lilolvvorn

.

Confirmed previous forecast

Confirmed previous forecast

Confirmed previous forecast

Confirmed previous forecast

https://www.csis.org/analysis/inflection-point-selecting-trusted-technology-digitalization-and-connectivity

.

I think this one is really going to come down to the very specific metrics of the question and time frame. The attack would have to DISCOVERED and ATTRIBUTABLE to a nation-state within the timeframe.  The nation states with these capabilities are likely to be very sophisticated attackers thus reducing the likelihood of discovery. Plus such an attack would likely be considered an open act of war so there are big things at stake. Using such capabilities immediately exposed the capability and the vulnerability can be patched over so sophisticated actors are not likely to waste this kind of mojo on something that is not very major. 

• Take issue with the question metrics: there seems to be a mismatch between "nation-state" actor and the substantial losses exceeding $1MM; to prepare such sophisticated attacks requires extremely high-expertise and likely significant budget, what nation-state will go through the trouble for such a small amount. I think this question could be rephrased as two questions nation states with higher damage metric and then cybercriminals as a separate question. A recent airline software glitch (not even sophisticated cyber or AI attack) caused potentially a billion of dollars of travel related costs, why is this metric so low. 
• Reframe the question, the question is not whether I believe countries are developing these capabilities, or whether they are even operational currently, as I think they are already; the key metric here is whether it will be discoverable after the fact by top cyber security firms or other qualified orgs. I lack the expertise to know how easy it is to discover the attack vectors / methods after an attack. However we must assume that the fact that the US, PRC, and Russia are so elite at cyber-warfare reduces the likelihood that they would be DISCOVERED and ATTRIBUTABLE TO THEM even if they did do this.
• Furthermore, once a nation-state shows such capabilities the vulnerabilities can likely be patched; to do this attack once makes it unattackable this way in the future, and reveals your capabilities. It is unlikely for large nation-states to use these methods until they are quite perfected perhaps under cover of cybercriminal activities. 
• Furthermore, to do such an attack on infrastructure simply to cause damage to that infrastructure seems an unlikely goal; it is most likely that such an attack would be part of a larger attack, e.g. taking out the power grid before an aerial bombardment. Such an infrastructure attack would also be considered an open act of war. Were North Korea to do something like this to the US one would expect swift retribution. Because such a powerful attack as this is unlikely out of the context of OPEN WAR, I am limiting my probability consideration to nations who are currently engaged in open war so I used a couple Google searches to see https://worldpopulationreview.com/country-rankings/countries-currently-at-war who is at war and then I am scanning that list for countries that have the capabilities, budgets, expertise to carry out both the cyber attack plus the boots on the ground or boots in the air aspect e.g. Russia/Ukraine, Israel and Iran or proxies countries. My obvious assumption, perhaps flawed, is that less wealthy nations on the list don't have the capabilities. So basically I think this question comes down to whether Russia, Ukraine, Israel, and e.g. Iran will be DISCOVERED and ATTRIBUTABLE to the attacks. I'm gonna say outside POV 25% and I'm only adding 5% based on the current events of destabilization in Iran which if the regime is actually on its way out could make them increasingly desperate, but I'm not adding any more because their capabilities were significantly weakened by attacks earlier in 2025. It may be a flawed assumption that these attacks did any damage to their cyber capabilities. I am now rethinking this because of the situation with US threats against Iran in light of killing protesters. This should bump up my outside view, if the US, Israel, and UK actually believe the regime is on its way out, this would be the exact time to do such an attack, and it would also offer the US allied nations a good testing experiment for these capabilities. I'm gonna tweak to 28%. This seems too high, I think the possibility is quite minimal of meeting the question metrics re: time.  Although US Israel and UK likely have such plans ready on the backburner for such contingencies as regime collapse, I'm expecting any retribution against Iran for protester killings to be more political theater than anything else; e.g. attacks on Iranian officials business interests, factories, possible assassination of leaders, but those won't likely be AI-powered to meet the question criteria. I'm editing down as I think the chances are quite slim to meet metrics. 
• Another more likely scenario involving AI attacks would be long-term infestation of an adversaries networks that go undetected and are about information gathering; to be successful in this probably requires elite skills thus limiting it a few nations who are capable of it; and then here the question becomes do I think one of these attacks will be DISCOVERED within the time limit; I think there is a higher liklihood of one of these attacks being discovered, but I don't think there is really a clear metric for evaluating the damage costs of such an attack; if they stole personal data on 20 million americans, what is the damage value re: this question metric? unclear. While I think the liklihood of these AI-powered attacks are currently ongoing, the question is asking me whether it will be DISCOVERED AND ATTRIBUTABLE within the time frame. I am gonna say outside POV 60% chance these things are happening right now, but 15-20% chance they will meet the criteria for this question and time limit. 

Consider less probably as time goes on

Confirmed previous forecast