Museum Wire
Law 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGELaw 0 · Katie's LawEvery system is shaped by the human drive to do less work. This is not a flaw. It is the economic force that produces all software — and all software failure.Law I · Boundary CollapseWhen data crosses into a system that interprets structure, without being constrained, it becomes executable.2026 IncidentAxios. 70 Million Downloads a Week. North Korea Inside.Law II · Ambient AuthorityWhen a system trusts the presence of a credential instead of verifying the intent behind it, authentication becomes indistinguishable from authorization.AXM-001Set Theory — Membership, Boundaries, and BelongingLaw III · Transitive TrustWhen a system inherits trust from a source it did not verify, the attack surface extends to everything that source touches.2026 IncidentClaude Code — The Accept-Data-Loss FlagLaw IV · Complexity AccretionSystems do not become complex. They accumulate complexity — one reasonable decision at a time — until no single person can hold the whole in their head.Law V · Temporal CouplingCode that assumes sequential execution, stable state, or consistent timing will fail the moment concurrency, scale, or latency proves the assumption wrong.2026 IncidentCopy Fail — 732 Bytes to Root on Every Linux DistributionAXM-002Boolean & Propositional Logic — True, False, and the Excluded MiddleLaw VI · Observer InterferenceWhen the system that monitors health becomes a participant in the system it monitors, observation becomes a failure vector.2025Amazon Kiro — The 13-Hour Outage2025Operation Chrysalis: The Notepad++ Supply Chain Hijack2025Replit Agent — The Vibe Code Wipe2025Shai-Hulud — The npm Worm That Ate Its Own Ecosystem2024Air Canada Chatbot — The Policy That Wasn't2024Change Healthcare — One-Third of US Healthcare, One Missing MFA2024CrowdStrike — The Security Update That Broke the World2024Google Gemini Image Generation — The Six-Day Pause2024XZ Utils — The Two-Year Infiltration20233CX — The Supply Chain That Ate Another Supply Chain2023Amazon Prime Video — The Per-Frame State Machine2023Bing Sydney — The Chatbot That Went Rogue2023Samsung ChatGPT Leak — The Employee Who Pasted the SecretEFFODE · LEGE · INTELLEGE
Keyboard Navigation
W
A
S
D
or arrow keys · M for map · Q to exit
← Back to Incident Room
1983near missMilitary

Stanislav Petrov — The Man Who Saved the World by Doubting Software

Soviet early-warning satellites falsely detected five incoming US nuclear missiles. Lt. Col. Stanislav Petrov judged it a false alarm based on reasoning the system couldn't perform, preventing potential nuclear retaliation.

2 min read
Root Cause

The Soviet Oko satellite early-warning system misinterpreted sunlight reflecting off high-altitude clouds above a US missile base as five missile launches. The software was designed to detect launches but lacked filtering for atmospheric optical phenomena.

Aftermath

Petrov's decision was not officially recognized for years. He was neither rewarded nor punished. The incident remained classified until 1998. Petrov received international recognition later in life and died in 2017. The incident is the most consequential software false positive in human history.

The Incident

On September 26, 1983 — three weeks after the Soviet Union shot down Korean Air Lines Flight 007, killing 269 people — tensions between the United States and the Soviet Union were at their highest point in decades. At 00:14 Moscow time, the Soviet Union's Oko nuclear early-warning satellite system reported that an intercontinental ballistic missile had been launched from the United States toward the Soviet Union.

Lt. Col. Stanislav Petrov was the duty officer at the Serpukhov-15 command center. His job was to monitor the satellite data and, if a launch was confirmed, report it to his superiors — who would then have minutes to decide whether to launch a retaliatory nuclear strike.

Within minutes, the system reported four more launches. Five missiles, incoming.

The Decision

Petrov did not report the launches as confirmed. He judged the detection to be a false alarm and reported a system malfunction instead. His reasoning was not based on the data the system was showing him — the data said five missiles were incoming. His reasoning was based on what the system couldn't tell him:

1. A genuine US first strike would involve hundreds or thousands of missiles, not five.

2. The satellite system was new and known to have reliability issues.

3. Ground-based radar had not confirmed any launches.

Petrov was correct. The satellite had misinterpreted sunlight reflecting off high-altitude clouds above a US missile base as the infrared signature of missile launches.

Why It Matters

A software false positive nearly triggered nuclear war. The system performed exactly as designed — it detected an infrared signature consistent with a missile launch and reported it. The system was not wrong about what it saw. It was wrong about what it saw meant. The difference between detection and interpretation is the difference between data and judgment. On September 26, 1983, one person's judgment — informed by skepticism of software output — prevented the deaths of millions.

This is the most consequential software bug in human history. Not because of what happened, but because of what didn't.

Techniques
false positivesensor misinterpretationhuman override