AI, geography, and the exposed infrastructure of the new intelligence age
Approximately three weeks ago, I wrote an essay titled “AI Has a Geography Now.” In it, I argued that advanced AI is no longer just a software story. It is increasingly shaped by land, energy, water, data centers, cables, substations, chips, legal jurisdictions, physical security, and war. The cloud, I wrote, does not float above the world. It has buildings. It has borders. It has failure points. It can be regulated, localized, attacked, disrupted, or denied.
That essay was about geography—the physical reality of where these systems reside.
This one is about exposure—the strategic consequences of that physical reality.
Because once AI has a geography, it also has a vulnerability map.
The more advanced AI becomes woven into finance, logistics, public administration, health systems, defense, communications, and emergency response, the less its infrastructure can be treated as ordinary commercial property. A data center may be privately owned, but the consequences of its failure may be public. A subsea cable may be laid by a consortium, but if it is cut, the effects may cross borders, markets, militaries, and governments. A cloud region may look like a business decision until it becomes a strategic dependency.
That is the next problem.
The cloud has no moat.
From Geography to Exposure
For years, we talked about the cloud as if it were abstract—borderless, weightless, redundant by default. But the AI age is making the cloud’s body visible. It sits on land. It draws from stressed grids. It depends on cooling systems, fiber routes, transformers, ports, permits, chips, security contracts, and political stability. It crosses national borders and international waters. It relies on infrastructure that is both civilian and strategic, both private and public, both local and global.
The strikes on AWS facilities in the UAE and Bahrain earlier this spring made that abstraction impossible to maintain [1]. They exposed something that had been easy to miss while AI was still mostly discussed in terms of models, benchmarks, and product releases: hyperscale data centers are no longer just commercial real estate. They are strategic assets [2]. Once compute becomes strategically important, location stops being a question of efficiency and starts becoming a question of security.
That shift reveals the anatomy of exposure. Advanced compute consumes enormous amounts of electricity, tying AI’s survival to regions with abundant, reliable, affordable power. Physical security dictates whether “always-on” AI remains dependable or becomes a liability. Legal borders can turn into operational chokepoints when data sovereignty rules prevent workloads from migrating during a crisis. For example, if a nation mandates that citizen health data cannot leave its borders, a local data center failure during a natural disaster could paralyze the medical system, as the workload cannot legally failover to a neighboring country’s servers.
Furthermore, capital and time mean that damaged infrastructure cannot be simply relocated or replaced. A damaged office can be vacated. A damaged inference cluster, with its custom cooling loops, hardened substations, and long transformer replacement timelines, becomes a multi-year reconstruction project.
The Anatomy of Vulnerability
This changes how we should think about infrastructure itself. For a decade, cloud resilience was measured in uptime percentages, redundancy zones, and cybersecurity playbooks. Those metrics still matter, but they no longer capture the full risk profile. In regions investing heavily in AI infrastructure, compute is beginning to look less like ordinary cloud capacity and more like part of the operational backbone of state power [3]. When inference runs payroll, triages patients, clears supply chains, or supports command systems, an outage is no longer a service interruption. It is a systemic stress test.
Compute continuity has stopped being a convenience and started being a matter of economic resilience and institutional stability [4]. In that sense, AI is beginning to look less like ordinary software and more like a utility. Not exactly like electricity or telecom, but close enough for the comparison to matter. Once a state or a corporation depends on uninterrupted AI services, the infrastructure underneath those services becomes strategic whether anyone wants to label it that way or not.
Exposure isn’t only physical. A second vulnerability is model integrity: poisoning attacks, manipulated training inputs, and corrupted information environments can create quiet instability [5]. A system does not have to be visibly hacked to become less trustworthy. It can be gradually contaminated, often by corrupting what flows into it.
These dual vulnerabilities—the physical fragility of the hardware and the subtle corruption of the software—create a compounding risk. When physical disruption meets compromised integrity, the resulting instability is not just a technical failure; it is a strategic crisis.
When Compute Becomes Critical
This creates a structural mismatch that we are still learning how to navigate. A data center may be privately owned, optimized for latency, cost, and shareholder return. But if it supports financial clearing, hospital diagnostics, national logistics, public administration, or defense planning, its failure is no longer merely a private outage. The consequences spill across markets, militaries, and governments.
We are entering an era of dependency without control. States may find themselves relying on systems built elsewhere, hosted elsewhere, governed elsewhere, and only thinly understood at home. That dynamic does not produce trust. It produces vulnerability [6]. And vulnerability, when concentrated in critical infrastructure, becomes a national security question by default.
The trust problem is no longer just about whether a model hallucinates or whether a company publishes a transparency report. Those things still matter. They are just no longer the whole picture. Now trust also means trusting the infrastructure, the legal environment, the security posture, and the information environment surrounding the model. Can this country host AI safely? Can the infrastructure survive disruption? Can regulators, firms, and the public verify what is happening? When the answer to any of those questions is uncertain, the cloud ceases to be a neutral platform. It becomes a geopolitical variable.
The emerging map is being redrawn by competing pressures: technological rivalry across the full AI stack, the race to pull third countries into rival ecosystems, rising exposure of strategic regions to conflict, and regulatory fragmentation that forces different compliance models for different jurisdictions [7]. Geopolitics no longer just shapes AI policy around the edges. It is increasingly deciding who hosts AI, who governs it, and who can safely depend on it.
The Coordination Gap
That brings us to the coordination gap. No single actor owns the whole risk.
Cloud providers design and deploy capacity, while governments regulate, permit, and occasionally subsidize. Militaries increasingly depend on commercial compute but lack doctrine for its defense. Utilities power the facilities but operate on different reliability standards. Cable consortia lay the subsea arteries, yet they must coordinate across private equity and multinational jurisdictions. Insurers attempt to price the risk, and navies may eventually have to protect the routes. Meanwhile, regulators fragment the legal landscape as investors demand rapid deployment.
We are asking market-driven timelines to outpace state-level protection doctrines. They won’t. The institutions that govern energy grids, telecom resilience, defense planning, and critical infrastructure protection were built for slower, more predictable threats. They were not designed for intelligence infrastructure being assembled deal by deal, cable by cable, chip shipment by chip shipment, data center by data center.
Humanity is trying to build a planetary nervous system with the political habits of a food court. Behind the joke is a serious institutional problem: we are trying to achieve civilization-scale coordination using systems optimized for rivalry, bargaining, delay, secrecy, profit, and national advantage. That is not just ironic. It is structurally dangerous.
The protection gap is widening in real time. We are building the infrastructure of intelligence faster than we are building the legal, military, and diplomatic doctrine needed to protect it. Treaties governing undersea cables are outdated. Insurance models cannot accurately price coordinated physical and cyber disruption. Cross-border data sovereignty rules make crisis migration legally treacherous. And no mature international framework exists to define what constitutes an acceptable strike against, or defense of, commercial compute facilities that simultaneously serve civilian and military functions.
Actors are already building workarounds. Edge AI and smaller models reduce dependence on centralized facilities. Decentralized networks attempt to route around vulnerable infrastructure. But these are not clean escapes from geography. They are evidence of it. They show that actors are already paying real costs to reduce their exposure to geographic constraint.
If this trajectory continues, AI may not remain meaningfully global. It may fragment into zones: secure and well-provisioned, dependent and politically exposed, and intermediate areas trying to reduce reliance without full autonomy [8]. The key contest is shifting from access to models to access to assurance [9].
The Question of Protection
The cloud is physical now. The physical can be disrupted. The disrupted can cascade. And nobody has fully answered who is responsible for preventing that.
We are building the future on a foundation we cannot yet protect. The cloud has no moat. And if intelligence now depends on exposed infrastructure, the next question is not only who builds it, but who protects it. Where the physical and digital meet, chokepoints are forming. The subsea arteries, the semiconductor supply chains, the energy corridors, the lithography bottlenecks, the ports, and the sovereign compute stacks are already hardening into pressure points.
The next essay in this series will trace those pressure points. Because once you see the map of exposure, you begin to see where the leverage lies. And in the intelligence age, leverage is no longer just about who has the smartest model. It is about who controls the ground the intelligence stands on.
References
[1] Faye Simanjuntak, “Iran Is Hitting Data Centers in the Gulf. It’s Strategic,” Asia Society Policy Institute, April 1, 2026.
[2] Oliver Jabbour, “When data centres become targets: It’s time to treat AI infrastructure as critical infrastructure,” World Economic Forum, April 2, 2026.
[3] Andrea Benito, “AI infrastructure investment in the Middle East enters a new geopolitical reality,” Computer Weekly, March 24, 2026; Oliver Jabbour, “When data centres become targets: It’s time to treat AI infrastructure as critical infrastructure,” World Economic Forum, April 2, 2026.
[4] Oliver Jabbour, “When data centres become targets: It’s time to treat AI infrastructure as critical infrastructure,” World Economic Forum, April 2, 2026; Economist Impact, “Foundations at Risk: Building Resilient Digital Infrastructure,” accessed April 17, 2026.
[5] Atlantic Council experts, “Eight ways AI will shape geopolitics in 2026,” Atlantic Council, January 15, 2026.
[6] Talita Dias, “Closing the AI Assurance Divide: Policy Strategies for Developing Economies,” Partnership on AI, February 18, 2026.
[7] Aryamehr Fattahi, “Global Fragmentation of AI Governance and Regulation,” Bloomsbury Intelligence and Security Institute, January 30, 2026; “How the world can build a global AI governance framework,” World Economic Forum, November 10, 2025.
[8] Michael Muthukrishna and Philip Schellekens, “The Next Great Divergence: How AI could split the world again if we don’t intervene,” Brookings Institution, January 8, 2026; “The political geography of AI infrastructure,” Oxford Internet Institute, University of Oxford, accessed April 17, 2026; Doug Specht, “The geopolitical fragmentation of artificial intelligence,” Geographical, January 19, 2026.
[9] Talita Dias, “Closing the AI Assurance Divide: Policy Strategies for Developing Economies,” Partnership on AI, February 18, 2026.