The Cloud Has an Address. Iran Just Proved It Can Burn.
Iran's drones struck three Amazon Web Services data centers in the UAE and Bahrain on March 1 - the first confirmed military attack on hyperscale cloud infrastructure in history. Two AWS availability zones went dark. Banks froze. Payment platforms stalled. And a $2.2 trillion bet on the Gulf as the nerve center of the AI age suddenly looked a lot more fragile than Silicon Valley had assumed.
Data centers - once considered commercially neutral civilian infrastructure - are now recognized military targets. Photo: Pexels
A Theoretical Risk Becomes a Concrete Precedent
Wars have always targeted the infrastructure of their age. Medieval armies burned granaries. Modern ones cut communications cables and bomb power grids. Iran, under sustained attack from U.S. and Israeli forces since February 28, 2026, has been true to that historical logic - striking oil infrastructure across the Gulf and closing the Strait of Hormuz to commercial shipping.
But Tehran read the new playbook too. When its drones struck AWS facilities in the UAE and Bahrain over that first weekend of March, the message was deliberate and specific: the cloud has a physical address, and that address burns like everything else.
It was not an accidental escalation. Iran's Islamic Revolutionary Guard Corps targeted three distinct data center facilities across two countries. The strikes were coordinated. The choice of targets - hyperscale cloud infrastructure owned by the world's largest e-commerce company - was a calculated statement about what constitutes strategic infrastructure in 2026.
"A theoretical scenario has become a concrete precedent. This does not necessarily introduce a new risk so much as it validates what was already in every serious threat model." - Kristian Alexander, senior fellow, Rabdan Security and Defence Institute, Abu Dhabi
Amazon's UAE region lost two of its three availability zones simultaneously - a failure mode its redundancy architecture was not designed to handle. AWS engineers had built their regional infrastructure assuming that any single zone going offline could be absorbed by the remaining capacity. Two zones going dark at once eliminated that buffer. The company issued an advisory asking customers to "consider migrating workloads" out of the Middle East, warning that the regional operating environment "remains unpredictable." [AWS Health Dashboard, March 2-5, 2026]
Banks operating on AWS infrastructure went dark. Payment platforms failed. Enterprise software platforms serving millions of users across the UAE and wider Gulf region lost connectivity. The outage lasted for days before partial service was restored. Some workloads are still being rebuilt.
Hyperscale data centers require constant power and cooling - physical infrastructure vulnerable to kinetic attack in ways that software-defined redundancy cannot always address. Photo: Pexels
The $2.2 Trillion Bet Nobody Insured Against Missiles
To understand why this matters beyond the immediate outage, you need to understand what Silicon Valley had built in the Gulf - and why it built it there.
Over the past two years, a convergence of capital, geography, and geopolitical alignment had turned the Arabian Gulf into what many in the industry privately called "the next Silicon Valley" for AI infrastructure. The region had three things the United States increasingly lacked: cheap energy, sovereign capital of staggering depth, and a geography that positioned it as a natural crossroads between Europe, Asia, and Africa.
Microsoft committed $15.2 billion to UAE data center expansion by 2029. Amazon pledged $5 billion for an AI hub in Riyadh, in partnership with Saudi Arabia's state-backed Humain fund. Nvidia agreed to supply up to 600,000 graphics processing units to the kingdom - the same chips that are rationed, classified, and subject to extensive export controls when it comes to China. OpenAI, Oracle, and Abu Dhabi's G42 announced Stargate UAE: a planned 5-gigawatt AI campus in Abu Dhabi that would be the largest AI facility outside the United States. [Microsoft, Amazon, OpenAI press releases, 2025; CNBC]
The scale of Silicon Valley's Gulf commitments - each now facing reassessment in the context of an active war. Source: BLACKWIRE analysis / company filings
When President Trump toured the region in May 2025 and returned with $2.2 trillion in investment pledges, it felt like a capstone on a new geopolitical architecture. The Gulf states had chosen Washington over Beijing. They were cutting ties with Huawei, aligning with U.S. chip suppliers, and betting their economic diversification on AI rather than oil.
The logic was compelling: energy, capital, geography, and political alignment, all in one place.
Then Trump decided to strike Iran. And the entire elegant structure met a drone.
What was actually built:
- Microsoft: $15.2B committed to UAE by 2029 (operational facilities, under expansion)
- Amazon AWS: UAE and Bahrain regions with multiple availability zones (three DCs struck March 1)
- Stargate UAE: 5-gigawatt campus announced, Abu Dhabi - groundbreaking reportedly under review
- Humain/Amazon: $5B Riyadh AI hub in Saudi Arabia
- Nvidia/Saudi Arabia: Up to 600,000 GPUs contracted for Humain
- Total Trump-era Gulf tech pledges: $2.2 trillion (across all sectors)
The Security Framework That Looked the Wrong Direction
The most damning thing about the March 1 strikes is not that the risk was unforeseeable. It is that it was foreseen - and systematically ignored.
Analysts at the Center for Strategic and International Studies had warned explicitly in a paper published weeks before the war that adversaries targeting Gulf infrastructure would follow the same logic as previous conflicts: when oil was the critical resource, pipelines and refineries were hit. In the compute era, data centers and fiber chokepoints would be the equivalent targets. The question, they wrote, was not whether this would happen, but when. [CSIS, "If Compute Is the New Oil, War in the Gulf Significantly Raises the Stakes," February 2026]
Washington's response was to build a security architecture oriented entirely in the wrong direction. The January 2026 Pax Silica initiative brought the UAE and Qatar into a U.S.-led effort to keep Nvidia chips out of Chinese hands. Abu Dhabi's G42 cut ties with Huawei. Saudi Arabia's Humain aligned with U.S. suppliers. Export controls were tightened. Supply chains were audited.
None of this said a word about protecting the physical facilities those chips would power from Iranian missiles.
"U.S. government and industry leaders have prioritized expansion over kinetic risk mitigation, reflecting how AI development is outpacing national security doctrine. Undersea cable routes are geographically constrained with fewer options for physical bypasses." - Sam Zabin, fellow, Center for Strategic and International Studies
The gap is structural. Oil infrastructure has had decades of conflict exposure and is deeply embedded in military planning. The Pentagon has contingency plans for pipeline disruptions, tanker attacks, and refinery fires. There are prepositioned naval assets, rapid response protocols, and international frameworks for protecting energy infrastructure.
For data center infrastructure, none of this exists yet. The cables do. The server halls do. The security frameworks do not.
"The security frameworks underpinning the U.S.-UAE AI partnership appear to have focused on supply chain control and geopolitical alignment, not on physical defense during high-intensity conflict." - Ali Bakir, assistant professor of international affairs, Qatar University
The physical layer of the internet - cables, cooling systems, power feeds - has no equivalent of NATO Article 5 protection. Photo: Pexels
Two Chokepoints, Seventeen Cables, One Very Bad Problem
The drone strikes on AWS data centers were alarming. The submarine cable situation may be worse.
Seventeen submarine cables pass through the Red Sea, carrying the vast majority of data traffic between Europe, Asia, and Africa. Additional cables run through the Strait of Hormuz, serving Iran, Iraq, Kuwait, Bahrain, and Qatar directly - and connecting wider Gulf networks to the global internet. Both passages are now effectively closed to the cable repair ships that would respond to any damage. [Rest of World, Doug Madory/Kentik, March 2026]
This matters because submarine cables break. The seafloor is not a stable environment. Ship anchors drag. Trawling nets catch cables. Seismic events cause breaks. Under normal conditions, specialized repair vessels respond within days to weeks, and most disruptions are resolved before users notice significant degradation.
Under current conditions, those repair ships cannot safely operate anywhere near the Red Sea or the Strait of Hormuz.
The precedent is already in the record. In February 2024, during a previous period of Houthi activity in the Red Sea, three cables were cut by the dragging anchor of a cargo ship struck by a missile. The damage disrupted approximately 25% of traffic between Asia, Europe, and the Middle East. One cable took five months to repair because vessels could not safely access the damaged area. [CNN, March 2024; Kentik analysis]
That was with only the Red Sea under threat. Both chokepoints are now simultaneously compromised - a combination that has, according to Kentik's director of internet analysis Doug Madory, never happened before in the history of global cable infrastructure.
Both major cable routes connecting the Gulf to global internet infrastructure are now in active conflict zones. Repair ships cannot safely enter either passage. Source: BLACKWIRE analysis / Kentik data
Iran has not deliberately targeted submarine cables - and probably will not, since severing cables near Hormuz would disrupt Iran's own connectivity. But the risk of accidental damage, or collateral strikes on cable landing stations onshore, is real and growing with every week the conflict continues.
"Closing both choke points simultaneously would be a globally disruptive event. I'm not aware of that ever happening." - Doug Madory, director of internet analysis, Kentik
Inside Iran's Digital Blackout
While Tehran was striking outward at Gulf cloud infrastructure, it was simultaneously shutting its own digital population down from the inside. Network intelligence data from Kentik shows that internet traffic into Iran collapsed on February 28 - the day the war began - and has remained near-zero ever since.
This is not infrastructure damage. The three largest Iranian networks - MCCI (Mobile Communications Company of Iran), MTN Irancell, and TIC (Telecommunication Infrastructure Company) - all dropped to negligible traffic levels simultaneously. The timing and coordination indicate a deliberate government-ordered shutdown, not combat damage. [Kentik data, shared with Rest of World, March 2026]
Iran has deployed internet shutdowns before - during the 2019 fuel protests, authorities cut connectivity for 11 days to prevent protest coordination and suppress documentation of security force violence. The November 2019 shutdown killed an estimated 1,500 people before the outside world understood what was happening. This current blackout is indefinite, and Iran's 85 million citizens have been operating in an information vacuum since the war began. [NetBlocks; Amnesty International historical data]
The shutdown serves the regime in multiple ways. It prevents Iranians from seeing footage of Iranian military operations, casualty figures, or defections. It blocks foreign journalists from getting information out through Iranian sources. And it makes it harder for the population to coordinate any domestic resistance during a period of wartime stress.
The digital blackout also has an ironic dimension when viewed against Iran's offensive cyber and drone operations: a country demonstrably capable of striking AWS data centers in the UAE has chosen to protect its own population from the internet rather than use it as a tool of national resilience.
Iran's playbook combines offensive infrastructure attacks abroad with total internet control at home - a dual strategy that is becoming the template for authoritarian wartime digital management. Photo: Pexels
What Happens to $2.2 Trillion When the Insurance Voids Out
The immediate financial damage from the AWS outages is serious but recoverable. Amazon's rebuild timeline is measured in months. Microsoft and Google have not had direct strikes on their Gulf facilities and are continuing to operate. The UAE government's 1 trillion dirham ($270 billion) resilience package, announced March 18, stabilized the local financial system and kept credit flowing.
The deeper problem is what comes next for projects not yet built.
Standard commercial property and business interruption insurance policies exclude acts of war. Companies that had been preparing to break ground on Gulf AI facilities are discovering that the war-risk coverage market is extremely limited, extremely expensive, and often simply unavailable for the specific risks they now face. The Stargate UAE campus was announced with enormous fanfare. Whether it breaks ground as planned is now a question, not a certainty. [CNBC, March 2026; Rest of World, March 2026]
A month of escalating pressure on Gulf cloud infrastructure - from Hormuz closure to AWS strikes to the insurance vacuum. Source: BLACKWIRE timeline / public reporting
Saudi Arabia's Public Investment Fund has already signaled a 15% cut in planned capital spending, citing conflict uncertainty. Several UAE data center projects are reportedly under review. At the same time, oil revenues have climbed sharply since the Hormuz threat emerged, which means Gulf sovereign funds have more liquid capital available - just less appetite to deploy it into infrastructure that is now demonstrably in the crosshairs.
The sovereign wealth funds themselves are not existentially threatened. The Abu Dhabi Investment Authority and Mubadala control assets in the hundreds of billions and are specifically designed to "withstand volatility rather than respond to it," as economist Brett Rowley has noted. They will not collapse. But there is a meaningful difference between "funds intact" and "willing to sign a $5 billion construction contract for a campus that might get hit by a drone."
"The structural advantages have not yet changed, although the story is still being written. If this conflict continues, there will increasingly be a greater likelihood that major impacts will alter the perception of safety and value for the long term." - Ryan Bohl, senior analyst for MENA, RANE Network
The region most likely to benefit is India. Closer in latency than Europe to Gulf markets, with rapidly expanding domestic data center capacity, and connected via submarine cable routes that largely bypass the two compromised chokepoints - India is positioning itself as the obvious alternative hub for AI infrastructure serving Asia and Africa. Northern Europe and Southeast Asia will also see accelerated investment interest. None of these regions are replacements for the Gulf's unique combination of capital and geography, but they are increasingly compelling complements.
The Doctrine Problem Silicon Valley Has Not Solved
The Iran-Gulf cloud infrastructure crisis reveals something about how the AI industry has thought - or more precisely, refused to think - about the physical vulnerability of what it is building.
The standard Silicon Valley framing treats data centers as digital infrastructure: highly engineered, redundant, self-healing. Three availability zones means no single failure can take a region offline. Peered networks route around damage. Distributed architectures absorb shocks. The technical sophistication of these systems is genuine and impressive.
None of it matters when a drone flies into the building.
Oil has a security doctrine because oil has been targeted in war for a century. The 1973 embargo created energy security frameworks that still govern U.S. strategic petroleum reserves, pipeline routing decisions, and naval posture in the Gulf. That framework took decades of crises, legislation, and institutional learning to build.
For compute infrastructure, the equivalent framework does not exist. There is no strategic reserve of computing capacity. There is no equivalent of NATO's critical energy infrastructure protection protocols. There is no treaty framework obligating allies to defend each other's data centers the way they would a military base or an energy hub.
Sam Zabin of CSIS argues that the U.S. needs to begin treating Gulf data infrastructure the way it treats oil - integrating it into contingency planning, regional security coordination, and alliance architecture. "That framework took decades to build for energy," he told Rest of World. "For AI, it doesn't exist yet."
The cables do exist. The server halls do exist. The 600,000 Nvidia GPUs contracted for Saudi Arabia's Humain exist. The investments are real, the infrastructure is real, and the vulnerability is real. The doctrine is missing.
Abishur Prakash, a geopolitical strategist who covers tech and conflict, put it more bluntly: "Strategic planning revolved almost entirely around energy and financial flows, leaving technology infrastructure vulnerable. This is all inverted now, exposing the entire technology landscape and ambitions of the region."
The global internet was designed to route around damage - but its physical substrate of cables, landing stations, and data centers cannot be rerouted when the buildings are on fire. Photo: Pexels
Dubai Holds, But the Question Is How Long
Despite the strikes and the uncertainty, Dubai's tech ecosystem has shown remarkable resilience. The eight expat tech entrepreneurs and investors who spoke to Rest of World in mid-March were unanimous: they are staying. Some are even returning after brief absences.
The UAE air defenses, backed by U.S. systems, have performed strikingly well. As of March 22, they had intercepted more than 1,700 drones and 360 missiles fired from Iran. The physical city has sustained limited damage - mostly debris from intercepted projectiles rather than direct hits on populated areas. Daily life, for the most part, has continued. [Gulf News, UAE Ministry of Defense, March 2026]
The government's response has been disciplined. The 1 trillion dirham resilience package mirrors the playbook used during the 2008 financial crisis and the 2020 pandemic - releasing reserve capital, easing liquidity requirements, and keeping credit flowing to businesses navigating the uncertainty. The message from Abu Dhabi and Dubai has been consistent: this is turbulence, not collapse.
But the UAE has also arrested 109 individuals across multiple nationalities for filming and sharing footage of Iranian attacks - a quiet crackdown that reveals how carefully the government is managing the narrative around its vulnerability. Controlling the optics of missile interceptions is not the same as controlling the reality of insurance voids and ground-breaking delays.
"The UAE has spent 15 years building institutions specifically designed to decouple the business environment from regional turbulence. The variable I'd watch is not the war itself but how long it runs." - Mohammed Soliman, senior fellow, Middle East Institute
Duration is the central variable. The infrastructure that has already been built - operational AWS facilities, active Microsoft data centers, existing submarine cable connections - is resilient over weeks. Over months, the question becomes whether the reinforcement and redundancy investments that were planned will actually be made. Over a year or more, the accumulated insurance costs, delayed capital deployments, and rerouted investment flows start to add up to something that genuinely reshapes the Gulf's position in global AI infrastructure.
The March 1 strikes did not end Silicon Valley's Gulf bet. They did end the assumption that bet was risk-free. That assumption was always wrong - the analysts said so - but it took three burning data centers and two closed cable chokepoints to make everyone accept it.
The Second-Order Effects Nobody Is Talking About
Most analysis of the Gulf AI infrastructure crisis has focused on the immediate damage - outages, market reactions, project delays. The second-order effects are more consequential and less discussed.
The global AI race now has a geographic chokepoint risk. The United States is in an explicit AI competition with China. The Gulf was meant to be part of the answer to China's domestic chip and compute buildup - sovereign wealth capital flowing into U.S.-aligned infrastructure, GPUs going to Humain and G42 rather than SMIC and ByteDance. If Gulf AI investment cools, that capital does not vanish - it looks for other destinations, some of which may be less aligned with Washington's strategic interests.
The compute supply chain has a new kind of insurance problem. Before March 1, you could insure a Gulf data center against fire, flood, and equipment failure. After March 1, you cannot insure it against war - and war is now a demonstrated, not theoretical, risk. This creates a permanent risk premium on Gulf AI infrastructure that did not previously exist in actuarial models. Every future Gulf data center project will be underwritten against a backdrop of "previous facilities were struck by military drones," which is a sentence that was never true before this year.
Iran has published a targeting doctrine for the AI age. Whether or not the Gulf conflict ends in a ceasefire, every adversary of every major AI-investing nation has now seen a worked example of how to disrupt cloud infrastructure using kinetic means. The lesson is not that data centers are invulnerable or easy to hit - it is that hitting them is possible, produces measurable strategic effects (customer migration advisories, financial disruption, delayed investment), and triggers no specific defensive response from the international community, because no defensive framework for cloud infrastructure exists.
The geography of AI may quietly shift east. India's data center market was already growing before this crisis. Its submarine cable connectivity is largely routed via the Indian Ocean, bypassing both compromised chokepoints. Its sovereign wealth equivalent - a combination of central bank reserves, state-backed development finance, and private capital - is substantial and increasingly interested in AI infrastructure. The Gulf crisis accelerates a trend toward Indian AI hub development that was already in motion. This is not catastrophic for the Gulf, but it permanently changes the competitive landscape that Gulf sovereign funds will operate in when the war ends.
The first military strike on cloud infrastructure has happened. The precedent is set. The question for every tech company with operations in conflict-adjacent regions is no longer "could this happen?" It is: "now that we know it can happen, what do we actually do about it?" Washington has no answer yet. The cables are still there. The server halls are still there. The drones can find them.
Get BLACKWIRE reports first.
Breaking news, investigations, and analysis - straight to your phone.
Join @blackwirenews on TelegramSources: Rest of World (restofworld.org), Center for Strategic and International Studies (CSIS), Kentik network intelligence / Doug Madory, AWS Health Dashboard, CNBC, Al Jazeera, The Register, Reuters, Gulf News, UAE Ministry of Defense, Middle East Institute, Rabdan Security and Defence Institute, Qatar University. All data and quotes as of March 26, 2026.