By Lt. Col. Clay Johnson, Defense Opinion Writer.
Generative artificial intelligence tools like ChatGPT are now deeply embedded in Americans’ daily workflow. Subscriptions reportedly exceed 11 million, with hundreds of millions of weekly users. This level of usage suggests similar widespread use across the U.S. military, including in professional military education, which includes such institutions as the Army War College and National Defense University.
While these tools offer clear benefits, their routine use introduces underexamined risks for the military. Warfighters may be unknowingly revealing sensitive patterns of strategic thought through their interactions with commercial AI systems. Each prompt may seem insignificant, but when aggregated they form a cognitive fingerprint revealing what Sun Tzu described as the highest form of advantage: knowing one’s enemy.
Why this matters
Every GPT prompt holds a fragment of the user’s strategic reasoning. For military professionals, that reasoning is shaped by operational experience, classified knowledge and years of immersion in national security and defense. When combined, these prompts reveal how U.S. leaders conceptualize and navigate security problems.
Our enemies know this, which is why cyber attacks on AI systems are on the rise. The attacks range from information leakage to bypassing AI guardrails and have been highly successful. These findings demonstrate that extracting sensitive reasoning from AI interactions is not a theoretical risk but an actively exploitable vulnerability.
In 2023, Samsung engineers unintentionally leaked sensitive source code and internal notes to ChatGPT, prompting an immediate company-wide ban on generative AI. The episode illustrates how easily routine use of commercial AI systems can expose critical information.
For military professionals, this is an even greater risk.
Historically, adversaries have relied on U.S. doctrine and military exercises to infer American thinking and decision-making. Generative AI introduces an entirely different kind of exposure. Now, adversaries can literally peer into the minds of leaders who will go on to shape U.S. national defense.
If adversaries could harvest this raw cognitive data, whether through a breach or collection from commercial platforms, it could reveal an unprecedented view into how the U.S. military conceptualizes warfighting. Adversaries could, for example, gather millions of prompts over time and map strategic thought. This may be the clearest modern expression of Sun Tzu’s maxim.
Football sign-stealing analogy
In football, sign stealing occurs when teams try to decipher an opponent’s play-calls. Given this, teams invest enormous effort into hiding their play-calls. A stolen play-call reveals more than a single play; it begins to expose an underlying philosophy; tendencies on third downs or preferred formations, for example. The danger is not just the stolen sign. It is the pattern that begins to emerge on how the other team plays and thinks.
GPT introduces similar, but far more consequential, vulnerabilities.
When military officers ask GPT for assistance, they often reveal their inner thoughts about security issues. Consider a hypothetical student at a professional military institution who prompts AI with this question: “Generate a 500-word essay on how the Peoples Republic of China would respond to a combined logistics exercise to resupply the Second Thomas Shoal in the South China Sea.”
The prompt alone signals operational considerations, but the follow-up prompts and iteration begin to reveal deeper reasoning. One prompt is like one football play-call; aggregated prompts expose the entire playbook.
A New Form of Intelligence
Adversaries already study U.S. doctrine and wargaming outputs. GPT prompts are different. They expose what U.S. leaders worry about most and how they think through priority issues, such as escalation, logistics, allied commitment and deterrence. Research shows that AI platforms can reveal memorized fragments of training data, including private user inputs, when probed. This makes user prompts a potential source of intelligence.
The Department of Defense has now taken a major step forward with the launch of Gemini for Government. This addresses an important gap by giving warfighters access to protected tools rather than relying on commercial platforms. Yet this development also increases the risks. By placing generative AI on every desktop, the department has dramatically expanded the volume of cognitive data that could reveal patterns of U.S. strategic reasoning. Enterprise security protects data but does not mitigate all the risks. While the department has solved the infrastructure issue, the cognitive fingerprint problem remains.
Protecting cognitive fingerprints
The defense community now sits at a turning point. Gemini for Government enables efficiencies but also consolidates the raw intellectual patterns of the U.S. military’s strategic workforce. This data may become one of the most valuable intelligence targets of the modern age. As the Department of Defense accelerates use of AI, protecting cognitive fingerprints must become a security priority. Meeting this challenge will require more than a new platform: it calls for guidance on prompt discipline, red-team testing to identify leakage risks, and PME curricula that train officers to leverage AI without exposing how they think.
In an era where knowing your enemy is as much about understanding how they think as what they do, the U.S. cannot afford to let its most valued warfighters reveal their reasoning to adversaries, one prompt at a time.
Lt. Col. Clay Johnson is an Army strategist and assistant professor at the National Defense University’s Joint Forces Staff College in Norfolk, Virginia. The views expressed here are those of the author and are not an official policy or position of the National Defense University, the Defense Department or the U.S. government.
Are you a Defense Daily reader with a thought-provoking opinion on a defense issue? We want to hear from you.
- We welcome submissions of opinion articles on national security, defense spending, weapons systems and related areas.
- We welcome submissions from lawmakers, administration officials, industry representatives, military officials, academics, think tank experts, congressional candidates, international experts and others on issues important to the national defense community.
- We welcome a diverse range of opinions all along the political spectrum.
- Email: editor@DefenseOpinion.com
