How many AI incidents have been documented in National Security?

TopAIThreats has documented 35 incidents affecting this sector. 91% are classified as high or critical severity.

AI Threats to National Security

How AI-enabled threats affect national security — through state-sponsored disinformation, AI-powered espionage, autonomous weapons proliferation, cyberattacks on government networks, and strategic competition dynamics.

35 Incidents

91% High / Critical

8 Systemic Risk

Systemic Risk (8) Privacy & Surveillance (8) Discrimination & Social Harm (5) Information Integrity (5)

AI-enabled threats to national security include state-sponsored disinformation campaigns targeting elections and public trust, AI-powered cyber espionage by state actors, autonomous weapons proliferation with insufficient human control, AI-assisted military targeting errors, and strategic competition dynamics where capability extraction undermines technology restrictions. These threats affect government agencies, defense organizations, intelligence services, election infrastructure, and international security dynamics.

National security faces the broadest threat surface of any sector because governments are simultaneously targets of AI-powered attacks, deployers of high-consequence AI systems, and regulators responsible for governing AI across all sectors. The vast majority of documented incidents are classified high or critical severity. Failures in this domain can destabilize democratic processes, escalate international conflicts, and affect entire populations.

Use this page to brief leadership, inform national security risk assessments, and explore documented incidents affecting government and defense operations.

Who this page is for

Defense strategists and military AI planners

Intelligence analysts and national security advisors

Election officials and election security teams

Senior government decision-makers and policy advisors

International security and arms control specialists

At a glance

Severity profile: Over 90% of documented incidents classified high or critical severity. Privacy & Surveillance and Systemic Risk are the most frequent primary threat domains.

Primary threats: State-sponsored AI disinformation, AI-powered cyber espionage, autonomous weapons proliferation, election manipulation, strategic AI competition

Key domains: Privacy & Surveillance, Systemic & Catastrophic, Information Integrity, Security & Cyber

Regulatory exposure: EU AI Act (prohibited/high-risk categories), Executive Orders on AI, NATO AI principles, LAWS conventions

How AI Threats Appear in National Security

National security AI risks cluster around five recurring threat patterns, each documented through real-world incidents in the TopAIThreats database.

Recurring AI threat patterns in national security
Threat Pattern	Primary Domain	Key Indicator
State-sponsored disinformation	Information Integrity	AI-generated synthetic media targeting elections, policy debates, or public trust
AI-powered cyber espionage	Security & Cyber	State actors using AI for automated intelligence collection and network exploitation
Autonomous weapons risk	Systemic & Catastrophic	Lethal systems with insufficient human control over targeting decisions
Military AI decision support	Human-AI Control	AI systems influencing targeting, threat assessment, or strategic decisions without adequate human oversight
Election infrastructure manipulation	Information Integrity	AI-generated robocalls, deepfakes of officials, and synthetic content targeting democratic processes

State-sponsored disinformation — AI-generated disinformation campaigns using synthetic media, deepfakes, and AI-authored content to manipulate public opinion, undermine elections, and erode institutional trust. State actors leverage AI to produce disinformation at scale across multiple languages and platforms, as documented in Romania’s election annulment due to AI-amplified manipulation.
AI-powered cyber espionage — State-backed threat actors weaponizing AI for automated reconnaissance, social engineering, and network exploitation. The state-backed hackers weaponizing Gemini incident showed intelligence services from multiple nations using AI to enhance espionage tradecraft.
Autonomous weapons risk — Development and deployment of lethal autonomous weapon systems with insufficient human control over targeting and engagement decisions, creating risks of unintended escalation and civilian harm, as seen in the Libya autonomous drone attack.
Military AI decision support — AI systems influencing targeting, threat assessment, and strategic decisions where automation bias can reduce human judgment in life-or-death contexts. The US military AI targeting school strike illustrates the consequences of AI-influenced targeting.
Election infrastructure manipulation — AI-generated content targeting democratic processes, from deepfake robocalls impersonating political figures to synthetic media campaigns designed to suppress voter turnout or discredit candidates.

Strategic competition dynamics

AI creates national security risks that operate at the intersection of technology and geopolitics:

AI-enabled intelligence operations — Adversaries using AI for automated open-source intelligence collection, pattern-of-life analysis, and social engineering of government personnel
Critical infrastructure targeting — AI-augmented cyberattacks against government networks and critical systems, including AI-morphed malware that evades traditional detection
Arms race dynamics — Competitive pressure to deploy military AI without adequate safety testing, driven by perceived adversary capabilities

Relevant AI Threat Domains

Information & influence threats

Information Integrity — Disinformation campaigns, synthetic media manipulation, and consensus reality erosion threatening democratic discourse and public trust in institutions

Cyber & technical threats

Security & Cyber — AI-morphed malware, automated vulnerability discovery, adversarial evasion targeting government networks, and model inversion and data extraction enabling adversaries to extract sensitive data from AI systems

Autonomous systems & control

Agentic Systems — Goal drift in autonomous defense systems
Human-AI Control — Automation bias in military and intelligence decision-making and loss of human agency in high-consequence government operations

Systemic & catastrophic risks

Systemic & Catastrophic — Lethal autonomous weapon systems, AI-assisted biological threat design, and infrastructure dependency collapse

What to Watch For

These are the most critical warning signs that national security organizations should monitor for AI-related risks, with actionable guidance for each.

AI-generated content targeting elections or policy debates — What election officials and communications teams can do: Deploy AI-generated text detection and deepfake detection for content targeting government communications channels. Establish rapid-response protocols for synthetic media incidents.
State-sponsored AI cyber operations escalating in sophistication — What CISO and cyber defense teams can do: Monitor for AI-enhanced phishing, automated vulnerability scanning, and polymorphic malware. Red team defense AI regularly against state-level threat scenarios.
Military AI deployed without adequate human oversight frameworks — What defense leadership can do: Ensure all AI systems involved in targeting, threat assessment, or engagement decisions maintain meaningful human control. Require testing against adversarial scenarios and edge cases before operational deployment.
AI capability proliferation undermining technology restrictions — What policy teams can do: Monitor model distillation and extraction activities, as documented in the Chinese labs Claude distillation attacks. Coordinate with industry on detection and prevention.

Protective Measures

Detection & awareness

Detect disinformation — AI-generated text detection and content provenance and watermarking help identify AI-generated disinformation. The guide to detecting AI-generated text covers detection methodologies.
Detect deepfakes — Deepfake detection tools identify synthetic media in political and governmental contexts. See the guide to detecting deepfakes.

Testing & assurance

Red team defense AI — Red teaming for AI systems probes defense and intelligence AI for adversarial vulnerabilities. The AI red teaming guide provides structured methodologies for government contexts.
Design human oversight — Human oversight design frameworks maintain meaningful human control over high-consequence government AI decisions.

Questions national security leaders should ask

“Which AI systems used in our defense and intelligence operations influence targeting, threat assessment, or strategic decisions?”
“What protocols exist for responding to AI-generated disinformation targeting our elections or government functions?”
“How do we ensure meaningful human control over autonomous systems, particularly those with kinetic capabilities?”
“What is our posture against AI-enabled cyber operations, and are we testing against state-level adversaries?”

Regulatory Context

EU AI Act (entered into force August 2024, high-risk provisions apply from August 2026) — Prohibits AI social scoring by public authorities. Classifies migration, border control, and critical infrastructure AI as high-risk. Military AI is largely excluded from scope.
NIST AI RMF (version 1.0, January 2023) — Provides the foundation for US government AI risk management, referenced in Executive Orders on AI safety and governance
ISO/IEC 42001 (published December 2023) — Offers an AI management system framework applicable to government procurement and deployment of AI systems

Government AI governance is shaped by executive orders, legislative action, and international agreements. NATO’s principles of responsible use of AI in defence, the Political Declaration on Responsible Military Use of AI, and ongoing LAWS negotiations at the UN Convention on Certain Conventional Weapons all influence the policy landscape. Agencies should anticipate growing requirements for algorithmic impact assessments, procurement standards, and public transparency.

Documented Incidents

Based on incident analysis, national security is the most frequently affected sector, with threats spanning Information Integrity (disinformation targeting democratic processes), Security & Cyber (state-sponsored cyber operations), and Agentic Systems (autonomous weapons and military AI deployment).

35 documented incidents in this sector — showing top 10 by severity

ID	Title	Severity
INC-26-0029	US Military AI Targeting Platform Fed Stale Data Contributes to Strike on Iranian Elementary School	critical
INC-26-0028	Anthropic Blacklisted by US Government After Refusing Autonomous Weapons and Mass Surveillance Contracts	critical
INC-26-0034	OpenAI Pentagon Contract Triggers #QuitGPT Movement with 295% Uninstall Surge and 2.5 Million Participants	critical
INC-26-0036	MizarVision Chinese AI Startup Publishes Real-Time US Military Intelligence via Satellite Imagery	critical
INC-26-0035	Grok AI Integrated into Pentagon Military Networks During CSAM Scandal	critical
INC-26-0052	ICE Deploys Warrantless AI Surveillance Combining Palantir, Clearview, Iris Scanning, and Phone Hacking	critical
INC-25-0033	Jailbroken Claude AI Used to Breach Mexican Government Agencies	critical
INC-25-0001	AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure	critical
INC-25-0032	DOGE Uses ChatGPT to Flag and Cancel Federal Humanities Grants	critical
INC-24-0013	Romania Presidential Election Annulled After AI-Enabled Manipulation	critical

View all 35 incidents →

For classification rules and evidence standards, refer to the Methodology.

→ Explore AI Threat Domains

→ View documented Incidents

Last updated: 2026-04-07 · Back to Sectors