What the Systems Don't See

Outdated knowledge cutoffs and data currency lead to civilian deaths during wartime.

3/5/20257 min read

a group of people standing next to each other
a group of people standing next to each other

For the past week, the dominant story in AI and national security has been a corporate standoff. Dario Amodei, the CEO of AI company Anthropic, refused to let the Pentagon use Anthropic’s Claude model for mass domestic surveillance or fully autonomous weapons. The Defense Department responded by designating Anthropic a supply chain risk to national security, a classification previously reserved for foreign adversaries. President Trump and Pete Hegseth designated the company “left-wing nut jobs.” Sam Altman and OpenAI stepped in and took the contract - a move they may now be regretting, as it triggered a massive boycott of ChatGPT in the days that followed.

The drama generated enormous coverage, and the underlying dispute is genuinely important. Corporate ethical accountability in AI matters. The question of whether private companies can - or should - impose limits on how governments use their systems is a defining question, especially with the speed and power of AI supported technologies.

But the fight is also a distraction. The branded, headline‑friendly models - Claude, GPT, Gemini - sit on top of a much larger, largely invisible infrastructure. Beneath them are targeting algorithms, surveillance networks, and pattern‑matching systems that have been making life‑and‑death recommendations for years. It is really important, now more than ever, to be asking what data those systems rely on, how old that data is, and what happens when it is wrong.

900 Strikes in 12 Hours

On February 28, 2026, the United States and Israel launched Operation Epic Fury against Iran. In the first twelve hours alone, U.S. and Israeli forces reportedly carried out nearly 900 strikes on Iranian targets - an operational tempo that would have taken days or weeks in earlier conflicts. The speed was only possible because artificial intelligence had compressed the decision cycle: identifying targets, cross-referencing intelligence, modeling strike sequences, recommending actions, all at machine speed.

This is not new. Project Maven, the U.S. military’s flagship AI targeting program launched in 2017, has applied machine learning to analyze drone footage and support targeting decisions across conflicts in Iraq, Syria, and Ukraine. In Gaza, the Israeli military deployed at least three AI systems: Gospel, which automatically reviewed surveillance data and recommended buildings and infrastructure to bomb; Lavender, an AI-powered database that generated lists of Palestinian men algorithmically linked to Hamas; and a third system known as Where’s Daddy, which predicted when targets would be at home. Together, these systems enabled the Israeli Air Force to strike more than 22,000 targets inside Gaza, at a daily rate more than double that of any previous conflict.

The argument for AI in targeting is precision. Faster processing, more data, fewer human errors. But researchers who study these systems have reached a different conclusion. “In practice, AI is accelerating the kill chain - the process from identifying a target to launching an attack,” said Lauren Gould, a researcher at Utrecht University. Speed and precision are not the same thing. And when decisions happen at machine speed, human review becomes a formality.

man in black and white checkered dress shirt sitting on black office rolling chair
man in black and white checkered dress shirt sitting on black office rolling chair
The Data Problem

The specific failure mode that is almost entirely absent from public reporting on AI and warfare is that these systems act on data. And data has a collection date.

For the large language models that have dominated recent headlines - Claude, GPT, Gemini - that date is called a knowledge cutoff. It is the point after which the system has no information. Claude’s reliable cutoff is August 2025. GPT-4o’s is October 2023. These aren’t rolling updates. They are snapshots. A question about something that changed after that date will be answered with confidence, using information that is no longer true.

Targeting systems, surveillance networks, and intelligence fusion platforms work differently - they are not LLMs, and they do not have training cutoffs in the same sense. What they have is a related but distinct problem: data currency. The intelligence records, satellite imagery, facility classifications, and pattern-of-life analyses they draw on all have collection dates. A satellite pass from eighteen months ago. A facility designation that was accurate when it was made but has not been reviewed since. A site that was military infrastructure when it was classified, and is now a school.

Sites change. Buildings are repurposed. Schools are built next to bases. Bases expand into neighborhoods. Decommissioned military sites become hospitals or markets. Dual-use infrastructure - a port, a road, a communications tower - serves both civilian and military purposes simultaneously, and the system makes a classification call based on whatever record it has. If that record is stale, the call may be wrong. And the system does not know the record is stale.

This is the shared vulnerability across all of these systems, regardless of architecture: they cannot flag their own ignorance. An LLM answers confidently about a world that has moved on. A targeting system recommends a strike against a facility whose status changed two years ago. In both cases, the uncertainty has been laundered out before the output reaches a human. What arrives is a recommendation, not a probability. A target, not a question.

And yet these are the systems now embedded in military operations. Claude was deployed on Pentagon classified networks through Palantir, used for intelligence analysis, target identification, and battle scenario modeling. GPT and Gemini hold their own Pentagon contracts. Project Maven has applied machine learning to targeting decisions across multiple conflicts since 2017. In Gaza, Gospel and Lavender generated bombing recommendations at a pace no human analyst could match.

The targeting algorithms, surveillance networks, and intelligence fusion platforms operating on classified military networks do not disclose their update schedules or data currency standards. There is no public record of when the underlying intelligence records were collected, how frequently they are reviewed, or what mechanisms exist to flag when a site’s status has changed. A targeting system working from records collected two years ago is not looking at a location. It is looking at a memory of it. And it does not know the difference.

The International Committee of the Red Cross has named this failure mode directly. If the intelligence records or training data used to build a targeting model are biased, incomplete, or outdated, there is a real risk that the system will misclassify a school as an ammunition depot or mistake a civilian vehicle for a military convoy. The legal requirement of distinction - the foundational international humanitarian law principle that requires attacks be directed at military objectives and not civilians - depends entirely on the system having accurate, current information. When it does not, distinction fails. And under current accountability structures, nobody is responsible for that failure.

This is not hypothetical. In 2021, a U.S. drone strike in Kabul killed ten civilians, including seven children. An aid worker delivering water had been misidentified as an ISIS-K operative through a series of surveillance errors - water jugs read as explosives, a routine route read as suspicious pattern-of-life. In Gaza, AI-infused targeting platforms misclassified aid workers as hostile elements. On February 28, a guided missile struck a girls’ elementary school in Minab, Iran, at 10:45 in the morning. 165 people were killed, most of them children. Neither the U.S. nor Israel has accepted responsibility.

The Pentagon’s own oversight reviews found consistently that AI systems could not overcome incomplete records, inconsistent data standards, and legacy software that could not share information across commands. Where data foundations were weak, the systems failed - and the failures were invisible until after the strike. These were not edge cases.

Inspector General reports documented the same pattern across multiple commands, multiple theaters, multiple years: the underlying data infrastructure was not built to support the systems being layered on top of it. AI amplified existing intelligence, but it also amplified existing gaps - at speed, and with a confidence the underlying data did not warrant.

This may account for the Minab school strike. It may also account for what Trump himself described as an overzealous decapitation strike - one that killed not just the intended targets but the identified candidates to replace them. “The attack was so successful it knocked out most of the candidates,” Trump told ABC’s Jonathan Karl. “It’s not going to be anybody that we were thinking of because they are all dead. Second or third place is dead.” A system optimized to identify and eliminate leadership nodes does not distinguish between enemies and successors. It finds the network, and it strikes it.

Uncertainty Laundered Into Confidence

There is a second failure mode that compounds the data problem, and it is structural. AI targeting systems do not transmit uncertainty to human operators. They transmit recommendations. A commander looking at an AI‑generated target list sees a list - not a probability distribution, not error bars, not timestamps showing when the underlying data was collected. The system’s confidence in its own output, no matter how stale or incomplete the inputs may be, is what moves up the chain. The uncertainty is stripped out long before it reaches the person nominally responsible for the decision.

Researchers call this automation bias: the tendency for operators to defer to machine recommendations without real scrutiny, especially under time pressure or when they feel outmatched by the complexity of the task. At 900 strikes in 12 hours, the pressure is formidable. A commander reviewing AI‑generated targets at that pace is not exercising meaningful judgment - they are simply clearing a queue. The “human in the loop” requirement that governs legal and ethical use of these systems becomes, in practice, a formality.

The Incomplete Story

The fight between Anthropic and the Pentagon is worth covering. Corporate ethical accountability in AI is real and matters. But the questions that need to be asked are not about which company holds the Pentagon contract. They are about the underlying systems. We must audit the architecture and ask: How old is the data? What does the system not know? When it is wrong, who is responsible? And when a guided missile strikes a school full of girls at 10:45 in the morning, is there any mechanism - any mechanism at all - to find out whether the algorithm knew the school was there?

Right now, the answer is no.

AI Impact Report | Published March 2026 | All facts sourced to named, dated outlets. The Minab school strike remains under investigation; responsibility has not been formally established.

Operation Epic Fury / Iran Strikes

https://x.com/jonkarl/status/2028299468223676673

Project Maven

Israel Gaza AI Systems

Lauren Gould / Kill Chain

Kabul 2021 Drone Strike

Anthropic/Pentagon

Minab

photo of outer space
photo of outer space

© 2026. All rights reserved.