The most important AI infrastructure is built for business, not war – EUobserver

AI For Business


The infrastructure decisions Western allies make this summer will shape the next decade of alliance defense.

When NATO leaders meet in Ankara next Tuesday and Wednesday (July 7-8), Iran and Ukraine will dominate the agenda.

But AI is a timely issue for trust across the Alliance. In June, the U.S. government ordered American AI giant Anthropic to restrict foreigners’ access to its most capable models overnight, citing national security concerns.

This sends a clear message to NATO that Washington will treat its most powerful AI models as national security assets. Frontier general-purpose models are essential to cutting-edge cyber defense, and NATO is beginning to embed AI at the core of command through decision support tools for commanders.

Without access to frontier models, NATO countries face growing asymmetries in cyber defense and broader defense intelligence capabilities across the alliance.

Only a handful of countries, and perhaps only the United States, can build AI models that are at the forefront of most areas.

China is unable to keep pace under strict U.S. export controls on cutting-edge chips, and Europe’s most prominent competitor, France’s Mistral, is likely to remain a follower to the frontier, similarly constrained by computing power and capital.

How to ensure access to the best models for defense and security is a fundamental question for NATO allies. The G7 is already negotiating a “trusted partners” agreement that would guarantee like-minded countries access to the U.S. frontier model.

But access is only part of the story.

Running one of these models means sending sensitive government workloads to the location where they are delivered. European governments require data to be kept at home, and the proposed Cloud and AI Development Act would strengthen this by pushing Europe’s most sensitive workloads to run only on European-run infrastructure.

The United States would make similar demands in reverse, insisting that its top-of-the-line models run on infrastructure it controls. Even in the absence of such constraints, developers themselves require top-of-the-line security to protect their most sensitive intellectual property, the weight of their models, from theft.

5 security levels

RAND ranks the security of AI on five levels. The top level is intended to stop even nation-states from stealing models. This requires facilities built with security in mind from day one, including strong physical protection, staff screening, and a reliable supply chain. No developer will deliver the best model from a data center that cannot meet these high standards.

Therefore, any Ally that wants to host a Frontier model, whether made in the United States or a comparable model built in Europe in the future, will need a dedicated high-security site shared within the country or across the Alliance.

Building and certifying these sites is expensive.

Most allies do not have such infrastructure. NATO operates air-gapped clouds for classified operations, and Canada and others are building capacity for sovereign data centers, but these are likely to remain too small to service, let alone build, the most compute-intensive frontier models.

Europe’s public-private AI gigafactory, albeit late, could be large enough to train models just behind the fringes, but its security classification is not yet set. Whether access to the best models creates defense asymmetries, and what infrastructure this depends on, is a question that brings NATO allies to the table as allies.

Next is cost.

At the Hague summit, allies agreed to spend 5% of GDP, 3.5% on core defense and 1.5% on critical infrastructure and resilience. In any case, it’s easy to argue that public money shouldn’t fund what private capital builds. Global data center investment is on track to exceed $1 trillion [€873bn] By 2026, it will be a number that any government can match.

not available on the market

Governments are needed when markets are not sufficiently resilient.

Data centers are most often not built to withstand hostile attacks, and the Iranian drone that attacked Amazon’s strongholds in the Gulf showed that the threat is no longer hypothetical. Cybersecurity incidents are also on the rise and tend to target data center power and cooling systems and their interface with the grid.

Grid resilience has traditionally been a national responsibility, and that responsibility also extends to protecting allies when they pursue shared projects that span multiple countries.

NATO should align resilience and defense investments and adopt best-in-class common security standards, where appropriate, especially for jointly operated facilities.

Most data centers can be clearly categorized by who uses them. However, the frontier model’s enhanced sites introduce ambiguity.

It’s expensive, potentially half-used, and looks like a commercial asset doing defense work, so who manages it matters as much as who pays for it.

It appears to belong to the 3.5% core defense budget, but allies may not agree and the civil defense line is not as clean as the budget division envisions.

The busy agenda in Ankara may not resolve the issue. But the choices Allies make now will shape NATO’s shared resilience and defense infrastructure for the next decade.

This is something we must solve together as allies, not each capital alone.



Source link