Post

Hack the bomb? What the AI Mythos reveals about the gamble of nuclear deterrence

Hack the bomb? What the AI Mythos reveals about the gamble of nuclear deterrence

Source: French to English Tester   Published on: 2026-05-07

Source: The Conversation – France in French (3)– By Thomas Fraise, Postdoctoral research fellow, University of Copenhagen; Sciences Po

Claude Mythos is a cutting-edge artificial intelligence developed by the company Anthropic, whose advanced capabilities in offensive cybersecurity inspire as much fascination as concern. Gguy/Shutterstock

The emergence of the Mythos AI, presented as capable of quickly detecting major computer vulnerabilities, shows that offensive capabilities in cyberspace are advancing very rapidly. This development could make nuclear systems more vulnerable and increase the risk of errors, sabotage, or accidental escalation.


In 1983, the filmWarGamesimagined a teenager who, having accidentally entered a Pentagon computer system, triggered a simulation program, which was interpreted as a prelude to a nuclear war. The film had so deeply affected Ronald Reagan that he questioned his advisors about the possibility of such an intrusion into the most sensitive American systems. One week later, theresponse had comeA: “Mr. President, the problem is much more serious than you think.”

Policies around nuclear armament are based on a series of bets, oftendistant, on the future of nuclear deterrence. First, countries possessing nuclear weapons believe that the fear of their retaliation will always be sufficient to prevent an adversary from attacking them first, and that they will always have the expertise and luck necessary to prevent accidental explosions. They therefore consider that possessing nuclear weapons will be a source of security and not insecurity for them in the decades to come.

Now, aswe show it with my colleagues Sterre van Buuren and Benoît Pelopidas, there are several plausible future scenarios in which possessing nuclear weapons will incur more real costs than potential benefits in a world where the temperature has risen by several degrees. Maintaining a credible and safe arsenal will require making budgetary choices, to the detriment of other expenditures made urgent by the climate crisis. The realm of existential risks for a state, which could justify the use of nuclear weapons, can also expand. Experts are concerned thatrisks of water shortages in Pakistan and India becoming a fertile ground for a conflict leading to a nuclear escalation.The universe of existential risks to a State, which could justify the use of nuclear weapons, can also expand. Experts are concerned thatthe risks of water scarcity in Pakistan and India becoming fertile ground for a conflict leading to a nuclear escalation.

But there is another, much more implicit bet: that nuclear arsenals, which are complex and highly digitalized technological systems, possess no cyber vulnerabilities that could be exploited by an actor wishing to prevent their normal operation.

The recent breakthrough of the Mythos artificial intelligence reveals how much the conditions of this bet can change in the long term.

Mythos and the Future of Cybersecurity

On April 7, 2026, the company Anthropic – which markets the series of large language models (LLM) Claude – announced the creation of itsnew artificial intelligence model(AI): “Mythos.” This model, which has not been released on the market but made available to arestricted working groupcomposed of a dozen of the main American technology giants (Google, Microsoft, Apple, NVidia, Amazon Web Services, etc.), would achieve an unprecedented success rate in detecting vulnerabilities in computer systems.

Mythos would thus have been able to detect, with an impressive success rate, flaws “zero-day” in different computer browsers, software or operating systems. A flaw “zero-day” is a critical security flaw in an information system, against which no protection currently exists, thus making possible an attack that leaves a “zero-day” window to react.According to Anthropic, Mythos reportedly managed to develop in record time (probably less than a day) methods allowing the exploitation of these vulnerabilitieswith a success rate of 72.4%, significantly superior to other existing models.

If this information comes from the company itself – which has every interest in exaggerating the results – some public evidence has nonetheless been provided. Sylvestre Ledru, the director of engineering at Mozilla responsible for the Firefox browser, stated that Mythos had made it possible to discover a number“Properly mind-blowing”vulnerabilities in their software. A security flaw nearly twenty-seven years old, having survived a large number of audits, was for example discovered in a free operating system widely used by cybersecurity services,OpenDSB.

Mythos reveals a fundamental problem:the increase in offensive capabilities – not only of States, but also of private actors such as cybercriminals – in cyberspace is likely to be accelerated by the development of AI, and auncertainty arises regarding the ability of defensive actors to react quickly enoughto fix existing vulnerabilities.

Even if Mythos does not live up to the announced performance, the development of LLMs since the early 2020s has shown how quickly their performance improves. We are therefore facing an acceleration in the development of offensive capabilities and their dissemination to a larger number of actors. This means a potential upward trend in the probability of success of a cyberattack, as well as an increase in the absolute number of these attacks.

The vulnerability of nuclear arsenals

To understand the vulnerability of nuclear weapons to cyberattacks, one must bear in mind that by “nuclear arsenal,” we mean much more than just a stockpile of nuclear warheads. The normal operation of modern nuclear arsenals relies on a wide configuration of technologies: nuclear warheads, missiles that transport these weapons, communication technologies (ensuring that the order is transmitted from the president to the operator responsible for activating these weapons), as well as a set of advanced warning technologies used to monitor the sky for potential signals of an enemy nuclear attack. These elements must be able to communicate with each other to ensure control of these weapons.

And there are more of them than one might think. As noted by Herbert Lin, a researcher at Stanford University and author of aStudy on cyber threats against nuclear weapons, the metaphor of the “nuclear button” is simplified: once the president presses it, a set of “cyber-buttons” must be pressed to trigger nuclear operations and control them — several levels where cyberattacks could be inserted to prevent, for example, the arrival of relevant information.

The president might not receive enough information — or might not receive any at all — to determine that an attack is underway. Or, he might be unable to communicate the launch order to his submarine forces. Worse, the catastrophic scenario imagined since the 1950s could come true: a false launch order could be communicated to missile operators.

The scenarios do not need to be so radical: the order could be communicated, but with a delay, or not communicated to the entire forces, leading to a response less intense than desired. The said response could be blocked: in 2010, an American command center lost communication with about fifty nuclear missiles duringnearly an hour. An opponent could know how to exploit such flaws.

Alternatively, a large-scale cyberattack carried out by non-state actors could create the impression that aopponent seeks to target our nuclear arsenal, creating a risk of escalation by “inadvertence”.

One can also imagine cyber actions against the weapons themselves, thehardwarerather than thesoftwareof the arsenal. Of course, the actors in nuclear security do not just wait for an attack to occur on one of these systems. They continuously develop and test their defensive capabilities. The problem is that the complexity of existing systems does not allow us to state with certainty that there is “no vulnerability”.

It’sJames Gosler, former head of cybersecurity for American nuclear systems at the Sandia laboratory, who claimsFrom the 1980s onwards, due to the exponential complexity of the internal components of nuclear weapons, “you can no longer assert that the entire set of microcontrollers (intended to ensure the functioning of the mechanism triggering the explosion) are invulnerable.”

This does not necessarily mean that vulnerabilities exist. But it means that no actor is in a position to know if there are any. So, should we fear that the French nuclear arsenal, or any other arsenal targeting France, will be “hacked” in the future?

In fact, we do not know. Scenarios of this type are within the realm of possibility: there is no large complex information system whose total reliability can be guaranteed with absolute certainty. The evolution of tools enabling cyberattacks, and their potential dissemination to a wide range of state and non-state actors, makes this type of future scenario potentially more likely and, in any case, plausible.

A new bet on the future

Mythos highlights a new modality of the nuclear gamble, born from the development of new technologies and their integration into nuclear arsenals.

We first bet on the absence of vulnerabilities within these systems — even though it is impossible to measure this probability with certainty. It evolves over time, at the pace of systems being updated, replaced, connected to others. If a vulnerability exists despite everything, we then bet on the fact that, in due time, the evolution of offensive capabilities in cyberspace will constantly be matched, and always in time, by the evolution of defensive capabilities — including in the era of artificial intelligence. Here again, this probability is also indeterminable, since the development of defensive capabilities is reactive: it is based on the knowledge we have of the nature of offensive capabilities and existing vulnerabilities, which are indeterminable. So we are betting that our defenses, and those of other nuclear-armed states, will be sufficient.

We are therefore betting that our defenses against cyberattacks, as well as those of other nuclear-armed states, will be sufficient. Otherwise, we are betting that luck will be on our side and that existing vulnerabilities will not be detected — like the one that existed for 27 years in the OpenDSB code. It is a bet on luck because, in this scenario, it is the incapacity or lack of will of the adversary, over which we have no control, to develop effective capabilities that saves us.

The ability of existing control practices to fulfill their task is made more uncertain by the arrival of large AI models capable of detecting vulnerabilities and designing cyberattacks on a massive and automated scale. Choosing a security policy based on nuclear weapons amounts to betting that, in the future as in the past, luck will always be on our side.

The Conversation

This work was funded by the European Research Council (ERC) under the European Union’s Horizon Research framework programme for research and innovation (RITUAL DETERRENCE project, grant agreement No. 101043468).

ref. Hacking the bomb? What the AI Myth reveals about the bet of nuclear deterrence –https://theconversation.com/hacker-the-bomb-what-ai-myths-reveal-about-the-nuclear-deterrence-bet-281557