Before dawn on March 1, 2026, Iranian Shahed 136 drones struck two Amazon Web Services data centers in the United Arab Emirates. A third facility in Bahrain went dark hours later. By April, an Oracle data center in Dubai was burning. AWS issued hard down declarations across multiple availability zones. Abu Dhabi Commercial Bank, Emirates, NBD, Careem, Snowflake, and a dozen other platforms flatlined. Banking apps refused to load, payment rails froze, and every organization whose AI infrastructure sat on those servers lost its decision-making capability the exact moment it mattered the most.
It’s not a geopolitical story, or a war report dressed as a technology story. This is an AI story that most technologists struggle to come to terms with. The redundancy promise of cloud AI was a lie not by design, but by geography. The entire cloud resilience model rests on one assumption: that failures will be isolated. When a server fails, traffic reroutes, and when zones fail, other zones carry the load. AWS built ME-CENTRAL-1 with three zones simultaneously. The redundancy model did not account for an adversary targeting the region, or the rack. When multiple zones in a single geography absorb physical strikes at once, every SLA written around 99.99% uptime becomes worthless.
What Iran’s attacks on data centers teaches us about cloud exposure
With the cloud, commercial and military infrastructure merged years ago and that bill arrived in March when IRGC stated explicitly that it targeted the Bahrain facility to identify the role of data centers in supporting US military and intelligence activities. The US Pentagon runs workloads on AWS, using Anthropic’s Claude hosted on AWS for intelligence assessments and target identification. The boundary between a bank’s payment processor and a military intelligence platform now runs through the same server room in the same building at the same address. When these data centers were struck, the loss value was stark: $2 trillion in Gulf AI investment was disrupted using a drone costing less than a used car.
The war is opening the world’s eyes to the reality of how every organization parks critical workloads on a hyperscaler. It’s precisely why Iran’s target list includes Nvidia, Microsoft, Apple, Google, Meta, Oracle, Intel, IBM, Cisco, Dell etc.
What does this mean for businesses and critical infrastructure organizations?
Ask any CTO the right question. “If your cloud vendor suspended service tomorrow, under sanctions, under strike, or under political pressure, how long would your organization take to make a single AI-assisted decision?” Most CTOs can’t answer this question and the recent war has taught us that such silence is a major vulnerability.
What organizations really need is AI sovereignty. This means full operational capability when the network fails, when sanctions land, or when a foreign vendor receives a call from its government and compliance overrides your contract. It calls for AI that runs inside your walls, on your hardware without a network request leaving the building. Airgapped, private AI is not a niche military requirement but a basic enterprise one.
CTOs must pay attention to what sovereignty actually demands
Often, the word private is cheapened. A vendor who hosts your data in a dedicated cloud partition calls it private AI and sells the same vulnerability under a different label. Private, in the context of the attacks on data centers means that no request leaves the building, not for inference, not for model updates, or for logging. The moment a packet touches a foreign network, organizations surrender control.
Control is what sovereignty means and building that capability requires solving four problems simultaneously. Most CTOs solve one, which is the hardware problem because AI inference at enterprise scale demands purpose-built compute. Running LLMs on general purpose servers produces two failure modes: slow throughput and too high a cost to sustain it. The hardware must be designed for the workload. Adapting the workload to commodity hardware is a concession that degrades both performance and the security posture.
The second one is the orchestration problem. A sovereign AI deployment that requires a human to prompt a model is not an AI deployment. It is an expensive calculator. Sovereign AI means autonomous systems that ingest data, reason across it, make decisions and execute tasks without a human in the loop at every stage. An enterprise that runs on 80 or more purpose-built agents across finance, legal, IT, HR, supply chain and more, all operating on prem, on hardware it owns, executes the full-breadth of decision making without a single packet leaving its network. The capability threshold that matters most is not, “Can we run a chatbot offline?” but “Can we run our AI operations offline?”
Third comes the cost problem. Cloud’s perpetual billing model conceals its true cost until the contract renews. On-prem sovereign AI carries a fixed capital cost and delivers a lower total cost of ownership than equivalent cloud AI deployments. This is a direct consequence of eliminating per-token fees, egress charges, and the premium hyperscalers embed for the illusion of elasticity. Sovereignty costs less because the cloud’s pricing model is based on things organizations don’t calculate like usage, hidden costs, and more importantly the cost of being attacked.
Finally, it is the resilience problem. None of the above matters if a system requires connectivity to function. Air-gapped architecture means the full AI stack including the models, orchestration and agent execution run entirely on local infrastructure. Even when the network goes down, sanctions are imposed, territorial conflicts emerge, a vendor gets nationalized, etc., the system runs. This is the only architecture that answers the question March 1 made unavoidable, “What happens to your capability when external pressure peaks?”
For organizations running sovereign AI on hardware, with agentic systems operating inside their own walls, nothing happens because decisions keep flowing, the organization stays functional at the exact moment its cloud-dependent competitor calls an emergency board meeting to explain why the AI went dark.
Here’s the new infrastructure calculus:
Every organization today carries two categories of risk. First, there's the risk of moving too slowly on AI adoption and adoption of infrastructure that a foreign government, adversary or vendor compliance can switch off in one afternoon. Second, is the risk that has existed since the first enterprise signed a hyperscaler contract that the current war made undeniable. AI infrastructure can become wartime casualties. Organizations that treat this as a wake up call and move critical AI workloads onto sovereign, air-gapped, purpose-built infrastructure will stay resilient through the vagaries of conflict. The rest will keep renegotiating contracts with vendors who, the moment the government calls, put compliance ahead of your business continuity.
