People assumed cloud as vast, weightless, and invulnerable (at least from physical attacks). However, cloud do not physical buildings, servers, cooling systems, and fiber-optic cables. These concrete buildings can be turned to ashes by drones. On 1 March 2026, Iran did struck cloud facilities.
The Islamic Revolutionary Guard Corps, or IRGC, accepted responsibility for drone attacks on three Amazon Web Services (AWS) facilities in the United Arab Emirates and Bahrain. This was a novel attack in the history of war. This event not only hard hit the cloud facilities but has sent shockwaves to the tech & AI industry, broader economy, and international law.
Why is Iran targeting data centers?
The IRGC stated that these data centers are behind the enemy’s military and intelligence. The US military was using Anthropic’s AI model Claude (which runs on AWS cloud) for assessing intelligence, identifying targets, and simulating battles before attacking Iran. In 2025, Microsoft revoked Azure cloud services to Israel Defense Forces’ Unit 8200, as the IDF was using Azure infrastructure in the Netherlands, storing intelligence and operating AI language models. Therefore, the IRGC’s claim has high substance.
The commercial cloud infrastructure stores two types of information, which is the key problem. For example, the vast data centers host banking apps and enterprise software besides sensitive government services and, escalating, defense workloads. This muddling of civilian and military usage is not unintended. It is done to achieve cost efficiency and the quick militarization of AI. Still, it develops a significant gap that Iran has identified.
Iran’s larger cyber strategy has previously focusing this grey area. Iranian groups backed by the government including APT34, APT35, APT39, and APT42 targeted large individual data sets who involved in the intent of regime change abroad.
Iran Attack on the Data Centers and Legal View
Legally, civilian infrastructure is supposed to be protected from attacks as long as it is not supporting military or intelligence. Just Security analyzed that the Israeli military was using Amazon’s cloud computing services and AI capabilities to achieve large operational effectiveness, so these targets are qualified for attack as per the Law of Armed Conflict (LOAC).
However, which server hosts military data compared to civilian workloads is difficult to identify by the target. Vincent Boulanin, director of the governance of AI program at the Stockholm International Peace Research Institute, states that AWS centers most likely manage civilian workloads and striking them was not lawful under LOAC.
Moreover, Just Security argues that additional surgical cyber strikes could have been done to restrict military access to the centers without physically damaging them. Attackers should adopt less destructive ways. But who cares, this is the war, as the old saying goes, everything is fear in love and war.
Iran’s Attack Influence on the AI Economy and Customers
The Gulf countries experienced immediate disruption. The UAE financial services, payments platforms, and consumer apps have been offline for days. AWS was capable of surviving the outage of a single zone. But it was overwhelmed by the multiple strikes. This likely affects product deliveries and industries that rely on AI workflows.
The consequences for the wider AI economy are serious. These include immediate outage of cloud services, affecting training of any AI model that puts costs and time at risk, and raises doubts about the large inflow of capital in this emerging market. Data center investment is very long-term, and any event like this raises the risk premium of this investment. In such a case, data centers could shift to other regions where the security situation is more under control.
Data centers are also very vulnerable. Strikes on turbines, air conditioning units, and other exposed external features that cannot be protected damaged data centers. Data centers will be on the radar as AI becomes more and more important. For the US it will become a top government priority in future.
As data centers are insured, it also causes problems for insurers. Standard insurance policies often omit acts of war, implying that companies hit by Iranian drones have little legal recourse. Next, these companies need to include war clauses, but finding them at reasonable rates is a concern.
War Era
The war era exposed various vulnerabilities in the developed world. Data centers are one of them. Only those industries are protected that know how to avoid militarization.
