Hybrid threats, rooted in authoritarian uses of technology, cause everyday harm. Collective resilience requires dismantling their ecosystems through reconceptualising these threats, comprehensive countermeasures, and cross-regional cooperation.
Authoritarian applications of technology are no longer confined to autocracies; they have spread across regime types and become routine instruments of control. As the boundary between legitimate and coercive use of technology blurs, internal repression and external subversion converge into an ecosystem of norms, incentives, and practices that undermine democratic resilience.
Today’s hybrid threats embody this ecosystem. Once the preserve of hostile foreign actors, they are now deployed across political systems and by domestic groups, each adapting them to their own ends. Through global breaches, domestic control, or influence operations, they demonstrate how authoritarian uses of technology create multi-actor, multi-domain hybrid threats. The 2016 Bangladesh Bank heist illustrates the first: North Korea–linked hackers breached Dhaka’s central bank and channelled 81 million US dollars in fraudulent transfers through the New York Federal Reserve to the Philippines. Internet shutdowns exemplify domestic control. In 2024, 296 such shutdowns were recorded in 54 countries, often imposed during protests or unrest to silence dissent. Disinformation campaigns highlight the cross-actor dynamic: in 2024, Meta dismantled a Bangladesh-based network linked to the former ruling party that targeted domestic audiences with disinformation, while “great replacement” narratives in the United States (US) show how non-state actors drive conspiracy theories later amplified by state actors and used to radicalise audiences locally and across borders. Their multi-dimensional evolution through authoritarian uses of technology underscores the urgent need to reconceptualise hybrid threats.
Their multi-dimensional evolution through authoritarian uses of technology underscores the urgent need to reconceptualise hybrid threats.
Redefining Hybrid Threats
The European Union’s definition of hybrid threats as coordinated attacks below the level of armed conflict has traditionally centred on external actors and their domestic proxies. Today’s landscape, however, requires a broader lens: hybrid threats arise from structural conditions that enable the authoritarian use of technology. They involve states, corporations, non-state actors, and citizens, and threaten not only critical infrastructure and elections but also the fabric of civic and economic life, where digital and physical spheres converge. Hybrid threats must therefore be recognised as a systemic condition that demands integrated, real-time resilience across institutions and civil society. A practice-oriented approach offers the clearest path to accountability. However, three challenges come in the way.
First, the spread of general-purpose artificial intelligence (AI) has expanded risks, scope, and reach of technological misuse.
Second, divergent regulatory approaches have weakened guardrails when most needed. The US continues to resist binding regulation of platforms and AI, threatening tariffs on countries that regulate its tech. The European Union (EU) seeks to set standards through the Digital Services Act and the AI Act, but risks an inward focus at a time when technology is irreducibly transnational. China has seized the moment, exporting surveillance and ‘safe city’ systems worldwide, creating dependencies that pull states into its authoritarian model.
Third, distrust is mounting even among democratic allies. The Federal Trade Commission (FTC) warned US firms that compliance with EU or United Kingdom (UK) tech laws would compromise Americans’ speech rights and privacy, while the EU’s push for digital sovereignty reflects not just a quest for self-sufficiency but also its wariness of US tech firms. Hybrid threats thrive amid unsettled rules and strained partnerships.
Countering them requires moving beyond labels of regime type to the authoritarian use of technology itself. Insights from South and Southeast Asia, where states and civil societies confront these realities daily, offer vital reference points for rethinking hybrid threats and building cross-regional consensus on regulation and resilience.
Lessons from South and Southeast Asia
Here, technologies designed for security or welfare are co-opted for surveillance and control, turning them from episodic disruptions into everyday acts of harm, subtle in form yet severe in impact, which demand long-horizon resilience. Two contradictions explain why meaningful countermeasures remain elusive.
First, states call for “whole-of-society” responses to external hybrid threats while relying on authoritarian uses of technology at home. In India, facial recognition and drones commissioned for security are now commonplace at mass gatherings and have even been proposed for universities, raising concerns about weakened safeguards and the centralisation of sensitive data. In Indonesia, revised cyber and speech laws broaden state authority over dissent. Their replication across borders risks an autocratic osmosis that normalises authoritarian practices and creates vulnerabilities to external exploitation.
Their replication across borders risks an autocratic osmosis that normalises authoritarian practices and creates vulnerabilities to external exploitation.
Second, the line between civic and defence applications is increasingly porous, making regulation difficult. In India, AI-based biometrics pioneered for welfare are being adopted by police. In Vietnam, drones developed for civilian use are now placed under military control, giving the state authority to disable or destroy them. This authoritarian extension of coercive power into civilian technology entangles civilian and military domains, complicates regulation, and creates vulnerabilities that adversaries can exploit as hybrid threats.
This internal-external dynamics materialises across three main modes of technological coercion. 1) Surveillance: In Bangladesh, surveillance and spyware was used against civic and oppositional actors, while reliance on Chinese telecom companies exposes it to risks of external monitoring and targeting. 2) Influence: In Indonesia, organised “buzzer” networks - paid operators amplifying propaganda and disinformation - manipulate domestic discourse; yet the same tools and tactics are available to foreign actors who can target Indonesians with plausible deniability. 3) Disruption: In the Philippines, independent outlets have been targeted by cyberattacks that obstruct reporting, while the government itself suffered disruption when a 2023 ransomware attack on its health insurance programme paralysed services and exposed the data of over 13 million citizens.
Surveillance enables control and targeting; influence manipulates perceptions and choices; disruption erodes confidence in institutions. Distinct in method but unified by the authoritarian use of technology, these practices endure through corporate incentives, citizen compliance, and political rivalries. Building collective resilience therefore requires not only countering individual threats but dismantling the systemic conditions that sustain them.
Surveillance enables control and targeting; influence manipulates perceptions and choices; disruption erodes confidence in institutions.
Collective and Integrated Resilience
South and Southeast Asia, while grappling with the authoritarian use of technology, also offer lessons in collective resilience. Singapore’s Total Defence doctrine and Whole-of-Nation Approach explicitly treats the civil society as a frontline security actor, recognising that defence is not the task of government alone.
Resilience must begin by confronting two contradictions: holding states accountable for authoritarian uses of technology at home, and drawing clearer lines between civilian and military domains. Only then can resilience be collective and integrated, with governments, citizens, and businesses working together to dismantle the ecosystem that sustains hybrid threats.
This requires shared standards and incentives across regions; Europe and Asia already cooperate on cyber defence but must go further to disincentivise authoritarian practices directly. States will not yield coercive powers easily, but they have incentives to do so when access to markets, investment, and reputation depends on aligning with cross-regional standards that strengthen resilience. Resilience must therefore be multifaceted to ensure no single point of failure can be exploited.
- Governance resilience: Platform behaviour must be governed by cross-regional standards. Europe’s DSA seeks to protect rights, while similar laws in South and Southeast Asia often legitimise repression - a divergence that fuels hybrid threats. To prevent emergency powers from drifting into authoritarian use of technology, states must operate under clear limits: emergency measures should be temporary and independently reviewed, and surveillance and biometric systems must be firewalled between welfare and security, with penalties for violations.
- Societal resilience: Citizens are frontline targets of cognitive and repressive threats, so resilience must begin with them. Media literacy should be embedded in education, prebunking scaled across languages and platforms, and safeguards against transnational repression of diasporas integrated into counter-disinformation strategies. Platforms should share real-time data with fact-checkers and civil society, with effectiveness judged by outcomes rather than activity.
- Systemic resilience: Coercive dependencies in infrastructure create strategic vulnerabilities, making protection essential. Procurement rules should prohibit opaque contracts and single-vendor lock-ins, while mandating transparency in design and maintenance. Interoperability matters only if coupled with public, time-bound, and independently verified incident reporting.
- Market resilience: Businesses respond to incentives, not obligations. Instead of layering new regulatory burdens, governments should expand investment support, tax benefits, and preferential procurement for firms developing privacy-by-design tools, secure communications, and open-source infrastructure. South Asia’s spread of secure digital payment systems shows how state support can accelerate innovation at scale. Cross-regional cooperation can extend such models, making “tech for democracy” more profitable than exporting surveillance tools.
- Cross-regional resilience: Hybrid threats cannot be contained within borders, so Asia and Europe must connect complementary strengths. On governance resilience, ASEAN’s joint cybersecurity drills provide a model for independent audits. On societal resilience, Singapore’s Total Defence and prebunking initiatives in the Philippines and Indonesia could be scaled into coordinated, cross-diaspora campaigns. On systemic resilience, harmonised procurement rules could block coercive technologies from entering critical infrastructure. On market resilience, Asia’s digital payment innovations and Europe’s investment in trustworthy AI provide complementary models.
Together, these approaches can reduce dependency, disincentivise authoritarian practices, and protect civil society from state coercion and external aggression. They require a shift in norms and mindsets: to recognise that hybrid threats emerge from both within and without, and that resilience must confront authoritarian uses of technology and the threats they produce wherever they arise.
