Here’s what’s on our plate today:

• 🧪 The router ban, AI infrastructure, and the politics of the last mile.

• ⚡ Pixel 10a, Starmer’s social clampdown, and Bluesky’s feed AI.

• 🧠 Roko’s Brain Snack on mapping the weak links in your network stack.

• 📊 Poll on what the router ban is really about.

Let’s dive in. No floaties needed…

The Laboratory

TL;DR

• The ban is broad, but late: The FCC blocked all new foreign-made consumer routers from entering the U.S., while the devices already sitting in homes remain untouched.

• The security threat is real: Botnets, telecom breaches, and cloud attacks have shown that routers can serve as entry points into far larger systems, including AI infrastructure.

• The policy hits the wrong lever: The biggest attacks exploited old software flaws, not secret hardware backdoors, so banning new imports does little to fix what is already vulnerable.

• The approval process is murky: Foreign manufacturers can apply for exemptions, but with no clear rules or timeline, the system looks more political than predictable.

• The real stakes are infrastructure: Routers sit at the last mile between users and AI systems, and the U.S. still lacks the domestic capacity to replace foreign supply at scale.

The small box at the center of the AI war

Somewhere between the moment a surgeon in Houston pulls up a patient’s imaging on a screen, a financial trade executes in milliseconds in Chicago, and a family in rural Ohio watches a film on a Friday night, there is an infrastructure so pervasive and so invisible that most people live entirely within it without ever thinking about it. The modern world runs on the internet, and the internet runs on a physical layer of cables, antennas, switches, and small blinking boxes that most people walk past every day without a second thought.

This infrastructure is a distributed system built over decades, connecting billions of people and devices into a single functioning network. And like any system that carries something of enormous value, it has become a target.

More than infrastructure

Within the physical infrastructure that enables the internet, many small parts need to work together. In this layer, the router, despite its small size, plays a critical role as the gateway between a private network and the internet. It is responsible for handling everything from IP address assignment to traffic management and access rule enforcement; in essence, every online interaction passes through it.

However, despite its importance, router manufacturing is dominated by a handful of companies, most of which manufacture their devices in Asia. Amongst them, TP-Link, founded in China in 1996, has become the largest supplier of consumer Wi-Fi hardware in the United States, with estimates placing its market share at 31%-65% in 2024.

Other major players, such as Netgear, Linksys, Asus, D-Link, Amazon (Eero), and Google (Nest Wifi), also rely heavily on manufacturing in China, Taiwan, and Vietnam. Overall, it is estimated that China accounts for around 60% of global consumer router production, valued at roughly $15B, about a third of global demand.

The router at the edge of the AI era

While routers are essential for last-mile internet connectivity, their role has grown significantly as artificial intelligence has moved from research labs into everyday life. Since AI systems depend on a continuous, high-bandwidth connection between large data centers and the people using them, routers have been an important cog in systems rapidly changing the fabric of economic activity.

In such a situation, a compromised router not only exposes email or browsing history but also sits at the precise point where everything entering or leaving a network can be observed, copied, redirected, or disrupted. For individual users, this means private communications, financial activity, and personal data are all visible to whoever controls the device. However, for the data centers and cloud services that power AI applications, a network of compromised routers provides a distributed vantage point from which traffic patterns, user identities, and the content of AI interactions can be monitored at scale.

When the network becomes the attack surface

Concerns around data security are far from overstated. In October 2024, Microsoft disclosed details of a botnet it tracked as CovertNetwork-1658, which was largely composed of compromised TP-Link routers. At its peak, the network had over 16,000 active devices that Microsoft attributed to a China-linked actor it calls Storm-0940, which used a botnet to carry out password-spraying attacks against Microsoft Azure customers. The approach was methodical, with just a single login attempt per account per day, carefully calibrated to slip past conventional security detection systems.

The target was not the routers themselves; they were the means. The target was the cloud infrastructure, and the people and organizations connected to it.

A separate Chinese operation, Salt Typhoon, went further. US officials confirmed in late 2024 that Salt Typhoon had breached the networks of nine U.S. telecommunications companies, including AT&T, Verizon, T-Mobile, and Lumen. They reached the wiretapping systems that American law enforcement relies on. It is estimated that Chinese intelligence gained the ability to track millions of Americans’ locations in real time and intercept calls and messages.

By August 2025, the operation had extended to more than 600 organizations across 80 countries. A subsequent US government assessment found that Salt Typhoon had also targeted data centers and residential internet providers, the exact two layers of infrastructure where AI systems are built and used.

Why the U.S. stepped in

Against this backdrop, the Federal Communications Commission on 23 March 2026, added every consumer-grade router manufactured outside the United States to its ‘Covered List’, the regulatory instrument created by the Secure and Trusted Communications Networks Act of 2019 to block equipment deemed an unacceptable national security risk. No new foreign-manufactured router model can now receive FCC equipment authorization, which is the legal prerequisite for importing, marketing, or selling any wireless device in the U.S. Routers already in use are unaffected, as the ban only applies to new models entering the market.

The action followed a White House interagency determination, issued three days earlier, that routers produced in foreign countries pose ‘an unacceptable risk’ to US national security. FCC Chair Brendan Carr cited Chinese-linked groups Volt Typhoon, Salt Typhoon, and Flax Typhoon as the primary justification, pointing to documented operations in which foreign-manufactured devices were exploited to attack households, disrupt networks, conduct espionage, and facilitate intellectual property theft.

However, the ban is not absolute, and a conditional approval pathway exists: manufacturers can apply for an exemption by disclosing their management structure, detailing their supply chains, and committing to a plan that shifts at least some manufacturing to the United States. The application process has no published timeline, no defined approval criteria, and no guaranteed outcome. The only consumer product currently exempt by default is SpaceX’s Starlink Wi-Fi router, which is manufactured in Texas.

The policy is not unprecedented and follows the same trajectory as the 2020 FCC ban, formally designating Huawei and ZTE as covered companies, prohibiting their equipment from U.S. carrier networks, and establishing a $1.9B reimbursement program to help smaller carriers remove and replace the hardware already installed. The 2026 ban extends that logic from named companies to an entire product category defined by its place of manufacture.

A mix of a misdiagnosis

Though the security concerns are real, and years of documented intrusions by American intelligence agencies make a credible case that foreign-manufactured network hardware has been used as a vector for sustained espionage. But the specific design of the March 2026 ban has generated serious and substantive pushback.

The central criticism is that the ban targets the wrong variable. The Salt Typhoon and Volt Typhoon operations that underpinned the FCC’s justification were not carried out through backdoors in Chinese hardware. They exploited documented, publicly known software vulnerabilities in American and Western products. Salt Typhoon used a Cisco router flaw that had sat in the National Vulnerability Database for seven years before it was weaponized, according to Nextgov. Banning new foreign-manufactured routers does nothing to force any manufacturer, American or otherwise, to patch existing vulnerabilities or build more secure firmware. And the compromised devices are already deployed across US networks and will remain there.

A former FCC official quoted by CyberScoop described the order as a ‘big swing’ likely to create ‘more supply chain uncertainty, not less,’ and raised specific doubts about whether it would survive legal challenge, noting a parallel to a court case already contesting a comparable ban on foreign drone components. Critics at Techdirt described the mechanism as ‘legally dubious,’ arguing that expanding the Covered List from named companies to a product category defined purely by geography is a novel use of the statute that has not been tested in court.

Then there is also the practical reality of the market. No domestic U.S. manufacturing capacity for consumer routers currently exists at a meaningful scale. Building it takes three to five years under favorable conditions. In the interim, with the conditional approval process, with its undefined timeline, and opaque criteria, the market may be determined as much by political access as by genuine security assessment.

The timing, and what it signals

The current ban on foreign routers did not come in isolation; it came as the competition between the United States and China over artificial intelligence had moved from academic rivalry to direct geopolitical confrontation.

China’s Digital Silk Road initiative has spent a decade embedding Chinese telecommunications infrastructure across Asia, Africa, and parts of Europe. The U.S. response has been to use regulatory tools to push Chinese hardware out of allied networks, from the Huawei bans through to the current router policy. The router ban extends this effort into the residential tier, the last mile of connectivity, where AI applications are actually used by the people they are built for.

The conditional approval requirement, asking manufacturers to commit to shifting production to the United States, mirrors the logic of the CHIPS and Science Act of 2022, which used federal subsidies to bring semiconductor fabrication back to American soil. Semiconductors attracted bipartisan political will and billions in direct investment. Routers, by contrast, offer no equivalent financial incentive, only market access contingent on a manufacturing commitment that has no clear path to fulfillment. Whether the policy will generate genuine domestic production or simply freeze the market while legal challenges work their way through the courts remains unanswered.

Where the invisible web goes next

The internet that the modern world depends on was built as a distributed system, designed to route around obstacles and keep information moving. For most of its history, the physical devices that carried it were treated as commodity hardware, interchangeable and unremarkable. The router ban marks the formal retirement of that assumption.

In the age of AI, the connection between a home and a data center is no longer just a path for email and video. It is the pipeline through which increasingly consequential decisions flow, medical diagnoses, financial analysis, communications, and the data that trains the systems that will shape future decisions. The router at the edge of that pipeline, the small box that most people ignore, has become a point of genuine strategic importance. The U.S. government has now explicitly stated this in regulatory language.

Whether the specific mechanism chosen, a broad manufacturing ban with a conditional approval process and no timeline, is the right tool for that concern is a question the courts, the market, and eventually the next generation of network infrastructure will answer. What the ban clearly and unambiguously settles is that the internet’s invisible web is no longer politically invisible. Even its simplest components are now contested terrain.

Brain Snack (for Builders)

Quick Bits, No Fluff

• Pixel drops the bump: Google’s Pixel 10a ditches the camera bump, keeps the $499 price, and leans on battery life and a brighter screen rather than major performance gains. 

• UK targets addictive features: Keir Starmer says the UK will have to act on addictive social features like infinite scroll and streaks, especially for younger users. 

• Bluesky builds feed AI: Bluesky’s new Attie app lets users create custom feeds in plain English, with bigger plans to help people build apps on the AT Protocol.

Wednesday Poll

Meme of the Day

The Toolkit

• Pika: Fast, social-first AI video tool built for creators who want quick scenes, effects, and remixable clips without pro editing skills.

• Runway: Higher-end AI video platform for more controlled, cinematic generation and real production workflows.  

• CapCut: Consumer-friendly editing stack with AI video tools, captions, speech features, and templates already built for short-form distribution.

Rate This Edition