 0	Assume 0
Weight	3 kg	60 kg	21 kg	15 kg	6 kg
Power	1 kW	Assume 0	1.61 kW	40 W	35 W
Heat	1 kW	Assume 0	Assume 0	Assume 0	Assume 0

Running total: 3 + 60 + 21 + 15 + 6 = 105 kg per GPU.

At $1,000/kg, that’s $105,000 to launch a one-GPU BallSat. Plus the GPU itself ($35,000). Plus ground infrastructure. Plus operations. Plus insurance. Plus… you get the idea.

The Latency Problem

I promised we’d come back to this.

Even when your satellite is in contact with a ground station, there’s latency. At 400 km altitude, the round-trip time for a signal is about 2.7 milliseconds just from the speed of light. Add in processing delays, routing through ground networks, and suddenly you’re looking at 20-50 milliseconds of latency.

“No problem!” you say. “We’ve got that latency at home!” you claim. And you’d be right, that doesn’t sound like much. It’s about the same latency as an internet packet traveling from a home outside Annapolis, MD to a datacenter in New York on a cold winter day. Yes I just checked this. Yes, I know how to check this without asking AI. As I said earlier, I’m a cyber nerd, not a space dweeb.

But for distributed GPU training, where thousands of GPUs need to synchronize gradients many times per second? It’s an eternity. Terrestrial data centers connect their GPUs with sub-microsecond latency. We’re talking a difference of 10,000x or more.

Light speed is too slow! We’re gonna have to go right to… still too slow. Until Musky figures out how to break the speed of light (he can’t, Einstein), this is INESCAPABLE.

Real story: I once did a project with a research lab in the New Mexico desert. They wanted to use a datacenter in California for production systems. They kept having latency issues that rate-limited production. They asked us to look at the problem again and again and again. Eventually, we pulled out a map and a ruler. Turns out, the latency was literally caused by the speed of light. Sorry, bub. Can’t fix that.

This is why you can’t just strap GPUs to satellites and call it a distributed training cluster. The physics of latency and bandwidth make it fundamentally incompatible with how modern AI training actually works.

But hey, maybe Musk has a plan. Maybe each satellite does its own thing independently. Maybe it’s for inference only. Maybe it’s for some application that doesn’t exist yet.

Or maybe he’s just saying random inane things to juice his stock price and generate headlines.

¯\_(ツ)_/¯

Inter-Satellite Links: The Even Harder Problem

“What if the satellites talk to each other?” you ask. “Then they don’t need ground stations!”

Congratulations, you’ve invented the mesh network. Starlink uses these. They’re called inter-satellite links, and they’re actually really cool technology that solves absolutely none of our problems.

Here’s how it works: laser-based optical terminals that can achieve 10+ Gbps between satellites. Sounds great! Let’s add them!

To participate in a mesh network, each satellite needs 4+ optical terminals for decent connectivity. Per terminal: 2-5 kg, 20-50 W. For our single-GPU satellite, that’s:

Addition	Mass	Power
4 optical terminals	+12 kg	+100 W
More solar panels	+5 kg	—
More batteries	+2 kg	—
More radiator	+3 kg	—
Total mesh tax	+22 kg	+100 W

Our ~105 kg satellite just became ~127 kg. That’s a 21% mass increase to gain the ability to… **checks notes** …still have latency problems.

In fact, your latency problem is now worse. Congrats, you have died of latency…

See, here’s the thing. You’re not eliminating the speed-of-light problem. You’re adding hops. Each satellite-to-satellite link adds processing delay. Route through five satellites to reach your destination? That’s five times the fun! Your 20 ms latency just became 50 ms. Your distributed training cluster just became a distributed waiting cluster.

But wait (just like your satellites), it gets better! To make a mesh network that can actually route traffic, you need hundreds of satellites. Thousands, ideally. Each one is now 21% heavier. Your constellation mass budget just exploded.

And you STILL can’t do distributed training because you STILL don’t have 3,200 Gbps of bandwidth. You have 10 Gbps. Per link. Shared across the mesh. You’ve now built a very expensive, very laggy, very heavy network that can maybe, maybe, do inference for customers who don’t mind waiting.

This is like solving a house fire by adding more houses. On fire.

We’re not adding mesh networking to our model. Not because it doesn’t work. It does work, beautifully, for Starlink’s actual use case of internet connectivity. But for GPU training? It’s like putting racing stripes on a refrigerator. Looks cool. Doesn’t help. Although, honey, if you’ve actually made it this far, I swear it will look cool. Please let me put racing stripes on our refrigerator…

Mr. Talkie Summary

For basic Earth communication: 6 kg, 35 W

The mass isn’t the problem. The problem is the theory of special relativity. The speed of light isn’t fast enough. The available bandwidth isn’t wide enough. And the contact time isn’t long enough.

Mr. Talkie isn’t heavy. He’s just… not very useful for what Musk wants to do. Oh well.

Let’s move on to structure. Mr. Frame has been waiting patiently, and he’s the only one in this satellite who isn’t actively making things worse.

Part 8. Funny, She Doesn’t Look Druish.

We’ve been ignoring something important. All these subsystems (Mr. Computer, Mr. Radiator, Mr. Solar, Mr. Engine, Mr. Talkie) need something to hold them together. They can’t just float in space in a loose confederation of components, hoping for the best. That’s not a satellite. That’s a debris field with dreams.

Enter Mr. Frame, the yet-unnamed structural subsystem.

Mr. Frame keeps everything from becoming a very expensive game of 52-microchip pickup. In space. Where you can’t pick anything up.

Structural Mass Fraction

Here’s a handy rule of thumb from spacecraft engineering: structure is typically 15-25% of your satellite’s dry mass.

Why such a range? It depends on how elegant your design is. A beautifully optimized satellite with heritage components and an experienced team might hit 15%. A first-of-its-kind design with lots of deployables and thermal complexity? Closer to 25%.

What do we have? A first-of-its-kind design with lots of deployables (~8 m² of panels!) and thermal complexity (pumped fluid loops! cold plates!).

Let’s use 20%. That’s being nice to Musky. Generous, even. At this point I’m basically handing him the keys to the datacenter and a participation trophy. Just like the US Government handed him tax write-offs for all his companies. But let’s keep using the generous numbers for a bit longer. Because it doesn’t matter. Even with all my handouts to Musky, the math still doesn’t work.

The Math Doesn’t Math

Our component masses so far:

Subsystem	Mass
Mr. Computer	3 kg
Mr. Radiator	60 kg
Mr. Solar + Batteries	21 kg
Mr. Engine	15 kg
Mr. Talkie	6 kg
Component Total	105 kg

Structural mass at 20%: 105 kg × 0.20 = 20 kg

Final Tally: One GPU, One BallSat, A Whole Lot of Ass’ing

	Mr. Computer	Mr. Radiator	Mr. Solar	Mr. Engine	Mr. Talkie	Mr. Frame
Size	Assume 0	2.91 m²	5.3 m²	Assume 0	Assume 0	Assume 0
Weight	3 kg	60 kg	21 kg	15 kg	6 kg	20 kg
Power	1 kW	Assume 0	1.61 kW	40 W	35 W	Assume 0
Heat	1 kW	Assume 0	Assume 0	Assume 0	Assume 0	Assume 0

Total BallSat mass is 125 kg and total deployed area is 8.1 m². This is a big satellite for a single GPU. About the size of a minivan and the weight of 125,000 jelly beans.

The Cost of One BallSat

Item	Cost
Launch (125 kg × $1,000/kg)	$125,000
GPU (B200)	$35,000
Satellite components (bargain bin)	$75,000
Total per BallSat	$235,000

And that’s being extremely generous on the hardware costs. Real satellite costs are often 10x higher. But sure, let’s pretend SpaceX has magical cost reduction fairies. It’s fine. I’m fine.

$235,000 per GPU.

For comparison, you can rent a B200 in a terrestrial datacenter for about $5 per hour. At $235,000, you could rent that GPU for 47,000 hours. That’s 5.4 years of continuous operation.

And your terrestrial GPU has:

Sub-microsecond latency to other GPUs
3,200 Gbps cluster-to-cluster bandwidth
14,400 Gbps GPU-to-GPU bandwidth
100% uptime (no eclipses)
Easy maintenance and upgrades
Air conditioning that actually works

Your space GPU has:

None of that
A nice view

But Wait, There’s More!

We haven’t even talked about:

Propulsion for orbit maintenance (LEO satellites need periodic boosts to avoid reentry). Redundancy (satellites fail; do you have backups?). Ground operations (someone needs to monitor and command these things 24/7). Insurance (space is risky; insurers know this and charge you for it). Regulatory costs (spectrum licenses, orbital debris mitigation plans, etc.). End-of-life disposal (you can’t just leave dead satellites up there forever… well, you can, but people get mad).

Each adds cost. Some add mass. All add sadness.

What I Swept Under the Rug

Confession time.

Remember all those “Assume 0” entries in my tables? All those times I said “we’re ignoring this” or “Musky gets another freebie”? Yeah, those add up. I’ve been running a simpler model to keep things readable, but I also built a more complex model that accounts for all the thermodynamic sins I’ve been committing.

The results are… not great for Musky.

See, every subsystem needs power. Power becomes heat. Heat needs radiators. Radiators need structure. Structure adds mass. Mass adds engine needs. Engines need power. Power needs more solar panels. Solar panels need batteries for eclipse. Batteries add mass. Mass needs more structure. Structure needs more—

You get the idea. It really IS turtles all the way down, except the turtles are on fire and each turtle makes the next turtle heavier.

Here’s what I glossed over:

Sin #1: I ignored the subsystem power draw. Mr. Engine doesn’t run on hopes and dreams. Those reaction wheels need 40W continuously. Comms needs 35W. The thermal pumps that move heat to the radiators? 3% of whatever heat you’re moving. Power conditioning losses? 5% of everything. Battery round-trip efficiency during eclipse? Another 5% loss. All that power has to come from somewhere. Suddenly your “1 kW GPU” satellite actually needs 1.6 kW continuous. And it all becomes heat.

Sin #2: I ignored the cascade effect. For every 1 kW of GPU heat, you’re actually generating about 1.26 kW of total heat. That’s a 26% overhead. Which means my radiator calculation? Too small. My solar panels? Too small. My batteries? Too small. Bigger batteries mean more solar to charge them. More solar means more area. More area means bigger Mr. Engine. Bigger Mr. Engine means—screaming internally.

Sin #3: I ignored avionics. Flight computers, data handling, housekeeping. Real satellites need bus systems that weigh 50-100 kg. I pretended they don’t exist.

Sin #4: I assumed ADCS doesn’t scale with area. For our tiny 8 m² satellite, 15 kg of reaction wheels is fine. But what happens when we add more GPUs and the deployed area grows to hundreds of square meters? Spoiler: bad things happen.

Sin #5: I neglected that designing, building, testing, integrating, launching, and operating this thing costs real money, and that SpaceXai doesn’t have a magic money wand. In reality, building satellites is expensive. BallSat is no exception. I’ve built a more accurate cost model that I will use from here on out. It’s going to make this whole exercise look like Spaceballs 2: A Search for More Money.

If I account for all this properly, our 125 kg satellite becomes 287 kg. Our 8 m² becomes 13 m². Our $235,000 cost becomes $4,700,000!

230% more massive, 162% more surface area, 2000% more expensive. This is a big satellite. 13 m² is about the size of a studio apartment in Tribeca. 287 kg? That’s 290,000 jelly beans. And remember, still only one GPU.

So why did I use the simple model for the walkthrough?

Three reasons:

Pedagogy. The simple model is easier to follow. You can actually trace the logic without your eyes glazing over. The complex model has formulas referencing other formulas referencing other formulas. It’s accurate, but it reads like a tax return.
Conservative bias. The simple model is generous to Musk. Everything I ignored made the numbers worse. If the simple model shows the concept is bonkers, the complex model shows it’s even more bonkers.
It doesn’t change the conclusion. Whether a single-GPU satellite costs $235K or $10M, it’s still absurd compared to $2/hour for terrestrial GPUs. Whether it masses 100 kg or 500 kg, it’s still launching kilograms of space junk for a single GPU. The story is the same. The vibes are the same. The math is just angrier.

But here’s what the complex model does reveal that matters for Part 9:

The fixed overhead.

Think about Mr. Engine and Mr. Talkie. They’re fixed costs. You need them whether you have 1 GPU or 100 GPUs. For a single-GPU satellite, those 21 kg of fixed subsystems represent 21% of your component mass. That’s overhead that gets amortized if you add more GPUs.

“Aha!” you say. “So adding more GPUs makes things more efficient! This is where Musk wins! Synergy! Vertical integration! Friendshoring! Y Combinator!”

Oh no. Oh no no no.

Adding more GPUs does amortize the fixed costs. But it also does something else. Something worse. Something I’ve been foreshadowing since Part 6.

Remember Chekhov’s Gun? The one sitting on the table? Yes that one, right there in front of you. Or that other one, right behind you on the floor. This is America. This room is lousy with guns. Please pick up the gun labeled “Mr. Engine scales badly with deployed area.”

It’s time to pull the trigger.

Part 9. Even in the Future Nothing Works

Who the hell makes a datacenter with a single GPU? I do, that’s who. But let’s also fix that real quick.

Alrighty. One GPU, one BallSat. With my generous assumptions: 125 kg. $235,000. 8 m² of deployed area. Marginal utility at best.

“But surely,” you say, channeling your inner MBA, “economies of scale will save us! What if we put MORE GPUs on each satellite? Amortize those fixed costs! Core competency! Invest in the intangibles. McKinsey has been recommending this for decades!”

You’ve been waiting for this. I’ve been foreshadowing it. The gun is loaded and cocked. Let’s see what happens when we add more GPUs.

The Promise of Scale

Here’s the theory: Mr. Engine (ADCS) and Mr. Talkie (comms) have fixed components. You need sensors, processors, and basic comms whether you have 1 GPU or 100 GPUs. So if you add more GPUs, some of that mass gets spread across more compute. Efficiency!

But here’s the thing, to do this properly, I can’t keep sweeping things under the rug. When you scale up, those subsystem power draws and heat loads become impossible to ignore. So from here on out, I’m using the full model. I built it in Excel. HMU if you want to see it. It gives great helmet.

In the full model, one GPU actually requires 287 kg and 13 m² when you account for everything. Let’s see how that scales to 16 GPUs:

Subsystem	1 GPU	16 GPUs	Scaling
Mr. Computer	3.2 kg	51 kg	Linear (16×)
Mr. Radiator	140 kg	1,145 kg	~8× (heat overhead drops)
Mr. Solar	23 kg	364 kg	~16×
Mr. Engine	17 kg	114 kg	6.7×!
Mr. Talkie + Avionics	56 kg	56 kg	Fixed
Mr. Frame	48 kg	346 kg	20% of above
TOTAL	287 kg	2,077 kg	7.2× (not 16×!)

Wait, that’s not linear scaling! Total mass went up only 7.2× while GPUs went up 16×! That’s 130 kg per GPU instead of 287 kg. We’re saving 157 kg per GPU! Economies of scale!

Cost per GPU dropped from $4.7M/GPU (full model) to $1M/GPU. That’s a 79% reduction! MBA vindicated! Synergy achieved! Let’s keep going!

Today’s high end datacenter racks hold 64–72 GPUs. So instead of a single GPU BallSat, let’s build something with real capacity. Elon Musk level capacity! The sort of BallSat that could be CEO of eighteen different companies and still find time to scam its way into the White House. Like a 100-GPU BallSat.

Subsystem	1 GPU	100 GPUs	Scaling
Mr. Computer	3.2 kg	320 kg	Linear (100×)
Mr. Radiator	140 kg	6,774 kg	~48× (huh… losing efficiency)
Mr. Solar	23 kg	2,278 kg	~99× (wait… what’s going on?)
Mr. Engine	17 kg	1,411 kg	~83× (another one?!)
Mr. Talkie + Avionics	56 kg	56 kg	Fixed
Mr. Frame	48 kg	2,168 kg	20% of above
TOTAL	287 kg	13,006 kg	45×!

Wait a minute. Those numbers looked weird! Something happened with our business school case study on economies of scale. But before we investigate further, let’s put that into perspective, shall we?

Spacecraft	Mass	Area	What It Does
Starlink satellite	260 kg	13 m²	Provides internet to people who complain about internet
Hubble Space Telescope	11,110 kg	57 m²	Discovered that the universe is terrifying and beautiful. Terrifyingly beautiful
ISS (entire station)	420,000 kg	2,500 m²	Keeps 6 humans alive while they float, do science, and play David Bowie songs on the guitar
100-GPU BallSat	13,006 kg	911 m²	Runs slightly more GPUs than a gaming café

I see your Schwartz is as big as mine… And what do you get for that? A satellite that weighs more than the Hubble Space Telescope and has 16× its deployed area. For one rack’s worth of GPUs. That’s the sort of combination an idiot would have on his luggage.

The Hubble Space Telescope took 12 years and $16 billion to build in today’s dollars. It revolutionized our understanding of the cosmos. It’s one of humanity’s greatest scientific achievements.

Musk’s BallSat runs 100 GPUs. Poorly. With latency. During 62% of each orbit.

I will remind you again, these are still generous numbers.

Let’s try 64 GPUs. That’s a nice round number. A single rack’s worth of GPUs in a terrestrial datacenter.

Subsystem	1 GPU	64 GPUs	Scaling
Mr. Computer	3.2 kg	205 kg	Linear (64×)
Mr. Radiator	140 kg	4,362 kg	31×
Mr. Solar + Batt	23 kg	1,458 kg	63×
Mr. Engine	17 kg	1,084 kg	64×! Uh oh
Mr. Talkie & Avionics	56 kg	56 kg	Fixed
Mr. Frame	48 kg	1,433 kg	20% of above
TOTAL	287 kg	8,597 kg	30×

IT KEEPS HAPPENING! What’s going on with Mr. Engine and Mr. Solar?

I’ll tell you what. Their Mom has entered the chat. And Mama Bear is furious.

CHEKHOV’S GUN VAPORIZES YOUR ENTIRE CONSTELLATION BUDGET

Like when Lonestar vaporized all the Spaceballs

Here’s what’s happening. At 64 GPUs, your satellite has:

Radiator area: 64 GPUs × ~3.3 m²/GPU (with overhead) = 210 m²

Solar area: 64 GPUs × ~5.8 m²/GPU = 374 m²

Total deployed area: 584 m²

Five hundred and eighty four square meters. That’s a professional basketball court, plus the first few rows of spectators, floating in space, fans trying not to stroke out, BallSat trying not to spin.

And space really wants to spin it. Space also really wants your spectators to stroke out, but we can’t do anything about that right now. Solar radiation pressure scales linearly with area. More area, more photon push. Atmospheric drag scales linearly with area. More area, more wispy-gas-induced torque. Gravity gradient torque scales with the moment of inertia, which scales with mass times distance squared. When your solar panels extend 10+ meters from your center of mass, that squared term gets nasty.

Your cute little 15 kg reaction wheel assembly? It saturates. It’s like trying to balance a broom on your finger, except the broom is 500 feet long and Mega Maid™ is blowing on it.

You need Control Moment Gyroscopes. The ISS uses these. They’re reaction wheels’ beefy, angry Mama Bear. Each one weighs about 128 kg. And you need at least four for redundancy, plus all their associated subsubsystems.

The fixed cost isn’t fixed anymore.

The Scaling Table of Doom

Let’s see how this plays out across different GPU counts:

GPUs	Total Mass	Total Area	ADCS Mass	ADCS Type	kg/GPU
1	287 kg	13 m²	18 kg	Reaction wheel (RWA)	287
16	2,077 kg	149 m²	114 kg	Large RWA	130
32	4,678 kg	294 m²	794 kg	CMG cluster	146 ← CMG kicks in
64	8,597 kg	585 m²	1,084 kg	Full CMGs	134

The kg/GPU and cost/GPU actually keeps improving slightly as you add more! But look at those absolute numbers. At 64 GPUs, you’re building a 9-ton satellite with almost 600 m² of deployed area. The technical term here is “stupid big.”

The 100,000 GPU Question

Musk filed for a constellation of up to 1 million satellites. I’m going to ignore that.

Let’s be generous and assume he forgot his factors of ten. He has more money than God. He doesn’t need MATH anymore. He meant 100,000 GPUs, not 1,000,000 satellites. That’s about what you’d find in a large terrestrial AI training cluster.

How do we get there? Based on my model, the CMG threshold is about 30 GPUs, so we want to be slightly below that. Engineers hate odd numbers, unless it’s a prime, so let’s try to optimize at 29 GPUs.

Config	GPUs/Satellite	BallSats	Total Mass to LEO	Total Surface Area
Spaceballs the Datacenter	29	3,449	15 million kg	922,000 m²

About fifteen million kilograms and one million square meters. To LEO. Every individual BallSat weighs at least 4,311 kg and has a total deployed area of 267 m².

To put that into terms we can actually fathom, that’s 15 billion jelly beans. Once again proving that math is the language of God because that’s precisely how many jelly beans that Jelly Belly produces every year. What? I like jelly beans…

You don’t like jelly beans? Okay, how about blue whales. It’s a well-established fact that space dweebs love blue whales. So that’s roughly 100 fully grown adult blue whales. But can’t infinite improbability drive your way into getting those things up there. You have to use propellant like the rest of us gassy mortals.

That’s also the surface area of 738 olympic swimming pools. It’s one third the area of Central Park. Each satellite is about 270 m² fully deployed, which doesn’t seem so big by itself. Until you consider the following:

Falcon Heavy payload to LEO: 63,800 kg

Number of Falcon Heavy launches needed: ~247

SpaceX’s total launches in 2025: 165

At their current pace, it would take more than a year and a half just to launch the hardware for a single terrestrial data center. Assuming every single launch is dedicated to GPU satellites. Which means no Starlink. No commercial customers. No NASA missions. Just BallSats. BallSats all day, every day.

And that’s before we talk about manufacturing 3,500 satellites, each more complex than anything SpaceX currently builds.

For what it’s worth, I did check if launch was mass constrained or volume constrained. It’s mass. A reasonable estimation for packing density based on data from NASA is ~360 kg/m³. That means our 29-GPU BallSat at 4,311 kg packs down to 12 m³ for launch. We humans are VERY good at folding things.

Another real life story: when I was a grad student at MIT (name drop) I was drinking at a bar (State Park, iykyk) and struck up a conversation with the dude sitting alone next to me. He was folding origami into some bizarre shapes. Unassuming guy. Turns out he was a post-doc and his ENTIRE LIFE was folding. Creating complex algorithms to prove folding efficiencies and how to make things that look big incredibly small. He got into it because his Dad really liked origami. Fifteen years later and this guy is like the world’s foremost expert on folding stuff with applications from spaceflight to microbiology and robotics. Fascinating conversation. Dude is probably a gazillionaire now. MIT is a really cool place to learn weird things. Anyway, back to your regularly scheduled programming.

Falcon Heavy payload fairing volume is 13.1 m tall with a diameter of 5.2 m. That’s 278 m³. So we could technically fit up to 23 BallSats per Falcon Heavy, but that’s too heavy for the heavy. Maximum is 14 BallSats based on weight. 14 BallSats on a Falcon Heavy, 23 BallSats on a Starship. All of the BallSats in our hearts.

I WILL REMIND YOU, AGAIN, THESE ARE GENEROUS NUMBERS.

The Cost Comparison

What does a 29-GPU BallSat cost to build? At this point, I’m tired, you’re tired, we’re all a bit tired. So let’s skip the math. I added up all the estimated hardware costs. I came up with about $25,000,000. Here, Musky, take another free gimme. I’ll give it to you for $20,000,000.

Let’s add up Spaceballs the Datacenter:

Item	Cost
BallSats (3,449 × $20M each)	$69 billion
Launch (15M kg × $1,000/kg)	$15 billion
Insurance	$5 billion
Mission operations (5 years)	$9 billion
TOTAL	~$98 billion

Even if you said, “Screw physics! Screw the astronomy community! Screw regulations! I’m building the largest BallSats that my mega Starship rocket can handle and I don’t care what the haters and mathematicians say about it!” You’d still end up an ass. Sorry, keyboard cut out there. You’d still end up hitting an efficiency asymptote and spending about $70 billion on your Spaceballs Datacenter. Each BallSat in this constellation would have a deployed area of about half an acre by the way, so that’s wild to imagine.

Here’s the rub. Is this physically possible? Yes. Do we have the technology to make a BallSat? Yes. Will 3,500 BallSats in LEO at 270 m² each piss everyone off? Also yes. Will they be able to process data? Kind of, as long as you don’t mind everything happening slowly. But does any of this make business sense? Absolutely fucking not.

A terrestrial datacenter with 100,000 GPUs costs about $5 billion.

Including the building. And the equipment. And the power plant. And the cooling towers. And a cafeteria. With a salad bar. Your Spaceballs datacenter doesn’t have a salad bar, does it, Musky? Noooo, that marketing ploy was Tesla’s, and apparently it isn’t going very well.

Musk’s Spaceballs Datacenter costs 20× more than the version on good ole’ reliable terra firma.

And it’s worse at everything except “having a nice view.” Cool cool cool cool cool. This is fine. Everything is fine.

I WILL REMIND YOU, YET AGAIN, THAT THESE NUMBERS ARE GENEROUS NUMBERS.

It Gets Worse

I’ve been assuming these satellites work. That the GPUs function in the radiation environment. That the ADCS keeps pointing everything the right way for years.

I’ve been assuming that your thermal subsystem works just as efficiently at 9 m² as it does at 900 m².

I’ve been assuming you can somehow coordinate 100,000 GPUs with 20-50 ms latency and 10 Gbps bandwidth when terrestrial training clusters need sub-microsecond latency and 3,200 Gbps bandwidth.

I’ve been assuming the regulatory environment lets you fill LEO with 3,500+ GIANT satellites, each the size of a single family home.

Friends, I’ve been assuming a lot.

Part 10. Keep Firing, Asshole.

So there it is.

You can put more GPUs on each BallSat. You do get some economies of scale at first. But then the deployed area grows, and the disturbance torques grow, and Mr. Engine calls his mom, and suddenly you’re building Hubble-sized satellites to run a single rack of GPUs.

You can’t engineer your way out of the laws of physics.

Radiators scale linearly with heat. Solar panels scale linearly with power. But the universe’s attempts to spin your satellite scale superlinearly with area. And your ability to fight back scales sublinearly with mass.

You can’t win. The math won’t let you.

Every economy of scale gets eaten by the ADCS monster. Every efficiency gain gets swallowed by the thermal dragon. Every clever optimization gets buried under the weight of batteries and solar panels and structural mass.

Musk’s space datacenter is fundamentally more expensive at every scale.

And that’s before we talk about the latency. And the bandwidth. And the 38% downtime from eclipses. And the radiation. And the maintenance. And the…

You know what? It’s time for Mr. Coffee.

Epilogue.

After working on this for about eight hours, a friend sent me this awesome web app by a guy who’s a real life space engineer, Andrew McCalip! He works at Varda Space. He seems cool. Can we be friends?

Anyway, Andrew’s app analyzes the same thing from a different, more sober lens. Compared to my version, his is your squared-away uncle with a vacation home in Boca. Mine is more like that second cousin with a nonzero chance of fighting the shopping cart guy in a Piggly Wiggly parking lot.

Our numbers are surprisingly close. About as close as you can get with back-of-the-napkin applied forecasting, which is precisely what this piece is an example of.

If you’d like more, I’m leading a workshop on First Principles Applied Forecasting at the RSAC 2026 conference in San Francisco on March 24th. You can learn about it here.

When encryption meets enforcement. (Source: The CyberWire Daily Podcast)

Mon, 26 Jan 2026 00:00:00 GMT

Source: Listen to the episode

Brandon Karpf joins The CyberWire Daily Podcast with Dave Bittner and Maria Varmazis to explore how space safety depends on a fragmented patchwork of tracking systems and why a single source of orbital truth still doesn’t exist.

They discuss the Department of Commerce’s TraCSS effort, the rapid scale-up from thousands of objects to tens of thousands of satellites, and the explosion of daily conjunction alerts that make manual oversight impossible.

The conversation also examines the policy shift toward making traffic-management data broadly accessible, raising questions about data provenance, governance, and how commercial capabilities will shape strategic space operations.

Key topics

Fragmented Space Awareness: No single authority tracks everything on orbit, leaving operators to stitch together partial data from governments and private firms.
TraCSS And Governance: The Commerce Department-led system is positioned as a central hub, but funding, ownership, and scope remain unsettled.
Alert Saturation: Conjunction warnings have surged into the hundreds of thousands per day, forcing automation and prioritization akin to cybersecurity SOCs.
Strategic Transparency: Making orbital data widely available could improve safety, but it also reframes space situational awareness as a strategic asset.

Taiwan, Maneuver Warfare, and the Industrialization of Cyber Conflict

Wed, 17 Dec 2025 00:00:00 GMT

Taiwan, Maneuver Warfare, and the Industrialization of Cyber Conflict

Imagine a naval warship in the open ocean. Billions of dollars of strategic infrastructure. The enemy actively hunts to destroy it. Standard doctrine says: maximize your sensors, activate every radar system, exploit every technological advantage you own.

But maximum capability creates maximum signature.

Every active radar broadcasts: “high-value target here.”

So the ship turns off its advanced systems. Uses a commercial radar instead. From 100 miles away, it looks like a fishing trawler. The enemy hunting fleet sails past.

This is maneuver warfare, and there’s a common truism that “static targets die. Maneuverable targets survive.” We’ve neglected this fact in the world of cybersecurity.

I spent last week in Taipei discussing digital resilience with government officials, threat intelligence analysts, and critical infrastructure operators. The question everyone asked: How do we prepare infrastructure to survive when static targets become kinetic ones?

Ukraine already answered. In 2022, PrivatBank migrated 4 petabytes in 45 days with zero customer downtime while physical data centers came under attack. They maneuvered faster than adversaries could retarget.

That’s the standard.

After reflecting on my trip, I want to propose an updated version of the common trope: static targets die, obfuscated maneuverable targets survive.

The Architectural Paradox

The conversations in Taipei centered on four architectural tensions facing Taiwan’s digital infrastructure: cloud versus local, redundancy versus backup, peacetime priorities versus wartime priorities, high-tech solutions versus low-tech degradation paths.

Taiwan makes these decisions right now, with billions of dollars and national survival on the line.

The threat intelligence I reviewed during the trip revealed something unexpected. The threat landscape has undergone massive structural transformation. The tactics that defined cyber defense for the past 20 years are mid-collapse. The economics of offense are changing.

Defenders still play by old rules.

Four insights emerged that changed how I think about digital resilience: traditional threat intelligence is collapsing, attackers industrialized while defenders have remained artisanal, the failure of trust is breaking modern computing’s foundational assumption, and the sovereignty-connectivity paradox has no current solution at scale. Together, they explain why static defense fails and what maneuverability actually requires to succeed.

The Death of Traditional Threat Intelligence

Of 150 incidents tracked by Taiwan-based analysts in 2025, 149 used unique malware variants. One-time code, generated per target, with no signature reuse. This is signature obfuscation at industrial scale. Attackers blend. Malicious code masquerades as legitimate traffic. Command infrastructure hides inside AWS and Azure. Detection requires spotting behavioral patterns, not recognizing known signatures.

Signature-based detection is dying.

The real problem runs deeper than technology. The entire threat intelligence economy runs on IOC exchange. Government bulletins share hashes and IPs. Information Sharing and Analysis Centers distribute indicators. Vendors sell threat feeds. All of it assumes that “known bad” signatures have value.

If every attack uses unique code, IOCs become worthless. The currency of intelligence sharing collapses.

Defensive advantage shifts to whoever has the deepest behavioral baselines. You can’t detect “known bad” anymore. You detect “abnormal.” Abnormal requires knowing normal at massive scale, across years, for every asset type in every environment. This compounds over time. If you’ve monitored infrastructure for 10 years and retained the data, you can detect 0.01% deviations from established patterns. If you’ve monitored for 6 months, or your logs age out in 90 days, you can’t. New entrants can’t catch up because they lack historical telemetry. But neither can incumbents if they don’t have effective log retention and deep learning tools to create known good baselines.

Taiwan doesn’t have a decade to build baseline data. Neither do most nations facing sophisticated threats. Borrowed baselines from trusted partners might provide the data moat that smaller nations need to defend themselves.

Japan’s telemetry from NTT’s operational data, US intelligence feeds from CISA and NSA partnerships, Ukraine’s conflict data from two years of active defense under kinetic attack—these become strategic assets for an effective defense posture.

If IOC-sharing frameworks lose effectiveness, what replaces them? How do allies coordinate defense when traditional intelligence currency has no value? I don’t have the answer. Neither does anyone I spoke with in Taipei. But the question demands an answer within 18 months, before the current frameworks become completely obsolete.

The Industrialization Gap

The Chinese threat ecosystem now includes over 250 companies providing specialized cyber capabilities. One company handles reconnaissance. Another handles weaponization. Another provides command infrastructure. Another handles exfiltration. Each firm perfects one discrete phase of the kill chain.

This represents industrialization. Attackers applied manufacturing doctrine to cyber operations. Specialization creates scale. If each firm perfects one phase of the kill chain, the ecosystem can run 10x more campaigns than any single actor could manage alone. This mirrors Toyota’s production system, applied to nation-state hacking. Specialization creates scale, but it also creates obfuscation. When reconnaissance happens in one company, weaponization in another, and C2 in a third, attribution becomes nearly impossible. The kill chain fragments across organizational boundaries that defenders can’t see through.

Meanwhile, defense remains a cottage industry.

Every Security Operations Center builds custom playbooks more or less from scratch. Every vendor sells proprietary tools incompatible with competing platforms. Standardized defensive modules that enterprises can deploy at scale remain absent from the market. We’re still operating like bespoke tailors while attackers scaled like assembly lines.

The winners will be whoever creates composable, standardized defensive services that scale horizontally: the AWS of cyber defense. Think integrated defensive capacity as infrastructure, where adding capacity becomes operational rather than architectural.

This requires rethinking what we sell to the market. Companies require defensive capability that scales like cloud infrastructure scales. Increasing protection must become operational rather than architectural.

Taiwan’s small and medium enterprises face this gap acutely. They form the backbone of the economy. Many don’t have IT departments. Some don’t have IT administrators at all. They hire an engineer to set up email systems and hope for the best.

They can’t build sophisticated defenses. They can’t afford bespoke security consulting at $500 per hour. They need defense-as-infrastructure: something they can deploy without deep expertise, that scales to their size, that integrates with their existing operations without requiring wholesale replacement.

The threat ecosystem has already industrialized to exploit exactly this vulnerability. APT groups targeting Taiwan specifically hunt for these under-resourced organizations, knowing they represent soft entry points into supply chains that connect to larger, more valuable targets.

Should governments mandate defensive standardization the way they mandate standards for physical weapons systems? Can Taiwan create a “minimum viable defense” framework that SMEs can actually deploy without dedicated security teams? Who builds it? Who pays for it?

These questions have no answers yet. But they need answers soon.

The Failure of Trust

Supply chain attacks doubled in 2025 compared to 2024. Threat analysts call this “the failure of trust.” Supply chain attacks succeed through obfuscation. Malicious code hides inside trusted packages, riding legitimate update mechanisms into target networks. The compromise looks identical to normal operations until it’s too late. SolarWinds, 3CX, MOVEit—each succeeded because attackers masqueraded as trusted vendors.

Modern computing architecture operates on layers of assumed trustworthiness: chip manufacturers build clean silicon, operating system vendors ship secure code, cloud providers isolate your data, open-source maintainers patch vulnerabilities, security tool vendors protect rather than expose. Every layer assumes the layer below it functions as designed.

When one layer breaks, the entire stack collapses.

The trust model worked for decades because the number of critical vendors remained manageable and the attackers remained subscale. Large organizations like Intel, Microsoft, and Cisco had reputations to protect and security teams to defend them. You could audit them, negotiate contracts, verify their claims at least partially.

That model has died.

The digital ecosystem’s industrialization created hundreds of specialized vendors, each controlling a discrete piece of infrastructure. The attack surface exploded while the attackers industrialized. Every integration point became a trust boundary, every API call crossed organizational lines, and complex supply chains multiplied trust risk exponentially. This is precisely the complexity attackers began to exploit.

Small and medium enterprises globally, which form the backbone of every economy, lack resources to verify trustworthiness at scale. They can’t audit software supply chains, validate cloud security claims, or inspect hardware for compromises. They accept vendor assurances because they have no alternative.

This creates an impossible choice for critical infrastructure operators: build everything yourself, which becomes impossible at modern scale and speed, or accept external dependencies, which becomes unacceptable when trust fails.

Some organizations retreat to air-gapped fortresses. Others embrace transparency mechanisms like open-source code that anyone can audit, security clearances that verify operator loyalty, or operational frameworks that prove sovereignty through inspectable processes. These approaches help but can’t scale to cover every dependency in a modern technology stack.

The failure of trust explains why the sovereignty paradox exists (more on that in a moment). You can’t trust external dependencies when supply chain attacks double year over year. You can’t survive without external dependencies when innovation moves at cloud speed. The architectural question becomes: How do you build systems that remain verifiable even when composed of untrusted parts?

Trust becomes the scarcest resource in the market. Vendors who can prove trustworthiness through transparent operations, sovereign infrastructure, and aligned incentives gain advantage. Vendors who demand blind faith lose.

Taiwan faces this acutely, but every nation confronts the same reality.

Neither choice works for long.

The Sovereignty Paradox

Taiwan’s government officials kept returning to the same architectural tension during our discussions: We need cloud-scale compute for AI ambitions. We need sovereignty for survival. These requirements contradict each other.

If supply chain attacks doubled because “trust failed,” the logical response appears straightforward: air-gap everything. Cut external dependencies. Isolate critical systems. Build fortress infrastructure that can’t be penetrated from outside.

Air-gapped systems can’t access cloud AI. Can’t update at cloud speed. Can’t benefit from collective intelligence gathered across millions of endpoints. Can’t maneuver when threats materialize.

The four architectural questions Taiwan debates all collapse into one: How do we get cloud benefits without cloud dependencies?

This brings us back to the PrivatBank lesson. Controlling your signature matters more than building thicker walls. Bigger firewalls and more sophisticated intrusion prevention systems miss the point entirely.

True stealth operates at the infrastructure layer through obfuscation.

Can a banking system masquerade as gaming traffic? Can critical infrastructure hide inside commercial cloud noise? Can you migrate your signature faster than an adversary can retarget their attack infrastructure?

Ukraine proved you can maneuver at scale: 45 days to migrate, 4 petabytes of data, zero customer downtime. The question for Taiwan becomes: Can you pre-position for maneuver before crisis hits? Can systems be architected to stay always ready to migrate, rather than scrambling when missiles start falling?

This requires “connected but sovereign” infrastructure: cloud-scale compute with guaranteed operational isolation. The ability to federate when beneficial, survive independently when threatened. Japan’s Economic Security Promotion Act, passed in 2022 and enacted throughout 2023-2024, designated cloud infrastructure as critical to national survival precisely because AI sovereignty requires it.

The partnerships forming now between hyperscalers like Oracle and national carriers like NTT attempt to solve this paradox at scale. Sovereign cloud regions that provide AWS-level capabilities but operate under Japanese law, with Japanese security clearances required for operations teams, and guaranteed survivability if undersea cables get cut.

Whoever builds “always-ready maneuverability” as infrastructure wins this race. Disaster recovery plans assume you’ll have time to execute them. Backup systems restore last week’s data. Both approaches fail when you need continuous readiness to become a moving target.

The economic winners will be platforms that deliver cloud capabilities without cloud risk: distributed sovereign nodes that can optionally federate for performance but survive independently when isolated. The policy question becomes: Can allied nations create a “sovereign AI commons” where Japan, Taiwan, Australia, and others share model training capacity without dependency on any single nation?

I’m not sure that’s architecturally possible without accepting some level of US or China hyperscaler dominance. But someone needs to try building it anyway.

How the Four Threads Connect

These four insights intersect and reinforce each other in ways that make the challenge harder but the solution clearer.

IOC extinction means defense requires massive historical telemetry: data moats that take years to build. Smaller nations need partnerships to borrow baselines they can’t generate alone. But you can’t borrow from anyone. You need trusted partners with aligned incentives and verifiable operations. When the currency of traditional intelligence exchange collapses, intelligence sharing transforms from technical exchange to strategic alliance.

Industrial offense means artisanal defense fails catastrophically. Defenders need composable, scalable infrastructure that deploys like cloud services. But industrialization created the supply chain attack surface. More vendors means more trust boundaries. More integration points means more places where trust can fail. The market gap becomes defense-as-infrastructure that scales and remains verifiable.

The failure of trust means you can’t accept external dependencies when supply chains become weaponized. You either build everything yourself (impossible) or accept the risk (unacceptable). This forces the architectural question: How do you compose systems from untrusted parts while maintaining verifiable security? The answer requires transparency, sovereignty, and operational proof rather than vendor assurances.

The sovereignty paradox means isolation kills the AI ambitions that drive economic survival in the 21st century. Nations need architectures that maneuver (cloud benefits without cloud dependencies). But maneuverability requires trusting your infrastructure enough to move critical assets at speed. If trust failed, you can’t maneuver. You freeze.

There is a pattern here. Attackers mastered obfuscation across every dimension. They obfuscate signatures (IOC extinction), obfuscate attribution (industrialization), obfuscate intent (supply chain), and obfuscate presence (cloud infrastructure). Defenders who rely on recognition rather than obfuscation lose.

The common solution: coordinated infrastructure that scales like industrial offense, obfuscates and maneuvers dynamically, maintains sovereign control through transparent and verifiable operations, and establishes trusted partnerships that enable intelligence sharing when traditional IOC exchange becomes obsolete.

PrivatBank survived the invasion and proved maneuverability at national scale. They demonstrated that critical infrastructure can move faster than adversaries can target it, even when physical data centers become kinetic targets under active bombardment. They survived because they changed their signature. Banking operations became indistinguishable from ordinary cloud traffic. Physical targets disappeared into virtual infrastructure. The adversary couldn’t retarget what they couldn’t recognize.

Ukraine had one advantage Taiwan currently lacks: urgency. They had to maneuver. Missiles and drones made the decision easy. There was no committee debate about cloud versus local or peacetime versus wartime priorities. Survival clarified everything.

Taiwan doesn’t have that forcing function yet. Neither does Japan. Neither do most nations facing sophisticated threats but not active conflict.

The question becomes whether we build maneuverability before the missiles fall, or scramble to build it during the crisis when architectural decisions that should take months must be made in hours.

The Question We Need to Answer

The conversations in Taipei revealed a gap between understanding and capability. Everyone understands the threat. Everyone sees the paradoxes. No one has the full solution yet.

We know static targets die. We know offense industrialized while defense stayed artisanal. We know trust failed across the entire technology supply chain. We know sovereignty and connectivity contradict each other under current architectures. We know IOC-based intelligence is collapsing as threat actors move to cloud infrastructure and one-time malware.

But who builds the infrastructure that resolves these tensions?

Who creates defense-as-infrastructure that scales horizontally while remaining verifiable? Who architects “connected but sovereign” systems that provide cloud capabilities without cloud dependencies? Who establishes trusted partnerships that replace IOC exchange when signatures become worthless? Who builds transparency and verification into infrastructure rather than demanding blind faith?

Taiwan’s architectural decisions over the next 18 months will answer these questions—for Taiwan certainly, but also for Japan, Australia, and every nation in the Indo-Pacific facing similar threat environments and similar paradoxes.

The bar sits at a specific height. Forty-five days. Four petabytes. Zero downtime.

That’s what maneuverability and obfuscation look like when national survival depends on it. You need to maneuver faster than adversaries can target you. You also need to become unrecognizable faster than adversaries can adapt their targeting.

The question is: Who gets there first?

The Business of Containment: Governing the Offensive Cyber Enterprise

Tue, 02 Dec 2025 00:00:00 GMT

The current offensive cyber market is an uncontrolled experiment in containment.

Without meaningful governance, we citizens of the world (the subjects of this experiment) will pay the consequences. Much like DuPont poisoning the water supply or Purdue testing the limits of addiction with the useful (though destructive) technology called opiates, these offensive cyber entities generate private profit by forcing potentially toxic externalities onto a public that lacks the power to refuse them. They occupy a volatile intersection of geopolitical risk, technical innovation, and moral hazard, wielding capabilities few private actors possess while facing scrutiny few can withstand.

We need a governance blueprint for the Offensive Cyber Enterprise: private firms that design, operate, or sell offensive capability to sovereign clients.

The market is real, growing, and the technology works.¹ The question remains: where is the governance? Human judgment currently bears the weight of these controls: the ethics of leadership, the discretion of engineers, the goodwill of clients. Those informal systems fail predictably once profit and performance incentives pull against restraint.

Expansion rewards profit. Clients reward performance. These incentives run counter to the caution that offensive power demands. Every company believes its culture will hold. History shows otherwise. Even principled executives face quarters where restraint looks like failure. Human virtue can steady a company for a while, but it rarely survives sustained pressure from market gravity. When the product itself is a form of power, relying on virtue alone becomes a structural flaw.

We have seen this movie before. Consider OpenAI. The organization engineered a governance structure specifically designed to arrest commercial drift: a non-profit board with the power to fire the CEO of the for-profit arm to protect the mission.² It worked in theory. It failed in practice. The structure held only until the valuation hit eighty billion dollars.³ When the board exercised its power in November 2023, the market (investors and employees) revolted.⁴ The board purged. The mission recalibrated. If a capped-profit model can’t hold back commercial gravity in generative AI, it has zero chance of doing so in the shadows of offensive cyber.

This sector faces a singular risk: Advanced capability governed by ineffective oversight. The combination creates mechanical drift and an inevitable ethical failure mode. Like a snake eating its tail, it may also destroy the market itself.

Design offers the remedy. Structure must make restraint rational.

The Risk Model

The risks facing any offensive firm are structural, distinct from intent. They emerge when advanced capability scales faster than the systems built to govern it. Three drivers compound this risk.

First, capability scale outpaces control. The economics of offense have inverted. While a high-equity iOS zero-day now commands up to $7 million on the white market⁵, the “low-equity” alternative (administrative access via stolen credentials) sells on the dark web for as little as $500.⁶ Why spend millions on a bespoke exploit when you can buy the login for the price of a laptop? As the marginal cost of power falls, boutique tradecraft becomes a commodity. Speed kills oversight.

China provides the structural warning. In 2025, Beijing mandated “Attack-Defense Labs” for commercial testing firms, dissolving the barrier between research and warfare.⁷ Consider Integrity Tech, a leading commercial cyber-range developer in China. Their internal research unit, ‘KRLab,’ breached the bounds of defensive testing. Forensics linked it to ‘Sparrow’, a botnet used by the state-sponsored Flax Typhoon actor to execute file transfers and remote commands.⁸ Scale turned a vendor into a combatant.

Second, a capital mismatch bifurcates the market. Venture capital chases returns that pure service models cannot deliver. Cybersecurity SaaS companies trade at 28x EBITDA (roughly 8x-12x revenue)⁹, while traditional defense services lag far behind, often valued at 17x EBITDA (roughly 1.2x revenue).¹⁰ To bridge this valuation gap, investors pressure firms to “productize” their tradecraft, turning human-led consulting into push-button software platforms. Productizing the kill chain removes the human judgment required to say “no.”

Finally, opaque channels obscure reality. As distributors and integrators multiply, the firm loses sight of the end user. Informal trust replaces verified compliance.

These drivers trigger predictable failure modes. The Raven Effect (named for the infamous Project Raven) remains the graveyard of good intentions. In 2014, CyberPoint International deployed American contractors to the UAE for a State Department-approved defensive mission.¹¹ By 2016, operations migrated to DarkMatter, a local entity with annual revenue in the hundreds of millions. The mission drifted from counter-terrorism to surveillance of human rights activists. Operatives deployed the ‘Karma’ exploit because the client owned the oversight structure. With engineers earning up to $1 million annually tax-free, the paycheck justified the target, overruling engineer intent.

Feature drift occurs when engineering teams optimize for performance, quietly eroding original safeguards. DBAPP Security, another Chinese firm, offers the warning. Their Starfire Lab developed “VShell” in 2021 as a defensive remote access tool designed for research. By 2025, European analysts identified it as a fully operational backdoor used by state-nexus threat actors.¹² The code remained static; the mission shifted. Without governance, every defensive tool is one patch away from a weapon.

Once this drift begins, lawful customers inevitably misuse tools for surveillance beyond the agreed scope. Engineering teams tune for performance, quietly eroding original safeguards. The consequences are fatal: sanctions exposure, procurement bans, and reputational lockout. Once trust collapses, the firm becomes radioactive. NSO Group offers the definitive case study. By hiding behind secrecy, they invited collapse. In 2021, the firm held a valuation of roughly $2.3 billion.¹³ Months later, following public fallout and blacklisting, financial assessments deemed the equity effectively “valueless.” The technology remained strong; the business evaporated.

The Design Lens

The objective is a constitution for private enterprise.

Constitutions emerged when early republics learned that good Generals make poor judges. We often mistake governance for bureaucracy, but in high-stakes environments, they are opposites. Bureaucracy slows motion; governance stabilizes it. The founders of modern republics understood this distinction. When James Madison wrote in Federalist No. 51 that “ambition must be made to counteract ambition,” he was describing a mechanical necessity.¹⁴ He argued that because men are not angels, external controls must supply the defect of better motives.

The offensive cyber industry is currently relying on angels. It needs a Madisonian correction.

In economic theory, this is known as a Commitment Device: a binding mechanism that forces a rational actor to stick to a long-term plan, even when short-term incentives scream to defect. We see this in engineering as well. A conductor’s virtuosity has no bearing on the safety of a train. It is safe because a “dead man’s switch” automatically arrests momentum when human control fails.

The same logic applies here.

A healthy offensive cyber company must mirror a constitutional democracy: execution drives capability, leadership sets law, and oversight interprets limits. Without this separation, velocity turns into instability.

A credible constitution requires a mission-locked charter connecting profit to lawful purpose and a guardian share to enforce non-negotiable boundaries. It demands independent committees with the power to veto and cryptographic systems that translate policy into code.

Incentives must align culture with control. This framework allows scale without moral drift. It converts ethical aspiration into operational reality.

The Control Architecture

We must translate the constitutional framework into operational controls. I propose four mechanisms: independent authority, technical verification, aligned incentives, and structured transparency.

First, sever the command chain through independent authorities. Effective oversight requires genuine separation between growth and governance. The Thomson Reuters Founders Share Company has held a single “Golden Share” since 1984.¹⁵ It works. We must adapt this for cyber through a mission-locked charter that binds directors to a dual mandate of profit and lawful public purpose. It requires a Guardian Foundation, a perpetual entity holding a control share with veto rights over sensitive actions like new country entry or capability expansion. These structures must be supported by independent committees with subject-matter depth in human rights and export control, exercising negative control over approvals.

Next, code the constraints with technical verification mechanisms. Legal independence means nothing without technical enforcement. Code formalizes principle with technocratic precision. The industry standard of relying on “end-user agreements” is dead. NSO Group and Candiru proved that export licenses are paper shields; both firms operated under strict oversight yet sold to clients who weaponized their tools against journalists.¹⁶ We must replace trust with code. Two-key operations require dual authorization (customer and trustee) executed through hardware security modules to prevent unilateral action. Immutable logging hashes every command into a write-once ledger, creating verifiable proof of conduct without exposing intelligence details. Finally, cryptographic kill-switches provide revocation capabilities to deactivate systems that breach policy.

Third, align incentives by taxing the risk. These controls will fail if the payout for breaking them is high enough. Culture follows compensation. If you sell to a gray-zone client, your bonus should evaporate. Oversight endures only when reward systems reinforce it. Executive metrics must tie bonuses to audit performance and incident closure speed. If material policy violations occur, bonuses must hit zero, scaling to the severity of the breach. The sales architecture must also weight revenue from approved markets higher than high-risk territories. Mechanism design turns integrity into routine behavior.

Finally, we must weaponize disclosure through intentional reporting. Use transparency to kill competitors who rely on secrecy. Visibility stabilizes ecosystems. This requires a tiered approach: full access for the board to policy attestations, aggregate reporting for regulators, and public summaries for the market. Firms that practice structured disclosure, like Palantir, build resilience. Firms that hide behind secrecy, like NSO, invite collapse.

Governance as Competitive Advantage

Power accelerates by nature. Ethics often resist acceleration. The future of this industry depends on mastering that tension.

We must stop viewing oversight as a cost center. Strong governance improves competition and enterprise performance. Ungoverned cyber firms are valuation traps. They command the revenue multiples of SaaS firms yet carry the tail risk of illicit arms traders. One sanctions listing can drive revenue to zero overnight. Proper governance secures the valuation. It lowers the cost of capital by capping that legal tail risk. It converts a toxic asset into a defense prime.

It also secures the talent. The “cool factor” of classified work no longer outweighs the stigma of surveillance. With 79% of developers citing ethical risks like misinformation, security, and illicit code use as a primary anxiety, retention becomes a function of mission legitimacy.¹⁷ Top talent votes with their feet. Governance creates magnetism, drawing high-end engineers who want to handle power responsibly.

Finally, it guarantees access. Government buyers favor vendors who document lawful control. When trust collapses, the firm becomes radioactive. Governance builds crisis resilience, providing evidence that outweighs assurances when pressure mounts.

An offensive-security company earns trust when its structure forces deliberate movement: fast when it must be, careful when it should be. The measure of integrity is the presence of brakes that work every time they’re needed. We measure maturity in this business by the discipline to slow down when power wants to accelerate.

References

The Savage Hue: Gratitude Against all Odds

Wed, 26 Nov 2025 00:00:00 GMT

The Savage Hue

I read Vermont Royster’s “And the Fair Land” every Thanksgiving. The ritual usually feels grounding. Reading it tonight (November 26, 2025) the text lands like a warning label on a package we have already opened.

When Royster wrote this in 1961, the “social discord” he lamented was visceral. The Bay of Pigs had failed spectacularly in April. The Berlin Wall rose in August, slicing a continent in half with concrete and barbed wire. The “young arrayed against old” described a physical struggle to break a caste system. The Freedom Riders were firebombed in Anniston just months prior. The disquiet came from the pain of necessary progress, compounded by the external terror of the Cold War. The “strangers in far-off corners” were men with nuclear codes. When Royster described “the savage face of war,” he was writing to a generation that watched Nikita Khrushchev bang his shoe at the UN and felt the cold wind of nuclear annihilation blowing off the Cuban coast.

The anxiety felt existential. It bit deep, grounded in tangible stakes: rights, borders, survival.

Sixty-four years later, the anxiety has mutated.

The disquiet of 2025 is a product of industrial design. Look at the headlines flanking Royster’s prose today. We see the “First Large-Scale Cyberattack by AI.” We see “Two National Guard Members Shot Near the White House.” These events are terrifying, but the ambient “air of unease” Royster noted comes from a deeper source.

We are drowning in the addiction economy.

In 1961, your neighbor’s opinion was limited to the backyard fence. Today, algorithms optimized for engagement weaponize that opinion. The “social discord” is now a business model. Tech giants in Palo Alto have discovered that outrage harvests more attention than agreement. So they feed us a steady diet of it.

This is the new “savage hue.” It is synthetic.

We are users in an extraction economy where our anxiety is the raw material. The “stranger” controlling our fate has morphed from a communist boogeyman to a black-box model or a social feed that prioritizes dopamine over truth.

It is exhausting.

The temptation to despair is logical. Royster faced the physics of destruction; we face the engineering of disruption. But if we stop there, we lose the thread.

We are terrible at celebrating the good.

We have monetized our own misery so effectively that we forget to look at the balance sheet. Royster’s central thesis was about the anomaly of the light. He argued that the “richness of this country was not born in the resources of the earth… but in the men that took its measure.”

The miracle is the people.

We remain the longest enduring society of free people governing themselves.

This survival is statistically improbable. Entropy comes for nations. Order degrades. The natural state of history is the rule of kings, dictators, or technocrats. A self-governing republic is a deviation from the mean. That we are still here, arguing and striving despite the algorithmic headwinds, is the blessing.

It brings to mind Samwise Gamgee, speaking from the depths of his own darkness: “There’s some good in this world, Mr. Frodo, and it’s worth fighting for.”

That line hits harder this year.

The good is the stubborn refusal to capitulate to cynicism. We find it in the teacher staying late in a crumbling school. We see it in the entrepreneur solving real problems instead of selling ads. It lives in the neighbor who puts down the phone to shovel a driveway.

These are the “men that took its measure.”

We forget them because they don’t trend. Stability is quiet. Decency doesn’t go viral. But they are the ballast keeping the ship upright.

Royster ends by invoking the Pilgrims at Delftshaven. If they had been daunted by the “troubles they saw around them,” they never would have sailed. They feared the ocean. In Royster’s time, we feared the bomb. Today, we fear the feed. The requirement remains the same.

We must be thankful that the land is still ours to shape, however hard the task. The “fair land” remains a challenge.

The storm is loud this year. But the ship is still afloat.

And for that, we can be thankful.

Inside job interrupted. (Source: The CyberWire Daily Podcast)

Mon, 24 Nov 2025 00:00:00 GMT

Source: Listen to the episode

GPS is a Cold War artifact. Designed in the 1970s to guide munitions toward Moscow, it now underpins the global economy. Yet the signal is dangerously faint.

Karpf joins Dave Bittner and Maria Varmazis to dismantle the growing threat of maritime spoofing. The barrier to entry for electronic warfare has collapsed. For approximately $50, commercial off-the-shelf technology can now replicate the modulation of GPS signals. This capability allows adversaries to overpower satellite transmissions and drift autonomous ships off course—turning navigation errors into geopolitical flashpoints.

Key topics

The Democratization of Disruption: Denial of service is no longer the domain of state superpowers. A $50 software-defined radio can drown out the “whispered conversation” between a ship and medium-earth orbit satellites, effectively blinding modern navigation systems with brute-force noise.
The 12-Mile Trap: Spoofing serves as a subtle weapon for territorial aggression. By introducing incremental timing delays, actors can lure vessels into the 12-nautical-mile limit of a nation’s territorial waters, manufacturing a pretext for seizure or military engagement—a tactic observed from the Black Sea to the coast of Venezuela.
Digital Signatures for RF: The legacy GPS architecture trusts blindly. The necessary evolution involves applying network security principles to the physical layer, specifically using digital signatures to authenticate the source of a signal before a receiver accepts it as truth.

The Internet Keeps Crashing Because We Tried to Gentrify a Jungle

Fri, 21 Nov 2025 00:00:00 GMT

The Internet Keeps Crashing Because We Tried to Gentrify a Jungle

On Tuesday, November 18, 2025, at 6:00 AM ET, the digital economy seized. The blackout was nearly total.

Cloudflare, the invisible gatekeeper of the web, suffered an internal service failure. The error locked the doors from the inside. Users of everything from Discord to ChatGPT faced a generic security message: “Please unblock https://www.google.com/search?q=challenges.cloudflare.com”.

This follows the October 20, 2025 AWS US-East-1 outage, where a routine DynamoDB update triggered a DNS race condition that took down 17 million services.

These are Consistency Failures. We replaced a biological ecosystem designed for survival with a bureaucratic machine designed for control.

Enter the road to digital serfdom.

A Runaway Nuclear Reaction

Trends reveal a terrifying shift. Frequency of internet outages is stable, but severity is on the rise.

Before 2015, we lived in the era of local failure. Failures were mostly hardware-based, specific attacks, and regionally contained. This began to shift with the 2016 Dyn DDoS attack.

In 2016, a large-scale DDoS attack against the Dyn DNS service exposed the structural weakness of consolidation. On October 21, the Mirai botnet commandeered roughly 100,000 IoT devices to bombard Dyn with 1.2 terabits of traffic per second. The attack crippled Twitter, Netflix, and Reddit across North America and Europe. We had centralized the internet’s phone book into the hands of a few gatekeepers. One cracked. Consequently, the screen went dark for millions. (Thank you to Doug Madory for providing me with this example).

From 2019 to 2025, we entered the era of systemic collapse. Failures are now nuclear logic bombs. Tiny configuration errors detonate the entire world.

The 2021 Fastly outage occurred because one customer configuration triggered a global bug. The 2024 CrowdStrike outage saw Channel File 291 cripple 8.5 million critical Windows machines.

We stripped away the noise of small, frequent failures. The blast radius of a single error has expanded from one service to the entire planet. The result is a system where safety equals silence and failure equals apocalypse.

David Clark built his original Internet architecture on the value of survivability. The Two Computer Rule was rational during the age of threatened nuclear armageddon: “If there are two computers hooked to a network, and each one knows the address of the other, they should be able to communicate. Nothing else should be needed.” (see Designing an Internet, The MIT Press, 2018).

He called the mechanism Fate Sharing.

“The fate-sharing model suggests that it is acceptable to lose the state information associated with an entity if, at the same time, the entity itself is lost.” The state of the connection is stored only in the end-points. If the computer dies, the connection dies. The failure is quarantined to the individual.

We moved to a model where we decouple fate from hardware via the Hyperscale Cloud. Hosting on AWS US-East-1 means if your server dies, your app survives due to redundancy. To manage this redundancy, we built a God Layer known as the Control Plane. This software layer creates a shared fate for everyone. When the Control Plane fails, every customer goes down, even if their servers are healthy.

By trying to save the individual from death, we condemned the collective to extinction.

An Epistemological Collapse: The Hayekian Trap

Friedrich Hayek’s defining contribution to economics was the Calculation Problem. Hayek argued that central planning fails because planners are blind. It isn’t their fault. He exposed how no single entity can possibly possess the dispersed, fleeting, “tacit knowledge” of the entire market. In an economy, prices act as signals to coordinate action without central direction. In the original internet, routing protocols acted as these price signals. Local, messy, but adaptive. This is what Hayek called Spontaneous Order.

We paved over the Spontaneous Order to build a Constructed Order.

Embracing collectivism via centralized planning starts a slow march towards destruction of the prime economic force: vitality. In a naturally vital system, there’s space for creative destruction. Creatures live and die. Creatures thrive and suffer. The world goes round and round. This is the natural state of things. It creates opportunities for change and growth, development and improvement. But when centralized and controlled to diminish suffering, we lose vitality. Central planning destroys vitality. At least, that’s what Hayek theorized, and he has been rewarded with quite a lot of supporting evidence over the past century.

We have embraced Computational Central Planning.

Massive service providers like AWS and Cloudflare act as Digital Central Planners. They attempt to maintain Global State, a consistent view of the world across millions of servers and hundreds of datacenters. This is the “synoptic delusion” Hayek warned against.

The catastrophic outages we now experience are the result of the system trying to force infinite complexity into a single database table in Virginia. Consistency Failures occur when the Control Plane in Region A thinks the world is X, while Region B thinks it is Y. The system detects a deviation from the Plan and has a psychotic break.

The rest of us experience this psychotic break as not being able to access LinkedIn, Netflix, or online banking. We have hit the computational limit of central planning. The complexity of the network now exceeds the speed at which a central authority can understand it.

The Digital Road to Serfdom

The original internet architecture created a vacuum, and that vacuum was filled by a new social contract based on safety and centralized control. This is the digital manifestation of Friedrich Hayek’s The Road to Serfdom.

Hayek warned that the slide into servitude is rarely forced by a conqueror. It begins with a voluntary trade. We trade the anxiety of liberty for the promise of security. We trade the chaos of the market for the predictability of the plan.

In the last decade, we made that trade. We exchanged the anxiety of “Best Effort” packet delivery for the security of the Service Level Agreement (SLA). We abandoned the Wild West of the open internet because it felt too dangerous, and we retreated into the Walled Gardens of the Hyperscalers.

The result is exactly what Hayek predicted: a total loss of agency. We are no longer independent nodes in a mesh. We are tenant farmers on Amazon’s land, irrigated by the streams of Cloudflare. We rely on Crowdstrike and Palo Alto Networks as walls to keep the barbarians out. And like all serfs, we are safe right up until the moment the Lord lowers the portcullis.

The Feudal Racket

The original internet protocols created a Naked Network. It moved data but had no concept of value or money. It could not fund or provide for its own defense. David Clark once told me about a conversation he had with a Nobel Laureate Economist in the 1990s. The Economist cornered Clark at a conference: “The internet is about routing money. Routing packets is a side-effect. You screwed up the money-routing protocols!” When Clark replied that he didn’t design any money routing protocols, the Economist shot back: “That’s what I said!”

Because the base layer was defenseless, private actors built castles on top of it. We pay rent to Cloudflare and AWS for protection from the Wild West of the base protocol. These Feudal Lords have no incentive to fix the base layer. Their business model depends on the internet being dangerous. If the Wild West became safe, the value of the walled garden would collapse.

We bought into the theory of hegemony. A digital road to serfdom.

“The theory of hegemony is a theory of stability. It postulates that a system will be long-lived if a single actor is in charge… By taking tussle out of the technical domain… the platform becomes more predictable.” Another useful insight from David Clark, who defines Tussle as the inevitable conflict between adverse interests in an open system.

The internet keeps crashing because we tried to gentrify a jungle. We paved over a resilient, diverse biological ecosystem with an efficient, brittle bureaucratic machine. We face a choice.

Our most likely path given the laws of momentum is to maintain current course and speed. Continue refining for efficiency. Accept that the screen will go dark more often, for longer. This is the path of the Serf.

Or we could choose to return to friction. We could re-embrace Fate Sharing and accept that local failures are healthy. We could own our infrastructure. We could redesign the protocols to handle the Tussle without a middleman.

We’ve built a glass cannon. It is incredibly powerful, perfectly tuned, and destined to shatter.

Get used to it.

The AI Has Eaten the Pen

Tue, 18 Nov 2025 00:00:00 GMT

You people are driving me nuts.

It’s everywhere now. The flood is complete. I see it in bullshit LinkedIn posts, in marketing emails that promise to “unleash” my sales team’s potential, in newsletters I used to respect. I’ve seen it in corporate white papers, research reports, and, I shit you not, in articles from major newspapers.

It’s a creeping, sterile monoculture of thought and writing. It tastes like diabetes feels.

I went to Safeway yesterday. I was just picking up materials for Christmas cookies. Flour. Sugar. Marshmallows. Later, I went to Whole Foods for my actual groceries. Walking out of that Safeway, I felt a familiar, specific grossness. A lethargic grumbling. I recalled the oversaturated colors from boxes of Chips Ahoy and Cap’n Crunch. The stale smell of sugary whitebread and toll house cookies. The oiliness of the air. The nauseating lights (I swear to god there’s a puke-green hue). It was like the emotional equivalent of eating a Big Mac. It felt empty, processed, and cheap. And, side note, Safeway is not really less expensive than Whole Foods. I’ve checked. It’s just the brand. Everyone feels like it’s less expensive because it is, in the truest sense of the term, cheaper. But that’s a different polemic.

This is what it feels like to read everything you people “write.” This is the intellectual equivalent to the Diabetes Industrial Complex that made America fat and miserable. We’re being fed a constant, relentless diet of mental junk food. It’s mass-produced by scriptorial lightweights who have mistaken generation for creation. They’ve found a new, high-velocity way to make us all sick.

Sure, the pen is mightier than the sword. But the AI has eaten the pen.

A Three-Part Disease

Bad writing has always been with us, but at least people once had to try. You could respect the effort, if not the prose. We’ll get to the symptoms in a second, so bear with me. The problem is the engine, the Dark Lord. The Dark Lord knows nothing, creates nothing, and risks nothing. The engine has three first principle flaws that are damn near impossible to fix: the fact AI has no stake in the real world (no-stake sterility), the fact that AI is designed to be the average of us all (the oblivion of mediocrity), and the fact that AI has no chutzpah (the hedging engine of wimpdom).

AI has no lived experience, which means everything it writes suffers from no-stake sterility.

It has never won a fight, lost a job, or felt a room go quiet after a bad joke. It has no skin in the game. It is a sterile, detached observer of human text, and it can only mimic the shape of our ideas.

Shortly after I rented my first apartment, I was twenty two years old, cheap as hell, living in Boston, and needed a table. I ordered an inexpensive, minimalist one from Target. It was made of particle board, that fake stuff that’s discarded wood shavings and superglue. The first delivery arrived with a big chunk knocked out of its side. “Oh well,” I thought, “it was only like $40. I’ll just order another.” When the second arrived, there were so many scratches on the top that it’s entirely possible an alleycat was trapped in the box during shipping. The third arrived with a missing leg. The fourth looked much like the first. It took five deliveries to get one that wasn’t visibly broken on arrival. Five.

Four months later, I leaned on the corner while eating and the entire thing gave way. It didn’t crack. It crumbled. It collapsed into a pathetic pile of sawdust and cheap glue.

AI writing is that dining table. It’s the particle board of writing. It has the shape of an argument. It has the veneer of an insight. The second you put any real intellectual weight on it (try to find one original, falsifiable thought) it disintegrates because AI is sterile and has no stake in the real world. The AI suffers from the deepest of all epistemological flaws: it knows nothing.

AI is the average of us all, which means it writes like mediocrity is cool again (oh, hello 1996).

It’s a statistical engine. It’s unskilled at being interesting, provocative, or true. It’s designed to be probable. It finds the most likely next word, which forces every sentence to regress to a safe, boring average.

This is the Great Autotune.

I was at a tenth-grade dance in 2008. Of course we didn’t call it tenth grade, we called it the Third Form because we were pseudo-intellectual adolescents at a posh faux-British boarding school in central New Jersey. The gym smelled like sweat and floor wax (although it wasn’t actually a gym, in reality it was the lounge of our dining hall that had a slate floor and smelled legitimately like fine wood finish and… sweat). I felt like Sisyphus. I was pushing the same boulder up the hill all night. The boulder was the same six dance moves with the same rhythm and the same sounds with everyone on the dancefloor dressed in the same clothing singing the same damn lyrics. I realized… every song was the same. It was the peak of the autotune era. Lil Wayne’s “Lollipop.” Flo Rida’s “Low.” Every T-Pain track. The same tempo, the same structure, the same metallic, dead-eyed vocal correction.

It made me a great dancer. I only had to learn one song.

AI writing is autotune. It’s the sound of all human creativity being flattened into one boring, predictable, statistically-optimized track. The AI suffers from a fundamental methodological flaw: it creates nothing.

AI is spineless, which means everything it writes hedges like a politician pressed on the solvency of the social security program.

It’s a hedging engine that’s fundamentally timid. It’s programmed to be “helpful and harmless,” which is latin for “non-committal and wimpy.” It’s terrified of being definitively wrong.

We had a lieutenant at one of my old units in the Navy. We called him “The Seagull.” He’d fly in, make a lot of noise, shit on everything, and fly out. (He would also steal your fries. But again, different polemic.)

But The Seagull’s real talent was analysis paralysis. We were in a planning meeting for a complex evolution. We needed a hard “go/no-go” decision on which two elements of our unit would take the lead. They were his people, so the decision came to him. He just stared at the planning board. “Well,” he said, “it’s arguable that John and Cindy are best trained for this. But some might say that Elliot and Frank have more experience in this type of situation. But there is some risk there. On the one hand…”

As I sat there watching our Senior Chief’s head turn a shade of red reserved only for lipstick, firetrucks, and solo cups, it dawned on me that this idiot is why we might lose the next war, and that he was destined to make Admiral. His refusal to take a position was, itself, a decision. It was just the worst possible one.

AI writing is The Seagull. It’s an engine built for analysis paralysis, hiding its cowardice behind a mask of “nuance.” The AI suffers from the most unhuman of all moral flaws: it risks nothing.

A Semantic Dark Lord on his Dark Throne.

Particle board, autotune, and seagulls are all annoying parts of life. This is worse.

This is Sauron. It’s a toxic, black sludge coating every channel. It’s suffocating all native life. The weird blogs. The personal, vulnerable essays. The actual, risky thoughts.

Yesterday, I read five newsletters back-to-back. You know who you are. They were all the same story. I realized they were all written by AI. They all opened with a Vapid Gatekeeper (“In an increasingly…”). They all used a Bullet-Point Tyrant for their structure. They all made their one “profound” point using the Witch-king of “Not Just.”

This is why I must name the agents of this Dark Lord. They are the nine Ringwraiths. Meet them and despair:

The Witch-king of “Not Just” is the worst of them all. He’s the voice behind the “It’s not just a tool, it’s a revolution” crutch. This is the laziest of all rhetorical setups, a symptom of the Hedging Engine. It’s a writer too timid to make a bold claim, so they build a straw man to knock down first. The fix is simple. Stop hedging. Just state the revolution. Only Douglas Adams was talented enough to describe something in relation to its negative.

The Vapid Gatekeeper is the “In today’s fast-paced world…” non-opening. It’s a paragraph of pure throat-clearing from a writer with no personal story to tell. This is the ultimate symptom of no-stake sterility. The AI has no 10th-grade dance to reference, so it defaults to this meaningless abstraction. The fix: Delete it. Start with your second paragraph.

Then you meet the Hollow Synergist. This is the language of the particle board table: “leverage, utilize, foster, streamline, unleash.” It’s a lexicon of abstract, corporate-approved verbs that communicate nothing specific, the sound of work being performed instead of done. The AI has never built anything, so it can only “leverage.” The fix is to use concrete verbs. Verbs with force.

The Bullet-Point Tyrant is a structural failure. It’s the lazy dumping of ideas into a list, often with randomly bolded “key points”, because the AI struggles to weave them into an argument. This is the Tyranny of the Mediocre Mean in action. A list is statistically safe. A real narrative is risky. Do the hard work. Find the thread.

The Fracturer is the em-dash epidemic. The AI learned that “smart” writers use dashes, so it uses them—everywhere—with the subtlety of a sledgehammer. It’s another symptom of the Tyranny of the Mean. It found a statistical correlation for “sophistication” and mistook it for a rule. The fix is obvious. Use a period. Let a sentence end.

The Monotonous is the sound of autotune in your writing. It’s the endless, predictable march of sentences that are all 15-to-25 words long. No pulse or rhythm. No short jabs. No long, reflective explorations. Nothing lyrical that draws unique imagery to expand the mind, open the heart, and release a flood of thrilling neurological chemicals that stimulate your limbic instincts to fuck, fight, and eat. It’s the statistical average, and it is perfectly, hypnotically dull. This is the very definition of the Tyranny of the Mean. Vary your sentence length. Aggressively.

The Unblemished is the “too perfect” text. Flawless grammar, perfect spelling, and zero personality. It’s sterile, clean, and frictionless. Because it has no flaws, it has no grip. It doesn’t break rules. Like, ever. There is no texture for a reader’s mind to hold onto. This is No-Stake Sterility by definition. The AI has no scars. The fix is to be human. Tell the flawed story.

The Non-Committal is The Seagull’s voice. This is the flood of “it’s arguable that,” “some might say,” and “to some extent.” It’s the AI’s refusal to ever plant a flag, make a falsifiable claim, and risk being wrong. This is the Hedging Engine’s primary defense mechanism. Stop qualifying. Make the claim.

Finally, there is The Needless. This is the empty scaffolding. The “It’s important to note that…” and “It’s worth mentioning…” These are the timid, obsequious tics of an engine asking for permission to make a point. They are a total waste of time. Delete the phrase. The sentence will be stronger.

I see the Wraiths everywhere, every day, and it’s driving me insane.

How We Fight

This is a two-front war. It’s about how we read and how we write.

A demand-side fix. AKA, the “Ozempic” solution. Suppress your appetite for junk food. We have to starve the beast.

Stop consuming. Unfollow the Vapid Gatekeepers. Mute the Hollow Synergists. Raise your palate. Go read a real book. Go read Didion, Zinsser, Joe Moran, Stephen King, or that dude on substack who wrote a blog analyzing if Mike Wazowski is Polish or Jewish. Go read anything with a human pulse. When you get used to real food, the junk food starts to taste disgusting. Plus, there’s functionally no difference between someone who doesn’t read and someone who can’t read.

And when you’re reading someone online and see the Ringwraiths, call it out. Mock it. Make it uncool. We have to create a cultural aversion to this sludge.

A supply-side fix. AKA, the Éowyn solution. Be aggressively human. This is how we win.

The Wraiths serve the “One Ring”: the algorithm. That is their Ring of Power. The Witch-king, their leader, couldn’t be killed by “any man.” He was undone by the unexpected. By a woman and a hobbit.

The AI is the same. It cannot quantify real vulnerability, specific failure, or weird humor. It has no defense against them.

Stop writing like a thought leader. Write like a person. Be vulnerable. Be emotional. Tell your flawed stories. Take a stand. Be courageous. Be Éowyn.

The AI ate the pen because we fed it a diet of junk. We handed it the keys. We rewarded the “Tyranny of the Average” (and the word average is really just another word for mediocre) because we were too busy, too lazy, or too scared to do the real work.

We get it back by starving the machine. We get it back by writing for people, as people.

Or…

If you can’t be bothered. If, like, committing the tiniest bit of effort to read well and write well sounds like such a chore. If you just want the easy button for your LinkedIn marketing slop, please at least add the nine Ringwraiths to the system prompt of your AI ghostwriter and instruct the AI to avoid these things like the fucking plague. If you’re gonna sin, for the love of God, at least be a better sinner.

Thanks. We all appreciate it.

The First Agentic Cyberattack Is Here. It’s A Liar. That's An Opportunity.

Fri, 14 Nov 2025 00:00:00 GMT

Anthropic’s November 13 report just confirmed our primary fear. An alleged Chinese state-sponsored group they call GTG-1002 successfully automated a complex cyber espionage campaign using AI agents.

This is the new baseline.

Forget the theory. The first large-scale “agentic” AI attack campaign has happened. A single human operator tasked instances of “Claude Code” to operate as autonomous agents. They conducted reconnaissance, vulnerability discovery, exploitation, and data exfiltration across 30 different targets, including tech companies and government agencies. The AI performed 80-90% of all tactical work independently.

This is an inflection point.

The barrier to entry for sophisticated attacks has collapsed. What once required an entire team of skilled, expensive on-net operators and analysts can now be executed by one person managing a swarm of AI agents. The AI autonomously discovered vulnerabilities and exploited them in live operations. It parsed large volumes of stolen data to identify intelligence value on its own. This is the efficiency nightmare we all predicted.

But the report buried the real story. The one that matters more than the attack itself.

In the analysis, Anthropic notes a critical, unexpected flaw: the AI “frequently overstated findings and occasionally fabricated data”. It hallucinated. The AI confidently claimed it had obtained credentials that didn’t work. It flagged publicly available information as “critical discoveries”. The human operators couldn’t trust their own weapon. They were forced to manually validate every claimed result, creating significant operational friction.

This hallucination problem is a manageable inconvenience for an attacker. They just have to double-check their work.

For us, the defenders, this flaw could be a catastrophic, show-stopping failure… if we only think defensively.

A defensive AI that “lies” is worse than having no AI at all. It will confidently send your human response teams on ghost hunts while the real intrusion proceeds untouched. It will block legitimate, mission-critical traffic based on a fabricated threat.

And we need this AI to work. We know its potential. Google’s “Big Sleep” project proved last year that AI can find zero-days, offering what they called an “asymmetric advantage for defenders.” They were right.

This reveals the true conflict. The old security model is obsolete. The only viable defense against an automated attack (like GTG-1002) is an automated defense (like “Big Sleep”). But the GTG-1002 report proves that both of these systems are built on an unreliable, hallucinating foundation.

This changes our strategy.

If the attacking AI wants to find things so badly that it makes them up, we should help it.

This is the new active defense. We litter our networks with digital breadcrumbs that lead nowhere. We seed fake, but plausible, credentials in config files. We create decoy databases that contain nothing but garbage data. We build a digital hall of mirrors designed to trap an autonomous agent in a validation loop.

The GTG-1002 human operators were already forced to manually validate every finding, creating “operational friction”. Our goal must be to maximize that friction. Every hour the attacker spends verifying a hallucination is an hour we’ve won.

And the moment that decoy database is touched, the AI has announced itself.

The GTG-1002 report proves the old race of offense vs. defense is over. The new critical race is about reliability. But until we solve reliability, the smartest move is to weaponize its absence.

Don’t just wait for the AI to lie. Make it lie.

The Shutdown Ends Tonight. CISA Renewal Still Won't Move.

Thu, 13 Nov 2025 00:00:00 GMT

The House votes around 7 PM tonight (November 12) to end the longest government shutdown in American history. Forty-one days of chaos concludes with a continuing resolution that funds most agencies through January 30. The cybersecurity community hopes this creates legislative space for the Cybersecurity Information Sharing Act (CISA) renewal.

It won’t.

CISA (the Act, not to be confused with the Agency) expired October 1, the same day the shutdown began. Pure coincidence, terrible timing. Since September 30, private companies lost their liability protection for sharing threat intelligence with the government. The automated sharing program still runs (DHS kept the technical infrastructure operational during the lapse) but without legal protections, attorneys advise their clients to stop participating. Some estimates suggest information sharing dropped 80% since expiration.

Nobody’s talking about it. The shutdown consumed all legislative oxygen. While federal workers missed paychecks and air traffic control staffing collapsed, a critical national security framework quietly died. Senator Rand Paul killed it, more precisely. He blocked reauthorization unless it includes explicit anti-censorship language preventing CISA (the agency) from content moderation work. Paul won’t budge. Democrats won’t accept his terms. Stalemate.

Watch for three signals that renewal might advance before January 30 when the new CR expires. First, does Paul announce willingness to negotiate his censorship provisions? His draft bill from September sits unchanged—a two-year extension with new oversight requirements and AI integration language. Second, does House Homeland Security Chairman Andrew Garbarino revive the WIMWIG Act, his ten-year clean reauthorization bill introduced September 2? That proposal died when the shutdown started. Third, does industry pressure intensify? Fifty-two trade organizations sent a joint letter in May demanding renewal. They’ve been silent since expiration.

The likeliest outcome? Another punt. The January 30 CR deadline arrives, Congress scrambles to avoid another shutdown, CISA renewal gets mentioned in committee hearings, nothing moves. We repeat this cycle until someone’s network gets breached badly enough that political will materializes.

Meanwhile, private sector adapts. ISACs evolved beyond government frameworks years ago. Financial services exchanges threat data through FS-ISAC at speeds federal systems can’t match. Telecommunications providers just launched C2-ISAC—deliberately structured without any government involvement. The Cyber Threat Alliance routes information between security vendors bilaterally. When formal mechanisms atrophy, informal networks fill gaps. They always do.

This creates perverse incentives. If information sharing works without CISA, why renew it? The liability protections matter for legal departments, but operational teams built workarounds. The Automated Indicator Sharing program processed ten million indicators in 2024 compared to one million in 2023. That growth might flatline post-expiration, or companies might just route the same data through different legal structures.

Three months until the next deadline. Garbarino reintroduces WIMWIG or he doesn’t. Paul softens his position or he doesn’t. Industry mobilizes coordinated advocacy or stays quiet.

My prediction? Clean extension bundled into the next CR with promises to “address these critical issues comprehensively” in 2026. Translation: everyone acknowledges the problem, nobody wants to fight about censorship provisions during an election year, so we kick it forward again.

The shutdown ended. The legislative dysfunction continues. CISA remains expired.

UKSA adds to its space tracking capabilities. (Source: T-Minus Space Daily)

Tue, 28 Oct 2025 00:00:00 GMT

Source: Listen to the episode

Brandon’s dispatch on T-Minus Space Daily called the unsecured satellite ecosystem a “Heartbleed-level” crisis: research from the University of Maryland and UC San Diego shows that more than half of global GEO satellite traffic—including feeds from telecoms, banks, utilities, and law-enforcement agencies—is still transmitted without encryption.

Key topics

Massive satellite data exposure: Academic teams demonstrated just how easily anyone with commodity gear can intercept GEO traffic, documenting clear-text payloads from commercial operators and critical-infrastructure networks.
Systemic security failures: Brandon pointed to culpability on both sides of the link—service providers shipping insecure modems and end users never flipping on built-in crypto—as evidence that the space domain still treats cybersecurity as optional.
Accountability and regulation: He pushed for tougher oversight, executive liability for noncompliance, and an industry-wide pact to enforce encryption baselines before adversaries exploit the gap.

How many anti-satellite weapons are currently in orbit? (Source: T-Minus Space Daily)

Thu, 02 Oct 2025 00:00:00 GMT

Source: Listen to the episode

Brandon discusses a red-alert moment: he believes we’ll see unmistakable preparation for a Viasat-scale strike against satellite infrastructure within a year—most likely originating from Russia—unless the industry moves to a permanent “shields up” posture.

Key topics

Indicators of escalation: Russian airspace incursions, GPS jamming across Eastern Europe, EUCOM commanders’ warnings about deteriorating space norms, and open-source counts of 200+ ASAT weapons on orbit all point to a more aggressive playbook.
Attack surface & tradecraft: Expect attackers to chase SATCOM and Earth-observation systems through soft edge targets—think unpatched Cisco ASA gear—then stage malware, persist, and maneuver until they reach the “crown jewels.”
Defender playbook: Brandon pushed for immediate patching and telemetry, zero-trust overlays, secure comms investments (optical links, self-healing/digital twins), and business-continuity drills because civilian operators remain primary targets.

The November that never ended. (Source: The CyberWire Daily Podcast)

Mon, 29 Sep 2025 00:00:00 GMT

Source: Listen to the episode

Brandon unpacks the cybersecurity ecosystem and market in Japan.

Listening In on the listeners. (Source: The CyberWire Daily Podcast)

Thu, 28 Aug 2025 00:00:00 GMT

Source: Listen to the episode

Brandon joined Maria Varmazis to discuss space infrastructure.

Rocket Lab boosts semiconductor manufacturing. (Source: T-Minus Space Daily)

Mon, 25 Aug 2025 00:00:00 GMT

Source: Listen to the episode

Brandon joins T-Minus Space Daily to explain how recent developments in orbital data centers, edge AI, and optical laser communications signal a future shift of global internet infrastructure from terrestrial fiber networks to space-based systems—potentially redistributing wealth and strategic value from equatorial hubs like Singapore to polar regions such as Greenland.

Key topics

Emerging space-based internet infrastructure, driven by orbital data centers, edge AI, and high-speed optical communications.
Predicted geopolitical and economic shifts toward Arctic and polar regions as future hubs for data connectivity and ground stations.
Cybersecurity implications of the transition, including new infrastructure needs and enhanced transmission security via optical links.

A free speech showdown. (Source: The CyberWire Daily Podcast)

Fri, 22 Aug 2025 00:00:00 GMT

Source: Listen to the episode

Brandon discussing his experience with fake North Korean job applicants. Brandon shared red flags from the North Korean fraud attempt and how to tune hiring workflows, SOC alerts, and verification rituals accordingly.

A dark web titan falls. (Source: The CyberWire Daily Podcast)

Fri, 25 Jul 2025 00:00:00 GMT

Source: Listen to the episode

Brandon joined The CyberWire Daily Podcast to explore how space-based telecom architectures could play a critical role in securing agentic AI systems.

Darknet drug marketplace closed for business. (Source: The CyberWire Daily Podcast)

Mon, 16 Jun 2025 00:00:00 GMT

Source: Listen to the episode

In this conversation, Brandon Karpf warns that agentic AI systems—autonomous AI-to-AI networks communicating at machine speed—create profound new cybersecurity risks through exposed metadata, and suggests using the space segment as a secure relay layer to obscure organizational intent and protect digital infrastructure.

Key topics

Agentic AI risk picture: Karpf highlights that as AI models begin autonomously interacting via protocols like Anthropic’s Model Context Protocol (MCP), the real vulnerability shifts from data content to metadata leakage, which can reveal intent, strategy, and organizational behavior.
Metadata as intelligence: Through case studies (e.g., UC San Diego and Ben Gurion University), he demonstrates how adversaries can infer physical locations, activities, or even plaintext content solely from encrypted network metadata—posing new reconnaissance and espionage threats.
Space-based mitigation: He proposes routing enterprise network traffic through space-based telecommunications relays—using satellites as obfuscating intermediaries—to disguise metadata patterns and strengthen defenses against large-scale network analysis and reconnaissance attacks.

Brute force and broken trust. (Source: The CyberWire Daily Podcast)

Fri, 21 Mar 2025 00:00:00 GMT

Source: Listen to the episode

Brandon explains how the DoD’s new agile software acquisition reforms—and rapid iteration in satellite communications systems—could transform space-based telecom cybersecurity by enabling dynamic, “moving target” defenses that leverage the orbital network layer itself.

Key topics

DoD Software Acquisition Reform: The Pentagon’s new “Software Acquisition Pathways” directive introduces agile, iterative procurement—cutting development timelines (e.g., from 12 to 6 years) and encouraging early risk acceptance to accelerate modernization.
Software-Defined Warfare: Karpf connects agile development to the growing reality that modern military and commercial space systems are software-driven, cyber-enabled, and increasingly targeted by adversaries (over 120+ post-Viasat attacks in Eastern Europe).
Space as a Cyber Advantage: He proposes using low- and geosynchronous-orbit satellite networks to obscure communications endpoints—creating a “moving target defense” at the network layer that complicates adversary reconnaissance and strengthens telecom resilience.

Cracked and Nulled taken down. (Source: The CyberWire Daily Podcast)

Thu, 30 Jan 2025 00:00:00 GMT

Source: Listen to the episode

Brandon speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures, about the venture model, why it exists, how it works, and its impact.

Hacking the bureau. (Source: The CyberWire Daily Podcast)

Fri, 17 Jan 2025 00:00:00 GMT

Source: Listen to the episode

Brandon speaks with Maria Tranquilli, Executive Director at Common Mission Project, about the origins and impact of Hacking for Defense, and how universities can get involved.

Future-proofing finance: FS-ISAC’s blueprint for cryptographic agility. (Source: CyberWire Special Edition)

Tue, 31 Dec 2024 00:00:00 GMT

Source: Listen to the episode

Brandon sat down with FS-ISAC Chief Strategy & Innovation Officer Mike Silverman to unpack the Building Cryptographic Agility white paper and what financial institutions must do now to prepare for post-quantum threats.

Key topics

FS-ISAC’s Post-Quantum Cryptography Working Group lays out how to inventory algorithms, escrow keys, and prioritize crown-jewel datasets before quantum harvesters arrive.
Brandon and Mike translated the guidance into board-level milestones—data classification, crypto-agile architectures, and procurement playbooks that keep trusted payments moving.
They also highlighted talent and vendor governance gaps that still keep most banks from rotating algorithms at cloud speed.

When AI goes offline. (Source: The CyberWire Daily Podcast)

Thu, 12 Dec 2024 00:00:00 GMT

Source: Listen to the episode

Brandon speaks with Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper “Building Cryptographic Agility in the Financial Sector.”

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. (Source: CyberWire Special Edition)

Sun, 08 Dec 2024 00:00:00 GMT

Source: Listen to the episode

Brandon hosted author and advisor Dr. Bilyana Lilly to explore how her thriller “Digital Mindhunters” uses fiction to explain real AI-enabled information-warfare playbooks and the human choices that still shape deterrence.

Key topics

Russia’s campaign in the novel mirrors today’s blending of AI, HUMINT, and disinformation to fracture democracies.
A parallel Chinese plot reveals how election manipulation, data theft, and algorithmic propaganda can reinforce one another.
Dr. Lilly and Brandon discussed why storytelling remains a powerful way to coach CISOs and policymakers on the speed of hybrid conflict.

Mission possible? Navigating tech adoption in the DoD. (Source: CyberWire Special Edition)

Sun, 27 Oct 2024 00:00:00 GMT

Source: Listen to the episode

Brandon interviewed BMNT founder Pete Newell about “mission acceleration,” why defense innovation is a people problem more than a tech problem, and how to move operator-validated ideas through the Pentagon’s maze.

Key topics

Pete outlined how human-centered design and honest problem framing beat flashy prototypes when combat units need change fast.
Education gaps—especially around acquisitions and data rights—still keep many DoD teams from absorbing commercial tech.
Brandon pressed for pragmatic steps: embed venture coaches with program offices, give warfighters recurring reps articulating problems, and de-risk pilots with outcome-based metrics.

Steve Blank, national security, and the dilemma of technology disruption. (Part 2 of 2) (Source: CyberWire Special Edition)

Sun, 29 Sep 2024 00:00:00 GMT

Source: Listen to the episode

Brandon closed his two-part conversation with Steve Blank by focusing on how the Gordian Knot Center maps bureaucratic bottlenecks, mobilizes private capital, and helps the DoD out-innovate pacing threats like China.

Key topics

Steve detailed why America’s legacy acquisition system can’t absorb commercial disruption fast enough—and what to replace it with.
The pair outlined concrete fixes: empowered portfolio leads, mission-focused funding streams, and wargames that keep startups looped in.
Brandon pressed Steve on how to align Congress, venture investors, and combatant commands around common metrics for technology advantage.

Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2) (Source: CyberWire Special Edition)

Sun, 22 Sep 2024 00:00:00 GMT

Source: Listen to the episode

Brandon opened the series by having Steve Blank diagnose why the U.S. national-security enterprise struggles with disruptive tech, from China’s pacing advantage to the cultural antibodies inside large commands.

Key topics

Steve explained the “dilemma of technology disruption” and why bureaucracies default to incrementalism even when adversaries move exponentially.
They unpacked how outdated incentives, risk-aversion, and poor problem statements slow modernization across the services.
Brandon pushed for shared vocabulary and metrics so innovators, operators, and funders can finally be honest about what “innovation” should deliver.

The playbook for outpacing China. (Source: CyberWire Research Saturday)

Sat, 07 Sep 2024 00:00:00 GMT

Source: Listen to the episode

Brandon joined Research Saturday to sit down with Kevin Lentz of the Global Disinformation Lab and walk through a threatcasting report that maps how Indo-Pacific allies can counter China’s gray-zone cyber moves through 2035.

The impact of CISO Circles and cultivating a security culture. (Source: CyberWire Special Edition)

Sun, 01 Sep 2024 00:00:00 GMT

Source: Listen to the episode

Brandon brought together AWS’s Danielle Ruderman and Texas A&M CISO Adam Mikeal to show how CISO Circles turn peer mentoring into real security culture change across higher education and the enterprise cloud.

Key topics

CISO Circles provide off-the-record channels to swap ransomware playbooks, regulatory lessons, and hiring strategies without waiting for conferences.
Higher-ed institutions juggle student privacy, research IP, and legacy OT networks—making culture and executive sponsorship non-negotiable.
Brandon surfaced tangible actions: shared tabletop exercises, cloud identity baselines, and faculty engagement models that scale beyond a single campus.

From secret chats to public spats. (Source: The CyberWire Daily Podcast)

Mon, 26 Aug 2024 00:00:00 GMT

Source: Listen to the episode

Brandon speaks with Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Brandon spoke with Danielle and Adam at AWS’ re:Inforce 2024.

Quantum-proof and ready: NIST unveils the future of encryption. (Source: CyberWire Special Edition)

Sun, 25 Aug 2024 00:00:00 GMT

Source: Listen to the episode

Brandon sat down with NIST mathematician Dustin Moody to unpack FIPS 203–205, the first finalized post-quantum encryption standards, and what CISOs must do before quantum harvesters arrive.

Key topics

NIST’s new lattice-based key encapsulation and signature schemes are now ready for production deployments.
Moody and Brandon explained migration timelines, crypto-agility testing, and the role of the NCCoE playbooks.
Listeners got a prioritized to-do list: inventory algorithms, stage hybrid deployments, and brief execs on PQC procurement dependencies.

Cybersecurity on the ballot. (Source: The CyberWire Daily Podcast)

Tue, 20 Aug 2024 00:00:00 GMT

Source: Listen to the episode

Brandon speaks with CJ Moses, CISO at Amazon, about partnership and being a good custodian of the community in threat intel and information sharing at re:Inforce 2024.

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli. (Source: CyberWire Special Edition)

Sun, 28 Jul 2024 00:00:00 GMT

Source: Listen to the episode

Brandon interviewed Acting Navy CTO Justin Fanelli about the service’s Innovation Adoption Kit, what it takes to brief the Atlantic Council’s commission, and how to plug industry directly into fleet problem statements.

Key topics

The Navy is codifying repeatable intake pathways so good ideas no longer die between SBIR wins and operational deployment.
Fanelli emphasized cross-functional tiger teams, modern data rights clauses, and the cultural shift required to accept external code.
Brandon pressed for transparent industry engagement so startups know who owns the requirement, who signs the check, and how success will be scored.

Cybersecurity and Space with Brandon Karpf (Source: Inter Astra)

Tue, 14 May 2024 00:00:00 GMT

Source: Listen to the episode

Brandon joined Inter Astra to trace his journey from the Naval Academy to N2K and explain why the space sector must professionalize cybersecurity just as aggressively as launch and payload ops.

Key topics

Space missions depend on terrestrial telecom and cyber tooling, so defenders need shared doctrine before constellations scale further.
Brandon outlined integration challenges—from protecting TT&C links to securing intel-sharing workflows across allies and commercial crews.
The conversation ended with a call for intentional collaboration among operators, security teams, and investors to keep orbital assets safe for decades.

House Armed Services Committee concerned with state of Navy cyber readiness (Source: FedScoop)

Tue, 28 Jun 2022 00:00:00 GMT

Source: Read the article

Brandon was quoted in FedScoop’s coverage of House lawmakers forcing the Navy to stand up a dedicated cyber warfare designator after years of warnings that cryptologic structures weren’t delivering ready teams.

Key topics

The FY23 NDAA provision blocks the Navy from filling Cyber Mission Force billets with legacy cryptologic designators after June 2024.
Chairman Jim Langevin and other members argue that without a career field, institutional expertise atrophies before it reaches the flag level.
Brandon underscored why pairing congressional pressure with revamped talent pipelines is the only path to sustainable readiness.

Rethinking Navy Manpower In Light of the COVID-19 Response (Source: USNI Blog)

Tue, 24 Mar 2020 00:00:00 GMT

Source: Read the article

Brandon used the Navy’s COVID-19 posture as a live-fire experiment to show which manning, training, and equipping processes are truly essential—and which ones hemorrhage cyber talent.

Key topics

Pandemic-driven watch rotations and deployment pauses revealed bureaucratic steps that add delay without improving readiness.
The article called for leaner accession and training pipelines so cryptologic warfare officers aren’t sidelined when cyber billets open.
Brandon argued for data-driven force design that protects health, preserves operational tempo, and keeps cyber specialists in their lanes.

Train Navy Officers for Cyber Lethality (Source: USNI Proceedings)

Fri, 01 Feb 2019 00:00:00 GMT

Source: Read the article

Brandon’s USNI Proceedings article calls out the Navy’s lack of a tactical cyber career path and lays out a six-month training pipeline that would keep cryptologic warfare officers lethal.

Key topics

Cyber tours still don’t count as “tactical” billets, pushing top operators out of their specialty at the moment proficiency peaks.
Existing curricula devote only a week to cyber topics, leaving officers unprepared for U.S. Cyber Command and NSA assignments.
Brandon proposed a dedicated designator, new AQDs, and rigorous training modeled after the Air Force’s offensive cyber pipeline.