The blurring of security categories: how Europe confronts hybrid political violence

Europe’s security landscape is entering a new era, one in which the boundaries between crime, terrorism and warfare are becoming increasingly blurred. From sabotage targeting critical infrastructure to AI-driven disinformation campaigns, hybrid threats are reshaping how political violence unfolds across the continent. As state and non-state actors exploit this growing “grey zone”, the European Union is adapting its security framework to protect democratic institutions, strengthen resilience, and respond to a rapidly evolving threat environment. 

The end of clear-cut conflict

Russia’s military aggression against Ukraine has transformed the European security landscape, creating an environment that is more volatile, complex and fragmented than at any point in recent decades. The traditional distinctions between internal crime, external military conflict and political terrorism no longer provide a clear framework for understanding contemporary threats.

Instead, these categories are converging in what security experts describe as the “grey zone”. Hybrid threats combine coercive and subversive activities, drawing on both conventional and unconventional tools, including diplomatic pressure, economic coercion and technological disruption.

According to the European Union Serious and Organized Crime Threat Assessment 2025 (EU-SOCTA 2025), such activities are often carried out by both state and non-state actors who deliberately operate below the threshold of formally declared warfare, making direct attribution more difficult. This approach, often described as a “woodpecker” modus operandi, relies on persistent, targeted and cumulative disruptions that gradually undermine stability and erode public trust in democratic institutions.

Organized crime as a political tool

At the same time, the very nature of serious and organized crime within the European Union is changing. Criminal networks are increasingly being used as proxies by hybrid threat actors, enabling foreign states to outsource activities such as cyberattacks and sabotage while maintaining plausible deniability.

Although these criminal groups remain primarily motivated by profit, their activities can directly advance the geopolitical objectives of external powers seeking to destabilize the Union. As a result, the boundary between financially motivated crime and ideologically driven violence is becoming less distinct.

Investigations have revealed criminal networks involved in trafficking firearms and explosives that later appear in both organized crime disputes and terrorism-related plots. Meanwhile, the EU Terrorism Situation and Trend Report 2025 (EU TE-SAT 2025) highlights a growing “hybridization” of extremist ideologies. Online communities increasingly connect jihadist terrorism with accelerationism and violent right-wing extremism, creating overlapping networks and narratives that challenge traditional law enforcement classifications.

Information manipulation in the age of AI

Foreign Information Manipulation and Interference (FIMI) has become a central feature of this evolving security environment. Unlike traditional disinformation, which focuses primarily on spreading false information, FIMI is defined by coordinated patterns of deceptive and manipulative behavior carried out by state or non-state actors.

The European External Action Service (EEAS) has identified Russia and China as leading actors in the use of FIMI, employing these tactics to distract, distort and divide European societies. Campaigns such as “Doppelgänger” and “Portal Kombat” have relied on typo-squatting websites designed to imitate legitimate media outlets while promoting pro-Russian narratives.

The rapid development of generative artificial intelligence (AI) is further accelerating this challenge. AI tools enable threat actors to produce convincing propaganda, deepfakes, and malicious code at an unprecedented scale and speed. According to the European Union Agency for Cybersecurity (ENISA), AI-enabled information manipulation remains an evolving threat, but it is already being deployed to influence electoral processes and weaken public confidence in democratic institutions.

The practical application of these technologies is already evident in several alarming cases. Malicious actors have circulated doctored audio recordings in which political candidates appear to admit to election rigging or even endorse their opponents. In November 2023, deepfake videos featuring the then-Ukrainian commander-in-chief were also widely shared in an attempt to manipulate public perception. At the same time, bot networks on platforms such as X (formerly Twitter) and Facebook have begun using Large Language Models (LLMs) to imitate genuine political discussions. These AI-powered accounts engage in automated debates beneath posts from professional media outlets, presenting coordinated messaging as seemingly authentic “personal opinions” to deepen political polarization. Researchers have also identified more than 1,000 AI-generated news and information websites operating with little to no human oversight, created specifically to spread targeted narratives on a massive scale. 

Safeguarding Europe’s critical infrastructure

The rise of hybrid political violence has also brought renewed attention to the resilience of critical infrastructure. Everyday life across Europe depends on a vast network of interconnected systems, from energy and transport to finance and healthcare. These sectors are increasingly exposed to both physical and digital forms of sabotage.

Recent incidents involving underwater gas pipelines and data cables in the Baltic Sea have highlighted these vulnerabilities. Submarine communication cables are particularly critical, carrying 99 percent of intercontinental internet traffic. Any disruption to these networks could produce immediate and far-reaching socio-economic consequences.

The ENISA NIS360 report notes that sectors such as electricity and banking possess a high degree of time-criticality, meaning that the effects of a major disruption would be felt almost immediately throughout the wider economy.

In response, the European Commission has introduced the NIS2 Directive and the Critical Entities Resilience (CER) Directive. Together, these measures aim to harmonize security standards across member states and ensure that essential services can withstand a broad spectrum of threats, ranging from terrorist attacks to state-sponsored sabotage.

Learning the language of power

Faced with these overlapping challenges, the European Union is undergoing what many describe as a strategic awakening. The Strategic Compass for Security and Defence, adopted in 2022, outlines a roadmap for making the Union a more assertive and capable security actor by 2030.

Among its initiatives are the development of a “Hybrid Toolbox” and a “FIMI Toolbox”, designed to provide coordinated mechanisms for detecting, analyzing, and responding to hybrid campaigns. The EU is also working to establish a 5,000-strong Rapid Deployment Capacity capable of responding swiftly to crises, while increasing investment in advanced military capabilities through the European Defence Fund (EDF).

As former High Representative of the Union for Foreign Affairs and Security Policy Josep Borrell has argued, Europe must learn to “speak the language of power” if it is to defend its interests and values in a world where everything from vaccines to technology standards can be weaponized.

Ultimately, the EU’s ability to confront this new era of hybrid political violence will depend on more than military or technological capabilities alone. It will require greater strategic autonomy, stronger partnerships with organizations such as NATO and the United Nations and a whole-of-society approach to resilience capable of withstanding increasingly complex and interconnected threats.