Defense AI has a data problem that commercial AI does not. The operational data that would make a model genuinely useful — IR imagery of adversary vehicles, SAR returns from contested terrain, EO captures from ISR sorties, RF spectrum collections from real engagements — is almost always classified at FOUO, SECRET, or higher. The engineers training the model rarely hold the clearance, the workstation, or the network connection required to touch it. Synthetic data is how programmes ship anyway.
This is not a workaround. It is now the dominant training strategy for most defense computer-vision and sensor-AI programmes, with classified data used only for final validation. The discipline that makes the approach credible is in the simulation engineering, the sim-to-real bridge, and the validation evidence — not in the model architecture.
The Classified-Data Problem
The honest version of the constraint: a defense programme office has thousands of hours of mission data sitting on classified networks. The engineering vendor has cleared individuals — sometimes one or two — who can access it on a SCIF workstation, label it slowly by hand, and ship nothing off the enclave. Cloud GPU training is not an option. Labelling tools that phone home are not an option. The team ends up with maybe thirty representative examples for a class that needs ten thousand.
This is the "30 examples" reality that drives the whole synthetic-data discipline. A modern object detector needs balanced classes across lighting, range, aspect, occlusion, season, and sensor mode. Real classified data is biased toward whatever the collection platforms happened to fly over, on whatever days they flew. Even when the volume exists, the distribution is wrong. Synthetic data is the only way to close the long tail.
Synthetic Data Categories
Game-engine-rendered. Unreal Engine 5, Unity, and NVIDIA Omniverse Replicator are now the workhorse tools for generating photorealistic synthetic imagery. Programmes build digital twins of relevant terrain (often from public DTED, Sentinel-2, and Maxar tiles), populate them with high-fidelity vehicle and aircraft models, and render under controlled lighting, weather, and sensor parameters. Omniverse Replicator's randomization API is the standard for generating millions of labelled frames with ground-truth bounding boxes, segmentation masks, and depth maps included.
GAN- and diffusion-generated. StyleGAN3, Stable Diffusion fine-tunes, and purpose-built conditional diffusion models generate imagery directly. The advantage is photorealism without modelling effort; the disadvantage is that labels do not come for free and statistical artefacts can poison downstream models. In defense use, GAN-generated imagery is most useful for augmentation — perturbing existing frames — rather than as primary training data.
Augmentation from public sources. Public datasets (xView, DOTA, FMOW, RarePlanes, SpaceNet) provide a base of overhead imagery with permissive licences. Defense programmes augment these by compositing in synthetic vehicles, applying sensor-realistic degradation, and remapping spectra. The result is hybrid data — public substrate, synthetic foreground — with auditable provenance.
Hybrid pipelines. Production programmes combine all three. A typical stack: Omniverse generates a million labelled IR frames across a parametrized scenario space, a diffusion model perturbs textures and atmospherics for diversity, and public-source compositing fills gaps for specific classes that the simulation rigs do not yet cover. The output is one dataset, with consistent labelling and a single provenance ledger.
Simulation Pipelines
The engineering stack behind a credible synthetic IR/EO/SAR pipeline has four layers. Terrain. Heightmaps from SRTM or programme-supplied DTED, surface materials from Sentinel-2 land-cover classifications, and procedural vegetation placed by ecotype. Cesium ion and Houdini are common for terrain authoring; Omniverse and Unreal ingest the result.
Atmospherics. Volumetric clouds, haze, precipitation, and time-of-day lighting. For IR specifically, this means modelling atmospheric transmittance per band using MODTRAN or a faster surrogate, not just adding fog as a visual effect. Programmes that skip physics-based atmospherics ship models that work in clear weather and fail at dawn.
Sensor models. Camera intrinsics, focal length, exposure, noise floor, MTF, and band-specific response curves. For SAR, this means a full electromagnetic simulator (RaySAR, SARviz, or commercial tools like CohRaS) producing speckle-correct returns rather than rendered "SAR-looking" greyscale. The sensor model is what separates training data that transfers from training data that does not.
Target catalogs. 3D models of relevant vehicles, aircraft, and infrastructure, with thermal signature plates for IR and material electromagnetic properties for SAR. Public CAD repositories cover commercial classes; defense-specific models are commissioned from suppliers like TurboSquid Pro, RocketBox, or built internally from photogrammetry. Each model carries a fidelity grade — geometry-only, geometry-plus-materials, geometry-plus-materials-plus-signatures — and the dataset records which grade was used for each frame.
Sim-to-Real Domain Gap
A model trained purely on synthetic data and tested on real data almost always fails. The gap is the "sim-to-real" problem, and closing it is the single hardest engineering problem in this discipline.
Domain randomization is the first and most reliable tool. Rather than trying to make synthetic imagery look real, randomize aggressively across textures, lighting, camera parameters, and atmospherics so that the real domain looks like just another sample. NVIDIA's research on domain randomization for object detection — and Tesla's earlier work on driving — both demonstrated that randomization beats photorealism for transfer.
Domain adaptation is the second tool. CycleGAN-style image translation moves synthetic frames toward the real distribution; feature-level adaptation methods (DANN, ADDA, CDAN) align learned representations. For defense use, the constraint is that the "real" side of the adaptation has to be unclassified or accessible under the same controls as the model — which usually means using a small, releasable real reference set rather than the full classified corpus.
The validation gap. Naive pipelines report synthetic-test accuracy, see ninety-plus percent, and ship. Then the model meets real data and collapses. The only metric that matters is accuracy measured on real, in-distribution data. Synthetic-test accuracy is a sanity check, not a release gate.
Key insight: Synthetic data programmes that succeed treat the simulator as code under change control — versioned, reviewed, and accompanied by a release-notes ledger. Programmes that fail treat it as a one-off art-pipeline render. The first is engineering; the second is content production.
Validation Against Real Data
Validation against real classified data is where the synthetic-data discipline either earns trust or loses it. The pattern that works: the engineering team trains entirely on the unclassified synthetic corpus, ships the model to the classified enclave as a sealed artefact, and the cleared validation team runs evaluation against a small held-out real dataset on the classified side. The metrics — precision, recall, calibration curves, per-class confusion — are released back to the engineering team as numbers, not as imagery.
Calibration matters as much as accuracy. A model that predicts "tank" at 99% confidence on a target it has never reliably seen is dangerous. Defense validation pipelines include reliability diagrams and expected calibration error (ECE) alongside top-line accuracy. Programmes that operate downstream of analyst triage need the confidence numbers to mean something.
The validation set itself is treated as a managed asset. It must be representative of the deployment distribution, frozen across model versions for comparability, and refreshed periodically as the operational environment shifts. A validation set that is too small or stale produces false confidence; one that is too dynamic makes regression detection impossible.
Provenance and Auditability
Every frame in a defense synthetic dataset must be traceable. The provenance ledger records: which simulator version produced it, which scenario parameters, which target-model fidelity grade, which atmospheric model, which random seed, and which sensor profile. When a model later fails in deployment, the team has to be able to ask "did we ever train on anything resembling this scene?" — and answer with evidence, not guesswork.
Model cards are the documentation layer. A defense model card discloses training-data composition — percent synthetic by category, percent public, percent hybrid, percent real — alongside the validation evidence on the real set. This is increasingly an accreditation requirement, not a nice-to-have. DoD's Responsible AI guidance, NATO STO TR-IST-178, and several national AI accreditation regimes all expect documented data lineage as a precondition for fielding.
Legal and Ethical Constraints
Synthetic does not mean unconstrained. Image rights matter for hybrid pipelines: public datasets carry licences, photogrammetry of real objects has copyright implications, and commercial 3D-model marketplaces have specific clauses prohibiting use in weapons systems. Programmes that ignore licence terms create downstream legal exposure that surfaces during accreditation review, not during development.
Classification of synthetic outputs. Synthetic imagery of a real, sensitive system — even rendered from public CAD — can itself become classified once it accurately reproduces signatures that were classified. Programmes need a classification guide for their synthetic-data outputs, vetted by the customer's security officer, before generation begins. Retroactive classification is expensive.
Dual-use considerations. Synthetic-data pipelines that train target-recognition models are dual-use by construction. Export controls (ITAR, EAR, EU 2021/821) apply to the simulation tools, the target models, and the trained weights. The engineering team needs export-control review at three points: tool selection, target-catalog assembly, and model release.
What Works in Production
The pattern that has emerged across credible defense AI programmes in 2025–2026 is federated training: synthetic-data pretraining at scale on unclassified infrastructure, fine-tuning at the classified edge on real data the engineering team never sees. The pretrained model carries ninety-plus percent of the capability; the classified fine-tune closes the last gap. The architecture aligns naturally with federated learning patterns already used for sensor networks.
Continuous synthetic-data refresh is the operational habit that separates serious programmes from one-shot deliveries. As the operational picture changes — new adversary vehicle variants, new operating environments, new sensor payloads — the simulation rig produces new training tranches on a monthly or quarterly cadence. The model is retrained, revalidated against the classified set, and redeployed. Programmes that treat training as a one-time event watch their accuracy decay invisibly.
For full context on how synthetic data fits into the broader defense-AI stack, see our complete guide to AI in defense and the discussion of where models live in the sensor-edge tier. Synthetic-data discipline is not a research topic; it is now the default delivery pattern, and the programmes that treat it with engineering rigour are the ones whose models actually work when the real data finally arrives.