Sometime around the end of 2009, in the wake of Abdulmutallab’s failed attempt to bring down Northwest flight 253, I was having a conversation about the incident. My fellow converser expressed hesitation to declare the incident a security breach. Her hesitation was rooted in the fact that the attempt was unsuccessful. To put her hesitation into my own words, how can we conclude that a terrorist attempt that failed nonetheless had a high probability of success? And without fully understanding Abdulmutallab’s probability of success, how can we declare that a security breach occurred?