Governments across the United States, Europe, Asia, and the Middle East are rapidly deploying sovereign AI infrastructure to maintain technological independence and protect sensitive national data. Yet as these multi-billion-dollar initiatives expand, a critical vulnerability is emerging: the aging, overlooked systems already embedded in critical infrastructure remain largely unprotected and difficult to secure at scale. Why Are Nations Suddenly Investing Billions in Sovereign AI? The shift toward sovereign AI reflects a fundamental geopolitical reality. When critical sectors like defense, healthcare, and finance depend on foreign AI systems, any geopolitical tension could lead to service disruptions or data exposure. Countries recognize that AI computing power is now a pillar of national security and economic competitiveness, driving decisive moves to mitigate the strategic risks of depending on foreign-controlled platforms. The scale of investment is staggering. The United States is deploying 8,640 NVIDIA Blackwell Ultra GPUs with plans to expand to 16,000, anchored by a 25-megawatt data center built for secure, sovereign AI operations. Japan is committing $12 billion to an AI Factory in Kagoshima designed to support physical AI applications like robotics and industrial systems. Pakistan is investing $1 billion in domestic AI expertise, while the Gulf Cooperation Council (GCC) countries have already committed an estimated $30 billion to AI infrastructure. These investments reflect a growing consensus: technological capability is increasingly tied to geopolitical autonomy. "Sovereign AI infrastructure provides nations and regions with critical resources for managing their most critical assets, their data," explained Marc Domenech, Vice President Enterprise META and CIS Region at NVIDIA. What Security Risks Are Hidden in Legacy Infrastructure? Here is the paradox: as governments build cutting-edge sovereign AI systems, those systems will ultimately operate within infrastructure that often includes decades-old technology that was never designed for today's threat landscape. Across sectors such as energy, transport, healthcare, and government services, infrastructure is typically built in layers, combining modern technologies with older components that are difficult to replace and not always fully monitored. These environments create blind spots that traditional cybersecurity approaches struggle to assess. A recent example illustrates the scale of the problem. DREAM, a cybersecurity company focused on protecting national infrastructure, disclosed a critical zero-day vulnerability in GNU Inetutils telnetd, a widely deployed implementation of the Telnet protocol. The flaw, tracked as CVE-2026-32746 and rated 9.8 in severity, allows unauthenticated remote code execution before authentication even takes place. Public internet measurement data indicates that hundreds of thousands of Telnet services remain publicly accessible, including in environments that are difficult to update or replace quickly. "Much of government infrastructure still relies on legacy and overlooked technologies that receive limited attention from the broader security ecosystem, despite being actively targeted by advanced threat actors," noted Kfir Fleischer, VP Research and Product at DREAM. How Are Nations Addressing the Infrastructure Security Gap? To bridge this gap, organizations are developing new approaches to vulnerability research at scale. DREAM launched an AI-native security research framework designed to identify vulnerabilities across complex government and critical infrastructure environments. The system uses a multi-agent approach to analyze source code, software binaries, network protocols, and system behavior at scale, enabling large-scale analysis of broad and fragmented attack surfaces. Beyond security tools, nations are taking deliberate strategic approaches to sovereign AI deployment: - Knowledge Distillation: Rather than attempting to build trillion-parameter foundation models from scratch, countries like Pakistan are compressing the intelligence of large models into smaller, efficient, locally hosted open-source systems that can run on domestic infrastructure without routing sensitive data through foreign servers. - Energy Optimization: Pakistan has identified a structural advantage in its underutilized electricity capacity, with policymakers discussing allocating around 2,000 megawatts of electricity for high-performance computing and AI data centers, transforming an existing inefficiency into a strategic advantage. - Full-Stack Integration: Companies like Aleria are moving beyond providing raw computing power to delivering complete, sovereign AI capability spanning data management, enterprise applications, and video AI, all pre-integrated and designed to be operated by governments without requiring internal machine learning expertise. - Sustainability Focus: GMI Cloud is building the Kagoshima AI Factory to be green and sustainable, establishing a global reference architecture for environment-friendly sovereign AI infrastructure at scale. What Does Success in Sovereign AI Actually Look Like? Building infrastructure alone does not guarantee strategic agency. Countries that succeed will be those that control their technological foundations, shape how AI operates within critical institutions, and maintain regulatory authority as the technology evolves. Pakistan, for example, already has key ingredients for meaningful sovereignty, including a growing AI-optimized computing infrastructure, a large technical workforce, and emerging national investments in AI. Yet turning these advantages into genuine sovereignty will depend entirely on deliberate strategy, sustained investment, and careful risk management. The challenge is particularly acute because sovereign AI systems will operate within infrastructure that spans both new and legacy systems. "We are entering a world where AI systems themselves become part of national infrastructure," said Amir Becker, Chief Business and Strategy Officer at DREAM. "Understanding vulnerabilities across those systems will be one of the defining security challenges of the coming decade". As Europe continues to invest in sovereign AI through initiatives like its €8.1 billion AI capacity program, the findings point to a parallel priority: ensuring that the systems supporting these technologies, including long-standing and often overlooked components, can be secured at scale. The race for sovereign AI is accelerating globally, but the real test will be whether nations can secure not just their new AI infrastructure, but the vulnerable legacy systems that will power it.
