The war in Iran has arrived at a particularly brutal moment for the Gulf’s AI ambitions. Gulf states were in the middle of a buildout exceeding $300 billion in data centers, chips, and AI infrastructure, backed by OpenAI, xAI, Microsoft, Amazon, Oracle, and Google. The Pax Silica initiative of January 2026 had just brought the UAE and Qatar formally into a US-led framework to keep advanced semiconductors away from China. The architecture seemed locked in.
Then on March 1, Iranian drones struck three AWS data centers — two in the UAE and one in Bahrain. The IRGC claimed responsibility, framing the attacks as targeting facilities it said supported “the enemy’s military and intelligence activities.” Banking and payments failed, and enterprise software across the region went dark. AWS told affected clients to migrate ongoing workloads to other AWS regions and direct traffic away from the Middle East. It was the first time in history that data centers had been deliberately targeted as military objectives in an active conflict.
Iran has since escalated rhetorically. IRGC-affiliated Tasnim news agency published a list of “new targets” spanning 29 locations across Bahrain, Israel, Qatar, and the UAE, naming Amazon, Microsoft, Google, Oracle, Nvidia, IBM, and Palantir facilities explicitly as “enemy technology infrastructure.” The warning threatened that “...as the scope of the regional war expands to infrastructure war, the scope of Iran’s legitimate targets expands.” Included in the list are Nvidia’s largest R&D center outside the US in Haifa, Google’s Dubai regional office, IBM’s AI research hub in Be’er Sheva, Palantir’s Abu Dhabi collaboration center, Oracle’s Jerusalem, and Abu Dhabi offices, as well as more AWS facilities.
How the Tech Companies Are Responding
The hyperscalers have not said much publicly, but they have begun preparing for more potential attacks. Nvidia shut its Dubai office and shifted to remote work. CEO Jensen Huang sent a company-wide memo saying his crisis management team was “working around the clock and actively supporting affected employees and their families” in the Middle East. Amazon instructed all corporate employees in the Middle East to work remotely and “follow local government guidelines.” Dozens of Google employees were stranded in Dubai after the company’s cloud sales conference when commercial flights were cancelled, a company memo to staff called the situation “concerning.” Google’s public statement was careful to the point of saying very little: “The situation in the Middle East is evolving rapidly and we are monitoring it carefully. Our focus is on the safety and well-being of our employees in the region.”
It is safe to say that companies are now scenario planning if Iran acts on its threats. This could slow new capital deployments and pause some planned partnerships until it is clearer what comes next in the Iran conflict. Tess deBlanc-Knowles at the Atlantic Council told CNBC that rather than exiting the Gulf, companies are more likely to hedge. The sunk costs are too large for most to contemplate a full exit. But Patrick J. Murphy from Hilco Global argued that, instead, companies may accelerate projects in Northern Europe, India, or Southeast Asia, “where power supply, regulatory frameworks and security conditions are more predictable.” Geopolitical strategist Abishur Prakash told Rest of World: “This is all inverted now, exposing the entire technology landscape and ambitions of the region.”
The Security Architecture Quesiton
The strikes have exposed how datacenter security was largely focused on preventing ground-based incursions and external infiltration. It does not effectively factor kinetic air strikes. Ali Bakir, assistant professor of international affairs at Qatar University, told Rest of World: “The security frameworks underpinning the US-UAE AI partnership appear to have focused on supply chain control and geopolitical alignment, not on physical defense during high-intensity conflict.” Geopolitical strategist Abishur Prakash told the same outlet: “Strategic planning revolved almost entirely around energy and financial flows, leaving technology infrastructure vulnerable.”
The Pax Silica architecture was designed to keep Chinese chips out — not to protect data centers from ballistic missiles. Those are different problems requiring different solutions, and only one of them received serious policy attention before the war began.
The connectivity picture is equally exposed. Seventeen submarine cables pass through the Red Sea, carrying the majority of data traffic between Europe, Asia, and Africa. Additional cables run through the Strait of Hormuz. If these are cut off, as occurred following Iran attacks last year, then even the best functioning data centers cannot serve the larger customer base beyond the GCC, causing regional blackouts, not just in the Gulf.
Compounding the problem is the dual-use argument that Gulf data centers are legitimate military targets because they are being actively deployed for military purposes. Fortune reported that the US military used Anthropic’s Claude — running on AWS — for intelligence assessments, target identification, and battle simulations during the Iran strikes. If commercial cloud infrastructure carries military workloads, adversaries can and will treat it as military infrastructure — but international law scholars Klaudia Klonowska and Michael Schmitt argue in Just Security that Iran’s own stated rationale — striking the facilities “to identify the role of these centres in supporting the enemy’s military and intelligence activities” — may itself be unlawful, since the law of armed conflict requires that determination to be made before an attack, not by conducting one. That legal ambiguity offers cold comfort to the companies whose servers are burning. As Zachary Kallenborn, PhD researcher at King’s College London, told Fortune: “If data centers become critical hubs for transiting military information, we can expect them to be increasingly targeted by both cyber and physical attacks.”
What Comes Next
The structural question the war has forced into the open will not disappear when the shooting stops. Can the Gulf region build the world’s most ambitious AI infrastructure while sitting inside an active conflict zone, with no physical security framework covering those assets, and with a security architecture designed for a different threat entirely?
The short answer is yes. But there will be a moment of taking stock — and the Gulf is living through it right now. The immediate task is protecting the facilities Iran has already named, the staff inside them, and finding more effective ways to de-risk infrastructure that nobody designed for a shooting war.
It is also worth keeping the threat in proportion. Hitting a data center will, for now, do less damage than destroying oil and gas infrastructure. A single drone in a couple of AWS availability zones is not going to move the global cost of compute. Amazon has already demonstrated the countermeasure is viable by routing workloads to other regions, keeping outages temporary and local. A sustained blockade on Gulf energy exports does not have the same kind of redundancy and ripples through the global economy in ways a degraded cloud region simply does not. So yes, AI infrastructure will be targeted. Iran has made that plain. But the effect will be narrower than the other targets Iran is trying to hit, and the operators have more tools to absorb the blow.