MIT has materialized what the CIA has wanted since early in the Cold War: deniable, unattributable, precision lethality.
…tiny flying robots could be deployed to aid in the search for survivors trapped beneath the rubble after a devastating earthquake. Like real insects, these robots could flit through tight spaces larger robots can’t reach, while simultaneously dodging stationary obstacles and pieces of falling rubble. So far, aerial microrobots have only been able to fly slowly along smooth trajectories, far from the swift, agile flight of real insects — until now. MIT researchers have demonstrated aerial microrobots that can fly with speed and agility that is comparable to their biological counterparts.
Insect sized robots at MIT, offering autonomous targeted micro lethality. Reminiscent of 2018 Micro Air Vehicle Lab (MAVLab) bird-sized versions. Source: MIT
The “humanitarian” framing is the… beard. All the “cameras and sensors” they mention as “future work” is sheer euphemism. A payload at this scale doesn’t need to be explosive; a guided needle, a directed toxin, a micro-charge at close range even inside of critical infrastructure.
The evolution from surveillance drone to armed drone to precision kinetic strike happened over roughly two decades. In terms of recent Lebanon and Caribbean strikes, we’re talking about people who market the R9X Hellfire (“Ninja”) blades as precision reducing collateral damage — amputation and destruction as humanitarian language.
Same rhetorical pattern here.
The argument that smaller and more precise is more ethical has been the justification for every escalation in targeted killing capability starting even before “Tarzon” (TAllboy, Range and aZimuth ONly) bombs or shoulder-fired mini-nuclear “Davy Crockett” rockets were claimed to be how America should win the Korean War cleanly.
The American racial encoding of this “frontier” weapon named after a genocidal folk hero (M28/M29 Davy Crockett) entered service in May 1961. It was promoted as a “surgical” strike, in photos like this one, where a white soldier poses as a “big dick” who needs soldiers of color to load and unload him. The Crockett rocket fired an “atomic watermelon” with 20 tons radioactive TNT equivalent up to 3 miles away.
This new technology announcement compresses the “precision” death timeline even more significantly because:
Scale advantage: A paperclip-weight robot is essentially undetectable. No radar signature. Visual acquisition nearly impossible.
Penetration capability: Explicitly designed to go where “traditional quadcopters can’t” — through rubble, gaps, screens, gates, grills, broken windows
Autonomous targeting: The saccade movement they’re celebrating mimics how insects localize and identify — that’s targeting behavior, not just navigation
And look at the funding: Office of Naval Research, Air Force Office of Scientific Research. The search-and-rescue framing is a dual-use press release. The money trail tells you the most likely uses and customers.
The CIA failed in the 1970s to get their Insectothopter (let alone robotic birds of Project Aquiline) operational, for precisely the reason this MIT team solved: crosswind instability.
The Insectothopter. Source: CIA Archives
The 1970s robotic dragonfly design couldn’t handle more than a light breeze, an important context for everything MIT just demonstrated:
Wind disturbances of >1 m/s handled
Aggressive maneuvers with <5cm trajectory deviation
Autonomous control (AI) architecture that compresses decision-making to distributed and real-time
Sarah Bergbreiter explicitly notes in the news release by MIT that while the controller still runs externally, they’ve demonstrated onboard execution.
“This work is especially impressive because these robots still perform precise flips and fast turns despite the large uncertainties that come from relatively large fabrication tolerances in small-scale manufacturing, wind gusts of more than 1 meter per second, and even its power tether wrapping around the robot as it performs repeated flips,” says Sarah Bergbreiter, a professor of mechanical engineering at Carnegie Mellon University, who was not involved with this work. “Although the controller currently runs on an external computer rather than onboard the robot, the authors demonstrate that similar, but less precise, control policies may be feasible even with the more limited computation available on an insect-scale robot. This is exciting because it points toward future insect-scale robots with agility approaching that of their biological counterparts,” she adds.
That’s the tell.
External computation means tethered, lab-bound demonstrations with oversight. Onboard computation means operational without oversight. She’s essentially confirming a roadmap to fly around and find out.
Search-and-rescue framing isn’t just cover for academic institutions appropriating funds, it’s how the Lincoln Laboratory gets graduate students to create weapons without moral injury or considering what happened when MIT’s death machines, known as Operation Igloo White, illegally destroyed Cambodia (Operation Menu).
Scene from “Bugging the Battlefield” by National Archives and Records Administration, 1969Cambodia Genocide Map: US Bombing Points 1965-73, Source: Yale
These numbers are straightforward enough. Deploy a robotic pool cleaner to the bottom of ships to reduce drag, and save huge amounts of fuel.
A recent trial between the NRMA and the Rozelle-based hull-cleaning robot manufacturer revealed a 13 per cent fuel reduction on the diesel-powered NRMA Manly Fast Ferry fleet.
Using its arsenal of 4K cameras (mounted on the top, front and rear), dedicated lighting, sensors and propellers, the Hullbot successfully replaced the role of human divers during the trial to deliver a more regular, time-efficient hull cleaning maintenance.
Doing so reduced the amount of underwater drag created by biofouling (the accumulation of marine growth on ship hulls), which in turn made the circa 24-metre long vessels more efficient through the water.
Furthermore, the AI-powered robots performed critical cleaning duties on the hull exteriors that eliminated the need for antifouling paints.
The buried lede is the reduction in deadly paints. Antifouling is another word for toxicity, because the “fouling” stuff is being killed. These robots reduce a need to pollute, saving even more money on both paint and cleanup from the paint effects.
No wonder Hullbot just raised over $10M in a series A.
EU Energy Revolution is a National Security Upgrade
June 2025 marked a quiet turning point: solar became the EU’s single largest electricity source for the first time, generating 22% of the grid’s power. Not the largest renewable—the largest source, period.
Nuclear came in second at 21.6%—a position it’s going to have to get used to. With 350 GW installed and another 60+ GW being added annually, future solar has crossed from an “alternative” to the present “foundational infrastructure.”
Slovakia is in the best position to accelerate this further. The country currently sits at 22.1% renewable generation—among the EU’s lowest. But with rapid solar deployment options now on the table, Slovakia could leapfrog directly to the distributed generation model that’s reshaping Europe’s grid.
This transition is strategically sound: solar eliminates fuel logistics, severs dependency on energy imports, and distributes generation across millions of sites that can’t be targeted kinetically. No one misses worrying whether Russian billionaires will turn off pipelines from emotion, US billionaires will explode pipelines from neglect, or undersea infrastructure will be undermined.
At the same time we would be remiss to ignore how speed of technology adoption has outpaced security oversight (as usual). The gaps are creating risks and opportunities for controls that most existing frameworks weren’t designed to address.
What Changes in Transition
The shift to distributed solar fundamentally improves energy security—but in ways that require rethinking safety of power infrastructure.
Physical resilience through distribution: You can bomb a gas plant or a pipeline. You can’t meaningfully attack millions of distributed panels at scale. Solar is a genuine upgrade. Wars destroy centralized infrastructure; distributed generation systems simply reroute and carry on in scenarios that would cripple traditional grids.
No fuel supply chain: Once installed, solar has zero operational dependencies. No rail cars to intercept, no tankers to blockade, no refineries to sabotage. The strategic autonomy is real. No mines to send explosive drones into and shut down permanently, burning all the workers to death with a horrific fireball—you know, that famously clean coal dust Trump told the UN about. But I digress…
Faster recovery: A destroyed solar installation can be replaced in days or weeks. Rebuilding power plants takes many years. At scale, this means better grid resilience even if individual assets are compromised. Distributed resilience works under pressure—just look at Tokyo under occupation in 1948, which deployed hundreds of electric cars charging from hydro when the city had no fuel.
Nissan’s car making origin story is this Tama electric vehicle from 1947 with rapid “bomb bay door” rapid battery replacement on both sides.
These advantages are why the transition makes sense. But solar also introduced something new: millions of internet-connected control points with unclear security ownership.
The New Architecture Exposed
The computing analogy is familiar: mainframes had physical security and limited access. PCs introduced millions of endpoints requiring patches and antivirus. Mobile phones added cellular networks and location tracking. Each transition improved capability while requiring new security paradigms.
Solar’s transition is from physically secured, professionally operated generation to IoT devices managed by homeowners, monitored by installers, and remotely accessible by manufacturers.
The SPE report (SPE 2025 Solutions for PV Cyber Risks to Grid Stability) documents the concentration: thirteen manufacturers maintain remote access to over 5 GW each. Seven control more than 10 GW. Huawei alone shipped 114 GW to Europe between 2015-2023, with estimated remote access to 70% of that installed base. Chinese firms overall supplied 78% of global inverter capacity in 2023.
Individually, a compromised home solar system means nothing. Collectively, manufacturers have remote access to capacity equivalent to multiple large power plants. The report’s grid simulations found that coordinating just 3 GW of inverters to manipulate voltage through reactive power switching could trigger protective relays on nearby generators—potentially cascading into broader outages.
This mirrors early botnet dynamics: individual compromised PCs were nuisances until aggregated into DDoS networks capable of taking down critical services.
“No Operator” Problems
Traditional power infrastructure has clear security ownership. A nuclear plant has a security team, regulatory oversight, 24/7 monitoring. A rooftop solar installation has… a homeowner who set it up once and moved on.
Current EU cybersecurity frameworks (NIS2, the Cyber Resilience Act, Network Code on Cybersecurity) assume there’s an entity responsible for critical infrastructure security. For distributed solar, that entity often doesn’t exist legally. The installer completed their short job. The manufacturer is headquartered abroad. The homeowner thinks it’s appliance-level technology that someone else is responsible for, which would be fine if their Chinese-made-and-controlled toaster couldn’t accidentally destabilize the entire German power grid, but here we are.
During World War II, Deming was a member of the five-man Emergency Technical Committee. He worked with H.F. Dodge, A.G. Ashcroft, Leslie E. Simon, R.E. Wareham, and John Gaillard in the compilation of the American War Standards (American Standards Association Z1.1–3 published in 1942) and taught wartime production. His statistical methods were widely applied during World War II and after (foundational to Japanese auto manufacturing)
The SPE report further states that only 1 of 5 tested inverters supported basic security logging. Default passwords are common. Firmware updates are irregular. Network segmentation is rare. This isn’t malicious—it’s what happens when residential-scale deployment moves faster than security standards.
New Model, New Requirements. Ambiguity means neglect.
The technology doesn’t need to slow. The security framework needs to catch up. This is familiar territory for any director of security with a few years of direction under their belt.
Clear responsibility assignment: Either manufacturers are liable for their installed base security (like automotive recalls), or grid operators assume responsibility, or third-party security operators emerge as a market.
Communication architecture that matches the threat model: Germany’s approach with smart meter gateways is instructive—critical control functions (start/stop, power setpoint changes) route through regulated infrastructure. Monitoring and maintenance can remain direct. This applies standard IT security principles (network segmentation, controlled access) to distributed generation.
Supply chain transparency without protectionism: The issue isn’t where hardware is manufactured—it’s that concentration creates leverage, and remote access by entities outside regulatory jurisdiction creates enforcement gaps. Solutions range from Lithuania’s 2025 law (requiring EU-based intermediaries for systems >100 kW) to hardware/software separation (devices source globally, control software must be auditable and locally hosted).
Standards reflecting actual deployment: Current inverter security standards treat them like industrial control systems. But a device installed by a contractor, connected to home Wi-Fi, and managed via consumer apps isn’t an industrial system. It needs consumer electronics-level security: automatic updates, secure defaults, encrypted communications, no exposed credentials.
State-run Opportunity and Patterns
Rapid deployment in lagging states doesn’t have to repeat the security debt accumulated elsewhere. The country could mandate security baselines upfront: require certified communication gateways for grid-connected systems, establish clear responsibility chains, ensure data localization for operational telemetry.
This isn’t exotic technology. It’s applying lessons from mobile computing and IoT security to distributed generation. The components exist—Hardware Security Modules, Trusted Execution Environments, regulated intermediaries, cryptographic firmware signing. What’s missing is regulatory clarity and enforcement.
Every infrastructure revolution creates security debt paid down over time. Early automobiles had no seatbelts. Early internet had no encryption. Early mobile phones had no app sandboxing.
Solar is mid-transition. Capability deployment happened fast (Europe added 60+ GW in 2024 alone). Security retrofit is lagging. That’s normal but fixable.
The unique aspect: solar’s security model should be superior. Distributed systems are inherently more resilient. But only if distribution is real. When remote access reconcentrates control with manufacturers, you’ve recreated centralized vulnerability while losing traditional plants’ physical security and professional operation.
Europe’s solar buildout is strategically sound. The cybersecurity gap is solvable with existing technology. What’s missing is regulatory clarity on responsibility and baseline security requirements for distributed generation at scale.
Any future rapid deployment can be a model—showing that speed and security aren’t trade-offs when architecture is right from the start. Or it could simply balance out tech debts and provide resilience while others catch up.
The tech works, for national security. The economics work, for national security. The climate math even works, for national security. Now the security model also needs to catch up and work… for national security.
An American vendor has demonstrated that its microwave system easily can stop certain drone swarms.
…an Epirus Leonidas directed energy, high-power microwave (HPM) anti-drone weapon has knocked 49 Uncrewed Aerial Vehicles (UAV) out of the air with one shot.
They are demonstrating an expensive, large and heavy piece of defense equipment. I hope I’m not surprising anyone by saying this sounds unrealistic.Epirus says their Leonidas product is light and mobile, yet released this photo
So, let’s run the numbers.
A roll of aluminum foil at standard thickness is about 27 g/m² and provides 85+ dB of attenuation from 30-100 MHz.
A small drone needs only about 0.15 m² of coverage, which means cost less than 50 cents per drone, for about 4 grams. The DJI Mini, for example, weighs under 249g, meaning 4g is a 1.6% weight penaly for shielding.
So back-of-napkin math says 50 cents neutralizes a $66 million-dollar microwave weapon system? Right?
Take a 1000-drone swarm, total shielding still would be under $300, meaning the “one-to-many” advantage of microwave attack… is easy “foiled”.
American defense contracting seems so stuck into “lemonomics” and “navel gazing” lately, that it begs what outcomes will look like measured against any real world adversary with the most basic grasp of physics. While big energy concepts in theory could still defeat little unshielded drones, how many public schools with kids coming up with far better ideas were defunded to release this thing?
a blog about the poetry of information security, since 1995
