Chinese state actors are already pre-positioned inside U.S. critical infrastructure. Last month, the offensive side of that equation changed permanently.

Chinese state-sponsored actors are already inside U.S. critical infrastructure. Not as a projection or a risk scenario. As a formal, high-confidence assessment from the U.S. Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI.

The two groups CISA has named are called Volt Typhoon and Salt Typhoon. Volt Typhoon has compromised operational technology environments across U.S. energy, water, and transportation systems...the hardware and software that physically control critical infrastructure. Salt Typhoon has breached at least nine major U.S. telecommunications carriers, including Verizon, AT&T, and T-Mobile, along with the lawful-intercept architecture used by U.S. law enforcement. CISA’s assessment is explicit on intent: these actors are not conducting intelligence gathering in the ordinary sense. They are pre-positioning for disruptive action at a moment of geopolitical choice.

They are already there. They are waiting.

Last month, the offensive side of that equation changed in a way that most people outside the cybersecurity community have not yet registered. A frontier AI laboratory built something so capable it declined to release it publicly. What it built instead, and why that decision matters more than the announcement suggested, is the subject of this report.

The Research Arc That Built to This Moment

If you have been reading this publication over the past year, you have been watching a single argument build, piece by piece. WarGames is where one specific thread of that argument reaches its most consequential chapter.

It started with the foundational frame. In National Interest and Deglobalization, published September 2025, we argued that the globalization era was ending...not cyclically, but structurally. For the first time since the Second World War, governments were deliberately trading cost for security, redundancy for efficiency, and openness for control. The 1980 to 2020 period was the historical exception, not the baseline.

Then, in Empire By Code, published October 2025, we mapped how the dollar was not merely defending its reserve status but actively extending it...encoding American monetary hegemony into digital infrastructure, one layer of software at a time. The technology race was not a separate story from the Dollar Milkshake thesis. It was the same story, told at the layer of code rather than gold.

In The End of Peacetime Portfolios, published March 2026, we made the investment framework explicit. The toolkit most institutional investors are using to manage tail risk was built for a world that is disappearing. The structural break does not resolve toward prior equilibria. The parallel with the 1970s was diagnostic.

And last month, The Last Ships documented what happens when the physical infrastructure of global trade is disrupted. The Hormuz cascade was not primarily an energy story. It was a national security story, a food security story, and a capital allocation story running simultaneously.

WarGames enters the same worldview through the door that connects all of them. What you are about to read is not a detour from the argument this publication has been building. It is the argument arriving at the front that will determine whether the rest of it holds.

The Window Between Vulnerability and Attack Has Effectively Closed

For most of the history of digital computing, cybersecurity was a contest at human speed. Defenders identified vulnerabilities. Attackers raced to exploit them before a patch arrived. The gap between those two speeds was the defender’s operating window.

That window is gone.

According to Picus Security, the median time from public vulnerability disclosure to a working weaponized exploit fell from 771 days in 2018 to single-digit hours by 2024. IBM’s 2026 X-Force Threat Intelligence Index documented a 44% increase in attacks initiated by exploiting public-facing applications in a single year, driven largely by AI-enabled discovery. Vulnerability exploitation became the leading initial access vector for cyberattacks, accounting for 40% of all incidents X-Force observed in 2025.

The numbers point at the same conclusion. The world the defender’s old playbook was written for no longer exists.

It’s not that the patch-and-remediate model was wrong. It was built for a world where both sides were running at human speed. What the cybersecurity world is now being forced to confront is something categorically different...autonomous AI systems capable of finding and exploiting vulnerabilities at industrial scale, faster than human teams can process what they’re being told.

The tactical implication is the one CISA’s advisories keep returning to: the adversaries pre-positioned inside U.S. critical infrastructure are not waiting for the defender to catch up. They are waiting for the right moment.

Why Critical Infrastructure Is the Highest-Stakes Exposure

Critical infrastructure compounds the problem in a way that corporate IT environments do not.

Operational technology (OT) systems...the industrial control systems, SCADA networks, and programmable logic controllers that manage power grids, water treatment facilities, pipelines, and transit infrastructure...were engineered decades before cybersecurity was a design consideration. Many run outdated operating systems, lack encryption, and cannot be patched without operational disruption. The integration of internet-connected (IT) systems with those OT environments, driven by efficiency gains over the last decade, has opened direct pathways from a compromised IT network to physical control systems.

A breach in that environment is not a data breach. It is a physical event.

The Dragos 2026 OT threat report documented that Volt Typhoon had shifted tactics over 2025: moving from data collection on IT networks to directly interacting with OT-connected devices and stealing sensor and operational data. They are not probing the perimeter anymore. They are learning how the physical systems operate.

What the WarGames Report Covers

The new AI capability that crossed a threshold last month sits on top of everything above. The report maps both sides of that equation...the capability and the threat... and the investment case that follows from the structure of the contest.

What this teaser does not cover, and what WarGames: Man vs Mythos does:

• The specific AI capability that changed the calculus: what it can do, how it works, why it represents a qualitatively different threshold from prior AI cybersecurity tools, and what the responsible-disclosure decision by the institution that built it tells you about what they believe they have.

• The 18-month capability proliferation curve across frontier AI lineages... and when Mythos-class offensive capability reaches adversarial states and open-source repositories.

• Volt Typhoon and Salt Typhoon in full detail: documented sector compromises, the shift from IT to OT infiltration, and what CISA’s high-confidence assessment says about the intent behind the pre-positioning.

• Five differentiated investment themes across the cybersecurity value chain: AI-native security operations, vulnerability management and patch automation, operational technology security, identity and access management, and quantum-safe cryptography...with the named companies and the structural differentiation between them across the next 18 to 24 months.

• Five explicit risks to the thesis: regulatory fragmentation, talent scarcity, dual-use liability, hyperscaler concentration, and the false confidence of deploying discovery tools without the remediation pipeline to support them.

The structural case for AI-native cybersecurity spending is not speculative. The market is already in motion.

The report ends on a question it cannot answer for you.

Whether the great power contest, fought through the cyber and technology fronts, will be won by the side that maintains discipline...or by the side that does not...is the strategic question investors, governments, and citizens will live with for the next decade.

The board is about to be shown to you accurately.

→ Read WarGames: Man vs Mythos beyond the pro-level paywall below. Let’s dig in.