Military institutions across South Asia share a specific institutional assumption that has proven consistently wrong: that the combination of physical security perimeters, rank hierarchy, and institutional discipline is sufficient to insulate personnel from external ideological influence. Bangladesh Air Force cases from 2025 and 2026, Indian Navy espionage prosecutions from 2022 and 2023, and Pakistan’s documented history of serving officers with Islamist sympathies all demonstrate the same failure. The assumption is wrong in Bangladesh, wrong in India, and wrong in Pakistan, and the mechanism that makes it wrong is consistent across each case.
The mechanism is the personal, social and digital network that runs alongside the institutional one. Personnel who are physically inside a secure facility during working hours are, outside those hours, accessible through the same encrypted platforms and community social spaces as any civilian. The military perimeter stops at the gate. The digital environment does not stop anywhere. An Air Force technician in Dhaka who checks Telegram in the evening is in the same information environment as anyone else on that platform. The rank on his uniform does not change the content he encounters or the social dynamics of the group chats he participates in.
Regional precedents establish the threat pattern clearly enough for Bangladesh’s policymakers to recognise the environment they are in. Pakistan’s ISI has a documented history of cultivating serving Indian military personnel through financial inducement and social engineering, with cases prosecuted by Indian courts going back decades.
A 2023 case chargesheeted by India’s National Investigation Agency involved a young serving naval ratings at the Naval Dockyard in Visakhapatnam who was honey-trapped through social media by a Pakistani operative using a female alias, receiving small cryptocurrency payments in exchange for classified information about navy warships and submarines. The tradecraft was not complex. It relied on the fact that the target was accessible through his personal digital life in ways that his institutional security perimeter could not address.
Pakistan’s own military has faced documented internal challenges with Islamist sympathies among serving officers. Pakistan’s military leadership under Musharraf acknowledged Islamist leanings within the army and took steps to address them, though analysts have noted that the process was incomplete, given the decades-long policy of cultivating Islamist militancy as a foreign policy tool. The institutional consequence of that policy has included a culture of Islamist conservatism that did not remain entirely separate from the officer corps.
Bangladesh’s Air Force cases follow this regional pattern. The individuals investigated had passed through entry screening. Their radicalisation occurred through personal social networks, online platforms, and — in one documented instance — through an imam embedded within a base mosque who served as a recruitment facilitator. Institutional monitoring did not detect the process until it had progressed far enough to produce observable behaviour changes or until external intelligence sources flagged the individuals. By either pathway, detection came late.
The Sri Lanka comparison is instructive for different reasons. The 2019 Easter Sunday attack network was not composed of serving military personnel who had evaded screening, but the institutional failures the attacks exposed — siloed intelligence, bureaucratic paralysis, failure to act on specific warnings — illustrate how institutional assumptions about security can persist even in the face of direct contrary evidence. The attackers exploited not clearance gaps but coordination gaps; the lesson is that security assumptions of all kinds require active testing rather than passive maintenance.
The argument for a regional cooperative framework on internal security screening rests on the common mechanism identified across these cases. If the vulnerability is consistent — personal social and digital networks that run alongside institutional ones, inaccessible to standard monitoring — then methodological responses are also transferable.
Intelligence-sharing on digital extremist content ecosystems that target military personnel, joint development of in-service monitoring protocols that detect ideological drift before it reaches operational threshold, and shared counter-radicalisation training for counterintelligence cadres are all technically feasible arrangements between countries that face the common problem.
Bangladesh’s DGFI, India’s Military Intelligence, and the Sri Lanka military’s Directorate of Military Intelligence have existing bilateral exchange relationships. A formalised working group on internal security screening methodology would require political will from all parties and a shared acknowledgement that the threat is regional rather than country-specific. That acknowledgement runs into national security sensitivities: admitting that your military has a radicalisation vulnerability is not a comfortable public position for any government.
The discomfort does not change the vulnerability. South Asia’s military institutions are recruiting from the same societies where extremist content circulates in local languages on freely accessible platforms. Some portion of recruits arrive with prior exposure. Some portion of serving personnel encounter that content after recruitment. The proportion is not large. The access those individuals hold makes the proportion irrelevant to the risk calculation.
External actors who have studied South Asian military institutions understand this. The operatives who honey-trapped Indian naval personnel through social media, and those who ran ideological content into Bangladesh Air Force social networks through encrypted platforms and an embedded mosque imam, were not operating on assumptions.
They were operating on documented knowledge of how institutional exposure pathways work. Bangladesh and its regional partners are still catching up to a threat that has had years to study them.