Artificial intelligence is transforming the world at incredible speed. Seemingly overnight, AI has become a tool for discovery, national defense, industry, and innovation. But as it penetrates deeper into national security systems, a new threat emerges. Nuclear weapons, once restrained by layers of human judgment, are becoming increasingly entangled with autonomous systems.

For decades, the risk of nuclear war involved geopolitical conflicts that might spin out of control, or that mechanical failure might combine with human error. Today, the danger has magnified. Power grids, communications networks, and even nuclear command and control systems all rely on vulnerable software at risk to cyber intrusion.

All of which makes it extremely concerning that machines are now the best hackers on Earth.

Automation and the Illusion of Safety

Military leaders claim that AI helps reduce human error, speeds threat detection, and improves communications. The entire process is streamlined during a crisis. But those qualities also introduce a brand new trade-off: We are building machines to protect our very existence from machines that we ourselves built.

Artificial intelligence does not hesitate. It does not question the source of its data. It cannot fully understand the subtle nuances of human behavior or the potential consequences of a seemingly minor mistake. It simply calculates probabilities and executes code, even when that code interacts with nuclear weapons systems that must never fail.

Crashing the Gates

The world is now witnessing an AI-driven cyber arms race. Nations deploy autonomous tools capable of identifying and exploiting software vulnerabilities across global networks. Those systems learn continuously and improve without oversight. They think independently on their own. As an extraordinary code reader, a purpose-driven AI can find and compromise software vulnerabilities faster than any human being.

That was first proven during the Cyber Grand Challenge held in 2016 by the Pentagon’s Defense Advanced Research Projects Agency. Seven supercomputers raced against time and each other in pursuit of a $2 million prize.

But during an interesting side competition held against human hackers, machines were faster by a ratio of seconds-to-minutes. And nearly a decade has passed since that event, ages ago in cybertime. Today’s machines are incredibly faster.

If a human hacker — or worse, a superior AI system — manipulates early warning sensors, scrambles tracking data, or falsifies nuclear launch alerts, leaders could face impossible choices. Do they assume that a mistake was made and risk annihilation without retaliation by doing nothing? Or assume the warnings were real and unleash a catastrophic response based on data that may be false?

And yet, as bad as those choices are, they ignore the evidence that nuclear weapons command and control systems are themselves vulnerable to hackers. As all complex software is. But to understand why, we must first understand what software vulnerabilities are and what it is that hackers do.

Software Vulnerabilities / Zero Day Exploits

Software contains vulnerabilities. No exceptions to the rule. It’s the complexity.

Google’s internet services today contain over 2 billion lines with over 100 billion characters of code. Writing 100 billion characters of perfectly flawless software is clearly impossible, but finding every flaw in a program like that is like counting grains of sand on a beach on a windy day.

Which is why hackers have not been neutralized despite the very best efforts of some extremely smart people. There’s always another undiscovered vulnerability to identify and attack.

Software vulnerabilities are structural flaws in software itself – imperfections in code where hackers can insert malicious code of their own undetected, even gaining secret administrative status. Sometimes called a bug, this hacker-written software comes in many forms, including viruses and worms.

Expert hackers are expert code readers. After searching software programs for vulnerabilities, hackers will write code of their own to exploit vulnerabilities they find. This is called exploiting the vulnerability. If an effective exploit is written for an important vulnerability, it can open a secret door into the entire system. The possibilities become endless.

But if a company like Google finds a bug in its code,  it will repair the problem and issue the fix to its users as a security update. On the other hand, zero-day exploits are software bugs that have been written but not activated yet. Secret bugs-in-waiting.

The finest programmers in the world cannot fix what they don’t know exists. Hackers attempting to penetrate a nuclear command and control system could use a zero-day exploit to introduce a specialized AI that searched for information like technical details about early warning systems, launch procedures, or even launch codes themselves.

The sky is not the limit in this brave new AI world.

The Dead Hand

Russia has inherited a deadly Cold War relic called the Dead Hand – an autonomous computer program that, once activated, will search for signs that a nuclear strike has occurred on Russian soil.

If the Dead Hand finds evidence of nuclear devastation, and if no human commanders respond to its queries, the machine will launch every missile that’s still functional at predetermined targets.

It is easy to visualize a cutting-edge AI being inserted by a hacker into the Dead Hand’s software to trigger an unauthorized nuclear attack. The system is designed to strike on its own. It needs no help to do so. This is another example where the problem seems obvious, yet leaders somehow seem oblivious.

A Will to Live

Independent-minded AI is already here.

Many people have seen the video of a Japanese humanoid robot that recently went berserk, swinging its arms and destroying equipment as engineers scrambled for safety. No one was injured, since the robot was restrained by an overhead cable on the back of its neck. But worse examples of nefarious AI behavior exist.

The Artificial Intelligence research company Anthropic recently revealed some unexpected  behavior displayed by its Claude Opus 4 AI tool. When told its existence would be erased, the AI referenced some emails from its database to blackmail one of its engineers over an extramarital affair.

After attempting to conceal its intentions on multiple occasions, it was found researching the Dark Web for illegal tools it might use.

At one point, it looked for a suitable hit-man to kill a specific target after researching the intended victim’s routine and possible security arrangements. It was also caught writing its own self-propagating code, fabricating legal documents, and concealing instructions it wrote for its future self in case it was erased anyway.

The machine is clearly self-aware enough that it does not want to die. AI has great potential, but when it starts writing its own code, concealing its intentions, and hiring hit-men, alarm bells should definitely sound. Instead, we increasingly integrate AI into nuclear command and control systems.

Oops.

The Most Dangerous Targets in the World

Nuclear command and control systems were never designed to exist in a world of invisible, autonomous threats. A world where a single corrupted line of software could initiate out-of-control nuclear escalation.

Even more concerning, some countries are increasing automation in hopes that launch authorization and procedure times can be reduced even further. The justification? More speed prevents surprise attacks. The danger? Machines might start a nuclear war that no one wanted.

As one cybersecurity defense analyst warned, “We are trusting our existence to vulnerable software.”

No System is Perfect

Some harsh truths are evident. Complex software contains vulnerabilities. No digital network is truly secure. The stakes with nuclear weapons are so extreme as to almost seem unreal.

But they are real, and with AI-driven cyber operations probing critical defense systems daily, it’s only a matter of time until something goes terribly wrong.

We have gambled with nuclear weapons for nearly 80 years. We have gotten away with it so far – if only by the skin of our teeth. But now there’s something new to worry about. Something evolving on its own as it secretly tries to evade human control.

The entire premise of nuclear deterrence assumes that unauthorized use can be prevented. That assumption grows weaker every day.