Artificial intelligence has changed the nature of offensive capability. Not as a coming development, but as a present condition. The tools already exist to make cyberattacks more autonomous, more scalable, and far more adaptive than any institution’s defense posture was built to absorb. Response windows have compressed to the point where human decision cycles are structurally too slow, and smaller actors now carry the capacity to generate damage at a scale previously reserved for well-resourced nation-states.

Technology has neither ethics nor morals,” says Gordon Winston, CEO of QGEMS and co-founder of the Peace Innovation Initiative. “What it has is direction, and that direction is determined entirely by the hands holding it.” 

The implications extend well beyond cybersecurity as a field.

Energy grids, financial clearing systems, healthcare networks, government communications: these are not separate domains that happen to share a neighborhood, but a single interdependent fabric. Disruption in one sector propagates across others within hours. The downstream effects are economic instability, institutional delegitimization, and the corrosion of public trust on which any functioning peace depends.

The central technical problem is asymmetry, and it is widening. Offensive tools operate at machine speed. Most defensive architectures remain fragmented, reactive, and locked into human decision loops that cannot keep pace. The attack surface is also expanding from within: not from external intrusion alone, but from poorly governed AI adoption inside organizations that security teams have no visibility into.

That design failure runs deeper than architecture; it runs through the social fabric holding democratic societies together.

When critical infrastructure fails, the less visible consequence is the question it plants: not whether an attack occurred, but whether the institutions responsible for public safety are actually in control of anything. Governments that cannot protect power grids, financial accounts, or communications during a coordinated attack lose something no official statement recovers: the presumption of competence. The political space that presumption once occupied does not stay empty. Disinformation generated at machine scale can saturate public attention within hours of an infrastructure event, ensuring the attack and its engineered narrative interpretation arrive together. This is not a theoretical risk scenario, but the active operating model of several state and non-state actors currently in play. The 2024 Edelman Trust Barometer recorded majority distrust of government across all 28 countries in its survey. AI-enabled cyber operations are not creating that distrust from nothing, but compressing what might have taken a decade of political erosion into a single crisis cycle.

The moment is made more dangerous by deglobalization. The post-1945 order rested on a tested assumption: that economic interdependence reduces the incentive for war. That logic held across seven decades. It is now under direct pressure. Cross-border investment flows have contracted. Supply chain repatriation is a simultaneous policy in the United States, European Union, India, and China. Technology decoupling is producing parallel ecosystems designed not to interoperate. As economic ties sever, the cost of conflict between adversarial blocs declines, and the threshold for cyber aggression falls with it.

The result is an escalating environment without the natural friction that historically slowed conflict down… not deliberate war, but the kind that begins when the guardrails quietly disappear.

History records no shortage of conflicts that began not from deliberate intent, but from the removal, over time, of the conditions that made restraint rational. Economic decoupling eliminates the financial stake in an adversary’s stability. Institutional distrust eliminates the domestic political cost of escalation. AI-enabled capability eliminates the technical barrier to consequential aggression. Disinformation eliminates the shared factual ground on which de-escalation must eventually be negotiated. Together, these constitute a structural degradation of the peace architecture that the 20th century spent enormous effort building.

PII’s founding premise was that the conditions for peace must be built into the operating systems of civilization, not bolted on after the fact. AI-driven cyber risk is its most urgent current proof. The technology that promised to connect humanity more efficiently than any prior generation has simultaneously handed hostile actors the means to dismantle the institutional foundations on which peace actually runs.

Whether the institutions charged with protecting those foundations are moving with sufficient speed and clarity of purpose: that is the central peace question of this decade.