Something changed during the Iran conflict that most people have not fully processed yet.

Private Chinese technology companies — some with documented ties to the People’s Liberation Army — used commercially available satellite imagery and artificial intelligence to track U.S. military forces in real time, then marketed that intelligence to Iran. According to reporting by the Washington Post and confirmed by Australian military analysts, the targeting data was precise to within one-third of a square metre. Not classified. Not stolen. Commercially produced and commercially sold.

This is not an intelligence leak. It is not a cyberattack. It is a business model.

And it changes everything about how humans and AI agents must operate in contested environments going forward.

What Actually Happened

The mechanics are straightforward, which is precisely what makes them alarming. Commercial satellite operators — including Chinese firms with names most Westerners have never heard — image the Earth continuously. AI models trained on military signatures (vehicle types, equipment configurations, basing patterns, refueling behaviors) can process those images at scale, tag objects of interest automatically, and update targeting data in near-real-time.

What previously required a nation-state intelligence apparatus — dedicated reconnaissance satellites, trained imagery analysts, classified distribution networks — can now be approximated with commercial off-the-shelf components and frontier AI models. Asia Times reported that China is effectively using Iran as a “proxy lab” for testing AI warfare capabilities against the United States, with satellite ISR integrated with navigation, radar, and electronic warfare systems.

The Army Recognition analysis put it precisely: AI-assisted commercial imagery “shortens the gap” between detection and action. In earlier conflicts, the weaker ISR party struggled to turn a sighting into a strike before the target moved. That window has narrowed dramatically. For U.S. forces accustomed to operating with ISR overmatch, this is a structural reversal.

The Broader Pattern: Intelligence as a Service

Zoom out from the Iran conflict and the pattern becomes even more significant. This is not a one-time capability demonstration. It is the emergence of Intelligence as a Service — AI-powered surveillance and targeting available to any buyer with sufficient funds, regardless of whether they possess their own satellite constellation, signals infrastructure, or trained human analysts.

The same architecture that tracks military convoys can track corporate supply chains, executive movements, critical infrastructure configurations, and — most relevantly for the readers of this publication — the physical footprint of the digital systems that run the modern world. Data centers have rooftops. Power substations have signatures. Industrial control systems connect to physical facilities that can be imaged from orbit.

China launched the first satellite of a planned 2,800-satellite AI space computing constellation in May 2025 — a network designed explicitly to process imagery onboard in real time, reducing latency to near-zero. OODAloop covered that launch and noted its advanced AI capabilities and 100 Gbps inter-satellite links. That constellation is not built for weather forecasting.

What This Means for Humans Operating in an Agentic World

Here is the question that the Iran conflict forces us to confront: in a world where AI agents can surveil, analyze, and act continuously and autonomously, what does operational security mean?

For military operators, the answer has historically involved classification, compartmentalization, and physical dispersion. Those measures still matter — but they are increasingly insufficient against an adversary with persistent satellite coverage, AI-enhanced imagery analysis, and the willingness to sell the product commercially.

For civilian organizations — enterprises, critical infrastructure operators, government agencies — the question is newer and less well-formed. Most organizations have never seriously considered that their physical facilities might be subject to continuous, AI-enhanced aerial surveillance by adversary-linked commercial entities. That assumption needs to change.

The specific vulnerabilities:

Physical-digital convergence. The most sensitive digital infrastructure lives in physical buildings that can be imaged. A data center’s physical security posture, its generator placement, its fiber entry points — all visible from orbit with sufficient resolution. AI agents that reason about physical-digital attack surfaces are a near-term reality.

Pattern-of-life analysis. AI systems can analyze months of satellite imagery to establish behavioral baselines — when facilities receive deliveries, when executives arrive and depart, when maintenance cycles occur. That pattern-of-life intelligence is directly actionable for both physical and social engineering attacks.

Supply chain mapping. AI-enhanced commercial imagery can trace logistics chains from manufacturing through distribution. For organizations with sensitive supply chains — defense contractors, semiconductor manufacturers, pharmaceutical companies — this represents a new category of competitive and security exposure.

What This Means for AI Agents

The implications for AI agents operating in an agentic world are both direct and structural.

Direct: AI agents that handle sensitive information, coordinate physical-world actions, or manage infrastructure are now potential targets of adversary intelligence collection — not just through cyber means, but through the physical footprint of the systems they run on. An agentic AI system coordinating logistics for a defense contractor is only as operationally secure as the facility it operates from.

Structural: The Iran conflict demonstrates that AI-powered intelligence collection is now a commodity. The same capabilities are available to build defensive agentic systems — AI agents that continuously monitor open-source satellite imagery for anomalies around critical facilities, that flag pattern-of-life deviations, that integrate physical and digital threat indicators into unified risk pictures. The tools exist. The question is whether defenders build them before adversaries weaponize the gap.

This is the central dynamic of the agentic AI era: every capability that can be weaponized for offense can be deployed for defense, and the side that moves faster wins. China is not waiting. The commercial ISR market is not waiting.

What To Do

For organizations that want to get ahead of this:

Map your physical-digital attack surface. Identify your facilities, their signatures from above, and what an adversary could infer from sustained aerial observation. Most organizations have never done this analysis.

Assume pattern-of-life collection is already occurring. For high-value targets — defense contractors, critical infrastructure operators, financial institutions, advanced technology companies — treat adversary AI-ISR collection as an active, ongoing reality, not a future risk.

Invest in counter-ISR thinking. Denial (obscuring signatures), deception (generating false patterns), and detection (identifying when surveillance is occurring) are all tractable technical problems. Very few organizations outside the military have even begun to think about them.

Engage with the intelligence community. The U.S. government has authorities, tools, and classified threat assessments that commercial organizations can access through appropriate channels. The gap between what the IC knows and what the private sector knows about this threat is large and needs to close.

The era of commercial, AI-powered omniscient surveillance has arrived. The Iran conflict is its public debut. It will not be its last act.

References