On the evening of 19 May, a Romanian Air Force F-16 flying under NATO’s Baltic Air Policing mission shot down a drone over Estonian airspace. It was the second such incursion in forty-eight hours: on 17 May, a drone crashed in a forest in the Utena district of Lithuania; on 7 May, two further drones entered Latvian airspace, and one of them exploded at an oil storage facility in Rēzekne.
Throughout the spring of 2026, drones presumed to be Ukrainian AN-196 long-range strike drones have been pushed off course by Russian electronic warfare from Kaliningrad, drifting into Baltic and Finnish airspace. These drones, sometimes recovered intact, triggered alarms more than 10 times across the region. The interference itself is visible in open-source aviation data: the public GPSJAM map, built from ADS-B Exchange aircraft-navigation reports, has shown the Baltic and Black Sea regions as continuous high-interference zones for most of the period since February 2022.
Several incidents now bring the war beyond the borders of Ukraine and Russia, and with that, closer to the wider European neighbourhood. Romania’s defence ministry recorded seven airspace violations, eleven recoveries of munition fragments and eighteen air-policing scrambles in the first four months of 2026 alone, and Poland invoked Article 4 of the NATO treaty in September 2025 after roughly twenty drones launched from Russia entered Polish airspace overnight. The Baltic and Black Sea airspace is now a kinetic frontier of a conflict NATO members are not formally party to, and the crossings are routine enough that they barely make the front pages.
These kinetic incidents are part of a broader campaign that includes cognitive operations across Europe. These cases represent a unified operational picture rather than isolated events. Our region is in a state that is neither formally wartime nor peacetime, contrary to traditional institutional assumptions. This intermediate posture will shape the next decade, with artificial intelligence playing a critical role in both kinetic and cognitive conflicts.
My work is grounded in this context. I founded Revontulet as a civilian intelligence company to address threats across state-aligned operations, organised crime, and violent extremist movements, which increasingly share platforms, infrastructure, and AI tools. These categories often overlap, a phenomenon NATO and EU analysts refer to as hybrid warfare: coordinated activity across military, cyber, information, and economic domains that remains below the threshold of declared war. Institutional responses must acknowledge this overlap while maintaining the distinct approach each threat actor requires. The analysis is based on our casework from the past eighteen months.
What AI is doing in hybrid warfare
Empirical evidence from 2024 and 2025 is more substantial than the existential-risk debate suggests. Case material falls into three operational categories: state-led influence and information operations, throughput substitution in adversarial criminal and cyber pipelines, and aesthetic infrastructure within extremist communities. The first category is the most significant in both scale and strategic impact.
AI primarily amplifies established behavioural and threat patterns rather than introducing new ones. Techniques such as vulnerability scanning, malware iteration, content-based electoral interference, social engineering, and coerced harvesting of intimate material remain largely unchanged. The main difference lies in cost and throughput: threat actors can now inflict significantly more damage with fewer resources and much faster iteration cycles, reducing timelines from months to days, and costs from millions to near zero.
The cognitive front of the same campaign has been running in parallel across our European neighbourhood. Moldova’s 20 October 2024 presidential election was preceded by what President Maia Sandu and OSCE/ODIHR observers called illicit foreign interference and large-scale vote-buying, with OCCRP documenting roughly USD 15 million in illegally transferred funds routed through Telegram and cryptocurrency rails. Romania’s Constitutional Court annulled the first round of its own December 2024 presidential election after declassified intelligence on coordinated foreign-aligned TikTok amplification of a marginal candidate became impossible to ignore. Georgia spent 2024 and 2025 absorbing a Russian-modelled “foreign agents” law against the wishes of its electorate, and further south, fourteen Western allies in August 2025 jointly documented a surge in Iranian-directed assassination, kidnapping and harassment plots across six European countries.
The AI infrastructure supporting these operations is now visible in the open record. The Pravda network, a cluster of 150-plus Russian-linked websites identified by VIGINUM in February 2024 and tracked publishing roughly 3.6 million articles per year across more than fifty languages, is not really aimed at human readers: NewsGuard’s March 2025 audit found the ten leading consumer chatbots repeating Pravda-sourced narratives in roughly a third of test interactions, in what NewsGuard calls “LLM grooming”: the deliberate seeding of generative-AI training corpora and live retrieval flows with state-aligned narratives, the first publicly documented industrial-scale data-poisoning operation against the consumer AI stack.
Microsoft has tracked the Kremlin-aligned Storm-1516 cluster distributing AI-enhanced deepfakes across the 2024 US election cycle. OpenAI’s June 2025 disruption report closed accounts tied to Russia, Iran, China, North Korea, and Israel that used ChatGPT across influence pipelines, and China’s Spamouflage operation now uses generative AI to write, voice, and package content across major platforms.
The second register, throughput substitution in adversarial criminal and state-aligned cyber pipelines, is now well documented. Anthropic’s August 2025 threat intelligence report documents a single coordinated extortion operation in which Claude was used end-to-end against at least seventeen organisations across healthcare, emergency services and government, with ransom demands sometimes exceeding USD 500,000, and OpenAI’s parallel disruption reports describe equivalent patterns in phishing, sextortion, CEO-fraud and influence pipelines. Both vendors have named the state-affiliated actors using their models for vulnerability research, malware iteration, social engineering, and reconnaissance: Chinese (Charcoal Typhoon, Salmon Typhoon), Russian (Forest Blizzard), Iranian (Crimson Sandstorm), and North Korean (Emerald Sleet) clusters all appear in the published list. The consistent finding is that the model’s value to the adversary lies in the throughput it enables across the pipeline, not in any specific capability the model offers.
The third register is aesthetic infrastructure inside extremist communities. In December 2024, working on a dataset connected to the broader violent-extremist ecosystem around the platforms collectively known as The Com, or what we now refer to as Misanthropic and Nihilistic Violent Extremism, we identified a trend in which the AI video tool Runway was being used to take perpetrator-produced footage of the 2019 Halle synagogue and Christchurch mosque shootings and rewrite the visual layer with a prompt approximating “everything is a minion from the cartoon Despicable Me”; the cartoon overlay was sufficient to launder the footage past mainstream platforms’ automated moderation.
In the same month, the fifteen-year-old shooter at Abundant Life Christian School in Madison, Wisconsin circulated an AI-modified version of her own Columbine-style pre-attack selfie. The same register has surfaced in Islamic-State-affiliated propaganda channels in the aftermath of the March 2024 Crocus City Hall attack in Moscow, in the 2024 Spanish Policía Nacional arrest of a young media operator producing AI-assisted jihadist multimedia, and in AI-driven “cottagecore” content targeting young women as an entry-point into hyper-traditionalist/tradwife communities. AI use of this kind is now visible in jihadist material out of Southeast Asia, Central Asia and the Middle East and North Africa, in misanthropic-nihilistic content across America and Europe, in Southeast Asian Manga-styled propaganda and in right-traditionalist content across all of those regions.
Kinetic and cognitive are two sides of the same coin
The actors behind these three registers do not respect the historical line between extremist movements, state-aligned operations, organised crime and the cybercriminal layer. The same Telegram channels that distribute infrastructure-attack instructions to nihilistic networks also host extortion logistics, propaganda generated with consumer-grade AI tools, and recruitment material aimed at minors. The clearest worked example on the kinetic side is the Terrorgram Collective, designated as a terrorist entity by the United States in January 2025 and by Canada and New Zealand in December 2025. The collective published tactical playbooks for attacks on civilian critical infrastructure, which demonstrably have crossed into the world: the convicted Baltimore power-grid plot, and the Terrorgram-inspired Bratislava attack on a Slovak LGBTQ venue sit on the same continuum.
Similarity in tradecraft does not equate to equivalence in actor type, and conflating the two leads to poor analysis. A misanthropic-nihilistic violent-extremist network grooming a teenager for sextortion is not operationally equivalent to a Russian state-aligned vote-buying ring funnelling cryptocurrency into Moldova. Non-state extremist networks lack formal command structures, diplomatic presence, and accountable hierarchies, resulting in individual harm patterns even when transnational. State-aligned operations have command structures, doctrines, budgets, and a coherent strategic intent, with patterns of systemic harm and accountability. While both categories may use overlapping platforms, tools, and sometimes infrastructure, their required response architectures differ. Defenders must triage across categories without conflating them, which is the core function of cross-domain methodology and what Revontule’s intelligence platform, Cortexia, is designed to support.
The bill arrives at your door
The bill from hybrid warfare increasingly arrives at civilian addresses. It arrived in Riga two weeks ago at the Rēzekne oil terminal, a piece of civilian energy infrastructure that took a kinetic hit from a Russian-jammed Ukrainian strike drone. The damage to the facility is the direct civilian-asset cost; the indirect costs are larger. The coalition crisis that ended in the resignation of Prime Minister Evika Siliņa on 14 May interrupted Latvian state-level decision-making for the period a national government would otherwise have been responding to the incident, and Russia’s SVR escalation of the same incursion into an open threat against Riga over alleged Ukrainian launch infrastructure on Latvian soil, followed by Dmitry Medvedev floating the suggestion that the Baltic states invoke Article 5 against Ukraine, is the kind of public signal that re-prices Baltic jurisdictional risk for anyone considering operations or capital allocation in the region. The defence budget does not absorb any of this. Civilian balance sheets do, in lost revenue, broken supply chains, ransom demands, brand collapse and statutory liability under the new regulations.
Civilian companies are paying for hybrid warfare now, whether or not they consider themselves security-relevant, and the numbers are not abstract.
Anthropic’s August 2025 threat report documents that Claude was used end-to-end in a single coordinated extortion operation against seventeen organisations across healthcare, emergency services and government, with ransom demands exceeding USD 500,000 per target.
The NotPetya attack that spread from a Ukrainian tax software compromise to Maersk in 2017 cost the shipping company roughly USD 300 million in direct damage, and the September 2023 ransomware event at MGM Resorts cost the company roughly USD 100 million in lost revenue from a single incident. Houthi attacks in the Red Sea pushed Asia-Europe container shipping rates from roughly USD 1,800 per FEU pre-crisis to a July 2024 peak above USD 8,400, adding ten to fourteen days of transit time via the Cape of Good Hope, with the cost landing on importers rather than on the missile budget.
The AI-generated image of a fake Pentagon explosion in May 2023, spread from a verified Twitter account impersonating Bloomberg News, briefly moved the S&P 500 down by 0.3% before the hoax was identified, in what was likely the first AI-generated image to move a major equity index. Deepfake content has moved out of the public-relations risk register and into the operational one.
The regulatory liability has shifted in the same direction. NIS2 carries fines of up to EUR 10 million or 2% of global turnover, DORA reshaped operational resilience across the European financial sector, and DSA penalties can reach 6% of global turnover. Hybrid-threat exposure has moved up the org chart, from the IT-budget line into board-level fiduciary territory, with personal liability often landing on leaders.
Built for fast, or not
Five years ago, running an operation of the kind Pravda or Storm-1516 represented costs of millions of dollars: linguists, content production, distribution networks, attribution-laundering infrastructure, and a sustained operational tempo over months. Today, with foundation models handling translation, localisation, content production, and scheduling, the same operation costs almost nothing. The cost curve has collapsed by orders of magnitude in five years, the iteration cycle has compressed from months to days, and there is no defensible reading of the trajectory in which either stops moving.
Norway is generally not known for rapid action. Institutional reflexes favour careful planning, lengthy procurement cycles, and broad consensus, which serve well in stable periods. The investor landscape leans toward risk aversion, working within its comfort zones built under the presumption of peace and stability that Norway has traditionally enjoyed. In the current threat landscape, this becomes a liability when threats evolve in a few months while procurement takes years. A significant cultural shift will be required in startups, among our backers, and in government, defence, and procurement over the next few months, for Norway to stay ahead of the threat.
Ukraine has demonstrated in live combat the institutional model that matches this required tempo. Small, technically skilled startups, funded and procured at startup speed, are outpacing both Russian threats and legacy defence contractors. These organisations operate with cross-sector reach, rapid build-and-deployment cycles, and a doctrine that treats civilian and national-security harm as a unified challenge.
Norway should not replicate a single Ukrainian company, but rather the ecosystem that enables their success: innovation capital and venture funding directed to civilian-first companies operating within the Totalforsvaret framework and sustained by commercial civilian work. This ensures both investor returns and national resilience. Norway needs more of this institutional model, and our funding and procurement systems must adapt accordingly.
Cortexia, the platform we built for this
The cost curve benefits both attackers and defenders, provided we operate at the same tempo. Cortexia is the civilian intelligence and analysis platform developed for our practice and now available externally. Unlike most threat-intelligence platforms that focus on accumulating signals and content, Cortexia encodes expertise on threat actor behaviour across networks and domains, treating this behavioural model as its core asset. Cortexia can be deployed as managed SaaS on European hosting at cortexia.co, on dedicated hardware for public-sector and regulated industries requiring full runtime control, or fully air-gapped for classified work and critical-infrastructure operators. This deployment flexibility allows the same product to support both a Nordic newsroom during an election cycle and a critical-infrastructure operator without public internet access.
Cortexia is onboarding its first external users this week, including Fojo Media Institute at Linnaeus University, through Valkollen. This initiative defends the Swedish 2026 general election against information operations and hybrid threats. The threat environment involves a Nordic election cycle on Russia’s border, with the described techniques already present in the region. Our work includes narrative tracking across platforms, cross-platform attribution, source-grounded and evidence-based analysis. This is delivered by a Norwegian-built civilian intelligence stack, now in production with Swedish media-resilience institutions to counter a transnational AI-augmented threat landscape.
Norway as launchpad: trust, sovereignty, stability
The case for building this type of company in Norway is primarily commercial rather than patriotic, supported by three key indicators. Norway leads the Economist Intelligence Unit’s Democracy Index with a global score of 9.81, maintaining first place for over a decade. It also scores 100 out of 100 on Freedom House’s Freedom in the World 2025 report and ranks in the top tier of both Transparency International’s Corruption Perceptions Index and the Edelman Trust Barometer. As procurement increasingly considers supplier jurisdiction as a risk factor, this combination provides a significant commercial advantage.
Three recent episodes have demonstrated the operational importance of European jurisdictional independence. Trump-era sanctions against International Criminal Court prosecutor Karim Khan in February 2025 allegedly led Microsoft to suspend his email account and require him to migrate to a Swiss-based service. The Court later announced a move from Microsoft Office to OpenDesk.
In December 2025, the same administration imposed a visa ban on former EU Internal Market Commissioner Thierry Breton over the DSA and considered sanctions against the EU and member-state officials.
The Greenland crisis, marked by repeated US presidential statements about territorial annexation, a joint statement on territorial integrity by seven European countries, and Greenland’s Prime Minister Jens-Frederik Nielsen’s “we choose Denmark” declaration at the Copenhagen Democracy Summit in May 2026, confirmed that questions of sovereignty now have direct commercial implications also in the Nordics. European intelligence work conducted on US-controlled software stacks is, in 2026, a fundamentally different commercial decision than it was in 2022.
Beyond institutional trust and sovereignty, Norway’s doctrinal framework is particularly supportive. Totalforsvaret, Norway’s total-defence doctrine, integrates civilian and military resilience, and 2026 is designated as the national Total Defence Year. Revontulet is a civilian company with a civilian focus, whose work has significant applications for Norwegian and Nordic national security within the Totalforsvaret framework. This doctrinal alignment is not a marketing position but the operational condition the company was established to address.
What we are building
The drone shot down over Estonia on 19 May will not be the last. Future incursions will likely occur closer to home, with AI-driven narratives in Nordic languages and vote-buying operations in smaller, less resilient jurisdictions. Institutions that adapt to this intermediate posture within the next eighteen to twenty-four months will be those still developing relevant tools five years from now. The Norwegian and broader Nordic operating environments are among the few in Europe where such adaptation can realistically occur at the required pace.
This adaptation requires a class of civilian-first security companies operating within the Totalforsvaret framework and sustained by civilian commercial work, supported by patient venture capital that has been inconsistently available in the Nordics. Revontulet is already operating in this model, and Cortexia is the platform we developed for this purpose. We invite founders, investors, procurement officers, and policy practitioners to help build this institutional form with us. The applied-AI landscape for civilian-first security is wide open, and the seed-stage case for a Nordic cross-domain stack is strong. When evaluating suppliers, the key question is whether they can iterate as quickly as the threat actors they track.
The Cortexia expression-of-interest form is available at cortexia.co/f/expression-of-interest-form; public launch is later this year, and the form will secure your place on the invite list.
We are not formally at war, but we are clearly no longer at peace. There is a critical role for companies in the response, and we intend to be among those building it from here.