Source: French to English Tester Published on: 2026-05-07
Source: The Conversation – France in French (3)– By Thomas Fraise, Postdoctoral research fellow, University of Copenhagen; Sciences Po

The emergence of the Mythos AI, presented as capable of quickly detecting major computer vulnerabilities, shows that offensive capabilities in cyberspace are progressing very rapidly. This development could make nuclear systems more vulnerable and increase the risk of errors, sabotage, or accidental escalation.
In 1983, the filmWarGamesimagined a teenager who, having accidentally entered a Pentagon computer system, triggered a simulation program, which was interpreted as a prelude to a nuclear war. The film had affected Ronald Reagan so much that he questioned his advisors about the possibility of such an intrusion into the most sensitive American systems. One week later, theresponse had comeA: “Mr. President, the problem is much more serious than you think.”
Policies around nuclear armament rely on a series of bets, oftendistant, on the future of nuclear deterrence. First, countries equipped with nuclear weapons consider that the fear of their retaliation will always be enough to prevent an adversary from attacking them first, and that they will always possess the expertise and luck necessary to prevent accidental detonations. They therefore believe that owning nuclear weapons will be a source of security, not insecurity, for them in the coming decades.
Now, aswe demonstrate it with my colleagues Sterre van Buuren and Benoît Pelopidas, there are several plausible future scenarios in which possessing nuclear weapons will incur more real costs than potential benefits in a world where the temperature has risen by several degrees. Maintaining a credible and safe arsenal will require making budgetary choices, to the detriment of other expenses made urgent by the climate crisis. The realm of existential risks for a state, which could justify the use of nuclear weapons, could also expand. Experts are concerned thatrisks of water shortages in Pakistan and India becoming fertile ground for a conflict leading to a nuclear escalation. The universe of existential risks for a state, which could justify the use of nuclear weapons, can also expand. Some experts are concerned thatrisks of water shortage in Pakistan and India becoming fertile ground for a conflict leading to a nuclear escalation.
But there is another, much more implicit bet: that nuclear arsenals, which are complex and highly digitalized technological systems, have no cyber vulnerabilities that could be exploited by an actor wishing to prevent their normal operation.
The recent breakthrough of Mythos artificial intelligence reveals how much the conditions of this bet can change in the long term.
Mythos and the future of cybersecurity
On April 7, 2026, the company Anthropic – which markets the series of large language models (LLM) Claude – announced the creation of itsnew artificial intelligence model(AI): “Mythos.” This model, which has not been released on the market but made available to asmall working groupcomposed of a dozen of the main American technology giants (Google, Microsoft, Apple, NVidia, Amazon Web Services, etc.), would achieve an unprecedented success rate in detecting vulnerabilities in IT systems.
Mythos would thus have been able to detect, with an impressive success rate, vulnerabilities «zero-day” in different computer browsers, software, or operating systems. A vulnerability “zero-day” is a critical security vulnerability in an information system, for which no protection currently exists, thus enabling an attack with a “zero-day” window to respond.According to Anthropic, Mythos allegedly managed to develop in record time (probably less than a day) methods to exploit these vulnerabilitieswith a success rate of 72.4%, far superior to other existing models.
If this information comes from the company itself – which has every interest in exaggerating the results – some public evidence has nevertheless been provided. Sylvestre Ledru, the engineering director at Mozilla responsible for the Firefox browser, stated that Mythos had enabled the discovery of a number“Properly mind-blowing”of vulnerabilities in their software. A security flaw nearly twenty-seven years old, having survived a large number of audits, was for example discovered in a free operating system widely used by cybersecurity services,OpenDSB.
Mythos reveals a fundamental problem:the increase in offensive capabilities – not only of States, but also of private actors such as cybercriminalsIn cyberspace, the risk may be accelerated by the development of AI, and auncertainty arises regarding the ability of defensive actors to react quickly enoughto correct existing vulnerabilities.
Even in the case where Mythos would not meet the announced performance, the development of LLMs since the early 2020s has shown how quickly their performance improves. We are therefore facing an acceleration in the development of offensive capabilities and their dissemination to a larger number of actors. This means a potential upward trend in the probability of success of a cyberattack, as well as an increase in the absolute number of these attacks.
The vulnerability of nuclear arsenals
To understand the vulnerability of nuclear weapons to cyberattacks, one must keep in mind that the term “nuclear arsenal” refers to much more than just a stockpile of nuclear warheads. The normal operation of modern nuclear arsenals relies on a wide array of technologies: nuclear warheads, missiles that carry these weapons, communication technologies (ensuring that orders are transmitted from the president to the operator responsible for activating these weapons), as well as a set of advanced warning technologies used to monitor the skies for potential signals of an enemy nuclear attack. These elements must be able to communicate with each other to ensure control of these weapons.
And they are more numerous than one might think. As Herbert Lin, a researcher at Stanford University and author of aStudy on cyber threats against nuclear weapons, the metaphor of the “nuclear button” is simplified: once the president presses it, a set of “cyber-buttons” must be pressed to trigger the nuclear operations and control them – as many levels where cyberattacks could intervene to prevent, for example, the arrival of the relevant information.
The president might not receive enough information – or might not receive any at all – to determine that an attack is underway. Alternatively, he might be unable to communicate the firing order to his submarine forces. Worse, the catastrophic scenario imagined since the 1950s could come true: a false firing order could be communicated to the missile operators.
The scenarios do not need to be so radical: the order could be communicated, but with a delay, or not communicated to all forces, leading to a less than desired response. The said response could be blocked: in 2010, a U.S. command center lost communication with about fifty nuclear missiles duringnearly an hour. An adversary could know how to take advantage of such vulnerabilities.
Alternatively, a large-scale cyberattack carried out by non-state actors could create the impression that aopponent seeks to target our nuclear arsenal, creating a risk of escalation by “inadvertence.”
One can also imagine cyber actions against the weapons themselves, thehardwarerather than thesoftwareof the arsenal. Of course, the actors in nuclear security do not merely wait for an attack to occur on one of these systems. They continuously develop and test their defensive capabilities. The problem is that the complexity of existing systems does not allow us to assert with certainty that there is “absolutely no vulnerability.”
It’sJames Gosler, former head of cybersecurity for American nuclear systems at the Sandia laboratory, who affirms itA: From the 1980s onward, due to the exponential complexity of the internal components in nuclear weapons, “you can no longer assert that all the microcontrollers (intended to ensure the functioning of the mechanism triggering the explosion) are invulnerable.”
This also does not mean that vulnerabilities necessarily exist. But it means that no actor is able to know if there are any. So, should we fear that the French nuclear arsenal, or any other arsenal targeting France, will be “hacked” in the future?
In fact, we do not know. Scenarios of this type are within the realm of possibility: there is no large complex information system whose total reliability can be guaranteed with absolute certainty. The evolution of tools enabling cyberattacks, and their potential dissemination among a large number of state and non-state actors, makes this type of future scenario potentially more likely and, in any case, plausible.
A new bet on the future
Mythos highlights a new modality of nuclear deterrence, born from the development of new technologies and their integration into nuclear arsenals.
We first bet on the absence of vulnerability within these systems — even though it is impossible to measure this probability with certainty. It evolves over time, at the pace of systems being updated, replaced, connected to others. If a vulnerability exists despite everything, we then bet that, in due course, the evolution of offensive capabilities in cyberspace will be constantly matched, and always in time, by the evolution of defensive capabilities — including in the era of artificial intelligence. Here again, this probability is also indeterminable, since the development of defensive capabilities is reactive: it depends on the knowledge we have of the nature of offensive capabilities and existing vulnerabilities, which are indeterminable. So we bet that our defenses, and those of other nuclear-armed states, will be sufficient.
We are therefore betting that our defenses against cyberattacks, and those of other nuclear-armed states, will be sufficient. Otherwise, we are betting that luck will be on our side and that existing vulnerabilities will not be detected — like the one that had existed for 27 years in the OpenDSB code. This is a gamble on luck because, in this scenario, it is the incapacity or absence of adversarial will — which we have no control over — to develop effective capabilities that will save us.
The ability of existing control practices to fulfill their task is made more uncertain by the arrival of large AI models capable of detecting vulnerabilities and designing cyberattacks on a massive and automated scale. Choosing a security policy based on nuclear weapons is tantamount to betting that, in the future as in the past, luck will always be on our side.
![]()
This work was funded by the European Research Council (ERC) under the European Union’s Framework Programme for Research and Innovation Horizon Research (RITUAL DETERRENCE project, grant agreement no. 101043468).
–ref. Hacking the bomb? What the AI Mythos reveals about the wager of nuclear deterrence –https://theconversation.com/hacker-the-bomb-what-the-AI-myth-reveals-about-the-nuclear-deterrence-bet-281557
