People assumed cloud as vast, weightless, and invulnerable (at least from physical attacks). However, cloud do not physical buildings, servers, cooling systems, and fiber-optic cables. These concrete buildings can be turned to ashes by drones. On 1 March 2026, Iran did struck cloud facilities.
The Islamic Revolutionary Guard Corps or IRGC accepted responsibility for drone attacks on three Amazon Web Services or AWS facilities in the United Arab Emirates and Bahrain. This was a novel attack in the history of war. This event not only hard hit the cloud facilities but has sent shockwaves to the tech & AI industry, broader economy, and international law.
Why Iran is targeting data centers?
The IRGC stated that these data centers are behind the enemy’s military and intelligence. The US military was using Anthropic’s AI model Claude (which runs on AWS cloud) for assessing intelligence, identifying targets, and simulating battles during the before attacking Iran. In 2025, Microsoft revoked Azure cloud services to Israel Defense Forces’ Unit 8200, as the IDF was using Azure infrastructure in the Netherlands, storing intelligence and operating AI language models. Therefore, IRGC claim has high substance.
The commercial cloud infrastructure stores two types of information which is the key problem. For example, the vast data centers host banking apps and enterprise software beside sensitive government services and, escalating, defense workloads. This muddling of civilian and military usage is not unintended, it is done to achieve cost efficiency and the quick militarization of AI. Still, it develops a significant gap that Iran has identified.
Iran’s larger cyber strategy has previously focusing this grey area. Iranian groups backed by the government including APT34, APT35, APT39, and APT42 targeted large individual data sets who involved in the intent of regime change abroad.
Legal View
Legally, civilian infrastructure is supposed to be protected from attacks as long as it is not supporting military or intelligence. Just Security analyzed that the Israel military was using Amazon’s cloud computing services and AI capabilities to achieve large operational effectiveness, so these targets are qualified for attack as per Law of Armed Conflict (LOAC).
However, which server hosts military data compared to civilian workloads is difficult to identify by the target. Vincent Boulanin, director of the governance of AI program at the Stockholm International Peace Research Institute, states that AWS centers most likely manage civilian workloads and striking them was not lawful under LOAC.
Moreover, Just Security argues that additional surgical cyber strikes could have been done to restrict military access to the centers without physically damaging them. Attackers should adopt less destructive ways. But who cares this in the war, as old saying goes everything is fear in love and war.
Influence on AI Economy and Customers
The Gulf countries experienced immediate disruption. The UAE financial services, payments platforms, and consumer apps offline for days. AWS was capable to survive the outage of a single zone but it was overwhelmed by the multiple strikes. This likely affects product deliveries and industries that rely on AI workflows.
The consequences for the wider AI economy are serious. These include immediate outage of cloud services, affect training of any AI model that put costs, and time at risk, and make investments in doubt about the large inflow of capital in this emerging market. Data center investment is very long-term, and any event like this raises the risk premium of this investment. In such case data centers could shift to other regions where security situation is more under control.
Data centers are also very vulnerable. Strikes on turbines, air conditioning units, and other exposed external features that cannot be protected damaged data centers. Data centers will be on the radar as AI becomes more and more important. For the US it will become a top government priority in future.
As data centers are insured, so it also causes problem to insurers. Standard insurance policies often omit acts of war, implying that companies hit by Iranian drones have little legal recourse. Next, time these companies need to include war clauses but finding them at reasonable rates is a concern.
War Era
The war era exposed various vulnerabilities in the developed world. Data centers are one of them. Only those industries are protected who know how to avoid militarization.
