Defence AI

Overview#

Defence AI has moved out of the laboratory: NATO members and major partners now have funded AI strategies, dedicated AI organisations (US Chief Digital and Artificial Intelligence Office, UK MoD Defence AI Centre, French AMIAD), and active programmes across ISR, autonomy, and decision-support. The shift in 2023-26 has been from research demonstrators to fielded systems — though carefully bounded by responsible-AI doctrine and human-on-the-loop constraints.

Practically, defence AI deployments split by classification tier. OFFICIAL workloads (UK) and unclassified/CUI (US) can use sovereign-cloud or hardened commercial environments. OFFICIAL-SENSITIVE and SECRET (UK) or IL5/IL6 (US) require dedicated environments — typically Yobitel-class sovereign deployments or government cloud regions. TOP SECRET (UK) and equivalent run in dedicated, often air-gapped, infrastructure.

Common workloads#

• ISR — multi-source intelligence fusion across SIGINT, GEOINT, OSINT; foundation-model summarisation of intelligence reporting; object detection and tracking in EO/IR/SAR imagery.
• Autonomous systems — UAS / UGV / USV perception, autonomy, and swarming. Strict human-on-the-loop for any lethal effect under UK and US doctrine.
• Command-and-control and battle management — course-of-action generation, logistic planning, sensor-to-shooter integration under JADC2 / MISP frames.
• Training and simulation — synthetic environments for force-on-force training, NPC behaviour, after-action review generation.
• Cyber operations — defensive automation, threat hunting, malware analysis; offensive applications are tightly controlled.
• Logistics and sustainment — predictive maintenance for fleets, parts forecasting, supply-chain mapping.
• Personnel and HR — talent management, recruitment screening (subject to high-risk AI rules where applicable).

Regulatory and compliance landscape#

In the UK, the Defence AI Strategy (2022) and the Defence Artificial Intelligence Playbook (2024) frame the policy environment. JSP 936 governs the dependable AI lifecycle. Sovereignty is set by JSP 440 and the Government Security Classifications policy — OFFICIAL, OFFICIAL-SENSITIVE, SECRET, TOP SECRET. The MoD Secure by Design framework applies. DSTL is the principal R&D organisation.

In the US, DoD Directive 3000.09 (Autonomy in Weapon Systems) and the DoD Responsible AI Strategy and Implementation Pathway set doctrine. The CDAO leads enterprise AI. Cloud-side, the FedRAMP High and DoD Impact Levels (IL2 / IL4 / IL5 / IL6) define cloud security tiers — most operational AI runs in IL5 (CUI / Mission Critical) or IL6 (Secret).

Cross-alliance, the NATO Principles of Responsible Use for AI in Defence (six principles: lawfulness, responsibility, explainability, reliability, governability, bias mitigation) anchor the multilateral framework, and the political declaration on responsible military use of AI (Hague, 2023) extends the consensus.

Where AI is shipping today#

Computer-vision-based ISR is the largest production category — multiple programmes are operationally fielded across NATO members for EO/IR/SAR object detection, tracking, and change detection. Foundation-model summarisation of unstructured intelligence reporting has moved from pilot to production at several agencies.

Autonomous systems remain heavily bounded — most fielded autonomy is in navigation, mission-planning, and non-lethal tasks, with human authorisation required for any lethal action under both US DoD 3000.09 and UK JSP 936. Training and simulation has rapidly absorbed generative AI for synthetic data, scenario generation, and after-action review summarisation.

Pitfalls#

• Classification creep: a workload that starts in an OFFICIAL environment can pull in OFFICIAL-SENSITIVE data and become non-compliant overnight. Strict input-class gating is required.
• Hallucinated intelligence: LLM-generated summaries of HUMINT or SIGINT can fabricate sources or relations. Citation rendering and refusal modes are mandatory.
• Adversarial robustness: ISR vision models are vulnerable to physical-world adversarial perturbations; red-teaming against expected adversary techniques is necessary.
• Procurement drag: government accreditation cycles (UK List X, US ATO) routinely take 12-24 months. Architecting for reuse of existing ATOs is faster than seeking new ones.
• Export control: ITAR and UK export-control regulations apply to model weights and training data — workforce mobility and code-sharing must be designed around them.

Yobitel stack mapping#

Yobitel ships sovereign AI for defence and national-security customers in the UK and partner nations. Deployments anchor in OFFICIAL or OFFICIAL-SENSITIVE environments under NCSC Cloud Security Principles, with FedRAMP-equivalent paths for partner nations. Yobibyte and Omniscient Compute operate inside the customer's accreditation boundary; air-gapped variants are supported.

• Yobibyte — sovereign deployment with NCSC-aligned controls and customer-managed keys.
• Omniscient Compute — capacity routing within the accreditation boundary; no cross-tier spill.
• Edge inference appliances for tactical and forward deployment.
• Agentic RAG over doctrine, intelligence reporting, and ops logs with citation-first grounding.