The Shadow of the Future: Seven Games, One Board
This quarter’s report is a different kind of instrument. Where our Q1 convergence report quantified threat activity, this one steps back to ask a structural question: what actually holds cooperation together between rivals — and what happens when it is taken apart? The answer, drawn from game theory and applied to seven live security domains, is uncomfortable, and it implicates our own choices as much as any adversary’s.
The full analysis reads best as the interactive experience or the 67-page PDF. This page is the executive briefing.

Robert Axelrod showed that cooperation among self-interested rivals survives only where four structural conditions hold: a long shadow of the future, clear signals, enforceable reciprocity, and legible reputation. This special report runs seven security domains — chokepoints, ransomware, cyber attribution, the AI race, the quantum transition, digital identity, and the dollar itself — through those four conditions. No domain keeps all four.
It asks the question the Western frame hides: whose game is this? China plays Go, encircling the board over a long horizon; Russia plays the opponent’s perception of it through reflexive control; the West brings chess to a table where one rival plays Go and the other plays you. For boards, it names the number no one totals — the Defection Premium, the recurring cost of operating without cooperation and the largest unpriced liability in the current risk environment. Written to IC analytic-tradecraft standards, it grades our own Q2 forecasts in the open.
Cyber Threat Landscape
The organising instrument of this report is Robert Axelrod’s finding that cooperation among self-interested rivals survives only where four structural conditions hold: a long shadow of the future, clear signals, enforceable reciprocity, and legible reputation. Run every security domain through those four conditions and a single pattern emerges — the machinery of cooperation is being disassembled, one condition at a time, across chokepoints, ransomware, cyber attribution, the AI race, the quantum transition, digital identity, and the dollar itself.
Rather than threat-group activity, the chart below reads the players: the state actors whose moves are reshaping the board. Their “activity level” here denotes strategic tempo and influence, not incident count — China at the centre supplying influence, Russia weaponising perception, Iran holding the maritime chokepoints, North Korea financing a regime through crypto theft.
The board is not symmetrical. China operates near the centre — the highest strategic tempo — not through incidents but through influence: rare-earth processing, AI, cables, standards. Russia’s tempo reflects reflexive control (playing the opponent’s perception), Iran’s the maritime chokepoints, North Korea’s the Lazarus crypto-theft engine that funded roughly half its missile programme.
Read as “games” rather than sectors, the radar shows no domain retaining all four cooperation conditions. Attribution and the AI race are the most degraded; ransomware is the anomaly — its reputation layer holds because the criminal market enforces it.
The 2026 escalation timeline is the chokepoint doctrine playing out in real time — from the opening strikes through the collapse of the Versailles memorandum to the Hormuz tanker attacks and the weaponisation of the dollar.
The players named above do not act in a vacuum — they occupy a board. Read the emerging alignment as a Go position and the seven games resolve into local fights on one board, with China near the centre.
Geopolitical Assessment
The instrument is a Western object — the Prisoner’s Dilemma, with chess behind it. But the players are not all playing the same game. China plays Go: encircle the board and win by central influence without ever capturing the centre. Russia plays the opponent’s perception of the board through reflexive control. Read the emerging authoritarian alignment — China, Russia, Iran, North Korea — as a Go position, and this report’s seven games resolve into local fights on one board, with China near the centre and the others as stones tying down Western attention.
The map below scores the theatres by strategic pressure, not incident count. The guardrail matters: this is a loose coalition of convenience, not a bloc under Beijing’s command — the stones move themselves.
Holds Hormuz and Bab el-Mandeb; the maritime chokepoint stone, active and priced.
Reflexive control and the Ukraine entanglement; a sacrifice stone that exhausts the West and delivers discounted energy to the centre.
Tengen — the centre. Belt and Road as the moyo; rare earths, AI, cables, standards as central influence.
Lazarus crypto theft funds the regime; the financing stone with no reputation to protect.
Export controls and the weaponised dollar; the reserve-currency guarantor shortening its own shadow of the future.
Regulating the intersections — AI Act, CRA, cloud sovereignty — an attempt to impose clear signals and credible reciprocity on ungoverned space.
A China-aligned counterweight fixing India — a different logic, not part of the revisionist axis.
The pressure clusters along the Eurasian arc — a Go position, not a chessboard. China supplies central influence; the others open local games that stretch Western attention across the whole board. China brokered the Saudi-Iran détente and imports Gulf crude, so its interest in an open Hormuz complicates any 'China wants chaos' reading.
| Alliance | Direction | Key Members | Significance |
|---|---|---|---|
| Axis of Upheaval (CRINK) | REALIGNING | China, Russia, Iran, North Korea | A loose coalition of convenience, not a treaty bloc. China at the centre benefits from independently-placed stones; the alignment is real but its coordination is routinely overstated. |
| Transatlantic (US–EU) | WEAKENING | United States, European Union | Cloud-sovereignty and export-control frictions test the alliance's shadow of the future; the CLOUD Act / FISA reach gives EU customers a rational incentive to hedge away from US-parented providers. |
| Country | Policy | Domain | Impact | Description |
|---|---|---|---|---|
| China | Rare-earth export controls (0.1% extraterritorial content rule) | Chokepoint | HIGH | Jurisdiction asserted over other countries' factories — the chokepoint effect at continental scale, held on the shelf even when paused. |
| United States | Semiconductor export controls (H20→H200 whipsaw) | Chokepoint | HIGH | The compute toolchain as a lever pulled and released on a monthly cadence — a shortening licence half-life. |
| European Union | AI Act — Art. 5 prohibitions (2 Feb 2025); high-risk deferral to Dec 2027 | AI Race | HIGH | An attempt to supply clear signals + credible retaliation; the Digital Omnibus deferral is a walkback of that enforcement. |
| European Union | Cyber Resilience Act (Reg. 2024/2847) | Supply chain | MEDIUM | The EU asserting jurisdiction over the hardware supply chain — security-by-design, SBOMs, reporting from Sep 2026, full obligations Dec 2027; a legibility move onto a market that lacked it. |
| Target | Imposed By | Type | Effective | Impact |
|---|---|---|---|---|
| Russian central-bank reserves | G7 / EU | ECONOMIC | 2022-02 | ~$300B immobilised — the move that revealed the reserve chokepoint and taught the board the dollar is not neutral. |
| Iran (maritime / energy) | United States | SECTORAL | 2026 | Secondary-sanction pressure around Hormuz; the rate at which the West re-demonstrates the chokepoint and teaches the board to route around it. |
The dollar is the largest cooperation equilibrium ever built. Freezing Russia's reserves in 2022 taught the whole board the reserve asset is not neutral — and the slow hedge (gold, alternative rails) is what a shortening shadow of the future looks like before it becomes a fast one.
The geopolitical board and the security games meet at the balance sheet. What the players are really contesting is the cost of cooperation itself — a cost this report names the Defection Premium.
Convergence Analysis
The business argument reduces to a single instruction for the board. Cooperation is an asset being written off the balance sheet without anyone booking the loss. Every time an organisation is pushed into a defection-dominant game — decoupling, zero-trust-everything, pay-or-don’t-pay, ship-fast-or-lose — it pays a Defection Premium: reshoring and diversification capex, cyber-insurance repricing, zero-trust overhead, litigation reserves, the reputation tax, and lost network effects. It is real, already paid, and in almost every organisation scattered across a dozen budget lines owned by no one. A cost no one totals is a cost no one governs.
This report deliberately does not quantify that premium as a single FAIR loss-curve. The honest instrument here is the four-condition diagnostic and the cascade logic below — not a false-precision dollar figure. The forecast panel states the Q3 calls we will be graded on, in the open.
The cascades are not additive but multiplicative. A single weaponisation move — a reserve freeze, a takedown, a false flag — teaches the whole board a lesson that reprices every future interaction. The economic layer is the amplifier.
Attribution is the load-bearing weakness. China supplies central influence while the stones move themselves — confirmed at the influence layer, contested (deliberately) at the operational one. Overstating coordination is the classic error.
At least one further material escalation in a maritime or export-control chokepoint before end-Q3.
Post-takedown fragmentation produces a measurable rise in leak-after-payment and exit-scam incidents.
The EU AI Act high-risk deferral holds or extends, weakening the credible retaliation meant to stabilise the game.
No stable cyber-attribution norm emerges; at least one major cross-border incident remains formally contested.
A fourth consecutive 1,000-tonne year of central-bank gold buying would signal drift tipping toward repricing.
These are the calls the report will be graded on in Q3, each stated as a claim that could be wrong, with the indicator that settles it. If the four-condition diagnostic predicts rather than merely describes, they should hold.
The interactive report and the 67-page PDF carry the full analysis: seven chapters running each game through the four conditions, an interlude on whose game this is, a graded scorecard, and the Q3 forward view.
The diagnosis is only half the work. The constructive half is naming how the four conditions get rebuilt.
Strategic Recommendations
The four conditions can be rebuilt, and naming how is the constructive half of the diagnosis. In the short run the environment shapes the players; in the long run the players shape the environment. Cooperation is not weather — it is infrastructure, built, degradable, and rebuildable.
Lengthen the shadow of the future
Preserve repeated-game structures against the pull toward one-shot anonymity — persistent identity, credible long-term alliances and contracts.
Cooperation becomes rational without anyone being asked to trust, wherever the future is made longer and more certain.
Consolidate the Defection Premium onto one page
Add the reshoring capex, insurance repricing, zero-trust overhead, litigation reserves, reputation tax, and lost network effects into a single number.
A cost no one totals is a cost no one governs — and it is the largest unpriced liability in the current risk environment.
Clean the signal
Attribution you can stand behind, provenance, verification — and in high-noise channels, the generous-strategy discipline: do not escalate on an ambiguous signal.
A reciprocity strategy run over a noisy channel does not deter; it escalates. Petrov held because he could reason about the signal.
Make reciprocity credible and proportionate
A response capability real enough to deter but restrained enough not to escalate on noise — neither pushover nor grudge-holder.
Tit for Tat wins by being nice, provocable, forgiving, and clear — not by hitting hardest.
Protect the reputation layer
Defend the indirect-reciprocity systems — ratings, registries, shared intelligence, certificate trust — that let strangers cooperate at scale.
When the reputation layer is compromised, cooperation loses the memory it runs on. It is load-bearing infrastructure.
Assessment: across every domain — chokepoints, ransomware, attribution, the AI race, the quantum transition, digital identity, and the dollar — the security environment is systematically destroying the conditions Axelrod identified as the requirements for cooperation, and calling it security. That is a decision, not a fate. In the short run the environment shapes the players; in the long run the players shape the environment. Which one we become is still, for now, ours to choose.