The United Nations Institute for Disarmament Research (UNIDIR) opened its second annual Global Conference on AI, Security and Ethics (AISE26) on Thursday morning at the Palais des Nations in Geneva, convening diplomats, military officials, AI researchers, and defence industry representatives for two days of reckoning with a question that prior international conferences have only named but not answered: how do you enforce rules for AI systems that operate at speeds and at a scale that outrun every governance framework currently in existence?

The conference opened a day after UNIDIR formally launched its Centre of Excellence on AI, Peace and Security on Wednesday evening — a permanent institutional platform designed to sustain the governance work between summits rather than allowing it to dissipate between meetings. More than 500,000 people tuned into the 2025 inaugural edition online, and today's gathering is again livestreamed globally.

The forum arrives at a moment with a sharp and concrete edge. In a briefing submitted to the parallel UN informal exchanges on AI in the military domain this week, Human Rights Watch documented a structural failure that frames the entire conference: military AI systems are being deployed in active conflict zones and evaluated by the battlefield itself — not by the rigorous pre-deployment testing, evaluation, verification, and validation (TEVV) that international humanitarian law requires for any new means or method of warfare. In practice, real people are bearing the cost of an accountability gap that existing legal frameworks have no mechanism to close.

From Norm-Making to Enforcement: What Changed

AISE26 is explicitly positioned as a transition conference. In prior years, international debate over military AI still centered on conceptual questions — should there be norms, and what form should they take? This year, UNIDIR's framing has shifted to implementation, practical governance measures, and the hard engineering and legal work of translating existing international law into verifiable institutional practice.

That shift is anchored in three specific UN milestones. General Assembly resolution 79/239, adopted in December 2024, affirmed that international law applies throughout the entire lifecycle of military AI systems. The Secretary-General subsequently published the first-ever UN report on AI in the military domain (A/80/78), documenting how AI tools are already generating strike recommendations, maintaining targeting databases, and guiding autonomous navigation in conflicts including Ukraine and Gaza. A follow-up resolution, 80/58, adopted December 1, 2025, mandated the informal Geneva exchanges running this week — though notably, both the United States and Russia voted against it, signaling the geopolitical difficulty ahead for any forum that brings those two powers back to the same table.

AISE26 is designed to feed directly into that multilateral process, running consecutively with the informal exchanges that concluded Wednesday.

The Technical Gap That Rules Cannot Close Alone

The most consequential research entering AISE26 is not about what norms should say — it is about what enforcement actually requires at a technical level.

Human Rights Watch's June 2026 briefing to the Geneva process states plainly that AI adoption in the military domain is outpacing the testing, evaluation, verification, and validation on which the lawful use of any new means or method of warfare legally depends. The reason is partly structural: AI systems resist traditional testing approaches and can only be partially assessed through formal methods and simulations. Their opacity further limits reliable evaluation. When a targeting system is a black box — as the US Army warned in 2025 about one system developed by Palantir and Anduril — it is impossible to inspect the algorithm for hidden biases that could lead to the misidentification of civilians as military targets.

The problem compounds at the level of algorithmic bias in military AI decision support systems. Researchers at the International Committee of the Red Cross and the Stockholm International Peace Research Institute have documented three categories of bias — societal (from training data), technical (from algorithm design), and emergent (from deployment conditions) — and a fourth structural risk: automation bias, the documented tendency of human operators to defer excessively to automated system outputs under time pressure. When an operator has thirty seconds to approve or reject a firing solution that an AI system has already analyzed, the human decision is less a check than a ratification. Meaningful human control, the principle at the center of every major AI governance framework, becomes harder to define as the kill chain compresses from hours to minutes.

Day 1 addressed this directly. Dr. Jane Pinelis and Kerstin Vignard of the Johns Hopkins University Applied Physics Laboratory opened the morning's technical sessions with an examination of what algorithmic bias means specifically in defence and security contexts, where biased outputs can have life-or-death consequences. Ben Fawcett of Advai followed with a deep dive on how adversarial evaluation platforms are attempting to address what practitioners call a critical gap between capability claims and real-world AI performance under adversarial conditions — the same gap that CSIS analysts identified as a core failure in defence AI procurement: no systematic way to measure operational metrics for targeting AI, because existing benchmarking approaches were designed for commercial performance, not for life-or-death decision-making in fluid conflict environments.

Agentic AI in Cyber Defence: Governing What Cannot Be Paused

One of the day's most technically significant sessions addressed a specific and under-governed problem: agentic AI systems in cyber defence. Unlike traditional AI decision support, agentic systems pursue goals across multiple steps, adapt to new information, and maintain memory of prior actions — often without a human reviewing each intermediate decision. A lightning talk posed the question its own title asked: "Who's in the loop when the loop keeps moving?" When an agentic system in a cyber defence role re-prioritizes its own targets, remembers prior adversary behavior, and executes defensive actions on its own initiative, the human oversight required by IHL may exist on paper but not in practice.

IAEA Director General Rafael Grossi joined the morning's marquee fireside chat, underscoring the conference's emphasis on AI's intersection with existing arms control frameworks. His presence signaled the IAEA's growing concern about AI-enabled interference with nuclear infrastructure — a scenario that moves the governance stakes from battlefield casualties to potential catastrophe.

Major General Dr. Pawan Anand of the United Service Institution of India presented a deep dive on the governance challenges created by dual-use AI technologies — systems with both civilian and military applications whose governance cannot be neatly separated into commercial and weapons-law tracks. Daniel Ross of Dynamo AI and Canada's former Defence Minister, the Honourable Harjit Singh Sajjan, then addressed the gap between governance policy on paper and enforceable oversight in practice.

A Novel Threat: POW Deepfakes and the Limits of IHL

Among the most unusual sessions scheduled for Day 2 is one examining whether AI-generated deepfakes of prisoners of war can be governed under existing international humanitarian law — an issue that has already arisen in recent conflicts. Dr. Matthew Kennedy of the Oxford Internet Institute and Nathan Heath of Syntony will present research on a specific legal gap: existing IHL prohibits perfidy — acts that exploit an adversary's reliance on the laws of war by inviting trust to betray it — but was not designed for synthetic media that can fabricate a prisoner's voice and likeness in hours. A deepfake video of a commander ordering troops to surrender before an ambush would constitute perfidy. But attribution, detection, and enforcement all require capabilities that international frameworks do not yet have institutional structures to deploy in real time.

Small States, Large Risks

Two sessions on Day 1 surfaced a dimension almost entirely absent from most AI security discourse. Dr. Hina Tahseen of the Somerset NHS Foundation Trust presented research on AI systems' documented inability to reliably distinguish distress signals from threat signals in human communication — with direct implications for AI tools used in counter-terrorism or border security, where the misclassification of distress as threat can result in lethal escalation. Clara Kaluderovic of Mental Health Global examined the governance of AI tools designed to support military veterans' mental health — a growing and lightly regulated application space where the stakes of system failure are personal rather than geopolitical.

Ashlie Robinson of the Jamaica Artificial Intelligence Association, presenting in Day 2, will deliver research on how failures in military AI governance disproportionately threaten small island developing states — populations that had no role in building these systems, hold no seat at the major-power negotiating tables, and bear asymmetric risk from their deployment.

Day 2: Governance and the US-China Question

Friday's sessions shift to governance, opening with IBM Consulting's Phaedra Boinodiris synthesizing a live collective intelligence exercise running throughout both conference days.

The most closely watched session will be a high-stakes discussion on US-China AI norms, featuring Tim Rutherford of the Minderoo Foundation, Xiao Qian of Tsinghua University, and Dr. R. David Edelman of MIT and the Brookings Institution. Against the backdrop of both countries voting against or abstaining on key UN AI-military governance resolutions while simultaneously sending delegates to AISE26, the session will examine where common ground on military AI governance might still be found — and whether technical standards, rather than political declarations, offer a more durable path.

The conference closes with ambassadors from France, South Korea, and China — H.E. Anne Lazar-Sury, H.E. Si-jin Song, and H.E. Shen Jian — at the same table to discuss the future of AI governance in security contexts. Their presence together, representing three of the world's most consequential AI powers, is itself a statement about what AISE26 has built: a neutral space where the geopolitical divides that have blocked progress elsewhere have not, at least not yet, closed the door.

What UNIDIR's New Centre Means for Long-Term Governance

UNIDIR's Centre of Excellence on AI, Peace and Security, formally launched Wednesday evening with Switzerland and Pakistan as co-hosts, is designed to address the fragmentation problem that has defined AI governance for a decade: critical work on military AI, strategic stability, and conflict dynamics has unfolded across forums that do not systematically connect, leaving states without the sustained technical expertise and institutional memory to translate conference commitments into national implementation.

The Centre will serve as UNIDIR's permanent umbrella for research, dialogue, and capacity-building — specifically for states with limited resources or technical expertise that risk becoming norm-takers rather than norm-shapers. UNIDIR Director Dr. Robin Geiss has identified the core problem not as a lack of effort but as a structural one: these efforts unfold in parallel, across communities and processes that do not connect effectively.

Whether two days in Geneva can close the gap between the pace of military AI deployment and the pace of international governance is an open question. But with nuclear regulators, Chinese and American experts, African and Caribbean delegates, defence contractors, and humanitarian law scholars all in the same room — simultaneously — AISE26 represents the most structurally complete attempt yet to bring the enforcement question out of the abstract and into the room where deployment decisions are already being made.

Frequently Asked Questions

What is the UNIDIR AI, Security and Ethics conference, and why does it matter in 2026?

UNIDIR's Global Conference on AI, Security and Ethics (AISE26) is a two-day multilateral forum bringing together governments, defence agencies, AI researchers, and civil society to address how artificial intelligence is reshaping international security. The 2026 edition matters because it marks a formal shift in international focus from establishing principles to implementing enforceable governance — and it runs immediately after the UN's first formal state-level exchanges on AI in the military domain, mandated by General Assembly resolution 80/58.

How is AI already being used in warfare, and what governance gaps does that create?

Human Rights Watch documented in June 2026 that AI systems are generating strike recommendations, maintaining targeting databases, and guiding autonomous navigation in conflicts including Ukraine and Gaza — before meeting the testing, evaluation, verification, and validation standards that international humanitarian law requires for any new means or method of warfare. The opacity of AI targeting systems makes it structurally impossible under current IHL to attribute biased targeting errors to a responsible human decision-maker, closing the accountability loop that IHL requires.

What is the current status of autonomous weapons regulation internationally?

Autonomous weapons — systems designed to independently select and engage targets — have been under discussion at the UN through the Convention on Certain Conventional Weapons Group of Governmental Experts since 2014. As of June 2026, no binding treaty exists. The CCW Group's mandate expires at the 2026 Review Conference in September. A December 2024 UN General Assembly resolution supported a legally binding instrument, but a December 2025 resolution mandating informal state exchanges was opposed by both the United States and Russia — the two countries whose cooperation any binding regime would ultimately require.

Can AI-generated deepfakes of prisoners of war violate international humanitarian law?

The question is legally unresolved, though legal scholars argue that deepfakes used to deceive an adversary into lowering defenses — for example, a fabricated video of a commander ordering surrender before an ambush — would constitute perfidy under the 1907 Hague Convention and Additional Protocol I to the Geneva Conventions. Russia and Ukraine have both deployed deepfakes in their ongoing conflict. Whether IHL's prohibition on perfidy can be applied, attributed, and enforced against synthetic media in real time is one of the novel legal questions AISE26 is addressing on Day 2.