Bombs without smoke: is it time for a treaty to prevent 'digital weapons of mass destruction'?

What the world needs now is not a comprehensive text that is hard to circumvent but 'minimum rules' that can actually be enforced

In the nuclear world, there are rules and treaties against proliferation, inspectors who enter facilities, known red lines, and a steep political price awaiting anyone who approaches the forbidden. In the digital world, by contrast, a weapon is born in code, developed inside a commercial laboratory, deployed in the shadows, and the international community does not yet possess a single binding instrument to curb its spread or hold anyone accountable for its use.

It is through this precise lens alone that the warning issued by the Five Eyes alliance on 22 June should be read, when it cautioned that advanced artificial intelligence models will bring about a radical transformation in cyberattack capabilities "within months, not years."

The warning is not, at its core, a passing technical alarm but a disclosure of a deeper flaw — one that has drawn the world into a digital arms race without a nonproliferation system to regulate it. From this vacuum, a question places itself on the tables of decision-makers: has the time come for a digital arms-control treaty modelled on what humanity achieved in the nuclear field?

The relevance of the question lies in the fact that humanity has faced before a weapon capable of mass destruction, and invented for it a system of treaties that succeeded, despite their shortcomings, in containing catastrophe for decades. Today, an advanced digital model in the hands of a hostile state carries a destructive capacity against civilian infrastructure that approaches the effect of a strategic weapon — from the ability to paralyse electricity grids, to disabling hospitals, to disrupting banks. It suffices to note briefly that these models enable self-adapting attacks run with barely any human effort to grasp the distance between them and the tools of yesterday.

The paradox begins precisely here: when the effects of the two weapons resemble each other, their natures diverge in ways that make replicating the solution along the lines of nuclear treaties extremely difficult. That divergence is what creates the four great obstacles facing any digital treaty.

The entire nuclear system rested on a single material foundation. Uranium requires massive reactors and centrifuges that can be detected by satellites, and facilities that International Atomic Energy Agency inspection teams can enter and search. It is this physicality that made verification possible, control realistic, and the treaty meaningful.

A digital weapon, by contrast, has no material form. It is the weight of a model stored in a thumb-sized memory, or code that travels through a server in fractions of a second. How do you inspect it? How do international verification committees enter the servers of Beijing and Washington and examine code line by line?

The absence of physicality in the digital arms race is the confounding impossibility for any potential treaty, since a digital weapon leaves only a deniable trace. This is the "attribution problem" on which international law experts agree is the paramount obstacle: how do you prove that a specific state stood behind a particular attack? Or how do you distinguish between a governmental act and that of an independent hacking group operating from that state's territory?

In the nuclear system, the matter is clear: a reactor either generates electricity or is used for military purposes culminating in the manufacture of a nuclear bomb, and high-level enrichment is an unmistakable indicator. An artificial intelligence model, however, is the most prominent embodiment of the well-known description "double-edged sword": the same model with which a doctor discovers a cancer treatment can become the tool with which a hacker breaches a security vulnerability. This "dual-use" dilemma is what humanity now faces in curbing this race, since it is impossible to prohibit the spread of the technology without prohibiting human progress itself. Any treaty that aspires to restrict the model immediately collides with the reality that it is an instrument of civilian prosperity before it is an instrument of war.

There is a structural difference that separates nuclear weapons from AI models: nuclear weapons are the exclusive preserve of states — armies possess them and governments guard them. AI that can be turned into a digital weapon is, by contrast, "privatised": it is developed by commercial companies in Silicon Valley, Beijing, and elsewhere, driven by profit. How does the United Nations draft a treaty binding on states when the actual keys to the weapon — the ability to release or restrain the model — lie in the hands of the boards of directors of transnational corporations?

This was no theoretical problem. It was embodied in a real incident shortly before the Five Eyes statement was issued, when the company Anthropic disabled a version of its advanced model "Metheus" in compliance with a US government order to suspend foreign nationals' access to it — a precedent that encapsulates the entire dilemma.

Even if political will were to mature, a fatal temporal gap would remain. Drafting a single clause in an international treaty takes years of negotiation and ratification, while a digital model evolves every few months. International law moves at a slow pace weighed down by bureaucracy, while algorithms run at a pace that almost escapes human control itself. This gap between the time required to adopt "legislation" and the "pace of AI model development" renders any legal text obsolete the moment it is born.

It is fair to say that the world is not standing on legally barren ground in this regard. Since 2015, the UN Group of Governmental Experts has endorsed 11 voluntary "norms" for responsible behaviour in cyberspace, reaffirmed by all members in 2021, including explicitly that states should not target the critical infrastructure of their counterparts, and should not permit the use of their territory for acts harmful to other states. The idea is not new to industry either: in 2017, Brad Smith, President and Chief Legal Officer of Microsoft, called for a "Digital Geneva Convention" that would oblige governments to protect civilians from state attacks in peacetime.

But the flaw is that all of this is non-binding, with no verification mechanism and no penalty framework. The most recent evidence of the fragility of such hopes is the experience of negotiating a treaty to regulate lethal autonomous weapons: despite the UN Secretary-General's call since 2023 for a binding text by 2026, and the support of more than 120 states, researchers believe that opposition from the major powers makes the prospect of reaching a binding formula weak to the point of non-existence. That is precisely the same signal that threatens any digital treaty.

At the heart of the obstruction lies the problem of inverted deterrence. No one wants to bind themselves before knowing where their adversary stands. Washington, for example, fears that Beijing will catch up with it, while Beijing counts on the digital space as a means of breaking American hegemony. Not far behind, Moscow sees the digital sphere as a low-cost arena for needling the West, its sworn enemy, while middle-ranking states view cyber weapons as compensation for their conventional military weakness.

Thus the digital space becomes something resembling a "jungle" without rules, in which each party refrains from signing a treaty that binds it, so long as it aspires to be first. What compounds the matter further is that the nuclear domain is governed by a clear "balance of terror" — a strike met by a guaranteed counter-strike. The digital domain, by contrast, is not reliably traceable or attributable, since the simplest response is to pin the blame on a group of rogue hackers, and so the deterrent terror that drives parties toward agreement is absent.

If a comprehensive treaty is distant, the outlines of a "minimum" set of rules have begun to crystallise in the literature of international law. They can be summarised as: a ban on targeting vital civilian infrastructure in peacetime — such as electricity, water, hospitals, airports, and banks; prohibition on developing or launching self-propagating software that cannot be stopped once it escapes containment; a commitment by states not to harbour hacking groups acting as their proxies; the establishment of an independent international mechanism to investigate major attacks; protection of the weights of advanced models from leaks; and requiring companies that own high-risk models to meet safety standards and undergo independent testing.

All these threads bring us back to the first question, but they revise the form of the answer. A comprehensive treaty along the lines of nuclear treaties appears, in light of the dilemmas of verification, dual-use, and privatisation, to be an idealistic ambition beyond reach. But the alternative is not surrender and inaction. What the world needs now is not a complete text that is difficult to circumvent, but "minimum rules" that are enforceable. Between a warning that some describe as already late, and a deadline racing against algorithms developing at tremendous speed, the question remains suspended: will the world wait for its first "digital bomb" before it sits down at the negotiating table? History says that humanity rarely builds the rules of the game before paying the price of their absence.