IT Brew Movie Club: ‘WarGames’ (1983)

Aside from the rotary phones, 8-inch floppy disks, and characters chugging Tab, the 1983 movie WarGames feels modern—at least in its exploration of autonomous systems.

The movie follows teenage hacker David Lightman (Matthew Broderick) as he unknowingly prompts a World War III simulator to launch a successful attack on the US. The simulation gets real, however, when the military receives news of incoming missiles, and sets its DEFCON levels accordingly.

Senior DOD advisers like General John McKittrick (Dabney Coleman) and programmer Dr. Stephen Falken (John Wood) use now-familiar AI lingo as they debate placing humans “out of the loop” or explain that a machine made a “computer-enhanced hallucination.”

And the “war operation plan response” machine—wonderfully referred to as WOPR, pronounced “whopper”—eventually turns from simulated launches to lockout of military officials as the simulator pursues launch codes.

The runaway AI shown in the film feels familiar as the tech industry focuses on agentic decision-making and mistaking.

Autonomous disasters—cinematic or real—point to a lack of consideration or at least full understanding of worst-case scenarios, according to Garrett Gross, field CISO at cybersecurity company Portnox and “more than 20”-time viewer of WarGames. Gross discussed what the movie suggests about AI’s design, and where humans should sit in that “loop.”

“Get the men out of the loop.” That’s what McKittrick advises, following a nuclear-missile test that leads him to conclude that his team of humans are too human to actually push the launch button.

When WOPR recommends a decision, McKittrick wants an electronic relay to follow the order.

Sometimes you do want to take a human out of the loop. You don’t have a person approving every arrival on a network, Gross said, and if a security pro needs to stop a fast-moving cyber adversary, you wouldn’t want to be waiting around for a human to hit the buttons to stop it.

“When a threat actor has made their way into a system, and they’re moving laterally, if your response in security requires someone to click ‘approve,’ well, you’ve already lost,” Gross told us.

Gross sees the important role for human intervention, not as a final reviewer at the end of a loop, but as a policymaker up the loop: A human writes allow and do-not-allow policies, and then a machine enforces them at machine speed.

In the case of WarGames, that means creating a policy that says: A machine cannot have the ability to change admin passwords and look for launch codes.

“When you don’t imagine a worst-case scenario and you don’t plan for that. That’s where you really start to get into trouble,” he said.

“General, you are listening to a machine! Do the world a favor and don’t act like one.” That’s the advice from Falken, WOPR’s programmer. Gross interprets the message as a call to use your human intuition to your advantage—what a security pro or builder of new tech should be doing regularly as they imagine threats to a given system.

“Can you imagine every single scenario that will possibly exist ever? No,” Gross said. “But can you give it the good college try and give it a fighting chance, and actually make that a function of your production? Will that make you better, and more resilient and more secure? Absolutely.” (He also imagines AI itself playing a role in presenting catastrophic scenarios. A kind of “tabletop bot,” in his words.)

Netflix, for example, has publicly shared details of its chaos-engineering platform, which simulates regional outages and microservice failures to test responses.

Gross sees humans playing a valuable development role if they can use their intuition to build policies based on those scenarios. To use a modern, real-life example: Don’t let an agent delete a production database.

On this twenty-somethingth viewing of WarGames, Gross sees the movie highlighting the importance of defining boundaries for what a machine can and cannot do—a problem he sees with today’s AI.

“The lesson that we’re learning today, is these autonomous systems are built without scope, without the consideration of what we in security can call the blast radius: What is the worst possible thing that could happen if something goes wrong?” he said. “And when you start to design systems with that in mind, that’s when you actually start to solve problems.”

For more IT Brew movie club, check out our dives into Hackers, Sneakers, Blackhat, Skyfall, The Matrix, and Jurassic Park.