Here is the wildest infrastructure power play you will hear about this week: Iran wants to charge Google, Meta, Amazon, and Microsoft licensing fees for undersea internet cables they do not own, running through waters that are not entirely Iran's to control.
On May 9, a spokesperson for Iran's military and the Islamic Revolutionary Guard Corps posted a blunt declaration that Iran would impose fees on internet cables passing through the Strait of Hormuz. Iranian state-linked outlets Tasnim and Fars quickly filled in the details, sketching out a plan where Tehran would collect license fees from American tech giants and — this is the part that really strains credibility — claim the exclusive right to repair and maintain those cables itself.
The legal and logistical case for this is shaky at best. Telecom research firm TeleGeography notes that most of the cable routes in question pass through Oman-controlled waters, not Iranian ones. That said, two of the key cables — FALCON and the Gulf Bridge International Cable System — do thread through Iranian territorial waters at certain points, which gives Tehran at least some geographic leverage, even if the broader claim is a stretch.
The cables in question primarily serve Gulf countries in the region, alongside the Asia Africa Europe-1 system. These are not backwater connections. More than 99 percent of all international internet traffic moves through undersea cables globally, and the ones running under the Strait of Hormuz are critical arteries for regional connectivity.
The timing matters here. Since the US and Israel launched strikes on Iran beginning February 28, the conflict has already frozen multiple undersea cable projects and suspended repair operations in the region. Iran's cable threats do not exist in a vacuum — they are part of a broader pattern of using infrastructure as a pressure point. Iranian state media has also issued what TeleGeography diplomatically described as veiled threats of physical cable damage.
Iran's actual ability to enforce any of this is genuinely unclear. The US military says it has destroyed 161 Iranian naval vessels since the conflict began, including fast boats operated by the Revolutionary Guard — the same forces that would theoretically be doing any cable enforcement in the water. So the operational capacity behind these threats is, to put it generously, diminished.
Still, even a threat with uncertain teeth can move markets and accelerate planning. Big Tech and Gulf states were already quietly exploring alternative cable routes that bypass the Strait entirely. Expect those conversations to get louder and move faster.
The broader lesson is one the internet infrastructure world has been learning the hard way for a few years now: the physical layer of the internet is geopolitical territory. From Houthi attacks on Red Sea cables to this latest Iranian gambit, the idea that undersea cables exist in some neutral, apolitical space has aged very poorly. The companies that built cloud empires on the assumption of frictionless global connectivity are now very much in the business of geopolitics, whether they signed up for it or not.
SECURITY
Four AI supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days
Four supply-chain attacks targeting the AI industry's biggest names — OpenAI, Anthropic, and Meta — landed within a 50-day window. If that pace feels aggressive, that is because it is. The AI sector is learning what the broader software world figured out after SolarWinds: your security is only as strong as the least-careful vendor in your ecosystem.
Supply-chain attacks are not about breaking down the front door. They work by compromising a trusted third party — a software library, a development tool, a data pipeline vendor — and hitching a ride into the target through a relationship that already has implicit trust baked in. For AI companies, the attack surface is enormous and relatively new. The tooling ecosystem around model development, training data pipelines, and deployment infrastructure has exploded in the last two years, and a lot of it has not been battle-tested the way legacy enterprise software has.
The concentration of incidents is what makes this stretch notable. Hitting three of the four most prominent AI labs in under two months suggests either a coordinated campaign targeting the sector specifically, or — perhaps more unsettling — that these companies share enough common vendors and tooling that a single weak link in the supply chain creates exposure across all of them simultaneously.
The response from the industry has been to push toward more structured vendor evaluation. OpenAI, Anthropic, and Meta have reportedly been involved in surfacing a vendor questionnaire framework designed to bring more rigor to how AI companies vet their third-party relationships. It is a reasonable first step, though questionnaires are famously better at creating paper trails than preventing actual breaches.
What makes AI supply chains particularly tricky is the data dimension. Traditional software supply-chain attacks typically focus on code execution — you want to run something malicious inside a trusted environment. AI supply chains add another vector: poisoning or stealing training data, manipulating model weights, or compromising the evaluation pipelines that tell a company whether its model is behaving correctly. The blast radius of a successful attack is not just operational disruption but potential corruption of the models themselves.
The 50-day window also lands at a sensitive moment for the industry. AI companies are pushing hard to win enterprise and government contracts, and both of those customer segments do extensive security due diligence. A string of supply-chain incidents is exactly the kind of thing that slows down procurement cycles and hands ammunition to skeptical security teams arguing against AI adoption.
None of this means AI is uniquely doomed on the security front. Every maturing technology sector goes through a version of this reckoning — a period where the attack surface grows faster than the defensive infrastructure, and the industry is forced to catch up. The question is whether the AI sector moves fast enough, and whether the vendor ecosystem it has built around itself is willing to be held to a higher standard before the next cluster of incidents arrives.
Source: VentureBeat
Supply-chain attacks are not about breaking down the front door. They work by compromising a trusted third party — a software library, a development tool, a data pipeline vendor — and hitching a ride into the target through a relationship that already has implicit trust baked in. For AI companies, the attack surface is enormous and relatively new. The tooling ecosystem around model development, training data pipelines, and deployment infrastructure has exploded in the last two years, and a lot of it has not been battle-tested the way legacy enterprise software has.
The concentration of incidents is what makes this stretch notable. Hitting three of the four most prominent AI labs in under two months suggests either a coordinated campaign targeting the sector specifically, or — perhaps more unsettling — that these companies share enough common vendors and tooling that a single weak link in the supply chain creates exposure across all of them simultaneously.
The response from the industry has been to push toward more structured vendor evaluation. OpenAI, Anthropic, and Meta have reportedly been involved in surfacing a vendor questionnaire framework designed to bring more rigor to how AI companies vet their third-party relationships. It is a reasonable first step, though questionnaires are famously better at creating paper trails than preventing actual breaches.
What makes AI supply chains particularly tricky is the data dimension. Traditional software supply-chain attacks typically focus on code execution — you want to run something malicious inside a trusted environment. AI supply chains add another vector: poisoning or stealing training data, manipulating model weights, or compromising the evaluation pipelines that tell a company whether its model is behaving correctly. The blast radius of a successful attack is not just operational disruption but potential corruption of the models themselves.
The 50-day window also lands at a sensitive moment for the industry. AI companies are pushing hard to win enterprise and government contracts, and both of those customer segments do extensive security due diligence. A string of supply-chain incidents is exactly the kind of thing that slows down procurement cycles and hands ammunition to skeptical security teams arguing against AI adoption.
None of this means AI is uniquely doomed on the security front. Every maturing technology sector goes through a version of this reckoning — a period where the attack surface grows faster than the defensive infrastructure, and the industry is forced to catch up. The question is whether the AI sector moves fast enough, and whether the vendor ecosystem it has built around itself is willing to be held to a higher standard before the next cluster of incidents arrives.
Enjoyed this?
Get stories like this delivered every Tuesday — free.