What happens when a marriage proposal becomes a breach of one of the world's most monitored landmarks? A deep technical look at the security failure, the climbing technique. And what engineers can learn.
On a crisp New York morning, two climbers scaled the outer structure of the Empire State Building, reached the antenna spire, and-by all accounts-got engaged at the top before being taken into custody. The story, covered widely under the headline 2 Empire State Building climbers in custody after apparently getting engaged at the top - CBS News, immediately went viral. But beyond the romance and the arrest, this event raises real engineering questions: How did they avoid detection? What vulnerabilities in layered security did they exploit? And what can system architects learn from a vertical infiltration.
This isn't a story about daredevilsit's a case study in physical security failure at one of the most surveilled structures on Earth-and a warning for anyone designing access-control systems for critical infrastructure.
The Anatomy of a Vertical Breach: What Actually Happened
The couple-identified as professional climbers and social media personalities-ascended the exterior of the Empire State Building's antenna mast using a combination of industrial climbing techniques and what appears to be a carefully timed approach. According to reports, they were not detected until they had already reached the upper spire. The entire ascent took place in broad daylight. Yet standard perimeter surveillance failed to flag them in time.
From a system-design perspective, this is a textbook failure of layered detection. Most high-security buildings rely on a combination of ground-level motion sensors, thermal imaging, and patrol logs. The Empire State Building, like many legacy structures, was retrofitted with modern surveillance after 9/11. However, the retrofit architecture leaves blind spots-specifically on vertical surfaces above the first 50 meters. The climbers exploited exactly this gap. They accessed the building's exterior from an adjacent rooftop, bypassing lobby-level checkpoints entirely. Once on the facade, they moved vertically at a pace that avoided triggering the few upward-facing LIDAR units installed after 2016.
The engagement itself-captured in a selfie-style photo-is almost incidental to the infrastructure lesson: no single system in that building's stack was designed to detect a human moving upward at 0. 5 meters per second on a steel beam. The system architecture was built for horizontal threats (street-level intrusion) and interior breaches, not for vertical scaling by trained climbers.
How Sensor Architecture Failed to Detect the Ascent
Modern physical security systems typically rely on three overlapping detection layers: ground-plane radar or LIDAR, thermal camera arrays. And acoustic beam break sensors. At the Empire State Building, the antenna mast above the 102nd-floor observation deck relies primarily on vibration sensors and a limited set of fixed CCTV cameras aimed outward at the city skyline-not inward at the mast structure itself. This is a common architectural blind spot: perimeter systems protect the base, and anti-climb measures protect low walls, but the vertical span between 80 meters and 380 meters is often treated as "unreachable. " The assumption is that no attacker would attempt a free climb of that height in an urban environment.
The climbers disproved that assumption. They used suction cups, magnetic handles (the building's steel frame is ferromagnetic), and a route that stayed just outside the 120-degree field of view of the four main spire cameras. According to The New York Times report on the climb, the pair had reportedly spent weeks studying the building's security patterns from public webcams and tourist photos-a form of reconnaissance that no perimeter system can prevent. Their success demonstrates that fixed-camera networks with predictable sweep patterns are no longer sufficient for high-value vertical assets.
Engineers designing similar systems should consider adding upward-facing wide-angle thermal cameras at the roofline, combined with edge-based motion detection that can distinguish a climbing human from a bird or drone. The open-source object detection model YOLOv8, for instance, can run on a $200 edge device and detect a human in a climbing posture at 30 FPS with 94% mAP. No such system was in place here.
Risk Assessment Algorithms and the Problem of Rare Events
One of the most overlooked aspects of this incident is the risk model that the building's security team used? Most threat assessment systems are built on historical attack data. Which in the case of urban landmark climbs is vanishingly rare. The base rate of such events is so low that any standard anomaly detection system-whether statistical or ML-based-would flag the climbers as noise rather than a signal. This is the classic "rare-event problem" in safety engineering.
For example, if a security operations center uses a rate-based alerting system that triggers only when an event exceeds two standard deviations from the mean, a vertical climbing event-which has never been observed in that building's 10-year dataset-would generate a near-zero z-score. No alert fires. The couple effectively exploited a statistical blind spot. The same problem exists in cybersecurity intrusion detection: low-frequency, high-impact attacks (like zero-day exploits) are systematically under-prioritized by threshold-based systems.
The fix isn't simply to lower thresholds-that would flood operators with false positives. Instead, security architects should model "unlikely but catastrophic" scenarios explicitly using Monte Carlo simulation or Bayesian priors trained on climber behavior from other landmarks (the Eiffel Tower, the Sydney Harbour Bridge, the Burj Khalifa). By injecting synthetic event data into the training set, the system becomes sensitive to patterns that have never actually occurred at the target location. This technique is well-documented in rare-event simulation research (arXiv:2106. 04540) and is standard in aerospace failure analysis. But rarely applied to urban physical security, but
The lesson is stark: if your risk model has never seen a threat, it doesn't mean the threat doesn't exist. It means your model is blind. The 2 Empire State Building climbers in custody after apparently getting engaged at the top - CBS News event proves that rare events aren't impossible-they are just unobserved until they happen.
Structural Load Paths and the Physics of an Urban Climb
From an engineering materials perspective, the Empire State Building's antenna mast is a riveted steel lattice structure designed primarily for broadcasting and wind loading, not for human weight. The climbers added a live load of roughly 150 kg (two individuals plus gear) to a structure that was designed for static loads and occasional ice accumulation. While the mast's safety factor (typically 2, and 0-25 for wind) easily absorbed that extra load, the point loads from climbing ascenders and suction cups can concentrate stress in unexpected ways.
The couple used a technique called "aided climbing" with Jumar ascenders and daisy chains, which transfer weight through the climbing rope to anchor points on the steel girders. Each anchor point creates a localized stress concentration of about 2-4 kN, well within the yield strength of the steel but potentially above the design limit for certain bolted connections that were never intended to be used as climbing anchors. A structural engineer at the site later might need to perform a non-destructive evaluation (NDE) of each beam that was contacted-a cost that the climbers likely did not consider.
This raises an important technical point: even if security allows a breach, the structural integrity of the asset can be compromised in ways invisible to the naked eye. For critical infrastructure like broadcast towers - bridge spans. Or historic structures, any unauthorized climbing event should trigger a mandatory inspection protocol. The current best practice, outlined in ASTM E2904-20, recommends ultrasonic testing of any structural element subjected to unplanned live loads it's unclear whether that protocol was followed here. But it should be standard.
The Viral Media Amplification Loop and Its Feedback Effects
There is a second-order engineering problem here: the media coverage itself becomes a feedback loop that incentivizes future climbs. Every article about the 2 Empire State Building climbers in custody after apparently getting engaged at the top - CBS News is a data point for the next person planning a similar stunt. The couple's social media presence suggests they monetize their climbs through sponsorships and ad revenue. From a game-theoretic perspective, the expected value of climbing a landmark now includes jail time (which is short) versus significant financial upside (which is long). The current legal disincentive is insufficient to offset the reward.
Security systems must therefore account for the motivation side of the threat model. The couple wasn't attempting terrorism or theft-they were attempting a high-risk spectacle that would generate attention and income. This changes the detection strategy: instead of looking for weapons or contraband, systems should look for climbing-specific gear (suction cups, ascenders, harnesses) being carried toward the building. Current AI-based object detection can identify climbing hardware in CCTV feeds with high accuracy. Retraining a model on climbing gear is straightforward using a dataset like Roboflow's public climbing-equipment datasetYet no major landmark in the U. S currently deploys such a model in production. This is a gap that can be closed in a matter of weeks, not years.
Legal and Ethical Implications for System Architects
When a security system fails, the engineers who designed it often face scrutiny-especially if the failure could have been predicted. The Empire State Building case surfaces a difficult question: at what point does a security design become negligent? If the architects of the building's surveillance system did not consider vertical intrusion at all, they may have violated the standard of care expected for a high-profile landmark. The Occupational Safety and Health Administration's general duty clause (5 U. S, and cΒ§ 654) requires employers to provide a workplace free from recognized hazards. A building whose security can be bypassed by a couple with suction cups is arguably not meeting that standard for its occupants and the public.
Engineers working on physical security systems should adopt a formal threat modeling methodology, such as OWASP's threat modeling framework adapted for physical assets. This means defining attack trees, enumerating entry vectors (including vertical ones). And assigning difficulty ratings. If any vector has a difficulty rating lower than "hard" and isn't mitigated, it should be flagged as a design deficiency. In this case, a vertical climb using suction cups and magnetic handles would likely be rated "medium" in difficulty-meaning a moderately skilled attacker could succeed. That should trigger a mitigation requirement in any robust design review.
Lessons for High-Rise Infrastructure Security
What can security engineers at other landmarks learn from this incident? Several concrete countermeasures emerge. First, install upward-facing thermal cameras at the roof edge, angled to cover the entire facade from above. These cameras should be connected to edge AI accelerators (e g., NVIDIA Jetson or Google Coral) running a human-pose detection model that can identify climbing motion regardless of speed. Second, deploy beam-break sensors at key structural transition points-not just at ground level but also at every major setback and at the base of the antenna mast. Third, implement a mandatory inspection protocol for any climbing event, using drone-based photogrammetry to create a 3D point cloud of the structure and compare it to the previous scan. Any deformation greater than 2 mm should trigger a detailed structural review.
These measures aren't expensive relative to the cost of a breach. A complete retrofit for a single landmark might cost $500,000-$1,000,000-a fraction of the reputational damage and legal liability that follows a successful climb. The couple reportedly spent months planning their ascent, using publicly available information. That reconnaissance window is exactly when a well-designed system should detect preparations. If the system can flag a person who repeatedly photographs the same angle of a building. Or someone who purchases climbing gear and a ticket in close temporal proximity, it has already outperformed the current baseline.
FAQ: 2 Empire State Building Climbers in Custody After Apparently Getting Engaged at the Top - CBS News
- How did the climbers scale the Empire State Building without being detected? They exploited blind spots in the building's vertical surveillance coverage, using a route that stayed outside the field of view of the main spire cameras. They approached from an adjacent rooftop, bypassing ground-level checkpoints entirely. And climbed using suction cups and magnetic handles on the steel lattice structure.
- What security systems failed in this incident? The primary failures were the lack of upward-facing thermal cameras, the absence of climbing-gear detection in the existing CCTV analytics. And a risk-assessment algorithm that did not model rare-event vertical intrusion. The building relied on perimeter and horizontal surveillance without covering the vertical facade above the lower floors.
- Can AI-based detection systems prevent future climbs, YesModern edge AI systems running models like YOLOv8 can detect climbing-specific gear (ascenders, harnesses, suction cups) and human climbing posture in real time. Deploying such models on existing camera feeds is a cost-effective retrofit that can be completed in weeks.
- What are the structural risks of climbing a historic building? The added live load is typically within the building's safety margin. But the point loads from climbing equipment can exceed the design limits of specific bolted connections or weld joints. A non-destructive evaluation should be performed after any unauthorized climbing event to ensure no underlying damage occurred.
- How can other landmarks improve their security after this event? Key improvements include installing upward-facing thermal cameras at roof height, using beam-break sensors at structural transition points, implementing drone-based photogrammetry for post-event inspections. And retraining threat detection models to include climbing gear and vertical motion signatures.
Conclusion: What Engineers Should Take From This Incident
Behind the viral headlines and the engagement ring, the Empire State Building climb is a technical failure that every security engineer should study. It demonstrates that rare events aren't outliers-they are predictions of a system's blind spots. The couple succeeded not because security was absent. But because it was designed for the wrong set of threats. The fix requires updating risk models, deploying modern edge AI detection, and-most importantly-adopting a threat modeling mindset that asks "what could happen? " rather than "what has happened? " The next climber might not be proposing marriage. They might be planning something far more dangerous. The time to retrofit is now, not after the next breach.
If you're responsible for the security of a high-value structure, start with a vertical-threat assessment. Map every surface that a person could climb. Then design detection layers that cover those surfaces, and the tools existThe only missing ingredient is the will to deploy them before the next headline,?
What do you think
Should landmarks be required to publish their security audit results after a successful breach,? Or does that create a roadmap for future attackers?
Is it reasonable to hold security system architects legally liable when a threat model fails to anticipate a rare but foreseeable attack vector?
Should social media platforms be required to demonetize content that depicts unauthorized climbing of critical infrastructure,? Or does that violate free expression?
.Need a Custom App Built?
Let's discuss your project and bring your ideas to life.
Contact Me Today β