Hook
On July 18, 2025, the Islamic Revolutionary Guard Corps (IRGC) issued a statement claiming it destroyed a US “AI center” and a drone storage facility in Bahrain. The attack, if real, would mark the first time an adversarial state explicitly targeted artificial intelligence infrastructure in a kinetic operation. But the veracity of the claim is secondary to the signal it sends: centralized AI assets—whether military command systems or civilian cloud clusters—are now prime targets in the gray-zone conflicts that define our era.
I have spent the last decade inside decentralized protocol design, auditing tokenomics, and architecting community-governed systems. From my graduate work in applied mathematics to my role as a PM on Aave and Compound, one lesson has been drilled into me: centralization is a single point of failure, and every single point of failure eventually gets exploited. The IRGC’s statement is not just a geopolitical headline; it is a protocol-level alert for every builder in blockchain. We have been obsessed with DeFi yields, NFT floor prices, and gas optimizations while ignoring the fact that the most important infrastructure of the 21st century—AI—remains hyper-centralized and vulnerable to the exact same attack vectors we combat daily.
Context
The US military operates a vast network of AI-powered systems across the Middle East. Project Maven, the Algorithmic Warfare Cross-Functional Team, has been deploying machine learning to analyze drone footage and target selection since 2017. These systems are centralized: data flows into massive cloud servers, models are trained on proprietary datasets, and decision loops are controlled by a handful of command centers. Bahrain alone hosts the US Fifth Fleet, a critical node for maritime surveillance and strike coordination. The IRGC’s claim that it hit an “AI center” there—whether physical server farm or software node—represents a recognition that the digital nervous system of modern warfare is the most brittle component.
Decentralization advocates have long argued that resilience emerges from distribution. Bitcoin survives because no single server can bring it down. Ethereum’s migration to proof-of-stake proved that a diversified validator set can absorb attacks that would cripple a traditional database. Yet the same logic has not been applied to AI governance. The models that inform sanctions, drone strikes, and intelligence analysis are run on private infrastructure, owned by defense contractors like Palantir, Anduril, and Microsoft. If the IRGC’s claim holds any truth, it validates the core thesis of our industry: trust in centralized systems is a vulnerability. Code is law, but people are purpose—and purpose is only meaningful when the infrastructure can survive a targeted strike.
Core
The IRGC statement, even if unverified, forces a deep technical question: can decentralized protocols protect AI assets better than centralized ones? My experience building community-governed DeFi protocols suggests the answer is a qualified yes, but only if we rethink the entire architecture of how AI models are stored, trained, and executed.
Consider data storage. Military AI relies on massive labeled datasets stored in cloud silos. One physical attack or cyber intrusion can corrupt or exfiltrate terabytes of critical training data. In contrast, decentralized storage networks like IPFS or Arweave distribute data across thousands of nodes. No single point of failure exists. I recall auditing a DeFi protocol in 2020 that stored its risk parameters on a private server; when that server went down during a market crash, the protocol froze, causing millions in losses. We migrated to IPFS, and resilience improved tenfold. The same logic applies to AI training data: store it on a decentralized network, and an attacker cannot wipe it out with a single missile or a single hack.
But storage is only the first layer. The second is model execution. Military AI often involves inference on edge devices—drones, sensors, satellites. These devices run lightweight models that must be updated and authenticated. Today, model updates are signed by a central authority (e.g., the US Cyber Command). A compromised signing key could introduce a backdoored model. Smart contracts can replace that central authority with a multisig or a decentralized autonomous organization (DAO) that requires consensus from multiple validators before a model update is accepted. In 2022, I helped design a governance mechanism for a DAO that required 60% of token-weighted votes to approve a smart contract upgrade. The same pattern can apply to AI model versioning: a committee of verified nodes—perhaps representing different military branches or allied nations—must approve changes, reducing the risk of a single compromised entity injecting malicious logic.
One insight from my work on Aave’s interest rate model is that algorithmic fairness is not just about math; it is about trust. Users will not deposit liquidity if they suspect the model can be manipulated by a whale. The same applies to AI: soldiers and commanders will not trust a targeting system if they believe a single adversary can corrupt its logic. Decentralized model governance builds trust through transparency and consensus.
The third layer is the most subtle: adversarial robustness. The IRGC’s threat to “AI assets” likely includes the ability to poison training data or execute adversarial machine learning attacks. In a centralized setting, a determined adversary—state-sponsored or not—can slowly inject malicious data into the training pipeline, shifting model behavior over time. This is the digital equivalent of a slow-motion hijack. In a decentralized system, training data can be audited on-chain. Each data point can be fingerprinted, its provenance tracked, and its contribution to the model’s final weights verified. Zero-knowledge proofs can be used to show that a model was trained on a specific dataset without revealing the data itself. Decentralized AI is not just more resilient; it is auditable, transparent, and resistant to the very kind of subversion that the IRGC seems to be threatening.
I recently participated in a working group on “Human-Centric AI Protocol” in Geneva, where we debated the intersection of blockchain and AI ethics. What became clear is that the same mechanisms that protect DeFi—economic incentives, slashing conditions, and reputation systems—can protect AI. If a validator node signs off on a corrupted model update, it loses its stake. If a data provider submits poisoned information, it is penalized. These are not theoretical; they are live on mainnet today in protocols like Ocean Protocol or SingularityNET, but their adoption for mission-critical military AI is zero.
Contrarian
The contrarian angle here is uncomfortable: decentralization might make AI assets more vulnerable, not less. Consider the challenge of coordination in a conflict zone. If a drone needs a real-time model update to avoid an anti-air missile, waiting for 12 validators across the globe to reach consensus could cost lives. Latency is the enemy of survival. Centralized systems win on speed because a single command center can push an update in milliseconds. Decentralization adds friction, and friction in warfare is deadly.
Furthermore, decentralized systems are transparent by design. A public blockchain that records AI model versioning also reveals which models are in use, their update frequency, and the identities of validators. An adversary like Iran could use that transparency to map the decision-making chain, identify the weakest validators, and execute social engineering or targeted attacks. In the language of DeFi, this is like having a public order book—it reduces information asymmetry but increases exposure to front-running and manipulation.
The blind spot in our industry is that we assume transparency is always good. In geopolitics, operational security often demands opacity. The same IRGC that claimed to attack an AI center could leverage on-chain data to plan its next strike. Decentralization must be tempered with selective disclosure; not everything needs to be on a public ledger.
Another counterpoint: the cost. Zero-knowledge proofs for large AI models are computationally prohibitive. As of 2025, proving a single inference for a mid-sized neural network can cost over $100 on Ethereum L2. ZK rollups—the most promising scaling technology—are still bleeding money, as I’ve written before. Expecting the Pentagon to adopt an expensive, slow, and unproven infrastructure for life-or-death decisions is naive. The IRGC’s claim, even if false, may actually accelerate a trend toward centralized hardening rather than decentralized distribution. The US could pour billions into air-gapped, encrypted, offline AI systems that are even more centralized but physically secure.
Yet I argue that these challenges are not reasons to abandon decentralization—they are design constraints. Just as we build optimistic rollups to reduce costs and multi-party computation to enable privacy, we can build hybrid systems for military AI: decentralized governance for update approval (using fast finality layers) but encrypted execution on permissioned nodes. The goal is not to eliminate centralization entirely but to eliminate single points of failure. Resilience beats hype every time, but resilience must be engineered, not preached.
Takeaway
The IRGC’s statement about hitting a US AI center in Bahrain may be disinformation, a bluff, or a premature celebration. But regardless of its factual accuracy, it has already achieved its strategic purpose: it forced military planners and technology leaders to ask whether the current centralized AI infrastructure can survive a determined adversary. That question is our industry’s moment.
We have spent years arguing that decentralized finance can replace banks, that DAOs can replace corporations, and that NFTs can preserve cultural heritage. Now we must extend that argument to the most critical infrastructure of all: the algorithms that decide who lives and who dies. Trust, but verify. But also, connect—connect the resilience of decentralized protocols to the security of our shared future. The IRGC may not have destroyed an AI center, but they have exposed a centralized vulnerability that only decentralized architecture can fix. The question is not whether we can build it—we can. The question is whether we have the will to deploy it before the next attack, real or claimed, forces the world to learn the lesson again.
Community is the new central bank. And in the age of AI warfare, community—decentralized, global, value-aligned—is also the new defense perimeter.
