There is a version of authoritarianism that is easy to recognize: the declared emergency, the suspended constitution, the strongman consolidating power in plain sight. We have built our entire vocabulary of democratic resistance around that version because history provided the blueprints.
The version we are less equipped for arrives without announcement. It accretes through product updates, security briefings, and perfectly reasonable responses to genuine threats. As of March 2026, the rise of “Technofascism,” a governance model where state and corporate control are fused through automated systems, is no longer a theoretical risk. It is a structural reality. And the mechanism producing it is compounding, not malice.
The Democratization of Chaos
The shift begins with the transition from sophisticated, human-led hacking to an era of automated, industrialized throughput. There was no singular crisis that marks the before and after. The threshold was crossed quietly, through accumulated capability.
In February 2026, AWS Security revealed that a single, relatively unsophisticated threat actor leveraged multiple commercial generative AI services to compromise over 600 FortiGate devices across 55 countries. This was achieved through an “AI-powered assembly line” for cybercrime, where LLMs generated scripts that automated mass scanning, credential brute-forcing, and the decryption of stolen configuration files. By all assessments, this was a financially motivated individual or small group, one that AI had elevated to an operational scale previously requiring a large, skilled team.
That same week, the Pakistan-linked group APT36 (Transparent Tribe) demonstrated that this automation scales further at the nation-state level. Telemetry from February 2026 shows the group utilizing LLMs to produce a high-volume stream of “Vibeware,” disposable malware written in niche languages like Nim, Zig, and Crystal. Because modern defensive tools are primarily trained on C++ and C# signatures, these AI-generated variants effectively reset the detection baseline. By routing command-and-control traffic through trusted platforms like Discord, Telegram, and Google Sheets, these actors achieve what Bitdefender’s researchers have termed a Distributed Denial of Detection: the objective is exhaustion of defenders through automated volume, not technical brilliance.
The barrier to entry for global disruption is now the compute cost of an AI-augmented workflow. Because this chaos is decentralized and unmonitored at the source, the state views the entire network as a threat surface. This perceived loss of control is the ignition point, the moment the expansion of automated, pre-emptive state surveillance stops being a controversial proposal and starts being a budget line.
The Recursive Loop
These dynamics, industrialized threats, state expansion, corporate infrastructure, are not parallel phenomena. They are a single recursive loop.
The industrialization of cyber threats creates the political permission for the state to enter civilian networks. That expansion is never built from scratch; it is leased from the corporate surveillance infrastructure already in place. And that infrastructure is itself deepened and legitimized by the security emergency that justified the expansion in the first place. Each rotation of this loop leaves the state with more reach, the corporation with more revenue, and the citizen with less practical recourse.
This is the mechanism of Silent Accretion: not a conspiracy, but a compounding. Understanding it requires tracking all three stages simultaneously, because dismantling any single stage while the other two remain intact simply reroutes the loop.
The End of Practical Obscurity
The second stage of the loop is already operational. As documented in research by ETH Zurich and Anthropic, LLMs have eliminated the cost barrier of deanonymization. Using the ESRC Framework (Extract, Search, Reason, Calibrate), researchers demonstrated that an LLM agent can unmask a pseudonymous user for as little as $1 to $4 per target. By parsing identity-relevant signals in unstructured text, niche hobbies, writing styles, incidental mentions, these models can link anonymous Reddit or Hacker News posts to real-world LinkedIn profiles with 90% precision, meaning nine in ten positive identifications were correct.
This transforms “marketing data” into a high-fidelity intelligence asset. The ecosystem enabling this data harvesting and the vendors supplying state interception systems like the Lawful Intercept Management System (LIMS) operate within the same unregulated grey market, with surveillance infrastructure frequently passing through commercial intermediaries before reaching government clients, as documented in Amnesty International’s “Shadows of Control” report. When the cost of unmasking a dissident drops to the price of a cup of coffee, the constitutional bypass is complete. The state no longer needs a warrant when an algorithm can read between the lines of our digital exhaust.
Law enforcement agencies have already operationalized this, frequently bypassing warrant requirements by purchasing commercially available location and behavioral data from third-party brokers. The third-party doctrine, a legal principle designed for a world of physical records, has become the load-bearing justification for a warrantless surveillance apparatus of unprecedented intimacy. The brokers are agnostic. The algorithms are agnostic. The only thing with a preference is the state, and the state’s preference is access.
The Civilizational Rift
The ubiquity of American Big Tech was originally built on the promise of Liberal Universalism, the idea that digital tools were neutral engines for individual empowerment. The 2026 geopolitical environment has ended that pretense. Tech giants have abandoned the fiction of a global “open” internet to become Indispensable Sovereigns, and some have gone further, reframing their commercial dominance as a civilizational mission.
In this landscape, the “West” is no longer a unified bloc, but a contested space where American plutocracy seeks to “save” a civilization that Europe’s own leaders increasingly feel the need to defend from their American partners. This is not simply rhetoric. Palantir’s leadership has explicitly cast the company’s work in civilizational terms, while its embedding inside US military and intelligence infrastructure ensures that its commercial data tools and its state surveillance contracts are functionally the same architecture, operated by the same platform, generating revenue from both ends simultaneously. Starlink has operationalized the same logic through hardware. The mass activation of smuggled Starlink terminals across Iran, facilitated by US government procurement and NGO distribution networks, demonstrates that private hardware is now the primary delivery mechanism for state-backed connectivity operations. Whether framed as an internet freedom initiative or a regime-change vector, the operational reality is the same: a private US company made a unilateral decision with immediate geopolitical consequences, activating a communications infrastructure inside a country under active military engagement with no public oversight, no congressional authorization, and no international legal framework governing the act.
The fracture this produces is not only between the US and its adversaries. It runs through the Western alliance itself. On December 23, 2025, Washington imposed visa bans on European officials enforcing the Digital Services Act, with Secretary of State Rubio labeling EU tech regulation “extraterritorial censorship” and part of a “global censorship-industrial complex.” The structural rift this exposes is real: is technology governance a matter of rights-based democratic accountability, or is it a front in a civilizational war where regulation of American platforms is recast as an act of hostility? Europe and the United States are currently operating with incompatible answers to that question, and the incompatibility is no longer theoretical.
The convergence of kinetic and digital warfare in the Middle East shows where this logic terminates. When the US and Israel launched coordinated strikes on February 28, 2026, the digital response was immediate. Despite Iranian authorities imposing a severe internet blackout, with monitoring organizations documenting connectivity drops of up to 80% in affected regions, the offensive decentralized rather than collapsed. Pro-Russian hacktivist group Cardinal claimed to have breached IDF networks and leaked operational documents related to Northern Shield (Magen Tsafoni), while Iranian-affiliated groups including Handala Hack conducted parallel operations against Israeli civilian infrastructure. The front line was everywhere. It was also, functionally, invisible.
In this environment, the Silent Accretion accelerates. Governments justify deep-packet inspection and the pre-positioning of state assets in civilian telecommunications as a necessary defense against multi-vector attacks. The logic is frictionless: to stop an automated enemy, the state must become an automated observer. This “dual-use” doctrine erases the distinction between civilian connectivity and military objectives, and once erased, that distinction does not return when the emergency passes. It simply becomes the new baseline for the next emergency.
The Technofascist Dilemma
Technofascism does not require evil intent. It requires only the accumulation of individually reasonable choices made by actors who are each, in their own frame, behaving responsibly.
The threat actors are real. The AI-generated malware is real. The power grids and hospitals being targeted are real. This creates a state of perpetual emergency that is exploited rather than manufactured. The state responds to genuine chaos by adopting the machinery of surveillance capitalism, leveraging the tens of billions of IoT devices and commercial data streams already embedded in civilian life, gaining access to a pre-built sensor network whose intimacy no government program could have constructed from scratch. Corporate actors function as infrastructure colonizers, packaging civilian lifestyle tools and state-level pre-emption assets into the same hardware. Their algorithms do not distinguish between the user seeking a productivity boost and the agency seeking a behavioral pattern. As long as the data stream is billable, the identity of the entity on the other side of the contract is a secondary concern.
Technofascism thrives on semantic ambiguity. “Malicious activity” has no agreed-upon definition. In the US, it is interpreted through an expansive security lens that licenses the pre-emptive unmasking of pseudonymous users. In Europe, the same conduct is increasingly classified as unlawful social control. This definitional gap is the operating environment, the space in which accretion happens fastest, because nothing triggers the oversight mechanisms designed to constrain it.
As documented in investigative reports by Profit and Amnesty International, “safe city” systems marketed as neutral public safety tools have repeatedly been found to rely on undisclosed foreign vendor components, with authorities in some cases only acknowledging this after independent investigation forced the question. The hardware of civic life and the hardware of state surveillance are, in these systems, the same hardware. The distinction exists only in the paperwork, and only until the paperwork is reclassified.
The Role of the Citizenry
Our collective future is being shaped by the pressure of industrialized threats meeting the strategy of infrastructure colonization, and the citizenry is the only variable in that equation that is not yet fully captured.
Real threat actors are targeting the soft underbelly of society: power grids, hospitals, financial systems, using AI-generated polymorphic malware that mutates faster than signatures can be written. This is not a hypothetical future state. It is the current condition, and the state’s instinct to respond is not only understandable, it is obligatory. Governments have a legitimate mandate to protect critical infrastructure, and in an environment where an AI-augmented individual can achieve nation-state-scale disruption, the pressure to act decisively and pre-emptively is not paranoia. It is proportionate to the actual threat surface.
The problem is not that the state responds. The problem is what it reaches for when it does. The machinery available for rapid deployment was never built specially for defensive purposes. It is the surveillance capitalism infrastructure already woven into civilian life, tens of billions of IoT devices, commercial data streams, behavioral profiles compiled for advertising that are indistinguishable, at the technical layer, from profiles compiled for threat detection. The state does not need to build a surveillance apparatus. It needs only to acquire access to the one that already exists. The legitimacy of the threat does not automatically confer legitimacy on the instrument chosen to counter it, and that gap, between the validity of the problem and the proportionality of the solution, is where the accretion happens.
Corporate actors accelerate this by functioning as dual-providers, simultaneously selling civilian lifestyle tools and state-level pre-emption assets, often through the same platform, the same hardware, the same data pipeline. The productivity tool and the surveillance sensor are different contracts for the same object. This is not a conspiracy; it is a business model, and it is optimized for exactly this outcome because the national security revenue stream is more stable, more lucrative, and less subject to consumer pressure than the commercial one.
The citizenry is the only remaining guardrail, and it is a guardrail under active erosion. Opting out of the digital ecosystem is no longer a meaningful choice for most people; it is synonymous with social and economic exclusion. This means that the friction capable of slowing the accretion cannot come from individual withdrawal. It must come from a population technically literate enough to audit the systems it inhabits, to distinguish valid defense from structural encroachment, and to apply political pressure at the specific points where the loop can be interrupted. Blind trust, in this environment, is a subsidy to the infrastructure being built around it.
This analysis is a necessary stress-test of the social contract, but stress-testing without ongoing situational awareness is insufficient. The shifts documented here do not pause between publications. For those seeking to move beyond passive consumption and build genuine technical literacy in real-time, the OSINT report newsletter is built for exactly this purpose. It is AI-powered and fully tailored: subscribers select the topics most relevant to their domain, from cyber conflict and state surveillance to geopolitical infrastructure and platform governance, and set their own cadence, daily, weekly, or monthly, depending on how closely they need to track the terrain. In an information environment saturated with automated disinformation, particularly around active conflict, having a curated, intelligence-grade signal rather than a raw feed is the precondition for the kind of informed friction this moment requires.
Reclaiming the Air-Gap
The vocabulary of democratic resistance was built for a different kind of threat, one that arrives with a declaration, a uniform, or a law you can challenge in court. Silent Accretion produces none of these. There is no single legislation to repeal, no single contract to cancel, no single company to break up that reverses the architecture already in place. Each component is defensible. Each vendor has a terms of service. Each state program has a legal memo. The problem is what they become in aggregate, and that aggregation is now running faster than the oversight mechanisms designed to audit it.
This is precisely why the air-gap between civilian data and state intelligence must become a legal and architectural requirement rather than a policy preference, because preferences bend under the pressure of the next security briefing, and the next one after that. Voluntary commitments made in peacetime have a consistent record of being reclassified as obstacles when the emergency arrives. The architecture must be built to resist that reclassification, not to depend on the goodwill of whoever is administering it at the time.
The question was never whether any single administration could be trusted with this infrastructure. The question is whether every administration that follows can be, because the infrastructure, once built, does not change governments when the government changes. It does not change hemispheres either. The architecture being assembled now, through product updates and security contracts and individually reasonable choices made in Washington, Brussels, Beijing, and Islamabad, will be inherited by actors no one can yet name, operating in conditions no one can yet predict, with legal frameworks that will have had years to quietly expand around them. There is no geography that sits outside this. There is no passport that exempts its holder. The observer watching these shifts from a different continent, a different legal system, a different political tradition, is not watching from safety. They are watching from inside the same architecture, from a different room.
The doors are being locked. The question is whether anyone will retain the keys.
“The hottest places in Hell are reserved for those who in time of moral crisis preserve their neutrality.” — Dante
“First they came for the Socialists, and I did not speak out — because I was not a Socialist. Then they came for the Jews, and I did not speak out — because I was not a Jew. Then they came for me — and there was no one left to speak for me.” — Martin Niemöller
