Software and Hard Power

In 1909, six years after the Wright brothers first flew at Kitty Hawk, the entire United States military owned precisely one functioning airplane. It was considered more spectacle than instrument, a contraption whose potential was dwarfed by the elegance of cavalry and the proven power of artillery. Aviation was, at best, a curiosity—its utility in war unclear, its future uncertain. By the end of the First World War, the U.S. Army Air Service had deployed over 40 aircraft. By the end of the Second, the number would exceed 300,000. And in 1945, a single plane dropped a single bomb that would bring the most catastrophic conflict in human history to a sudden and decisive close.

This is how new domains of warfare begin—not with clarity or consensus, but with disbelief. The airplane, in its infancy, was dismissed by military leadership as a frivolous appendage to ground strategy, not a transformative force. That resistance arose not only from a failure to grasp its potential, but from the simple fact that the technology had not yet matured enough to fulfill the vision it implied. What the early skeptics failed to grasp was that air power did not merely extend the range of existing operations—it rewrote the logic of the battlefield itself. It collapsed geography, compressed time, and created a new vertical axis from which war could be prosecuted with reach, speed, and precision unmatched by any ground force. Those who understood its implications early—visionaries like Billy Mitchell or the self-styled Bomber Mafia—saw not just a new weapon, but a new way of thinking about warfare.

Something similar is happening now.

Cyber has already begun its migration out of the intelligence apparatus and into the broader theater of military operations. What was once the exclusive province of three-letter spy agencies is now being integrated into special operations units, conventional forces, and combatant commands. Every major branch of the U.S. military maintains its own cyber unit. Tools once reserved for espionage are being adapted for battlefield advantage. And yet, for all this evolution, the prevailing image of cyber remains tethered to its past—an accessory to intelligence, a tool for disruption, a shadowy adjunct to hard power.

That perception is not born of ignorance. It reflects the genuine limitations that have shaped cyber operations until now: the fragility of early exploits, the difficulty of generating reliable effects, and the latency between infiltration and outcome. But those constraints are eroding. The exponential advance of artificial intelligence, autonomy, and real-time decision systems is beginning to change what cyber can do, how fast it can do it, and to what end. We are approaching a threshold—one where cyber moves from support to center, from enabler to lever.

And with that shift comes something else: the possibility that cyber, precisely because it is non-kinetic, may offer an alternative mode of confrontation. As Thomas Rid has observed, the danger is not that cyber will become indistinguishable from war, but that we fail to see it for what it truly is—a domain where conflict may unfold in ways that rival, or even replace, traditional violence.

Before we examine that future, we would do well to remember how the last revolution began—not with a bang, but with the soft hum of propellers over a skeptical world.

The earliest days of military aviation were marked not by doctrine, but by disbelief. Even after the Wright brothers demonstrated sustained flight, many in the military establishment saw little reason to invest in a machine so delicate, so dependent on favorable conditions, and so unproven in the crucible of war. The airplane, in those years, was not yet a weapon—it was a spectacle. Commanders spoke of it as a reconnaissance tool, perhaps, or a courier for messages across impassable terrain. Few imagined it as a platform of force projection, let alone a decisive one.

And yet, the seeds of revolution had already been planted. During the First World War, aircraft began to appear not just above the trenches but in the fight itself—first as observers, then as fighters, and eventually as bombers. Still, their impact was limited by primitive technology and uncertain doctrine. The airplane could deliver explosives, but not with precision. It could fight, but not for long. Its presence was novel, but not yet transformational.

It was in the interwar years that a new idea began to take shape—radical, elegant, and controversial. A cadre of thinkers within the U.S. Army Air Corps, later dubbed the Bomber Mafia, came to believe that air power could be more than a supplement to ground operations. They envisioned a strategic force, capable of striking the industrial heart of an enemy, bypassing the brutal attrition of infantry warfare altogether. With enough altitude and precision, they argued, wars could be shortened—perhaps even made humane. One clean strike on a critical node might achieve what months of ground fighting could not.

At the center of this vision was the idea of decisive precision—a belief that technology would eventually enable the military to identify and destroy only what mattered. The Norden bombsight, an electromechanical analog computer designed to guide bombs with unprecedented accuracy, became the symbolic fulcrum of this belief. The promise was seductive: that war could be made rational, calculable, even surgical.

But reality lagged behind ambition. In practice, precision bombing during the Second World War was often anything but. Weather, flak, human error, and the limits of mid-century technology conspired to blur the sharp lines of strategic theory. Many targets had to be bombed repeatedly. Others were missed entirely. And in time, the dream gave way to something darker. Curtis LeMay, commander of the U.S. strategic bombing campaign in the Pacific, abandoned precision in favor of scale—launching massive incendiary raids that razed entire cities. It was not a doctrine of surgical war, but of overwhelming firepower. The final expression of that doctrine came on August 6, 1945, when the Enola Gay dropped an atomic bomb on Hiroshima.

What began as a novel adjunct to traditional arms had become, in less than half a century, the most powerful instrument of destruction in human history. More importantly, air power had moved from the margins of military thought to its very center. It dictated strategy, drove procurement, reshaped the battlefield, and forced a redefinition of what victory looked like.

The lesson is not that air power fulfilled its promise. It is that it changed the terms of the promise itself. Once a new domain becomes viable—once it begins to influence the geometry of conflict—it does not ask permission to become central. It grows in power until the rest of the system must reorganize around it.

Cyber’s origins, unlike those of air power, are not found on the battlefield but in the shadows—shaped less by battlefield necessity than by the quiet demands of intelligence. It was the intelligence community, not the armed forces, that first understood what could be done with a vulnerability, a remote access tool, a zero-day exploit. The early logic was covert: gain access, stay hidden, collect everything.

For decades, cyber operations were the exclusive domain of the world’s most elite intelligence agencies—NSA, GCHQ, GRU, Unit 8200—entities fluent in subversion, patient by design, and built around long timelines. Cyber was a scalpel, not a sword, and its practitioners were less warriors than engineers of access. The objective was not destruction, but persistence.

That era is ending.

In recent years, cyber has begun a steady migration from the intelligence community into the broader fabric of military operations. Every major branch of the U.S. military now maintains its own cyber units. Special operations teams routinely deploy with cyber support, not only for surveillance but for active disruption and shaping. Digital infrastructure is no longer a backdrop to operations—it is increasingly a part of the fight itself.

And yet, the prevailing imagination surrounding cyber remains constrained by the boundaries of its past. Too often, cyber is still conceived as a tool of sabotage or disruption, a means of denying service or exfiltrating secrets—useful, certainly, but rarely decisive. That framing is not born of conceptual blindness; it reflects the real limitations that have governed cyber’s evolution to date. Reliable effect generation is hard. Controlling outcomes across complex and dynamic systems is harder. And achieving repeatable success—especially in contested or hardened environments—remains a profound technical challenge.

But the technology is beginning to outpace the frameworks we use to think about it. The ingredients for transformation—artificial intelligence, automated reconnaissance, machine-speed vulnerability discovery, and dynamic malware—are emerging rapidly. Today, they exist in research labs, pilot programs, and tightly scoped operations. But their trajectory is unmistakable. Systems that once required months of human planning are starting to compress into workflows that operate in hours, or even minutes. The prospect of semi-autonomous intrusion, adaptive targeting, and real-time campaign management is no longer theoretical—it is visible on the horizon.

Like air power in the 1920s, it sits at the edge of full realization. And like air power then, it will not remain on the edge for long.

In war, time is not neutral. The faster force—the one that can observe, decide, and act more quickly—does not merely react more efficiently; it dictates the terms of engagement. This has long been the logic behind the OODA loop, the decision cycle popularized by Air Force strategist John Boyd. Speed, properly understood, is not a matter of movement—it is a matter of cognition. Outpace your adversary’s ability to perceive and respond, and you have already won.

That framework is being rewritten. Not discarded, but accelerated beyond the realm of human participation.

Cyber operations, especially when augmented by artificial intelligence, will operate at a tempo that defies human comprehension. A vulnerability scanned, an exploit deployed, a system pivoted through—all in seconds. Feedback loops once mediated by analysts and operators are increasingly automated. What was once a domain of stealth and patience is evolving toward speed and scale.

But this transformation is not happening in a vacuum. It is colliding with something even more consequential: the explosive proliferation of software into every facet of warfighting and society. This is not simply a matter of digital interfaces or code running in the background. What we are witnessing is both a Cambrian explosion of software-native systems and a structural inversion—a shift in which software is no longer in service to hardware, but in full control of system behavior. In legacy platforms, software played a limited, often peripheral role—navigation, diagnostics, fire control. But in the emerging class of autonomous systems—drones, robotic vehicles, sensor meshes, and loitering munitions—software defines the system’s function entirely. Nowhere is this more evident than in the F-35 Joint Strike Fighter, which contains over 8 million lines of code. Its targeting, navigation, threat detection, sensor fusion, and even flight control are all orchestrated through software. It is a software system that happens to fly.

This distinction matters. Because what can be programmed can also be subverted. As the number of software-defined systems multiplies—and as the marginal cost of generating new code plummets—so too does the scale of opportunity for cyber operations. The battlefield is no longer just physical terrain. It is infrastructure, firmware, control logic. Every device that moves, tracks, or targets is now a potential node in a contested digital ecosystem.

And the tempo of warfare accelerates in kind.

The convergence of autonomy and cyber operations introduces a new kind of decision loop: not just one that operates at machine speed, but one that is executed by machines themselves. Autonomous systems are no longer waiting for orders—they are observing, orienting, deciding, and acting on their own. Whether guided by human-in-the-loop oversight or configured for full autonomy, these systems are beginning to close the loop without us.

War at machine speed is not just about executing cyber operations faster. It is about the rise of systems that are decision cycles—systems that make choices, refine strategies, and prosecute engagements in real time, without waiting for permission.

This inversion is strategically profound. It shifts the center of gravity from firepower to responsiveness, from platforms to processes. Large, expensive systems—carrier groups, legacy fighters, hardened infrastructure—may still matter. But they will increasingly be hunted, confused, disabled, or deceived by networks of smaller, faster, and more intelligent machines.

Air power once collapsed geography. Cyber collapses time. And with autonomy layered atop it, war is becoming a contest of software ecosystems—competing not only for superiority of arms, but superiority of computation.

Warfare has always been entangled with complexity—terrain, weather, logistics, alliances, deception. But in the age of software-defined systems, complexity takes on a new dimension. It is no longer just a feature of the environment; it is the environment.

The modern military is not a closed system. It is a sprawling, interdependent network of digital platforms, wireless protocols, cloud services, data centers, firmware packages, AI models, and legacy infrastructure—all stitched together in ways even their architects often cannot fully map. It is not just soldiers and steel. It is systems integration, API latency, power grids, satellites, fiber optic cables, and electromagnetic spectrum management.

This is the new fog of war: not uncertainty born from a lack of information, but from too much information, processed too quickly, across systems too complex to fully audit. The battlefield is increasingly becoming computational and every layer of that computation is contestable.

Where traditional warfare sought to destroy, cyber seeks to degrade. It does not require overwhelming firepower to render a system useless. If you can confuse a sensor, spoof a signal, disrupt a targeting algorithm, or manipulate a data feed, you can cripple a weapon or blind a commander. You don’t need to sink the ship—you need to subvert it, exploit it, sabotage it, or manipulate it.

The first true glimpse of this new complexity came in 2010, when Stuxnet—a highly specialized piece of malware—successfully crossed the boundary from digital code to physical consequence. It silently infiltrated Iran’s Natanz nuclear facility, manipulating centrifuge speeds while feeding false telemetry to operators. No bombs were dropped. No missiles launched. But uranium production was set back for years. It was not just an act of sabotage—it was proof of concept that software could be used to create real, strategic kinetic effects without ever firing a shot.

What makes this complexity dangerous is not merely its scale, but its opacity. Dependencies are hidden. Vulnerabilities are latent. Failures are cascading. And when autonomous systems are layered on top of this already-fragile mesh, decision-making moves from the hands of commanders to the edge of the network—where local agents act on partial information, executing logic embedded deep in neural networks, often inscrutable even to those who built them.

In this world, war is no longer a contest of visible forces. It is a choreography of systems—some human, many not—interacting across digital terrain that is constantly shifting beneath them. The battlefield becomes a living graph: dynamic, recursive, multi-domain, and sometimes invisible.

We used to speak of “lines” of battle. Those lines have dissolved. What remains is an intricate web of interconnected systems, where cause and effect are rarely linear, and where the weakest link may not be physical at all—but a forgotten script, an unpatched vulnerability, or a corrupted update server.

In the age of cyber and autonomy, complexity is not just a challenge of command. It is the battlefield itself.

For most of the twentieth century, power in warfare was a function of mass. Bigger ships. Heavier armor. Larger fleets. Victory was measured in tonnage, firepower, and industrial throughput. This logic culminated in platforms like the aircraft carrier and the strategic bomber—symbols of military might that projected force across continents and oceans.

But cyber does not care about mass. It rewards agility. It favors systems that are fast, distributed, and disposable. And in this respect, it is accelerating a shift that began long before the first worm was ever written: the slow death of the battleship.

Asymmetry is no longer simply a matter of guerrilla tactics or insurgent advantage. It is increasingly a feature of the architecture itself. In a software-defined world, the cost of iteration drops to near-zero. Drones can be built en masse. Sensor systems can be reconfigured in hours. Malware can be recompiled in seconds. The side that can build, deploy, and adapt faster—both in software and in hardware—gains a decisive edge.

And perhaps more importantly, the target surface has changed. In traditional warfare, force was directed at concentration: bases, fleets, formations, convoys. In cyber-augmented warfare, force is directed at dependency. The kill chain can be broken not at the tip of the spear, but at the node that supports it—a targeting algorithm, a satellite uplink, a software update server. Disable the system that enables the weapon, and you neutralize the weapon itself.

This logic creates a new form of strategic leverage. A $10 million drone can be brought down by a $100 exploit. A naval fleet can be blinded by the compromise of a single link in a satellite constellation. A hypersonic missile may never reach its target because its trajectory calculations were fed poisoned data from a spoofed GNSS signal. The old relationship between cost and effectiveness has inverted.

We’re already starting to see the contours of this shift. Drone swarms capable of decentralized coordination are being tested in operational environments. Uncrewed maritime vessels are patrolling coastlines, mapping, surveilling, and relaying data without ever needing a human on board. Companies like Anduril are building systems that prioritize autonomy, sensor fusion, and software-defined behavior over raw firepower. These platforms are not evolutionary—they are built for a different kind of war, one where control systems matter more than calibers.

In this world, it is not size or scale that confers advantage—but responsiveness, modularity, and speed of adaptation. Dominance does not come from building the biggest system. It comes from building the smartest network.

Cyber is not just a domain of attack—it is a pressure applied across the entire architecture of war. And when applied intelligently, that pressure reveals the fragility of even the most expensive, most formidable platforms. The steel may be strong, but the logic that governs it is often not.

One of the most persistent myths about cyber is that it is inherently democratizing. Compared to conventional military power, cyber has often been portrayed as cheap, accessible, and asymmetric—an ideal tool for rogue states, criminal syndicates, or lone actors with sufficient talent and time. The logic was straightforward: anyone with a laptop and an exploit could, in theory, bring a superpower to its knees.

That narrative was never entirely wrong—but it is rapidly becoming outdated.

In the emerging era of AI-enabled cyber operations, the barriers to entry are rising sharply. Discovering novel vulnerabilities, crafting adaptive payloads, simulating target environments, and executing operations at scale no longer depend on individual ingenuity alone. They will require large models, vast datasets, dedicated infrastructure, and seamless integration with other operational systems—everything from autonomous drones to signals intelligence platforms to decision support frameworks.

This is not cyber as insurgency. It is cyber as statecraft.

Just as nuclear weapons introduced a club of sovereign powers capable of sustaining the industrial, scientific, and bureaucratic overhead required for deterrence, AI-powered cyber operations are beginning to stratify the field. The most advanced capabilities—those that can operate at scale, adapt in real time, and coordinate across domains—will be the purview of nations with deep technical ecosystems, robust cloud infrastructure, and the ability to integrate cyber operations with kinetic strategy. And as with nuclear weapons, the first to reach maturity in this domain will not only hold operational advantage—they will shape the rules of engagement for everyone else.

The new arms race is not over exploits. It is over models, compute, and integration. Power will not reside in who has the best hacker—but in who has the most capable autonomous systems operating across the widest array of environments, supported by the deepest stack of real-time intelligence.

This shift reframes the future of conflict. If the early promise of cyber was its accessibility, the future promise is its compounding advantage: the more infrastructure, the more data, the more GPUs, the more operational integration—the greater the divergence in capability becomes. Superiority doesn’t just expand—it entrenches. Once deployed, these systems generate data others can’t access, refine capabilities others can’t replicate, and evolve faster than doctrine can adapt. This is what makes cyber + AI fundamentally different. It does not plateau. It accelerates.

And once a certain threshold is crossed—a kind of escape velocity—the advantage becomes nonlinear. Cyber power becomes self-reinforcing, evolving faster than adversaries can respond, and driving an ever-widening gap between those who can operate at machine scale and those who cannot.

This is no longer a question of open access or improvisation. It is a race toward model supremacy. The tools may still be digital—but the distance between first and second place is about to become vast.

In the interwar years of the 1920s and 30s, there were a few who understood what was coming. The air-minded theorists. The architects of strategic bombing. The believers in altitude, reach, and precision. They saw that war would not remain a contest of trenches and artillery—but most did not listen. Institutions clung to the past. Doctrines calcified. By the time air power proved decisive, it was no longer a revelation. It was simply reality.

We are living through a similar moment now.

Cyber is not speculative. It is not science fiction. It is already changing how wars are fought, how campaigns are structured, how deterrence is calculated. But the full extent of that transformation remains just out of frame. We still speak of cyber as support, as sabotage, as espionage. Few have begun to grasp what it means for cyber to be strategic—to become the logic that underwrites not just operations, but doctrine itself.

We are approaching a shift not just in tools, but in the architecture of power.

A shift where the decisive factor is not how many missiles one can fire, but how many systems one can command, disrupt, or deceive. Where autonomy and software combine to generate tempo that cannot be matched by human operators. Where the next great contest of arms will unfold as much in code and silicon as in steel and fire.

The danger is not that cyber is being ignored. It is that it is being misread. Seen through the lens of the past, its potential remains invisible. Seen on its own terms, it is clear: this is the next strategic domain of warfare.

And like air power before it, cyber will change the character of war. It will not replace the battlefield—but it will redefine where the battlefield begins, and how victory is achieved.

We would be wise not to wait for the equivalent of Hiroshima to take it seriously. Because in this century, the ability of free and open societies to prevail will depend on more than just strength of will. It will depend on hard power—and hard power will be built in software.