In the months before Russia’s February 2022 invasion of Ukraine, the U.S. Intelligence Community did something remarkable. It got the call right—and said so out loud, rather than only in classified internal documents.
Intelligence assessments identified the likely invasion, the timing window, and plausible operational scenarios with a level of confidence the IC rarely displays outside classified channels. The CIA director flew to Moscow to deliver the warning directly. Intelligence was declassified at a pace and volume rarely seen in modern American practice. By any fair measure, the warning was a success.
Yet the policy response did not match the clarity or urgency of the warning.
That is the Warning Paradox: the recurring pattern in which intelligence correctly anticipates strategic events, but institutions fail to convert warning into preventive action before the forecast becomes a crisis.
My experience during the run-up to the Ukraine invasion showed that the Warning Paradox is not inevitable. The corporate intelligence team I led at the time reached the same conclusion. My team’s pre-invasion assessment correctly identified the likely move, the timing window, and the implications for our people, facilities, and supply chains across the region. The Wall Street Journal later documented that work on the front page of its December 12, 2022, print edition. Our assessment placed the start of hostilities within the twenty-four-hour window in which the invasion ultimately began.
Decision-makers took the warning seriously. Contingency posture was raised. People were moved. By the time Russian tanks crossed the Ukrainian border, the enterprise was in a defensible position. On the corporate side, our warnings translated into action.
The policy response in governments around the world, however, did not match the clarity or urgency of the warning.
Although sanctions planning was underway before the invasion, the most consequential measures were imposed only after Russian forces crossed the border. Lethal aid to Kyiv increased substantially only after the invasion became reality, not while it remained a contested forecast. Alliance posture stiffened in response to the war rather than in anticipation of it. The warnings were correct and early. The response was neither.
Ukraine was not an anomaly. It was one of the clearest recent examples of the Warning Paradox: intelligence got the threat right, but institutions failed to act with the urgency of the warning.
The August 6, 2001, Presidential Daily Brief did not produce a different September 11th outcome. The accumulating signal on Hamas before October 7, 2023, did not produce a different response inside the Israeli system. Crimea in 2014, COVID-19 in late-2019/early 2020, and the Afghan collapse in 2021 are each, in their own way, variations on the same theme. These cases differ in scale, context, and institutional setting. However, they point to the same recurring failure that warnings can be analytically valid and still die before they become a decision. A correct warning is not a sufficient condition for preventive action.
The bottleneck is rarely analytical. Intelligence producers often identify emerging threats with more accuracy than later public narratives allow. The gap persists between what the intelligence community sees and what the policy customer can absorb, decide on, and act on under uncertainty. That gap is structural. It persists for three reasons that appear to be features of the system, not bugs.
First is the asymmetric cost of acting on a warning that does not materialize. A policymaker who acts on a high-confidence warning that turns out to be wrong pays a visible, attributable price, often in squandered political capital, damaged relationships, or the “cried wolf” label. A policymaker who fails to act on a warning that turns out to be right pays a price too, but it is diffused across the system, shared with predecessors and peers, and absorbed by the institution rather than the individual. The incentive structure does not reward preventive boldness. It rewards explainable caution. Until that asymmetry is acknowledged and consciously offset, intelligence will continue to land in front of consumers whose private calculus rewards waiting over action.
Second is the consumer literacy gap: the uneven ability of decision-makers to understand probabilistic warnings and convert them into action. Intelligence is a product designed for a customer. Yet the customer is often a decision-maker whose training in absorbing probabilistic warnings is uneven at best. “We assess with high confidence” is a precise analytic statement; the structures to translate it into a specific decision tree, a sequenced set of preventive moves, and a named owner are not consistently present on the consumer side. This is less a criticism of individual policymakers than of the system around them, one that has invested heavily in producing intelligence and very lightly in building the institutional muscle memory to both receive and act upon it. The same pattern repeats in the corporate world. Boards are briefed on threats they could not, if asked, translate into a Monday morning action item.
The third is the governance gap between warning and decision. Inside both government and large corporate enterprises, no single office holds the authority to convert warnings into preventive action. The intelligence producer’s job ends with the warning. The policymaker’s job begins with a decision. The implementer’s job begins at execution. Between warning and decision is a coordination space nobody owns by name. This is the same governance gap that organizational risk practitioners describe in different vocabulary, and it is the most consistent reason correct intelligence fails to produce appropriate preventive action.
After nearly three decades in the Intelligence Community, including fourteen years at the Defense Intelligence Agency, I have seen what correct warning looks like when it lands well — and when it reaches decision-makers who cannot or will not convert it into action. The years since leaving public service, now leading corporate intelligence at a Fortune 50 enterprise, have taught me that the pattern is not peculiar to government. The exact vocabulary may differ, but the grammar remains the same.
The intelligence does not need to change as much as the consumer system around it does.
First, assign ownership. Someone in the room, by title, must be responsible for converting warnings into preventive action and be measured on it. In the absence of named ownership, a warning is a briefing, not a decision input.
Second, build the institutional muscle memory to receive information as a decision input. Decision-makers should rehearse the conversion of warnings into action, as operators or emergency services personnel do with contingency responses. Tabletop exercises, decision drills, and scenario planning before a crisis are inexpensive relative to the cost of surprise. They are also irregular at best in most organizations.
Third, lower the political cost of acting on a warning that doesn’t materialize. This is the hardest of the three because it is cultural rather than procedural, and it requires senior leaders, whether in government or in the C-suite, to defend subordinates who acted prudently on sound intelligence even when the worst-case scenario does not occur. Until acting on a warning is professionally survivable when the warning proves overcautious, the incentive structure will continue to punish exactly the behavior we say we want.
Chuck Randolph, a colleague in the corporate security community, puts the point more directly: “Intelligence without action is just information.” The line is uncomfortable because it is correct.
In many of the most consequential cases, the U.S. Intelligence Community is not failing simply because it cannot see the risk. The failure lies in the consumer system, which cannot act on what it is shown. Until that changes, we will continue to be surprised by events we warned ourselves were coming. We will continue to mistake analytical success for policy success, and policy failure for intelligence failure.
The Warning Paradox is not a forecasting problem. It is a consumer problem. Like most consumer problems, the people best positioned to solve it are the ones least accustomed to thinking of themselves as the bottleneck.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
