When a county’s 911 system goes dark, dispatchers reach for pen and paper. That image — a call-taker scribbling an address by hand while a caller waits — has become one of the defining pictures of the 2020s ransomware era. But it is only the most visible failure point in a far larger transformation. The machinery of modern policing — the dispatch centers, the body cameras, the license-plate readers, the evidence clouds, and now the AI models answering calls and writing reports — has become one of the most data-rich, vendor-concentrated, and under-defended attack surfaces in the public sector.

We have tracked the siege on America’s 911 systems before. A year on, the threat has not plateaued. It has industrialized, globalized, and — most consequentially — handed the keys to a shrinking number of technology vendors.

Ransomware found the dispatch center

The numbers tell a blunt story. According to the Public Safety Threat Alliance, run by Motorola Solutions, the rate of attacks on emergency call-handling systems climbed from once every 74 days in 2024 to once every 60 days in 2025 — and in that window, every single observed attack on call-handling systems was ransomware, aimed exclusively at U.S. agencies. Outages ran from one week to 25 days.

The most-impacted mission-critical system is now computer-aided dispatch (CAD) — the software that turns a call into a unit on the road. In 2024, 18 attacks hit CAD systems with an average of 15 days of downtime. Crucially, 83% of those attackers got in through ordinary city or police IT networks, not by breaching CAD directly. The dispatch center inherits the breach from the municipal network it shares.

The case files are concrete. In January 2024, Bucks County, Pennsylvania lost its CAD system to Akira ransomware and ran dispatch on paper for nine days. Fulton County, Georgia was crippled by LockBit the same month, reverting to paper jail bookings while it faced a multimillion-dollar rebuild. In May 2025, Morgan County, Alabama was hit by Qilin — the same group that has dominated our recent ransomware reporting. And the threat is not limited to encryption: attackers also deploy telephony denial-of-service (TDoS) to flood 911 lines, and we have separately covered SMS-blaster disruption of Canadian 911 service and the ransomware compromise of the CodeRED emergency-alert system that left communities without warning capability.

One persistent myth worth retiring: not every 911 failure is a hack. The multi-state outage of April 2024 — which knocked out service across South Dakota and parts of three other states — was caused by a contractor physically cutting a fiber line while installing a light pole, not by an intruder. The lesson is the same either way: the system is brittle, and brittleness is the vulnerability.

The surveillance stack is consolidating — and leaking

While dispatch centers fight ransomware, the broader policing-technology market is consolidating at speed, concentrating enormous volumes of sensitive data under a handful of vendors. That concentration is itself a security problem: a single misconfiguration or breach now exposes evidence, surveillance records, and officer identities at national scale.

The breaches of the past year did not, contrary to a common assumption, land on Axon — the dominant body-camera and digital-evidence company formerly known as TASER International. There is no publicly confirmed breach of Axon’s Evidence.com or its Fusus real-time crime-center platform. What researchers did find is arguably more unsettling for officer safety: Axon’s Tasers and body-worn cameras were shown to broadcast Bluetooth signals with static, non-randomized hardware addresses, letting anyone with a free phone app physically track individual officers. A demonstration in Melbourne reportedly tracked dozens of Axon devices across a two-kilometer radius within hours. Axon shipped a firmware update that only partially mitigated the issue, and U.S. Border Patrol reportedly advised agents to stop using the cameras over the tracking risk. That is vulnerability research, not a data heist — and the distinction matters when you publish.

The real data exposures clustered around Axon’s chief surveillance-tech rival, Flock Safety, and around individual agencies:

  • Flock’s “Condor” cameras streamed to the open internet. In late 2025 and early 2026, independent researchers found at least 60 Flock AI cameras live-streaming with no password and no encryption — feeds, archives, admin panels, and the ability to delete footage all reachable by anyone. Flock called it a limited testing phase; researchers reported some cameras stayed exposed days after a claimed fix.
  • Flock leaked officers’ license-plate searches. Disclosed in June 2026, the reasons officers ran plate searches — and sometimes the plates themselves — were found indexed by DuckDuckGo and Bing.
  • Governance failures compounded the technical ones. Audits across 2025 found Flock systems quietly granting outside agencies — including federal immigration enforcement — access to local plate data that the owning departments never authorized, with hundreds of thousands of unauthorized queries in some jurisdictions.
  • The LAPD leak. Around March–April 2026, roughly 7.7 terabytes — over 337,000 files including officer personnel records, Internal Affairs documents, witness names, and unredacted criminal complaints — surfaced online in a suspected hack.

The through-line is supply-chain and concentration risk. When one vendor’s cloud holds the body-cam footage, the evidence, the dispatch logs, and the real-time camera network for thousands of agencies, the blast radius of any single failure is no longer one department — it is a region, a state, or a country. We have made this argument about enterprise software supply chains; policing technology is the same pattern with public-safety stakes.

AI now answers the call — and writes the report

Into this fragile, consolidating ecosystem comes artificial intelligence, and it is arriving faster than the security and accountability frameworks around it.

Chronically understaffed PSAPs have turned to AI to handle the crush of non-emergency calls. Aurelian has deployed AI voice assistants across dispatch centers in Washington, Tennessee, and Michigan, claiming automation of roughly 70% of non-emergency calls. Carbyne runs AI triage and real-time translation across hundreds of sites. Prepared layers transcription and live translation over existing 911 infrastructure in more than a thousand centers.

What ties these together is a single buyer. Axon acquired Prepared in October 2025 and agreed to buy Carbyne for $625 million, a deal expected to close in early 2026 — positioning one company to dominate body cameras, evidence storage, real-time crime centers, and the AI front-end of the 911 call itself. The most-connected emergency platform ever built is also the most centralized single point of failure ever built.

On the back end, Axon’s Draft One — generative AI that writes police-report narratives from body-camera audio — has become the company’s fastest-growing product. It has also become a case study in why AI in high-stakes government work needs guardrails. An EFF investigation found Draft One was designed not to retain the original AI draft, making it impossible to distinguish AI-generated text from an officer’s own words — a design choice an Axon product manager described as intentional, to avoid “disclosure headaches” for prosecutors. King County, Washington prosecutors banned AI-written reports in late 2024. States including California (SB 524) and Utah (SB 180) have since moved to mandate disclosure, require retention of the first draft, and bar vendors from reusing submitted data.

The risks are not hypothetical. A hallucinated detail in a 911 transcript or a report narrative carries evidentiary and life-safety weight that a chatbot error in a consumer app never will. Bias in training data can be laundered into “objective” machine output. And an AI system sitting in the path of every emergency call is an attractive target for manipulation and data theft — 911 audio is among the most sensitive personal data a government holds. When we build AI applications, the lesson from this sector is that auditability and the preservation of an original record are not optional features — they are the difference between a tool and a liability.

A global problem with uniquely high stakes

This is not an American story alone. Police-data breaches abroad have demonstrated the singular danger of compromising law enforcement, where the victims are officers, witnesses, and surveillance targets:

  • United Kingdom: The 2023 PSNI breach — surnames, ranks, and locations of roughly 9,500 serving officers and staff in Northern Ireland, accidentally published and then accessed by dissident republicans — forced officers to relocate and install home security, ended a Chief Constable’s tenure, drew a £750,000 ICO fine, and by early 2026 had grown into a compensation bill estimated in the hundreds of millions. A separate supplier ransomware attack exposed warrant-card data for tens of thousands of Met and Greater Manchester officers.
  • France: In December 2025, intruders reportedly accessed the CHEOPS portal of classified police records for weeks, with files touching some 16.4 million people — an incident the interior minister called “unprecedented for France.”
  • United States (federal): A suspected China-linked intrusion into an FBI surveillance-data system holding court-authorized wiretap and FISA information was labeled a “major incident,” with reporting indicating that surveillance targets’ phone numbers were exposed — the kind of compromise that can burn active investigations and endanger informants.

A leaked customer database is a privacy harm. A leaked police database can be a physical-safety harm — for the officer whose home address surfaces, the witness whose name appears in discovery, or the target who learns they are under surveillance.

The defensive agenda

The fixes are not mysterious; they are unfunded and unprioritized. For dispatch resilience: segment CAD and 911 systems off the flat municipal network that 83% of attackers ride in on, maintain tested offline backups, and rehearse manual-fallback procedures so a paper-and-pen day is degraded rather than catastrophic. For the vendor layer: treat every policing-technology supplier as critical-infrastructure-grade, demand evidence of encryption-at-rest and access controls, audit cross-agency data-sharing defaults, and refuse internet-exposed cameras and panels. For AI: require retention of original drafts and source audio, mandate disclosure, test for bias, and lock down the pipelines carrying 911 audio and report data.

The thin blue line has become a thin digital line. It runs through county IT closets, a few dominant vendors’ cloud tenants, and now the weights of language models answering emergency calls. Defending it is no longer a back-office IT concern — it is public safety itself.

Sources