Iran's Islamic Revolutionary Guard Corps has officially declared American tech and banking companies - including Google, Microsoft, and Nvidia - as legitimate military targets. Not metaphorically. Not rhetorically. As actual targets.
This isn't a new kind of cyberwarfare threat. This is Iran explicitly stating that tech companies are combatants, not civilians. That's a fundamental shift in how nation-states view the technology industry.
For decades, tech companies have operated under the assumption that they're civilian infrastructure. Yes, governments use their products. Yes, cloud services host military data. But the companies themselves? Neutral parties selling tools to whoever pays.
That assumption just evaporated.
The IRGC's declaration comes as tensions escalate between the U.S. and Iran, particularly around U.S. use of AI systems to plan Iranian strikes. From Iran's perspective, if American tech companies are providing the tools for military operations, they're part of the military apparatus.
It's not an unreasonable argument. Microsoft has billions in Pentagon contracts. Google (despite employee protests) does business with the military. Nvidia's chips power AI weapons systems. When does "selling to the military" become "being part of the military"?
But here's what keeps me up at night: tech companies are spectacularly vulnerable. Data centers are fixed targets. Undersea cables are exposed. Employee safety is predicated on the assumption that nobody would actually target software engineers.
That assumption may no longer hold.
What does targeting look like? Cyberattacks, certainly - Iran has sophisticated offensive cyber capabilities. But also potential physical attacks on infrastructure. Data centers. Cloud regions. Network hubs. The global internet isn't as resilient as people think. A few well-placed attacks could cascade into regional outages.
