As the world gears up for the 2026 Nuclear Non-Proliferation Treaty (NPT) Review Conference, a new and multifaceted factor is complicating the global strategic calculus: Artificial Intelligence (AI). The “nuclear-AI nexus” has evolved from a niche technical interest to a prominent feature in global security discussions, with implications for every aspect of the NPT’s three pillars: non-proliferation, disarmament, and peaceful uses of nuclear energy. However, as experts recently cautioned at the “Atoms for Algorithms” webinar, we need to cut through the speculative “AI hype” to ensure this technology remains a means for peace, not an avenue for unintentional escalation.

To regulate the nuclear-AI connection, we first need to understand the technology. As a United Nations Institute for Disarmament Research researcher, Dr. Yasmina Fina suggests, AI is not a monolithic entity, but a “construct” and a “system of systems,” made up of code, software, data, hardware, and sensors. It is a system used to fulfill certain functions, not a threat capable of usurping human decision-making. The risk is the “speed and scale” of AI, which can have myriad implications for performance and strategy. Moreover, Fina warns that comparing nuclear governance to AI governance is unhelpful because the technologies are not the same; nuclear materials are limited and tangible, whereas AI is ubiquitous and digital.

In the context of non-proliferation, AI is touted as a game-changing verification tool. The International Atomic Energy Agency (IAEA) could potentially use “AI agents,” semi-autonomous machines capable of processing large data streams and satellite images to verify the accuracy of declarations by states at a pace humans cannot match. However, Dr. Ian Stewart, Executive Director of the CNS Washington, states that AI will not help states develop nuclear weapons they could not otherwise build, for two physical reasons: AI cannot “magic up” fissile material, and there is no evidence that large language models can transfer the “tacit knowledge” necessary for weaponization.

When it comes to AI and nuclear weapons, political concerns are high. States have been reluctant to allow the IAEA to use open-source data or “black box” algorithms. Should an AI detect an event, the absence of “explainability” or how the machine arrived at its decision could lead to a crisis of political legitimacy for the safeguards system.

The most fraught part of the nexus is disarmament. We are now seeing a “race to adopt” AI in military strategies due to the perceived speed advantage it offers. AI can speed up threat identification and data integration, potentially freeing up more time for decision-making (or, on the other hand, reducing decision-making cycles to the point that humans are simply rubber-stamping decisions).

Aliche Sultini, senior research lead at the Rhode Island School of Design, explains that AI systems create new levels of uncertainty. If a state cannot grasp how an adversary’s AI operates in its decision-making, it might fall into worst-case scenarios, reinforcing alert postures that prevent disarmament. To support disarmament, AI must be used to enhance technical verification and confidence, not to shorten the path to war. Possibly the most disruptive aspect of this interaction is the NPT’s third pillar: peaceful nuclear energy applications. According to Mr. Shota Kamishima of the IAEA, an “affinity” is emerging between nuclear power and AI. We are now moving into a world where energy-hungry AI data centers need the clean, scalable, and reliable power offered by nuclear power, and where nuclear generation and maintenance are improved through AI.

This alliance is especially important for the rollout of Small Modular Reactors (SMRs), for which AI-optimized construction schedules and supply chains are critical. By enhancing predictability and avoiding cost overruns, a major issue for nuclear construction, AI could make nuclear projects more “bankable” and thus more attractive for the global shift towards clean energy. Despite technological progress, the experts agree: human responsibility is essential. Whether it is a safeguards inspector at the International Atomic Energy Agency (IAEA) or a human commander in a nuclear-armed nation, humans are the “last line of defence”.

“Black box” systems are incompatible with a strong safety culture. Governance policies must ensure that AI is implemented with transparency, traceability, and “explainability”. We must also be alert to the potential for AI to be employed by “agents” to monitor sites, which could result in disinformation and the distortion of threat perception through “anomaly detections.” As the 2026 Review Conference draws near, policymakers’ mission should be to “denoise.” Nuclear policy decisions must not be based on science fiction or fear of competition. Rather, we should prioritize “lower stakes” opportunities where AI can help us now, such as employing AI agents to navigate the overwhelming output of the NPT process — making it searchable and highlighting inconsistencies in delegation positions.

The relationship between nuclear and AI is not a bug to be fixed with more software, but a circumstance to be managed by the international community. By prioritizing evidence-based policy and law, human-in-the-loop systems, and the common ground of the peaceful “Atoms for Algorithms” alliance, we can ensure that the digital revolution supports, rather than undermines, the global nuclear order. In the end, the fate of the NPT will not be determined by algorithms, but by human intelligence.

Muhammad Shahzad Akram is a Research Officer at the Centre for International Strategic Studies, AJK. He holds an MPhil in International Relations from Quaid-i-Azam University, Islamabad. He is an alumnus of the Near East South Asia (NESA) Centre for Strategic Studies, National Defence University (NDU), and Washington, DC. His expertise includes cyber warfare and strategy, arms control, and disarmament. Views expressed in this article are the author’s own. 

Navigating the AI and Nuclear Nexus was originally published on Global Security Review.

Maritime ports authorize customs clearance and are involved in regulatory checks, ensuring compliance with national and international law. Ports perform most of these functions digitally. Maritime ports are now under serious threat of malicious cyberattacks that can disrupt and compromise port operations worldwide.

Industry is deeply interconnected, and a cyberattack on one major port can send shockwaves through global trade networks. Consider a scenario where a major port, responsible for handling millions of cargo containers, suddenly halts operations due to a cyberattack. Cranes freeze, logistics systems collapse, and cargo ships are left stranded at sea. This is not a hypothetical scenario; it is a real and escalating threat to global trade.

The maritime industry, long seen as the backbone of international commerce, now faces an urgent cybersecurity crisis. Ports are no longer just about cranes and cargo; they have evolved into digital ecosystems reliant on interconnected networks, automation, and artificial intelligence. As ports become smarter, they are also becoming more vulnerable. Cybercriminals are increasingly exploiting these vulnerabilities, causing financial losses, operational disruptions, and even national security risks.

Maritime cyberattacks are no longer rare occurrences, they are becoming alarmingly frequent. In 2023, a ransomware attack crippled more than 1,000 vessels by targeting a software provider used across the shipping industry. The attack forced the shipping industry to shut down its ShipManager system, affecting global supply chains. A year earlier, the Port of Lisbon suffered a cyberattack that took its website offline for days, with the ransomware group LockBit claiming responsibility and alleging that it had stolen financial reports, contracts, and ship logs.

In Germany, a 2022 cyberattack on two oil companies disrupted fuel shipments, forcing Shell to reroute supplies and exposing the vulnerabilities of critical maritime infrastructure. The 2017 NotPetya ransomware attack, which paralyzed Maersk and caused an estimated $300 million in damage, remains one of the most devastating cyberattacks in shipping history.

Ports are among the most attractive targets for cybercriminals. The motives behind these attacks vary as some hackers seek financial gain, while others aim to steal sensitive trade-related data, and some may even use cyberattacks as part of hybrid warfare.

The economic consequences are staggering, from ransom payments and insurance hikes to delays that can ripple across global supply chains. Beyond financial losses, cyber threats to ports pose serious security risks. For example, a well-coordinated cyberattack on a major port could disrupt military logistics, cripple trade networks, or even manipulate cargo data to facilitate smuggling and illicit trade.

Hackers carry the potential for unauthorized intrusion into ports’ digital networks and interrupt ports’ routine operation through malicious software attacks. The workforce involved in port management may be trapped into revealing sensitive data by clicking on malicious links. The hackers can also disrupt digital networks that regulate critical port infrastructure, such as cranes, pumps, and valves. Supervisory control and data acquisition (SCADA) systems can come under cyber threats disrupting routine functions. Nonstandard computing hardware like sensors, actuators, or appliances that transmit data from the network wirelessly are vulnerable to data theft.

Hackers can steal data such as cargo manifests, crew information, and financial records. They can also manipulate data, such as altering cargo manifests, or manipulate navigation systems. Hackers can also steal intellectual property, such as trade secrets or proprietary software.

Another pressing issue is supply-chain security. Ports rely on a complex web of third-party vendors for logistics, software, and cargo management. If one vendor is compromised, the entire port system could be at risk.

Hackers can also use unmanned aerial vehicles (UAVs) for surveillance means or to attack port infrastructure, such as damaging equipment or disrupting power supplies. Ports may be exposed to cyberattacks through third-party suppliers, such as logistics providers or maintenance contractors. Ports may be exposed to cyberattacks through cargo and containers, which may contain malicious devices or software.

Cybersecurity in the maritime sector is often treated as an afterthought. Many ports still operate with outdated software and weak security protocols, making them easy targets. Given the critical role of ports in the global economy, the widening cybersecurity gap is a growing challenge. Strengthening port security necessitates urgent regulatory mechanisms, some of which are proposed below.

Regulatory Mechanisms

To mitigate the growing cyber threat, ports should adopt internationally recognized cybersecurity frameworks. First, ports should adhere to the rules and protocols of the International Maritime Organization’s (IMO) Maritime Cyber Risk Management Guidelines, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and ISO 27001 standards. Implementing these frameworks will help establish clear security protocols and ensure that ports are prepared to defend against cyberattacks.

Second, network security should be reinforced by segmenting information technology (IT) and operational technology (OT) systems, preventing malware from spreading across critical infrastructure. Regular penetration testing and vulnerability assessments can further identify weak points before attackers do.

Third, investing in cybersecurity training for port workers is equally crucial. Many cyberattacks exploit human error—phishing e-mails, weak passwords, and social engineering attacks remain among the most common entry points for hackers. A well-trained workforce can serve as the first line of defense against these threats.

Fourth, leveraging artificial intelligence and machine learning for threat detection can enhance ports’ ability to identify cyber risks before they escalate into full-scale attacks. Artificial intelligence (AI)–led systems can monitor network activity in real time, flagging suspicious behavior and predicting potential breaches before they happen. In this regard, the strict security assessments of third-party vendors and blockchain-based cargo tracking can enhance transparency and reduce the risk of supply-chain cyberattacks.

Fifth, beyond prevention, ports should also be prepared to respond effectively to cyber incidents. For this, establishing cyber incident response teams (CIRT) can ensure that ports have trained professionals ready to mitigate and recover from cyberattacks swiftly.

Sixth, regular cyber drills and crisis simulations should be conducted to test response plans. This ensures that when an attack occurs, the damage is minimized, and recovery is swift.

Seventh, international collaboration to deal with these threats is essential. Governments, port authorities, and private stakeholders should work together to share intelligence, standardize security protocols, and invest in collective defense mechanisms.

Public-private partnerships can play a key role in funding advanced cybersecurity infrastructure, while international regulatory bodies like the IMO must enforce stricter cybersecurity mandates across the industry. Finally, as ports transition into smart ports, powered by the internet of things (IoT), AI, and automation, cybersecurity should be at the forefront of maritime security strategies. Emerging technologies like quantum computing and zero trust architecture will play a crucial role in strengthening digital defenses, but ports should remain vigilant. The very technologies designed to enhance security could also introduce new vulnerabilities if not properly managed.

Cybersecurity is no longer just a technical issue; it is a fundamental pillar of modern port management. If cybersecurity continues to be treated as an afterthought, the next major cyberattack could bring global trade to a standstill. Ports are the lifelines of the world economy, and securing them is not just about protecting data, it is about safeguarding the stability of international commerce and national security.

Maryyum Masood is working as a Research Officer & Associate Editor at the Center for International Strategic Studies (CISS) Islamabad. She is an MPhil scholar in the Department of Strategic Studies at the National Defense University (NDU) Islamabad.

Rizwana Abbasi is an Associate Professor of Security Studies at the National University of Modern Languages, Islamabad, a non-resident Fellow of the Center for International Strategic Studies (CISS), Islamabad, and a Visiting Fellow at the Central European University of Austria.

Cybersecurity Framework for Maritime Port Management was originally published on Global Security Review.