17 Jul AI-Enabled Targeting and the Structural Strain on International Humanitarian Law
[Taylor Kate Woodcock is a researcher in public international law at the T.M.C. Asser Instituut and Jessica Dorsey is an Assistant Professor of International Law at Utrecht University School of Law and Managing Editor of Opinio Juris.]
Four and a half months have passed since the Minab school bombing by United States forces in Iran on 28 February 2026, killing at least 157 people – including 120 school children and at least 26 members of the school’s staff – and wounding at least 95 others. While no official statement has yet been issued by the U.S. Department of Defense (DoD), reporting indicates that artificial intelligence (AI) systems played a role in facilitating this operation. Public debate has largely centered on a narrow question: whether an AI system mistakenly identified a school as a military target. Though understandable, this framing is insufficient as it tends to treat AI-enabled systems as a discrete source of error rather than as part of a broader sociotechnical targeting infrastructure.
In this post, we outline that the main focus should not only be whether AI introduces isolated mistakes into targeting decisions, but also how AI systems amplify and institutionalize existing failures by reshaping the conditions under which military and legal judgment is exercised. The tragic strike in Minab illustrates this dynamic. AI did not necessarily create the faulty intelligence on which the strike was based, but it folded that faulty intelligence into operational decisions at unprecedented speed and scale, while reducing opportunities for the verification that international humanitarian law (IHL) requires. Minab is therefore best understood not as an exceptional failure, but as an illustration of a structural condition: the interaction between outdated or incomplete intelligence and systems designed to accelerate its conversion into operational decisions.
We proceed through this post in four parts. First, we outline the nature of AI systems being used in targeting processes and issues that arise with these. We then turn to the way these systems are shifting cognitive functions in military decision-making before analyzing the Minab school strike in light of our analysis and offering a brief conclusion.
AI systems, probabilistic outputs, and epistemic limits
While AI is touted as enhancing military capabilities and operational efficiency, the use of AI-enabled decision-support systems (DSS) present several risks. Machine learning models used in military contexts, particularly large language models (LLMs), are inherently probabilistic. They generate outputs based on statistical inference rather than grounded verification, meaning their outputs are never fully certain. As a result, a residual error margin is structurally unavoidable. LLMs are also well documented in producing hallucinations, where inaccurate information is confidently presented as truth. These limitations are compounded in high-stakes environments such as targeting, where errors are not merely informational but operational, threatening the ability of militaries to distinguish between lawful targets and protected persons and objects, including civilians, as required by IHL.
One example of such a system is xAI’s Grok, a LLM-based generative AI assistant that incorporates multiple agents to respond to prompts and produce text, images and video based on online and social media data (as an aside, this is the same AI assistant involved in the sexual deepfake scandal earlier this year, where reports found it had been used to produce nonconsensual pornography of girls and women). Grok has been integrated into MSS, an AI-powered Palantir platform used in DoD targeting operations. Alongside reports of the integration of other LLMs such as Claude into MSS in Iran and for the capture of the Venezuelan President, these recent reports of the use of Grok for US operations point to the increasing risk of AI-enabled harm and violations of IHL.
Much has been written on violations of IHL concerning the use of various AI-DSS (see, e.g., some examples here, here, here, here, here and here). Recent reports around the use of Grok and other LLMs are illustrative of the risks of reliance on DSS for IHL compliance. While the Minab bombing has rightly received significant attention, our concern is broader: it illustrates how civilian harm can become normalized when the use of AI-DSS is habitual and institutionalized for targeting in military organizations.
Technical experts have repeatedly warned that such systems are not suited for high-stakes decision-making contexts involving irreversible harm. Similar concerns have been echoed by computer scientists and engineers, researchers, scientists, and other professionals employed at U.S. frontier artificial intelligence laboratories. This reflects a larger problem of structural unsuitability: LLMs are optimized for fluency and pattern completion, not legal reasoning, factual validation, or contextual assessment under IHL. Yet, a focus solely on model limitations risks implicating that this is only a technical problem to be solved. The legal and operational problem does not arise only from AI error rates, but from how these systems are embedded within institutional workflows that depend on incomplete, outdated, or inconsistently maintained data.
The restructuring of military judgment: choice architectures and the erosion of verification
While some may ask whether AI is nevertheless desirable if it outperforms error-prone humans, this ignores that humans interact with AI systems and produce outcomes together. This socio-technical perspective reflects that military operations and resulting harm come about through human-machine interaction. What we are increasingly seeing is that AI-DSS are restructuring human judgment and control in targeting. Three dynamics are central in this restructuring:
Speed: AI compresses decision timelines by rapidly generating, filtering, and prioritizing large volumes of target-relevant information.
Scale: Systems capable of generating or processing thousands of target suggestions within compressed operational windows fundamentally alter the volume of decisions required of human operators. Enhanced speed and scale of capabilities are seen as major incentives for the deployment of AI systems, yet create challenges for human intervention and deliberative judgment, including for legal assessments.
Cognitive outsourcing: Wide integration of AI systems prompts uncritical reliance on outputs presented through integrated platforms with “smart” interfaces incorporating multiple models, including LLMs such as Grok and Claude, using natural language formats that obscure underlying computational complexity. These systems filter and frame information in a way that conditions situational awareness and informs operational targeting decisions.
These conditions are sought out to enhance “operational efficiency”, in the words of the DoD’s chief Digital and Artificial Intelligence Officer, reflecting broad trends towards the quantification logics driving the development of military capabilities. Yet, within AI-mediated targeting under these conditions, errors become harder to detect. Automation bias encourages users to defer to system outputs, particularly when they are presented with high confidence or institutional authority. Additionally, integrated user interfaces conceal multi-layered computational processes, making it difficult for operators to interrogate data provenance or quality. And finally, increased operational tempo reduces the time available for deliberation or cross-checking. Mistakes, whether from a human or technical source, become harder to spot, contest and prevent when conditions of decision-making are shaped through human-AI interaction.
These dynamics collectively produce what can be described as a choice architecture for military decision-making, shaping the conditions under which information is assessed and decisions are made. Within this architecture, human operators are not removed but repositioned: increasingly tasked with ratifying outputs rather than independently interrogating underlying intelligence. This restructuring reduces friction points in the targeting process that can serve to decelerate decision-making enough to interrogate outputs and foreseeable results. We think it important to note that friction is not inefficiency, but rather the affordance of space in which verification, doubt, and legal assessment occur.
This has direct implications for IHL compliance. The obligations of distinction, precautions and proportionality depend on the meaningful capacity to assess, verify, and challenge available information prior to attack. When AI systems reshape decision environments such that verification becomes practically constrained, compliance with these obligations is placed under structural strain.
Minab and AI-DSS propagation of outdated intelligence
From the foregoing analysis, we believe the Minab strike illustrates the interaction between outdated intelligence systems and AI-enabled operational workflows. The public framing of the incident has focused on whether AI misidentified a school as a military object. However, this framing clouds a more fundamental legal problem: the propagation of outdated intelligence within operational databases despite prior knowledge of its deficiencies.
Reporting from the New York Times, Bloomberg and a recent Sky Films documentary indicates that intelligence analysts and personnel with access to Iranian targets within the Modernized Integrated Database, including DoD personnel from the Defense Intelligence Agency (DIA), were aware that elements of the database relevant to Minab were outdated. Concerns regarding the accuracy of the school’s classification had reportedly been raised years earlier, yet the data was not updated
In the documentary, a former DIA target intelligence analyst describes this not as an isolated oversight but as a long-recognized institutional problem. According to his testimony, analysts responsible for maintaining targeting databases routinely warned senior personnel that facility records had gone years without review, despite internal requirements that developed targets be revalidated every three to five years. He further alleges that only a small fraction of the hundreds of thousands of potential targets in Iran had ever been fully developed, and that even these were updated far more slowly than required. While analysts understood that the database was becoming progressively stale, he states that leadership nevertheless regarded the existing level of maintenance as acceptable. If accurate, this testimony suggests that deficiencies in the underlying intelligence were neither unknown nor unforeseeable, but had become normalized within institutional practice.
Under IHL states are required across the conduct of military operations to spare civilians and the civilian populations and those who plan or decide upon attacks must “do everything feasible to verify that the objectives to be attacked are neither civilians nor civilian objects (Article 57, AP I; see also Chapter V, US DoD Law of War Manual). The continued use of known outdated intelligence raises extraordinarily serious questions regarding precautions, showing an abject failure to maintain continuous verification of targeting intelligence over time.
Additionally, under the principle of distinction states are prohibited from launching “indiscriminate attacks” that are not directed at a specific military objective (Article 51(1), API I). Reliance on information known to be outdated to identify targets is arguably not a genuine accident, but reckless disregard towards civilian harm. The whistleblower’s account from the Sky documentary (starting at 34:21) is significant in this respect because it alleges repeated internal awareness that target databases were not being maintained to required standards, coupled with an institutional decision by DIA not to remedy those deficiencies. If substantiated, such evidence would be relevant to whether military authorities knew or should have known that stale intelligence could foreseeably result in civilian objects being treated as military objectives, particularly once AI-DSS accelerated the operational use of those databases, propagate this information and shape choice architectures in targeting.
In this sense, Minab is therefore unfortunately not an anomaly but a manifestation of a structural condition: degraded or stale intelligence propagating within AI-DSS. Once integrated into systems such as MSS, outdated or incomplete data is both preserved and subsequently rapidly operationalized. AI systems can reproduce and disseminate such data at scale, converting latent informational errors into actionable outputs. At the same time, AI reduces the friction through which human operators might otherwise identify and correct such errors. As decision-making becomes faster and more automated, opportunities for interrogation of underlying data diminish, creating a structural mismatch: distinction and verification obligations under IHL assume the existence of meaningful opportunities for human assessment prior to attack, yet AI-enabled workflows compress the time and cognitive space in which such assessment can occur.
Reports suggest that during early phases of recent operations, approximately 5,000 targets were engaged within 96 hours (2,000 of which were generated by Grok), with future DoD ambitions of generating up to 1,000 targets per hour. At this tempo and these scales, problems also become systemic: outdated intelligence, once embedded within automated workflows, can generate large volumes of potentially unlawful targeting decisions before legally required verification is possible.
Knowledge, foreseeability, and responsibility
A further legal dimension concerns knowledge and foreseeability. The lawfulness of attacks facilitated through systems such as MSS, Claude, and Grok ultimately turn on whether these were reasonable assessments according to the standard of a military commander and whether the harm was foreseeable. Where such knowledge exists, failure to act may bear directly on assessments of legality.
Interpretive IHL standards, such as what constitutes a military objective, what precautionary measures are feasible, and whether attacks are proportionate, provide a margin of appreciation to commanders within the bounds of reasonableness. This discretion can nonetheless be shaped by uncritical reliance on AI systems.
A major risk is that AI-mediated acceleration and normalization of high-tempo operations reshapes the baseline against which “reasonable” conduct is judged. If speed, scale, and automated prioritization become operational norms, there is a risk that the threshold for whether attacks harming civilians are truly accidental (and therefore do not violate IHL) and what counts as “feasible precautions” or “excessive” harm is implicitly recalibrated (see here and here). In this sense, the use of AI-DSS risks influencing the conditions under which legal standards are interpreted and applied. This may serve to increasingly expand definitions of reasonableness to cover inflated civilian harm due to the very conditions AI itself creates. This does not however absolve militaries from distinction, precautionary, and proportionality obligations.
A key factor for determining the reasonableness of targeting decisions is knowledge. If the commander knew, or should have known, about the risk of harm (for instance that a school might be incorrectly identified as a target), this impacts the legality of a subsequent attack. In the case of the Minab school bombing, indications outlined above that intelligence analysts had flagged uncertainty about the school suggest that commanders should have known of the risk of harm. Though inadequate communication across military organizations is a preexisting challenge, the integration of systems like MSS, Claude, and Grok exacerbate this problem. By shaping decision-making conditions such that outdated information is propagated and incorrect target identification is hard to spot, verify, and challenge, AI systems undermine IHL protections that require reasonable deliberation based on the information available.
Whilst the principle of distinction may be violated in cases where it can be demonstrated that commanders should have known about this harm, in less clear cases the integration of AI may diffuse responsibility by broadening the scope of harm that is deemed “reasonable” mistakes. By design, the integration of AI systems distributes and obscures informational pathways through which knowledge is formed in an attempt to streamline decision-making. As complexity in human-machine interactions increase, it becomes more difficult to trace what information was available or ignored and how particular judgments were reached. Ultimately, this does not eliminate legal responsibility, but increasingly complicates its attribution.
Conclusion:
From a legal perspective, the tragedy in Minab has further revealed how AI-DSS targeting infrastructures reshape the conditions under which errors are produced, sustained, and operationalized. The ways in which it amplifies and accelerates existing institutional weaknesses by converting degraded or incomplete intelligence into operational decisions at speed and scale should alarm all stakeholders in this space.
As opportunities for contextually appropriate human judgment are reduced, the procedural conditions required for compliance with distinction, precautions, and proportionality are placed under structural strain. Minab is illustrative of this more general transformation in which the friction necessary for legal and factual assessment is being progressively eroded by design, resulting in a targeting environment in which outdated or uncertain intelligence is continuously reproduced as actionable truth. Over time, this risks normalizing civilian harm as an incidental by-product of high-tempo, AI-mediated operations, rather than treating it as a signal of legal and operational failure.
**Author’s note: This piece draws in part from research conducted for one of the author’s PhD dissertation, Human-Machine (Learning) Interactions: War and Law in the AI Era. More information on this research is available from the author upon request (t.woodcock@asser.nl).**

Leave a Reply