AI Sovereignty Makes Data Centers Strategic Targets for Cyber Operations

AI sovereignty is no longer an abstract policy goal; it is anchored in concrete infrastructure. The model presented by Maryland and Sandia maps the essential inputs—accelerators, power, water, data sets, and talent—to a nation’s compute capacity measured in zettaFLOPS. By translating abstract capability into cabinet‑level specifications, the study highlights how a single data‑center building can embody a country’s AI power, making it a visible target for rival states seeking to erode that advantage.

The paper identifies two families of degradation levers. Kinetic options, such as the 2026 Iranian drone attacks on Amazon facilities in the Gulf, demonstrate that inexpensive missiles or UAVs can physically disable sites that house hundreds of megawatts of power. In the cyber realm, data‑poisoning attacks require only a modest number of malicious samples to corrupt a large‑language model during training, while supply‑chain interference with foreign AI chips can starve a nation of critical hardware. Both approaches allow adversaries to inflict damage with plausible deniability and minimal collateral.

For policymakers and enterprise leaders, the findings signal a need for layered resilience. Diversifying chip sources, hardening cooling and power controls, and embedding robust verification into training pipelines can mitigate many of the identified risks. Moreover, strategic siting—potentially dispersing compute across multiple, less conspicuous facilities—reduces the attractiveness of any single target. As AI becomes a dual‑use technology underpinning defense, finance, and health, safeguarding the physical and digital foundations of compute will be as vital as protecting the algorithms themselves.