Cities as Data: Reflections on AI-Powered Urban Analytics at Geospatial World Forum 2026 Amsterdam, May 2026 : Panel-3

The third session I participated in at GWF 2026 shifted register somewhat away from the explicitly military framing of the earlier panels and toward something that affects a broader audience: how artificial intelligence is being applied to understand, manage, and secure urban infrastructure at scale. The audience was a mix of city planners, defence-adjacent technologists, data scientists, and policy people. That breadth made for a different kind of conversation.

Session 1 carried the title AI-Powered Urban Analytics: Data Science for Infrastructure Intelligence and the framing was deliberately wide. Urban infrastructure is a category that encompasses power grids, water systems, transport networks, telecommunications, public health monitoring, and the physical built environment. The question the session kept returning to was: what does it actually mean to apply AI to something this complex, this consequential, and this hard to fully observe?

---

The Infrastructure Intelligence Problem

Modern cities generate continuous data. Sensors embedded in roads, buildings, utilities, and public spaces produce streams that no human analyst team could meaningfully process at speed. AI-powered urban analytics is the attempt to make that data operationally useful not just archived, but acted upon.

The infrastructure intelligence framing matters because it shifts the goal from description to anticipation. A system that tells you a water main failed is useful. A system that identifies the precursor signatures of failure before it happens is transformative. That gap between reactive monitoring and predictive intelligence is where most of the serious work is being done, and where most of the serious risks live.

---

Bayesian Program Learning for Urban Pattern Recognition

One of the contributions I brought to this session was the relevance of Bayesian program learning as a framework for urban analytics problems. Most deployed urban AI systems are pattern-matchers  they learn from historical data and recognise recurrences. That works well in stable environments with abundant labelled data. Urban infrastructure is neither.

Bayesian program learning approaches the problem differently: rather than learning from volume, it learns programmes structured representations of how things work from very few examples, and generalises from those. In an urban context, this matters when you're trying to reason about rare events: infrastructure failure modes that have only occurred once or twice, novel threat signatures in a utility network, or unusual movement patterns in a city under stress. A purely statistical model trained on normal conditions will miss these. A model that has learned a causal programme for how the system behaves has a better chance of flagging the anomalous.

I raised this not as a deployed solution most urban analytics stacks are nowhere near this but as the direction that serious infrastructure intelligence work needs to move toward.

---

---

Differentially Private Federated Learning Across Urban Sensor Networks

Urban data is politically and legally sensitive in ways that military data is sensitive operationally. A smart city sensor network aggregates information about the movement, behaviour, and patterns of civilian populations. Centralising that data for AI training creates privacy exposure, legal liability, and in authoritarian contexts, a surveillance infrastructure that outlasts its original purpose.

I discussed Differentially Private Federated Learning as the architecture that makes urban analytics viable without those costs. The federated component means models are trained locally at the sensor node, the district server, the utility substation — and only model updates, not raw data, are shared upward. The differential privacy component means those updates are mathematically protected: calibrated noise is added such that no individual data point can be reconstructed from the aggregated model.

The practical implication is that a city can run a shared infrastructure intelligence model across its transport, utilities, and public safety systems without any single entity including the city government itself holding a centralised dataset of resident behaviour. That is not a minor privacy nicety. In a world where urban data infrastructure is increasingly a target, both for criminal actors and for state-level adversaries, it is an operational security consideration.

---

Sovereign AI and Urban Infrastructure

A thread that ran through this session, and one I pushed on, was the question of sovereign AI models in the urban context. Most cities deploying AI-powered analytics are doing so through commercial platforms often built on models trained elsewhere, hosted on infrastructure they don't control, and updated on schedules set by vendors.

The dependency this creates is underappreciated. A city's infrastructure intelligence layer, if it runs on a foreign-hosted model, is a city whose understanding of its own infrastructure is mediated by someone else's system. In peacetime that is a procurement question. In a crisis, a cyberattack, a natural disaster, a period of geopolitical tension, it becomes something more serious.

Sovereign AI in this context doesn't mean every city builds its own foundation model. It means the critical analytical layer that interprets infrastructure data runs on systems that are nationally or regionally governed, auditable, and resilient to external interference. The conversation around this at GWF was notably more advanced among European participants than I'd expected there is genuine policy momentum here, driven in part by the EU AI Act's implications for critical infrastructure AI.

---

---

AI Security Threats in Urban Systems

I flagged AI security threats specifically in the urban analytics context because the attack surface is different from military systems but no less consequential. Urban AI systems make or inform decisions about infrastructure allocation, anomaly response, and resource deployment. An adversary who understands how those systems work has options.

The threat I spent the most time on was adversarial input manipulation crafting sensor data or environmental conditions that cause an urban AI system to misclassify a situation. A power grid anomaly misclassified as normal. A movement pattern misclassified as routine. These aren't hypothetical attack vectors; they are documented in research and increasingly relevant as urban systems become more automated.

Persuasive AI came up in a different register here. In urban planning and infrastructure investment decisions, AI-generated analysis increasingly shapes what decision-makers see and prioritise. A system that surfaces certain patterns, routes certain recommendations, or frames trade-offs in particular ways can subtly steer decisions without any single output being obviously wrong. I raised this not as a conspiracy framing but as a design responsibility: the people building urban analytics systems need to think carefully about how their outputs are presented, what they omit, and whose interests the framing serves. Algorithmic outputs in consequential civic decisions warrant the same scrutiny we'd apply to any other form of expert advice.

---

What the Session Left Open

The honest closing note I'd offer on this session is that urban analytics as a field is at an interesting and slightly uncomfortable moment. The technical capability is running ahead of the governance frameworks. Cities are deploying AI systems for infrastructure management under procurement timelines that don't allow for the kind of adversarial stress-testing, privacy auditing, or sovereign architecture review that the stakes warrant.

GWF brought some of the right people into the same room. Whether those conversations translate into procurement standards, policy frameworks, or architectural requirements at the city level is the harder question and one that won't be answered at a conference.

Series: Geospatial World Forum 2026, RAI Amsterdam | April 27 – May 1

Shielding Digital Borders: On Cyber-Geospatial Convergence at Geospatial World Forum 2026 Amsterdam, May 2026 :Panel -2

The second panel I was part of at GWF 2026 sat at an intersection that doesn't get enough dedicated attention ,the point where geospatial infrastructure meets cyber threat. Most cybersecurity discourse treats location as incidental. Most geospatial discourse treats cyber as someone else's department. Panel Discussion 2 was built on the recognition that this separation is no longer defensible.

Panel Discussion 2: Cyber-Geospatial Convergence Shielding Digital Borders

The framing was precise: geospatial systems and satellite infrastructure are not passive data pipes. They are critical national infrastructure, and they are targeted accordingly. GPS spoofing, satellite uplink jamming, attacks on ground-based GEOINT processing nodes these are not theoretical. They are documented, ongoing, and accelerating. The session brought together people working on the technical, doctrinal, and policy dimensions of this problem.

What made the conversation worth having was the convergence thesis itself: that cyber and GEOINT are now inseparable disciplines, and that defending one without the other is defending half a system.

Protecting Geospatial Systems and Satellite Infrastructure

I opened my contribution by framing the threat landscape in terms of what adversaries actually target. Satellite infrastructure presents a layered attack surface the space segment, the ground segment, and the user segment each carry distinct vulnerabilities. The ground segment is often the weakest: uplink facilities, processing nodes, and the data pipelines feeding downstream users are frequently built on commercial-off-the-shelf components with known vulnerability profiles.

This is where zero-day vulnerabilities become a specific concern. A nation-state adversary with a stockpile of undisclosed exploits targeting GEOINT ground infrastructure can, in principle, corrupt or deny geospatial data at a moment of their choosing not through jamming, which is detectable, but through quiet manipulation of the data itself. I raised this because it changes the threat model: the risk isn't just losing access to geospatial data, it's receiving geospatial data you can't trust.

KASLR bypass came up here in the specific context of processing nodes running geospatial workloads hardened systems that may not be on aggressive patch cycles, where kernel-level mitigations are sometimes the last meaningful layer of defence.

Zero Trust for Critical Defence Networks

The question of how you architect a defence network that handles geospatial data from multiple sources allied feeds, commercial satellite imagery, classified sensor outputs is fundamentally a trust problem. I argued that Zero Trust Architecture is the only coherent answer.


In a traditional perimeter model, once you're inside the network you're largely trusted. In a geospatial defence context, that assumption is catastrophic. Data enters from dozens of sources. Analysts, platforms, and automated systems consume it. A single compromised node or a single poisoned feed propagates through a trusted interior.

ZTA flips the model: no implicit trust, continuous verification, least-privilege access at every layer. Applied to geospatial pipelines specifically, it means every data feed is authenticated, every query is logged, and access to sensitive spatial layers is granted on a need-to-know basis that is enforced technically, not just by policy.

 

 

Privacy Budget and Differential Privacy in GEOINT

One of the more technically nuanced threads in the session involved the tension between intelligence sharing and data exposure. Sharing geospatial intelligence with allied partners is operationally valuable. It is also, without careful architecture, a way of leaking the collection methodology, sensor positioning, and analytical capability of the sharing party.

I discussed differential privacy and the concept of a privacy budget in this context. When you query a geospatial dataset repeatedly asking for patterns, anomalies, movement signatures each query leaks a small amount of information about the underlying data. A privacy budget is a formal bound on how much total leakage is permissible before the queries must be refused or the results degraded. Applied to shared GEOINT environments, it gives you a principled way to enable analytical collaboration without progressively exposing your raw collection.

This connects directly to Zero-knowledge proofs a cryptographic method by which one party can prove to another that a claim about data is true without revealing the data itself. In a geospatial context: proving that a particular asset was observed within a defined area of interest without disclosing the sensor's actual position or the full imagery. I raised ZKPs as an underutilised tool in the GEOINT sharing problem, particularly relevant in coalition environments where full data disclosure is neither politically nor operationally acceptable.

Homomorphic Encryption The Audience Question

One of the more engaged exchanges during the Q&A came after I discussed homomorphic encryption in the context of processing sensitive geospatial data across untrusted or semi-trusted compute environments. The question from the floor was direct: "Is homomorphic encryption actually deployable at the scale and latency that operational geospatial systems require, or is this still fundamentally a research tool?"

It's the right question. My honest answer was: we are in a transitional period. Fully homomorphic encryption which allows arbitrary computation on encrypted data remains computationally expensive at scale. The latency overhead for complex geospatial operations is still significant. However, partially homomorphic and levelled homomorphic schemes, which support a defined set of operations, are moving toward practical deployment in specific high-value use cases. The compelling application in this context is exactly what was described in the network-centric session too enabling a partner nation's analytical layer to query encrypted geospatial datasets without decryption, preserving both data security and analytical utility.

The trajectory is toward deployment. The honest timeline for operational-scale fully homomorphic systems in geospatial pipelines is probably five to eight years for most contexts, with specific constrained applications earlier. That answer generated a follow-up from the same audience member about whether post-quantum readiness of these encryption schemes was being considered in parallel which led neatly into the next thread.

Post-Quantum Cryptography and the Satellite Infrastructure Problem

Satellite infrastructure has a specific post-quantum problem that I wanted to surface in this session. Satellites launched today will be operational for fifteen to twenty years. The cryptographic protocols protecting their command-and-control links, their data downlinks, and their authentication systems are in many cases based on RSA and elliptic curve cryptography both of which are broken by a sufficiently capable quantum adversary running Shor's algorithm.

I discussed Peter Shor's 1994 result not as a historical curiosity but as a planning constraint. If you are designing or procuring satellite infrastructure today, the migration to post-quantum cryptography is not a future problem it is a current design decision. The migration challenges are real: legacy systems with embedded cryptographic assumptions, constrained uplink bandwidth that limits the size of post-quantum key exchanges, and the coordination problem of migrating ground and space segments simultaneously.

Lattice-based cryptography is where the global alignment is converging. NIST's post-quantum standardisation process has weighted heavily toward lattice constructions CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium for digital signatures. I discussed where China, Russia, and the United States are each moving: the US through the NIST process and NSA guidance toward lattice-based standards; China through its own parallel standardisation track with some convergence on lattice methods but with domestic algorithm preferences that create interoperability questions; Russia maintaining a more opaque posture but with known investment in quantum computing research that suggests they are not passive observers. The geopolitical dimension of PQC standardisation who sets the standard, who audits compliance, who controls the reference implementations is itself a dimension of the cyber-geospatial problem.

Countering Hybrid and Asymmetric Threats with Integrated GEOINT

The session's closing thread was perhaps the most strategic. Hybrid threats the combination of conventional military pressure, cyber operations, disinformation, and economic coercion are explicitly designed to operate below thresholds that trigger conventional response. Geospatial intelligence, when properly integrated with cyber situational awareness, is one of the tools that makes hybrid operations legible.

I raised AI security threats in this context specifically the risk that AI-assisted geospatial analysis systems are themselves targets. An adversary who understands that your targeting or pattern-of-life analysis runs through a specific AI model has an incentive to probe and manipulate that model's inputs. Distillation attacks reconstructing a model's behaviour by observing its outputs are relevant here: if your GEOINT-AI pipeline's decisions can be predicted by an adversary, you've handed them a significant operational advantage.

The integration of cyber and GEOINT disciplines isn't just a technical architecture question. It's a question of whether the people who understand satellite vulnerability assessments are talking to the people who understand cryptographic attack surfaces, and whether both groups are talking to the people making doctrine. At GWF 2026, for a few days at least, they were.

Series: Geospatial World Forum 2026, RAI Amsterdam | April 27 – May 1

Previous: Panel Discussion 5 Network-Centric Warfare and Data Centricity Next: Session 1 AI-Powered Urban Analytics: Data Science for Infrastructure Intelligence

Minimalist Data Governance vs Maximalist Data Optimization: Finding the Mathematical Balance for Ethical AI in Government

 🧠 Data and the State: How Much Is Enough?

As governments become increasingly data-driven, a fundamental question arises:

• What is the minimum personal data a state needs to function effectively — and can we compute it?

On the surface, this feels like a governance or policy question. But it’s also a mathematical one. Could we model the minimum viable dataset — the smallest set of personal attributes (age, income, location, etc.) — that allows a government to collect taxes, deliver services, and maintain law and order?

Think of it as "Data Compression for Democracy." Just enough to govern, nothing more.

But here’s the tension:

• How does a government’s capability expand when given maximum access to private citizen data?

With full access, governments can optimize welfare distribution, predict disease outbreaks, prevent crime, and streamline infrastructure. It becomes possible to simulate, predict, and even “engineer” public outcomes at scale.

So we’re caught between two paradigms:

• 🔒 Minimalist Data Governance: Collect the least, protect the most. Build trust and autonomy.
• 🔍 Maximalist Data Optimization: Collect all, know all. Optimize society, but risk surveillance creep.

The technical challenge lies in modelling the threshold:

How much data is just enough for function — and when does it tip into overreach?

And more importantly:

• Who decides where that line is drawn — and can it be audited?

In an age of AI, where personal data becomes both currency and code, these questions aren’t just theoretical. They shape the architecture of digital governance.

💬 Food for thought:

• Could a mathematical framework define the minimum dataset for governance?
• Can data governance be treated like resource optimization in computer science?
• What does “responsible governance” look like when modelled against data granularity?

🔐 Solutions for Privacy-Conscious Governance

1. Differential Privacy

• Adds controlled noise to datasets so individual records can't be reverse-engineered.
• Used by Apple, Google, and even the US Census Bureau.
• Enables governments to publish stats or build models without identifying individuals.

2. Privacy Budget

• A core concept in differential privacy.
• Quantifies how much privacy is "spent" when queries are made on a dataset.
• Helps govern how often and how deeply data can be accessed.

3. Homomorphic Encryption

• Allows computation on encrypted data without decrypting it.
• Governments could, in theory, process citizen data without ever seeing the raw data.
• Still computationally heavy but improving fast.

4. Federated Learning

• Models are trained across decentralized devices (like smartphones) — data stays local.
• Governments could deploy ML for public health, education, etc., without centralizing citizen data.

5. Secure Multi-Party Computation (SMPC)

• Multiple parties compute a function over their inputs without revealing the inputs to each other.
• Ideal for inter-departmental or inter-state data collaboration without exposing individual records.

6. Zero-Knowledge Proofs (ZKPs)

• Prove that something is true (e.g., age over 18) without revealing the underlying data.
• Could be used for digital ID checks, benefits eligibility, etc., with minimal personal info disclosure.

7. Synthetic Data Generation

• Artificially generated data that preserves statistical properties of real data.
• Useful for training models or public policy simulations without exposing real individuals.

8. Data Minimization + Purpose Limitation (Legal/Design Principles)

• From privacy-by-design frameworks (e.g., GDPR).
• Ensures that data collection is limited to what’s necessary, and used only for stated public goals.

💡 Takeaway

With the right technical stack, it's possible to govern smartly without knowing everything. These technologies enable a “minimum exposure, maximum utility” approach — exactly what responsible digital governance should aim for.

Data Protection in a Connected World: Sovereignty and Cyber Security

Data Protection in a Connected World: Sovereignty and Cyber Security from anupriti

Blockchain and Cyber Defense Strategies

 A brief presentation given at Gurugram Police Internship program 2024 #GPCSSI2024 on Blockchain and Cyber Security

Data Sovereignty and Cybersecurity at Indo-Pacific GeoIntelligence Forum 2024

Sharing a small video clip below from my participation at Indo-Pacific GeoIntelligence Forum 2024on Day 2

Data Download with a Privacy Twist: How Differential Privacy & Federated Learning Could Fuel Tesla's China Ambitions

    Elon Musk's surprise visit to China in late April sent shockwaves through the tech world.  While headlines focused on the cancelled India trip, the real story might be about data. Here's why China's data regulations could be the hidden driver behind Musk's visit, and how cutting-edge privacy tech like differential privacy and federated learning could be the key to unlocking the potential of Tesla's self-driving ambitions in China.

Data: The Currency of Self-Driving Cars

    Training a self-driving car requires a massive amount of real-world driving data.  Every twist, turn, and traffic jam becomes a lesson for the car's AI brain.  But in China, data security is a top priority.  Tesla previously faced restrictions due to concerns about data collected being transferred outside the country.

Enter Musk: The Data Diplomat

    Musk's visit likely aimed to secure official approval for Tesla's data storage practices in China.  Recent reports suggest success, with Tesla's China-made cars passing data security audits.  However, the question remains: how can Tesla leverage this data for FSD development without compromising privacy?

Privacy Tech to the Rescue: Differential Privacy and Federated Learning

    Here's where things get interesting.  Differential privacy injects "noise" into data, protecting individual driver information while still allowing the data to be used for training models.  Federated learning takes this a step further – the training happens on individual Tesla's in China itself, with the cars essentially collaborating without ever directly revealing raw data.

The Benefits: A Win-Win for Tesla and China

By adopting these privacy-preserving techniques, Tesla could achieve several goals:

• Develop a China-Specific FSD: Using real-world data from Chinese roads would be invaluable for creating a safe and effective FSD system tailored to China's unique driving environment.
  
  
• Build Trust with Chinese Authorities: Differential privacy and federated learning demonstrate a commitment to data security, potentially easing regulatory hurdles for Tesla.

Challenges and the Road Ahead

    Implementing these techniques isn't without its challenges.  Technical expertise is required, and ensuring data quality across all Tesla vehicles in China is crucial.  Additionally, China's data privacy regulations are constantly evolving, requiring Tesla to stay compliant.

The Takeaway: A Data-Driven Future for Tesla in China?

While the specifics of Tesla's data strategy remain under wraps, the potential of differential privacy and federated learning is clear. These technologies offer a path for Tesla to leverage valuable data for FSD development in China, all while respecting the country's strict data security regulations.  If Musk played his cards right, this visit could be a game-changer for Tesla's self-driving ambitions in the world's largest car market.

Understanding Differential Privacy: Protecting Individuals in the Age of AI

In today's data-driven world, artificial intelligence (AI) is rapidly changing how we live and work. However, this progress comes with a significant concern: the potential for AI to compromise our individual privacy. Enter differential privacy, a powerful tool that strives to strike a delicate balance between harnessing the power of data and protecting individual identities.

What is Differential Privacy?

Imagine a database containing personal information about individuals, such as medical records or financial transactions. Differential privacy ensures that any information extracted from this database, such as trends or patterns, cannot be traced back to any specific individual. It achieves this by adding carefully controlled noise to the data, making it difficult to distinguish whether a specific individual exists in the dataset.

Again for example imagine you're in a crowd, and someone wants to know the average height of everyone around you. They could measure everyone individually, but that would be time-consuming and reveal everyone's specific height.Differential privacy steps in with a clever solution. Instead of measuring everyone directly, it adds a bit of "noise" to the data. This noise is like a small mask that protects individual identities while still allowing us to learn about the crowd as a whole.

In simpler terms, differential privacy is a way to share information about a group of people without revealing anything about any specific individual. It's like taking a picture of the crowd and blurring out everyone's faces, so you can still see the overall scene without recognising anyone in particular.

Here are the key points to remember:

• Differential privacy protects your information. It ensures that your data cannot be used to identify you or track your activities.

• It allows data to be shared and analyzed. This is crucial for research, development, and improving services.

• It adds noise to the data. This protects individual privacy while still allowing us to learn useful information.

Another example : Imagine you're sharing your browsing history with a company to help them improve their search engine. With differential privacy, the company can learn which websites are popular overall, without knowing which specific websites you visited. This way, you're contributing to a better search experience for everyone while still protecting your privacy.

Differential privacy is still a complex topic, but hopefully, this explanation provides a simple understanding of its core principle: protecting individual privacy in the age of data sharing and AI.

Think of it like this

You want to learn the average salary of employees in a company without revealing anyone's individual salary. Differential privacy allows you to analyze the data while adding some "noise." This noise acts as a protective barrier, ensuring that even if you know the average salary, you cannot determine the salary of any specific employee.

Benefits of Differential Privacy

Enhanced privacy protection: Differential privacy offers a strong mathematical guarantee of privacy, ensuring individuals remain anonymous even when their data is shared.

Increased data sharing and collaboration: By protecting individual privacy, differential privacy enables organizations to share data for research and development purposes while minimizing privacy risks.

Improved AI fairness and accuracy: Differential privacy can help mitigate biases in AI models by ensuring that the models learn from the overall data distribution instead of being influenced by individual outliers.

Examples of Differential Privacy in Action

Apple's iOS: Differential privacy is used to collect usage data from iPhones and iPads to improve the user experience without compromising individual privacy.

Google's Chrome browser: Chrome uses differential privacy to collect data on browsing behavior for improving search results and web standards, while protecting the privacy of individual users.

US Census Bureau: The Census Bureau employs differential privacy to release demographic data while ensuring the privacy of individual respondents.

The Future of Differential Privacy

As AI continues to evolve, differential privacy is poised to play a crucial role in safeguarding individual privacy in the digital age. Its ability to enable data analysis while protecting individuals makes it a valuable tool for researchers, businesses, and policymakers alike. By embracing differential privacy, we can ensure that we reap the benefits of AI while safeguarding the fundamental right to privacy.

Remember, differential privacy is not a perfect solution, and there are ongoing challenges to ensure its effectiveness and efficiency. However, it represents a significant step forward in protecting individual privacy in the age of AI.