Drone attacks on AWS facilities in the UAE and Bahrain are the first deliberate wartime strikes on cloud infrastructure -- and experts warn they won't be the last.
The tech industry has long spoken of 'the cloud' as though it were something ethereal -- boundless, invisible, untouchable. Last week, Iran reminded the world that it is none of those things. Cloud computing runs on data centers. Data centers have an address. And that address can be hit by a drone.
In a single week, three Amazon Web Services facilities -- two in the United Arab Emirates and one in Bahrain -- were struck by Iranian drones and missiles. The attacks knocked the facilities offline, triggering cascading outages across banking systems, payment platforms, delivery apps, and enterprise software throughout the region. It is believed to be the first time data centers have been deliberately targeted in an active military conflict. Experts say it almost certainly will not be the last.
The stakes were not purely commercial. The US military runs workloads on AWS, including Anthropic's AI model Claude, which has been used for intelligence assessments. Iran's state news agency Fars claimed the Bahrain facility was deliberately targeted to disrupt 'the enemy's military and intelligence activities.' AWS declined to comment. Whether US military computing was affected remains unknown -- but the implication was unmistakable.
"If data centers become critical hubs for transiting military information, we can expect them to be increasingly targeted by both cyber and physical attacks."
-- Zachary Kallenborn, King's College London
The vulnerability runs deeper than the strikes themselves. The boundary between commercial cloud infrastructure and military operations has, in practice, collapsed. The Pentagon's warfighting networks run on the same commercial infrastructure that serves banks and ride-hailing apps. This dual-use reality means attacks on civilian data centers now carry direct military consequences -- and vice versa.
The geographic exposure compounds the risk. Seventeen submarine cables pass through the Red Sea, carrying the majority of data traffic between Europe, Asia, and Africa. With Iran's closure of the Strait of Hormuz and renewed Houthi threats in the Red Sea, both critical data chokepoints are now active conflict zones simultaneously. "Closing both chokepoints simultaneously would be a globally disruptive event," warned Doug Madory of network intelligence firm Kentik.
The strikes land at a particularly fraught moment for the Gulf's AI ambitions. President Trump's regional tour last May generated over $2 trillion in investment pledges, including the planned Stargate UAE campus in Abu Dhabi -- what would be the largest AI facility outside the US. Amazon committed $5 billion to an AI hub in Saudi Arabia. Those bets now carry a new kind of risk.
Experts are blunt about what comes next. Sam Winter-Levy of the Carnegie Endowment for International Peace called the strikes 'a harbinger of what's to come,' warning that physical attacks on data centers "are only going to become more common as AI becomes more and more significant." Chris McGuire, a former National Security Council official, put it more starkly: if tech companies are going to double down on the Middle East, data centers may soon need missile defense.
Comments
No comments yet.