Over aeons, necessity has bred invention and there is no greater necessity than comfort. The growth of AI, particularly generative AI, in the past few years has revolutionised industries and has allowed humans to imagine a future free from laborious tasks that are repetitive and unimaginative in their nature. Virtual assistants and chatbots such as GPT-4, Gemini, BARD, etc., are continuously evolving and accelerating digital transformation at an unforgiving pace. Moreover, cloud-based services such as AI-as-a-service (AIaaS) that offer AI outsourcing, are increasing the scope of their models to provide accessible AI solutions. This enables businesses, governments, and individuals to leverage powerful AI tools without needing extensive in-house expertise. AIaaS represents an opportunity to drive economic progress in a country like Pakistan, which has a growing tech sector and promises to transform sectors ranging from education to healthcare. This phenomenon is owed to companies vying for a competitive advantage by incorporating AI within their product. This allows them to reduce operational costs, handle increased demand without infrastructure investments, and improve user experience by offering customised assistance. AI is marketable not only because it is new, but because it offers advanced functionalities to improve quality of life and as is the case with anything good, there are conditions that invariably accompany it. To achieve this, huge amounts of data are being processed to improve its algorithm, which may be personal and sensitive, and subject to data breaches. This raises questions about the implications of AI on national security, especially when there is no defined AI policy within the national framework. There is no mention of or plans for any amendment to include AI in the Pakistan Cloud First Policy. AI technology has the ability to train and improve its algorithm through a vast amount of data. This data is stored and processed on servers that are mostly not localised. These data centres are predominantly in countries like the United States and China. This reliance on foreign data centres can lead to concerns over data sovereignty. Sensitive information, including personal data of citizens, governmental records, and corporate secrets, could be breached and manipulated by states seeking to upset foreign relations, to gain an upper hand, or to interfere in domestic politics. The potential for data surveillance and unauthorised data access becomes a pressing national security threat. Cybercriminals and state-sponsored actors can easily exploit vulnerabilities in AI systems to launch attacks, disrupt services, or steal sensitive information. In AIaaS, the interconnectedness of cloud services means that a breach in one system could have a domino effect, crippling critical services and undermining public trust. In 2024, cyber-attacks on government agencies, tech giants, defence wings, have exponentially increased, with notable incidents such as the Russian hackers launching phishing attacks against German political parties or breaking into the emails of Germany’s Social Democrats. These are just two examples out of many data breaches that have compromised national security over the past 6 months alone. As Pakistan continues to move in the direction of AI integration in its business sector as well as its critical infrastructure, Pakistan must adopt regulatory frameworks that inhibit the misuses of AI. Currently, there is no mention of or plans for any amendment to include AI in the Pakistan Cloud First Policy. Robust data protection measures need to be put in place to safeguard personal information used by AI systems. This includes compliance with data protection laws such as General Data Protection Regulation (GDPR), enacted by the European Union. Moreover, building domestic AI capabilities can reduce dependency on international providers. Encouraging local innovation through investment in AI research and development, supporting start-ups, and fostering partnerships between academia, industry, and government can create a self-sustaining AI ecosystem. Even more importantly, centralised ethics committees and review boards need to be built to set ethical guidelines and oversee the development of AI technologies. The rise of AI presents many opportunities for Pakistan, and with it comes many challenges. While AI can drive economic growth and innovation, it also poses significant risks to national security if allowed to remain ungoverned. By strengthening cyber security, developing domestic AI capabilities, and establishing regulatory frameworks, Pakistan can reap the benefits of AI technology while safeguarding its national interests. The future of AI in Pakistan depends on an approach that embraces technological advancements while prioritising security and sovereignty. The writer is a researcher at the Centre for Aerospace and Security Studies (CASS), Lahore. She can be reached at info@casslhr.com