What AI tells us about the risks of nuclear deterrence

The production had such an impact on the then president of the United States, Ronald Reaganthat he questioned his advisors about the possibility of a similar invasion of the country’s most sensitive systems. A week later, the answer came: “Mr President, the problem is much worse than you imagine.“

Thomas Fraisepostdoctoral researcher at the University of Copenhagen (Denmark), says, in a text published in The Conversation that nuclear weapons policies are based on a series of bets on the future of nuclear deterrence.

Countries with atomic arsenals are betting that the fear of retaliation will always be enough to prevent an initial attack by the opponent and that there will be sufficient technical skill and luck to avoid accidental explosions. They also bet that possessing nuclear weapons will continue to be a source of securityand not insecurity, in the coming decades.

The author states, however, that they exist plausible scenarios in which possessing nuclear weapons could generate more real costs than potential benefits in a world affected by global warming. Maintaining an arsenal considered safe and reliable would require budgetary choices that would compete with other urgent spending related to the climate crisis.

Furthermore, the universe of existential risks that could justify the use of nuclear weapons would be expanding. One of the examples cited is the concern of experts that the water shortage node Pakistan and India could create favorable conditions for a conflict with the potential for nuclear escalation.

The author also points out another bet implicit in nuclear policies: that atomic arsenals, made up of complex and highly digitalized technological systems, do not have cyber vulnerabilities that could be exploited by agents interested in compromising its operation.

Countries with atomic arsenals are betting that the fear of retaliation will always be enough to prevent an opponent’s initial attack and that there will be enough technical capacity and luck to avoid accidental explosions – Image: mwreck/Shutterstock

Where does AI Claude Mythos fit into this issue?

• The discussion gained strength after the advancement of the artificial intelligence (AI) model Claude Mythosdeveloped by Anthropic;
• The AI ​​system was launched in April 7, 2026 by the company, responsible for the series of language models Claude;
• The Mythos it wasn’t commercially released. Instead, it was made available to a restricted group consisting of about a dozen from US technology giants including Google, Microsoft, Apple, Nvidia and Amazon Web Services (AWS);
• According to information released by Anthropic, the model achieved a rate unprecedented in identifying vulnerabilities in computer systems. Mythos would have been able to detect failures.”zero-day” in browsers, software and operating systems;
• A “zero-day” vulnerability is described as a critical security flaw for which there is still no protection available, allowing attacks without reaction time. According to Anthropic, Mythos was able to develop methods to exploit these vulnerabilities in record time — probably in less than a day — with a success rate of 72.4%.

Continues after advertising

Although the information was released by the company itself, Fraise highlights that some public evidence was presented. Sylvestre Ledrudirector of engineering responsible for the Firefox browser at Mozilla, said that Mythos helped discover a number “absolutely stunning” of vulnerabilities in the software.

Among the examples cited is the discovery of a security flaw with almost 27 years of existence in the open source operating system OpenBSDwidely used by cybersecurity services.

AI and the advancement of offensive capabilities

According to the analysis presented, Mythos highlights a broader phenomenon: the possibility that the development of AI speed up the increase in offensive capabilities in cyberspace, not only between States, but also between private actors, such as cybercriminals.

At the same time, the uncertainty about the ability of defensive agents to react quickly enough to patch existing vulnerabilities.

Continues after advertising

Even if Mythos does not fully achieve the advertised performance, the author highlights that advanced language models evolved quickly since the beginning of the 2020s. This would indicate a acceleration in the development of offensive tools and also in the dissemination of these capabilities to a greater number of actors.

As a consequence, there would be a potential increase so much of probability of successful cyber attacks and absolute number of these attacks.

Mythos highlights a broader phenomenon: the possibility that the development of AI will accelerate the increase in offensive capabilities in cyberspace, not only between States, but also between private actors, such as cybercriminals – Image: PhotoGranary02/Shutterstock

Vulnerability of nuclear arsenals

The researcher claims that a nuclear arsenal involves much more than stored warheads. The normal functioning of these systems depends on a broad technological structure composed of warheads, missiles capable of transporting them, communication systems to transmit presidential orders and early warning mechanisms responsible for monitoring signs of a possible enemy attack. All these elements need to communicate with each other to ensure the control about weapons.

The researcher Herbert Linfrom Stanford University (USA) and author of a study on cyber threats and nuclear weapons, states that the “nuclear button” metaphor oversimplifies the reality. According to him, after the president presses the button, a series of “cyberbuttons” also needs to be activated to initiate and manage nuclear operations.

Each of these points would represent an opportunity for interference by cyber attacks, such as preventing critical information from reaching its destination.

Fraise points out different possible scenarios. The president could not receiving enough information — or no information — to determine that an attack is underway. It could also be unable of transmitting launch orders to submarine forces.

Another scenario mentioned is the nightmare discussed since the 1950s: a fake order launch module be sent to missile operators.

The consequences would not necessarily need to be so extreme. An order could arrive with delay or not be transmitted to all forces, producing more retaliation weak than planned.

The author also recalls an episode of 2010when an American command center lost communication with about 50 nuclear missiles for almost one hour.

Another hypothesis raised is that a major cyber attack carried out by non-state actors could create the impression that an adversary was targeting a nuclear arsenal, increasing the risk of involuntary escalation.

Likewise, an attack on command and control systems linked to conventional operations could be interpreted as threat to a country’s nuclear arsenal if the systems were integrated.

The scenario of cyber operations directed at the weapons themselves is also mentioned, reaching the hardware instead of software.

The researcher states that agents responsible for nuclear security continually develop and test defensive capabilities. Still, the complexity of existing systems would prevent any absolute guarantee of the absence of vulnerabilities.

James Goslerformerly responsible for the security of American nuclear systems at Sandia National Laboratories, states that the exponential increase in the complexity of nuclear weapons components, starting in the years 1980returned impossible ensure that microcontrolled systems used to guarantee the functioning of the detonation mechanism were completely free of vulnerabilities.

According to Fraise, this doesn’t mean necessarily that such vulnerabilities exist, but indicates what no actor can say with certainty that they do not exist.

The exponential increase in the complexity of nuclear weapons components, starting in the 1980s, made it impossible to ensure that microcontrolled systems used to guarantee the functioning of the detonation mechanism were completely free from vulnerabilities – Image: Russian Ministry of Defense

New bet on the future

The analysis concludes that the Mythos reveals a new dimension from the “nuclear bet”, driven by the development of new technologies and their integration into arsenals.

According to the author, countries are betting on absence of vulnerabilities in these systems, although it is impossible measure this probability accurately. It would change over time as systems are updated, replaced, and connected to others.

If vulnerabilities exist, the bet becomes that advances in offensive capabilities will always be accompanied, and in timelyby defensive advances — including in the age of AI.

The researcher highlights that the development of defensive capabilities is usually reactivedepending on knowledge about offensive tools and existing vulnerabilities, factors considered inherently uncertain.

In this context, the author states that security based on nuclear weapons implies bet that defenses against cyber attacks will be enough. Otherwise, the bet would fall on the luck: the expectation that existing vulnerabilities are not discoveredas happened with the flaw that remained hidden for 27 years in OpenBSD.

According to Fraise, the arrival of advanced AI models capable of detecting vulnerabilities and designing cyber attacks on a large scale and in an automated manner has made it more uncertain the ability of current control mechanisms to continue fulfilling their role.

Thus, the adoption of security policies based on nuclear weapons would be equivalent, according to the analysis, to betting that, in the future, luck will always remain on the same side.