AI in Defence — What's Real, What's Marketing

Executive Summary

The UK and NATO are spending record amounts on defence AI. The Strategic Defence Review 2025 set a path to 2.5% of GDP by 2027 and 3% in the next Parliament, ahead of NATO's new 3.5%-by-2035 target. The £500m Sovereign AI Unit launched on 16 April 2026, and the Asgard programme awarded four-year contracts to 26 companies in January 2026. The spending is real, the buyers are real, and the capability gap between advertised "AI-enabled" products and operationally deployable systems is also real, and wider than the pitch decks suggest.

This piece is an operator's read of where the AI-in-defence market actually is, written for institutional investors, defence-tech founders, and corporate security leaders who need to tell the difference between capability and capability-marketing before they commit capital, attention, or procurement bandwidth.

---

Where the capability is real

Four areas where the "AI-enabled" claim holds up under scrutiny today:

Decision-support under the Asgard programme. The January 2026 contract awards to 26 suppliers fund "advanced digital decision-supporting capabilities." The cohort includes specialist AI firms such as Anduril and Helsing, alongside traditional primes including QinetiQ, Leonardo and Tekever. This is genuinely what it says on the tin: AI-assisted fusion of intelligence, targeting and logistics data for operational headquarters. A prototype was deployed within four months of the awards during NATO Exercise Hedgehog in Estonia. The capability exists, is being fielded, and is measurably faster than the equivalent all-human workflow.

ISR fusion. Autonomous detection and tracking trials led by Dstl, using existing UAV swarm platforms developed by UK-based vendors such as Blue Bear, are deployed at operationally useful scale. The technology is mature. The bottleneck is integration with existing C2 systems, not the AI itself.

Machine-speed decision-making in air and missile defence. The digital targeting web MVP targeted for 2026, full-capability 2027, is the UK's clearest procurement commitment to AI-enabled kinetic timelines. The capability is real, the timelines are credible, and the spending is sustained.

Cyber threat fusion. Less talked about but possibly the most mature category. AI-assisted triage, correlation and threat-hunting products are operationally deployed across UK government and allied cyber commands. The product category is mature. The differentiation game is about dataset quality, not algorithmic novelty.

Where the vendor narrative isn't real

A structured read of where "AI-enabled" claims routinely fail:

"AI-enhanced" labelling on deterministic products. Rule-based routing, scripted alerting, and waterfall decision trees are being re-labelled as AI because the category is funded. An operator-grade capability read catches this in 30 minutes; a generalist DD team often misses it. It matters because these products are priced at AI-category multiples and deliver conventional-product capability.

Autonomy claims without adversarial test data. Autonomous systems that perform well in developer-controlled test environments frequently fail in contested or degraded-environment testing. The pitch deck shows the former; the MOD and DoD buy against the latter. Vendors who can't produce adversarial test data are usually saying so by omission.

"Sovereign" and "trusted" claims that don't survive a supply-chain audit. The defence-AI market has been quick to adopt sovereignty language. Fewer vendors can actually describe where their training data came from, which foundation models they depend on, or how their upstream supply chain would hold up in a sanctions event. The DSIT–Anthropic MoU of 13 February 2025, and the subsequent selection of Anthropic to build a Claude-powered GOV.UK assistant, provides a sovereignty-adjacent anchor for Claude-based deployments. It is the exception, not the rule.

"Dual-use" as strategic camouflage. Several commercial AI vendors are rebranding as dual-use to access defence capital. Some have genuine defence applicability. Others are commercial SaaS products with a stars-and-stripes sticker. The test is whether the product roadmap actually changes when defence customers onboard. In most cases it doesn't, and the dual-use framing is a fundraise story, not an operational plan.

These four failure modes are present in the funded cohort to a meaningful degree. Naming the patterns is straightforward; quantifying their share is not. (Confidence: high on the patterns; low on prevalence — no structured market census of defence-AI capability claims exists yet.)

What capital is doing about it

Institutional capital is flooding in faster than the capability is developing. European defence, security and resilience startups raised $8.7bn in 2025, up 55% year-on-year, with late-stage rounds tripling to $4.7bn. AI underpinned 44% of the funding total, the highest share in six years. DTCP's "Project Liberty" fund targets €500m for European defence and security tech. The InvestEU Defence Equity Facility is a €175m instrument expected to unlock over €500m in support, sitting alongside the European Tech Champions Initiative, with a Q2 2026 platform launch and an €80bn mobilisation target across strategic sectors. The UK Sovereign AI Unit adds another £500m targeted at domestic AI infrastructure and AI-native companies.

The signal in the data is unambiguous: capital commitment is now a multi-year structural story, not a cyclical trade. The risk in the data is that capital deployment velocity is outrunning the industry's ability to deliver differentiated capability. The quality of operator-grade due diligence on AI-specific claims has become the constraint on deploying capital well, not finding it. (Confidence: medium-high on the velocity-vs-capability gap; lower on how long it persists before the cohort thins through consolidation and failed-to-deliver attrition.)

This is the gap Iron Command Advisory exists to close.

What founders should actually test before they pitch

Five questions a defence-tech founder should be able to answer in 90 seconds before walking into any serious procurement or investor meeting:

1. What is the specific degraded-environment behaviour of your AI? If you can't state it in terms an operator would recognise, you aren't ready for procurement.
2. Where did the training data come from and how is its provenance managed? Operators and procurement both ask this now. Vendor vagueness is increasingly disqualifying.
3. Which framework buy route is your first deal actually going through? RM6200, G-Cloud, DOS, CSS3, direct-award: each has a distinct sales cycle. Pitching "MOD" without a specific framework narrative is a red flag.
4. How does your product hold up against the Asgard cohort? The 26 Asgard suppliers effectively set the competitive bar for decision-support capability in the UK. Any capability claim should survive direct comparison with at least one of them.
5. What's your cyber posture, and what's the supply-chain narrative? Every defence-AI vendor is a cyber target, and every investor now asks. Ship the answer proactively.

What investors should actually test before they commit

Five structural questions a defence-tech investor should ensure are answered in diligence, independent of the founder's narrative:

1. Is the "AI" in the product actually AI, or is it deterministic engineering wearing a category label?
2. Has the capability been stress-tested in an adversarial or degraded environment, or only in developer-controlled demo conditions?
3. Is the procurement story credible at framework level (which buy route, which buyer, which timeline), or is it "MOD wants this" with no more?
4. What's the sovereignty and supply-chain picture across training data, upstream models, sanctions exposure and classified-handling posture?
5. Are the cyber fundamentals in place at a level that will survive a procurement security audit?

Each of these is a live question we work on inside Iron Command Advisory, and each is the kind of question that separates a defence-tech founder ready to scale from one whose story won't survive the first serious procurement pass.

---

Where this market goes next

The four-year view for AI-in-defence is structurally bullish and specifically volatile. Structural because the spend is committed, the procurement frameworks are operational, and the integration momentum is real across UK, NATO and allied procurement. Specifically volatile because capital is outpacing capability, shifting US AI vendor positioning is reshuffling the sovereignty landscape in ways that have opened explicit UK opportunities that would not have existed 12 months ago, and a meaningful fraction of the funded cohort will not survive a serious capability audit.

For investors, the implication is that quality of operator-grade diligence matters more than deal access. Everyone has deal flow. Very few have the analytical framework to read the deal accurately.

For founders, the implication is that clarity of capability narrative, grounded in what operators actually need rather than what a pitch deck sounds like, will be the decisive advantage over the next 18 months. The vendors who can describe degraded-environment behaviour, supply-chain provenance and specific procurement path credibly will win. The vendors who can't, won't, regardless of how well the AI layer actually performs in a demo.

For corporate security leaders and CISOs, the implication is that the AI-adjacent attack surface is genuinely bigger now than it was a year ago, that state-sponsored interest in the defence-tech vendor base has demonstrably scaled, and that the intelligence-led view of state cyber threat needs to be updated on a monthly cadence rather than annually.

---

Sources

1. UK Government, The Strategic Defence Review 2025 — Making Britain Safer, June 2025.
2. House of Commons Library, Strategic Defence Review 2025: Key points and paper series, 2025.
3. UK Government, Sovereign AI Unit, launched 16 April 2026.
4. Computer Weekly, "UK MoD awards more than two dozen contracts for AI targeting systems", January 2026.
5. Forces News, "Project Asgard: the targeting technology driving a shift in lethality for the British Army".
6. UK Government, Memorandum of Understanding between the UK and Anthropic on AI opportunities, 13 February 2025.
7. Anthropic, "Anthropic partners with the UK Government to bring AI to public services".
8. NATO Innovation Fund and Dealroom, European Defence, Security & Resilience Startups Smash Record with $8.7B Raised in 2025, February 2026.
9. DTCP, DTCP Launches €500 Million Fund for Defence and Security Technologies in Europe, January 2026.
10. European Investment Bank, "EIB Group powers up flagship investment instruments to boost Europe's tech leadership and defence capabilities", March 2026.
11. European Commission, InvestEU Defence Equity Facility, March 2026.
12. Hüsch, P., Joshi, P. and Sylvia, N., "Defence AI Beyond the Headlines", RUSI Commentary, 29 April 2026.

---

Ben Brand is founder of Iron Command Advisory and a former British Army intelligence analyst. He writes on AI in defence and capability assessment at ironcommand.co.