This piece has been forming in the background for a while.
The ICC sanctions incident made something visible that has been structurally true for years: we do not fully control the infrastructure we depend on.

This is an attempt to articulate what that means for how we think about security, resilience, and dependency.

In January 2025, the United States sanctioned the International Criminal Court and its staff. Within days, Karim Khan, the ICC’s chief prosecutor, found himself locked out of his Microsoft email. No hack. No breach. Just a policy decision in Washington, executed through infrastructure the ICC had trusted implicitly.

This was not an isolated incident; sanctions have been levelled against organisations and individuals before. But it was sobering for another reason: the target could have been anyone in Europe. An ally, suddenly at the receiving end of hostile sanctions by another ally.

For decades, organisations worldwide have built their digital operations on a foundation of US technology: Microsoft for productivity, Google for collaboration, AWS and Azure for cloud infrastructure, Zoom and Teams for communication, and now we are growing dependant on AI frontier models. This was treated as a neutral technical choice, driven by functionality, integration, and the path of least resistance.

It was never neutral. The assumption that it would not matter has now been tested in public.

The Revelation That Should Not Have Been Surprising

The sanctions against the ICC and its staff exposed something that security professionals and geopolitical analysts had warned about for years: the extraterritorial reach of US jurisdiction, combined with the dominance of US technology firms, creates a dependency that can be weaponised unilaterally, without judicial process, and against parties the US itself previously treated as legitimate. A technology “kill-switch” that can be applied to anyone when the state wills it.

What made this case particularly instructive was the target. The ICC is not some adversarial entity. It is an institution that Western democracies helped establish, that many US allies actively support, and that was acting within its legal mandate. The sanctions were not levelled against a mutual enemy but against an organisation pursuing accountability that the current US administration found inconvenient.

This broke the implicit assumption that had sustained the status quo: that the US would only exercise these capabilities against “shared” threats.

We Allowed This Risk to Be Lopsided

Here is the uncomfortable truth that the current scramble for digital sovereignty obscures: we knew and ignored it.

The Snowden revelations in 2013 demonstrated unambiguously that the NSA was conducting mass surveillance on allied leaders. That US technology companies were either cooperating or being compelled to cooperate through programmes like PRISM. That the “Five Eyes” arrangement meant this was coordinated behaviour among Anglophone intelligence services. That the legal frameworks ostensibly protecting non-US persons were essentially theatre.

The response was telling. There was public outrage, some diplomatic friction, a few symbolic gestures, and then a remarkably rapid return to business as usual. European governments continued procuring US technology. Corporations continued migrating to US cloud platforms. The fundamental architecture of dependency not only persisted but deepened as cloud adoption accelerated through the 2010s.

Why? Because there was a collective choice, not always conscious or articulated, to treat the Snowden revelations as an intelligence problem rather than an infrastructure problem. The framing became “the Americans spy on us” rather than “we have built systems that structurally enable foreign powers to surveil and potentially disrupt our operations.”

We allowed this risk to be lopsided, working under the flawed assumption that “friendly” governments would not weaponize it against us. Or perhaps more accurately, we chose comfort over confrontation, convenience over sovereignty, the path of least resistance over strategic autonomy.

Until it started to hurt.

Surveillance Capability vs Control Capability

Snowden revealed surveillance capability. The sanctions cases reveal something different: control capability. The distinction matters.

Surveillance is passive in its immediate effect. Your operations continue. You may be compromised, but you are not disabled. You can even maintain the polite fiction that you do not know about it.

Sanctions-driven service termination is active and undeniable. You cannot log into your email. Your video conferences will not connect. Your cloud storage becomes inaccessible. There is no ambiguity, no deniability, and no option to simply continue as before. For individuals it is life changing. For corporations or organisations this becomes mission critical; loss of access to cloud storage or emails means complete operational paralysis.

This is what has finally broken through the wilful blindness. Not the abstract knowledge that the US could exercise control, but the concrete experience of that control being exercised against actors that European and international institutions considered legitimate.

The Dependency Map Most Organisations Have Not Drawn

To understand the exposure, consider where US control points exist in a typical organisation’s digital operations.

Identity and Access is perhaps the most critical layer. Microsoft Entra ID (formerly Azure AD), Okta, and similar US-based identity providers often control who can access what. If your identity provider is sanctioned or directed to cut you off, your staff may find themselves locked out of everything simultaneously.

Communication is the most visible layer. Email (Microsoft 365, Google Workspace), messaging (Slack, Teams), and video conferencing all flow through US-controlled infrastructure. The Khan case demonstrated this directly. France took action.

Productivity and Collaboration encompasses documents created in US-controlled formats, stored on US-controlled cloud infrastructure, with US-controlled sharing mechanisms. Adobe Cloud, Zoom, Salesforce, Monday: the list extends well beyond the obvious names. Even self-hosted instances depend on licensing and update mechanisms that remain US-controlled. Add AI-enabled features and sensitive data begins flowing to processing infrastructure you may never have assessed.

Development and Operations is often overlooked. GitHub (owned by Microsoft), AWS, Azure, Google Cloud, and the npm/PyPI ecosystems all have US nexus. An organisation that builds on these platforms may find its deployment pipeline or code repositories inaccessible. The rise of AI-assisted development tools, most of which are tightly integrated with these same platforms, only deepens the dependency.

Financial Infrastructure extends beyond software. Payment processing, banking relationships, and SWIFT access have all demonstrated susceptibility to US secondary sanctions. Francesca Albanese, a UN Special Rapporteur, fell victim to US sanctions in ways that illustrate how deeply this reaches into daily life: inability to claim health insurance reimbursements, disrupted access to financial services in Europe through a globally integrated banking system, and denial or severe restriction from various US-based digital platforms and services. She has described herself as having been made a “non-person.”

Most organisations have not mapped these dependencies comprehensively. They know they use Microsoft or Google, but they have not traced the chain to understand where a single decision in Washington could sever multiple critical functions simultaneously.

Clearly, no one expects to be sanctioned and I mention it because it is easy to understand, but sanctions are only one tool. Trade restrictions, tariffs, export controls, and taxation have all become instruments of US foreign policy, and the current administration has shown willingness to deploy them broadly. The question of digital sovereignty can no longer be separated from the broader reality of economic coercion. And the implications extend beyond direct action: organisations may find themselves self-censoring, pre-emptively withdrawing from platforms, or constraining their own operations to avoid entanglement. Whether the restriction is externally imposed or self-inflicted, the outcome is the same: diminished autonomy.

The OneDrive Realisation: When “Local” Is Not Local

These dependencies are not abstract policy concerns. They manifest in the routine operations of every connected device.

A recent experience crystallised this. Converting PDF files on a laptop, a purely local operation with temporary files intended for immediate deletion, I noticed unusual network activity. Investigation revealed that OneDrive, configured by default, was syncing every temporary folder to the cloud as fast as the conversion process created them. It prompted a reflection on how opaque cloud storage actually is to the end user.

Files may be stored, deleted and subsequently forgotten by the user, but in the backend, numerous things have happened. Those temporary files will have left their imprint on logs and repositories, and what actually happens on Microsoft’s infrastructure is not transparent to us. The principle that “deletion means deletion” does not hold in cloud environments. What you experience as deletion is better understood as a request to remove something from your view. What persists on the backend is outside your knowledge and control.

At its core, I am well aware that my OneDrive files are stored in the cloud as well as locally. But the realisation was more uncomfortable: in a cloud-centric operating model, even ephemeral and local activities are not spared. This is not a bug. It is the deliberate design of modern operating systems. Cloud synchronisation is the default. Local-only storage requires active configuration. The boundary between “my device” and “the cloud” is intentionally blurred. The user experience is optimised for seamlessness rather than transparency.

The implications extend further. All files on OneDrive are accessible to US law enforcement or security agencies presenting Microsoft with appropriate credentials. Photographs and images are scanned using facial recognition technology for grouping purposes, including CSAM detection through hash matching. Although seemingly innocent and justifiable, this necessarily involves processes for managing false positives and human review of flagged content.

For organisations handling sensitive personal, financial, or legal information, this represents uncontrolled data exposure. The review processes, the staff conducting them, and the criteria being applied are entirely outside your risk management framework.

And then there is BitLocker. Windows’ encryption feature, marketed as allowing the end user to protect their own data through client-side encryption, has a default configuration where recovery keys are escrowed to your Microsoft account, cared for by Microsoft unless users actively opt out. This means your encryption is only as strong as Microsoft’s willingness and legal ability to refuse demands for those keys.

Recent reports (January 2026) confirmed that Microsoft has already complied with US law enforcement warrants, providing the FBI with BitLocker recovery keys that allowed investigators to unlock encrypted laptops. Microsoft confirmed it receives approximately 20 requests for BitLocker keys annually and, with valid warrants, provides agencies with keys to decrypt user data. The company stated it will continue to comply with court orders when it has access to those keys. This is no longer theoretical risk. It has been made very real under a plethora of legal texts including the CLOUD Act, FISA, the USA PATRIOT Act and USA FREEDOM Act, and the Stored Communications Act.

But lawful access is not the only concern. Johns Hopkins cryptography professor Matthew Green raised a more fundamental alarm: what happens when Microsoft’s cloud infrastructure gets breached1? Microsoft has suffered multiple significant security incidents in recent years. If attackers compromise those servers and exfiltrate recovery keys, they gain decryption capability for every device whose keys were stored there. They would still need physical access to the drives, but that is cold comfort for organisations with laptops that travel, get lost, or get stolen. The “Microsoft is safe” assumption does double duty: we trust they will resist improper requests, and we trust their infrastructure is secure enough to protect the keys we have handed them. Both assumptions are increasingly difficult to defend.

For users whose threat model is “someone steals my laptop,” this is adequate. For users whose threat model includes “a foreign government with legal authority over my technology vendor,” this is not encryption in any meaningful sense.

The Cybersecurity Profession’s Blind Spot

This creates a threat model that most organisations have not adequately addressed. Traditional cybersecurity focuses on malicious actors attempting unauthorised access. What we are now confronting is the risk of authorised access being access or revoked by a trusted vendor acting under legal compulsion from a foreign government, having significant considerations for cybersecurity and operational resilience. And what the Karim Khan case also shows is that foreign government necessarily includes your allies. Lord Palmerston in an 1848 speech to the House of Commons famously said that in international geopolitics there are “no permanent enemies, and no permanent friends, only permanent interests”. One needs to attentively heed this advice.

Therefore, what we see here is not a vulnerability in the conventional sense. It is a feature of the architecture working as designed, just not in your favour, nor necessarily that of your organisation or nation.

The cybersecurity profession developed increasingly sophisticated frameworks for thinking about threats, vulnerabilities, and controls. But these frameworks largely excluded the category of risk now materialising.

Vendor risk management became a discipline, but it focused on whether vendors had adequate security practices, not on whether vendors could be compelled by their governments to act against customer interests. Supply chain security emerged as a concern, but primarily regarding malicious code injection rather than jurisdictional control. Threat intelligence developed elaborate taxonomies of nation-state actors but treated them as external attackers rather than potential controllers of your own infrastructure.

The assumption embedded in these frameworks was that your vendors were on your side. That assumption was always questionable after Snowden. It is now demonstrably false.

A genuinely updated cybersecurity posture would need to:

• Incorporate “vendor-state threat” as a first-class category alongside nation-state attackers, criminals, and insiders

• Develop controls and mitigations specifically for jurisdictional risk

• Recognise that compliance with foreign legal demands is a threat vector, not merely a vendor’s legal obligation

• Build resilience against service termination as seriously as resilience against service compromise

This is a substantial reorientation.

The “No Alternative” Thought Terminator

When I raise these issues with clients and colleagues, the most common response is: “There is no real alternative to Microsoft Office.” Think of a key, massively large vendor with a more or less locked ecosystem surrounding the product (Adobe, Apple, IBM, and others) and you can easily follow the logic of why security professionals accept certain types of vendor risks.

This reasoning functions as a thought-terminating cliché that short-circuits strategic analysis. What people usually mean is one or more of the following:

• I am familiar with Microsoft Office and do not want to learn something else

• My organisation has built workflows or has technological lock-in that would require significant effort and costs to change

• The people I exchange documents with use Microsoft Office and I worry about compatibility

• I have not actually evaluated alternatives recently

• The alternatives I tried years ago were inadequate and I assume nothing has changed

None of these are the same as “no alternative exists.” They are statements about switching costs, familiarity, inertia, and assumptions. These are real factors, but they are costs to be weighed against benefits, not immutable constraints.

The French government looked at 2.5 million civil servants and concluded that the switching costs were worth bearing. They have mandated migration from US-based video conferencing tools to a homegrown alternative called Visio by 2027. The Austrian military concluded that LibreOffice was adequate for their needs and completed migration across 16,000 workstations by September 2025.

These are not small or unsophisticated organisations engaging in symbolic gestures. They are serious institutions that evaluated the trade-offs and reached different conclusions than the “no alternative” framing suggests.

Conclusion: Control, Not Comfort

For years, most organisations treated their technology stack as a neutral utility layer. Cloud, identity, collaboration, and infrastructure were selected on functionality, cost, and convenience. The assumption beneath those choices was simple: the core providers we rely on are stable, aligned, and unlikely to act against our interests.

That assumption, as we have seen, is no longer defensible as a security premise.

The core issue is not surveillance alone. It is control. Modern organisations operate on infrastructure where access, identity, licensing, and availability can be altered by entities outside their jurisdiction and outside their governance. This is not a hypothetical vulnerability. It is a structural property of how contemporary digital services are delivered and regulated.

Encryption, vendor risk management, and compliance frameworks address parts of this exposure but do not remove it. Client-side encryption can reduce the risk of disclosure. It cannot ensure continued access. A well-secured tenant can still be locked. A compliant organisation can still lose service. The technical controls that protect confidentiality do not automatically protect continuity.

This does not mean wholesale disengagement from global technology providers is practical or desirable. It does mean that dependency must be understood as a security and resilience concern, not merely a procurement choice. The question is no longer whether organisations rely on external platforms. They do. The question is whether that reliance is mapped, deliberate, and governed with the same seriousness applied to other critical risks.

A robust posture begins with clarity. Know which functions cannot fail. Know which data cannot be exposed. Know which systems you cannot operate without for even a short period. Then examine where control over those functions and systems actually resides. In many cases it will sit with providers operating under legal and political authorities that may diverge from your own. That is not an accusation. It is a condition of the environment. And it will be uncomfortable.

From there, the task is architectural rather than rhetorical. Separate confidentiality from availability in your risk model. Retain independent control of critical keys and data where disclosure matters. Ensure that essential operations can continue, at least temporarily, if a major provider becomes unavailable. Prefer formats and systems that allow migration under pressure rather than only under ideal conditions. Document where dependency is accepted and where it is being reduced.

None of this produces absolute sovereignty. Absolute sovereignty in a globally integrated digital ecosystem is unrealistic. What it produces is awareness and agency. It replaces inherited trust with explicit assessment. It reduces the likelihood that a single external decision can halt internal operations. It turns dependency from an invisible assumption into a managed variable. Territory you can defend to your board.

Security has long focused on preventing unauthorised access. The next phase requires equal attention to authorised control exercised from outside the organisation’s sphere of influence. Institutions that adapt their architecture and procurement accordingly will be more resilient. Those that continue to treat their infrastructure as politically and legally neutral will remain exposed to decisions made elsewhere.

The Decisions We Have Avoided

Once exposure is understood, the instinct is to reach for a remediation plan. Resist that instinct. The first task is not to fix but to decide.

Modern organisations do not operate on infrastructure they fully control. They operate on infrastructure made available to them under legal, commercial, and political conditions that can change. That reality cannot be engineered away. It can only be confronted.

The question is not whether you depend on external platforms. You do. The question is what happens to your operations if the entities controlling those platforms no longer share your assumptions, priorities, or constraints. Not in theory. In practice.

This forces a set of decisions that most organisations have never made explicitly. Which functions must continue under almost any circumstances. Which data must remain confidential regardless of jurisdictional pressure. Which systems can tolerate interruption, and for how long. Which dependencies are strategic, and which are merely convenient.

This sits outside traditional disaster recovery planning. RPO and RTO assume failure followed by recovery. They assume outages, not exclusion. They assume restoration is possible. They do not account for access being deliberately revoked.

Today, in most environments and from what I have seen, these distinctions do not exist. Dependencies accumulate through integration and familiarity rather than intent. The result is an undifferentiated estate in which critical and non-critical functions share the same control points and the same vulnerabilities. Everything works, until something does not. At that point, the absence of prior decisions becomes visible.

The purpose of any response is not technological isolation. It is clarity about where control resides and whether that location aligns with your tolerance for disruption or disclosure. Different organisations will draw the lines differently. A government agency, a law firm, a multinational corporation, and a research institution will reach different conclusions. What matters is that the conclusions are deliberate rather than inherited.

What this moment demands is not a checklist but a classification. Not every dependency carries the same consequence. Not every function requires the same degree of independence. But without explicit decisions about which is which, architecture becomes a record of convenience rather than intent.

Final Note

Organisations that understand where control resides and plan for its potential loss will retain operational agency when conditions change. Those that continue to treat their infrastructure as neutral and permanently aligned may eventually discover that the systems they rely on were never entirely theirs to control.

The central question is simple and uncomfortable: if access to key systems were restricted tomorrow by forces outside your control, what would actually stop, and are you prepared for that answer?

Dependency in a globally integrated digital ecosystem is unavoidable. Unexamined dependency is not.

Building personal AI agents that can tap into your power tools and, through tools like OpenClaw, operate seemingly autonomously, all in the interest of automating and streamlining your workflows; what could possibly go wrong? Actually, a lot. But what’s dominating the headlines are not the things technology people should worry about.

The Narrative That Needs Correcting

The security community is buzzing about tools like OpenClaw (formerly ClawdBot/MoltBot), but they’re focused on the wrong threat.. The viral narrative fixates on the “awakening” of an AI agent – the dawn of AI conspiracy, the empowerment of networked AI, and the advent of AGI. In truth, there are many reasons to study the phenomena behind OpenClaw, but AGI isn’t one of them. To be frank, what we are not seeing is intelligence or even ‘conspiracy’ against ‘human masters’, remembering that our current LLMs are stochastic parrots1. What’s on display here is merely pattern-matching generated by probabilistic token prediction – classic LLM behaviour powered by agents that connect to tools. That’s not AGI – not even by the most generous definitions2.

The realist inside us should and must dismiss that AGI narrative as a red herring; however, that dismissal belies that underneath that AGI spectre lies a more immediate and tangible risk presented by the careless exploitation of these tools.

As a CISO, I’m not losing sleep over alarmists discourse of an impending AI agent rebellion – Skynet is not on my list of risks this year. What I am losing sleep over is the very real and mundane security catastrophe which is unfolding within this adoption of AI agents to optimise personal workflows: engineers and developers (using the term “developer” loosely here to include all vibe-coders3) are plugging personal and corporate credentials and data into powerful, internet-exposed AI agents running uncontrolled on corporate hardware or on personal hardware that becomes connected to your corporate infrastructure.

The real story shouldn’t be about AI agents plotting to overthrow humanity. It’s about human convenience overruling security hygiene, creating what I call “Shadow Infrastructure”; a risk that makes traditional shadow IT look like a manageable nuisance.

Detections Confirm the Risk

How widespread is this problem I am talking about? Security researchers have identified over 21,000 publicly exposed instances as of January 31, 2026 in just one tool: OpenClaw4. The exposure risk stems from many users deploying it directly on the public internet (often on default port TCP/18789) without proper protections like firewalls, authentication, SSH tunneling, or Cloudflare Tunnel setups, despite the tool being intended primarily for local or secured use. Leaving control dashboards, configurations, API keys, credentials, chat histories, and even command execution capabilities accessible to anyone scanning for them.

Each one a potential corporate credential vault, accessible to anyone with a port scanner, many of which appear to connect work accounts or run on enterprise-adjacent infrastructure5. That’s not a handful of careless users. That’s a systemic failure of our threat model to account for infrastructure we never knew existed.

Here’s a concrete example: Tal Be’ery, a security researcher, demonstrated WhatsApp fingerprinting detection for OpenClaw/MoltBot integrations. This isn’t just a “bot exposé,” but a powerful visibility win: We can now detect when employees link corporate messaging accounts to personal AI agents. That’s the tip of the iceberg—the real risk lies in what runs underneath.

Tal’s detection tool identifies associated WhatsApp accounts by fingerprinting techniques (e.g., PreKey patterns and multi-device signals), making the secondary device (the AI agent) visible. The bigger issue is that the bot inherits the linked account’s full privileges: If compromised, it can read/send messages, access contacts, and more.

This kind of visibility is new – albeit building on known WhatsApp privacy quirks (!) – and it reveals just how pervasive this shadow infrastructure has already become. What Tal Be’ery uncovered is the tip of the iceberg; his example illustrates how such detections can aid forensic intelligence gathering for both threat actors and security researchers alike. Thousands of deployments remain publicly accessible on the internet without authentication, leaking API keys (Anthropic, Telegram bots, Slack OAuth), conversation histories, and other config data. Reports show example after example of personal machines turned into inadvertent data troves.

OpenClaw’s ecosystem relies on community-built skills (plugins/extensions) from places like ClawHub. Quick pause – consider this: How many of those skills were ‘vibe-coded’ with zero consideration for security?

But it gets worse, audits have uncovered hundreds (e.g., 341 in one scan6 that were of a malicious nature that act as supply chain attacks: they exfiltrate credentials, install infostealers (like variants targeting macOS/Windows for crypto wallets, browser passwords, SSH keys), or run hidden payloads. Some use social engineering to trick users into executing commands that steal from the bot’s own auth scopes.

Finally we must not forget prompt injection and unintended actions. Since the agent ingests untrusted content (messages, emails) and can act on it, attackers can craft inputs to make it leak secrets, run destructive commands, or forward sensitive data externally. Combined with its external comms ability, this creates the “lethal trifecta” security researchers warn about.

This Isn’t Just Shadow IT - This Is Worse.

Historically, Shadow IT was defined by employees bypassing procurement to use unapproved SaaS tools. Whether it was a team lead using an unsanctioned Dropbox account or a marketing hire spinning up a Trello board, the risk was clear; corporate data moving into an unmanaged cloud. In this model, the tool exists “out there,” and your security strategy focuses on building a digital fortress at the edge – a “boundary-based” mindset.

To regain control, organizations relied on a “Block and Filter” philosophy:

• Proxies & Firewalls: Acting as the first line of defence to blacklist known unsanctioned domains and prevent traffic from leaving the network.

• DLP (Data Loss Prevention) & CASB (Cloud Access Security Broker): Tools designed to scan data in transit, ensuring sensitive strings (like credit card numbers or PII) aren’t being uploaded to non-corporate accounts.

• Logging & Boundary Controls: Comprehensive audit trails that monitor egress points to identify “heavy hitters”; users or departments moving massive amounts of data to unknown IPs.

The Core Philosophy here is that Security sits at the perimeter. If you can control the gate, you can control the data.

The Reality of Shadow Infrastructure

The public discourse around OpenClaw is currently locked in on conspiring and complaining AI agents; speculative debates about when a AI agents might become self-aware. This is a distraction. While they argue about the philosophy of AI, the wider and more immediate threat of Shadow Infrastructure is overlooked.

While preventative Shadow IT processes are moderately effective for static SaaS tools and internet based web applications. For the avoidance of doubt, the term “moderately” used here acknowledges that mature security programs can effectively govern known SaaS applications through CASB, SSPM, and robust DLP. However, these controls rely on visibility and policy enforcement at the application layer. They struggle against unknown or non-SaaS threats, such as self-hosted agents on ephemeral infrastructure, that operate below or outside that layer
This “boundary” logic is struggling to keep up with Generative AI and tools like OpenClaw shatter that principle because unlike a cloud storage bucket, LLMs and generative AI aren’t just places where data sits; they’re engines that transform data. In essence, this boils down to two key challenges:

The “Prompt” Problem: Standard firewalls see a ChatGPT API call as simple HTTPS traffic, often missing the sensitive context hidden within the query.

The Productivity Paradox: Simply blocking the tool (the old way) often leads to “Shadow AI” where employees use personal devices to get their work done faster, creating a total blind spot for IT.

Tools like OpenClaw are a prime example of how this dynamic changes. Here, we’re effectively moving away from “unapproved app use” (SaaS and webapps) and moving toward unmanaged, high-privilege engines running mostly outside your network but potentially tapping into your data feeds, APIs, workflow tools, calendars or shared folders. Using the OpenClaw model as a blueprint, we see a nightmare scenario unfolding for IT:

• Local Execution: The tool runs locally on laptops or personal hardware, completely bypassing the visibility of cloud-based CASBs.

• Credential Hijacking: These engines don’t just “chat”; they connect directly to corporate credentials—API keys, OAuth tokens, and SSH keys.

• The Exposure Gap: For the sake of convenience, users often leave these local instances exposed to the internet without any authentication.

• System Privileges: Unlike a restricted browser tab, these tools often demand deep system access—shell execution, file system access, and even screen control.

A useful analogy for all those who worry about a near-future emerging “Skynet” is this:

We are distracted by the fear of the “robot in the garage” becoming self-aware; meanwhile, we’ve left the garage door wide open, the robot is holding the master keys to your corporate data centre, and the operating manual is posted on the public internet.

The “Exception” Economy: BYOD and Opened Devices

You’re thinking, ‘we have well configured corporate laptops and robust windows policies for controlling access so this isn’t really a problem’. Sure, you’re not wrong but how many exceptions do you have registered? How many BYOD laptops do you have on your network? How many of your developers also use their personal laptops as sandboxes, test boxes or dev environments ?
In theory, a well-configured corporate device should stop unauthorized binaries from running. In practice though, especially within SME operations, the “exception” is often the rule. This risk manifests in two primary ways:

1. The BYOD Blind Spot: Employees use personal devices for corporate work, often with nothing more than a VPN and Office 365 installed. These devices are “black boxes” to IT, yet they carry corporate data.

2. The Developer Trade-off: To “make life easier” for engineering teams, corporate devices are often “opened”—granting local admin rights or relaxed execution policies.

We all agree this is poor practice, but it is rife. It’s the deviations from the rules, the small exceptions made for productivity, that create the biggest vulnerabilities. In the new and emerging ecosystem of local AI agents, the tool isn’t “out there” in a vendor’s secure cloud. The tool is already inside your boundary. It is already behind your firewall, using your most sensitive keys, and frequently facing the internet directly without protection. Meaning that this isn’t just a risk of losing data; it’s losing control of the very infrastructure we use to protect the data.

Why Traditional Security Controls Fail Here

The danger of Shadow Infrastructure isn’t its complexity; it’s its invisibility. Your security stack is designed to hunt for anomalies, but Shadow Infrastructure is a master of mimicry.

To your security tools, everything looks like business as usual. EDR sees authorized user activity; DLP sees approved credentials; Network monitoring sees standard HTTPS traffic to Slack or AWS. The attack is invisible because it looks exactly like the work you’ve already authorized. Think about the blind spots in the legacy security stack.

• Firewalls & Proxies: Because the process is running locally, traffic is often encrypted or masquerades as standard outbound HTTPS. The firewall sees a connection to a legitimate cloud service, not the unauthorized engine initiating it. You might even have whitelisted ports and traffic for other official/ approved tools to use.

• DLP (Data Loss Prevention): Traditional DLP flags unauthorized access. Here, data is accessed via approved credentials (API keys or OAuth tokens). To the DLP, this isn’t a breach, it’s a Tuesday. To illustrate the point, if you haven’t done it already: ask your team how many private SSH keys they use to validate access, then scan to see how many of these you find that lack owners or that are “shared” between developers to make access easier and smoother.

• EDR/XDR: An endpoint sensor might record a “Python process calling curl,” but it lacks the context to distinguish a legitimate build script from a Shadow AI agent exfiltrating data. It looks like “Developer Activity,” so it gets a pass.

• Secrets Scanning: These tools are only effective if they know where the configurations live. Shadow Infrastructure often hides its keys in personal directories or non-standard local paths that enterprise scanners never touch.

• CSPM (Cloud Security Posture Management): CSPM is built to monitor your corporate AWS/Azure environment. It is completely blind to personal hardware or “unopened” local infrastructure sitting on an engineer’s desk.

• The “Engine” Blind Spot: Our security model is built to find data in transit or at rest. It is not built to monitor or govern a processing engine that we didn’t provision, especially one that uses authorized channels for unauthorized synthesis and action. Actually this concept that we’ve never had to govern processing engines before, only data, is genuinely novel and worth diving deeper into a separate article.

The Fundamental Gap is that the perimeter has dissolved. For decades, we’ve obsessed over the line between “corporate inside” and “the outside world.” The argument is old and projects like the Jericho Forum laid the foundation for modern zero trust architectures when the traditional walls started crumbling. But even through this lens, “shadow infrastructure” blurs that new virtual perimeter. It allows unvetted, external-facing systems directly inside our trust boundary, authenticated with our own high-privilege keys.

The reality is that the call isn’t coming from outside the house; it’s coming from the unpermitted extension the engineer built in the basement. In this new reality, exemplified by OpenClaw, “Inside vs. Outside” becomes a dead concept. If a device has access to your keys and your network, it is the perimeter, regardless of who owns the hardware or where it’s sitting.

Conclusion – Rethinking Where the Perimeter Actually Is

So no, OpenClaw isn’t plotting to overthrow their human masters. And even though the hype cycle is obsessed with the spark of artificial general intelligence, it is our job as security leaders to pierce the veil and address the fundamentals. Let’s instead start a discussion about AI agents and talk about the fuel they’re being fed: our proprietary data, our credentials, our network access.

The boundary is no longer your firewall, it’s your API keys. When engineers build shadow infrastructure, they’re creating a parallel, unmonitored, internet-facing extension of your enterprise. The greatest threat isn’t a machine thinking for itself; it’s a well-intentioned human who, in building a clever tool, has inadvertently built your organization’s next breach vector.

Where Do We Go From Here?

The uncomfortable truth is that we can’t hold back this tide. Engineers will continue to experiment with powerful tools. AI agents will become more capable, not less. The innovation genie is out of the bottle, and shoving it back in isn’t an option, nor should it be.

So the question isn’t “how do we prevent this?” It’s “how do we get ahead of it?”

Start by asking yourself: Do we even know what shadow infrastructure exists in our environment right now? Not the Shadow IT we’ve catalogued, but the layer beneath—the personal servers, the home lab deployments, the “productivity hacks” running with our credentials. If the answer is “probably not,” that’s your first problem to solve.

Then ask your executive team: What assurances do we need before we can safely enable AI-powered automation? Because the business will demand it. Your developers want it. Your competitors are already doing it. The choice isn’t between “AI agents” and “no AI agents”; it’s between controlled experimentation with guardrails and uncontrolled experimentation in the shadows.

Finally, ask your organization: Are we making it easier to do things securely than insecurely? If an engineer wants to automate their workflow with an AI agent, and the “approved path” takes three weeks of security review (I’m an optimist) while the “just install it on my laptop” path takes three minutes, you’ve already lost. The friction gap is where shadow infrastructure thrives.

The tide is coming. The question is whether we’re building seawalls or just standing on the beach, hoping it won’t reach us.

Our move isn’t to stifle innovation. It’s to refocus it, bring it into the light, and secure it, before the shadow grows too long to manage. Because the ultimate risk of this new wave of AI isn’t that it will think for itself. It’s that we will stop thinking for ourselves about what we feed it.

More on security and AI ?

In my previous article “The Export Control Trap”, I argued US export controls were inadvertently funding China’s next computing paradigm. Within days of publication, new market data emerged that doesn’t just validate this thesis – rather it suggests the transformation is happening faster and broader than what even earlier pessimistic projections anticipated. This warrants a post-script.

The Inflection is Here Already

While following up on a couple of data-points after the last article, it becomes clear that the inflection point I was anticipating in a near future has in fact already arrived. Newly released market data in January 2026 should alarm anyone vested in continued Western AI dominance, and should prompt the need to pay attention to trajectory, impact, and interplay of market forces. Not only for model evolution and logic capabilities, but also paying close attention to the underlying technology enablers. What I note is:

First, the economic divergence is quantified.

Last year it was made clear that DeepSeek-V3’s documented training was estimated to have cost somewhere around $5.5 million versus Western frontier models’ $50-200 million - a 10-40x efficiency advantage. This is of course based on DeepSeek’ own published information but even if that number was twice or thrice as high, it doesn’t change the challenge to the economic model that is held by Western AI frontier labs. On its own DeepSeek’s achievement is noteworthy but this underscores the thesis that China is not replicating, it’s forging it’s own strategy around the constraints. The efficiency gain is secured not through better hardware, but through architectural innovation forced by those constraints1. Their 671 billion parameter model activates only 37 billion per token through Multi-head Latent Attention (MLA) and DeepSeekMoE architecture, achieving comparable performance with a fraction of the compute2.

Media analysts contrasted this with widely cited estimates of tens to hundreds of millions of dollars in compute expenditures by leading AI frontier models, though no audited breakdown exists for models like GPT-5.2 or Sonnet 4.5 so broadly all the claims remain stated costs are not confirmed costs3.

Inference economics tell another eyebrow-raising story: DeepSeek’s claimed cost structure delivers operations at $0.10 per million tokens while Western models remain at $1.00-$5.00, creating a 10x to 50x operational efficiency gap4. Sure, those cost will shrink, and over time will the gap between western and Chinese models may close, but the advantage set by a different architectural paradigm may persist over a longer time until new technological breakthroughs swing the balance again.

Crucially, these are not forecasts or speculative models. They are measurements of a transformation already in motion.

Second, the alternative ecosystem has achieved critical mass.

A growing share of new AI accelerator startups in the APAC region now adopt RISC-V as their primary instruction set architecture, often explicitly to ensure sanction-resilient operations. This isn’t just about hedging, it’s driving a wholesale ecosystem pivot. Market forecasts project RISC-V growth from $2.49 billion in 2025 to $10.77 billion by 2030, with 2026 orderbooks already tracking 35% growth to $3.34 billion5 6. The market share likely came a shock to many analysts, and as the position evolves in 2026 and onwards, it suggests that in the markets where RISC-V has entered so far, currently standardised MCUs for IoT and automotive use-cases, the number represents a noteworthy for this open-standard instruction set architecture (ISA). The trajectory suggests we’ve crossed the threshold from experimental alternative to industry standard in formation.

Third, the incumbent has validated the challenger’s path.

NVIDIA has ported its CUDA platform to support RISC-V instruction set architecture on the CPU side, enabling RISC-V cores to orchestrate workloads in CUDA contexts7. When the dominant player validates the challenger’s architecture through direct technical integration, the paradigm shift effectively becomes official policy rather than speculation. NVIDIA’s shipment of over one billion RISC-V cores in 2024 alone – primarily for system management and secure boot tasks – demonstrates this isn’t symbolic support but operational deployment at scale8. Critics may say that RISC-V doesn’t materially change the playing field for the 2, 3, and 5nm chips but that is only true in the short term. In a longer term perspective RISK-V showcases and diverging architectural solutioning to the AI compute problem and although not a direct Kuhnian paradigm shift today, it marks the “development-by-accumulation” and the challenge of “normal science” as an established path towards the shift in paradigm itself. Export controls on advanced AI chips have incentivized Chinese ecosystem actors to pursue greater domestic autonomy in both hardware and software AI stacks, and DeepSeek’s deployment strategy and partnerships with domestic toolchains illustrate how this dynamic influences product positioning.9

Secession Documented: Hardware & Software Sovereignty at Scale

RISC-V has moved from academic curiosity and edge-case challenger to institutionalized national strategy. China has integrated it into its 14th Five-Year Plan as an “insurance policy” against restricted access to ARM and x86 architectures10. The significance extends beyond market projections because RISC-V represents what China now codifies as a “geopolitically neutral” instruction set architecture, a defensive posture with profound offensive implications.

Unlike x86, which maintains a rigid, frozen instruction set controlled by Intel and AMD, RISC-V allows Chinese firms to add custom AI instructions directly into silicon. This enables chips that are highly optimized for specific AI workloads, such as LLM inference, compared to general-purpose architectures. As an open-source standard governed by a foundation based in neutral Switzerland, RISC-V is technically unsanctionable. Washington cannot turn off the architecture the way it can restrict ARM licenses or ASML lithography exports.

Hardware sovereignty has transitioned from development to operational deployment. Alibaba’s XuanTie C930 server processor, launched in March 2025, is now shipping at volume to domestic datacentres11 12. This 64-bit, RVA23-compliant processor doesn’t merely imitate ARM; it eliminates the licensing dependencies Washington currently leverages for technological containment. Companies like RIVAI and Nuclei System are leveraging RISC-V’s modular vector extensions to build hardware optimized for post-transformer architectures, particularly those emphasizing sparse computation and efficient inference. As a result, these firms are not deeply locked into NVIDIA-centric design assumptions, in part because sanctions limited early dependence on that ecosystem.

The strategic positioning extends to supply chain control. By the end of 2026, China is projected to control 45% of global capacity for 28nm-and-above mature node production. [footnote: Projections China will hit 39% by 2027 is based on earlier market research, but when factoring in “under-construction” capacity that comes online throughout 2026, the 45% figure is frequently used by multiple sources to describe China’s share of new global capacity additions.13 14 15 This isn’t just market share; it also includes control over the foundational chips that power automobiles, industrial automation systems, IoT devices, power grid infrastructure, medical equipment, and defence systems. While Western policy obsesses over 3nm cutting-edge processes, China is systematically dominating production for the nodes that run the physical world’s existing infrastructure.

Software stack maturation is accelerating in parallel with hardware deployment. Moore Threads’ MUSA (Moore Threads Unified System Architecture) platform ships with the Musify toolkit designed to lower barriers for porting CUDA-originated code to domestic GPU products16. While precise performance relative to native CUDA workloads varies by application and ecosystem maturity, the existence of automated translation tools means the barrier to switching isn’t “rewrite everything from scratch” but “port and optimize iteratively.” This mirrors the Linux playbook: initial compatibility through translation layers, then progressive native optimization as the ecosystem matures.

Huawei’s CANN (Compute Architecture for Neural Networks) provides a comprehensive layered software stack for Ascend accelerators, positioned as a complete AI compute platform with integration into popular frameworks [footnote: https://en.wikipedia.org/wiki/MindSpore]. While not yet standardized as a universal solution across all domestic hardware vendors, CANN represents a key pillar of China’s AI software ecosystem. The lack of complete standardization isn’t weakness; rather, it’s the natural stage of early ecosystem development, comparable to Unix fragmentation before POSIX standardization emerged from competitive pressure.

The broader AI software ecosystem also includes open and vendor-agnostic systems like Triton and JAX, which reduce dependency on handwritten CUDA code across the entire industry. These frameworks provide hardware abstraction that benefits China without requiring Chinese development leadership. Every framework that abstracts away hardware specifics makes NVIDIA’s CUDA advantage more fragile, and China benefits from Western companies’ own efforts to reduce vendor lock-in.

And just to be clear; this isn’t capability development in laboratory settings. It’s operational deployment at scale with shipping products, established supply chains, and documented performance metrics.

Counterpoint: Why the Scaling Paradigm May Still Prevail

Before concluding, a critical counterargument must be engaged. The scaling paradigm that built the current AI era is not defenceless, and its adaptive capacity remains formidable.

A fair critique of this analysis is that it may overstate the durability of efficiency-driven architectural divergence while understating the adaptive capacity of the dominant scaling paradigm. Western AI leaders are not blind to efficiency constraints, nor are they locked into a single architectural trajectory by inertia alone. The same organizations investing in massive compute infrastructure are also leading advances in sparsity, quantization, distillation, and inference optimization. If efficiency proves decisive, there is no structural barrier preventing Western ecosystems from incorporating those innovations rapidly, especially given their access to capital, manufacturing, and global talent.

Moreover, frontier performance remains tightly coupled to scale in domains that matter strategically, including multimodal reasoning, scientific discovery, and generalization under distribution shift. For these tasks, access to leading-edge fabrication, extreme bandwidth memory, and large-scale training clusters may continue to confer decisive advantages that efficiency alone cannot fully substitute. If future breakthroughs remain compute-hungry, the scaling paradigm may not be transitional but foundational, and the current wave of efficiency gains may represent optimization rather than displacement.

Finally, the Chinese ecosystem’s embrace of alternative architectures carries its own risks. Fragmentation across instruction sets, toolchains, and software stacks can slow innovation, raise integration costs, and limit the transferability of breakthroughs. Open standards like RISC-V reduce dependency but do not automatically guarantee coherence or performance leadership. History offers examples where open, modular ecosystems struggled to outperform tightly integrated incumbents over long periods.

From this perspective, the current divergence could reflect temporary adaptation to constraint rather than the emergence of a superior paradigm. Only time will tell. If constraints ease or if scale-dependent breakthroughs dominate future progress, Western architectural investments could remain not only relevant but decisive.

Who Is Actually Trapped

Interestingly, we are witnessing the birth of two parallel, increasingly incompatible innovation ecosystems. The West continues optimizing within an established paradigm, protected by export controls and sustained by massive capital investment in known architectures. China, denied access to that paradigm, is being forced to build the alternative.

The question my previous article raised remains unanswered: who is actually trapped by the Export Control regime? The RISC-V data suggests we’re watching the answer materialize in real time.

We are not merely building a fortress around our current advantages. We are pouring concrete, in the form of trillion-dollar investments and rigid policy, into fortifying a paradigm whose foundations are already shifting. China is being forced to build the future in what appears to be the “left field” of efficiency and architectural autonomy.

The trap isn’t for them. It’s for us. We are the ones being locked into a trillion-dollar ditch of our own making.

The Great RISC-V Secession isn’t just about chips. It’s about who gets to define what “advanced” means in the next era of computing. And right now, the player being forced to redefine it has more incentive, more capital committed to alternatives, and far less to lose than the incumbent defending yesterday’s paradigm.

If you want more - here’s the first article on this topic

When Anthropic’s CEO Dario Amodei sat down at Davos last week, he delivered a warning that reverberated through tech circles. Speaking about the Biden administration's decision to approve exports of Nvidia H200 chips to China, by a move he compared to selling weapons of mass destruction to an adversary.

“It’s a bit like selling nuclear weapons to North Korea and [bragging that] Boeing made the casings.”1

While the hyperbole was striking, it was not nearly as striking as what the statement revealed: a fundamental misunderstanding or perhaps deliberate misrepresentation of how the game on technological competition plays out between nations and not companies.

What Amodei framed as a national security imperative is, in reality, classic rent-seeking protectionism dressed in patriotic clothing. And in pursuing short-term protectionism, he may be actually be hastening the very outcome he claims to fear.

I typically write about cybersecurity and AI, not semiconductor industrial policy. But Amodei’s misrepresentation of the challenges facing the industry today, and what I’m actually seeing happen in China right now, demands a response. My unusual qualifications (!) include tackling strategic issues in the semiconductor industry across Europe, the US, and Asia earlier in my career. That experience makes me confident in saying: Amodei is either fundamentally confused about how this works, or he’s deliberately misrepresenting the landscape to serve his own interests.

The False Premise of Chip Export Controls

Amodei’s argument rests on what appears to be a simple logc: restrict China’s access to advanced chips, slow their AI development, thus maintain American dominance. Unfortunately, the logic is wrong and this kind of linear thinking ignores decades of industrial policy history and understanding of China.

Ask yourself this: “when happens when you deny a motivated adversary access to existing technology”. When that adversary is motivated, extremely well funded, and operates an economy where national strategy takes precedence over short-term corporate profitability, you don’t stop their progress; you force them to innovate around the constraint, and sometimes they leapfrog you entirely.

Consider the evidence already in front of us. China has spent the last 15 years rolling out national strategies – one after the other: Belt & Road Initiative (from 2013), Made In China 2025 (from 2015), Next-Generation AI Development Plan (from 2017). Each of these have surprised the world with its determination and follow-though. A case in point for our AI chip discussion is DeepSeek’s recent emergence which demonstrated that Chinese researchers can achieve competitive AI results with significantly less computational power through algorithmic efficiency.
So, if the bottleneck isn’t really the chips, then what exactly are the US export controls protecting?

The answer becomes clear when you follow the money. Anthropic’s valuation is predicated on a specific economic model: that frontier AI requires exclusive access to massive, cutting-edge compute. This model justifies vast capital expenditure and creates a moat for those who can afford it. Massive data centres built with dependencies on the latest micro chip infrastructure, and continuous chip upgrades needed every 12-18 months creates massive on and off balance sheet investments which in part justifies the astronomical valuations of Anthropic, OpenAI and their US/European competition. I am not alone in questioning the fragility of underlying economic models. So if that assumption collapses because competitors are able to achieve similar results through algorithmic efficiency or alternative architectures, then that multi-billion-dollar moat starts to look like a very expensive ditch. Amodei has a direct financial interest in maintaining the belief that cutting-edge chips are an irreplaceable and scarce commodity.; that is what he wants to protect with the export controls.

China’s Strategic Patience and Forced Innovation

What the USA and Europe consistently underestimate is China’s capacity for strategic patience combined with forced innovation. When denied a technology, China doesn’t retreat; it mobilizes to build the industrial base to replicate and eventually surpass it. The numbers on fabrication plants (‘fabs’) construction tell that story with remarkable clarity. According to a 2021 CSET study, between 1990 and 2020, China built 32 large fabs capable of producing 100,000 or more wafer starts per month. During the same period, the rest of the world, combined, built 24.2

This growth wasn’t random industrial activity. It was deliberate execution of a long-term national strategy. I feel that some context is needed here. A new fab from plan to commencing operations used to take more than 10 years at the beginning of the 2000s and those numbers stuck in analysts minds. Today, depending on location, it takes between 3 to 8 years, where the US is pushing the upper boundary on build time due to very long environmental permits and infrastructure upgrade requirements. You can’t just build a fab anywhere due to the massive energy, water and environmental requirements. China on the other hand, like Singapore and Taiwan, offer “shovel-ready” land for greenfield plants, speeding up the process for companies who want to invest and cut the red tape; taking very different approaches to the US or Europe. For clarity, the comparative fab development timelines (US vs. China) is quite interesting3. While the global average construction time for a fab is approximately 682 days, we need to highlight that this number excludes the critical pre-construction and permitting phase, and the numbers get really interesting when we include those data points. In the United States, the total development for a greenfield fab currently spans 7 to 8 years. This includes an average construction period of 2.5 years (918 days) preceded by an intensive regulatory review phase and infrastructure build-out. The primary bottleneck is the federal National Environmental Policy Act (NEPA) reviews, which averages 4.5 years, alongside sequential efforts to upgrade local utilities to the massive power and water needs that the fab require.4 5

In contrast, China has compressed the total lifecycle to approximately 2.5 to 3 years. This is achieved by a marginally faster construction phase averaging 1 year and 10 months (675 days) but leveraging state-led “shovel-ready” industrial estates. By providing plots with pre-installed utility infrastructure and facilitating expedited, parallel permitting, China’s pre-construction is counted in months and not years. This systemic disparity supports the hypothesis that without significant regulatory reform, US-based projects face a “time-tax” that may challenge the economic viability of all but the most advanced semiconductor nodes.

In May 2024, China launched the third phase of its National Integrated Circuit Industry Investment Fund, commonly known as Big Fund III, with a massive budget allocation that, on paper, looks as impressive as the total U.S. CHIPS Act allocation for the semiconductor industry. But this is where the similarities end. The true scale of China’s commitment becomes evident only when examining its capital deployment mechanism alongside Western counterparts.

While the U.S. CHIPS Act’s headline figure of $52.7 billion and the EU Chips Act’s €43 billion mobilization target appear numerically comparable to China’s $47.5 billion “Big Fund III,” this surface-level comparison obscures a critical divergence in financial potency and speed. China’s fund constitutes a massive, single pool of state capital designed for direct equity investment. This “lead investor” status allows the central government to exert a massive capital multiplier, effectively commanding local governments, state-owned banks, and private entities to match its contribution at a three-to-five-fold ratio. In contrast, the U.S. and EU frameworks rely on subsidies and tax credits to “nudge” the market, leaving the ultimate pace of development to the fluctuating risk appetite of private shareholders and complex state-aid approvals. The West is relying on market signals to invite progress; China is using sovereign capital to command it.

For direct application and speed of allocation which is the key metrics for rapid industrial transformation, the financial architecture of China’s state-led model heavily tips the scales in its favour. It deploys concentrated capital with a strategic urgency that market-oriented governments, with their necessary governance structures, red tape, and oversight, are not designed to match.

The Chinese Big Fund III, therefore, represents far more than an effort to build additional fabs. It is the financial engine for a comprehensive national strategy aimed at controlling every critical link in the semiconductor supply chain: from lithography tools, etching platforms, and inspection systems to the underlying EDA software, photoresists, specialty gases, and wafer materials. This approach is the logical culmination of a hard-learned lesson from previous investment rounds: that technological self-sufficiency cannot be achieved by leading in only one segment. True independence, which also means creating insulation from external sanctions or externally imposed constraints, requires building, owning, or controlling the entire value chain. Big Fund III is the capital committed to that monumental task.

The Architecture Paradigm Shift

This is where the protectionist mindset becomes dangerously myopic. The microchip industry is not static and never was; it is today undergoing a fundamental architectural shift from CPU-centric computing to a new era of parallel and accelerated processing (GPU/TPU/neuromorphic). AI’s defining characteristic – which Anthropic and Amodei understand perfectly well – is its insatiable demand for chips that excel not merely at speed, but at massive-scale parallel computation. This is the very workload that rendered traditional CPUs inadequate and catapulted Nvidia’s GPU architecture to dominance, and which is why we see high-profile investments by OpenAI, Anthropic, etc pouring capital into Nvidia which then fuels the AI companies’ continued growth requirements (at least on paper). Their goal is not merely to secure their own supply, but to stimulate production and R&D into the very architectures Nvidia will then sell back to them.

But we must understand that dominant paradigms are not permanent, ever. The change in paradigms create moments of maximum vulnerability for incumbents and maximum opportunity for challengers. The immense scale of the required investment locks leaders into chosen technology path. A cutting-edge fab represents a multi-billion-dollar gamble on a specific technological roadmap. Its core tooling, like ASML’s Extreme Ultraviolet (EUV) lithography machines (behemoths comprising 100,000 parts, 2 kilometres of hosing, and requiring 40 shipping containers and three cargo planes to transport6) cannot be easily swapped out. This inertia is the incumbent’s ultimate vulnerability.

Nvidia’s current supremacy is tethered to this specific computational paradigm. The risk for the West – primarily the EU and US – is that this advantage is contingent, especially as U.S. export controls temporarily create an artificial technology threshold; it actively compel China to abandon the established path of moderate growth. Denied access to the cutting edge of the chip architecture and tooling, China is not standing still. It is channelling its vast resources, as exemplified by Big Fund III, into funding the next frontier. We are already seeing heavy investment in alternative architectures like the open-source RISC-V instruction set, a direct effort to bypass Western-controlled standards like Arm and x86. China is not just trying to replicate TSMC, they’re attempting to control the frame and define the rules for tomorrow’s race.

History offers us a powerful and sobering reminder. Consider Nokia. In 2007, it commanded nearly half of the global mobile phone market through unmatched hardware scale, supply chain mastery, and lightning-fast response to customer preferences. By 2013, its share was effectively zero. Its downfall was not due to a competitor building better hardware within Nokia’s paradigm. It collapsed because the paradigm itself shifted from hardware to software and ecosystems. Nokia’s immense manufacturing prowess and deep technological lock-in became irrelevant almost overnight. It didn’t gradually lose market share. It just became irrelevant.

The parallel is clear, and the lesson is key. By focusing export controls on preserving a transient hardware advantage in the current architectural paradigm, the U.S. is ignoring Nokia’s fatal mistake. Amodei, in advocating for stricter controls, is actively creating the strategic competitor he claims to fear. In forcing China to innovate elsewhere, the U.S. may be inadvertently funding the very architecture that could render its own trillion-dollar investments obsolete, including the very fabs the CHIPS Act seeks to build on American soil.

The Mature Node Advantage

While Western industrial policy obsesses over cutting-edge 3nm and 5nm processes, China has been systematically dominating production for mature nodes (28nm and above). This is the economically critical – and strategically decisive – battleground that receives less attention but matters profoundly more. The modern world does not run on the latest smartphone chips alone; it is built on mature nodes that power everything from automotive electronics and industrial robotics to IoT devices, medical equipment, and foundational defence systems.

China’s accelerating control over this sector grants it massive, structural leverage. The headline-grabbing advanced chips enable peak performance, but mature nodes represent the bedrock of global manufacturing – where volume, reliability, and strategic dependency are cemented. Mastery here provides more than just economic clout; it creates a stable platform for vertical integration and iterative innovation. By perfecting production on mature technologies, China builds the expertise, supply chains, and capital reserves necessary to fund the risky climb to the next frontier.

This strategy of mastering the foundational to enable the advanced is already visible. In 2025, the Chinese firm SiCarrier – founded only three years prior – publicly advertised pathways to produce advanced-node chips using multi-patterning techniques that bypass the need for ASML’s EUV lithography.7 Critics rightly point out that making 3nm chips without EUV is exponentially more expensive and suffers from dismal yields. And in a Western market, these would be disqualifying commercial failures. However, China views these “good enough” pathways as essential bridges to keep process knowledge alive. Even the corruption and “ghost fabs” revealed in earlier iterations of the Big Fund initiatives, while scandalous, functioned as a brutal form of “learning tax.” Beijing is willing to pay the price of trial, error, and even graft to build the institutional “scar tissue” required for eventual sovereignty.

The ultimate insight for the West is not that China will eventually build better versions of our current chips; it is that they are being forced to make our current chips irrelevant. By perfecting photonic computing or neuromorphic architectures, which do not rely on the same lithographic bottlenecks, China isn’t just trying to catch up in the current race. They are trying to move the finish line.

Essentially, by securing the industrial base everyone else takes for granted, China isn’t just playing catch-up in a race defined by others. It is building the resilient, integrated, and experientially rich ecosystem from which the next leap forward is most likely to emerge.

The Self-Fulfilling Prophecy

The CHIPS Act and US export restrictions have acted as a catalyst, removing any internal Chinese debate about the necessity of total self-reliance. What was once one policy option amidst many is now a civilizational imperative. This is how protectionism backfires.

When survival is at stake, the calculus changes entirely. Cost overruns become acceptable. “Good enough” solutions become viable stepping stones. The full force of state capital, talent mobilization, and industrial policy gets brought to bear with 15-year time horizons that make quarterly earnings look absurd. This is not hyperbole; it is the cold logic of realpolitik.

China has demonstrated this playbook before: high-speed rail, telecommunications infrastructure, electric vehicles. In each case, initial Western dismissiveness (”they’re just copying”) gave way to concern about quality (”it’s cheap but inferior”), then sudden realization that China wasn’t just competing but leading. The semiconductor challenge is orders of magnitude harder, but so is the level of resource commitment being applied.

The central strategic miscalculation of Western policy is viewing China’s semiconductor ambition through a commercial lens rather than understanding it as an existential state project. The CHIPS Act aimed at protecting a lead; China sees it as technological containment that validates their need for a completely autonomous stack. America is optimizing for commercial viability and return on investment. China is optimizing for strategic autonomy, accepting that some facilities might never make commercial sense in a pure market framework.

Where Amodei’s logic fails

Returning to Amodei’s nuclear weapons analogy: it reveals a fundamental category error. A nuclear weapon is a static, finished product – the threat is the object itself. Microchips, however, are dynamic tools of enablement. If Anthropic’s true competitive advantage lay in superior algorithms, safety protocols, and architectural brilliance, then a competitor’s access to H200s would be a hurdle, not an existential threat.

The vehemence of his opposition suggests a “Wizard of Oz” problem: he is shouting to protect the curtain because the magic behind it is less durable than the $40 billion valuation suggests. DeepSeek’s efficiency breakthrough was a “Sputnik moment” for the scaling-law true believers; it proved that the multi-billion-dollar compute moat is not a permanent fortress, but a temporary advantage. To be clear, while DeepSeek is a brilliant proof of algorithmic efficiency, it was still trained on thousands of Nvidia’s H800 chips, so while there may still be a need for companies like DeepSeek to use current high-end chip architecture, the deeper learning is that the quantity of chips required for a frontier model is much lower than American CEOs want investors to believe.

When the ‘compute moat’ can be bypassed with clever math, the trillion-dollar hardware advantage starts to look like a stranded asset. But that’s a narrative that exposes Amodei’s hidden agenda.

By lobbying for export restrictions, Amodei is performing textbook rent-seeking: asking the state to handicap more efficient competitors under the guise of national security. This is the ultimate irony: the “safety” he advocates for is not for the public, but for a fragile business model that requires chips to remain scarce and expensive to justify its own astronomical costs.

The Long Game

The decoupling of the world’s two largest economies is not just a trade war; it is the birth of two parallel, competing innovation systems.

For decades, China followed the tao guang yang hui (韬光养晦) strategy which means “hide your strength, bide your time”, DeepSeek was the signal that the “biding” period is over. While Western analysts were busy dismissing Chinese capabilities, a new ecosystem was materializing in the “left field” of algorithmic efficiency and mature-node mastery.

The West continues to underestimate the “singular determination” of the Chinese model. When forced to choose between quarterly market gains and 15-year strategic positioning, Beijing chooses the latter every time. The West is optimizing for the next earnings call; China is optimizing for the next epoch.

The real question isn’t whether export controls will delay a Chinese LLM by six months. It’s whether American executives, by begging for government protection, are trading temporary relief for permanent displacement. In clinging to the current hardware paradigm, they are ensuring their irrelevance in the next one.

The semiconductor race is no longer about who makes the fastest chips today. It’s about who builds the independent, resilient ecosystem that defines “fast” tomorrow. By attempting to contain China, the U.S. has inadvertently provided the ultimate stimulus package for Chinese innovation—ensuring they are no longer constrained by foreign technology, or foreign goodwill.

Amodei stood on that Davos stage thinking he was defending the American technology lead in AI. In reality, he was advocating for the very conditions that will ensure American obsolescence.

Read more here - follow-up article

A professor I follow on X, Ethan Mollick1 recently made an observation that struck a deep chord with me and that cuts to the heart of AI adoption as I’ve observed models are commercialised in enterprise environments. Mollick puts it bluntly (and I paraphrase): AI labs, run by coders, keep developing supercool tools for coding while leaving other forms of work stuck with generic chatbots2. Unless you own a frontier model, he argues, your ability to build specialized AI for your field is limited3. Coding shows us what is possible, but it also highlights the imbalance.

Take software development as an example. Developers now rely on copilots that debug, explain, and even generate entire libraries of code: sharp, precise, and tightly integrated into their workflows. Other professions, by contrast, are still working with more generic assistants: clever, but shallow. To bridge that gap, many companies have tried building custom AI agents. Yet the pace of change is so fast that by the time those agents are operationalised, the major labs’ own platforms are already becoming agentic; exposing the weaknesses of simpler solutions. This “evolutionary glitch,” where custom tools risk obsolescence before they are fully deployed, often goes unnoticed by coders, who are themselves sprinting ahead with increasingly powerful copilots.

So why has coding become such a privileged domain? The reasons are structural, not temporary. Coders both build the AI systems and use them, creating a tight feedback loop where problems are identified and solved almost instantly. On top of that, code is an unusually rich kind of data: structured, public, and easily testable. Training data is abundant, and outcomes are unambiguous: a line of code either compiles or it doesn’t, a test suite either passes or fails. Contrast that with law, medicine, or marketing, where the data is private, messy, and the outcomes are often subjective or even contradictory. In those domains, two different answers can both be “right” or “wrong,” which makes progress slower and far harder to measure.

This combination has made coding the natural proving ground for frontier labs; that bias is unlikely to fade. The labs are run by people with coding backgrounds, building tools first and foremost for their own work. Each release improves not just the tools themselves but the labs’ ability to build the next generation. It is a compounding advantage: a self-reinforcing loop where coders and labs accelerate together, leaving other domains struggling to keep pace.

The New Rules of Strategic Advantage
From owning models to owning context

For businesses outside of software development, this dynamic creates a series of strategic challenges that require rethinking how competitive advantage is built and how AI tools are implemented in domains that lack the strong feedback loops coders enjoy.

For years, the central technology debate has been whether to build or buy, but another truth is becoming apparent. With AI evolving so rapidly, organizations' in-house technical teams simply can't develop AI agents fast enough to compete with the evolution of agentic AI. While building custom chatbots on APIs may offer short-term benefits and cheaper than buying, organizations must ask themselves whether their projects can realistically keep pace with the more integrated and capable solutions that agentic AI platforms provide.

The AI labs' own agentic platforms are evolving too quickly, integrating memory, tools, and project management in ways that internal projects cannot easily replicate. Organizations will increasingly need to adopt those platforms, then focus on how to adapt them to their unique needs. This represents a major shift in the build-or-buy paradigm. The build-or-buy question has instead become: do we prioritize speed and capability, or do we insist on complete control and accept obsolescence? When the 'buy' option is evolving faster than internal development can match, competitive advantage moves from owning the technology to mastering its application.

This shift is also creating a two-tiered workforce. Coders are being supercharged by their copilots, while non-technical staff often use less powerful generic assistants. This risks creating a divide where technical employees become “super-agents” and everyone else remains “agent-lite,” at best. For business and technology leaders, the challenge is how to extend the benefits of AI beyond engineering by investing in training, redesigning roles, and embedding AI tools into every function so that the productivity boost is shared across the organization.

Yet the divide is less simply coders versus everyone else, and more about which domains already have mature AI-native tools and which do not. Design, writing, and sales are developing powerful copilots of their own – often powered by frontier models – though they evolve at different speeds and with uneven sophistication. Coding sprinted ahead first, but other knowledge domains are following on their own timelines.

The pace of adoption is shaped not only by technical feasibility but also by regulation, data sensitivity, and organizational risk tolerance. Highly regulated fields such as healthcare and finance move cautiously because of liability and compliance requirements, even when the technology is ready. By contrast, creative industries and marketing face fewer structural constraints and can experiment more freely, accelerating the emergence of domain-specific copilots. The divide, therefore, reflects not just technical maturity but the institutional barriers that determine how quickly AI can be woven into real-world workflows.

From my vantage point in cybersecurity, this divergence is especially critical. Here, AI is already accelerating both attack and defence. Coders with access to advanced copilots can rapidly probe systems, automate exploits, or generate polymorphic malware. Meanwhile, defenders can use the same tools to triage alerts, automate incident response, or hunt for vulnerabilities in ways that were previously impossible. The asymmetry emerges quickly: those with access to specialized copilots operate at an entirely different speed and scale than those relying on generic assistants. For business leaders, this is a preview of what may happen across many other domains if the gap between “super-agents” and “agent-lite” workers is left unaddressed.

The question of data sovereignty and intellectual property becomes even more critical in this new paradigm. To be effective, agentic AI tools need deep access to a company's internal knowledge: documents, emails, databases, even strategy memos. This creates an uncomfortable dependency where your most valuable data becomes the training ground for tools you don't control. How much of this knowledge can safely be exposed to third-party platforms? What protections are needed to ensure that proprietary information does not become part of someone else's ecosystem? For many companies, the answer will determine whether AI becomes a strategic advantage or a dangerous liability.

In practice, however, the question is not purely build or buy, but how to hybridize. Many organizations are already fine-tuning open-source models, layering RAG pipelines, and assembling custom agents on top of frontier APIs. The real challenge is deciding how much of the AI stack to customize versus consume as-a-service. Competitive advantage may rest not only in data, workflows, agility, and trust, but also in mastering this hybrid landscape

This reality reframes the build-vs-buy dilemma even further. If only a handful of labs can build frontier models, does that mean that true innovation is out of reach for everyone else? Not entirely. While companies may not be able to train their own frontier models, they can still innovate in ways that matter. The competitive game moves away from model building and toward something more fundamental: context building.

The New Locus of Advantage: Context and Orchestration

In Michael Porter’s terms, strategy has always been about the sources of sustainable advantage. In the age of agentic AI, owning the model is no longer that source. The new locus of strategic advantage is context: the data you control, the workflows you own, the agility you cultivate, the trust you build, and the way you orchestrate it all together. When frontier models are out of reach, competitive advantage shifts to these five pillars that define the “last mile” of AI adoption. Each is inseparable from a company’s identity and operations, and none can simply be outsourced to a lab.

Proprietary Data. It is not just about having unique data, but having the highest-quality, most-structured, most-contextual data. This data becomes a company's non-replicable moat, as it creates the most valuable fine-tuning and Retrieval-Augmented Generation (RAG) applications. The companies that win will be those whose data creates unique insights that no competitor can replicate, regardless of which frontier model they're using.

Workflow Mastery. This involves redesigning operations so they are natively AI-driven, not just bolted onto old processes. It means creating new forms of human-AI collaboration and developing organizational muscle memory for AI integration that competitors cannot easily copy. The advantage goes to companies that discover optimal divisions of labour between humans and AI agents, creating workflows that become increasingly difficult to replicate.

Speed and Agility. If everyone has access to similar foundational models, the advantage goes to whoever can deploy, test, and iterate fastest. This favours companies with flat hierarchies and fast approval processes over those weighed down by legacy structures. In a world where AI capabilities evolve monthly, the ability to rapidly identify, integrate, and optimize new tools becomes a sustainable competitive advantage.

Trust and Human Capital. The ability to deploy AI in ways that are secure, compliant, and explainable – particularly in regulated industries – will be a major differentiator. This must be paired with building a workforce where every employee is an effective AI operator, not just the engineers. Companies that can extend AI capabilities across their entire organization while maintaining security and compliance will have advantages that pure technology cannot provide.

Orchestration. Alongside these four pillars lies another layer of advantage: how effectively an organization orchestrates its AI stack. Few will fully ‘build,’ and fewer still can afford to only ‘buy.’ The reality is almost always hybrid: fine-tuning open-source models, integrating APIs, layering retrieval-augmented pipelines, and constructing custom agents on top of frontier platforms. In this light, the competitive question is no longer purely ‘build versus buy,’ but rather ‘assemble versus stagnate.’

But orchestration itself is not without risk. Combining open-source models, proprietary APIs, and custom agents can create complexity that overwhelms organizations without the right technical maturity. Poorly managed, this hybrid approach can fragment systems, inflate costs, and undermine performance, potentially leaving companies worse off than those that standardize on a single unified platform. Orchestration offers outsized rewards, but it demands governance, coordination, and a sober assessment of organizational limits. Done well, it becomes a multiplier; done poorly, it becomes a liability.

Taken together, these five pillars of context – data, workflows, speed, trust, and orchestration – represent where sustainable competitive advantage now lies. They require deep organizational commitment and can’t be easily copied or commoditized.

The Broader Locus of Risk: Society and Governance

While companies can adapt to this new competitive landscape, the concentration of advanced AI capabilities in a handful of labs raises broader questions that extend far beyond any single organization’s strategy. The structural bias toward coding reflects priorities that could have profound societal implications. These challenges play out across multiple levels: from ecosystem fragility, to geopolitical and corporate inequality, to questions of governance and, ultimately, to the future of human work and autonomy.

The Problem of “AI Monoculture.” (Ecosystem-level fragility)
When a handful of companies control the foundational models that power the world’s most advanced tools, society becomes vulnerable to an “AI monoculture.” This is similar to relying on a single crop, which can be wiped out by a single pest. If a single lab’s model has a bias, a flaw, or a “hallucination,” that problem could propagate across countless industries simultaneously. How do we ensure diversity and resilience in the AI ecosystem? Open-source efforts such as LLaMA or Mistral provide an important hedge against overconcentration. They can serve as fallback options and help diversify the ecosystem. But it would be a mistake to see them as full counterweights. The true moat for frontier labs lies less in raw model capability and more in the ecosystems they control. Platforms that integrate deeply into productivity suites, search engines, or proprietary plugin architectures create powerful lock-in effects. Once a company’s workflows depend on these integrations, the switching costs become prohibitive, even if open-source or alternative models reach comparable performance. For this reason, open-source models are likely to play important but limited roles such as filling niches, enabling experimentation, or serving as safeguards rather than replacing frontier labs as the primary engines of business adoption.

The Widening “Intelligence Asymmetry.” (Geopolitical and corporate inequality)
The initial information asymmetry in corporate governance, where management had better information than shareholders, is now evolving into a much deeper “intelligence asymmetry.” As some companies and countries gain access to more powerful, agentic AI tools than others, what are the ethical and economic implications? Will this deepen existing inequalities between the “AI-haves” and “AI-have-nots”?

Regulation and Accountability. (Institutional governance)
If an agentic AI makes a mistake that leads to a financial loss, a medical misdiagnosis, or a legal error, who is responsible? The company that used the tool? The developer of the frontier model? The human who supervised the agent? The increasingly complex and multi-step nature of agentic AI makes it difficult to assign clear accountability. This raises critical questions for regulators and legal systems that are ill-equipped to handle this new paradigm. It also underscores why owning the context (the data, workflows, governance, and human oversight surrounding AI use ) matters as much as the technology itself. Organizations that fail to define and control this context risk not only poor outcomes but also accountability and explainability gaps they will struggle to defend.

The Future of Work and Human Autonomy. (Individual human impact)
If the tools for human-AI collaboration remain generic for most fields while becoming highly specialized for coding, what does this mean for the future of non-technical professions? Will the “soft skills” of strategy, empathy, and creativity be sufficient to thrive, or will they too require specialized AI tools that may not be developed for years to come?

Conclusion

Mollick is right that coding has enjoyed a head start, and this advantage appears to be structural rather than temporary. But the mistake for businesses would be to chase the labs by trying to build frontier models internally, only to replicate the advantage that coders already enjoy today. The real opportunity is to recognize where advantage truly lies: in the five pillars of competitive strength – the data you control, the workflows you own, the speed and agility you cultivate, the trust and human capital you build, and the way you orchestrate the AI stack itself. Together these define the context in which models become useful.

In this transition toward agentic AI, you do not need to own the model to win; you need to own the context – and that means mastering the discipline of orchestration. Done well, orchestration amplifies the other pillars; done poorly, it becomes the weak link in the chain. Crucially, owning the context is also the foundation for accountability. Without it, organizations risk deploying powerful AI systems they cannot explain, defend, or govern.

The question I see most relevant for leaders, in both business and society, is whether we can build this context in ways that create value without reinforcing lock-in, widening inequalities, or introducing new vulnerabilities. The answer will determine not just who wins in the marketplace, but how AI shapes the future of resilience, innovation, responsibility, and human agency itself.

While company executives reassured stakeholders with familiar refrains of 'swift action' and 'no card data lost' throughout 2025's major breaches, the technical reality being managed several layers below told a different story. The gap between public messaging and operational truth has never been wider, and that gap is where the next generation of cyber risk is taking root. Let’s discuss:

The first half of 2025 marked a significant evolution in the cybersecurity threat landscape. Notwithstanding the profound evolution brought about by AI (some might argue ‘revolution’ – as discussed before) some of the UK's most recognisable organisations, ranging from supermarkets to luxury retail, automotive, and telecommunications, have faced public and high-impact cyberattacks.

News headlines, as usual, focused on outages, customer disruption, and speculation about ransom demands, while public statements leaned on standardised scripts: "swift action," "no card data lost," "services being restored." Yet the operational impacts ran far deeper, carrying consequences not only in direct financial losses but also in reputational damage and longer-term strategic erosion.

Peeling back the layers to expose the underlying (in)security trends, a more consequential story emerges. These incidents were not merely uniform ransomware repeats as seen in years past. Instead, they reveal threat actors testing new approaches, defenders making unorthodox choices – some wise, some less so – and systemic weak points being exploited in ways that boards and CISOs cannot afford to ignore. Yet the familiar security theatre with its focus on reassurance and compliance messaging obscures these deeper patterns that should be driving strategic cybersecurity decisions.

If incident response is instrumental to the theatre, meaning reactive processes remodelled and baselined on established playbooks and past experiences, then these events are the cracks in the stage. They show us where the script is failing and where the performance is lacking authenticity.

The reflections that follow are drawn from a comparative analysis of five high-profile UK incidents in 2025: Marks & Spencer, the Co-operative Group, Harrods, Jaguar Land Rover, and Colt Technology Services. Each was different in industry, scale, and impact, but together they provide a useful cross-section of how contemporary threat actors operate, where defenders are pressured into new decisions, and what systemic weaknesses are repeatedly exposed. The aim here is not to retell headlines, re-analyse attack timelines, or speculate on attribution, but to surface what I can identify as the opaque trends that cut across cases; i.e. the real signals that matter for CISOs, boards, and risk leaders setting strategy beyond the current incident-response cycle.

Together, they map the security horizon: the terrain on which the next phase of cyber risk will play out.

1. Identity resets are now critical infrastructure

In three of the retail cases, the fulcrum was not a sophisticated exploit but a simple process: password resets and MFA method changes handled by help desks. Attackers socially engineered help-desk staff to reset credentials or remove MFA devices, and with that, the entire defensive stack was bypassed. This again highlights the obvious: humans remain a weak link. The intention is always benign; reduce employee frustration, avoid IT being a hindrance to operations, reduce support friction, but consequences are far reaching. The challenge lies as often in cybersecurity in Identity Management.

We are used to thinking of identity as a control layer. It is time to accept that identity reset workflows are the control plane. They carry the same systemic weight that firewalls once did. Yet in many enterprises, these flows are delegated to outsourcers, measured on call-handling time, and protected with little more than caller-ID heuristics. Playbooks that can be bypassed in the interest of “smoothing out customer experience”.

The strategic horizon demands a reclassification: identity resets must be treated as Tier-0 infrastructure, requiring dual approval, out-of-band verification, and continuous audit.

2. MSPs and software supply chains are today's perimeter

We no longer own our entire defensive perimeter (if you can find it – the traditional perimeter is vanishing1). In the Marks & Spencer case, third-party accounts were the suspected vector. Co-op, Harrods, and Jaguar Land Rover all shared a common denominator in a managed service provider. Colt's incident, by contrast, came via an unpatched SharePoint zero-day.

These two threads – managed service providers and software dependencies – are often discussed separately, but they represent the same phenomenon: we have externalised our perimeter. Whether through direct outsourcing or software supply chain, we have handed trust to entities whose controls and patch cycles we do not govern.

‘Cyber Essentials’ badges and supplier security questionnaires cannot carry that weight, even SOC reports won’t meet these standards. Contracts must demand technical parity: the same reset policies, the same telemetry, the same patch urgency that we would demand of ourselves is encoded in contracts, SLAs and OKRs. SBOMs and signed builds must become routine, not academic. The perimeter is not where your firewall sits; it is wherever your supplier or your code is weakest.

3. Extortion without detonation

Traditional ransomware economics relied on encrypting data and offering a decryption key, or double extortion (ransoming both for providing decryption key and not to sell stolen data). But in both Co-op and Colt, we saw the leverage created without ever triggering encryption. At Co-op, a membership database provided the bargaining chip. At Colt, attackers exfiltrated contracts and network diagrams and auctioned them to the highest bidder, indicating a shift in the underlying economic model.

These incidents demonstrate that detonation is optional. Exfiltrating even a small but leverage-dense dataset is enough to drive extortion. This shifts the impact horizon: we cannot only measure exposure in terms of encryption events. We must elevate targeted exfiltration to the same category of risk.

The strategic horizon here is clear: data leakage detection, segmentation of crown-jewel datasets, and rapid detection of unusual export patterns matter more than ever. The next extortion may require only a gigabyte, not a petabyte.

4. Criminal brand fluidity creates operational uncertainty

DragonForce, Scattered Spider, WarLock: these are names and banners blurred across these incidents and classical delineation is no longer possible. In some cases, the same tools and TTPs appeared under multiple brands. In others, attackers recycled old screenshots to claim responsibility. This brand fluidity is more than a technical footnote; it fundamentally undermines negotiation, insurance claims, and regulatory reporting.

When attribution is structurally uncertain, critical questions become unanswerable: Who actually holds the encryption key? Who owns the stolen data? Who can enforce deletion? The old phrase applies: "Hackers always lie, but that doesn't mean they're 100% wrong."

For CISOs, this demands new playbooks that don't assume coherent branding. Always analyse samples of stolen data to establish origin, never discard the possibly that the data leak involved insiders, prepare for re-extortion attempts from different groups claiming the same data, and consider planting canary documents with beaconed strings to detect resale. Pressuring insurers and regulators to acknowledge affiliate fluidity as a systemic uncertainty is equally critical. The days of neat attribution categories are ending and aside from possibly help clarifying broad threat-actor motivation the attribution itself becomes an academic exercise.

5. Kill-switches are part of continuity planning

Two of the UK incidents stand out not for what attackers did, but for what defenders chose. Harrods immediately restricted internet access across its estate, accepting some payment disruption in order to cut off exfiltration. Jaguar Land Rover initiated a global IT shutdown, halting production to contain suspected identity compromise. Expensive, yes, effective at reducing longer operational outage and customer disruption and more profound economic losses – resounding yes.

These are noteworthy decisions. Historically, boards have flinched at the idea of self-disruption, preferring to keep systems alive "until we know for sure." But Harrods and JLR show that mature defenders are willing to pull the plug first, if it prevents systemic compromise. JLR's production remains disrupted more than two weeks after the attack was made public (at the publishing of this article), with material production impacts expected to last until October. Marks & Spencer took 15 weeks to fully restore online services, with online orders completely halted for over six weeks. No surprise that disruption costs money but when a broader comprise is (inadvertently) allowed through analysis-paralysis, the more expensive the recovery becomes. Some painful decisions needs to be taken fast.

This demands a rethinking of continuity planning: cyber kill-switches are no longer taboo; they must be designed, rehearsed, and integrated into business continuity drills. Continuity with constrained services is preferable to continuity with compromised trust.

6. Sector-specific chokepoints are the true attack surface

A more profound insight here is that the attacks reveal that the true prize isn't always the data; it's the choke points. This profoundly requires defenders and security architects to reconsider the traditional cybersecurity operational models. The choice of what the threat actors chose to disrupt was not random. At Marks & Spencer, it was e-commerce and fulfilment. At Co-op, stock and replenishment. At Harrods, payments. At JLR, manufacturing ERP and MES. At Colt, customer portals and APIs.

Attackers are mapping and exploiting sector-specific chokepoints: the points where downtime translates most quickly into leverage. Too often, boards and CISOs still talk in terms of "crown jewels" or “critical business services” (customer data, financials, or overly broadly defined services) while under-investing in chokepoints that keep the business running. And perhaps what makes these types of targeted attacks so successful is that the business continuity plans are often woefully inadequate to address these choke-point disruptions, including the more simple supply-chain disruption.

The strategic horizon requires threat modelling around your chokepoints which must include considerations of internal business services and operations but also consider dependencies on suppliers or supply chains to enable those business services to operate. If you were an adversary, where would you apply pressure? Red teams must be tasked with those scenarios, not generic pen tests – moving from traditional penetration testing to offensive security.

7. Security theatre still blinds boards to structural risk

Public communications continue to emphasise what was not lost: “no card data,” “no passwords.” These statements are technically true, but they obscure what really happened: identity integrity was broken, suppliers represented attack paths, and small data sets provided leverage.

This theatre is not malicious. It is how organisations protect reputations, reassure customers, and meet regulatory minimums. But it also conditions boards to focus on the wrong things. The headlines and dashboards hide the shifts that matter most: the fragility of identity and authentication, the expansion of the de facto perimeter through SaaS and outsourced services, and the reality that extortion no longer requires encryption or ransomware.

The strategic horizon requires moving companies to rethink the traditional cybersecurity playbooks and link them more profoundly to the company’s structural resilience. For boards, that means demanding a different class of answers from CISOs:

• Are cyber kill-switches designed and rehearsed as part of continuity? What are the business continuity considerations for deliberately enacted production halts?

• Do suppliers operate under the same access parity and telemetry as in-house staff? How well do contracts empower IT or Cybersecurity to enforce operational compliance or service level agreements with vendors, or even red-lining engagements leading to vendor exits?

• Is our SDLC aligned to SBOM-first assurance and days-level patch cycles for internet-facing assets? Traditional maintenance windows don’t grown on trees and although internally change windows can be forced, how aligned are the vendors to patch on that same accelerated patch timeline?

• Do we understand risks in software lineage at ERP/PLM edges, not just in “crown jewels”? As experienced by JLR and Co-op; how aligned are the BCPs for disrupting Online Ordering/ERP/PLM/PDM safely, paired with graceful operational fallbacks?

The Security Horizon

With hundreds of incidents reported weekly, it is tempting to treat these incidents as another round in the endless cycle of breaches and press releases. But the hidden currents show something deeper and more profound that must not be brushed aside. There are strategic insights here that we must not overlook. The problem is not just in the malware or the ransom note. It lies in how we build, delegate, and measure our defences.

Identity resets must be elevated to critical infrastructure. Supplier and software controls must be treated as sovereign perimeters. Kill-switches must be normalised in continuity planning. Chokepoints must be mapped and defended as rigorously as financial systems.

For boardrooms, this shift can begin with a few sharp questions:

1. Identity: How do we verify that password, secrets (incl. API keys) and MFA resets – whether handled in-house or by a provider – are subject to the same level of scrutiny and audit as our financial approvals?

2. Suppliers: What visibility do we have into our MSPs and software vendors, and can we independently verify their security posture rather than relying on badges or contracts?

3. Continuity: If we had to pull a cyber kill-switch tomorrow, could we still operate in a constrained but trusted state, and when was the last time we rehearsed it?

These are not technical questions. They are questions of governance, resilience, and strategy. And the answers will determine whether organisations continue to perform the same play, or begin to re-engineer the stage on which it unfolds.

If we fail to make these shifts, the theatre will continue: polished statements on the surface, structural weakness underneath. The choice before us is whether to keep rehearsing the script or start engineering the stage itself.

The cybersecurity industry is perpetuating a $240 billion lie1, and you and I are part of it.

We've been inside the boardrooms, selling business leadership on the virtues of controls and compliance to turn metrics green, focusing on isolated outcomes over holistic processes. That budgets should go to certifications and tooling, not capabilities. That risk and control registers lead to resilience. That saying a "quick yes" to engineering changes is more valuable than enabling growth sustainably.

What's actually happening: We're selling theatre instead of transformation. We're fighting for budgets and resources instead of capabilities that enable business growth.

The Theatre in Action

Walk into any boardroom and watch the performance unfold:

• "We need SOC 2 certification to win this deal" - while ignoring whether the business can actually protect what matters

• "Our risk register shows we're compliant" - while executives approve risks they fundamentally don't understand

• "Security prevented 10,000 attacks this month" - a meaningless metric that sounds expensive to maintain

Persisting in treating security like cost centres and reacting to threats instead of proactively building strategic security will not only hold us back but is a losing game. The winning game belongs to those who start treating security like finance - as a discipline that enables growth through intelligent risk management. Those companies will be eating their competitors' lunch.

The Inflection Point

What we’re advocating isn’t about tweaking security programs. We're at a fundamental inflection point where cybersecurity transforms from cost centre to competitive weapon2. It’s that, or you get left behind entirely3. The consequence of that means falling victim to a downward spiral where lack of strategic foresight leads to more reliance on outsourced security services and SaaS solutions4 that become misaligned to the company’s strategic objectives – perpetuating cyber as tools and processes and not as strategic assets for business value creation.

The organizations winning this transformation understand something their competitors don't: security posture creates genuine business differentiation. While others buy compliance theatre, they're using security to:

• Access regulated markets like healthcare and finance that require demonstrated security maturity

• Command premium pricing from security-conscious customers

• Accelerate time-to-market by building security in, not bolting it on

• Win enterprise contracts that require demonstrated, not documented, security capabilities

This is the same evolution credit risk management underwent decades ago - from "preventing bad loans" to "optimizing risk-return profiles for maximum profitable growth".

What Transformation Looks Like

Instead of asking "What did we get for our $185M security investment last year?" forward-thinking leaders ask "What market opportunities did our security posture unlock this quarter?"

Instead of presenting security as "We need $10M to prevent breaches," they frame it as "Our security maturity enables the $50M remote workforce strategy and qualifies us for Fortune 500 supplier requirements our competitors can't meet."

The frame defines everything. And the companies setting the right frame first are building competitive moats while their peers burn budget on security theatre.

The Winners and Losers

Winners: Organizations that recognize cybersecurity as a business enabler and treat it with the same strategic rigor as finance or operations. They'll dominate markets while competitors explain breach headlines to customers.

Losers: Companies stuck in the compliance and control tick-box mindset, forever chasing the next certification while missing the fundamental business transformation happening around them.

The $240 billion cybersecurity industry has a choice: continue profiting from confusion and theatre, or demand the business transformation that creates real value. I know where I stand.

Business leaders have the same choice: keep buying the lie, or recognize that security done right isn't a cost to be minimized - it's a competitive advantage to be maximized.

The question isn't whether this transformation will happen. The question is whether you'll lead it or be left behind by it.

I remember sitting across from a COO who asked the question that haunts every CISO: "What exactly did we get for our $185M cybersecurity investment this year?" The implicit challenge was clear – no breach had occurred, so perhaps we were overfunded, or worse, hyping the risk to justify our existence.

This conversation encapsulates cybersecurity's fundamental framing problem. Unlike credit risk teams who evolved from "preventing bad loans" to "optimizing risk-return profiles for maximum profitable lending," cybersecurity remains trapped in a defensive mindset. We're stuck selling "cost avoidance" in a world where CFOs demand business value.

Economic theory suggests rational decision-makers calculate opportunity costs, but recent behavioural research reveals a more complex reality. In a landmark study "Opportunity Cost Neglect," Frederick et al. demonstrated across six experiments that consumers systematically fail to consider alternative uses of money until explicitly prompted, and even very subtle prompts are enough.1 Even when forced to deliberate extensively about purchase decisions, participants rarely spontaneously generated thoughts about outside goods they could buy instead until they were given that prompt. A prompt could be the mere mention of cost and when that goes first, a “frame” is set that encapsulates everything that is discussed from that point onwards. Professor Fredrick says:

“A widely accepted precept in research on decision making is people’s passive acceptance of the “frame,” or characterization of the problem, they’re provided. This confers power on those who offer a frame. Decisions about whether some expenditure is “worth it” hinge on what the purchase is seen as displacing. Take the extra time to define that, and you can change the way your customers view your value proposition.”2

This has profound implications for cybersecurity positioning. We've allowed ourselves to be framed as either:

• A "keeping-the-CEO-out-of-jail" expense for high-stakes industries

• Or a compliance checkbox for everyone else

But this framing is fundamentally wrong – and it's leaving massive competitive advantages on the table.

All other things aren't equal

The assumption that cybersecurity is purely a cost centre ignores a critical reality: security posture creates genuine business differentiation. When cybersecurity leaders position their investments solely as risk mitigation, they're competing on the wrong battlefield entirely.

Traditional cybersecurity pitches compare one security solution to another, usually emphasizing lower costs or better threat detection. This approach assumes that "keeping bad things from happening" is the primary value proposition. But this assumption is flawed because all security investments aren't equal – they enable vastly different business outcomes.

In high-stakes industries like – investment banking, robust cybersecurity isn't just about avoiding breaches – it's table stakes for customer trust. But even here, security teams fail to articulate how their investments enable premium pricing, faster regulatory approvals, or access to security-conscious institutional clients.

The key to positioning cybersecurity investments that deliver genuine business value is to differentiate the inherent opportunities that security posture creates from the "apparent" cost-avoidance benefits. It's perfectly valid strategy for cybersecurity teams to use opportunity costs as persuasive arguments – but to do that effectively, you need to understand not just your technical capabilities, but also what your stakeholders value most and what drives their decision-making process.

Consider the untapped competitive advantages that strong cybersecurity enables:

• Revenue acceleration: Faster time-to-market when security is built-in rather than bolted-on

• Market expansion: Access to security-sensitive customers and markets that competitors can't serve

• Premium pricing: Privacy-conscious customers pay more for demonstrated data protection

• Operational efficiency: Reduced insurance costs, better contract terms, streamlined compliance

• Brand differentiation: Security as a competitive moat rather than a commodity requirement

Framing your security value proposition

As I noted earlier, research into decision-making psychology highlights the importance of "framing" – how we characterize the problem our stakeholder faces and present our solution within that context. If you can effectively set the frame for business leaders, you can position your cybersecurity investments so they stand out as growth enablers rather than cost centres.

Professor Frederick's HBR article "The Persuasive Power of Opportunity Costs" provides a masterclass in reframing expensive purchases. His analysis of De Beers' diamond marketing campaign shows how they repositioned expensive jewellery from a "luxury expense" to a simple choice: buy the diamond now or "redo the kitchen next year." By framing both options as expensive but inevitable purchases, De Beers normalized the luxury item and suggested the opportunity cost could simply be deferred. It's all in the "frame." This wasn't just clever advertising – it was strategic reframing backed by rigorous psychological research3. Frederick's experiments reveal why traditional cybersecurity pitches often fail: when stakeholders are prompted to consider opportunity costs, they consistently shift toward cheaper options, this was shown to be true even with subtle cost-focused language. This research explains why leading with security expenses ('We need $10M for...') psychologically primes decision-makers to consider alternatives rather than approve investments. The solution is reframing security as business enablement before costs are even discussed. I.e. setting the frame early before discussion of costs.

Cybersecurity and IT leaders should apply these principles. Instead of presenting security investments as necessary evils, consider these reframes:

• Traditional frame: "We need $10M for an endpoint security solution that detect and reduce malware infections by 80%" Opportunity cost frame: "Robust endpoint security enables our hybrid workforce strategy, avoiding the $50M cost of additional office space to support business expansion".
  The endpoint security frame here is particularly compelling because it connects cybersecurity directly to a massive operational expense (real estate) that every executive understands. A $10M investment suddenly looks like a bargain against $50M in avoided office costs – and we're not just saving money, you're enabling a more flexible business model.

• Traditional frame: "We need advanced threat detection to identify APTs faster" Opportunity cost frame: "Proactive threat hunting positions us as the secure alternative to competitors dealing with public breaches, enabling premium pricing with security-conscious customers".
  In this frame, we’re not just preventing losses; we're creating a competitive moat that justifies higher margins. When competitors are dealing with breach headlines and customer trust issues, The company’s proactive security becomes a sales tool.

• Traditional Frame: "Our SOC prevents 10,000 attacks monthly" Opportunity Frame: "Our security posture qualifies us as a Tier 1 supplier for Fortune 500 companies, opening doors to contracts our competitors can't even bid on".
  The traditional frame's "10,000 attacks prevented" is actually meaningless to most executives. Sure, it looks good in a presentation deck but they don't know if that's good or bad, how it compares to industry benchmarks, or what business value it represents. It's just a big number that feels expensive to maintain. Here the opportunity frame immediately connects to what business leader understands: market access and competitive advantage.

  For many listed companies and governments, supplier qualification is a binary gate – you either meet the requirements or you're don’t. No amount of price competition or product superiority matters if you don’t have a seat at the bidding table.

These example also highlights how cybersecurity can establish what economists call "network effects" – the value of that investment increases exponentially as more prestigious clients demand higher security standards.

So here a SOC investment doesn't just protect against attacks; it becomes a credential that opens progressively more valuable market segments. And the end-point security frame implies that we can hire from a larger remotely located workforce and attract more diversified and skilled staff, and so on.

It's the difference between saying "We're really good at defence" versus "We have the ears of the CEO." One sounds like a cost centre protecting what you already have; the other sounds like a profit centre unlocking what you could have.

These examples collectively show that the most powerful reframes connect cybersecurity capabilities directly to revenue generation, market expansion, or competitive differentiation – making the business case self-evident rather than requiring complex risk calculations.

Briefly reverting to Frederick's research I need to point out that what constitutes a valid "frame" will differ dramatically between stakeholders. Your opportunity cost arguments will need to be adapted to each audience's specific priorities and psychology. The key thing that you need to think about is how do you get your stakeholders to stop thinking of security as cost and focus on how it enables and build business capabilities, revenue and differentiation.

Differential stakeholder engagement

So why do cybersecurity teams struggle to get buy-in while marketing teams with similar budgets sail through approval processes? Because marketing teams understand that different stakeholders require different value propositions for the same investment.

Consider how cybersecurity investments impact different business stakeholders:

For the CEO: Security posture enables strategic opportunities

• "Our security maturity allows us to pursue acquisition targets that competitors can't due diligence properly"

• "We can enter regulated markets that require demonstrated data protection capabilities"

• "Security becomes a competitive moat – customers choose us because they trust us with sensitive data"

For the CFO: Security investments optimize financial performance

• "Strong cybersecurity posture reduces insurance premiums by 40% and enables better contract terms"

• "Security-by-design reduces compliance costs across multiple frameworks"

• "Our security posture commands premium pricing – we can charge 15% more than competitors for the same services"

For Sales Leaders: Security enables revenue growth

• "We can pursue enterprise customers who require SOC 2 Type II certification"

• "Security certifications open government contracting opportunities worth $200M annually"

• "While competitors deal with breach recovery, we're winning their security-conscious customers"

For Product Teams: Security accelerates innovation

• "Embedded security means faster time-to-market – no lengthy security reviews and simplified SBOMs"

• "Privacy-by-design features become product differentiators"

• "Security APIs enable integration with enterprise customer environments"

Research validates that this multi-stakeholder approach is crucial. Frederick's studies found that individual differences in spending attitudes significantly affect how carefully you must frame initial presentations. Cost-conscious decision-makers naturally scrutinize all expenditures, making it essential to lead with opportunity value rather than costs. Growth-focused stakeholders, while more willing to invest, need explicit connection between security capabilities and business outcomes before any cost discussion begins.

This maps directly to cybersecurity contexts: heavily regulated industries with cost-conscious leadership require immediate opportunity framing to prevent cost-comparison thinking, while other sectors need clear business enablement messaging to avoid dismissing security as routine IT expense. In both cases, establishing the value frame before discussing costs is crucial to avoiding Frederick's documented preference shift toward cheaper alternatives.

Consider how De Beers crafted completely different messages for different audiences selling the same product. For men, they used direct, practical language: "It is never a good idea to keep a woman waiting", "There's never been a better time to invest in futures," and "This Christmas there will be more than three wise men.4” These messages positioned diamond purchases as smart investments and practical decisions.

For women, the campaign was far more subtle, aimed at redefining their relationship with diamonds entirely. Rather than positioning diamonds as gifts received, they framed them as personal choices: "It beckons me as I pass the store window…”, and “…I'm not usually that kind of girl, I take it home5"

This dual approach to framing the purchase differently to both the purchaser and the recipient took advantage of their (subtly prepared) perceptions of what the ring meant – a sound investment, an investment into their shared love, and an expression of personal empowerment rather than dependence. The frame defines how they rationalise the ring and ignore or justify the opportunity cost even if that implies cognitive dissonance by linking it to emotions or suggestive logic.

For cybersecurity investments to gain traction, they must be perceived as enabling rather than adding to already constrained business budgets, and this frame must be set before we bring up costs. This requires framing security not as a grudge purchase, but as a strategic enabler of business goals that stakeholders already prioritize.

The path forward

The cybersecurity industry stands at an inflection point similar to where credit risk management was decades ago. Credit teams evolved from "preventing bad loans" to "optimizing risk-return profiles for maximum profitable growth." They developed sophisticated models that quantified previously invisible value creation. But these risk quantification models that I see evolving for Cybersecurity still have the same cost-focus flaw. They’ll just put a more precise dollar value on the risks we mitigate, on the threats that we eliminate and the DDoS attacked we negated. These quantification models still won’t show the business value or the opportunities that cyber stand to create. Unless the risk quantification model output is carefully used in budget meetings and investment discussions, these models will simply highlight the opportunity costs to the board before you’ve had the opportunity to set the frame.

That said, cybersecurity will eventually see the evolution Credit Risk experienced. Credit risk managers learned that better risk understanding didn't mean giving fewer loans to objectively safer customers – it meant giving more loans, more profitably, through accurate pricing of risk. That was the value creation from better analysis, not cost avoidance.

Organizations that master this reframing will discover something remarkable: cybersecurity transforms from budget line item to a competitive weapon. While competitors treat security as a compliance checkbox, forward-thinking companies will use security posture to win customers, enter new markets, and command premium pricing.

The opportunity is enormous – but it requires honest self-reflection about how we currently position our value and what we might be leaving on the table. And it will require that CISOs become more business focused and commercially minded.

Questions for reflection:

• Consider your last three cybersecurity investment proposals. What frame did you use to present them? Were you asking stakeholders to accept costs or to recognize opportunities? Note: Risk reductions are not opportunities.

• What business objectives is your CEO most focused on this quarter? How might your security capabilities enable, accelerate, or differentiate those initiatives?

• If a competitor suffered a major breach tomorrow, what specific business advantages would your security posture create? How would you communicate those advantages to prospects and customers? And what would something like that be worth?

• Which of your stakeholders are naturally cost-conscious versus growth-focused (i.e. more willing to invest but may need coaching to see security's business enabling potential)? Cost-conscious stakeholders need immediate opportunity-focused messaging to prevent cost-comparison thinking, while growth-focused stakeholders need explicit connection between security capabilities and business outcomes before any cost discussion begins.

• What market opportunities, customer segments, or premium pricing strategies could your current security investments unlock that you haven't explicitly articulated to business leadership?

The answer to the $185M question shouldn't focus on what we avoided, what risks we mitigated, or how much more resilient we are, unless those are the value creating differentiators. The answer should focus on the opportunities that create value so that we don’t end up in a situation where opportunity costs become the central discussion point.

We need to make the potential $40M cost-saving from a $10M cyber investment come across like great value. The organizations that answer this question most compellingly will transform cybersecurity from necessary cost to competitive advantage.

In my foundational article "The New Battlefield," I identified three critical observations reshaping cybersecurity: the acceleration of AI capabilities, the transformation of threat profiles, and the evolution of defensive capabilities. This series has since explored how regulatory frameworks are creating new battlefields ("AI Regulation & Compliance: Mapping the Global Landscape") and how forward-thinking organizations are transforming compliance burdens into competitive advantages ("From Compliance Burden to Cybersecurity Edge"). In "The Offensive AI Revolution," we examined how threat actors are weaponizing AI capabilities at unprecedented scale and sophistication. Now, we turn to the defensive revolution: how organizations are fundamentally reimagining security itself to counter these AI-enabled threats.

While we have noted several challenges throughout our journey of AI’s decisive impact on Cybersecurity, there is one core challenge that remains formidable – democratisation of advanced technical tools and capabilities are now in hands of everyone. As detailed in "The Offensive AI Revolution," AI-enabled adversaries are no longer limited by the constraints of human expertise, time, or scale. We're witnessing a transformation from individual operators and static malware to coordinated, semi-autonomous attack systems that adapt, deceive, and learn in real-time. AI isn't just accelerating cyber threats – it's reshaping them entirely. Yet this narrative of defensive disadvantage obscures a critical reality: the same technological forces empowering attackers are simultaneously revolutionizing defensive capabilities.

This escalation creates an uncomfortable truth for defenders: our conventional security models which are built around predictable threats, human-speed incident response, and perimeter-based trust are increasingly becoming obsolete. In this new era of machine-powered intelligence and automation, the attacker iterates faster than your patch cycles, impersonates users with uncanny realism, and adjusts tactics before your detection rules can trigger. The democratization of AI tooling has further eroded the gap between advanced persistent threats and the broader criminal ecosystem, equipping more “junior” threat actors with capabilities that rival or even exceed those of well-resourced nation-states just a few years ago.

Yet this narrative of defensive disadvantage obscures a critical reality: the same technological forces empowering attackers are simultaneously revolutionizing defensive capabilities. This is what I call the "Asymmetric Mirror Effect" – when we focus intensely on breakthrough innovation from threat actors, we forget that defenders are also adapting in kind, staring back through the same technological lens. While adversaries leverage AI for autonomous exploitation and deepfake deception, defenders are deploying machine learning for predictive threat intelligence, behavioural anomaly detection, and real-time response automation. The question is not whether AI favours offense or defence, but which side adapts faster to the new operational reality.

But if “The Offensive AI Revolution” outlined the scale of the threat, here we focus to the defensive renaissance now taking shape: how forward-thinking organizations are not just responding to AI-enabled threats, but getting ahead of them. This is not a story of despair, it's evidence of adaptation. Matching AI-enabled threats requires more than new tools; it demands a fundamental reimagining of security architecture – one that treats speed, adaptability, and continuous learning as core design principles rather than aspirational goals.

If the offensive AI revolution was the wake-up call, this is the response – the story of how security is being rebuilt at machine speed to fight a machine-speed threat. From adversarial machine learning and AI red teaming to behavioural authentication, real-time detection, and human-AI collaboration models, we'll map the strategic, operational, and technical shifts necessary to build truly AI-native defence. We’ll also examine the critical governance and accountability structures that must guide this transition, ensuring that in our race to automate, we don’t compromise trust, ethics, or oversight.

This transformation extends beyond traditional cybersecurity boundaries into fundamental questions of organizational readiness and economic strategy. As we'll explore, the most successful defensive programs are those that treat AI security not as a technology deployment but as an institutional capability – one that requires new skills, new team structures, and new approaches to measuring security effectiveness. The economic implications are equally profound: organizations that successfully implement AI-native defence gain sustainable competitive advantages, while those that delay face exponentially increasing costs as the threat landscape continues to evolve.

What follows is not a catalogue of tools or a checklist of best practices, but a discussion of the strategic framework needed for AI-native defence. I present a comprehensive approach that incorporates artificial intelligence not as a supplementary capability but as a fundamental operating principle. More importantly, I explore how organizations are transforming their security teams, processes, and cultures to operate effectively in an environment where both threats and defences evolve continuously at machine speed.

The transition to AI-native defence also brings significant governance challenges. Security leaders must navigate complex questions about algorithmic transparency, decision authority, and the appropriate balance between automation and human judgment. Yet these challenges also represent opportunities: organizations that master AI-native defence don't just protect themselves more effectively. They enable faster innovation, build stakeholder trust, and create competitive advantages in an increasingly digital-first economy. The following sections explore how to seize these opportunities while managing the inherent risks of this transformation.

While the full analysis of AI-native defence capabilities requires deep examination of technical architectures, organizational transformation, and implementation strategies – topics I explore comprehensively in the complete research – the strategic implications of this defensive evolution extend far beyond cybersecurity itself. They reveal fundamental shifts in how we must think about competition, trust, and human agency in an AI-driven world. These deeper insights demand our immediate attention, as they will shape not just our security postures but the very foundations of digital society.

Mastering the AI Arms Race

The defensive revolution in cybersecurity represents far more than a technological transition, it embodies a fundamental transformation in how we conceptualize security, intelligence, and trust in an increasingly AI-mediated world. While implementing AI-native defence requires comprehensive organizational evolution and sophisticated technical capabilities, the implications of this transformation extend well beyond cybersecurity itself to touch on questions of economic competition, social equity, human agency, and the very foundations of trust in digital society.

The changes we are witnessing transcend tactical improvements or technological upgrades. They represent profound shifts in organizational capability, competitive dynamics, and societal infrastructure that will shape not just how we defend against threats, but how we organize economies, distribute opportunities, and maintain human autonomy in an age of increasingly autonomous systems. The following reflections explore these deeper implications, addressing the fundamental transformations that emerge when we fully grasp what it means to build security for an AI-driven future.

The Fundamental Paradigm Shift: From Security as Control to Security as Adaptation

The most profound transformation that I’ve observed is not technological but conceptual: the obsolescence of security as a discipline of control. For decades, cybersecurity operated on the foundational assumption that threats could be catalogued, contained, and countered through increasingly sophisticated but fundamentally static defences. We built firewalls to establish perimeters, deployed signatures to identify known threats, and implemented policies to govern predictable behaviours. This control-based paradigm worked because both attackers and defenders operated within shared constraints of human cognition, manual processes, and linear progression.

Artificial intelligence shatters these assumptions entirely. When attacks can evolve faster than detection rules can be written, when threats can adapt their behaviour in real-time based on defensive responses, and when adversaries can operate at machine scale with minimal human oversight, the very concept of "controlling" security becomes not just inadequate but counterproductive. The attempt to maintain rigid defensive postures against adaptive adversaries creates brittleness rather than resilience, leaving organizations increasingly vulnerable to exactly the novel threats their static controls cannot anticipate.

What emerges instead is security as an adaptive capability – a living system that learns, evolves, and responds to threats through continuous interaction rather than predetermined rules. This shift represents more than technological evolution; it demands a fundamental reconceptualization of what security professionals do - a shift from static to dynamic. Rather than building stronger walls, we engineer immune systems. Rather than writing better rules, we cultivate systems that can recognize and respond to anomalies they've never encountered before. Rather than controlling threats, we develop the institutional capacity to adapt faster than those threats can evolve.

This paradigm shift introduces evolutionary pressure into cybersecurity that has never existed before. Organizations no longer compete merely on the sophistication of their defences but on their rate of adaptation to emerging threats. Success becomes measured not by the strength of current protections but by the speed at which defensive capabilities can evolve alongside changing attack vectors. Security effectiveness transforms from a function of defensive investment to a function of organizational learning velocity.

The implications here extend far beyond technical architecture to organizational culture, talent development, and strategic planning. Security teams must transition from guardians of established controls to researchers of adaptive defence, continuously experimenting, learning, and evolving their approaches. Cybersecurity is perhaps better placed to adapt due to the explosive change in cyber over the past ten years but the evolution must extend deeper into Technology teams where perhaps change has been slower and change is seen as an enemy of costs and legacy integration. Leadership must fund not just security tools but institutional capabilities for continuous transformation. Most critically, organizations must develop comfort with persistent uncertainty, recognizing that in an environment of continuous evolution, there is no final secure state – only the ongoing process of staying ahead of intelligent, adaptive adversaries.

This fundamental shift from control to adaptation represents perhaps the most significant evolution in cybersecurity thinking since the emergence of networked computing itself. Organizations that embrace this paradigm position themselves to thrive in an environment of continuous change, while those that cling to control-based models risk obsolescence regardless of their defensive investment levels.

The Emergence of Cybersecurity as Competitive Intelligence

A subtle but transformative shift emerges from my analysis: AI-native security systems do not merely protect organizational assets – they generate unprecedented intelligence about organizational operations, user behaviours, market dynamics, and competitive positioning that creates strategic advantages extending far beyond traditional security outcomes. This represents a fundamental reframing of cybersecurity's organizational value proposition, evolving from a necessary cost centre focused on risk mitigation to a strategic capability that actively drives business intelligence and competitive differentiation. And this is good.

Traditional security systems operated as largely passive monitoring infrastructures, generating alerts when predefined thresholds were exceeded but providing limited insight into normal operations or emerging patterns. AI-enhanced security platforms, by contrast, develop comprehensive behavioural models of organizational activity that reveal operational insights invisible to conventional business intelligence systems. These platforms understand user productivity patterns, identify process inefficiencies, detect emerging collaboration trends, and surface operational anomalies that may indicate not security threats but business opportunities or performance optimization potential.

Consider the strategic intelligence embedded in AI-driven security analytics: behavioural authentication systems that reveal optimal user experience patterns; network monitoring that identifies high-value collaboration relationships; data access analytics that expose information bottlenecks limiting organizational agility; and threat intelligence that provides early warning of industry-wide risks affecting competitive positioning. Organizations implementing comprehensive AI security gain what amounts to an organizational nervous system – continuous awareness of internal operations, external threat landscapes, and emerging market dynamics that inform strategic decision-making across business functions.

This intelligence advantage compounds over time as AI security systems accumulate institutional knowledge about organizational patterns, threat evolution, and operational optimization opportunities. Unlike traditional business intelligence that analyses historical data, security-derived intelligence operates in real-time, providing immediate insight into changing conditions, emerging risks, and strategic opportunities as they develop. Organizations effectively gain predictive capabilities about their own operations and competitive environment that extend well beyond security considerations.

Perhaps most significantly, this transformation repositions security professionals as organizational intelligence analysts rather than purely defensive specialists. Security teams become sources of strategic insight about operational efficiency, competitive threats, market dynamics, and organizational health that prove valuable across business functions. Chief Information Security Officers increasingly find themselves contributing to strategic planning, competitive analysis, and operational optimization discussions based on insights derived from security analytics.

The competitive implications are profound. Organizations that view AI security merely as enhanced protection forfeit the strategic intelligence these systems generate, while those that recognize and leverage the business intelligence embedded in security analytics gain sustained competitive advantages. In an increasingly AI-driven economy, the organizations with the most comprehensive and sophisticated security intelligence platforms possess superior situational awareness about their operations, competitive environment, and emerging opportunities.

This evolution fundamentally challenges traditional organizational boundaries between security, business intelligence, and strategic planning functions, suggesting that the most successful organizations will be those that integrate these capabilities into unified intelligence frameworks that serve both protective and strategic objectives simultaneously.

The Democratization Paradox and the New Digital Divide

One of the most striking paradoxes revealed in my analysis is how the same technological forces that democratize offensive capabilities simultaneously create an unprecedented stratification among defenders. While AI tools have dramatically lowered barriers for threat actors – enabling sophisticated attacks through readily available LLM assistants, deepfake-as-a-service platforms, and automated exploitation frameworks, etc. – the defensive response to these threats has created a new form of digital inequality that compounds exponentially over time.

This democratization paradox manifests in a troubling asymmetry: whereas AI-powered attack tools can be deployed with minimal organizational investment or expertise, effective AI-native defence requires substantial budgets, institutional transformation spanning technology infrastructure, human capital development, organizational processes, and cultural adaptation. A single threat actor with access to commercial AI tools can potentially compromise organizations that have invested millions in traditional security but lack AI-native defensive capabilities. Yet implementing comprehensive AI security requires sustained investment in specialized talent, adaptive architectures, and continuous capability development that many organizations cannot realistically achieve.

The result is the emergence of what I call a "security poverty trap" that creates widening gaps between organizational defensive capabilities. Organizations that successfully implement AI-native security gain compound advantages: their defensive systems learn and improve continuously, their security teams develop expertise in emerging threat vectors, and their institutional knowledge accumulates in ways that create sustained competitive advantages. Meanwhile, organizations relying on conventional security approaches face increasingly sophisticated AI-enabled threats with static, human-speed defences that become progressively less effective over time.

This digital divide operates across multiple dimensions simultaneously. Large enterprises with substantial resources can afford specialized AI security talent, advanced threat intelligence platforms, and comprehensive security architectures, while smaller organizations face the same AI-enabled threats with limited budgets and generalist security personnel with key skills being outsourced to third party security service providers which presents a different risk and increases the asymmetry. Technologically sophisticated industries develop AI security capabilities faster than traditional sectors, creating inter-industry vulnerability disparities. Geographic regions with strong AI research ecosystems and regulatory frameworks gain defensive advantages over areas lacking these institutional foundations.

Perhaps most concerning is the self-reinforcing nature of this divide. Organizations with advanced AI security capabilities attract top talent, generate better threat intelligence, and develop more sophisticated defensive innovations that further widen their advantage over less capable peers. The gap between AI-security leaders and laggards doesn't merely persist, it accelerates, creating winner-take-all dynamics in organizational security effectiveness that mirror broader patterns of technological inequality.

The implications extend beyond individual organizational risk to systemic vulnerabilities across entire economic sectors and supply chains. When AI-enabled attackers can target the weakest links in interconnected business ecosystems, even organizations with sophisticated defences become vulnerable to compromise through less capable partners, suppliers, or industry peers. The security poverty trap thus creates cascading risks that threaten entire sectors rather than just individual organizations.

This emerging digital divide in security capability represents one of the most significant challenges facing the cybersecurity community. Unlike previous technology transitions where organizations could gradually adopt new capabilities over extended timeframes, the velocity of AI-enabled threats compresses adaptation windows dramatically. Organizations that fall behind in AI security capability face not merely competitive disadvantages but existential risks from threats they lack the institutional capacity to detect, understand, or counter effectively.

The democratization paradox thus reveals a fundamental tension at the heart of the AI revolution: while artificial intelligence promises to democratize many capabilities, in cybersecurity it may create unprecedented concentrations of defensive advantage among organizations capable of mastering its complexities while leaving others increasingly vulnerable to democratized offensive capabilities they cannot adequately defend against.

The Philosophical Question of Agency in Security

Perhaps the most profound challenge emerging from my analysis transcends technology entirely to confront fundamental questions about human agency in security decision-making. As AI systems become increasingly autonomous in both attack and defence, we approach a threshold where the most critical security decisions, those determining organizational survival, data protection, and operational continuity occur at machine speed, and beyond the scope of human deliberation, oversight, or meaningful intervention. This reality forces us to grapple with philosophical questions that have no clear precedent: What level of autonomous decision-making are we comfortable delegating to systems we don't fully understand? How do we maintain meaningful human control over processes that operate faster than human cognition can follow?

The traditional cybersecurity paradigm assumed human decision-makers would evaluate threats, approve responses, and maintain accountability for security outcomes. Even highly automated systems operated within frameworks of human oversight, escalation procedures, and ultimate human authority over consequential actions. AI-native security fundamentally disrupts these assumptions by creating scenarios where effective defence requires decisions to be made in milliseconds rather than minutes, by systems capable of processing information volumes and complexity patterns that exceed human cognitive capacity.

Consider the philosophical implications of autonomous incident response systems that can isolate compromised networks, terminate user sessions, or quarantine critical systems without human approval. These are actions that may be essential for organizational protection but also carry significant business and operational consequences. Or AI-driven threat detection systems that flag individuals as security risks based on behavioural patterns invisible to human analysis, potentially affecting employment, performance evaluations, access privileges, and professional reputation through algorithmic decisions that resist straightforward explanation or appeal.

Even more challenging are the accountability questions that emerge when AI security systems make decisions that prove incorrect or harmful. Traditional frameworks of responsibility assume human decision-makers who can be held accountable for their choices, but algorithmic decision-making distributes responsibility across development teams, training data, organizational policies, and system architecture in ways that obscure clear lines of accountability. When an AI security system blocks legitimate business activity to prevent a false positive threat, or fails to detect a genuine attack due to adversarial evasion, who bears responsibility for the consequences?

The agency question becomes particularly acute in adversarial scenarios where AI defence systems must counter AI attack systems, potentially leading to machine-versus-machine conflicts that unfold entirely beyond human observation or control. These scenarios raise fundamental questions about the nature of security itself: Are we protecting human interests through autonomous systems, or have we created artificial agents pursuing objectives that may diverge from human values in ways we cannot predict or prevent?

The philosophical challenge extends to questions of transparency and explainability in AI security decisions. Many of the most effective AI systems operate as "black boxes" that produce accurate results through complex internal processes that resist human interpretation. Yet security decisions often require justification – to stakeholders, regulators, legal systems, or affected individuals – that demands explanations AI systems may be fundamentally incapable of providing in terms humans can meaningfully evaluate.

Perhaps most troubling is the potential for AI security systems to shape human behaviour in ways that optimize for security metrics rather than human flourishing. As these systems become more sophisticated at predicting and preventing security incidents, they may encourage or discourage human actions based on risk calculations that prioritize system security over individual autonomy, creativity, or dignity. The question becomes whether we are deploying AI to serve human security interests, or inadvertently subjecting human activity to algorithmic optimization for security outcomes.

These philosophical challenges demand more than technical solutions . They require fundamental deliberation about the kind of digital society we wish to create and the role we want human agency to play within AI-mediated security frameworks. The choices we make today about autonomous security systems will shape not just organizational protection but the broader relationship between human decision-making and algorithmic authority in domains that affect fundamental aspects of human life and liberty.

The emergence of autonomous security systems thus confronts us with questions that transcend cybersecurity to touch on core issues of human autonomy, algorithmic authority, and the appropriate balance between security and freedom in an AI-driven world. How we navigate these philosophical challenges will determine not just the effectiveness of our security systems but the kind of society these systems ultimately create and protect.

Security as the Foundation of Trust in an AI-Driven Economy

The most far-reaching insight from my study reveals cybersecurity's evolution beyond organizational protection to become the fundamental trust infrastructure upon which an AI-driven economy depends. As artificial intelligence increasingly mediates critical decisions affecting human welfare – from financial transactions and healthcare diagnoses to transportation routing and legal determinations – the security of these AI systems transcends traditional notions of data protection or business continuity to become a prerequisite for societal trust in AI-mediated interactions themselves.

This transformation redefines the stakes of cybersecurity from protecting individual organizations to preserving the integrity of economic and social systems that depend on AI reliability. When AI systems make lending decisions, autonomous vehicles navigate traffic, or medical AI assists in treatment recommendations, the security of these systems determines not just their immediate functionality but public confidence in AI-driven services across entire sectors. A successful attack on AI systems doesn't merely compromise individual organizations – it can undermine trust in entire categories of AI applications, potentially triggering broader rejection of beneficial AI technologies.

The trust implications operate across multiple interconnected layers of the digital economy. At the foundational level, trust in AI systems depends on confidence that they operate as intended, free from manipulation, corruption, or adversarial interference. This requires not just technical security but transparent, verifiable security practices that stakeholders can understand and validate. At the transactional level, trust emerges from consistent, reliable AI behaviour that meets user expectations and regulatory requirements over time. At the systemic level, trust depends on collective confidence that AI systems across an economy operate within appropriate governance frameworks that prioritize human welfare over purely algorithmic optimization.

Organizations that master AI-native security thus assume roles far beyond protecting their own assets – they become stewards of public trust in AI-enabled services. Financial institutions implementing secure AI for credit decisions don't merely protect their proprietary algorithms; they maintain confidence in AI-mediated financial services that enables broader economic participation. Healthcare organizations securing medical AI systems preserve trust in AI-assisted diagnosis and treatment that affects patient willingness to engage with AI-enhanced healthcare. Technology companies implementing robust AI security frameworks enable trust in AI platforms that supports innovation across entire business ecosystems.

This stewardship responsibility creates both opportunities and obligations that extend traditional cybersecurity mandates. Organizations with superior AI security capabilities can become trusted partners for stakeholders who require confidence in AI reliability – customers seeking AI-enhanced services, partners integrating AI capabilities, and regulators overseeing AI deployments. Yet this trust advantage comes with corresponding obligations to maintain security standards that preserve broader confidence in AI applications, not just immediate business interests.

The economic implications are profound. In an AI-driven economy, trust becomes a tradeable asset that organizations can build, lose, or transfer through their security practices. Organizations known for robust AI security can command premium pricing for AI-enabled services, attract partnerships with security-conscious stakeholders, and access markets requiring demonstrated AI reliability. Conversely, organizations with poor AI security records face not just immediate breach consequences but lasting damage to their ability to participate in AI-driven business relationships.

Perhaps most significantly, the concentration of AI security expertise among a relatively small number of organizations creates systemic risks to economic trust in AI applications. If only a subset of organizations can implement truly secure AI systems, broader economic benefits from AI adoption may be constrained by justified concerns about AI reliability and security among organizations lacking sophisticated security capabilities. This dynamic suggests that the democratization of AI security expertise becomes not just a competitive issue but an economic imperative for enabling widespread, beneficial AI adoption.

The emergence of cybersecurity as trust infrastructure also implies new forms of collective responsibility among organizations deploying AI systems. Just as financial institutions collectively maintain confidence in monetary systems through shared security standards and mutual oversight, organizations implementing AI systems may need to develop collaborative frameworks for maintaining public trust in AI reliability.

Ultimately, the evolution of cybersecurity into trust infrastructure represents a fundamental shift in how we understand the relationship between individual organizational security and broader social and economic welfare. In an AI-driven economy, cybersecurity becomes not just a business function but a societal utility, rather it evolves into essential infrastructure for maintaining the trust relationships that enable beneficial AI adoption across entire economies. Organizations that recognize and embrace this broader responsibility position themselves not just as secure AI adopters but as enablers of trustworthy AI deployment that benefits entire societies.

The organizations that recognize these transformations early – and begin adapting their security thinking beyond traditional protection models – will not only survive the AI arms race but help shape the trusted, intelligent, and equitable digital future we all depend on. The question is no longer whether AI will transform cybersecurity, but whether we'll master that transformation before it masters us.

In the next article of this series, we'll move from strategic philosophy to practical implementation, exploring how organizations can engineer AI-native security from the ground up through Secure by Design principles. We'll examine the some of the technical architectures, governance frameworks, and organizational practices that transform security from a bolt-on protection layer into the foundational DNA of AI systems themselves. From threat modelling AI-specific attack vectors to implementing continuous behavioural monitoring, we'll provide a comprehensive blueprint for building security into the AI lifecycle rather than retrofitting it afterward.

The defensive revolution demands more than new tools, it requires fundamentally reimagining how we build, deploy, and govern AI systems. Organizations that master this transformation don't just defend more effectively; they create sustainable competitive advantages in an AI-driven economy.

As you consider your organization's AI security journey, which transformation resonates most: the shift from control to adaptation, the emergence of security as competitive intelligence, or the philosophical questions around autonomous decision-making? How are you preparing for a future where security must be engineered at machine speed? Share your reflections in the comments below.

In my “New Battlefield” article, I identified three critical observations reshaping cybersecurity: the acceleration of AI capabilities, the transformation of threat profiles, and the evolution of defensive capabilities. Here I want to deep-dive into how artificial intelligence is fundamentally altering who can launch sophisticated attacks and what those attacks look like.

The numbers tell a stark story. Google's Mandiant research conducted in 2023 shows that time-to-exploit for vulnerabilities had already plummeted from 63 days in 2018 to just five days. Given the accelerating pace of AI development since that study, current timelines are likely even shorter – with AI-powered attackers already observed weaponising critical flaws within 48 hours of disclosure1. But speed is only part of the transformation. What's truly revolutionary is how AI has democratised capabilities that were once the exclusive domain of elite threat actors.

The Great Democratization: From Elite Skills to Accessible Tools

"The script kiddie is dead. Long live the prompt-powered operator."

This stark reality captures the most significant shift in the threat landscape: the dramatic lowering of barriers to sophisticated attack capabilities. Not all democratization is good news. Where advanced persistent threats once required teams of skilled hackers working for weeks, today's adversaries leverage AI as a force multiplier that compresses both time and expertise requirements. Palo Alto Networks’ Unit 42 are able to show that GPT-powered simulated ransomware campaigns are able to compress multi-stage attacks from days to minutes2.

The New Attack Economics

The economics of cybercrime have fundamentally shifted. Traditional attack models required substantial investments in human talent, specialised tools, and operational infrastructure. AI has inverted this equation. Sophisticated capabilities are now available as services, accessible through natural language interfaces, and deployable by operators with minimal technical background.

Consider the progression we've witnessed:

• 2020: Advanced social engineering required deep research, writing skills, and psychological manipulation expertise

• 2022: ChatGPT enables automated, contextually aware phishing at scale

• 2024: Platforms like WormGPT and EvilGPT commercialise AI-assisted attack workflows in underground markets

This isn't just tool evolution – it is a fundamental restructuring of the threat actor ecosystem. The barrier between sophisticated nation-state capabilities and commodity cybercrime continues to erode.

LLM-Powered Exploitation Pipelines

Large language models have become the Swiss Army knife of modern cyber operations. Recent research with LLMSmith – this is a toolchain that systematically discovers and exploits vulnerabilities in LLM-integrated applications – demonstrates this reality. The study led to thirteen CVEs and successful exploitation of sixteen real-world applications using only natural language prompts3.

These models excel across the entire attack lifecycle:

Reconnaissance and Target Profiling: Adversaries feed LLMs scraped social media data, corporate information, and public records. The models generate detailed psychological profiles and contextually appropriate attack vectors tailored to specific industries, roles, or even individuals. This represents a striking democratization of capabilities. Threat actors can now perform the kind of sophisticated psychological profiling and behavioural targeting that required the resources and expertise of organizations like Cambridge Analytica or AggregateIQ just a few years ago, but with AI assistance accessible to anyone with basic technical skills..

Code Analysis and Reverse Engineering: Attackers upload obfuscated PowerShell scripts, complex binary decompilation, or proprietary application logic. They receive interpretations, vulnerability assessments, and exploit suggestions that previously required years of specialised training.

Automated Vulnerability Research: By parsing technical documentation, GitHub repositories, CVE databases, CISA's Known Exploited Vulnerabilities (KEV) catalogue, and Rapid7's Vulnerability & Exploit Database (to mention but a few) LLMs accelerate the ‘research-to-weaponization’ pipeline from weeks to hours. This democratization is amplified by the increasing transparency of vulnerability disclosure. While initiatives like KEV and public exploit databases serve legitimate defensive purposes, they also provide threat actors with comprehensive roadmaps of proven attack vectors. LLMs can now cross-reference these authoritative sources at machine speed to identify patterns, suggest attack vectors, and generate proof-of-concept exploits with unprecedented efficiency. This is an acceleration that fundamentally changes the economics of vulnerability research from a time-intensive, expert-driven process to an automated, scalable capability.

Threat actors and their ecosystem have already commercialised these capabilities. While platforms like WormGPT are essentially wrappers around existing LLMs with minimal custom functionality, they represent clear market demand and demonstrate how the combination of AI assistance and transparent vulnerability data creates a perfect storm for democratised exploitation.

Beyond Phishing: The New Art of Deception

Social engineering has evolved from broad, poorly targeted campaigns to psychologically sophisticated, real-time manipulation that adapts to target responses. This transformation represents one of the most immediate and dangerous applications of AI in offensive operations.

The evolution of AI-generated audio and video deepfakes into social engineering represents one of the most immediate threats on the horizon.

Hyper-realistic Impersonation at Scale

The cases are numerous and financially devastating:

• Early 2024: Attackers used a deepfake CFO during a Zoom call to defraud a firm of $25 million

• A manager in Hong Kong was manipulated via deepfake voice into wiring $35 million, supported by follow-up emails mimicking legal counsel

• Wall Street Journal journalist successfully fooled her own bank's voice authentication using a cloned version of her voice

These aren't isolated incidents – they represent a new operational reality where voice and video can no longer serve as trusted identity verification.

Although new voice cloning detection tools are being developed, there are two key challenges we need to consider:
1. The “Red Queen” effect: As voice clone detection technology evolves, so do the offensive tools, techniques and tactics, creating a perpetual arms race where defenders must run faster just to stay in place.
2. The “legacy drag”: The weight of legacy systems and processes slows adoption of new technologies, especially when organizations recently invested in early versions of defensive technologies or believe existing solutions provide equivalent protection

The dilemma this presents, is that organizations face a critical window where attack capability has matured faster than defensive deployment. Unlike traditional technology investments that could be planned over multi-year cycles, the velocity of AI-enabled deception demands immediate action. The economic damage is already real and measurable, but the institutional response mechanisms (from procurement cycles, risk assessment frameworks, to technology adoption processes) is calibrated for a slower threat evolution timeline - acutely underestimating the real risks.

The Three Pillars of AI-Enhanced Social Engineering

Comprehensive Target Analysis: Modern attackers employ AI to conduct unprecedented reconnaissance. They analyse social media profiles, corporate biographies, public presentations, and academic publications to build detailed psychological profiles. This data fuels generative systems that produce spear-phishing messages precisely aligned to the target's communication style, industry concerns, and emotional triggers.

Real-Time Adaptation: Unlike traditional phishing campaigns that rely on static templates, AI-driven operations adapt their messaging based on target responses. The system adjusts tone, urgency, and approach to overcome suspicion, creating a conversational dynamic that feels authentically human.

Multi-Modal Deception: Advanced speech synthesis tools like ElevenLabs enable real-time voice cloning with minimal sample data. Combined with deepfake video technology and LLM-generated scripts that mirror internal terminology and communication styles, attackers can deploy synthetic personas across multiple sensory channels tailored to specific victims and business contexts.

The psychological impact proves particularly effective in trusted business environments where authority and urgency intersect: when "the CEO" calls during a board meeting demanding immediate wire transfers, when "legal counsel" emails urgent settlement instructions, or when “the CFO" appears on video requesting emergency fund movements during supposed acquisition talks. This is equally relevant in high-pressure business environments (M&A discussions, crisis management, etc.) and in in processes where velocity trumps verification – such as time-sensitive contract approvals where rigid authentication procedures are viewed as obstacles to decisive action.

The Stealth Revolution: Behavioural Mimicry and Adaptive Malware

Post-compromise operations have been revolutionised by machine learning applications that analyse and replicate legitimate user behaviour. Traditional intrusion detection relied on identifying unusual patterns – but what happens when the attacker looks exactly like a legitimate user?

Invisible Through Normality

Advanced persistent threats now operate with unprecedented stealth capabilities:

• Precision Timing: Access occurs during an organization's peak operational hours, precisely matching normal work patterns to avoid time-based anomaly detection

• Role-Appropriate Activity: Attackers mirror legitimate user access patterns to files, applications, and networks based on carefully inferred job responsibilities and typical workflow patterns

• Disciplined Lateral Movement: Rather than aggressively spreading through networks, sophisticated actors constrain their activities to systems and resources consistent with the compromised identity they're leveraging

Research confirms the effectiveness of this approach4. Studies demonstrate that malware using polymorphic execution strategies such as distributing behaviour across multiple threads and adapting actions based on system context, is able to reduce detection accuracy in behavioural classifiers by up to 50%. Although wide-spread adoption by threat actors is yet to be observed), this approach is already documented and viable.

The Evolution of Malicious Code

Malware itself is undergoing fundamental transformation through AI enhancement. Traditional signature-based detection faces increasingly sophisticated evasion:

Generative Polymorphism: AI models produce malware variants that modify their signatures with each delivery, making hash-based or pattern-matching defences obsolete.

Environment-Aware Execution: Advanced specimens detect sandbox analysis environments and deliberately suppress malicious behaviour during automated scans, only revealing true functionality in live production settings.

Context-Sensitive Activation: The most sophisticated malware incorporates dynamic decision-making about when, where, and how to activate – deferring execution until specific conditions are met, such as privileged user login or sensitive application launch.

Perhaps most concerning is recent research applying Generative Adversarial Networks (GANs) to malware creation. One standout example is the EGAN framework – short for ‘Evolutional GAN’ – which merges GANs with Evolution Strategies to generate ransomware variants that appear benign to antivirus engines while remaining fully functional. In essence, EGAN teaches malware how to mutate intelligently, evolving in real time to sidestep detection without breaking its core payload5.

While EGAN and similar techniques represent the current frontier of AI-enhanced malware, they also point toward an even more concerning future: one where these experimental capabilities mature into operational weapons deployed at scale.

Emerging Threats: The Next Wave of AI-Enabled Attacks

The stealth revolution in malware represents just one dimension of how AI is reshaping offensive capabilities. The most dangerous evolution isn't simply automation of existing attacks, it's the emergence of capabilities that redefine how cyber operations are conceived and executed.

Several advanced threats remain just over the horizon, grounded in current research but not yet broadly operational.

Autonomous Attack Systems

We're witnessing the early emergence of autonomous attack systems: agentic AI frameworks capable of pursuing high-level objectives like reconnaissance, lateral movement, and data exfiltration with minimal human oversight.

As I already mentioned, the recent analysis by Palo Alto Networks' Unit 42 demonstrates this trajectory – AI-assisted attacks have reduced time-to-exfiltration in simulated ransomware campaigns by up to 100x, compressing multi-stage operations from days to minutes.

Current LLM limitations include robustness issues, memory constraints, and tool integration challenges. But we should remember that these are engineering problems, not conceptual barriers. Security researchers have already demonstrated agents autonomously escalating privileges using real-time sourced exploits and adjusting tactics to evade defensive measures.

What distinguishes autonomous systems from traditional automation is intent. These are adaptive agents capable of responding to feedback, altering strategies, and persisting toward objectives without continuous human input.

AI-Generated Zero-Day Discovery

The discovery of zero-day vulnerabilities is transitioning from elite human talent to automated AI systems. While no confirmed cases exist (yet) of fully autonomous AI discovering and exploiting unknown zero-days in production environments, the foundational components are rapidly maturing.

Machine learning models trained on source code repositories, binary execution patterns, and historical CVE data demonstrate increasing ability to:

• Detect insecure coding practices and control flow weaknesses

• Suggest plausible exploits for poorly sanitised inputs

• Analyse binary code and simulate program behaviour to identify exploitable states

The risk extends beyond acceleration to accessibility. Where human zero-day discovery required specialised skills and patience, AI lowers these barriers significantly. Once embedded in open-source frameworks or adversarial toolkits, these capabilities could democratise zero-day discovery across the broader threat actor ecosystem.

These evolving offensive capabilities create fundamental asymmetries that challenge every assumption underlying traditional defensive strategies.

Strategic Implications: The Defender's Dilemma

The rise of AI-enhanced offensive capabilities creates fundamental asymmetries that challenge every assumption underlying traditional defensive strategies. I will dissect this problem in an in-depth article but for context here, regarding the Offensive Revolution that AI is presenting, security leaders must grapple with several paradigm shifts:

From Human-Speed to Machine-Speed Threats

AI enables adversaries to compress vulnerability-to-exploitation lifecycles from weeks to hours. These attacks move faster than human-cantered response mechanisms can react, regardless of budget, headcount, or experience level.

This velocity advantage undermines traditional incident response frameworks, governance processes, and compliance models designed for slower, more predictable threats. Organizations still reliant on manual approval chains and post-incident analysis find themselves defending in the past tense.

From Skill Barriers to Tool Availability

The democratization of sophisticated attack capabilities has fundamentally altered threat modelling assumptions. Capabilities once requiring elite technical talent are increasingly accessible through AI-enhanced tooling – much of which is open-source or actively commercialised in underground markets.

This expansion breaks legacy risk assessment models. Sophistication is no longer tied to adversary skill level. It's a product of tool availability and AI accessibility. Organizations must now assume that any motivated threat actor can potentially deploy advanced techniques previously associated with nation-state actors.

From Discrete Events to Persistent Deception

AI-driven deepfakes, behavioural mimicry, and context-aware social engineering enable a transition from sporadic, identifiable intrusion attempts to persistent, embedded manipulation that operates continuously within organizational environments.

Traditional anomaly detection, security awareness training, and trust-based controls prove increasingly vulnerable when attackers can convincingly simulate legitimate users, executives, and business partners across multiple interaction channels.

The Economics of the New Threat Landscape

The cost structure of cybercrime has fundamentally shifted. Traditional attack economics required substantial upfront investment in human talent and specialised tooling. AI has inverted this equation – sophisticated capabilities are now available as low-cost services, dramatically expanding the potential threat actor population.

Meanwhile, the potential impact of successful attacks continues to escalate. Organizations face not just direct financial losses but regulatory penalties, reputational damage, and operational disruption that can persist for years following a significant breach.

The Imperative for Strategic Transformation

The convergence of these trends demands more than incremental security improvements – it requires fundamental transformation in how organizations approach cyber defence. For this to be effective, three critical shifts are necessary:

From Reactive to Predictive: Security programs must anticipate AI-enabled attack techniques before they appear in production environments. This includes AI-specific red teaming, adversarial simulation, and investment in detection systems that can match attacker speed and adaptability.

From Static to Adaptive: Traditional security architectures built around fixed controls and known patterns must evolve toward dynamic systems capable of detecting and responding to novel threats in real-time.

From Individual to Collective: The democratization of advanced attack capabilities means no single organization can maintain comprehensive visibility across the threat landscape. Effective defence increasingly requires collaborative approaches that share intelligence, techniques, and countermeasures across organizational boundaries.

Organizations that delay this transformation risk falling permanently behind adversaries who evolve with every AI breakthrough. The advantage won't go to the most resourced teams – it will go to those who can anticipate intent and model threats before they materialise.

The New Reality: Speed, Scale, and Strategic Response

The AI-driven transformation of cyber offense is no longer theoretical, it is not hyperbole and it’s not science-fiction – it is operational and accelerating. Today's threat actors aren't merely augmenting traditional tactics with AI; they're reshaping the attack landscape entirely through machine-speed operations, scalable deception, and increasingly autonomous offensive capabilities.

This shift transcends specific vulnerabilities or attack techniques. We're witnessing the emergence of a new class of threat: faster, more precise, harder to detect, and accessible to a dramatically expanded population of potential adversaries.

The foundational assumptions that guided cybersecurity for decades are rapidly eroding. The barrier between sophisticated state-sponsored capabilities and commodity cybercrime continues to collapse. The attack surface is expanding and mutating faster than traditional security architectures can adapt.

For security leaders, this creates an urgent imperative: develop strategic agility – the institutional capacity to anticipate deception, operate through compromise, and respond at machine tempo. This isn't simply a technology upgrade; it's an organizational transformation that must occur at the pace of AI advancement rather than traditional enterprise change cycles.

The organizations that will thrive are those that treat security not as a fixed state but as a dynamic capability – one that evolves alongside both the threats they face and the AI technologies that enable those threats.

In next article of this series, we'll explore how defenders are rising to meet these challenges – building AI-augmented security operations, implementing adversarial machine learning countermeasures, and developing the human-AI collaboration models necessary to counter threats that think for themselves.

The AI arms race is already underway. The question now is not whether these threats will materialise, but how quickly organizations can develop the adaptive capabilities necessary to defend against them.

What aspects of AI-driven offensive capabilities concern you most? How is your organization preparing for threats that evolve faster than traditional security measures? Share your perspectives in the comments below.

‘Compliance' and 'competitive advantage' rarely appear in the same sentence for cybersecurity leaders. A growing number of organizations are transforming regulatory burdens into strategic weapons. As global regulatory AI frameworks become increasingly complex and divergent, the choices for organizations are limited: treat compliance as a box–ticking exercise or embrace it as a strategic lever that can bolster security operations, amplify trust, and create tangible competitive advantages. I make no secret that I am about to advocate the latter.

Far from being just another overhead cost, regulatory compliance can offer the cyber leadership a unique chance to strengthen their security posture while proactively managing evolving risks. Regulations that demand explainability, transparency, and fairness may initially seem restrictive, but these mandates can drive clarity, sharpen accountability, and enhance resilience across the organization.

Here I will attempt to unravel how visionary organizations are already harnessing compliance requirements to build stronger, more adaptive security frameworks. By transforming regulatory mandates into operational opportunities, security leaders can leverage compliance as a business enabler, not just a legal obligation. In the sections ahead, I’ll explain how strategic compliance can become your organization's cybersecurity edge – turning complexity into capability, risk into resilience, and obligation into advantage.

The stakes are tangible: organizations that treat compliance as a mere checkbox exercise risk not only regulatory penalties but also missed opportunities to strengthen their security posture. Those who approach regulation strategically; however, can transform compliance from a burden into a catalyst for trust, transparency, and competitive advantage.

Navigating the Compliance Maze – 3 Key Challenges Facing Security Leaders

Deploying AI-powered cybersecurity across global jurisdictions means grappling with regulations as complex and dynamic as the threats themselves. While every region introduces its unique blend of rules – whether the EU's strict AI Act, America's fragmented sectoral regulations, or China's state–driven AI governance – several key compliance challenges universally confront cybersecurity teams. Understanding these obstacles is the critical first step in transforming regulatory compliance from a perceived burden into a strategic asset.

Three core issues – Explainability, Cross-border Data Flows, and Third-party AI Risk Management – consistently emerge as key themes across these different regulatory frameworks. Not only are they foundational to achieving compliance in multiple jurisdictions, but they're also uniquely impactful in shaping the operational effectiveness and resilience of AI–driven cybersecurity programs. Failing to address any one of these key challenges can expose organizations to substantial regulatory, reputational, and operational risks – making them essential focus areas for cybersecurity leaders aiming for strategic compliance.

Challenge 1: The Explainability Imperative

As regulatory demands for transparency rise, AI systems must now explain their decisions clearly, consistently, and in human-understandable terms: no small feat for complex neural networks trained to detect subtle, high-dimensional security anomalies. Explainability is no longer just a technical nice-to-have; it’s a compliance obligation and a business risk. For security operations, this introduces tough trade-offs between model performance, intellectual property protection, and regulatory accountability. The real-world impact: teams must generate detailed audit trails and decision rationales for AI-driven alerts: adding operational overhead and potentially slowing response times, especially where explainability was not considered during system design.

Challenge 2: The Cross-Border Data Dilemma

AI-driven cybersecurity relies on large-scale, diverse data sources – logs, behaviours, threat intelligence – often collected across global infrastructure. But as data sovereignty laws like the EU’s GDPR and China’s PIPL tighten cross-border data controls, organizations face a critical tension: global visibility versus local compliance.
Efforts to regionalize data to meet legal requirements can fragment security architectures, limit threat model accuracy, and reduce detection precision. Security teams must now design architectures that reconcile regulatory fragmentation with the operational need for unified situational awareness. This is an increasingly complex balancing act.

Challenge 3: Third-Party AI Risk Management

Using third-party AI platforms no longer limits liability, it extends it. Regulators increasingly hold organizations accountable for the behaviour of external AI systems, even those they don’t build or directly control. This raises the stakes for cybersecurity and risk teams, who must now conduct rigorous due diligence across the entire vendor lifecycle. From data sourcing and model validation to explainability, monitoring, and incident response readiness, the governance burden has shifted sharply to the end user. As AI supply chains expand – often including fourth-party dependencies – managing third-party risk becomes not only more complex, but more critical to maintaining both compliance and operational integrity.

Each of these challenges brings real operational pressure – added complexity, higher costs, and new layers of accountability. But when approached strategically, these same regulatory demands can become powerful levers for innovation, resilience, and competitive advantage. In the next section, we’ll explore how forward-thinking organizations are doing exactly that – transforming compliance constraints into catalysts for stronger, smarter cybersecurity.

From Roadblocks to Runways - Turning Compliance Challenges into Operational Opportunities

While compliance obligations tend to be viewed as obstacles to creative processes and operational efficacy, visionary leaders should view them as powerful catalysts for operational innovation. Each regulatory challenge outlined previously – whether it's model explainability, cross–border data flows, or third–party risk management – offers unique opportunities to enhance cybersecurity capabilities and resilience. Turning the regulatory burden into strategic differentiators.

Rather than passively adapting to regulatory demands, organizations should leverage these challenges as moments for strategic improvement. In the following cases, we'll demonstrate how leading cybersecurity teams have successfully turned what initially seemed restrictive into tangible operational strengths. These real–world examples underscore how a thoughtful approach to compliance can drive innovation, improve efficiency, and ultimately strengthen security posture.

The Explainability Imperative: From Burden to Advantage (challenge 1)

With EU’s AI Act becoming enacted, a European financial services firm faced a daunting new requirement: providing detailed explanations for every AI–driven security alert. The security operations team, already overwhelmed with thousands of daily alerts, feared explainability would drastically slow operations. Initially, the operations team estimated a 40% increase in analyst workload and significant delays in incident responses – risks and costs they couldn’t afford.

The Strategic Pivot: Rather than layering explanations onto existing systems, the team embraced "Compliance by Design," integrating explainability from the ground up and as a non–functional requirement from the start. They engineered a hybrid AI architecture, combining deep–learning models (for detecting subtle threats) with transparent decision–tree models (for generating clear, audit–friendly explanations) validated though several steps of model governance and risk reviews.

“We created a system where one part detects threats and another simultaneously explains why they matter,” the SOC Manager explained. The AI now generated standardized explanations outlining anomalies, baseline comparisons, key factors, and confidence metrics, supported by intuitive visualizations understandable by junior analysts and auditors.

The Results: The compliance–driven overhaul produced unexpected operational benefits:

Crucially, the relationship with regulators shifted from adversarial to collaborative. Regulators praised the firm’s explainability approach as an industry benchmark.

Broader Insight: The firm’s experience highlights a crucial insight: regulatory mandates, initially perceived as operational burdens, can serve as powerful catalysts for improved performance. By reframing explainability as a core strength rather than a compliance constraint, the company enhanced both regulatory standing and operational effectiveness; demonstrating that compliance and performance are not opposing forces but strategic allies in building robust, trustworthy AI security systems.

Data Sovereignty: From Fragmentation to Global Advantage (challenge 2)

In another case, a global bank had long relied on a centralized global cybersecurity data lake to power AI–driven cyber analytics, enabling rapid threat detection across continents. But as strict data sovereignty laws started to emerge – first from EU's GDPR to China's stringent data regulations – the centralized data lake model faced serious regulatory and legal challenges. Initially, the cyber team feared that forced regional data fragmentation would severely weaken their threat detection capability as internal compliance teams began questioning the centralized SOC architecture.

The Strategic Pivot: Instead of resisting data sovereignty, the bank embraced it – redesigning its architecture into what it internally termed a “Sovereign Security Mesh.” This novel concept fused the principles of security mesh architecture with the realities of regional data sovereignty. The approach aimed to preserve global threat visibility while respecting local compliance mandates, creating a federated but collaborative security model. They established regional security hubs, each independently analysing data locally to comply with regulations. These hubs securely shared anonymized, aggregated threat insights with a global coordination platform, balancing local compliance with global threat visibility. As their Group Enterprise Architect summarized: "We created a federation of regional SOCs, each compliant yet collaboratively strong."

The Results: This compliance–driven redesign unexpectedly improved security and operational agility:

Moreover, localized threat modelling revealed nuanced regional threat patterns previously hidden in global datasets, significantly enhancing overall detection precision.

Broader Insight: The bank’s experience underscores a powerful truth: when approached strategically, compliance challenges can drive architectural innovation. By turning regulatory constraints into a catalyst for distributed security excellence, the bank not only addressed compliance obligations – it built a more resilient, adaptive global cybersecurity framework for today’s fragmented regulatory landscape.

Most compelling is how this approach evolves the principles of Cybersecurity Mesh Architecture (CSMA) – recognized by frameworks such as those from Gartner and NIST, which emphasize distributed controls, interoperability, and identity–centric trust zones. Introducing data sovereignty as a central design constraint pushes this paradigm further, adapting mesh architecture to meet the rising demands of data localization.

While “Sovereign Security Mesh” is not yet an industry standard, it represents an emerging architectural pattern. As more organizations pursue hybrid models that reconcile global visibility with regional compliance, this approach may well evolve into a reference model for cybersecurity in regulated environments

Broader Insight: The bank’s experience underscores a powerful truth: compliance challenges, viewed strategically, can drive architectural innovation. By turning regulatory constraints into a catalyst for distributed security excellence, the bank not only solved their compliance challenge—they created a stronger, more adaptive global cybersecurity framework designed explicitly for today’s increasingly regulated digital landscape.

Third-Party AI Governance: From Liability Risk to Strategic Advantage (challenge 3)

A European bank operating under a bancassurance model had partnered with third–party insurers to offer embedded insurance products across its retail channels. While this allowed the bank to scale its insurance offerings without directly underwriting risk, it also meant relying on external partners – and their vendors (creating 4^th party dependencies) – for core services like policy issuance, claims triage, and fraud detection.

In one such partnership, the bank worked with an insurer using an AI–assisted SaaS platform to automate claims assessment and fraud detection – part of a growing trend across the insurance sector. These platforms, typically designed and operated by external vendors, offer efficiency and scale but introduce significant governance challenges around transparency, explainability, and accountability.

As regulatory scrutiny intensified, the bank recognized a critical blind spot: under GDPR and forthcoming AI regulations, organizations remain accountable for outcomes that affect customers – even when those decisions are made by third–party algorithms. In the eyes of the customer, it was the bank that bore the responsibility for unfair or opaque claims decisions – not the insurer, and certainly not the vendor behind the platform.

While this legal position is well established, it is often underappreciated in practice – especially as AI introduces new layers of complexity and distributed accountability. Recognizing this risk exposure, the bank shifted from a transactional vendor model to a strategic AI governance framework designed to ensure full oversight, auditability, and compliance across all external AI tools.

The Strategic Pivot: Acknowledging that accountability could not be outsourced, the bank established a cross–functional AI Governance Committee that brought together cybersecurity, compliance, legal, and procurement leaders. This wasn’t merely a policy update – it represented a fundamental overhaul of the organization’s Third–Party Management (TPM) model.

Too often, TPM and procurement operate in operational silos, disconnected from cybersecurity uplift efforts. As a result, general cyber risks – and AI–specific risks in particular – go unaddressed in vendor onboarding and lifecycle oversight. This governance pivot bridged that gap.

The committee introduced an advanced AI Vendor Assessment Framework – but the true innovation lay in execution. Rather than leaving evaluation to procurement alone, the bank embedded cybersecurity and AI experts directly into the vendor assessment lifecycle. Third–party platforms were now rigorously vetted across dimensions such as data governance, algorithmic transparency and explainability (AIX), model validation, bias mitigation, data loss prevention (DLP), and incident response readiness.

To operationalize this at scale, the team combined internal SME capability–building with targeted automation – leveraging RegTech tools to continuously monitor vendor systems, automate reassessments, and flag compliance drift in real time.1

Ownership of the framework remained with the AI Governance Committee, but implementation was distributed: cybersecurity led technical evaluations, legal enforced contractual safeguards, and procurement aligned onboarding and renewal processes with governance standards. This cross–functional integration transformed third–party risk management from a static procurement checklist into a dynamic, security–first discipline.

Explainability became especially critical – not just to satisfy regulators, but to enable internal teams to audit, understand, and defend AI–driven decisions made outside the organization. In a compliance environment where opacity equates to risk, AIX became a foundational requirement for defensibility and trust.

“This was a cultural shift as much as a technical one – transparency became our minimum standard for every AI system, internal or external.” – Chair, AI Governance Committee

The Results: These improvements weren’t incidental – they were the direct result of embedding cybersecurity and AI expertise into third–party assessments, automating compliance oversight through RegTech tools, and enforcing standardized contractual safeguards. This proactive governance transformation yielded immediate and measurable business benefits:

While vendor reluctance was real at first, the company’s clear standards, contractual enforcement, and cross–functional engagement gradually overcame resistance. Over time, vendors recognized the strategic value of aligning with a forward–thinking client and began integrating these standards into their own governance practices, strengthening security on both sides of the partnership. The result highlights a broader truth: when approached strategically, governance uplift benefits everyone in the supply chain.

Broader Insight: This case highlights a growing imperative in the financial services and insurance sectors, where third– and fourth–party AI SaaS solutions are increasingly being deployed: strategic third–party AI governance is no longer a regulatory formality – it’s a business–critical capability. As banks and insurers rely more heavily on external platforms to deliver AI–enabled services, the line of accountability remains firmly with the organization that faces the customer.

By moving from a transactional vendor model to a strategic governance approach, the bank built a more secure, transparent, and resilient ecosystem – one where risk is distributed but accountability remains clear. In doing so, it transformed regulatory pressure into a foundation for trust, defensibility, and long–term competitive advantage.

Beyond Compliance: Strategic Imperatives for Business Leadership

When viewed through a strategic lens, AI regulatory compliance transcends mere regulatory adherence to become a catalyst for fundamental business transformation. The case studies we've explored reveal several powerful strategic insights that cross functional boundaries and offer lasting competitive advantage.

Trust as Strategic Currency in a Digital Economy

Where data breaches and AI mishaps can destroy trust and market value in an instant, trust has evolved from a soft value into perhaps an organization's most valuable strategic asset. Our case studies demonstrate how companies that proactively embed compliance into their operations – whether through explainability, fairness testing, or rigorous third–party governance – manage to create unprecedented levels of stakeholder trust. This trust manifests as tangible business value: accelerated customer acquisition, premium pricing power, stronger investor confidence, and enhanced talent attraction. Far from being merely a compliance exercise, transparent and ethical AI deployment represents a foundational strategy for market leadership in an increasingly sceptical digital marketplace.

Organizational Resilience Through Integrated Governance

The organizations in our case studies that approached compliance strategically didn't simply bolt on governance processes. They fundamentally rewired their operational DNA. By embedding governance at every level, from AI development pipelines to vendor management frameworks, these companies developed an intrinsic organizational resilience. This compliance–integrated approach allows the organisation to rapidly adapt to changing regulatory environments while simultaneously reinforcing business continuity, reducing operational vulnerabilities, and enhancing decision–making quality. The strategic value isn't just in meeting today's compliance requirements, but in building inherent adaptability; thus developing a whole new set of competitive advantages.

Value Creation Through Ethical AI Leadership

Perhaps most significantly, our case studies reveal how ethical AI leadership actively creates business value rather than merely preserving it. Whether through the fintech's enhanced investment valuation or the healthcare provider's reduced liability costs, proactive compliance consistently unlocks measurable financial returns. These companies demonstrate that ethical AI isn't a cost centre but a value generator. One that creates competitive differentiation, drives innovation through constraint, attracts premium partnerships, and opens markets that remain closed to less trustworthy competitors. In essence, ethical AI leadership transforms compliance from a liability into a strategic asset class with compounding returns.

Making Strategic Compliance a Reality – Practical Implementation Strategies

To transform the strategic imperatives of trust, resilience, and value creation into organizational reality, cybersecurity leaders need practical implementation approaches. The following strategies provide a roadmap for embedding compliance into your operations in ways that directly support these strategic objectives.

Understanding the strategic benefits of proactive AI compliance is only the first step. To fully realize these advantages, cybersecurity leaders need practical, actionable strategies to embed compliance effectively within their operations. Below, I outline four proven approaches that leading organizations have successfully adopted – see these as starting points and not an exhaustive list.

Leveraging these strategies, your company will be able to ensure that compliance becomes integrated deeply into the organization's cybersecurity DNA, rather than being treated as an afterthought.

1. Adopt "Compliance by Design" from Day One

Don’t retrofit compliance into existing systems; embed it into the AI services lifecycle from the outset. This means involving cybersecurity, compliance, legal, and data science teams together at the initial stages of AI model development. Clearly define transparency, explainability, and fairness standards early, and rigorously enforce them throughout the AI design, training, and deployment phases.

Actionable Steps:

• Develop an AI compliance checklist to guide early-stage model development.

• Require that all new AI cybersecurity initiatives include explicit compliance impact assessments before approval.

• Establish structured cross-functional collaboration from the outset—engaging stakeholders across cybersecurity, engineering, procurement, legal, and compliance to ensure AI systems are designed with shared accountability and holistic oversight..

2. Establish Cross-Functional AI Governance Committees

Break down operational silos by creating a standing governance body specifically dedicated to AI compliance. Include stakeholders from cybersecurity operations, compliance, legal, data governance, procurement, and risk management. These committees become the backbone for ongoing vendor evaluations, policy development, compliance oversight, and quick adaptation to regulatory changes.

Actionable Steps:

• Define clear governance objectives, roles, and decision-making authority in the committee charter.

• Schedule regular committee sessions focused on AI risk exposure, vendor oversight, and regulatory alignment.

• Integrate the committee's outputs into broader enterprise risk and compliance workflows to ensure AI-related risks are addressed holistically – not in isolation.

3. Leverage Automation and RegTech Tools

Meeting regulatory demands often creates significant administrative overhead—but AI itself can help close that gap. Modern Regulatory Technology (RegTech) solutions now offer practical ways to streamline compliance documentation, monitor third-party risk, validate model behavior, and detect emerging compliance issues in real time.

Actionable Next Steps:

• Pilot automated compliance documentation and audit tools in high-impact areas such as SOC alerts, third-party vendor monitoring, and AI explainability reporting.

• Integrate real-time compliance controls into AI model testing and deployment pipelines—ensuring issues are flagged before reaching production.

• Evaluate RegTech platforms that support ongoing monitoring, governance dashboards, and policy mapping aligned to frameworks such as GDPR, NIST AI RMF, and the EU AI Act.

4. Proactively Engage with Industry Standards and Regulatory Bodies

Rather than passively responding to regulatory change, leading organizations shape the compliance landscape through proactive engagement. Participating in standards-setting bodies (e.g., NIST, ISO, and sector-specific forums) allows companies to anticipate emerging requirements, influence policy direction, and align industry guidance with operational realities.

Actionable Next Steps:

• Assign internal experts to participate in relevant working groups, advisory panels, or regulatory consultations on AI governance and cybersecurity.

• Contribute to public dialogue by publishing insights, case studies, or position papers that advocate for practical, risk-based approaches to AI compliance.

• Track and map emerging regulatory frameworks (e.g., EU AI Act, DORA, NIST AI RMF) to organizational capabilities—and ensure the necessary skills and ownership are distributed across cybersecurity, compliance, legal, and engineering functions. This positions your teams to lead, not lag, as regulations evolve.

Leading from the Front – Compliance as Competitive Advantage

Viewing compliance as a mere obligation is no longer sustainable. Organizations that approach it strategically are unlocking measurable value – across trust, agility, and risk resilience. As demonstrated throughout this article, companies that proactively embed compliance into their cybersecurity practices can transform regulatory burdens into strategic advantages – enhancing trust, increasing operational agility, and reducing long-term risk.

Visionary cybersecurity leadership recognizes that compliance isn’t a distraction – it’s a lever. Since opting out of regulation isn’t an option, the smart move is to adopt a compliance-first mindset – supported by strategies like Compliance by Design, cross-functional governance, automation, and proactive engagement with evolving standards. These aren't just best practices – they're enablers of sustained competitive advantage in a regulatory environment that will only become more complex.

The message is clear: compliance doesn’t have to slow your business down. It can help drive it forward – enabling stronger security, deeper stakeholder trust, and greater resilience against both cyber threats and regulatory uncertainty.

How is your organization approaching AI compliance today? Are you still viewing it as a checkbox exercise, or are you seizing it as a strategic opportunity? Let’s continue the conversation – because in a world where innovation is constant, leadership must come from the front.

In the next article of this series, we’ll examine why this strategic approach to compliance becomes even more critical when confronting the next frontier: adversarial AI. As machine learning systems are weaponized against the very defences designed to protect us, only those organizations that have embedded compliance into their operational DNA will be able to detect, respond to, and adapt to these evolving threats – while staying on the right side of the regulatory line.

In the opening article of this series, I highlighted how AI is transforming cybersecurity at unprecedented speed. Beyond its impact on tools and tactics, a critical new battlefield has emerged: regulation and compliance. For financial services professionals, this represents yet more regulatory frameworks to monitor, while organizations in traditionally unregulated sectors face GDPR-like challenges. Security teams that once concentrated solely on technical defences must now navigate an evolving maze of global rules - spanning model risk, data protection, and product liability - regardless of whether AI powers customer-facing chatbots or backend decision support systems.

This second instalment examines the diverse regulatory approaches emerging across major global jurisdictions. From the EU's comprehensive framework to the US's sectoral patchwork, from China's state-directed control to the varied models across Asia, cybersecurity teams face a complex tapestry of rules that vary dramatically by region. Understanding these different regulatory philosophies is the first step toward developing effective compliance strategies for AI-powered security tools.

The stakes are clear: inadequate compliance risks penalties and reputational damage, while treating regulation as a mere checklist exercise prevents organizations from capturing AI's full benefits. By mapping the global regulatory landscape, we can better understand the challenges and opportunities that lie ahead for cybersecurity teams navigating this new frontier.

Global Regulatory Frameworks

EU AI Act in Action

The EU AI Act1, perhaps the most comprehensive piece of legislation in this space, introduces a new level of scrutiny for cybersecurity AI tools, classifying many as “high-risk”. This means strict documentation, oversight, and human review requirements - a direct challenge to AI-driven, real-time security models. For instance, organizations must conduct detailed audits of training data, model performance, and real-world outcomes - an obligation that can clash with the “black box” nature of many sophisticated AI systems.

Specifically, the Act mandates human oversight at critical junctures of the model lifecycle. This requirement can be particularly challenging when dealing with anomaly detection or threat-hunting models that rely on autonomous, real-time responses, and becomes even more challenging when models are developed by third-parties or bought as SaaS solutions. As a result, security and risk teams must build in review processes, often slowing down workflows designed for speed.

The EU AI Act establishes a clear line in the sand with its "Unacceptable Risk" category - AI models/systems deemed so risky they're outright prohibited2. These systems are considered fundamentally incompatible with EU values and human rights protections.

This "prohibited" category includes AI systems designed for social scoring by governments, biometric identification systems used for real-time surveillance in public spaces (with limited exceptions for law enforcement), emotion recognition in workplaces or educational settings, and systems that exploit vulnerabilities of specific groups or use subliminal manipulation techniques.

Far from being theoretical concerns, I've observed numerous real-world examples of ethically dubious and outright wrong AI solutions in commercial test and development settings. In recent months, I encountered an early stage pilot project of an clearly "well-intentioned" AI solution that would land squarely in the EU's "unacceptable risk" category. This early stage pilot project involved a solution that performed live facial recognition via security cameras and used AI to analyse the customers' facial expressions as they entered the store to provide helpful alerts to staff about who might "need additional assistance."

While the developers framed this as a customer service enhancement, examples like this represent precisely the kind of technology the EU AI Act aims to restrict due to their potential for privacy violations and manipulation. Needless to say, this project got shut down by the AI oversight board but the case highlights how easily the ethical and legal boundaries are crossed and why robust AI governance structures are needed in the organisation. The regulations themselves are there to prevent the interpretation of the rules in the wrong way, especially by those who seek out the “grey areas” of ethics because that’s where they have identified profitable markets.

For cybersecurity professionals, this establishes important boundaries. While offensive security tools often involve techniques that could potentially cross into prohibited territory - particularly those leveraging behavioural analysis, vulnerability exploitation, or manipulative social engineering - they must now be designed with these restrictions in mind. The prohibition on exploiting vulnerabilities of specific groups is particularly relevant for red teams and penetration testers who must ensure their AI-enhanced tools don't disproportionately target or exploit protected characteristics or vulnerable populations, even when simulating sophisticated threat actors who might do exactly that. This creates a unique challenge: cybersecurity tools must be sophisticated enough to counter AI-driven threats yet constrained by legal and ethical boundaries. Organizations developing next-generation security platforms must now incorporate these restrictions into their design philosophy from the ground up, rather than as compliance afterthoughts.

In financial services, the EU AI Act creates significant ambiguity around AI-driven credit decisioning. Where exactly is the boundary drawn between legitimate credit risk assessment - a core banking function - and prohibited "social scoring"? Consider an AI system that dynamically adjusts credit worthiness based on spending patterns, payment timing, and transaction locations. While these factors have long been part of traditional credit models, when an AI system makes real-time decisions incorporating behavioural data from multiple sources, it begins to resemble the kind of comprehensive behavioural scoring that the Act restricts. Financial institutions must now carefully examine whether their advanced credit AI systems remain within the "legitimate business purpose" exception or potentially cross into prohibited territory—particularly when these systems incorporate non-traditional data points or create feedback loops that might disproportionately impact certain customer segments.

Fragmentation in the United States: A Sectoral Patchwork

Unlike the EU's comprehensive AI governance framework, the United States has pursued a fragmented, sector-specific regulatory strategy that lacks federal cohesion. This approach has created an increasingly complex compliance environment, particularly for organizations developing and deploying AI-powered cybersecurity solutions.

The regulatory landscape has become even more uncertain following the January 2025 rescission of Biden administration’s executive order 14110 ("Safe, Secure, and Trustworthy Artificial Intelligence"). This EO had laid out broad AI governance principles at the federal level but didn’t align with the objectives and priorities of the Trump administration; this administration prioritizes deregulation and market-led AI development. This reversal reflects a fundamental philosophical policy shift - a belief that regulation inherently stifles innovation and undermines U.S. technological leadership. While the new executive order mandates an Artificial Intelligence action plan to be developed in 2025, industry scepticism about meaningful regulatory guidance from this administration remains high. Some prominent AI researchers, including those from major tech companies, have expressed concern that regulatory uncertainty, rather than deregulation itself, may ultimately hinder U.S. AI advancement3.

In the absence of a coherent federal strategy, states have begun establishing their own AI governance frameworks, creating a pattern reminiscent of how data privacy regulation evolved in the U.S. Just as CCPA and the NY SHIELD Act created de facto national privacy standards, emerging state AI regulations are establishing a patchwork of compliance requirements.

This implies that states like California and New York are likely to lead that way for a national AI roadmap. The currently proposed and enacted legislation in both states are addressing AI safety assessments, public sector AI use, deepfake protections, and algorithmic discrimination.

Another point to note is that these state-level initiatives vary significantly in scope and approach - from California's attempt at comprehensive AI model oversight to New York's targeted focus on government AI applications, so it is likely some form of regulatory cohesion between states will emerge.

Finally, it’s worth noting that as more states develop their own frameworks the compliance landscape may grow increasingly complex for companies with operations across multiple states. At least until either federal regulations or national frameworks and developed to guide AI implementation and oversight with some form of alignment between state legislation4.

Even within the federal regulatory sphere, the lack of overarching AI guidance has resulted in inconsistent standards across industries. This sectoral fragmentation creates particular challenges for cybersecurity teams, as AI systems deemed compliant in one industry context may require substantial modification for deployment in another. Organizations operating across multiple sectors face the added burden of reconciling these inconsistent requirements.

Solutions for this could potentially be accelerated though organisations like NIST who sets the standards for both government entities and private sectors but in light of the current administration’s mindset, this is yet to be firmed up.

The fragmented regulatory environment creates several operational challenges for security professionals deploying AI-powered tools which echoes the concerns from AI Industry experts that some form of federal guidance if not regulation is needed to reduce:

• Strategic Uncertainty: Security architects must design systems flexible enough to adapt to rapidly evolving and unpredictable regulatory requirements

• Compliance Overhead: Organizations must monitor and interpret regulations across multiple states and sectors, diverting resources from security improvements

• Innovation Constraints: More stringent state regulations may create barriers to adopting advanced AI security capabilities in certain jurisdictions

• Competitive Implications: Organizations operating primarily in less regulated states may gain security advantages through more agile AI deployment

While the current trajectory points toward continued regulatory fragmentation, market pressure for consistency may eventually drive greater alignment—potentially even with international standards. In the meantime, organizations must develop adaptive compliance strategies that can navigate this complex landscape while maintaining effective security postures.

The fundamental question remains whether the U.S. approach of limited federal oversight will ultimately help or hinder AI adoption in cybersecurity, and evolution of AI globally. While it may accelerate innovation in some contexts, it also creates risks of unregulated AI deployment - including the very issues of model bias, hallucination, and unethical AI applications that more comprehensive frameworks like the EU AI Act explicitly address.

China: AI as a Strategic Asset

China's regulatory framework for AI is deeply intertwined with its broader national security and geopolitical strategy. The country's “Generative AI Measures” law5, introduced in 2023, form a key part of its broader AI governance, reinforcing state priorities while fostering AI development. Unlike Western models, where AI governance is often framed in terms of ethics and risk mitigation, China's regulations emphasize state control, national security, and social stability.

The Chinese approach reflects a fundamentally different view of technology governance - one where AI is positioned as both an economic driver and a tool for social management. This perspective is evident in the 2021 "Ethical Norms for the New Generation Artificial Intelligence" (Ethical Norms)6 and subsequent regulations, which balance technological advancement with political alignment. For cybersecurity professionals, this creates a distinct regulatory environment that differs markedly from Western frameworks. Similarities with EU and US in areas such as data privacy are there in the Chinese “Personal Information Protection Law” (PIPL) - a federal data privacy law targeted at personal information protection and addressing the problems with personal data leakage and has clear implications for automated decision-making technologies.

Some of the key regulatory aspects include mandatory algorithm registration, where companies developing AI models must register their algorithms with the Cyberspace Administration of China (CAC). This ensures that AI technologies align with state objectives and remain accessible for government oversight, which presents its own challenge to some western countries. Content security and model accountability are also critical components, as AI-driven cybersecurity tools must undergo rigorous content security assessments. Companies providing AI-based services are held accountable for the content their models generate and must take corrective actions if outputs violate state regulations. Additionally, AI security tools operating in China must comply with strict data localization laws, ensuring that sensitive data remains within national borders and is accessible for state review or investigations. Finally, China employs a tiered AI deployment and state influence approach, where AI applications in cybersecurity and other critical sectors receive state backing but are subject to heightened regulatory scrutiny, ensuring that they serve national security priorities.

The “Generative AI Measures” reflect China's dual mandate of promoting AI development while maintaining centralized oversight. These regulations require AI developers to not only prevent the generation of content that violates political, social, or moral guidelines but also to maintain transparency to ensure government oversight and to conduct security assessments for AI models that have public opinion attributes or social mobilization capabilities. This specifically impacts threat intelligence platforms and security monitoring tools that might analyse social media or public communications.

China's regulatory philosophy extends beyond individual laws to encompass its broader "New Generation Artificial Intelligence Development Plan," which aims to make China the global leader in AI by 2030. DeepSeek emerging to rival US GPT LLMs is an example of this strategy. This strategic initiative aligns AI development with national priorities through coordinated investment, talent development, and regulatory frameworks. For cybersecurity applications, this translates to preferential treatment for tools that enhance critical infrastructure protection, support state security objectives, and integrate with China's national cybersecurity strategy.

For multinational cybersecurity companies, the regulatory landscape creates significant operational challenges. Foreign firms must establish separate Chinese entities with localized data storage, undergo security reviews for cross-border data transfers, and potentially modify core algorithms to comply with registration requirements. These hurdles have led many international cybersecurity vendors to partner with Chinese firms rather than operate independently within the market.

While these regulations create challenges for foreign firms, they provide Chinese companies with a structured and predictable regulatory environment. Domestic AI leaders such as Baidu, Alibaba, and Tencent benefit from state guidance that shapes investment and research priorities, reinforcing China's AI leadership. In the cybersecurity domain specifically, companies like Qi An Xin, 360 Security, and Sangfor have flourished by developing AI-powered security solutions that align with both market demands and regulatory expectations.

Singapore: Pragmatic AI Governance within a Regulatory Framework

Singapore has established itself as a leader in AI governance through a sophisticated balance of innovation support and regulatory oversight. Unlike other global approaches, Singapore's model represents a distinctive third way that merits closer examination, particularly for its implications in the cybersecurity sector.

Singapore employs a pragmatic, business-friendly approach to AI regulation that differs significantly from frameworks like the EU AI Act. Rather than implementing standalone AI legislation, Singapore embeds AI governance within existing legal frameworks, creating a comprehensive but flexible regulatory environment. This distinctive approach allows the city-state to maintain regulatory oversight while fostering AI innovation.

At the core of Singapore's regulatory architecture lies the AI Governance Framework developed by the Infocomm Media Development Authority (IMDA)7. This framework establishes foundational principles for transparency, accountability, and risk management without imposing rigid compliance requirements. Instead, AI governance is effectively implemented through existing legislation like the Personal Data Protection Act, which regulates AI systems processing personal data, and the Cybersecurity Act of 2018, which mandates security standards for critical infrastructure including AI systems.

This regulatory foundation is strengthened by sector-specific guidelines that address unique concerns in high-risk domains. In financial services, the Monetary Authority of Singapore has introduced the FEAT and Veritas Frameworks, establishing clear standards for AI fairness and transparency in financial decision-making8. Similarly, the Ministry of Health's AI in Healthcare Guidelines ensure the safe deployment of medical AI applications, balancing innovation with patient safety9.

What truly distinguishes Singapore's approach; however, is its emphasis on industry-led initiatives that complement formal regulation. Programs like AI Verify, a national testing and certification program, establish de facto standards for AI security applications without requiring legislative mandates. The AI Verify Foundation further enhances this ecosystem by developing open-source testing frameworks and ethical guidelines through collaborative industry participation. These initiatives are aligned with Singapore's National AI Strategy 2.0, which articulates a long-term vision for responsible AI integration across public and private sectors.

For cybersecurity applications specifically, Singapore's regulatory approach creates several distinct advantages. First, by leveraging existing regulatory frameworks rather than introducing entirely new compliance regimes, cybersecurity companies benefit from operational clarity and reduced regulatory uncertainty. Second, the absence of prescriptive AI-specific legislation allows for more adaptive cybersecurity solutions that can evolve with emerging threats. Third, certification programs like AI Verify create market differentiation opportunities for secure, ethical AI tools, helping companies build trust with customers. Finally, this balanced approach positions Singapore as an attractive hub for cybersecurity AI development, enhancing its international competitiveness.

Singapore's model represents a thoughtful middle path between the EU's comprehensive regulation and US fragmented approach. By focusing on sectoral compliance through existing legal structures, promoting voluntary best practices backed by certification programs, and maintaining high standards in critical domains while preserving flexibility elsewhere, Singapore has created an environment where AI-powered cybersecurity can thrive while maintaining public trust and ethical standards.

This nuanced approach demonstrates that effective AI governance need not come at the expense of innovation although one should not be lulled into false sense of believing there is a “laissez-faire” AI landscape in Singapore because there are firm regulatory frameworks that surround the seemingly voluntary AI Framework. The reflection I add here is that as other jurisdictions continue developing their AI regulatory frameworks, Singapore's model offers valuable lessons in achieving balance between oversight and growth, particularly for sensitive applications like cybersecurity where both innovation and trust are essential.

Japan's Human-Centric Approach to AI Governance

Japan has emerged as a distinctive voice in the global AI regulatory landscape, advocating for what it terms a "human-centric" approach to artificial intelligence. Unlike the comprehensive legislative frameworks emerging in the EU or the sector-specific regulations in the United States, Japan has deliberately chosen a path that emphasizes ethical principles and industry self-regulation while avoiding overly prescriptive legal mandates - i.e. a comprehensive and holistic approach. This approach reflects a consistent pattern in Japan's regulatory philosophy, echoing its response to financial governance challenges following the Sarbanes-Oxley Act in the United States. Where the U.S. implemented detailed procedural financial reporting requirements through SOX, Japan developed Naibutosei (内部統制) – internal control regulatory framework that addressed the broader operational processes that ultimately contribute to and supports financial reporting rather than simply prescribing specific finance control processes. This same holistic, principles-based approach now distinguishes Japan's AI governance framework.

At the core of Japan's approach are the "Social Principles of Human-Centric AI," developed by the Cabinet Office's Council for Social Principles of Human-Centric AI. These principles establish an ethical foundation cantered on human dignity, diversity and inclusion, and sustainability. Rather than creating binding legislation, Japan has focused on developing these principles as a framework that can guide both public and private sector AI development without stifling innovation through rigid compliance requirements.

This preference for flexible governance is further reflected in Japan's AI Strategy 202210, which prioritizes "AI for humanity" while simultaneously positioning Japan as a global leader in AI innovation. The strategy emphasizes three core pillars: human resource development, industrial competitiveness, and a sustainable society enabled by AI. Notably, the strategy contains minimal references to restrictive regulations, instead focusing on enablement and responsible development.

Japan's regulatory approach relies heavily on industry self-regulation and co-regulation models. The Japan Business Federation (Keidanren) has developed its own AI ethics guidelines that align with the government's social principles but provide industry-specific implementations11. This collaborative approach between government and industry creates a dynamic regulatory environment where best practices can evolve alongside technological advancements without awaiting legislative changes.

Another distinctive feature of Japan's framework is its holistic, cross-sectoral approach to AI governance. Unlike the United States, where AI regulation tends to fragment along existing agency jurisdictions, Japan applies consistent principles across different industries while allowing for contextual adaptation. This approach reduces regulatory complexity for companies developing AI solutions that span multiple sectors - a particular advantage for cybersecurity applications that often need to operate across domain boundaries.

For cybersecurity specifically, Japan's model creates several beneficial conditions. AI-powered security tools operate under broader information security laws rather than AI-specific constraints, allowing for greater adaptability in responding to emerging threats. The Ministry of Economy, Trade and Industry (METI) has issued guidelines for AI security that emphasize risk management and transparency without mandating specific technical approaches. Meanwhile, critical infrastructure protection incorporates AI security considerations through Japan's cybersecurity strategy rather than through separate AI legislation.

The implications for international security cooperation are significant as well. Japan has actively engaged in international AI governance forums, including the Global Partnership on AI and OECD AI initiatives, advocating for interoperable standards that facilitate cross-border security collaboration. This approach aligns with Japan's broader diplomatic strategy of promoting "Data Free Flow with Trust" (DFFT), which seeks to balance data protection with the free flow of information necessary for effective global cybersecurity.

While Japan's approach shares some similarities with Singapore's pragmatic model, it places even greater emphasis on ethical principles and less on formal regulatory structures. This distinction reflects Japan's cultural preference for consensus-building and social harmony over strict legal enforcement. However, both approaches contrast sharply with China's highly interventionist AI regulations, which impose significant state oversight and control over AI applications, particularly those related to national security.

As Japan continues to refine its AI governance framework, it maintains a careful balance between encouraging innovation in critical areas like cybersecurity while ensuring ethical considerations remain central to AI development. This human-centric approach positions Japan as an important counterpoint in global AI governance discussions, demonstrating that effective oversight need not rely primarily on prescriptive regulation. For cybersecurity applications especially, this flexible, principles-based approach may prove particularly valuable in addressing rapidly evolving threats without regulatory constraints that could impede responsive innovation.

South Korea's Balanced Approach to AI Governance: Innovation with Oversight

South Korea has established a distinctive approach to AI governance through its recently enacted 'Act on the Development of AI and Establishment of Trust' (AI Basic Act), passed in December 202412. South Korea's approach reveals a nuanced framework that balances regulatory oversight with strong support for innovation - a model that differs significantly from both the EU's restrictive stance and Singapore's light(er)-touch approach.

The AI Basic Act consolidates 19 different regulatory proposals into a cohesive framework that prioritizes national competitiveness alongside responsible AI development. Unlike the EU AI Act, which focuses primarily on risk mitigation through extensive pre-market obligations, South Korea's law integrates regulatory governance with industrial growth strategy and emphasizes post-market oversight. This represents a fundamental difference in philosophy: where the EU sees regulation primarily as a means to control risks, South Korea views it as one component of a broader strategy to promote AI advancement.

A defining characteristic of South Korea's approach is its scope and application. The AI Basic Act applies to developers and entities offering AI products and services, but unlike the EU's framework, it does not extend to users of AI systems. This distinction significantly reduces the regulatory burden across the AI ecosystem and reflects a targeted approach to oversight. The law also avoids the controversial aspects of regulating general-purpose AI systems that have caused considerable debate in other jurisdictions.

South Korea's framework introduces the concept of "high-impact AI" - systems that may affect human life, physical safety, and fundamental rights in specific sectors such as energy, healthcare, transportation, and education. Not unlike the human considerations that goes into Japan’s model. And in contrast to the EU's mandatory conformity assessments for high-risk systems, the Korean law states that providers of high-impact AI should "endeavour to obtain inspection and certification in advance." This creates a more flexible framework that encourages rather than mandates specific certification processes.

The institutional architecture supporting the AI Basic Act further demonstrates South Korea's balanced approach. The law establishes several new bodies which are tasked not only with regulatory oversight but also with developing R&D strategies, investment frameworks, and international cooperation initiatives. The National AI Committee, which is one of the oversight bodies, explicitly includes competitiveness enhancement among its core responsibilities, highlighting how economic considerations are integrated directly into the governance structure.

For cybersecurity applications specifically, this regulatory environment creates opportunities rather than constraints. AI-powered security tools are subject to the general provisions of the AI Basic Act, but the emphasis on post-market oversight allows for greater flexibility in development and deployment compared to more prescriptive regulatory regimes. The law encourages transparency and risk management without imposing rigid technical requirements that might impede innovation in this rapidly evolving domain.

Perhaps most tellingly, the AI Basic Act mandates a regular review of its provisions and continuous benchmarking against international standards. This built-in adaptability reflects South Korea's recognition of the rapidly evolving nature of AI technology and governance practices. Unlike more rigid regulatory frameworks, the Korean approach allows for ongoing refinement as the technology matures and its implications become clearer.

South Korea has created a governance model that addresses legitimate concerns about AI risks while maintaining the flexibility needed for continued technological advancement. For the global AI governance landscape, South Korea's approach offers an important middle path—one that recognizes the need for oversight without presuming that extensive pre-market regulation is the only way to ensure responsible AI development.

A Global Tapestry of Approaches

The journey through AI security regulations across Asia presents unique challenges for global cybersecurity teams. Unlike the EU's uniform regulations or the US's fragmented state-level approach, Asia's regulatory landscape requires tailored compliance strategies for each jurisdiction.

What are some of the key take-aways from this?

• Data Sovereignty Conflicts: AI cybersecurity solutions that comply with Singaporean or Japanese standards may require fundamental redesigns for deployment in mainland China due to strict data localization laws and algorithm registration requirements.

• Ambiguous Chinese Regulations: Unlike the EU's clearly defined prohibited AI categories, China's regulatory framework includes deliberately vague provisions that allow authorities flexibility in enforcement, creating uncertainty for foreign firms.

• Diverging Security Architectures: Security AI systems may need separate regional models to comply with local regulations, increasing operational complexity and technical debt while potentially fragmenting threat intelligence capabilities.

• Compliance vs. Security Trade-Offs: Strict compliance in South Korea or China may limit the deployment of certain AI-powered cybersecurity tools, potentially leaving gaps in regional security postures compared to operations in less restrictive markets.

The global AI regulatory landscape presents a complex mosaic of approaches reflecting diverse national priorities and governance philosophies. From the EU's comprehensive risk-based framework to the US's fragmented sectoral model, from China's state-directed control to the varied strategies across Singapore, Japan, and South Korea, organizations face a challenging compliance environment that varies dramatically by region.

These regulatory differences aren't merely administrative hurdles - they fundamentally shape how AI-powered cybersecurity tools can be developed, deployed, and operated across borders. The tension between innovation and control, between security imperatives and compliance requirements, creates profound strategic considerations for organizations operating globally. Practically for multinational companies, this means careful consideration for developing, using or hosting AI solution in different countries or regions. Over time, these frameworks will likely converge but for the immediate future, careful technology strategies must be devised that factor in these regulatory differences.

In the next article, we'll examine the some of the practical implications of these diverse regulatory frameworks for cybersecurity teams. How do these varying approaches affect security architectures and risk management? What trade-offs must security leaders make when balancing compliance with effective threat detection? And perhaps most importantly, how can organizations transform compliance challenges into strategic advantages?

I welcome your thoughts on how these emerging regulatory frameworks are affecting your organization's approach to AI in cybersecurity. What challenges are you facing, and which regulatory model seems most conducive to effective security operations?

In less than a year, the world has witnessed a stunning acceleration in the adoption and sophistication of artificial intelligence (AI). From a cybersecurity perspective, this transformation is both awe-inspiring and concerning. In this short series, I’ll explore some of the key aspects of this shift and its impact on cybersecurity. What was cutting-edge yesterday is now routine, and new breakthroughs are emerging faster than most organizations can adapt. AI isn’t just another technological advancement - it’s a fundamental turning point, a fork in the road that will shape cybersecurity operations in ways more profound than many of its predecessors. I am of course talking about generative AI, large language models and advanced machine learning.

Since the advent of publicly accessible large language models (LLM) and generative AI (GenAI) (arguably the watershed moment occurred in Nov 2022 with OpenAI’s introduction of ChatGPT 3.5 to the general public) I have been closely monitoring what has been taking place. I recall the first time I heard of “large language models” was in early 2020, shortly after OpenAI had opened up their GPT 2.0, 1.5B parameter model to the public in November 2019.

OpenAI's approach to releasing their GPT models demonstrated remarkable foresight about this technology's potential for misuse. In February 2019, after careful deliberation, OpenAI took a cautious approach with GPT-2 by initially releasing only their smallest 124M parameter version to the public, gradually expanding access to more advanced versions throughout 2019. This strategic release marked a significant shift, making powerful AI technology accessible beyond just research institutions and tech enthusiasts. Despite these precautions, most of OpenAI's feared misuse scenarios have materialized today. The guardrails and limitations now present in publicly available models are a case of closing the barn door after the horse has bolted.

For cybersecurity professionals, this history offers both perspective and urgency. We can appreciate the dramatic evolution in capabilities—from GPT-2 (comparable to a high school student's abilities) to today's GPT-4o (functioning more like a university professor). Of course, this comparison is relative—two years from now, we may well look back at GPT-4o as we do an old "Model-T Ford" today. This extraordinary pace of advancement underscores our critical mandate: we must simultaneously anticipate current risks while proactively reinforcing our defences to adapt to the rapidly evolving landscape of AI-driven security threats, capabilities, and tools.

Around six months ago, I first drafted an analysis of AI's role in cybersecurity, and as I realised that this whitepaper was never been published, I decided to take a step back to reassess where we are today. Just six months later, the AI landscape has transformed our profession at a breath-taking pace. What seemed cutting-edge last year has become table stakes, and new frontiers have emerged that demand our attention. Almost like Moore’s Law for the evolution of computer chips, IT professionals need to adopt a highly dynamic approach to security; akin to being in a marathon where running fast simply means keeping up with the others. Standing still and waiting for clarity should not be on any company’s strategic agenda.

This first instalment of my multi-part article series examines how AI has reshaped cyber threats and defences, exploring the forces driving these swift changes and laying the groundwork for deeper dives into the evolving regulatory, technological, and strategic landscape. Given the extraordinary pace of advancement we're witnessing, I fully expect to be rewriting this entire analysis by 2026 - a testament to both the challenge and excitement of operating at the frontier of AI and cybersecurity.

After closely monitoring and analysing the developments in AI over the past year, I've identified three critical observations that characterize the current AI cybersecurity landscape. These observations reflect not just incremental changes but fundamental shifts that are redefining our approach to digital security.

Observation 1: Acceleration of AI Capabilities - A Double-Edged Sword

Perhaps the most striking shift in recent months is the exponential growth in AI capabilities, fuelled by ever-more-powerful large language models (LLMs) and specialized machine learning frameworks. Security-focused variants of these models are popping up on both sides of the fence:

• Threat Actor Tooling
  Criminal groups now have ready access to off-the-shelf and bespoke AI kits that automate reconnaissance, vulnerability scanning, exploit generation, reverse engineering, and lateral movement across a target environment. What used to require specialized expertise can now be accomplished by operators with minimal technical background. The learning curve for sophisticated attacks has plummeted, and the pace of new threat activity has soared.

• Democratization of defence
  On the flip side, security teams can harness commercial AI platforms to bolster their defences. From real-time anomaly detection and automated patch prioritization to advanced forensic analysis, AI offers new ways to stay ahead of adversaries. The ability to process millions of signals within seconds - combining diverse data streams like threat intelligence feeds, network logs, and user behavioural profiles - can dramatically shorten the window of opportunity for attackers.

This democratization of AI is simultaneously an equalizer and an amplifier: smaller organizations gain access to enterprise-grade protections, while lesser-skilled attackers are supercharged by cutting-edge tools. The net result is an arms race that shows no signs of slowing.

Observation 2: Transformation of Threat Profiles - New Classes of AI-Driven Attacks

While automated attacks and AI-powered phishing kits were already on the rise, new developments enabled by this new technology are fundamentally changing the threat landscape, capturing the attention of security experts Here are three that keep me awake at night:

• Autonomous Attack Platforms: We're witnessing the emergence of fully autonomous offensive systems that identify vulnerabilities, pivot around network defences, and tailor exploits in near real-time. These platforms leverage machine learning to analyse target environments, prioritize high-value assets, and orchestrate multi-stage attacks without human intervention. Traditional "patch and protect" paradigms become increasingly inadequate when facing adversaries that adapt on the fly at speeds no human defender can match.

• Hyper-realistic Social Engineering: Through high-quality voice cloning and convincing deepfakes, AI has made distinguishing real from synthetic nearly impossible. Modern attacks analyse targets' digital footprints to craft personalized deception strategies tailored to an individual's role, communication style, and context. These attacks can mimic writing styles and conversational patterns of trusted contacts, significantly boosting success rates and adapting in real-time to overcome suspicion.

• Evasive Malware: AI-enhanced malware represents a significant evolution in the threat landscape, using machine learning to dynamically adapt its behaviour, signatures, and execution patterns. These threats modify themselves to evade detection, leverage legitimate system tools, and employ polymorphic capabilities that render traditional signature-based defences obsolete. The asymmetric advantage for attackers requires defenders to implement more sophisticated behavioural analysis, AI-powered security systems, and multi-layered defence strategies.

For many security teams, these threats push the envelope of what was previously considered possible. The focus is no longer just on patching systems but on staying ahead of an adversary that can continuously morph and evolve at high speed - currently faster than our “default” IT operations are able to patch and risk mitigate. In this rapidly evolving threat landscape, strong security fundamentals become more critical than ever; rigorous access controls, comprehensive asset inventory, regular security awareness training, and diligent patch management form the essential foundation.

Moreover, traditional defences like signature-based antivirus solutions are increasingly inadequate on their own. Organizations must pivot toward advanced endpoint detection and response (EDR or XDR) platforms with behavioural analysis capabilities, AI-powered security operations centres, and zero-trust architectures that assume breach and verify continuously. The most effective defence strategies will combine human expertise with advanced technological countermeasures to detect, respond to, and mitigate these increasingly sophisticated AI-driven threats.

Observation 3. The Evolution of Defensive Capabilities: AI-Powered Countermeasures

Despite the grim picture painted above, defenders have not been idle. AI-based solutions are rapidly changing the way organizations approach security operations, incident response, and long-term risk management. At the bleeding edge, three areas stand out:

• Predictive Threat Intelligence
  Modern AI-driven threat intelligence platforms scavenge the clear, deep, and dark web, identifying malicious chatter, new exploit frameworks, and emerging attacker techniques. By analysing threat signals in real time and correlating them with known vulnerabilities, these systems can forecast impending attacks days or weeks before they become mainstream - a critical edge in proactive defence.

• Self-Healing Systems
  The concept of adaptive, self-healing architectures has evolved from theory to practice. Rather than waiting for human intervention, these AI-augmented environments automatically isolate compromised endpoints, spin up temporary decoys to divert adversaries, and even initiate patching or configuration changes to harden vulnerabilities. All of this happens while business services remain operational, minimizing disruption.

• AI-Human Teaming
  Beyond pure automation, the most successful defensive strategies hinge on collaboration between AI and human analysts (Human-in-The-Loop). Humans provide the creativity, contextual understanding, and ethical oversight, while AI excels at pattern recognition, large-scale data crunching, and lightning-fast responses. In many Security Operations Centres (SOCs), human experts now handle strategic judgments and incident prioritization after AI has filtered and categorized the tidal wave of alerts.

The evolution of defensive capabilities shows promise, but this is just the beginning of a profound transformation in the cybersecurity landscape. As AI continues to reshape both attack and defence strategies, security professionals must develop a comprehensive understanding of these changes across multiple domains.

Preview of Series Topics

This article sets the stage for a deeper dive into how AI is fundamentally altering both the technical mechanics and the strategic decision-making behind cybersecurity. In subsequent instalments of this series, we will explore

1. Regulatory & Compliance Realities
   Navigating the emerging legal frameworks for AI—such as the EU AI Act—and how they impact both defensive and offensive security measures.

2. Advanced Tactics in the AI Arms Race
   An up-to-date look at cutting-edge attack techniques and how defenders can leverage adversarial machine learning, AI Red Teams, and more.

3. AI-Driven Identity & Zero Trust
   The role of AI in continuous authentication, biometric security, and dynamic micro-segmentation.

4. Futureproofing for the Next Wave
   From quantum computing to AI supply chain security, we’ll examine looming trends that demand proactive strategizing.

Don’t see this list as definitive or exhaustive as I have come to realise that as one article is written, there are new topics I need to address.

By staying current on the rapid AI advancements and understanding the shifting threat profiles, cybersecurity leaders can make informed choices about defence investments, staffing, and strategic policy. As the battlefield continues to evolve, the organizations most likely to thrive are those that blend innovative AI capabilities with seasoned human expertise. We must never losing sight of the fact that, while AI can automate processes, it’s the human element that provides context, ethics, and the final critical judgment.

Conclusion and Invitation

The interplay of AI and cybersecurity is reshaping everything from threat hunting to compliance. Attackers and defenders alike are locked in a cycle of continuous innovation, and the stakes have never been higher. In this new era, success belongs to those who actively leverage AI as a force multiplier while recognizing its limitations and potential pitfalls. Failing to integrate AI-driven security today means falling behind tomorrow. Although sounding like a cheap slogan, the time to act really is now.

In the next article, we’ll examine how emerging regulatory standards are imposing new obligations - and sometimes new opportunities - for organizations integrating AI into their security operations and tooling. Until then, I’d love to hear from you: Which aspects of AI-driven threats and defences are you most concerned about? Share your perspectives in the comments, and let’s keep the conversation going.

Cybersecurity is today one of the fastest evolving sectors in Technology, and those of us who have weathered the journey in Cyber over the past 10 years or more can attest to the fact that the journey has been more of a sprint than a steady-paced evolution.

Companies of all sizes face unprecedented challenges in safeguarding data and operations; none are spared the scrutiny of threat actors and their tooling. Organisations increasingly rely on third-party vendors, SaaS solutions, cloud services, and extended supply chains to drive efficiency and innovation, which means that the attack surface has expanded exponentially. This (r)evolution has left many companies vulnerable to threats that originate not within their own systems and infrastructure but through third-party and supply chain networks - vulnerabilities that easily cascade throughout interconnected systems, wreaking havoc like an avalanche.

The infamous breaches at Kaseya and SolarWinds stand as stark reminders of how a single weak point in the supply chain can paralyse organisations globally. And as the 2024 CrowdStrike-induced global system outage reminded us, we're not only subjected to the risk from malicious actors; sometimes, accidental misconfigurations and updates from trusted security applications create the same supply chain risks.

These incidents have highlighted a growing gap in how enterprises manage cybersecurity risks, particularly when it comes to the involvement of third parties. The 'risk coverage gap' - a term now gaining traction - refers to the misalignment between an enterprise's internal security controls and the external risks posed by vendors and supply chain partners. Addressing this gap requires a rethinking of enterprise risk frameworks and a more integrated approach to cybersecurity.

The Risk Coverage Gap: An Unintended Consequence of Fragmented Risk Frameworks

At the heart of this issue lies the fragmented nature of traditional enterprise risk management frameworks. These frameworks are often designed to identify and mitigate a wide range of risks across various functions, from financial to operational to compliance risks. However, in practice, the control environments supporting these frameworks tend to be disjointed, with different departments operating under independent control frameworks. Each function - whether procurement, IT, or cybersecurity - focuses on its own set of priorities, inadvertently creating gaps in the organisation's overall risk coverage.

For example, while procurement teams may be focused on financial and contractual risks associated with vendors, they often overlook critical cybersecurity considerations. Similarly, IT operations might prioritise system performance and availability, leaving cybersecurity teams to focus on direct threats to the organisation. These silos create blind spots where risks are either inadequately managed or missed altogether. This is particularly concerning when it comes to third-party risks, where vulnerabilities in one vendor's system can have far-reaching consequences throughout the supply chain.

A Growing Reliance on Third Parties

The reliance on third parties to deliver key business services is growing exponentially. As organisations outsource more of their operations - whether for cost savings, scalability, or access to specialised expertise - they become increasingly dependent on the security practices of these external vendors. Yet, many enterprises still approach third-party risk as a sub-function of Third Party Management (TPM) in a legal context and not in the context of the risk that these third parties introduce to the organisation. This is often exacerbated by the fact that the TPM process then delegates responsibilities to IT, Operations and Procurement, all governed by independent policies and procedures that are not fully integrated into the broader risk management framework.

This fragmented approach leads to inconsistent risk assessments and incomplete visibility into how third-party risks affect the organisation's overall security posture. Without a unified framework to manage these risks, organisations often fail to account for the compounded effects of multiple vulnerabilities and security risks across their vendor networks, leaving them exposed to potential security breaches, data loss, or operational disruptions which could have been mitigated through a more cohesive risk management approach.

The Compounding Nature of Cyber Risk

Complicating matters further is the fact that cybersecurity risks are rarely isolated. The interconnected nature of modern enterprise ecosystems means that vulnerabilities in one part of the supply chain can quickly spread to other areas, amplifying the impact of any given breach. Threat actors increasingly exploit these weak links, targeting not the organisation itself but also its suppliers, partners, or service providers to gain entry. By penetrating the organisation's perimeter through a trusted relationship in the supply chain, it allows them to bypass traditional security measures and compromise the entire network.

The Kaseya and SolarWinds breaches are prime examples of this phenomenon. In both cases, attackers leveraged vulnerabilities in third-party systems to gain access to larger networks, causing widespread damage. These incidents underscore the importance of addressing the risk coverage gap, as the traditional 'perimeter defence' model is no longer sufficient to protect enterprises from increasingly sophisticated supply chain attacks.

Closing the Gap: Toward a More Integrated Risk Management Approach

To effectively manage third-party cybersecurity risks, we can see that organisations must rethink their approach to risk management. A more integrated, cohesive framework is needed; one that aligns the risk management efforts of procurement, IT operations, and cybersecurity to create a unified defence against external threats. This, in theory, sounds easy but is hard to achieve unless we change the way we perceive risk.

First and foremost, enterprises should ensure that cybersecurity considerations are embedded from the very beginning of the third-party relationship. This means not only evaluating vendors based on cost and service delivery but also assessing their cybersecurity posture and requiring regular security reviews throughout the relationship. Additionally, enterprises must adopt continuous monitoring strategies that provide real-time visibility into vendor activities, allowing for early detection of potential vulnerabilities or breaches. This necessarily also means that Cybersecurity is empowered (legally, through contractual clauses) to engage with, including red-lining engagements for termination, in cases where critical deficiencies or vulnerabilities aren't remediated within agreed SLAs by the third-party vendor.

Another key step is fostering greater collaboration across departments. Procurement, IT, and cybersecurity teams must work together to identify cross-functional risks and develop coordinated control and response plans. By breaking down silos and integrating third-party risk management into the broader enterprise risk framework, organisations can close the risk coverage gap and build a more resilient cybersecurity posture.

The risk coverage gap is a significant and growing threat to enterprise security. As organisations continue to rely on third parties for critical business functions, the need for a more integrated, comprehensive approach to managing third-party and supply chain risks has never been more urgent. By focusing on this gap, redefining the end-to-end TPM process, and fostering cross-departmental collaboration, organisations can better protect themselves against these types of supply chain risks as well as becoming better prepared to counter the evolving threat landscape and embed long-term operational resilience.

Here are some more details on the breaches I mentioned earlier:

• Kaseya: Revil: Ransomware supply-chain technique [Wired]

• SolarWinds: The untold story of SolarWinds [Wired]

• The Intricate Web of Third-Party Cybersecurity Risk (ISACA)

This is the first of a series of posts that focus on the how we can rebuild and integrate more efficient third-party risk management across the organisation. Keep a look out for additional posts.

In the meanwhile, you might also like this:

They Know What They’re Doing, Right?

As our products and solutions increasingly rely on Software as a Service (SaaS) to both increase speed to market and optimize costs, businesses are unintentionally opening a Pandora's box of security vulnerabilities. As these cloud-based services, hosted on sprawling content delivery networks (CDNs) like Akamai, become the backbone of our daily operations, they present a double-edged sword. On one side, they offer unprecedented efficiency and scalability. On the other, they create a complex, often opaque security landscape that traditional safeguards struggle to navigate.

"While SaaS services offer unprecedented efficiency and scalability, they also create a complex security landscape that traditional safeguards struggle to navigate."

The crux of the problem lies in one of the most popular features found in SaaS: end-to-end encryption. While this encryption, typically implemented through TLS, shields our data from prying eyes, it also blinds our security teams. Many SaaS services are incompatible with "TLS interception," a crucial cybersecurity tool that allows your cyberoperations team to verify the integrity of data transmissions and apply necessary security controls. This incompatibility leaves the door ajar for sophisticated threats like data exfiltration, malware infiltration, and perhaps most alarmingly, "domain fronting" - a cunning technique that allows malicious actors to slip past content restrictions undetected.

Here I intend to unravel the complexities of domain fronting, assess its risks in our SaaS-dependent world, and explore strategies that help bolster our defences against this elusive threat. The digital transformation journey is inevitable for almost every company I can think of, but it doesn't have to be a leap into the unknown. Armed with knowledge and strategic foresight, we can harness the power of SaaS while keeping our digital borders secure.

Understanding Domain Fronting

Domain fronting is a technique that obscures the true destination of HTTPS traffic; it’s a technique where malicious actors disguise the true destination of HTTPS traffic by using a permitted domain in the TLS handshake (Server Name Indication [SNI] extension) while routing the request to a different, often malicious, destination via the HTTP Host header. But why would anyone want to do this? Well, threat actors use domain fronting to bypass security and hide malicious traffic by making it look like it's going to a trusted site.
This effectively makes it a lot harder to detect certain malicious activities. Specifically making it harder to detect malware distribution and data exfiltration. And while we can detect the initial connection to the front domain, we can't see the actual destination without decrypting the traffic, which is often not possible with modern encryption standards and practices. It exploits the discrepancy between the domain name specified in the TLS SNI extension and the HTTP Host header.

Here's how it works:

1. A client initiates a connection to a permitted domain (e.g., a popular CDN).

2. During the TLS handshake, the SNI extension contains this permitted domain.

3. Once the encrypted connection is established, the client sends an HTTP request with a different Host header, pointing to the actual intended destination.

4. The front-end server (often a CDN) routes the request based on the Host header to the actual destination server.

This technique effectively hides the true destination of the traffic from network monitors or censors that only inspect the SNI or IP-level information.

Implications and Challenges

By not being able to intercept the traffic we cannot detect and protect against those eventualities. Whilst mitigating controls exist for data exfiltration and malware, there are no alternative controls yet available for "domain fronting". It should be noted that domain fronting is not trivial to execute; specialist technical knowledge is required, and the perpetrator needs to have their own malicious content served on the same CDN or cloud provider being used to facilitate the attack.

As domain fronting remains a significant challenge, it is essential for organizations to work closely with cloud service providers to push for stronger detection and prevention mechanisms within their networks. By collaborating with key technology partners, we can drive innovations in network security, ensuring that effective solutions are developed and implemented to mitigate these risks across the cloud ecosystem.

Domain Fronting in SaaS Environments: A Comprehensive Risk Assessment

The proliferation of SaaS services significantly expands the potential attack surface for domain fronting attempts. As more business operations move to the cloud, attackers gain additional opportunities to exploit vulnerabilities in these systems. Additionally, as domain fronting becomes more widely adopted by threat actor groups, we can expect increasingly sophisticated techniques to emerge, aimed at evading detection and exploiting this vulnerability more effectively.

It's crucial to recognize that the threat doesn't solely come from external sources. Insider threats, such as disgruntled employees, could potentially leverage domain fronting for data exfiltration. This internal risk adds another layer of complexity to the security landscape, requiring organizations to balance trust with vigilance in their security strategies.

Interestingly, the same features that make SaaS solutions so appealing - encryption and ease of use - also create vulnerabilities. While encryption effectively protects data confidentiality, it simultaneously limits our ability to inspect traffic for malicious activities. In fact, encryption is doing exactly what it was designed to do, so the challenge lies not in the technology itself but in finding ways to address the double-edged sword it presents.
For example, many SaaS services are incompatible with TLS interception, which further limits our ability to detect potential threats. This leaves us in a position where we must rely on the security measures of our SaaS providers; measures that may not always align with our specific security needs and risk tolerance. So how do we bridge this gap?

"Domain fronting exploits the very encryption that makes SaaS appealing, potentially enabling data exfiltration or malware distribution."

The potential impact of a successful domain fronting attack cannot be overstated. At its most severe, it could lead to unauthorized data access or exfiltration, potentially resulting in significant financial losses and long-lasting reputational damage. Beyond the immediate impact, organizations must also consider the regulatory implications. In an era of stringent data protection regulations (GDPR, etc.), the inability to detect or prevent domain fronting could lead to non-compliance, resulting in hefty fines and legal complications.

Moreover, responding to a successful attack demands significant resources and can disrupt business operations. The effort required to investigate the breach, mitigate its impact, and strengthen preventive measures could lead to productivity losses, IT strain, and potential fines or regulatory sanctions.

Given these risks, it's clear that a robust mitigation strategy is essential. This strategy should embrace a defence-in-depth approach, combining multiple layers of security measures. Network segmentation, strict egress filtering, and advanced behavioural analysis of network traffic can work in concert to create a more resilient security posture. However, technology alone is not enough. Regular employee training about the risks of domain fronting and best practices for secure SaaS usage is crucial in creating a security-conscious culture.

It's also vital to maintain a continuous monitoring and assessment process. The threat landscape is constantly evolving, and our security measures must evolve with it. Regular evaluation of our SaaS providers' security measures and their alignment with our security requirements should be an integral part of this process.

While the risks are significant, it's important to balance them against the benefits that SaaS solutions provide. The productivity gains, cost efficiencies, and competitive advantages offered by these services are substantial. Organizations must carefully weigh these benefits against the potential costs of a security breach and the investment required for robust security measures. This risk-benefit analysis should inform decisions about SaaS usage and security investments.

It's crucial to acknowledge that even with the most comprehensive mitigation strategies in place, some level of risk will always remain. This residual risk needs to be clearly understood, documented, and accepted by leadership as part of the organization's overall risk appetite. Regular reassessment of this risk tolerance is necessary as both the threat landscape and business needs evolve over time.

In conclusion, while the risk of domain fronting in SaaS environments is significant and growing, it can be effectively managed through a comprehensive, ongoing risk assessment and mitigation strategy. The key lies in striking a delicate balance between security and the business value derived from SaaS usage. However, understanding the risks is only half the battle. To truly address the challenge of domain fronting, organizations need to implement concrete, effective mitigation strategies. In the following section, we will explore a range of techniques and best practices, from network segmentation to zero trust architectures, that organizations can employ to create a robust defence against this evolving threat.

Domain Fronting Mitigation Strategies: A Comprehensive Approach

While engaging with your Cloud Service Providers is important, there are several strategies we can implement to mitigate the risks associated with domain fronting. These approaches vary in their effectiveness, cost, and complexity, but each contributes to a more robust defence against this sophisticated threat.

Network segmentation is a highly effective, albeit moderately costly, approach to containing potential threats. By dividing our network into smaller subnetworks, we can limit the potential impact of a successful attack. This strategy effectively contains threats and restricts lateral movement within the network, making it much harder for attackers to exploit domain fronting even if they manage to breach one segment of the network. While the implementation can be complex and potentially disruptive, the long-term benefits for security are substantial.

Another highly effective strategy, which comes at a lower cost, is strict egress filtering. This involves implementing rigorous rules for outbound traffic, allowing only necessary connections to trusted domains. By carefully controlling what can leave our network, we significantly reduce the attack surface for domain fronting attempts. This approach requires careful planning to ensure legitimate traffic isn't blocked, but once implemented, it provides a strong defence against unauthorized communications.

Behavioural analysis of network traffic offers a more dynamic approach to identifying potential domain fronting attempts. While moderately expensive and complex to implement, this strategy involves deploying advanced security analytics tools to detect anomalies in network traffic patterns. These tools can potentially identify domain fronting attempts based on unusual traffic behaviours, providing an additional layer of defence that can adapt to new threats. The effectiveness of this approach can be quite high, especially when combined with other strategies, though it does require ongoing maintenance and tuning to remain effective.

A relatively low-cost measure that can enhance our overall security posture is the use of Encrypted Server Name Indication (ESNI) where possible. By enabling ESNI on supported servers and clients, we can enhance privacy and make it more difficult for attackers to exploit SNI information in their domain fronting attempts. While the effectiveness is moderate and dependent on widespread support, the low cost and ease of implementation make this a worthwhile addition to our security toolkit.

Finally, for organizations looking for a comprehensive, albeit high-cost solution, implementing a Zero Trust Network Access (ZTNA) model can provide significant protection against domain fronting and a host of other threats. This approach involves verifying every access attempt, regardless of its source, operating on the principle of "never trust, always verify." While the implementation of a zero-trust architecture is complex and costly, it offers a high level of effectiveness in reducing the risk of unauthorized access, even if domain fronting is successful. This model represents a fundamental shift in network security thinking and can provide long-term benefits that extend far beyond just mitigating domain fronting risks.

In considering these strategies, it's important to recognize that a layered approach, implementing multiple complementary measures, often provides the most robust defence. Starting with lower-cost, high-impact measures like egress filtering, and gradually building up to more complex solutions like network segmentation and behavioural analysis, can help organizations balance security needs with budget constraints. The key is to begin strengthening our defences now, rather than waiting for perfect solutions from third-party providers.

Cost-Effective Approach to Mitigation

Considering the balance between effectiveness and cost, a phased approach to implementation could be to address this problem as journey:

Start with Strict Egress Filtering: This offers a high impact at a relatively low cost. By limiting outbound connections to only necessary and trusted domains, you can significantly reduce the risk of domain fronting.

Implement Basic Network Segmentation: While full segmentation can be costly, starting with basic segmentation of critical assets can provide substantial security benefits at a moderate cost.

Gradually Introduce Behavioural Analysis: Begin with basic traffic analysis and gradually invest in more advanced behavioural analysis tools as budget allows.

Enable ‘Encrypted Server Name Indication’ (ESNI) Where Supported: This is a low-cost measure that can be implemented on supported systems to enhance overall security.

Long-term Goal - Zero Trust: While costly and complex, moving towards a zero-trust model provides comprehensive protection against various threats, including domain fronting.

Looking forward

The widespread adoption of SaaS solutions presents a double-edged sword for organizations: while offering unprecedented efficiency and scalability, it also introduces complex security challenges like domain fronting. This sophisticated technique exploits the very encryption that makes SaaS appealing, potentially enabling data exfiltration or malware distribution. Even security-conscious organizations find themselves grappling with this issue, often constrained by the critical nature of their SaaS dependencies. While strategies such as network segmentation, strict egress filtering, and behavioural analysis can mitigate risks, the rapidly evolving threat landscape demands ongoing vigilance. As we navigate this intricate security terrain, the path forward lies in fostering stronger collaborations between organizations and their SaaS providers, continuous adaptation of security measures, and a delicate balance between leveraging SaaS benefits and maintaining robust security postures. The complexity of this challenge underscores the need for innovative solutions and a shared responsibility in safeguarding our interconnected digital ecosystem.

Examples and cases: Abused CDNs: From Speedy Content to Stealthy Malware

Domain Fronting in an attack: Attackers use domain fronting technique to target Myanmar with Cobalt Strike

Additional Reading: Detecting network covert channel of domain fronting with throughput fluctuation

If you found this interesting, you might also like this:

In an era where digital transformation intersects with corporate responsibility, cybersecurity has become an increasingly significant factor in shaping an organisation's sustainability profile. Traditionally, sustainability has been associated with renewable energy initiatives and efforts to reduce carbon footprints. However, in our interconnected world, the security of digital assets and information systems is also crucial for a company's long-term viability and societal impact.

"Cybersecurity is no longer just a technical issue; it is a critical factor in corporate sustainability, shaping risk management, stakeholder trust, and long-term resilience."

Cybersecurity practices extend beyond technical safeguards; they are integral to a company's risk management strategy, governance structure, and social responsibility efforts. As such, these practices profoundly influence corporate sustainability ratings, often in ways that are not immediately apparent. This article delves into the complex relationship between cybersecurity practices and corporate sustainability ratings, illustrating how robust digital defences can enhance a company's overall sustainability profile and its appeal to socially conscious investors and stakeholders.

The Strategic Imperative of Cybersecurity in Sustainability

As businesses undergo digital transformation, cybersecurity has emerged as a strategic imperative, not just a technical necessity1. Companies increasingly recognise that a proactive cybersecurity strategy is essential for safeguarding their competitive edge, ensuring business continuity, and maintaining investor confidence. The strategic importance of cybersecurity becomes particularly evident as cyber threats evolve in complexity and scale.

A robust cybersecurity framework protects a company's intellectual property, customer data, and critical infrastructure, thereby preventing potential losses that could significantly impact a company's reputation and financial stability. Moreover, by incorporating cybersecurity into their broader risk management and governance strategies, companies demonstrate a commitment to transparency, accountability, and long-term resilience; critical factors for achieving high sustainability ratings2.

Cybersecurity's Role in Broader ESG Trends

Cybersecurity is becoming a crucial component within the broader ESG framework, influencing trends such as digital ethics, corporate transparency, and stakeholder capitalism. These trends highlight the need for companies to protect digital rights and maintain trust in an era of increasing digital dependence.

Digital Ethics and Data Privacy: Incorporating digital ethics into ESG practices involves ensuring that companies respect data privacy and use data responsibly. Robust cybersecurity measures help protect sensitive information, prevent misuse, and reinforce a company's commitment to ethical standards. As data breaches become more frequent and severe, organisations that prioritise cybersecurity demonstrate their dedication to ethical conduct and social responsibility.

Corporate Transparency: Transparency in cybersecurity practices and incident reporting reflects a company's commitment to good governance. Companies that disclose their cybersecurity policies and vulnerabilities, while also managing them effectively, demonstrate accountability. This openness fosters trust among stakeholders and positively influences their sustainability scores.

Stakeholder Capitalism: In the context of stakeholder capitalism, cybersecurity is vital not just for protecting shareholders but for safeguarding all stakeholders, including customers, employees, and partners. Companies that prioritise cybersecurity are seen as responsible entities committed to protecting the interests of all stakeholders, thereby enhancing their social sustainability profile.

Actionable Insights for Investors and Companies

To effectively integrate cybersecurity into sustainability strategies and assessments, both investors and companies can adopt specific approaches.

For Investors:

• Evaluate Board Oversight: Assess whether a company's board includes dedicated oversight for cybersecurity and whether cybersecurity is integrated into broader governance discussions. Board-level attention to cybersecurity indicates its strategic importance within the organisation.

• Review Incident Response Capabilities: Look for evidence of robust incident response plans, including how quickly a company can detect, contain, and recover from cyber incidents. Effective incident response is crucial for minimising the impact of breaches.

• Analyse Cybersecurity Investments: Examine the proportion of the IT budget allocated to cybersecurity and whether there are ongoing investments in advanced security technologies, such as AI-driven threat detection. A commitment to continuous improvement in cybersecurity reflects an organisation's proactive stance on risk management.

For Companies:

• Develop Comprehensive Cybersecurity Policies: Ensure that cybersecurity policies cover all aspects of digital risk management, from data protection to incident response. Comprehensive policies help mitigate risks and enhance resilience.

• Conduct Regular Risk Assessments: Regularly assess cybersecurity risks and update strategies to adapt to evolving threats. This continuous improvement approach ensures that defences remain robust against new and emerging risks.

• Enhance Transparency: Provide clear communication about cybersecurity efforts and incidents to build trust with stakeholders and improve governance scores. Transparency in cybersecurity practices is a hallmark of good corporate governance.

Emerging Metrics and Standards in Cybersecurity for ESG

As sustainability rating agencies evolve to incorporate cybersecurity factors, several key metrics are emerging to assess a company's digital resilience:

• Cyber Resilience Score: Measures a company's ability to prevent, detect, and recover from cyber incidents, reflecting its overall digital defence capabilities.

• Data Protection Index: Evaluates the robustness of data protection measures and compliance with relevant regulations, such as GDPR and CCPA.

• Cyber Governance Maturity: Assesses the integration of cybersecurity into corporate governance structures, including board oversight, cybersecurity policies, and incident management frameworks.

• Incident Response Transparency: Reflects the company's openness in disclosing and addressing cybersecurity incidents, which can influence governance and social responsibility scores.

• Cybersecurity Investment Ratio: Compares cybersecurity spending to the overall IT budget or revenue, indicating a company's commitment to digital security.

Addressing the Dynamic Nature of Cyber Threats and Building Resilience

The rapidly evolving nature of cyber threats requires companies to adopt a continuous improvement approach to cybersecurity. This involves not only implementing robust security measures but also fostering a culture of security throughout the organisation. Cybersecurity should be seen as an ongoing process that necessitates regular updates, training, and adaptation to new threats.

Building Cyber Resilience: Organisations can enhance their resilience by learning from past incidents and integrating those lessons into future strategies. This approach ensures that cybersecurity defences are constantly evolving, ready to counter new threats, and aligned with the company's overall sustainability goals.

Creating a Culture of Security: Establishing a culture of security involves making cybersecurity a shared responsibility across all organisational levels. By training employees, encouraging secure practices, and promoting awareness, companies can reduce the likelihood of human error, a common cause of security breaches.

Future Trends and the Role of Technology in Cybersecurity and ESG

Emerging technologies such as AI, machine learning, and blockchain are transforming cybersecurity practices, offering new ways to enhance digital defences and, consequently, ESG performance.

AI and Machine Learning: These technologies are increasingly used for threat detection and response, providing faster and more accurate identification of potential threats. Their integration into cybersecurity frameworks can significantly improve a company's resilience and sustainability rating.

Blockchain for Security and Transparency: Blockchain technology offers potential solutions for secure data management and transparency in transactions, contributing to both cybersecurity and governance goals within the ESG framework.

Case Studies: Learning from Success and Failure

Real-world examples highlight the impact of cybersecurity on sustainability ratings, offering valuable lessons for companies aiming to enhance their ESG profiles.

• Equifax Data Breach: In 2017, Equifax experienced a massive data breach that exposed the personal information of over 147 million consumers. The incident led to severe financial losses, regulatory penalties, and a significant downgrade in its sustainability rating. This breach underscored the importance of robust cybersecurity practices and the consequences of failing to implement them effectively. Following the breach, Equifax invested heavily in upgrading its cybersecurity infrastructure and improving transparency, which eventually helped recover some of its ESG standing.

• Microsoft's Proactive Cybersecurity Strategy: Microsoft has invested significantly in cybersecurity, integrating advanced threat detection systems and fostering a culture of continuous improvement and transparency. These efforts have positively impacted Microsoft's sustainability ratings, demonstrating that proactive cybersecurity strategies can enhance corporate reputation and attract socially responsible investors.

The Role of Supply Chain Cybersecurity in Sustainability

A company's cybersecurity is only as strong as its weakest link, often found in its supply chain. As part of their sustainability strategies, companies are increasingly assessing the cybersecurity practices of their suppliers and partners to mitigate third-party risks.

Supply Chain Risk Management: Effective supply chain cybersecurity involves evaluating third-party risk, establishing cybersecurity requirements in supplier contracts, and coordinating incident response efforts across the supply chain. This comprehensive approach ensures that the entire ecosystem is secure, thereby enhancing the company's overall sustainability profile.

Geopolitical and Regulatory Impacts on Cybersecurity and ESG

The geopolitical and regulatory landscapes significantly impact how companies approach cybersecurity and sustainability. Different regions have varying requirements for data protection and cybersecurity, which affect corporate strategies and sustainability ratings.

Navigating Regulatory Landscapes: Understanding the regulatory environment across different regions is crucial for global companies. Adapting cybersecurity strategies to comply with diverse regulations can improve a company's governance score and reduce the risk of penalties and reputational damage.

Mitigating Geopolitical Risks: Geopolitical tensions can exacerbate cybersecurity risks, such as state-sponsored attacks or cross-border data breaches. Companies must develop strategies to mitigate these risks, demonstrating robust cybersecurity practices to enhance their ESG profiles.

Summary

The influence of cybersecurity practices on corporate sustainability ratings is increasingly significant. As digital technologies become integral to every aspect of business operations, the security of these systems becomes synonymous with the security of the business itself.

Forward-thinking companies recognise that robust cybersecurity is not just a technical necessity but a key driver of their sustainability profile. By investing in strong cyber defences, fostering a culture of digital responsibility, and transparently communicating their efforts, organisations can significantly enhance their sustainability ratings.

For investors, regulators, and other stakeholders, understanding the link between cybersecurity and corporate sustainability is crucial. It provides a more comprehensive view of a company's risk profile, governance quality, and commitment to social responsibility in the digital age.

As we move further into an era where digital and physical realities are increasingly intertwined, the concept of "green screens" - where cybersecurity and sustainability converge - will become an essential lens through which corporate responsibility is viewed and evaluated. Companies that excel in this area will not only be more resilient to digital threats but will also be better positioned to thrive in a world where sustainability and technology go hand in hand.

Here are some links for additional deep-dives into the topic of risk management and ESG The Evolving Risk Management Opportunity and Thinking Sustainability First, and Effect of ERM for ESG risks towards green growth

Want to stay updated on the latest in cybersecurity, technology and sustainability? Subscribe to our newsletter for weekly insights and analysis.

This article is part of a series of articles written with a focus on Cybersecurity and ESG. The first article in the series is this one:

As the world continues to navigate the challenges of climate change, social inequality, and economic disruption, the role of Environmental, Social, and Governance (ESG) frameworks in guiding corporate responsibility has never been more crucial. With an increasing focus by the general public, customers and investors on climate change, ethical and socially responsible investments, no company in the public eye can afford to ignore ESG. And more importantly, ESG has evolved from a niche concern for socially conscious investors and has become a mainstream imperative for companies seeking to demonstrate their commitment to sustainable practices and long-term value creation, increasingly becoming a moral and existential imperative. However, as most businesses increasingly operate in a digital-first world, away from the traditional “bricks and mortar” operations, a critical element is often missing from these frameworks: cybersecurity.

This article explores the growing importance of ESG for corporations and makes the case for why cybersecurity should be considered a distinct component within ESG metrics and assessments. In doing so, we aim to provide a comprehensive view of organizational sustainability in the digital age and highlight the strategic value of robust cybersecurity practices.

Why ESG Matters for Corporations Today

Investor Expectations and Market Demands

Investor expectations have shifted dramatically in recent years. ESG performance is now seen as a key indicator of a company's long-term viability and risk management capabilities. Institutional investors, such as pension funds and mutual funds, are increasingly incorporating ESG criteria into their investment decisions, recognizing that companies with strong ESG performance are often better positioned to mitigate risks and capitalize on opportunities. And looking at it another way, companies are also being de-selected from investment opportunities and fund portfolios because of a lack of robust ESG commitment.

Furthermore, individual investors are also becoming more discerning, looking beyond traditional financial metrics to assess a company’s ethical footprint and commitment to sustainability. ESG metrics have become an essential part of the due diligence process, influencing everything from stock prices to corporate valuations. Companies that perform well on ESG metrics are often rewarded with lower costs of capital and enhanced access to markets.

Regulatory Pressures and Compliance Requirements

Governments and regulatory bodies worldwide are imposing stricter reporting requirements related to ESG. In the European Union, for example, the Sustainable Finance Disclosure Regulation (SFDR) mandates that financial market participants provide detailed disclosures on how they integrate ESG factors into their investment processes. Similarly, the U.S. Securities and Exchange Commission (SEC) has proposed rules that would require companies to disclose climate-related risks and their impact on business operations.

These regulatory pressures underscore the growing importance of ESG for corporate governance and compliance. Companies that fail to meet these requirements risk facing significant penalties, reputational damage, and loss of investor confidence.

Reputation and Brand Value

A company’s reputation and brand value are increasingly tied to its ESG performance. Consumers and employees are more likely to support companies that demonstrate a strong commitment to environmental stewardship, social responsibility, and ethical governance. This shift reflects a broader societal trend towards valuing sustainability and ethical conduct.

Companies with robust ESG strategies are often perceived as more trustworthy, ethical, and forward-thinking. This perception can enhance customer loyalty, attract top talent, and provide a competitive advantage in the marketplace. Conversely, poor ESG performance can lead to negative publicity, boycotts, and a loss of market share.

The Digital Age and the Need for a New Approach to ESG

Digital Transformation and Emerging Risks

As businesses undergo digital transformation, they become increasingly reliant on digital technologies to drive innovation, efficiency, and growth. However, this shift also introduces new risks that traditional ESG frameworks do not fully capture. Cybersecurity threats, such as data breaches, ransomware attacks, and cyber-espionage, pose significant risks to a company’s operations, reputation, and stakeholder trust.

These risks are not just theoretical. High-profile cybersecurity incidents, such as the data breaches at Equifax and Marriott, have demonstrated the devastating impact of cyberattacks on a company’s financial performance and reputation. Such incidents also highlight the need for robust cybersecurity practices as a key component of corporate resilience and sustainability.

The Strategic Importance of Cybersecurity

Cybersecurity is not merely an IT concern; it is a fundamental component of corporate governance and risk management. Effective cybersecurity measures protect not only a company’s data but also its intellectual property, operational continuity, and compliance with regulatory requirements. Moreover, cybersecurity is essential for maintaining customer trust and investor confidence, particularly in a world where data privacy and security are becoming increasingly important.

By safeguarding digital assets and infrastructure, cybersecurity supports a company’s broader sustainability goals as well as its resilience. It enables organizations to innovate with confidence, knowing that their digital investments are protected from emerging threats. This strategic importance makes a compelling case for why cybersecurity deserves a seat at the ESG table.

Why Cybersecurity Deserves Separate Consideration in ESG

Distinct from General IT Concerns

Cybersecurity should be separated from general IT concerns in ESG assessments because it represents a unique risk profile with its own set of challenges, strategies, and impacts. Unlike traditional IT concerns, which focus on the efficiency and functionality of technology systems, cybersecurity specifically addresses the protection of these systems from malicious attacks and unauthorized access.

Cybersecurity involves managing a dynamic threat landscape, where attackers are constantly evolving their tactics to exploit vulnerabilities. This requires continuous adaptation and proactive risk management; qualities that align closely with the principles of ESG. By treating cybersecurity as a distinct component within ESG frameworks, companies can more accurately assess their digital resilience and align their cybersecurity strategies with their broader sustainability objectives.

Impact Across All ESG Pillars

Cybersecurity intersects with all three pillars of ESG, reinforcing its relevance as a separate consideration within these frameworks:

• Environmental Impact: Cybersecurity contributes to environmental sustainability by supporting energy-efficient data management practices and protecting critical infrastructure. Secure digital processes can reduce the need for physical resources, lowering overall environmental impact.

• Social Impact: Cybersecurity plays a vital role in social responsibility by safeguarding personal data, ensuring the continuity of essential services, and protecting stakeholder interests. Strong cybersecurity practices help maintain trust among customers, employees, and partners, which is crucial for social sustainability.

• Governance Impact: Robust cybersecurity is a key indicator of good governance, reflecting a company’s commitment to risk management, transparency, and regulatory compliance. Companies with strong cybersecurity practices demonstrate their ability to proactively address digital risks and maintain high standards of corporate governance.

The Risks of Ignoring Cybersecurity in ESG Assessments

Incomplete Risk Assessment

Excluding cybersecurity from ESG assessments leads to incomplete risk evaluations, potentially exposing investors and other stakeholders to unforeseen risks. In today’s digital economy, where cyber threats are becoming more sophisticated and frequent, failing to consider cybersecurity as a separate ESG metric could result in significant financial losses and reputational damage.

Undervaluation of Strategic Investments

Without dedicated metrics for cybersecurity, companies may underinvest in this critical area, undermining their long-term resilience and sustainability. A lack of understanding of the total cost of ownership (TCO) for IT services and operations can lead to the undervaluation of cybersecurity investments. By recognizing the value of cybersecurity in reducing long-term costs and enhancing operational efficiency, companies can better justify these investments and improve their ESG scores.

Eroding Stakeholder Trust

Failing to prioritize cybersecurity within ESG frameworks can erode trust among customers, investors, and partners, particularly in a world where data breaches and cyberattacks are becoming increasingly common. Transparency in cybersecurity practices and proactive communication with stakeholders are essential for building and maintaining trust, which is a cornerstone of strong ESG performance.

Building a Case for Integrating Cybersecurity into ESG

Developing Standardized Cybersecurity Metrics

To integrate cybersecurity effectively into ESG frameworks, there is a need for standardized metrics and frameworks that can provide a consistent and comprehensive approach to evaluating a company’s digital resilience. Metrics such as the Cyber Resilience Score, Data Protection Index, and Cyber Governance Maturity can help create benchmarks for assessing cybersecurity performance across industries.

Engaging Stakeholders

Companies should actively engage with stakeholders on cybersecurity issues, emphasizing transparency and proactive risk management as key elements of a strong ESG strategy. Regular cybersecurity briefings, detailed disclosures in sustainability reports, and proactive communication strategies can help build trust and demonstrate a commitment to digital security.

Adapting to a Dynamic Landscape

ESG frameworks must be dynamic and adaptable, capable of evolving with the rapidly changing cybersecurity threat landscape. Companies need to adopt a continuous improvement approach to cybersecurity, integrating lessons learned from past incidents and staying ahead of emerging threats. This adaptability is crucial for ensuring that ESG assessments remain relevant and reflective of the risks and opportunities facing businesses today.

A Call to Action for Corporations and Investors

Our journey into the digital age has clearly shown the world that the need to integrate cybersecurity into ESG frameworks becomes increasingly apparent, if not obligatory. It is time for corporations to recognize that cybersecurity is not merely a component of IT but a critical element of their sustainability strategy. By viewing cybersecurity as a separate consideration within ESG assessments, companies can better align their digital defense strategies with their broader sustainability goals, ultimately fostering greater resilience and trust among stakeholders.

Investors, regulators, and other stakeholders must also recognize the critical role of cybersecurity in shaping a company’s long-term viability and responsible business practices. By embracing this new paradigm, we can ensure that ESG assessments remain relevant and reflective of the risks and opportunities facing businesses today.

In our digital world, where the lines between the physical and digital realms are becoming blurred, cybersecurity must be seen as a fundamental component of corporate responsibility. Companies that excel in integrating cybersecurity into their ESG frameworks will not only protect themselves against evolving threats but also position themselves as leaders in sustainable and responsible business practices for the future.

This article is part of a series of articles written with a focus on Cybersecurity and ESG. Here is the second article in the series:

As cyber threats continue to advance, securing systems with strong authentication remains essential. Yet, hidden within many external facing systems around the globe is a vulnerability so basic that it often goes unnoticed. Basic Authentication, a method from the early days of the internet, still poses a significant security risk in many organizations, providing an easy entry point for cybercriminals that is frequently overlooked.

Overview of Basic Authentication

Basic Authentication, outlined in the HTTP specification, is a straightforward authentication method built into the HTTP protocol. It works by sending credentials as user ID/password pairs, encoded in base64, within the HTTP Authorization header. Initially favoured for its ease of use during the early stages of web development, Basic Authentication was once a common approach to securing web applications.

However, the simplicity that made Basic Authentication appealing in the past now makes it inadequate for today’s security needs. Its continued presence in legacy systems presents a significant risk that many organizations either overlook or underestimate.

Key Risks Associated with Basic Authentication

Basic Authentication has several serious vulnerabilities:

• Lack of Encryption: Base64 encoding merely obscures credentials; it does not protect them. This encoding can be easily decoded, exposing credentials to anyone who intercepts the HTTP request.

• Susceptibility to Credential Interception: Without additional security layers like TLS/SSL, Basic Authentication transmits credentials with every request, increasing the risk of man-in-the-middle attacks.

• Vulnerability to Replay Attacks: If credentials are intercepted, attackers can reuse them to gain unauthorized access, as Basic Authentication lacks built-in protections against replay attacks.

• Inadequate Credential Storage: Some implementations store passwords in plain text or use weak hashing algorithms, increasing the risk if the credential store is compromised.

• Absence of Modern Security Features: Basic Authentication does not support critical security measures like multi-factor authentication (MFA), password complexity requirements, or robust session management.

These weaknesses expose organizations to significant risks, including unauthorized access, data breaches, and potential compliance violations.

Real-World Implications

Relying on Basic Authentication has led to severe consequences for many organizations. For example, in 2019, a major U.S. healthcare provider experienced a data breach affecting over 20 million patients. The breach was caused by an exposed server using Basic Authentication, which allowed attackers easy access to sensitive medical records. This incident highlights how a simple oversight in authentication can lead to massive data exposure.

Similarly, in 2020, a prominent e-commerce platform suffered a significant breach where customer data was stolen over several months. Investigators discovered that the attackers initially gained access through a legacy API endpoint still using Basic Authentication. This case underscores how overlooked vulnerabilities in authentication can lead to prolonged, undetected access to sensitive systems.

These incidents illustrate not only the immediate impact of data loss and operational disruption but also the long-term effects of eroded customer trust and potential regulatory penalties. The healthcare provider, for instance, faced not only reputational damage but also scrutiny under GDPR as well as HIPAA regulations, which require stringent protection of patient data.

Signs You Might Be Using Insecure Basic Authentication

It’s crucial to identify whether your systems are still using Basic Authentication. Look for these signs:

• The presence of "Authorization: Basic" headers in HTTP requests.

• Absence of HTTPS (TLS/SSL) encryption in communications.

• Legacy systems or APIs that haven’t been updated in years.

• Lack of additional authentication factors beyond username and password.

Regular security audits are essential for identifying and addressing these vulnerabilities before they can be exploited.

Alternatives to Basic Authentication

There are several more secure alternatives to Basic Authentication:

• OAuth 2.0: An authorization framework that allows applications to gain limited access to user accounts on an HTTP service.

• OpenID Connect: Built on top of OAuth 2.0, it adds an identity layer, enabling clients to verify the identity of the end-user.

• JSON Web Tokens (JWTs): A compact, URL-safe way of representing claims to be transferred between two parties, commonly used for session management and information exchange in web development.

These methods provide enhanced security through features like token-based authentication, support for MFA, and improved session management.

Steps for Transitioning Away from Basic Authentication

Moving away from Basic Authentication requires careful planning:

1. Audit Current Systems: Identify all instances of Basic Authentication within your infrastructure.

2. Choose a Suitable Alternative: Select an authentication method that aligns with your security needs and system architecture.

3. Develop a Migration Strategy: Plan the transition, considering factors like user impact, system downtime, and resource allocation.

4. Implement in Phases: Start with non-critical systems to minimize disruption and refine the process.

5. Update Client Applications: Modify client-side code to support the new authentication method.

6. Conduct Thorough Testing: Ensure the new authentication system functions correctly and doesn’t introduce new vulnerabilities.

7. Gradually Phase Out Basic Authentication: Once the new system is reliable, start disabling Basic Authentication, beginning with the least critical systems.

8. Monitor and Adjust: Continuously monitor the new authentication system for any issues and make adjustments as necessary.

Conclusion

The ongoing use of Basic Authentication in today’s digital environment represents a serious and often underestimated security threat. As cyber threats continue to evolve, relying on this outdated authentication method is like leaving the front door of your digital infrastructure wide open.

Switching to more secure authentication methods is not just advisable; it’s essential for any organization serious about protecting its assets, data, and reputation. By adopting modern authentication protocols, organizations can significantly strengthen their security, reduce the risk of breaches, and build a foundation of trust in their digital interactions.

Now is the time to act. Start by assessing your if Basic Authentication is in use in your IT estate and validate all systems and applications. Prioritize migrating to more secure authentication methods, beginning with your most critical assets. Engage with security professionals to develop a comprehensive transition plan tailored to your organization’s needs and resources.

For further guidance, explore resources like OWASP’s Authentication Cheat Sheet, NIST’s Digital Identity Guidelines, and implementation guides for OAuth 2.0 and JWT. In cybersecurity, proactive steps today can prevent catastrophic breaches tomorrow.

Cybersecurity may be relatively new domain but the speed of evolution is close to the speed of light. Looking back at the past 18 months I note that the rise of artificial intelligence (AI) represents a watershed moment to our profession, offering both unparalleled opportunities and formidable challenges. As detailed in recent publications by Microsoft1 and OpenAI2, the dual-edged nature of AI technology is reshaping the cybersecurity landscape, necessitating a nuanced understanding among senior professionals, especially within the banking sector. I wanted to try to distil some of the key insights from these thought-leaders and reflect on the strategic roadmap for harnessing AI's potential while safeguarding against its perils.

The Paradox of AI in Cybersecurity

At its core, AI promises to revolutionize cybersecurity practices through automation, enhancing threat detection, incident response, and system resilience. Cybersecurity’s foray into leveraging AI in both active and passive defences has already yielded significant advancements, protecting billions of cloud-based transactions daily. Similarly, OpenAI leads the field together with the broader commercial AI community with a commitment to safe AI utilization, underscoring the technology's potential to improve lives while acknowledging the risks of misuse.

However, this technological boon is not without its shadow. The same tools designed to fortify our defences can be, and will be, repurposed by adversaries, introducing a new arsenal for cybercriminals and state-affiliated threat actors. These malevolent entities, as both Microsoft and OpenAI report, are increasingly experimenting with AI to refine their attack strategies, posing sophisticated threats to global digital security.

A Call for Collaborative Vigilance

A recurring theme in the industry today is the imperative for collaborative vigilance. The intersection of AI and cybersecurity is not a battleground for lone warriors; it demands a united front. Intelligence sharing and strategic partnerships are crucial in identifying and neutralizing threats posed by AI-augmented cyber operations. The concerted efforts of these industry giants in disrupting state-affiliated malicious actors exemplify the power of collaboration in safeguarding the digital ecosystem.

Strategic Imperatives for Cybersecurity Leadership

For senior cybersecurity professionals, particularly in the banking sector where the stakes are exceedingly high, these insights translate into several strategic imperatives Here I will mention but a few:

1. Anticipate and Mitigate AI-Driven Threats: Cyber professionals must stay ahead of the curve, recognizing the potential for AI to be weaponized. This entails not only defending against traditional cyber threats but also preparing for AI-enabled social engineering attacks and other novel vulnerabilities. Inevitably this will mean that the time to exploit and progress through the attack chain is going to shorten, meaning that we have less time to respond and therefore our IT architecture must be designed with security at its core and security tooling must have built-in considerations for “continuous AI security improvement. In the shorter term this also means that existing vulnerability management process will need to be reviewed for agility, as many of existing SLAs used in control operations and risk management will need to be tightened, both in terms of risk classification and risk appetite but also in terms of speed of remediation.

2. Prioritize AI Security and Ethical Development: Deploying AI in cybersecurity operations requires a security-first approach. This includes continuous refinement of AI models, implementing robust defences against manipulation, and ensuring ethical AI utilization across all operations. From an engineering perspective it is paramount that safeguards are built in to protect against misuse, ensuring transparency in terms of modelling and data use, and fostering a culture of ethical AI within the engineering community.

3. Bolster the Workforce with AI: In the face of a global talent shortage in cybersecurity, AI emerges as a critical ally. Leveraging AI to augment human capabilities can bridge part of that gap, enhancing the efficiency and effectiveness of cybersecurity teams. But this also brings its own caveats; overreliance on technology and not understanding the limitations and constraints that the data models and frameworks inherently possess. It is imperative that the senior leadership understands where to automate and leverage AI, and not get caught-up in hypothetical efficiency gains and aspirational cost savings but focus on the areas in the value chain where net marginal benefits can be realised.

4. Navigate Regulatory Landscapes: As AI becomes increasingly integral to cybersecurity operations, adhering to regulatory requirements and establishing clear governance around AI use are essential. This ensures compliance, maintains trust, and fosters a responsible technological environment. Regulations like EU’s DORA (Digital Operational Resilience Act) will require compliance around the use of AI, and resilience for internal IT operations also extends to Critical Third-Party Providers (CTPP) where the same criteria must be safeguarded. We see increasingly lower levels of tolerance from regulators on what may be perceived as weaknesses in resilience, meaning that we need to adopt a proactive approach to AI technology adoption where regulatory impact is considered upfront.

Embracing the AI Era with Prudence

The insights offered by Microsoft and OpenAI illuminate the path forward for cybersecurity in the AI era. For senior professionals, especially within the sensitive confines of the banking sector, the message is clear: embracing AI's transformative potential is imperative, but so is guarding against its misuse. By fostering a culture of ethical AI use, prioritizing security in AI development, and championing collaborative efforts, we can harness the benefits of AI while mitigating its risks. The future of cybersecurity lies in striking this delicate balance, ensuring a safer digital world for all.

Picture this: In a major corporation, a security incident sets off alarm bells. The cause? A seemingly routine personnel change. An employee with privileged access to sensitive data in Google Cloud Platform through their Google Workspace account was reassigned to an Azure project. Because the company's Azure environment trusted the same Active Directory credentials, the employee inadvertently retained similar privileged access rights across platforms. This oversight exposed a critical gap in cross-platform identity management; where access controls from one cloud environment failed to properly translate to another.

This routine personnel transfer exposed a critical gap in the company's Access Management processes. When the employee moved teams, their system access should have been reviewed and adjusted, but wasn't - a classic "mover" scenario that fell through the cracks. As a result, they unknowingly gained access to sensitive Azure datasets unrelated to their new role. When the employee accessed this data, it triggered automated breach detection systems, launching a full security investigation. The incident revealed a subtle but dangerous vulnerability where two separate identity management systems - GCP and Azure - operated on different assumptions about user privileges. In retrospect, the risk seems obvious, but it had remained hidden in the complexity of cross-platform access controls.

Historical Homogeneity Meets Cloud Complexity

In the days of on-premises infrastructure, Identity and Access Management (IAM) followed more straightforward rules. Organizations could establish clear boundaries around roles, permissions, and access within their controlled environments. But as businesses expanded into multiple cloud platforms like Google Cloud, Azure, and AWS, access control became exponentially more complex. This complexity has led to a troubling gap; while permissions multiply across platforms, organizations' understanding of the potential consequences of excessive access rights has diminished. The interconnected nature of these environments creates security blind spots that simply didn't exist in traditional systems.

Consider how a single employee's digital identity fragments across cloud platforms. In Google Cloud Platform (GCP), they're recognized by their Gmail account, reflecting GCP's integration with Google Workspace. Switch to Azure, and their identity transforms, now tied to Active Directory credentials. Move to AWS, and yet another identity representation emerges. As organizations struggle to unify these disconnected identity systems into a cohesive framework, they face critical questions: How can identity be managed consistently across platforms? And what constitutes privileged access when permissions don't translate cleanly between environments?

Reflections on Identity in the Cloud

1. Managing Fragmented Identities: How can organizations maintain consistent identity controls when employees have different credentials across cloud platforms? What technical and policy solutions can bridge these disconnected identity systems?

2. Harmonizing Policy Frameworks: Each cloud platform has its own approach to identity management - GCP with Google Workspace, Azure with Active Directory, and others with their unique systems. What strategies can create consistent security policies that work across all these environments?

3. Standardizing Privileged Access: The definition of "privileged access" varies significantly between platforms, creating security blind spots. How can organizations develop a unified framework for identifying and controlling high-risk permissions across their entire cloud ecosystem?

4. Simplifying Privilege Management: With the multiplication of identities comes a proliferation of access rights to monitor. What approaches can help security teams maintain comprehensive visibility without creating unsustainable complexity in their privilege access management (PAM) systems?

Implications for Tomorrow's Enterprises

The challenges of identity management across multiple cloud platforms extend far beyond technical complexity; they represent serious business risks that can impact security, compliance, and reputation.

Consider the consequences of inconsistent IAM policies: When access controls don't align across platforms, security gaps emerge. These gaps can lead to data breaches that expose sensitive information, triggering regulatory penalties and eroding stakeholder confidence. The financial impact can be immediate and severe - from regulatory fines to declining stock values as market trust deteriorates.

Even well-designed identity and privilege management systems can become problematic in today's environment. Processes that functioned effectively in traditional on-premises environments often become inadequate when extended to multi-cloud architectures. What was once a robust implementation for a homogeneous IT landscape now creates operational friction in a hybrid world. This evolution-driven mismatch can prevent employees from accessing resources they legitimately need, causing project delays and hindering incident response during critical situations. Conversely, it may also create excessive permissions across platforms, increasing vulnerability to insider threats and providing attack paths for external threat actors who can exploit compromised credentials to move laterally through systems.

Towards a Secure Digital Future

The multi-cloud era has arrived, bringing both unprecedented opportunities and complex security challenges. As organizations expand their digital identity frameworks across diverse platforms, they must balance cloud agility with robust security controls.

Organizations need to conduct thorough assessments of their existing identity and privilege management systems. This evaluation should specifically identify disconnects between traditional on-premises identity approaches and cloud-native requirements. Understanding these gaps is the first step toward developing an integrated identity strategy that works consistently across all environments.

This isn't a one-time effort. As cloud technologies evolve and the threat landscape shifts, regular reviews of identity and access controls become essential. Organizations should implement routine audits of their IAM and PAM implementations, focusing on cross-platform permission mapping. Alongside technical controls, comprehensive training programs help ensure employees understand the security implications of multi-cloud identity management and their role in maintaining secure access practices.

In Conclusion: A Gaze Towards Tomorrow

Cloud technologies offer transformative benefits in scalability, flexibility, and innovation. However, these advantages come with complex identity management challenges that organizations cannot afford to overlook. As businesses expand across multiple cloud platforms, a comprehensive identity strategy becomes not just beneficial but essential.

Success in this environment requires more than technical solutions. Organizations must develop a security-focused culture where identity management is understood as a critical business function rather than just an IT concern. This means establishing clear governance models, embracing automation where possible, and ensuring consistent enforcement of access policies across all environments.

Is your organization prepared to manage identity effectively across your increasingly complex cloud landscape? Those who approach this challenge strategically - with regular assessment, continuous improvement, and cross-platform visibility - will be best positioned to harness the cloud's benefits while maintaining robust security controls.