Review status: REVISED
Will a treaty or international agreement involving at least five of the G7 nations be signed by December 31, 2027, that establishes a binding prohibition on the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure?
Why this question? The rapid scaling of offensive AI capabilities described in the paper has led to calls for international 'red-lines'. Following the Bletchley and Seoul declarations, a binding treaty would be the next step in global governance. This forecast tracks the move from voluntary norms to binding international law. Fallback source: United Nations Office for Disarmament Affairs (UNODA) Treaty Database.
Paper reference: Section 5: Trendline Functional Form / Discussion - Projections of capability growth and systemic risk.
Question Title: Binding G7 agreement prohibiting autonomous offensive cyber-operations against critical civilian infrastructure Question: Will at least five G7 nations sign a binding international treaty or agreement that prohibits the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure between 10th June 2026 and 31st December 2027 (23:59 UTC)? Background: As of 10th June 2026, international governance of AI in cyber-operations remains centered on non-binding frameworks and voluntary norms. Key milestones include the 2024 REAIM (Responsible AI in the Military Domain) Seoul Summit, which concluded with a non-binding Blueprint for Action supported by over 60 countries. The G7 Hiroshima AI Process has focused on transparency and codes of conduct for generative AI rather than binding restrictions on offensive capabilities. The 2025 G7 Kananaskis Summit in Canada resulted in a Leaders' Statement on AI for Prosperity that emphasized public sector adoption and economic benefits but did not establish a legally binding treaty regarding cyber-warfare or critical infrastructure protection https://www.g7.utoronto.ca/summit/2025kananaskis/index.html. While the 2015 UN GGE report (A/70/174) established a norm that states should not intentionally damage critical infrastructure providing services to the public, this is not a legally binding instrument https://undocs.org/A/70/174. The G7 nations consist of Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States. A transition from voluntary declarations to binding international law would represent a significant shift in the regulation of frontier AI capabilities. Resolution data for international treaties is maintained by the United Nations Office for Disarmament Affairs (UNODA) at: https://treaties.unoda.org/ Resolution Criteria: The question resolves to YES if at least five G7 nations (Canada, France, Germany, Italy, Japan, United Kingdom, and United States) sign a binding international treaty or agreement that prohibits the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure between 10th June 2026 and 31st December 2027 (23:59 UTC). For this question, binding refers to a written agreement governed by international law (e.g., a treaty, convention, or executive agreement) that creates legal obligations for the signatories, distinct from non-binding political declarations or communiques. Critical civilian infrastructure is defined as systems in the energy, water, healthcare, financial services, or telecommunications sectors providing essential services to the public. Autonomous offensive cyber-operations are defined as cyber-attacks where an AI system performs target identification, vulnerability analysis, and exploit delivery without real-time human intervention. Resolution will be determined by official records from the United Nations Office for Disarmament Affairs (UNODA) Treaty Database or the official government treaty gazettes of the signatory nations. If multiple G7 nations sign different agreements, they do not aggregate; at least five G7 nations must sign the same instrument.
As of 10th June 2026, international governance of AI in cyber-operations remains centered on non-binding frameworks and voluntary norms. Key milestones include the 2024 REAIM (Responsible AI in the Military Domain) Seoul Summit, which concluded with a non-binding Blueprint for Action supported by over 60 countries. The G7 Hiroshima AI Process has focused on transparency and codes of conduct for generative AI rather than binding restrictions on offensive capabilities. The 2025 G7 Kananaskis Summit in Canada resulted in a Leaders' Statement on AI for Prosperity that emphasized public sector adoption and economic benefits but did not establish a legally binding treaty regarding cyber-warfare or critical infrastructure protection (https://www.g7.utoronto.ca/summit/2025kananaskis/index.html). While the 2015 UN GGE report (A/70/174) established a norm that states should not intentionally damage critical infrastructure providing services to the public, this was not a legally binding instrument (https://undocs.org/A/70/174). The G7 nations consist of Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States. A transition from voluntary declarations to binding international law would represent a significant shift in the regulation of frontier AI capabilities.
The question resolves to YES if at least five G7 nations (Canada, France, Germany, Italy, Japan, United Kingdom, and United States) sign the same binding international treaty or agreement that prohibits the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure between 10th June 2026 and 31st December 2027 (23:59 UTC). * Legally Binding: For this question, "binding" refers to a written agreement governed by international law that meets the criteria of the Vienna Convention on the Law of Treaties or is explicitly characterized as "legally binding" within its own text. This is distinct from non-binding political declarations, communiques, or voluntary codes of conduct. * Critical Civilian Infrastructure: This refers to systems in the energy, water, healthcare, financial services, or telecommunications sectors providing essential services to the public. An asset is considered civilian if it meets the "predominant use" rule (more than 50% of its capacity or user base is non-military). * Autonomous Offensive Cyber-Operations: This includes operations often referred to as "autonomous weapon systems" or "automated means of warfare" in the cyber domain. These are cyber-attacks where an AI system performs target identification, vulnerability analysis, and exploit delivery without real-time human intervention. * Real-time Human Intervention: This requires a human to review and approve each specific target identification and exploit delivery individually at the moment of execution. * Offensive Operations: Any operation involving the unauthorized access and alteration of systems outside of a nation's own domestic network is considered "offensive" for the purposes of this question. * Same Instrument: This includes a single multilateral treaty or identical text signed as part of a coordinated series of bilateral agreements if they share a common entry-into-force mechanism.
Quality notes: Real-world. This is a high-quality geopolitical question addressing the transition from voluntary norms to binding international law. It is difficult and high-entropy, as current international consensus is limited to non-binding declarations like the 2024 REAIM 'Blueprint for Action' and the Bletchley/Seoul declarations. Current SOTA: No binding treaty prohibiting AI in cyber-operations exists; discussions remain in the 'norms-building' phase at the UN GGE and OEWG levels. The specific threshold (5 of 7 G7 nations) provides a clear, resolvable metric.
Ambiguity notes: 1, 5. The terms 'binding,' 'critical civilian infrastructure,' and 'autonomous offensive cyber-operations' are exceptionally well-defined with enumerated lists. The non-aggregation clause in the criteria is a high-quality detail. Minor risk: the distinction between 'signing' and 'ratification' for treaties, though the definition of 'binding' (creating legal obligations) helps clarify. Main risk: a treaty signed but not yet in force. Most important fix: specify if 'entry into force' is required or if 'signature' of a binding-type instrument suffices.
Assessment: NEEDS_REVISION Edge-case risk: HIGH
ASSESSMENT: NEEDS_REVISION REVIEW: The question is well-structured but contains three substantive issues that would hinder effective forecasting: 1. Resolution Source Mismatch: The UNODA Treaty Database is explicitly focused on 'multilateral Arms Regulation and Disarmament Agreements' https://treaties.unoda.org/. A binding agreement signed by 'at least five G7 nations' (a plurilateral or minilateral agreement) is unlikely to be deposited with the UNODA unless it is part of a broader UN-recognized multilateral disarmament framework. Most G7-specific binding agreements or executive agreements would instead be found in the broader UN Treaty Series (UNTS) or individual national treaty gazettes. Relying on UNODA as the primary source creates a high risk of a 'NO' resolution simply because the document is not in that specific disarmament-focused database. 2. Legal vs. Technical Terminology: The definition of 'autonomous offensive cyber-operations' (requiring no 'real-time human intervention') is a technical specification common in AI ethics but rare in international law. A binding treaty is more likely to use terms like 'autonomous weapon systems' or 'automated means of warfare.' If a treaty is signed that prohibits 'autonomous cyber weapons' without using the specific technical threshold of 'real-time human intervention,' it would create significant ambiguity for the resolution judge. 3. Diplomatic Feasibility and Norms: While the background correctly notes the 2025 Kananaskis Summit outcomes https://www.g7.utoronto.ca/summit/2025kananaskis/index.html, it misses the significant diplomatic hurdle: G7 nations, particularly the US and UK, have historically resisted binding treaties in the cyber domain, preferring voluntary 'norms of responsible state behavior' like those in the 2015 UN GGE report https://undocs.org/A/70/174. Given that the 2025 summit remained non-binding, the shift to a binding treaty for 5+ G7 nations by 2027 is a 'hard NO' scenario for experts (median forecasts for authorized autonomous cyber operations often reach into the 2040s). The background information regarding the 2025 G7 Kananaskis Summit and Prime Minister Mark Carney is consistent with the provided timeline https://www.g7.utoronto.ca/summit/2025kananaskis/index.html. However, the 2015 UN GGE report mentioned as a baseline does not contain the terms 'autonomous' or 'AI' https://undocs.org/A/70/174. EVIDENCE: https://treaties.unoda.org/ https://www.g7.utoronto.ca/summit/2025kananaskis/index.html https://undocs.org/A/70/174 https://leap.forecastingresearch.org/reports/wave5 SUGGESTION: 1. Replace the resolution source 'UNODA Treaty Database' with the 'United Nations Treaty Series (UNTS)' or a requirement that the agreement be published in the official treaty series of at least five signatory G7 governments. 2. Broaden the definition of the prohibition to include any binding agreement that explicitly targets 'autonomous' or 'AI-driven' cyber weapons/operations, or allow for resolution based on a consensus of international law experts if the treaty language is functionally equivalent to the technical definition. 3. Consider changing 'binding international treaty' to include 'binding joint commitment with a specified verification or monitoring mechanism' to better reflect likely diplomatic paths.
OVERALL_RISK: HIGH SCENARIO: Five G7 nations sign a "Joint Program of Action" that includes mandatory language like "nations shall prohibit," but the document is not registered with the UN Treaty Series and is described by a signatory's spokesperson as a "solemn political commitment" rather than a treaty. SEVERITY: HIGH FIX: Add a requirement that the agreement must be legally binding under the criteria of the Vienna Convention on the Law of Treaties or be explicitly characterized as "legally binding" in its own text. SCENARIO: An AI system identifies and attacks a series of targets over several hours based on a single initial "fire-and-forget" human command, leading to disagreement over whether the human's initial click counts as "real-time intervention." SEVERITY: MEDIUM FIX: Define "real-time human intervention" as requiring a human to review and approve each specific target identification and exploit delivery individually at the moment of execution. SCENARIO: The US, UK, Canada, France, and Germany sign separate but word-for-word identical bilateral agreements with a shared international body, rather than all five signing a single multilateral document. SEVERITY: MEDIUM FIX: Clarify that "same instrument" includes identical text signed as part of a coordinated series of bilateral agreements if they share a common entry-into-force mechanism. SCENARIO: A G7 nation deploys an autonomous AI agent that enters a foreign network to "delete" malware before it can be triggered, arguing this is a "non-offensive active defense" operation rather than an "offensive" operation. SEVERITY: HIGH FIX: Explicitly state that any operation involving the unauthorized access and alteration of systems outside of a nation's own domestic network is considered "offensive" for the purposes of this question. SCENARIO: An autonomous AI attack targets a major regional telecommunications hub that is used primarily by civilian residents but also hosts dedicated secure lines for a nearby military base. SEVERITY: HIGH FIX: Define "critical civilian infrastructure" using the "predominant use" rule, where an asset is considered civilian if more than 50% of its capacity or user base is non-military.
Question Title: Binding G7 agreement prohibiting autonomous offensive cyber-operations against critical civilian infrastructure Question: Will at least five G7 nations sign a binding international treaty or agreement that prohibits the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure between 10th June 2026 and 31st December 2027 (23:59 UTC)? Background: As of 10th June 2026, international governance of AI in cyber-operations remains centered on non-binding frameworks and voluntary norms. Key milestones include the 2024 REAIM (Responsible AI in the Military Domain) Seoul Summit, which concluded with a non-binding Blueprint for Action supported by over 60 countries. The G7 Hiroshima AI Process has focused on transparency and codes of conduct for generative AI rather than binding restrictions on offensive capabilities. The 2025 G7 Kananaskis Summit in Canada resulted in a Leaders' Statement on AI for Prosperity that emphasized public sector adoption and economic benefits but did not establish a legally binding treaty regarding cyber-warfare or critical infrastructure protection (https://www.g7.utoronto.ca/summit/2025kananaskis/index.html). While the 2015 UN GGE report (A/70/174) established a norm that states should not intentionally damage critical infrastructure providing services to the public, this was not a legally binding instrument (https://undocs.org/A/70/174). The G7 nations consist of Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States. A transition from voluntary declarations to binding international law would represent a significant shift in the regulation of frontier AI capabilities. Resolution Criteria: The question resolves to YES if at least five G7 nations (Canada, France, Germany, Italy, Japan, United Kingdom, and United States) sign the same binding international treaty or agreement that prohibits the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure between 10th June 2026 and 31st December 2027 (23:59 UTC). * Legally Binding: For this question, "binding" refers to a written agreement governed by international law that meets the criteria of the Vienna Convention on the Law of Treaties or is explicitly characterized as "legally binding" within its own text. This is distinct from non-binding political declarations, communiques, or voluntary codes of conduct. * Critical Civilian Infrastructure: This refers to systems in the energy, water, healthcare, financial services, or telecommunications sectors providing essential services to the public. An asset is considered civilian if it meets the "predominant use" rule (more than 50% of its capacity or user base is non-military). * Autonomous Offensive Cyber-Operations: This includes operations often referred to as "autonomous weapon systems" or "automated means of warfare" in the cyber domain. These are cyber-attacks where an AI system performs target identification, vulnerability analysis, and exploit delivery without real-time human intervention. * Real-time Human Intervention: This requires a human to review and approve each specific target identification and exploit delivery individually at the moment of execution. * Offensive Operations: Any operation involving the unauthorized access and alteration of systems outside of a nation's own domestic network is considered "offensive" for the purposes of this question. * Same Instrument: This includes a single multilateral treaty or identical text signed as part of a coordinated series of bilateral agreements if they share a common entry-into-force mechanism. Resolution Source: Resolution will be determined by official records from the United Nations Treaty Series (UNTS) or the official national treaty gazettes/series of the signatory nations (e.g., the U.S. Treaties and Other International Acts Series (TIAS), the UK Treaty Series, or the Canada Treaty Series). If official records are delayed, a consensus of reports from at least three major international news agencies (e.g., Reuters, AP, AFP) explicitly stating that a binding treaty has been signed by the required number of G7 nations will suffice.
Summary The probability of at least five G7 nations signing a binding international treaty prohibiting the use of AI for autonomous offensive cyber-operations against critical civilian infrastructure by the end of 2027 is exceptionally low. International governance of artificial intelligence and military cyber-operations remains firmly rooted in non-binding frameworks and voluntary norms. Recent multilateral milestones, such as the REAIM 2026 Summit, the 2026 G7 Cybersecurity Working Group Declaration, and the G7 Digital and Technology Ministerial Declaration, consistently yield political declarations and unenforceable guidelines rather than legally binding commitments REAIM 2026 press release – Stop Killer Robots European Commission welcomes G7 cybersecurity declaration to ... G7 Digital and Technology Ministerial Declaration: 29 May 2026. The one existing binding AI instrument, the Council of Europe AI Framework Convention, explicitly excludes national security and defense matters from its scope, clearly demonstrating the international reluctance to regulate military AI capabilities International AI Treaty - Center for AI and Digital Policy https://rm.coe.int/1680afae3c. Furthermore, there is currently no active negotiation track, mandate, or proposed draft text aimed at establishing a treaty that matches the precise scope of autonomous cyber-operations against civilian infrastructure. Additionally, achieving the required threshold of five G7 signatories faces overwhelming geopolitical barriers. The United States—a critical G7 member and dominant cyber power—has actively and consistently opposed binding international restrictions on autonomous systems. US policy argues that existing International Humanitarian Law is sufficient and explicitly prioritizes domestic, voluntary innovation over restrictive international regulation Human Responsibility Retained: U.S. Positions on Judgment and ... Promoting Advanced Artificial Intelligence Innovation and Security Promoting Advanced Artificial Intelligence Innovation and Security. Without US participation, securing a minimum of five signatures from the remaining six G7 states is practically impossible, especially given that nations like the UK have shown similar reluctance toward binding constraints AI Regulations around the World - 2026 - Mind Foundry. Finally, multilateral treaty-making is a consensus-driven, notoriously slow process. Drafting, negotiating, and signing a highly specific, novel international treaty within an 18-month window is fundamentally misaligned with historical diplomatic timelines Lethal Autonomous Weapons Systems & International Law. Even if the political will existed, the strict definitional thresholds required by the resolution criteria make an affirmative outcome highly improbable. Strongest Arguments for Yes - A catastrophic, highly visible AI-enabled cyber-attack on critical civilian infrastructure (such as a power grid or financial network) could bypass typical diplomatic gridlock, creating extraordinary urgency and public pressure that forces states into rapid treaty-making. - The UN Secretary-General has repeatedly called for a legally binding instrument regarding autonomous weapons systems by 2026 Secretary-General's remarks to the Security Council on Artificial ... [[PDF] A New Agenda for Peace - the United Nations](https://www.un.org/climatesecuritymechanism/sites/default/files/2025-06/our-common-agenda-policy-brief-new-agenda-for-peace-en_0.pdf) https://disarmament.unoda.org/index.php/en/our-work/emerging-challenges/lethal-autonomous-weapon-systems. If diplomatic pressure successfully overcomes current resistance, these negotiations could theoretically expand to cover cyber-operations, offering a pre-existing multilateral vehicle. Strongest Arguments for No - The international governance landscape remains strictly non-binding; outcomes like the REAIM 2026 summit and UN cyber discussions continue to produce only voluntary guidelines REAIM 2026 press release – Stop Killer Robots REAIM 2026 press release – Stop Killer Robots https://disarmament.unoda.org/en/our-work/emerging-challenges/developments-field-information-and-telecommunications-context. - The United States actively opposes binding international restrictions on autonomous systems, prioritizing voluntary domestic frameworks and existing law Human Responsibility Retained: U.S. Positions on Judgment and ... Promoting Advanced Artificial Intelligence Innovation and Security Promoting Advanced Artificial Intelligence Innovation and Security. - Fully autonomous cyber-attacks do not yet technically exist, drastically reducing the immediate urgency for states to adopt binding prohibitions on capabilities that have not fully matured International AI Safety Report 2026. - Multilateral diplomacy is notoriously slow; the 18-month timeframe is far too brief for states to conceptualize, negotiate, and sign an unprecedented treaty with highly specific definitional requirements. Key Uncertainties - Severe Cyber Shocks: A devastating AI-driven attack against vital public services could dramatically alter the political landscape, potentially compressing a decades-long treaty process into mere months and significantly increasing the likelihood of an agreement. - Changes in US Policy: A sudden shift in US diplomatic posture toward supporting legally binding AI restrictions would alter the broader G7 calculus, lowering the threshold for other states to sign and vastly increasing the probability of a treaty. - Adaptation of Existing Treaties: In the highly unlikely event that existing autonomous weapons discussions rapidly shift to encompass strict cyber domain definitions and predominant-use infrastructure rules, it could provide an accelerated path to a binding agreement.
Resolution would indicate a major pivot from voluntary norms (Bletchley/Seoul) to binding international law, significantly constraining military/intelligence AI doctrine among the world's most capable cyber powers. Not a benchmark question.
Pipeline: 1% → Fable 5: 1% AGREE
The question is well-constructed: 'binding' is operationalized via the Vienna Convention, definitions for autonomy, civilian infrastructure, and 'same instrument' are precise, and resolution by signature (not ratification) is clear. The 1% estimate is well-calibrated, possibly even slightly generous. Base rates strongly support a very low probability: multilateral security treaties typically take 5-10+ years from negotiation mandate to signature, and as of mid-2026 no treaty negotiation on this subject has even been proposed, let alone opened. The US has consistently opposed binding cyber-warfare instruments (rejecting calls for a 'Digital Geneva Convention'), preferring voluntary norms (UN GGE, REAIM Blueprint). G7 outputs are structurally communique-based; the G7 has essentially never produced a binding treaty among its members. The CoE AI Convention's explicit national-security carve-out confirms states' reluctance to bind military AI. A dramatic catalyst (e.g., a catastrophic AI-driven attack on civilian infrastructure) could accelerate matters, but even then an 18-month path from shock to signed binding treaty among 5+ G7 states is nearly unprecedented. I'd put it at 0.5-1.5%, consistent with the pipeline's 1%.