WIREDGOV

Private military and security companies are recasting conflict as a marketplace. The centre of gravity has shifted from security services to capability and data control. Ukraine provides the clearest illustration of how that shift plays out in practice.

The commercialisation of conflict is no longer a subtext – it is the text. Since the 1990s, private military and security companies (PMSCs) have evolved from manpower providers to system integrators and data brokers, expanding alongside a decade of rising global military expenditure that reached a record $2.718 trillion in 2024. But this is not only about drones, boots and battlefield hardware. Increasingly, the privatisation of conflict extends to the digital sphere, where software, surveillance and cyber intrusion are becoming tradable assets. As with drones, the key question is no longer who fires the shot, but who owns the system that makes it possible.

The commercial logic is clear and unsettling: protracted, lukewarm conflicts create time and space for iteration and scale, making them attractive laboratories for investment and innovation when oversight is thin.

Cyber Mercenaries: The Invisible Layer of Ukraine’s Battlespace

Conflict is no longer waged solely with boots, bullets or drones. It is now engineered in code, outsourced through contracts, and monetised by private actors offering digital force as a service. Ukraine has become the most advanced laboratory for this shift. Private Sector Offensive Actors (PSOAs) or cyber mercenaries are commercial entities that develop and sell intrusion tools, spyware and offensive cyber capabilities to governments and clients, who then select targets and operate the tools independently.

‘Cyber mercenary’ concept itself remains contested. In the Ukrainian context, this ambiguity is not incidental, it is strategic. Some actors operate as state-aligned proxies, others are ideologically motivated or simply commercially driven. Yet most operate outside formal military command chains, making lines of responsibility blurry. Many of these operations take place under, or with the tacit approval of, state contracts or sponsorship, while others act with greater autonomy, a spectrum that complicates efforts to assign accountability.

Ukraine’s digital battlespace has been particularly shaped by Distributed Denial of Service (DDoS) attacks, phishing campaigns, malware deployment and information operations, many attributed to Russian-aligned groups like Killnet, NoName057(16), and Sandworm, which operate in coordination with, but often outside, formal state infrastructures. On the defensive front, Ukraine’s IT Army, a volunteer cyber force, has also conducted attacks on Russian digital infrastructure, raising questions about legal status, accountability, and escalation thresholds.

These dynamics mirror what has already been observed in the kinetic sphere. The commercialisation of cyber intrusion follows the same logic: those who control platforms and datasets shape the terms of access, as well as the boundaries of accountability.

Ukraine: The Laboratory of the Industry of Conflict

Other tech and security contractors are also boosting this venture-backed autonomy within the Ukrainian battlespace. Former Google CEO Eric Schmidt has been quietly financing White Stork, an AI-drone venture conceived to operate in GPS-denied, electronic warfare (EW)-saturated environments, a design brief written by Ukraine’s electronic-warfare reality. Among these advancements is the normalisation of kamikaze drones as core components of modern warfare.

This surge is far bigger than any single investor or demonstration. Building on Ukraine’s role as both a geostrategic flashpoint and marketplace, a wider wave of actors – particularly veteran-founded start-ups and other investors across Europe – has converged at speed, driving an investment surge of 500% to $5.2 billion in 2024, with more than 80 start-ups now active.

Funders are explicit: Ukraine is the world’s biggest defence live lab.

It is also treated as a battlefield certification regime: Skyeton’s Raybird, a UK–Ukraine joint venture that aims to produce drones for Western forces has logged 350,000 flight hours. Other examples such as Darkstar bootcamps, pair founders with Ukrainian units to compress the cycle from prototype to purchase order, and Auterion will supply 33,000 AI ‘strike kits’ to Ukraine under a Pentagon contract. Most of these programmes remain tied to state funding or procurement channels, even as start-ups gain unusual freedom to test and iterate on the battlefield. This mix of public sponsorship and commercial agility is what allows Ukraine to function as both a strategic theatre and a venture laboratory.

Ukraine’s drone industry has expanded from a handful of firms to over 500 mostly private manufacturers, yet export is constrained as wartime needs take priority, revealing how state and market co-evolve under fire.

One thing is clear: States move at the pace of committees and start-ups pivot at the pace of spreadsheets. The longer a conflict endures, the richer the datasets and the stronger the commercial case for advanced iterative autonomy and EW. Ukraine’s live lab is therefore not a by-product but becoming a structural feature of the modern market for conflict.

This same live-lab logic is reshaping the contractors themselves. PMSCs are no longer just guards and trainers, they are also becoming systems integrators that bundle drones, electronic warfare and data services into fully functional products and services that are ready for immediate use by the client, moving faster, backed by far more capital, than today's oversights framework.

Click here for the full press release