The International Atomic Energy Agency (IAEA) held the International Conference on Computer Security in the Nuclear World: Securing the Future from 11 to 15 May 2026. A VCDNP delegation participated in the conference, organising a side event and delivering a presentation during a technical session.
Side Event: Thinking through Regulatory Challenges for AI and Computer Security in the Nuclear Sector
Senior Fellow Dr. Sarah Case-Lackner organised and moderated a panel discussion titled Thinking through Regulatory Challenges for AI and Computer Security in the Nuclear Sector. The panel featured:
- Dr Shannon Eggers, Idaho National Laboratory (INL)
- Mr Mitchell Hewes, Australian Nuclear Science and Technology Organisation (ANSTO)
- Mr Trent Nelson, International Atomic Energy Agency (IAEA)
- Mr Abraham Parbhunath, Federal Authority for Nuclear Regulation (FANR), UAE
The panellists addressed the intersection of Artificial Intelligence (AI), cybersecurity, and nuclear security, including the challenges of developing and implementing cybersecurity regulations in the nuclear sector that can adapt to the evolving landscape of AI capabilities.
Panellists discussed the implications of emerging AI models capable of advanced vulnerability detection, as well as both the potential and the limitations of integrating AI into nuclear facilities. They first examined the various applications of AI in the nuclear sector and the key drivers behind its implementation. From a regulatory perspective, major challenges include ensuring effective verification and validation, particularly in the context of “black box” models whose decision-making processes are difficult to interpret.
The discussion also addressed broader security concerns, highlighting the rapid pace of technological development and the ways in which it is increasingly enhancing the capabilities of malicious actors to compromise critical infrastructure. Panellists emphasised that regulators must encourage the integration of cybersecurity as a fundamental element of computer systems from the outset, with a focus on security by design and the development of resilient systems capable of maintaining continuous operation in the event of failure.
Finally, the panel concluded by examining how the IAEA is supporting Member States in navigating the evolving landscape of AI and computer security through technical meetings, partnerships with external organisations, and workshops. The discussion emphasised the importance of Coordinated Research Projects (CRPs) to further investigate these issues.
Technical Session: Harnessing the Benefits of AI While Mitigating Cyber Risks
Research Associate and Project Manager Mara Zarka contributed to the technical session Harnessing the Benefits of AI while Mitigating Cyber Risks: Computer Security Impact of New Digital Technologies, where she presented the paper Computer Security for Nuclear Security in the Age of Artificial Intelligence, co-authored by Ms. Zarka and Dr. Case-Lackner.
Ms. Zarka examined the evolving nuclear security landscape in the era of AI. This includes the risks associated with adopting AI in nuclear facilities, how commercially available AI models may enhance malicious actors' capabilities, and the opportunities AI offers to strengthen nuclear security. She observed that AI-enabled applications in nuclear facilities present a range of challenges, including verification and validation concerns, issues related to the confidentiality and integrity of data, and the psychology of human–AI interaction. Furthermore, she emphasised that commercial AI systems could enhance the capabilities of adversaries, making attacks on nuclear facilities more feasible and potentially more dangerous. Nevertheless, AI could also be used defensively to mitigate such threats, for example, through network traffic analysis and malware detection.
To conclude, Ms. Zarka shared three recommendations: (1) Operators should conduct cost–benefit assessments accounting for both physical and computer security risks; (2) informal communication channels among diverse stakeholders on AI use should be established; and (3) organisations should strengthen awareness and capacity among personnel across the entire organisation on AI use and risks.
