NATO Narrowly Repels a Simulated Russian-Style Cyberwar — and the Result Should Alarm Everyone

The lights went out in Peranza. A flood overwhelmed emergency services before officials could agree on what to say. Hackers seized the banking system and, within hours, social media was full of AI-generated posts blaming the government for every crisis at once.

Peranza is not a real country. The blackout, the flood, the bank hack — none of it happened. But the panic, confusion, and corrosion of public trust that followed were entirely plausible. That was the point.

In a three-day exercise held this week at a NATO facility in Bydgoszcz, Poland, the Alliance tested what happens when an authoritarian state weaponises disinformation alongside cyberattacks — replicating, in a controlled environment, the kind of hybrid warfare that Ukraine has faced in real life every day since Russia's full-scale invasion in February 2022. A team of Ukrainian specialists played the aggressors, flooding fictional social media with AI-generated content designed to sow discord. A NATO team had to fight back. The Alliance won — barely.

The fact that it was this close is the story.

Ukraine's Experts Played the Villain — and Nearly Won

The scenario was built around a fictional democratic nation called Peranza and its authoritarian neighbour, Karti, which had long harboured territorial ambitions. Ukrainian representatives were assigned to play Karti: flooding social media with AI-generated messages that attributed every crisis — the blackout, the flood, the bank hack — to government incompetence and corruption, while simultaneously offering aid to struggling residents. It is a precise replica of tactics Russia has deployed against Ukraine and European democracies for years.

The Peranza team — playing the defensive NATO role — responded with calls for national unity and public warnings about looting and disorder. The exercise was assessed by a jury of academics and disinformation experts who evaluated how effectively each side shaped the information environment.

Karti, the aggressor team, lost in two of the three scenarios. But only just.

Ukraine's near-victory is not an embarrassment for NATO — it is a demonstration of expertise. Ukrainian officials and military personnel have spent four years on the receiving end of precisely this kind of attack. They know what works because they have watched it work against their own population. For NATO, the simulation is a warning: the playbook Ukraine's defenders can describe in detail is the one that could be deployed against any Alliance member at any moment.

What Is JATEC, and Why Does It Matter?

The exercises took place at the NATO Joint Analysis, Training and Education Centre — known as JATEC — which was inaugurated in Bydgoszcz in February 2025. It is the only NATO facility jointly staffed and managed by both Alliance personnel and Ukrainian representatives. One third of its roughly 60 staff are seconded from Kyiv, including personnel from the Ukrainian Armed Forces, the Ministry of Defence, and intelligence services.

JATEC is built on a straightforward but important premise: Ukraine is fighting the war that NATO has spent decades trying to prepare for, and the lessons being learned on Ukrainian battlefields and in Ukrainian command centres are more valuable than almost any training exercise the Alliance could design on its own.

Ukrainian officials share hard-won expertise in drone swarms, electronic warfare, and decentralised command structures — the kind of knowledge that only comes from operating under sustained attack. In return, Ukraine gains broader access to NATO software, engineering capabilities, and military education frameworks that help align its forces with Alliance standards. The exchange is not charity; it is mutual investment.

The Bydgoszcz simulation was funded by the German armed forces and run on a digital war-gaming platform developed by the French IT company Atos. It is the kind of structured, scenario-based rehearsal that security analysts have argued NATO needs far more of — and far more urgently.

Hybrid Warfare Is No Longer a Niche Concern

The simulation took place against a backdrop of dramatically escalating real-world hybrid activity. The term "hybrid warfare" was once treated as something of a strategic abstraction — interesting to academics, distant to governments. In 2026, it is front-page news across Europe.

Earlier this year, more than 150 suspected hybrid incidents linked to Russia were recorded across European Union and NATO member states. In Germany alone, authorities logged 321 suspected incidents in a single year, including escalating drone intrusions into national airspace and disinformation campaigns targeting critical infrastructure. Analysts at GLOBSEC and the International Centre for Counter-Terrorism documented a fourfold increase in Russian sabotage and vandalism operations compared to the previous year, with criminal networks increasingly being recruited by Russian intelligence to conduct operations that maintain plausible deniability.

Russia's "shadow fleet" — tankers operating under third-country flags to circumvent Western sanctions — has been used to damage undersea fibre-optic cables in the Baltic. Repeated cuts to surveillance and optical cables in the Baltic and Nordic regions have prompted European intelligence agencies to conclude that Moscow is systematically mapping and targeting the infrastructure that connects the continent's economies and defence systems.

Dutch intelligence noted this year that it had detected, for the first time, a Russian cyberoperation against critical infrastructure in the Netherlands, possibly as preparation for sabotage. The agency concluded that Russia is "increasingly prepared to take risks" and described the grey zone between war and peace as having become "a reality."

None of this is random. As analysts writing in the U.S. Naval Institute Proceedings noted in April, Russia's hybrid operations follow a coherent intelligence doctrine — what Moscow calls "new generation warfare" — that has been developing continuously for three decades. The current wave of sabotage, disinformation, and cyber intrusion is strategic, not episodic.

Britain's Most Serious Attacks Now Come From Nation States

At the CYBERUK 2026 conference in Glasgow in April, Richard Horne, chief executive of the UK's National Cyber Security Centre, delivered a warning that has since reverberated across Western security establishments. The NCSC, he told the conference, continues to handle around four nationally significant cyber incidents every week. But the character of those incidents has shifted: the majority of the most serious attacks now originate, directly or indirectly, from nation states — China, Iran, and Russia — not from criminal gangs acting alone.

"Russia is scaling up its daily hybrid activity against the UK and Europe," GCHQ Director Anne Keast-Butler said separately in May, describing adversary behaviour as "increasingly brazen." In April, the NCSC and its international partners issued a formal advisory warning that China-linked actors were hiding malicious cyber activity on critical infrastructure networks — mapping systems, testing access, laying groundwork. The previous month, the NCSC had publicly exposed Russian military intelligence hijacking vulnerable internet routers to conduct cyberattacks.

The UK government's own assessment is that hostile state activity now takes place on British soil routinely, and that cyberattacks can and do undermine public services. Security Minister Dan Jarvis, speaking at CYBERUK, called on leading AI companies to work with government to build AI-powered cyber-defence capabilities before adversaries fully deploy AI-powered cyber-offensive ones. That race, he implied, is already underway.

The AI Amplification Problem

One of the most significant developments illustrated by the Bydgoszcz simulation was the role of artificial intelligence in scaling disinformation. The Karti team did not produce their social media content manually — they used AI-generated messages. This is not a hypothetical future capability. It is current.

The UK government published an open letter to business leaders this spring confirming that the AI Security Institute had assessed frontier AI models as "substantially more capable at cyber offence than any model previously tested." Simultaneously, Russian-aligned hacktivist groups — driven, the NCSC has assessed, by ideological opposition to Western support for Ukraine rather than financial gain — continued to target UK organisations with denial-of-service attacks and website defacements in early 2026.

The convergence of state resources, criminal networks, and AI-assisted influence operations represents a threat of a different order than anything the West has previously dealt with in peacetime. Content that once required coordinated teams of human operatives can now be produced at volume and at speed, personalised to local audiences, and deployed across multiple platforms simultaneously. The Peranza team in Bydgoszcz dealt with a simulated version of this. Real governments are dealing with something faster, harder to trace, and growing.

What the Simulation Did Not Resolve

The exercise in Bydgoszcz was valuable precisely because it was honest about the difficulty of the problem. NATO won — but barely. In two of three scenarios, a team with real-world experience of conducting these attacks very nearly broke through the Alliance's defences.

That is not a comfortable result for an organisation whose members include countries that have not faced this kind of sustained pressure and whose populations are, in many cases, encountering serious disinformation campaigns for the first time. Ukraine's experience is four years deep. Estonia's experience stretches back to 2007, when Russian-linked attackers shut down the country's internet infrastructure for three weeks. Most NATO members have experienced nothing comparable.

The structural problem, identified repeatedly by European analysts, is that the West remains largely reactive. Defences — fact-checking mechanisms, content moderation systems, individual sanctions — are activated after attacks are underway. Russia's hybrid operations are coordinated, offensive, and persistent. Europe, in the current configuration, is not structured to impose meaningful costs at or below the threshold of conventional military response.

JATEC is an attempt to close that gap — to harvest the knowledge Ukraine has accumulated at terrible cost and distribute it across an Alliance that has the resources to act on it but has, until recently, lacked the real-world reference points to understand what it is actually up against.

The lights going out in Peranza, the flood with no coherent official response, the banking system locked and social media aflame — all of it fictional, all of it a warning. Ukraine lived it. NATO practised it. The gap between practice and preparation is what everyone involved in Bydgoszcz is now trying to close.

Sources: Financial Times / Ukrainska Pravda reporting on JATEC exercise (June 2026); NATO Allied Command Transformation JATEC inauguration (February 2025); GLOBSEC hybrid warfare analysis (January 2026); UK NCSC CYBERUK 2026 conference (April 2026); GCHQ Director Bletchley Park lecture (May 2026); NCSC router hijacking advisory (April 2026); Dutch MIVD annual report (February 2026); U.S. Naval Institute Proceedings, "The Hallmarks of Russia's Hybrid War" (April 2026).