Your GPU Cluster Is a Military Target Now

Iran has already fired missiles at AWS and Oracle data centers. Not cyberattacks. Ballistic missiles. The targets were in the UAE and Bahrain, and the rationale was straightforward: AI data centers are large, fixed, impossible to hide, and a single strike cascades through multiple economic and military sectors simultaneously. Your training cluster was never designed to survive a war. Now it might have to.

This is not a theoretical threat. The West Point Modern War Institute published an analysis this month arguing that AI-driven data centers are emerging as a new class of strategic military terrain. And the first shots have already been fired.

The Physics Make Them Targets

Traditional data centers prioritized redundancy and latency. AI data centers are built for power density, and that redesign makes them uniquely vulnerable to physical attack.

A single large-scale AI training run can require a gigawatt of power, roughly the output of a nuclear reactor. This drives the construction of "digital megacampuses": vast, geographically concentrated facilities impossible to disperse or camouflage. Unlike traditional cloud regions that spread load across dozens of sites, AI training demands physical colocation of tens of thousands of GPUs, creating single points of failure measured in square miles.

AI data centers also rely on local power grids and water supplies for cooling. A strike that disables the grid or water treatment plant can knock out the facility without ever hitting the building. Some large-scale AI campuses draw up to five million gallons of water per day, according to industry estimates. Cut the water, and the GPUs overheat. Cut the power, and the training run dies. Either way, the model stops learning.

The shift from 5MW data centers to 500MW+ AI campuses changes the threat calculus entirely. Defense planners now classify these facilities as "key terrain" in future conflicts. In the Indo-Pacific, new AI hub construction in southern Taiwan and Johor, Malaysia creates alternative leverage points for China beyond traditional invasion scenarios.

If your model training relies on a facility that consumes a gigawatt in a region within missile range of a hostile actor, what is your continuity plan when the missiles fly?

The First Strikes Have Already Happened

This immense concentration of power and strategic value is exactly why military adversaries now view these facilities as high-priority targets. We are past the theoretical phase. Nation-states have already demonstrated they will physically strike AI infrastructure.

Iran conducted retaliatory missile and drone strikes against three AWS data centers in the UAE and Bahrain after the February 2026 US-Israel attack on Iran's military leadership. A month later, an Oracle data center in Dubai was damaged in another attack. Iran then declared eighteen major technology companies legitimate military targets, including AWS, Microsoft, Meta, Google, and Oracle. These were not precision cyber operations. They were kinetic, physical attacks with the explicit goal of degrading adversary AI capability.

The targets were chosen because destroying them compounds damage across military, economic, and intelligence sectors simultaneously. AWS and Oracle had invested billions in these facilities. Recovery timelines were measured in months, not hours.

The cybersecurity industry has spent a decade building zero-trust networks and encrypted pipelines to protect AI infrastructure from hackers. Meanwhile, the actual threat turned out to be ballistic missiles. We optimized for the wrong adversary.

What This Means for Engineers Who Build AI Systems

Geopolitical physical security is now a design constraint for AI infrastructure, becoming as fundamental as latency and cost have always been.

Geographic diversification of training clusters is no longer just about latency or regulatory compliance. It is about kinetic survivability. Multi-region training pipelines with checkpointing to geographically separated storage become resilience requirements, not nice-to-haves. The economics of centralized megacampuses are being challenged by the physics of their vulnerability.

Smaller, dispersed inference nodes may become preferable to monolithic training farms precisely because they present less targetable mass. The APNIC Blog's analysis on rethinking vulnerability management in AI and CI/CD adds another layer: if your deployment pipeline depends on a single physical facility, your CVE posture is irrelevant when the facility ceases to exist.

Engineers should begin treating physical infrastructure risk the same way they treat supply chain risk: map it, diversify it, and assume the worst-case scenario is cheaper to mitigate than to recover from.

The People Building the Targets Are Not Allowed to Say They Are Targets

Here is where it gets ugly. The same companies whose facilities were already struck by missiles are the ones aggressively expanding their data center footprints. AWS, whose UAE centers were hit in February, continues building. Oracle, whose Dubai facility was damaged a month later, continues building. The internal incentive structure rewards growth metrics and punishes risk warnings.

When your bonus depends on landing the next megacampus contract and your career depends on not asking whether that megacampus is inside missile range, you do not ask. The result is a culture where the people best positioned to understand the vulnerability are the least empowered to act on it.

AI infrastructure security is no longer a DevOps problem. It is a national security problem that landed on the desk of engineers who were never trained to think about missile ranges and power grid fragility.

You do not have to be a defense contractor for this to matter. If your training cluster runs in a facility that could be on a target list, your deployment strategy has a blind spot no firewall can patch.