Top-down photograph of a single small black drone loitering above fog at dawn, distant industrial silhouettes below.

Realtime intel · public-info · best-effort · mid-2026

What “cyber war” looks like right now.

Drones replaced artillery. Volt Typhoon pre-positioned in US infrastructure. Palantir won Maven. The textbooks are years behind the field. This is the floor.

Drones are the air force you actually have.

Five facts to update your mental model.

FPV drones replaced artillery as the main precision weapon in Ukraine

First-person-view racing drones rigged with ~1kg of explosives are the dominant precision-fires platform on the Russia-Ukraine front as of public reporting through 2025-2026. Unit cost: $400-$1,000. Effective range: 5-20km. Both sides are producing hundreds of thousands per month. The economic asymmetry — a $500 drone disabling a $4M tank — has rewritten what 'attritable' means in warfare. Public reporting: Reuters, FT, AP throughout 2024-2025.

Loitering munitions are everywhere

AeroVironment Switchblade 300/600 (US, Ukraine), ZALA Lancet (Russia), HESA Shahed-136 (Iran/Russia), IAI Harop (Israel), Aerovironment Altius and Anduril Bolt (US). The loitering munition category — a drone that flies to an area, identifies a target, and dives into it — is now production-line standard across all major militaries.

Anti-drone has become its own discipline

EW (electronic warfare) jamming, RF-detection grids, directed-energy systems (lasers, microwaves), kinetic counter-drone (anti-air guns, interceptor drones), and AI-driven detect-and-classify systems. US DoD's Replicator initiative announced in 2023 explicitly targets thousands of low-cost autonomous systems alongside counter-drone capability. Anduril Roadrunner is one publicly fielded counter-UAS interceptor.

Swarm autonomy is past prototype

Public demonstrations from 2023-2025: Shield AI Hivemind (multi-UAV autonomous teaming), Anduril Lattice (swarm control software), DARPA's OFFSET program. Coordinated multi-vehicle autonomy is no longer research — it's procurement.

The Replicator initiative is reshaping US procurement

DoD's Replicator initiative, announced August 2023, aims to field thousands of attritable autonomous systems across air/land/sea/space domains within 18-24 months. Replicator-1 publicly named systems include Switchblade 600 (loitering munition), Saronic Spyglass (autonomous surface vessel), Anduril Altius and Bolt, AeroVironment products. Replicator-2 expanded to counter-drone in 2024. Source: DoD public press releases, Deputy Secretary of Defense statements.

Cyber stopped being a separate war.

Cyber is now joint with kinetic operations

The 2008 Russia-Georgia war was the first publicly-attributed combined kinetic-cyber operation. Since 2014 in Ukraine, cyber operations against power grids, government services, satellite comms (Viasat KA-SAT incident attributed to Russia at the outset of the 2022 invasion), and military comms have moved from supporting to integrated. The 'cyber war' is no longer separate from 'war.'

Critical infrastructure is on the line

Public CISA advisories through 2023-2025 disclosed Volt Typhoon (China-attributed pre-positioning in US critical infrastructure for potential disruptive operations) and Salt Typhoon (China-attributed compromise of US telecommunications carriers). These are not espionage in the traditional sense — public attribution describes positioning for sabotage. The 2023 US National Cybersecurity Strategy named this as the central US cyber concern.

Software supply chain is the new contested terrain

SolarWinds (2020, Russia-attributed), MOVEit (2023, ransomware crew, downstream effects across 2000+ organizations), 3CX (2023, DPRK-attributed) — software supply-chain compromises are now the highest-leverage attack pattern. One compromised vendor cascades across thousands of downstream targets. The federal response (Executive Order 14028, the 2023 cyber strategy) treats this as a category one threat.

What this means for an ethical cyber career

Defending US critical infrastructure is the biggest hiring signal in cyber.Volt Typhoon and Salt Typhoon revelations moved budget and headcount from “routine cybersecurity” into “defend the homeland” line items at CISA, NSA Cybersecurity Directorate, the National Labs, and at the major MSSPs (Mandiant, CrowdStrike, Palo Alto Unit 42, Microsoft Defender, SentinelOne).

The defense-industrial base is hiring software engineers as cyber operators. Anduril, Shield AI, Saronic, Helsing, Skydio, Vannevar Labs, Scale AI — these are software companies first. They hire from the same talent pool as Big Tech. The salary delta has narrowed dramatically since 2022. The work satisfaction delta (mission, novelty, agency) has widened.

Pure software bug-hunting and AppSec roles still exist and pay well — see /learn/cyber/hackerone. The point isn't that everyone needs to go to a defense contractor. The point is that the field is much wider than “web pentest” in 2026.

The legal posture for civilians remains tight. None of the above changes the rules in /learn/cyber/legal. A US civilian still cannot legally launch offensive cyber actions against any target. The expanded landscape is for legitimate jobs · the laws haven't bent.

Public sources to read directly

Every claim above traces back to a public document. Skip the secondary commentary and read the primary material.

how LLMs fight →the platforms →← cyber index