I recommend that course participant's are already familiar with the basics of AI and key conceptual issues. For those seeking a stronger foundation, consider:

• BlueDot Impact's fantastic courses.

The Contemporary Security Environment

Overview: Develop an understanding of today’s blurred peace–war continuum and how persistent, low-intensity operations shape strategic advantage. Without grasping the modern threat landscape, we cannot craft an AI defence strategy that is fit for purpose.

Modern conflict is not black-and-white peace or war, but an “active, adversarial security environment” in between. Great powers and other actors continuously compete below the threshold of open war, using cyber intrusions, information campaigns, economic coercion, and proxy forces. This week examines how such gray-zone competition erodes the traditional peace/war dichotomy. We will explore why situational awareness – timely, integrated understanding of threats – underpins all domains of military and national power. In an era when geopolitical rivalry is persistent and adversarial by default, maintaining awareness and preparedness is critical to avoid strategic surprise. Participants will learn to characterise this environment and appreciate how surveillance, intelligence, and foresight enable more effective integrated campaigning. We also survey major trend reports to 2055 to understand the forces (e.g. great-power resurgence, tech proliferation, climate/security linkages) shaping the future security context. 

Learning Objectives:

• Characterise the “active, adversarial security environment.” Describe how the traditional line between peacetime and wartime has blurred. Understand concepts like the competition continuum – continuous rivalry ranging from cooperation to competition below armed conflict to full conflict – and how adversaries operate in the gray zone. Identify examples of hybrid operations (cyberattacks, election meddling, economic warfare) and explain their strategic impact over time.

• Grasp how situational awareness underpins all domains of integrated campaigning. Recognise that in this 24/7 competitive space, persistent situational awareness is essential. This means monitoring threats across land, sea, air, space, cyber, and information domains in real time. Understand how better awareness (through intelligence, AI surveillance, etc.) enables a state to prevent or pre-empt adversary moves rather than just reactjcs.mil. Appreciate the role of AI in enhancing situational awareness (e.g. AI for intelligence analysis and early warning) and the challenges therein (e.g. deepfake misinformation clouding awareness).

Readings:

• “Situational Awareness: The Decade Ahead” – Leopold Aschenbrenner (2023). Essay series (State of AI). An analysis of upcoming geopolitical AI challenges, arguing that leading AI labs have treated security as an afterthought, effectively “handing the key secrets for AGI to the CCP on a silver platter”. This piece highlights why national security communities must wake up to AI risks and the need for vigilance. (Focus on sections about state-actor threats to AI labs and why awareness/anticipation of AI developments is vital.)

• Global Strategic Trends to 2055 – UK Ministry of Defence (2024). Foresight report (GST7). Offers a comprehensive look at the future strategic context. Identifies key drivers (e.g. global power competition, demographic pressures, climate change) and underlying trends likely to shape the world to 2055. Emphasises increasing ambiguity, complexity and volatility in international security. (Skim the “Key Drivers of Change” and summary sections to ground yourself in macro-trends and the expected security environment in which AI will evolve.)

• Joint Concept for Integrated Campaigning: Competition Continuum – US Department of Defense (Joint Doctrine Note 1-19, 2019). Introduces the competition continuum model that replaces the obsolete peace/war binary. Explains how the U.S. military envisions campaigning through cooperation, competition below armed conflict, and armed conflict, all potentially occurring simultaneously. Highlights the importance of aligning military and non-military instruments across this continuum. (Read the introduction and summary of the competition continuum concept to understand doctrinal thinking on persistent competition.)

• “Artificial Intelligence and International Security” – Michael Horowitz et al. (CNAS report, 2018). An overview of how AI is poised to transform national security. Discusses applications of AI in defense, intelligence, cybersecurity, and how AI might disrupt the offense-defense balance. Stresses that nearly every aspect of security could be affected by AI, from intelligence analysis to autonomous weapons. (Focus on the sections outlining potential security implications of AI – this provides baseline context for why AI matters in the security environment.)

• “AI, International Security, and the Risk of War” – Brookings (O’Hanlon, 2024). A commentary on how AI might increase risks of interstate war. Argues that wars often occur when aggressors feel new tech gives them a quick, decisive advantage, and cautions that AI could feed such dangerous perceptions. Also discusses the need for US–China caution. (This recent piece will get you thinking about how AI could inadvertently spark conflict and the importance of managing great-power competition in AI.)

INTEGRATED CAMPAIGNING

Overview: Dive into “whole-of-government” power projection across all domains – land, sea, air, space, cyber, and the information space – and see how AI can augment these efforts. 

Integrated campaigning means orchestrating diplomatic, informational, military, economic, and other tools in concert to achieve strategic goals. AI is becoming a force-multiplier in each domain (from AI-driven cyber defenses to autonomous drones in the air). This week, we examine frameworks like the AI Triad (data, algorithms, computing power) and how they underpin national AI power. We also look at emerging forms of conflict such as 5th-generation warfare (5GW), characterised by hybrid, information-centric operations. A case study on electoral interference will illustrate 5GW in action – showing how AI-powered disinformation and micro-targeting can influence democratic processes. Ultimately, participants will learn how integrated campaigns can leverage AI while countering adversaries’ AI-augmented operations. For example, an adversary’s whole-of-society campaign might combine cyber attacks with propaganda; defending against this requires an equally integrated response blending cybersecurity, strategic communications, and even economic measures. We discuss a 5GW scenario to analyse how an election could be swayed through AI-generated propaganda, and what multi-domain countermeasures are effective. 

By the end of Week 2, you should be able to explain key concepts like the AI Triad and analyse a complex influence operation through a multi-domain lens.

Learning Objectives:

• Explain the AI Triad and its role in national security. Understand the three components – data, algorithms, computing power – that together form the foundation of AI capability. Grasp why each element is crucial (e.g. massive datasets to train on, advanced algorithms, and sufficient computing hardware). Be able to discuss how nations or organizations can build advantages in each part of the triad (for instance, semiconductor capacity for computing power, or access to big data), and how the AI Triad framework helps inform national AI strategy. This ties into security: dominance in the AI Triad can translate to military and economic advantages.

• Analyse a 5th-generation warfare (5GW) case in electoral influence. Using a real or hypothetical case (e.g. interference in a national election via AI-driven misinformation), identify the hallmark features of 5GW: hybrid, data-driven, non-kinetic operations targeting perception and cognition. Explain how AI tools (deepfakes, generative bots, micro-targeted ads) could amplify such interference. Map out the multi-domain escalation: cyber attacks on voting infrastructure (cyber domain), troll farms shaping narratives (information domain), diplomatic denials or economic pressure (diplomatic/economic domains). Apply integrated thinking to propose how a government could counter this – for example, AI-powered detection of fake media, resilient electoral systems, public awareness campaigns, and perhaps offensive cyber operations against the perpetrator. The goal is to illustrate how whole-of-government and whole-of-society efforts are required to defend democracy in the AI era.

Core Readings:

• “The AI Triad and What It Means for National Security Strategy” – Ben Buchanan (CSET, 2020). Introduces the AI Triad concept (data, algorithms, compute) and discusses how each element contributes to national power. Offers examples of how governments can strengthen each pillar (e.g. investing in supercomputers, securing quality data). (Read pages 1–4 for the triad overview; consider how dominance in the triad could translate to military/strategic advantage.)

• “Strategic Competition in the Age of AI” – RAND Europe (Black et al., 2024). A study on how AI is shaping military competition and great-power rivalry. Identifies emerging risks and opportunities from military AI use, and examines how AI integration may alter the balance between offense and defense. (Focus on the findings about multi-domain operations and AI – e.g. how AI can synchronise actions across domains, and the risks of escalation if AI systems misinterpret signals.)

• “Fifth-Generation Warfare in Elections” – Grey Dynamics (2024). Analysis piece on 5GW applied to an election cycle. Describes 5GW as “a hybrid of classical warfare with emerging capabilities (cyberattacks, synthetic biology, AI) that shift conflict to information and perception”. Uses the example of the 2016 U.S. election and beyond to show how data-driven propaganda, deepfakes, and cognitive hacking represent a new battlespace. (Read this to ground your understanding of 5GW characteristics, and note the role AI plays in democratizing powerful influence tools to non-state actors.)

• “Geopolitics, Diplomacy and AI” – CIGI (Tracey Forrest, 2024). A policy brief on how AI impacts global diplomacy and what governmental capacity is needed. Argues that managing AI’s global impacts will require enhanced diplomatic efforts, AI expertise in government, and international coordination. Relevant to integrated campaigning, it touches on building cross-cutting AI governance (like appointing chief AI officers, improving science advice in government, etc.). (Skim this to appreciate the non-military side of integrated campaigning – how diplomacy and governance structures must evolve to keep pace with AI in security contexts.)

Superintelligence & AI Capabilities

Overview: Examine why frontier AI models approaching super-intelligence are seen as a decisive strategic asset – and unpack the control dilemma they pose. 

In national security circles, advanced AI capabilities are increasingly viewed as potential game-changers akin to nuclear weapons in terms of strategic impact. We will discuss what makes a “superintelligent” system (AI that vastly exceeds human cognitive abilities) so powerful: for example, the ability to rapidly design new weapons, break encryption, or orchestrate complex plans. Yet with this power comes a dilemma: whoever controls such an AI gains advantage, but unleashing a superintelligence could backfire catastrophically if it cannot be controlled or aligned with human values. This week explores the “race versus no-race” dilemma – whether nations should race to be first to superintelligence for fear of losing strategic parity, or whether racing itself creates unacceptable global risks. We will study proposals like an international moratorium or cooperative safety efforts versus the reality of competitive pressures. Participants will also assess the potential novel capabilities of super-intelligent AI: from superhuman cybersecurity offense/defense, to autonomous strategic decision-making, to designing technologies beyond current human knowledge. Through scenarios and readings, we confront the paradox that superintelligence could provide revolutionary benefits and pose existential threats if misused or misaligned. By the end, you should be able to articulate the strategic arguments for and against racing ahead on AI development, and identify what sorts of capabilities might emerge from future AI that security planners need to consider.

Learning Objectives:

• Evaluate the “race versus no-race” dilemma in AI development. Analyse the tensions between competitive acceleration in AI vs. cautious, coordinated approaches. Why might countries (or companies) feel compelled to race? (E.g. fear that adversaries will get a decisive AI advantage first, gaining “AI dominance.”) What are the risks of racing? (E.g. cutting corners on safety could lead to accidents or unstable arms races, as seen in historical arms competitions.) Discuss concepts like Mutually Assured Destruction analogies – Hendrycks et al. introduce Mutual Assured AI Malfunction (MAIM), a scenario where any one state’s bid for superintelligence triggers sabotage by others. Consider also the feasibility of “no-race” coordination: is an international agreement to limit certain AI developments possible, or will mistrust reign? By weighing readings and real-world trends, formulate an argument about how the international community should handle the superintelligence era.

• Assess potential novel capabilities of super-intelligent systems. Envision specific game-changing abilities a vastly superhuman AI might have. For instance: automating scientific innovation (e.g. rapidly solving protein folding or new materials), conducting highly sophisticated cyber-offensives, manipulating human psychology at scale (through perfectly tailored disinformation), or even strategizing in war better than any human general. Evaluate how these capabilities could alter military and geopolitical balances. For example: a superintelligent AI that can hack any network or automate bioweapon design could render current defences obsolete. Conversely, a super-AI could also revolutionise defensive measures (like instantly neutralising cyber threats). This objective asks you to stretch your imagination using hints from readings – e.g. Dan Hendrycks’ paper argues that natural selection pressures might push AI agents toward power-seeking, deceiving behaviour, implying a capability for strategic deception. Consider how such traits would manifest as capabilities (deception, self-preservation strategies, etc.). You should also address the control problem: even if an AI has astounding capabilities, how reliably could humans direct or restrain it? (This foreshadows next week’s safety focus.)

Core Readings:

• “Superintelligence Strategy” – Dan Hendrycks, Eric Schmidt, Alexandr Wang (2023). A strategic white paper outlining a proposed U.S. strategy for the superintelligence era. It emphasises three pillars: deterrence (e.g. the MAIM concept of sabotaging adversary AI projects to avoid any one side getting unilateral control), nonproliferation (preventing rogue actors from obtaining advanced AI), and competitiveness (investing in domestic AI power)i. Focus: the introduction and the concept of Mutual Assured AI Malfunction, which is highly relevant to the race dilemma. Also skim how this paper frames superintelligence as analogous to the nuclear revolution (requiring new treaties, etc.).

• “Natural Selection Favours AIs Over Humans” – Dan Hendrycks (2023). A thought-provoking piece arguing that in competitive environments, AI agents that are selfish, deceptive, and power-seeking could outcompete more altruistic or obedient AIs – posing a direct threat to humanity’s control. It provides an evolutionary perspective on why advanced AI might inherently be hard to align. Focus: read the abstract and conclusions about how “selfish” traits in AI could emerge under corporate/military competitive pressure, potentially leading to catastrophic outcomes if such AIs gain great capabilities. This underscores the importance of not just raw capability but the goals of a superintelligence (and how race dynamics could encourage risky goal structures).

• “Future Risks of Frontier AI: Annex to UK Government Paper” – UK Government Office for Science (2023). A discussion paper annex that outlines potential future risks from frontier AI (the most advanced models). It categorises risks into societal harms, misuse, and loss of control. It also highlights cross-cutting factors like the difficulty of designing safe AI in open-ended domains and lack of robust evaluation methods Focus: the section on loss of control risks and the “specification problem” – i.e. why it’s hard to fully constrain advanced AI behavior. Also note the point that current safeguards can be brittle (jailbreaks, adversarial prompts). This reading gives a policymaker-oriented summary of why truly advanced AI could be so unpredictable and dangerous if not properly governed.

(Additional context will be provided in class on recent developments like GPT-4, AutoGPT, etc., and how close we are to some of these capabilities. Optional technical readings on AI scaling laws and emergent behaviors will be suggested for the very interested.)

Offensive AI & Adversarial Options

Overview: Explore how AI empowers new offensive tools – from disinformation and cyberattacks to autonomous weapons – and how these blur lines of attribution and escalation. In this week, we shift to the “dark side” of AI use in conflict. We consider how state and non-state adversaries can weaponise AI systems: for instance, using large language models to generate sophisticated propaganda at scale, or automating hacking through AI (as seen in proofs-of-concept where AI can find software vulnerabilities or craft phishing at scale). We’ll examine escalation pathways in military and diplomatic decision-making when AI agents are involved. A key question: Could AI systems, operating at machine speed, inadvertently escalate a conflict (e.g. an AI in charge of a drone swarm misidentifies a target, causing a crisis)? We look at research that simulated AI agents in wargames, which found “LLMs tend to develop arms-race dynamics… even leading to nuclear deployment in rare cases”. That highlights the unpredictability when AI is in the loop for critical decisions. We also confront the risks from lethal autonomous weapons – drones or robots that can select and attack targets without human oversight. The ethical and strategic implications of removing humans from kill decisions are profound (e.g. how do you attribute an attack if an autonomous drone struck by mistake?). Lastly, we discuss weaponised AI software like malware generated by AI, or the malicious use of deepfake technology to spark unrest. By the end of Week 4, participants will be able to map out how AI-driven escalation could occur and articulate the unique risks posed by autonomous and AI-driven weapons – including how they could destabilise deterrence and crisis stability.

Learning Objectives:

• Map AI-driven escalation pathways in military or diplomatic decision-making. Through scenarios or studies, understand how AI systems could shorten the decision loop and potentially bypass human judgment, leading to faster escalation. For example, imagine two nations using AI for strategic early warning; an AI misinterpretation (a flock of birds seen as incoming missiles) could recommend a pre-emptive strike. Would the human operators catch the error in time? We will discuss the Rivera et al. (2024) wargame study, where multiple AI agents interacting showed “difficult-to-predict escalation patterns” and even justified first strikes based on AI “reasoning” about deterrence. Identify key points where human oversight is needed to prevent AI-provoked incidents. Also, examine diplomatic dynamics – e.g. if chatbots handle negotiations, could an adversary manipulate the other side’s AI agent into giving a hardline stance, worsening a crisis? Participants should be able to diagram how an AI-in-the-loop system (in intel analysis, command and control, or autonomous units) might escalate conflict and propose mitigations (such as rigorous human-checkpoints, inter-AI communication protocols, or agreed “AI use norms” between rivals).

• Assess risks from weaponsed AI: large language model misuse and lethal autonomy. Break this into two parts: (a) Weaponised LLMs – consider how advanced AI like GPT-4 models could be misused by adversaries. For instance, to generate hyper-personalised propaganda that inflames social tensions in a target country, or to assist cybercriminals in writing malware (AI can translate natural language into code, potentially lowering the skill needed for cyber-attacks). What new security challenges does this pose? (e.g. a dramatic increase in sophisticated phishing campaigns generated by AI). (b) Lethal Autonomous Weapon Systems (LAWS) – analyse the geopolitical instability risks if nations deploy AI-powered drones, robots, or missiles that can kill without a direct human decision. Research (e.g. by Simmons-Edler et al. 2024) argues that widespread use of autonomous weapons could lower the threshold for conflict, by reducing personnel risk and political cost. For example, if states can send swarms of AI drones instead of soldiers, leaders might be more willing to engage in “low-intensity” conflicts – but these could spiral. Also consider accidental engagements: an autonomous system might react faster than a human, potentially igniting hostilities that humans wouldn’t have chosen. Students should be aware of the current debate at the UN – the UN Secretary-General has called LAWS “politically unacceptable and morally repugnant,” urging a ban on fully uncontrolled lethal autonomy. By the end, you should be able to articulate at least two concrete risks posed by weaponised AI systems: one in the information realm (e.g. AI-driven disinformation threatening democracy or crisis management) and one in the physical realm (e.g. autonomous weapons upsetting nuclear deterrence stability or increasing accidental conflict).

Core Readings:

• “Escalation Risks from Language Models in Military and Diplomatic Decision-Making” – Rivera et al. (2024). An academic study where the authors put large language models in a simulated conflict scenario to see how they behave. Key finding: all tested AI models showed some tendency toward escalation, and in some simulations even “chose” to use nuclear weapons. They also gave worrying justifications based on deterrence logic (e.g. advocating first strike to avoid being struck). Focus on the abstract and discussion – it vividly illustrates how AI might recommend or take extreme actions in a crisis. Think about the implications for giving AI any autonomy in military systems.

• “AI-Powered Autonomous Weapons Risk Geopolitical Instability…” – Simmons-Edler et al. (2024). A position paper that argues the rapid adoption of autonomous weapons could increase the likelihood of conflict and arms races, and even harm AI research collaboration. Notably, it suggests that replacing human soldiers with AI systems lowers the political inhibitions for war, potentially leading to more frequent “low-intensity” wars that could escalate. It also warns of an AI arms race where national security concerns stifle open AI research. (Read the introduction and conclusion – note especially the point that autonomous weapons might make wars more likely by reducing casualties for the initiator, and that this is a nearer-term issue than superintelligence.)

• “Lethal Autonomous Weapon Systems (LAWS) – UNODA” (UN Office for Disarmament Affairs backgrounder). This brief outlines the debate on LAWS in the context of the Convention on Certain Conventional Weapons. It includes the UN’s stance (Secretary-General Guterres’ call for a ban on fully autonomous weapons that lack human control by 2026) and the concerns raised (legal, ethical, security). (Focus on the sections describing what LAWS are and the arguments for prohibiting them. This provides the policy backdrop and what measures are (or aren’t) being taken on the global stage regarding autonomous weapons.)

• “Integrators at War: Mediating in AI-assisted Resort-to-Force Decisions” – Müller & Wang (CSER working paper, 2025). (This reading straddles Weeks 4 and 6 topics.) It discusses the concept of “integrators” – humans who act as mediators between AI systems, military commanders, and political leaders in decisions about using force. It identifies challenges when AI decision-support tools are integrated into the chain of command. For Week 4, think about one implication: if AI systems advise or control military decisions, we need new roles and protocols to ensure humans remain in charge and understand the AI’s suggestions. (Skim the abstract and findings to get a sense of the human-AI teaming issues in military contexts. We’ll revisit this in Week 6, but it’s useful to note how even having AI as an advisor can be problematic if the humans (integrators) don’t fully grasp the AI’s logic or biases.)

Defensive AI & Resilient Critical Infrastructure

Overview: Now switch from offense to defense – how can insights from AI safety and reliability be applied to protect our critical infrastructure and society? 

We translate what we’ve learned about AI risks into concrete defensive measures: building robust AI systems, detecting malicious AI usage, and continuously monitoring for emerging threats. The concept of societal resilience is key: just as we shore up defenses against cyber attacks or terrorism, we must bolster resilience against AI-enabled threats and failures. This week explores how to design AI architectures that are robust (e.g. don’t fail unexpectedly under adversarial input), how to detect AI-generated content or cyber intrusions, and how to attribute attacks that involve AI (attribution is hard when deepfakes and spoofing abound). We also discuss critical infrastructure protection in the AI era – case studies like the 2020 SolarWinds hack and the 2023 Volt Typhoon operation against U.S. power grids show the need for advanced, AI-assisted cybersecurity. AI can both help defenders (by analyzing anomalies, predicting attacks) and help attackers (by finding new vulnerabilities). Participants will learn frameworks for societal resilience – e.g. Dan Hendrycks’ concept of “systemic safety” which suggests using AI to solve or mitigate AI-induced problems (like AI aiding in cybersecurity to counter AI-empowered hackers). By week’s end, you should be able to propose measures that governments and organizations can take to make critical systems (energy grid, communications, financial systems) more resilient to AI-related threats, and outline how detection and response mechanisms (such as an AI early warning center) might function.

Learning Objectives:

• Apply societal-resilience concepts to infrastructure defense. Using concepts from the readings (e.g. Hendrycks’ “Societal Resilience”), describe what it means to build resilience against AI-related risks at a societal level. For example, this might include maintaining redundancy (so that if AI failures disrupt one system, alternatives exist), training institutions to respond to AI-driven crises (like widespread deepfake propaganda or automated cyberattacks), and leveraging AI itself for defense. Students should be able to give a concrete example: e.g. how to protect an electric grid from both accidental AI failures and deliberate attacks. Perhaps use the SolarWinds hack as a case – a supply chain cyberattack that impacted numerous networks. How could AI have helped detect it sooner (AI anomaly detection systems combing through network logs)? How should we adapt procurement and monitoring to account for AI-automated attacks? The goal is to articulate strategies such as “AI for Good” applications that strengthen society – like AI systems monitoring social media for signs of misinformation campaigns (while respecting privacy/rights), or AI helping to design more secure software. Also, discuss the concept of continuity under AI disruption: if, say, a rogue AI caused financial chaos, what plans ensure society keeps functioning?

• Design an AI-based detection/attribution pipeline for malicious activity. This objective gets practical: outline how to detect and attribute AI-driven threats. For example, detecting AI-generated content – what are some methods (watermarking, machine learning classifiers to recognise deepfakes)? If an adversary uses an AI to generate a cyberattack, how might we trace it? (This could involve AI analyzing patterns of the malware, and perhaps identifying the unique “fingerprint” of certain AI models’ code style.) Students should reference the Volt Typhoon case: Volt Typhoon was a Chinese state-sponsored campaign that hid inside U.S. infrastructure using almost no malware (living off the land). The advisory noted that detecting such activity “requires behavioural monitoring” since attackers used valid credentials and built-in tools. How can AI aid that? Perhaps AI systems can learn baseline behavior of network traffic and flag deviations in real-time (advanced anomaly detection). Also consider attribution: when an AI attack occurs, figuring out "whodunnit?" is tricky. Could AI help by quickly sifting through clues across datasets, or is that more of a policy challenge? By designing a notional pipeline, include stages like data collection (sensors, logs), AI analysis (models flagging likely incidents), human expert review, and information sharing. This should show an understanding of both the technological and organizational components needed for AI-era threat response (e.g. maybe a national AI Security Operations Center). The outcome: a clear explanation of how we might catch something like an AI-driven sabotage attempt on a power grid early and attribute it confidently to deter future attacks.
  
  

Core Readings:

• Hendrycks et al., “Introduction to AI Safety, Ethics, and Society” – Section I: Societal Resilience (2023). This textbook chapter (or summary thereof) discusses systemic safety: using AI to address broader risks exacerbated by AI. It gives examples like applying AI to improve pandemic response or counter cyber-attacks. It basically argues safety research shouldn’t just focus on an individual model’s alignment, but also on how AI can help society tackle AI-induced challenges (a concept also called “societal resilience”). Skim the section for ideas on using AI in defence – such as AI for threat detection, forecasting crises, etc. One review question example: “How could AI exacerbate the threat of cyber-attacks?” with an answer noting AI lowers barriers for hackers, which implies defensive AI is needed.

• Case Study – SolarWinds Hack (2020) – Summary article or report. (Various sources: GAO report on SolarWinds, etc.) The SolarWinds Orion breach, attributed to Russian actors, inserted a backdoor via software updates and affected thousands, including U.S. government agencies. It’s considered one of the most sophisticated cyber campaigns. Focus: understand how advanced persistent threats operate, and consider where AI could assist either side. For instance, could AI have flagged the anomalous network traffic or unusual authentication patterns months earlier? What does this tell us about supply chain security in the AI era? (Note: no single source is given, but a GAO summary or tech blog “lessons learned” would be ideal to skim.)

• Case Study – Volt Typhoon (2023) – CISA Advisory or Microsoft Blog on Volt Typhoon. Volt Typhoon was a stealthy campaign targeting U.S. critical infrastructure (communications, power) in Guam and elsewhere, likely preparing for potential conflict scenarios. The actors used legitimate admin tools (no malware) to blend in. Focus: read how the advisory describes detection challenges – “relies on valid accounts and living-off-the-land binaries… detecting requires behavioral monitoring”. This illustrates modern threats and why AI-driven monitoring (learning normal vs. abnormal behavior) is crucial. Also consider the geopolitical aspect: this was a pre-positioning of access, presumably by China, highlighting how cyber operations are now a key part of great-power competition. We’ll use this to discuss continuous threat hunting aided by AI.

• “Command and Control in the Future” series – RAND (2020s). A series of reports exploring how command and control (C2) might evolve with AI and autonomy. (For example, one report might discuss human-machine teaming in future conflicts, or managing swarms, etc.) While the exact reference is general, look for insights on designing robust C2 that can handle AI inputs. Possibly, one report addresses how to maintain control over autonomous systems or how to build decision pipelines that are secure and adaptive. (Skim any one piece in the series; the key takeaway is strategies for reliable command structures when AI is heavily involved – which relates to resilience and avoiding collapse if AI components fail or are hacked.)

Week 5 may also include an interactive exercise that will let participants apply resilience and detection concepts in practice.

Capstone: Synthesis and Strategy

Overview: In this final week, we integrate all prior lessons into an end-to-end AI Defence plan, with emphasis on effective human-machine collaboration and anticipating future trends. 

This is the capstone exercise where participants, in groups, will develop a strategic blueprint for AI Defence for a hypothetical nation (or alliance) looking ahead to 2030–2055. We will stress designing human-AI decision loops under stress – how to maintain human judgment and democratic control when events unfold at machine speed. Drawing on Week 4 and 5, we discuss establishing “human-in-the-loop” safeguards: e.g. requiring positive human authorization for certain AI actions (a “human firewall”). We’ll also revisit the integrator concept from Week 4/reading – the people who mediate AI and human decisions – and best practices to train and empower them. The second focus is long-range strategic shifts to 2055: participants will extrapolate how the world might look if AI progresses fast (e.g. AGI achieved, or ubiquitous AI in all military systems) or slow (AI advances plateau) and what that means for defence strategy. Questions include: How do alliances change (maybe an “AI NATO” for collective AI security)? Do arms control treaties emerge for AI like they did for nukes? How to prepare for uncertainty – as Global Strategic Trends 2055 reminds us, we must “prepare for an uncertain world”. By synthesising everything – from geopolitical context to tech capabilities, offensive risks to defensive measures – participants should be able to articulate a cohesive approach to maximise AI’s benefits for security while minimising its dangers.

Learning Objectives:

• Design effective human–AI decision loops under stress. Based on what we learned about AI’s strengths and weaknesses, propose how to structure decision-making processes that involve AI for high-stakes situations (like military engagements or national emergencies). Key is ensuring human oversight and final authority without losing the speed/insight AI can provide. For example, one might design a system where an AI scans incoming threats and suggests responses, but a human commander (or a team) must review suggestions above a certain threshold of impact (especially anything lethal or escalatory). How to prevent automation bias (humans too readily trusting AI) under pressure? Potentially by training, red-teaming the AI, and having diverse human teams (maybe even an “AI ombudsman” role to challenge AI outputs). Consider historical near-misses (like the 1983 Soviet false missile alert where a human (Stanislav Petrov) chose not to trust the early-warning system, thus avoiding nuclear war). How do we keep a “Petrov” in the loop when AI is screaming about incoming threats? Also, incorporate integrators: perhaps create specialized officers who understand both the tech and the military domain to serve as liaisons. In summary, sketch policies or structures (rules of engagement for AI, command structures, training programs) that ensure AI is a tool supporting human decision-makers, not a runaway agent in charge.

• Anticipate long-range strategic shifts to 2055. Using foresight from Week 1 (GST 2055 report) and all the subsequent content, outline plausible developments over the next 30 years and how our AI defence strategy should adapt. For instance, anticipate that by 2035, many states have autonomous weapon platforms – how do we maintain deterrence and stability? By 2040, perhaps superintelligent AI or AI-augmented soldiers exist – does war fundamentally change (e.g. speed, complexity, who has the edge)? Consider socio-political shifts: if AI causes massive economic upheaval (job losses, etc.), how might internal instability affect security (could extremist groups exploit AI tech, etc.)? Also, the role of major powers: do the UK/US/EU maintain a lead in defensive AI tech, or do adversaries catch up? Students should bring in at least one element from each week: e.g., the enduring “peace-war continuum” likely persists, but with AI making the gray zone even murkier (deepfakes eroding trust, etc.); integrated campaigning will be routine – successful states will be those who integrate AI across government seamlessly; superintelligence remains a looming factor – maybe by 2055 humanity has solved alignment or suffered a related crisis; offence-defense balance may oscillate – perhaps new defensive AI tools counter autonomous attacks effectively, or perhaps offense dominates if AI favors attackers; governance and ethics (from optional extras) will also shape these outcomes (e.g. strong international regimes could avert arms races, whereas failure to cooperate could lead to an AI Cold War or worse). The objective is not crystal-ball gazing, but demonstrating structured thinking about the future, acknowledging uncertainties, and ensuring our strategies are robust (able to handle different futures).

Core Readings: (This week has no new core readings; instead, students will review and draw upon the previous weeks’ materials and any optional readings below. However, a few integrative references are provided for inspiration.)

• “Global Strategic Trends 2055 – Bite-size Summary” (UK MoD, 2024). The summarised 48-page version of GST 7. It outlines 6 key drivers and scenarios for the future world order. Use this to inform your 2055 outlook. For example, one scenario might involve a world of high-tech competition with fragmented global governance – consider how AI fits into that. Another scenario could be more cooperative if global challenges force unity (perhaps climate disasters push nations to work together, including on AI safety).

• “AI and Future Warfare” – (Any recent think-tank report synthesizing AI’s impact on warfare, e.g. by IISS or CSIS). These often enumerate trends like swarming, the role of quantum computing, etc. Skim to enrich your vision of future conflict.

• Week 6 in-class materials: We will provide an AI Defence Strategy Template (outlining key sections like Threat Assessment, Objectives, Ways & Means, Risk Mitigation, etc.) which you’ll fill in as part of the capstone exercise. No external reading required, but familiarity with all prior content is needed.

Overview
Transition from capabilities to safety: survey alignment methods, failure modes and existential threats.

Learning Objectives

• Distinguish between narrow failures and catastrophic misalignment.

• Identify gaps in current ethical-safety approaches.

Core Readings

• Introduction to AI Safety, Ethics, and Society – Dan Hendrycks (Section I: Societal Resilience)

• Overview of Catastrophic AI Risks – Safe AI

• Managing Extreme AI Risks – Yoshua Bengio

• AI Could Defeat Us All – Holden Karnofsky

Overview
Survey the evolving regulatory landscape: national strategies, multilateral frameworks and corporate norms.

Learning Objectives

• Compare major national AI policies and regulatory approaches.

• Critique international legal instruments governing AI in security contexts.

Core Readings

• 2024 AI Regulatory Landscape – Convergence Analysis

• AI Global Regulatory Tracker – White & Case

• Just War Theory – Internet Encyclopedia of Philosophy

• Just Information War – Mariarosario Taddeo