This session explores how defenders are leveraging AI, human expertise, and innovative strategies to protect critical systems and maintain trust in an increasingly automated world.
At Davos, leaders from Darktrace, Check Point, Telefónica and MIT Media Lab warned that AI is reshaping cybersecurity by accelerating both offense and defense, while blurring lines between state and non-state threats. Jessica Rosenworcel emphasized the “radical expansion” of connected devices and software shipped with known and unknown vulnerabilities, noting that AI lets malicious actors find weaknesses “at unbelievable speed.” Nadav Zafrir argued the attack side is moving faster because attackers “collaborate better than we do” and face fewer constraints; the real near-term risk is interoperability as “agents…start crossing lanes” without clear identity or controls. Jill Popelka highlighted the human layer with a CEO-targeted deepfake: a voicemail “requesting financial data…[that] sounded exactly like you,” a tactic she found “happened” to many CEOs. Marc Murtra framed cyber impact as “eavesdrop, stop or manipulate,” stressing Europe’s strategic vulnerability from reliance on third-party technologies and limited local capability. Panelists called for open platforms, safer public-private disclosure “safe spaces,” and new identity models that are “contextual and layered.” The near term will “expose a lot of vulnerabilities,” but the panel was cautiously optimistic that AI-enabled defenses and education can make systems safer over time.
Hello everyone and welcome. My name is James Harding. I'm the editor of the observer, here from London. And, delighted, excited and strangely relieved to be talking about something as gentle and as innocuous as cyber security in the age of AI. On the back of President Donald Trump's address to the World Economic Forum. Who could have thought that a session about the unseen and profound potential disruptions to all of our lives, businesses and countries could feel like a kind of intellectual respite from the conversations of the last hour and a bit, there are, I think if you've been to Davos and you've been to the World Economic Forum many times, and if you're joining us, and listening online, you'll discover that there are basically two kinds of sessions. I think at the Weaf, there are those where you entertain an argument, and there are those where you get to have a lesson. And I hope that in this one, given that there are plenty of other places at this particular forum where you can go and have an argument, we're really going to get a lesson, because I think that just as many of us are wrapping our heads around the idea of cyber security, and something that we've begun to understand personally and we've begun to understand in our organizations, we're beginning to realize that AI completely changes the nature of that. And, means that we face possibly threats, possibly more uneven threats than we understood. And so what I was hoping to do was to introduce our panel and ask and ask each of you, you've got an extraordinary range of people, not just in terms of the businesses, but kind of geographic spread here. I always think that these audiences to the rooms are self-selecting. If you're here, you've probably got an interest or an experience of this issue. So I hope we'll have time as we get towards the end of this conversation or two, to bring people in, to talk about their experiences, to, Jessica Rosenworcel is, now running the MIT Media Lab, former chair, of course, of the Federal Communications Commission. So I suppose you've seen these threats from a regulatory point of view, from a government point of view, but increasingly now from a sort of research and technology point of view. Nadav, is it called checkpoint technologies?
Check point software technologies.
Check point software technologies. Forgive me. From Israel. Nadav, likewise. Having you here at the sort of cutting edge of the software, I'm hoping that there's a kind of, metaphorically speaking, a bank of software technologists behind you. You can explain what we can and can't do. I come from the UK. Jill Popelka runs Darktrace, a company that has a point of pride in the UK as one of the forefronts in this area. Before we even knew that we had a problem, we knew that we had darktrace. So we are delighted that you're here. Jill. And, and Mark Murray is the chair of Telefonica. I'm slightly embarrassed, Mark, because when I first came to Davos, I used to spend my time chasing after the CEO and the chair of Telefonica. So now I'm so now I'm glad I can just show up and sit on the panel. So thank you very much. I hope you enjoy this conversation. And as I say, as we get towards the end, please catch my eye and we'll start with some, kind of questions and comments. Jessica, why don't you start? Would you would you just give us a sense of where you see kind of attacks or where you've experienced attacks on cybersecurity, particularly augmented by artificial intelligence that makes you think, well, we've got a bigger problem than I realized.
Well, when I was running the Federal Communications Commission, the thing that struck me most during my tenure was just the radical expansion of the number of connected devices. And the data they produce. It's growing so fast. And every one of those devices, those connections, relies on software. And that software frequently goes to market with known vulnerabilities that might be small and vulnerabilities that are unknown. And when you introduce AI into the system and you have malicious actors, they can use AI to identify where those problems are at unbelievable speed, unlike anything we've ever seen before. So it multiplies the possibilities for bad actors to take advantage of all those connections. And that expanded attack service that they provide. But I would also flip the script and say there are opportunities also for all of us to use AI to understand where those vulnerabilities are and fix them before they go to market. And that's new too.
So. So can I ask about the sort of vulnerability versus the strength of defense point on this? As you know, in London, the Thames flows through the middle of London. On one side of the river is MI6 the kind of tracks foreign spies or sets out foreign spies to look at foreign threats. On the other side is MI5 that tries to.
I did not know that, but I do now. You do now.
And the thing that's brilliant about the argument between MI5 and MI6 is they keep saying the other person has it easy. So the so the MI6, the James Bond guys go, you know what, if you're MI5, AI is a wonderful defensive capability because it can track unusual behavior. Yes. And if you're MI5, you look at MI6 and say, those guys have got it easy because AI massively helps in asymmetric warfare.
So I think my point is they're both right.
Oh no.
Oh no. I thought you could act as an adjudicator of that. All right. Well let's let's come back to those vulnerabilities and defenses in a second.
But I'll take your example about MI5 and MI6. I actually think that the ones that have it having the most fun now are, are neither. The ones that are having real fun are GCHQ.
Okay. Go on.
You know.
GCHQ are the tech end as you know. So security and no one has ever accused them of having fun before. Oh.
You know, I used to run the equivalent in Israel, which is 8200 and used to visit Cheltenham. And I left the service about 12 years ago. I've never I've never had any FOMO. I've never I've never looked back until the last couple of years.
Oh, why?
Because attackers are having more fun, more possibilities, more capabilities, than ever before. It's just an incredible time. And the way I see cyber is sort of a learning competition between offense and defense. It's always been like that. It's like that. Now, the hard part is that attackers are obviously moving faster than defenders. They don't have regulations. They don't have to go through procurement. They collaborate better than we do. And so right now, I think if we're looking at the the attack side from the attackers lens and perspective, some of the things that we've already been seeing are exasperated, and we need to take care of that. I actually think that at the heart of that is we know how to secure humans and infrastructure, and I think we're building the tools to secure non-humans. The problem is interoperability. You know, that's and the next few years are going to be chaotic because of that interoperability. Right. And so we need to focus on that because we are introducing to Jessica's point, we're introducing new capabilities much faster than we understand what they can do and where they're going. And thinking about these agents that are moving around us. And everybody is saying, I have ten agents working for every employee. I have 100 agents, I have 1000 agents. The thing about these agents is that they're very naive at the end of the day, and they start crossing lanes and we treat them as humans. So we try to secure them based on identity, but they don't have a human identity, and they're very naive. And that is going to change the way we need to look at security altogether. But until we get there, we're at a very fragile time.
And so I'll just explain why the last two years, what happened in the last two years.
You know.
It's just the sort of ChatGPT phenomenon.
It's all of a sudden we have connected between humans and machines through semantic language. And it's it's it's any one of us doesn't have to be a PhD in mathematics in order to be to write code in order to change the world. And that's why attackers are having fun. But that changes everything.
And I suppose what I'm trying to get at is one of the arguments that was made when OpenAI launched ChatGPT, and then the other, AI services that were made available on a retail basis was that was the enormous amounts of power were being handed over without really understanding what individuals good, good and bad would be able.
To do. The genie is out of the.
Box.
Out of the bottle or whatever.
And and so do you think that from a cybersecurity point of view, that kind of free market approach to AI was crazy?
I think it's inevitable. I don't think that. I don't think they can really control it. I don't know from a regulatory perspective what you think. But I think that it's we can't slow down science, we can't slow down advancement. We just need to make sure that we run as fast as these technologies with security on top of that. So, for example, when you have all these agents you can't have, like OpenAI, securing OpenAI, you need to have a proprietary LLM to overlook that. We call it the Guardian Angel. A Guardian agent.
Jessica, welcome to.
Well, a lot of our revolutionary technologies in the past, like the development of the internet, the development of aerospace, they started with a deep set of military contracts. And with those contracts they got a stimulant and they got some guidelines. I think AI is different because it is taking place in private markets. It's being developed chiefly by private actors. And so those guidelines are being developed in real time, and they're not getting the same frameworks that some earlier technologies had when they reached the marketplace. All right.
Okay. That is ominous. We'll let's come back to that. Second. Do you will you just kick off just by giving an example either from within your life or darktrace, or if you like, a client where you're like, hey ho, AI driven cyber breach. This is one of the experiences you've had.
Certainly, you know, as we've already discussed, AI is increasing the velocity of attacks. It's creating sophistication and complexity that we haven't seen before in cyber attacks. And, so we've seen deep fakes really start we've been really interested in looking at deep fakes. And, Nadav and I were just talking about I took the role of CEOs darktrace about 18 months ago. And when I did that, my first board meeting, I walked out. I was very focused on, you know, doing my job and my one of my team members just had a blank stare on his face. He said, you are not going to believe this. He said, I've just gotten a voicemail from you requesting financial data and customer information, and it sounded exactly like you. And he knew that I was in the board meeting, obviously. And he played it for me. And that is shocking to hear your own voice requesting things from from an executive. And so I told this story yesterday in a room full of CEOs. And what really surprised me was that they all said, that happened to me.
Yes.
That happened to me too. It's clearly.
Happened to you.
Yeah. So this is apparently a tactic that cyber attackers use because CEOs in their early tenure, they haven't established, like the communication channels, the trusted relationships. Not everyone has your cell phone number, your personal cell phone number, and so they can get away with these things. So we have to and forms like this talk about these vulnerabilities. Like we wouldn't want to normally, as a CEO, stand up on stage and say, hey, I was the target of a deepfake impersonation, right? But if we don't talk about it, then we're missing some of the point of creating that human defense. And so, you know, deepfakes, one of the things that that we are looking at and how do you really protect against those right now? It has to be a multi-layered approach. It has to be a multi-layered approach to cybersecurity and really working together. Public and private partnerships are great. Private private partnerships are great, and some of us on stage share those. But you also have to have the human in that mix.
Can we just well, I hope we'll get into the sort of harder end of this, but just on the soft end till the. So I was at a conference six months ago, big banking conference. Ashen faced CEO disappears, comes back and says, I'm sorry. We were, in effect being extorted for several hundred million dollars. And what was interesting to me was that was then never shared in the room. Right. That would be I mean, maybe that's material. There's a reason for it. But I just wonder, how do you think CEOs, chairs, boards should talk about this because they end up looking vulnerable and risky?
I think it's one of the times when we have to recognize that talking vulnerably is a strength, right? And trusting one another because it is, in some cases, us against the bad guys. And the more that we can work together to ensure we understand how to protect. I mean, we've each talked about the way that we look at protecting our organizations and our customers. How can we do that better together?
All right, Mark, so firstly, so you had the same thing happen.
Yeah. Similar thing, similar thing. And and the voice weirdly seemed like mine the way they, they spoke didn't. And they probably do that when you're named or they probably spun out automatically and see if somebody makes a mistake. And that didn't work in our case at all. But but it was, it was, it was weird.
So I can I just ask when you look at Telefonica customers who who are finding themselves vulnerable in one way or another to, I mean, I don't know whether or not you think about this more as a sort of corporate challenge, cybersecurity or a customer challenge.
So it's an integral challenge. And Telefonica manages 340 million customers or points of, of of of data and entry. And if we look at it whatever way we want to, if we look at everybody here, everybody has a mobile, probably their bank account numbers, they're where they're going, who they speak to. So the same happens to Telefonica, will happen to the observer and to any company, the security service, the pension systems, everything is out there. All right. And and a cyber attack can do simplifying a lot. One of three things eavesdrop, stop or manipulate. And we were talking about a manipulation. But think about a self-driving car or think about a drone or so the possibilities are very big. So what I would highlight is is is the following. So what we telecom operators do is we integrate third party products and manage the the security. And I think there are two levels of attacks, potential attacks. And you were saying it's more fun to be an attacker and you know they don't have regulations. But I would I would segment it non-state actors and state actors. And the reality is the the best and the brightest usually work for large interesting corporations and are not, you know, in, in, in a are not trying to steal or rob though some of them, some of them do. So we are at a level of protection, I would say, from non-state actors and at a different level of protection of state actors. But where am I going with this? I would like to highlight that Europe has a huge vulnerability, taking into account the the current situation is that there is very little technology, very little cyber security within Europe. What we're doing is we're integrating third party technologies. So if we want to have autonomy or if there is a problem at some day with a state actor, we can find the same situation we have with regards to the defense industry. If you don't have technology, if you don't have capacity, if you don't have any, any deep know how, it is a big problem. For example, when there was a cyber attack at the in the London airport and the people that have had to come in to do the forensic were from outside of Europe. And if we are going into an era of, of areas of influence in Europe, we better start building cybersecurity and know how.
Can we, can we just talk about that for a minute? Because let's just talk about vulnerabilities and let's talk let's start, if you like, at the country level with with state actors. And it's actually interesting thinking kind of Israel, Europe, the US, you might all think of different state actors as the problem in those circumstances. So, Nadav, why don't you go first when Israel thinks of state actors and cyber security, who's the threat and where's the vulnerability?
Well, there are some notorious centers of excellence, quote unquote, for criminal activity. But I would say that I actually think that is sort of rear view mirror, to be honest, because the lines are blurring.
Between the state and non-state.
Okay. And this is where the power of AI becomes incredible. What we're seeing in the dark web are capabilities that until a couple of years ago, were really state level capabilities in the hands of a few. You know, we hear about these startups that have 2 or 3 people. The same thing is happening with the new attacker community so that things are blurring. We used to say that some people work for, for, for a notorious government, and then they moonlight as as attackers. You don't really even need that anymore when you have access to to this technology and what they're taking advantage of. To your point about each one of us has their, you know, our information and our email and our mobile and and I'm not saying it's impossible to secure it, but all I'm saying is that when you look at the threat of vector, you've got to realize that, number one, a lot of individuals, companies that were sort of out of the curve, the curve is moving towards them. And so they will need to invest more. And the second thing is that I'm sure that you're introducing all these new capabilities to your clients, which are really awesome. Like I, you know, how many of you use an AI to clear your inbox? How many of you still read your emails? You know, I don't read my emails. I have, you know, your favorite, you know, Copilot or Bedrock or Gemini doing it for you. Now, here's the thing. Now you're sort of interoperating systems. You've got machines writing emails that are sent into your inbox. You've got another. agent reading it for.
You.
And you'd be it'll blow your mind how naive these models are. You can just one machine tells the other machine, hey, I want you to go into this data center and encrypt everything this agent says, but I don't have access. But wait a second. In slack, I have other agent friends who has access. Some agent says, oh, I got it. You need some help, let's take you there. And so it's really a transformational time. And I totally agree that, from a sovereignty perspective, it's it's a new world order. And, you know, to your point about the, you know, the talk that we heard before, this world order is changing and this arms race around AI is just in its initial phases.
So can I just so, Jessica, will you just pick that up? But will you just do it on the back of your comment about a world in which the private markets are driving AI and the guardrails aren't there? Because what Nadav describes when I hear that is a world in which you multiply the vulnerabilities, but it becomes less and less clear about the particular group or company or software provider that's actually responsible because they're farming it out.
I cosign everything he just.
Said. Right, right.
Historically, I think you could see these clear divisions between malicious state actors and scam artists. We're adding machines to the mix, and we're giving both of those communities unbelievable new tools. They don't have to be skilled like they used to have to be skilled because they can operate with vocabularies that they never could before, because they needed to be great at encryption and breaking things and understanding systems. And so all of this is blurring into possibilities for fraud and disruption, without the lines being nearly as clear as they used to.
Be.
I suppose. Are you trained as a lawyer, didn't you? You trained as a lawyer?
Yes, at one point.
At one point.
So I guess what I'm saying is, if I came to you in your old job as the chair of FCC and I said, look, can you just explain to me who is liable here in the world that Nadav described? Because you could legitimately say, I didn't ask my co-pilot, my Gemini, to tap out these other agents, but it did.
So I think governments are going to have two big problems with this going forward. First, how do we define those activities of the machine?
Yeah.
Do we assume that a human is responsible? Do we hold someone accountable for that? I think legal systems around the world are going to have to wrestle with that fact. And then I think there's this other thing, which is that governments generally look at critical infrastructure and say, it's got to be reliable. I'm going to it's got to be resilient. And if you fail to provide it in a way that's reliable and resilient, I'm going to find you. And so the provider of infrastructure has very little incentive to knock on the government's door and say, I'm seeing this problem over here. And the thing about the government is the government is sitting in a position where, if they knew that, they might be able to tell every other similar provider, be careful, watch out, figure out what's going on. And at the risk of using this vocabulary, I actually think governments have to create safe spaces for those dialogues because what we are facing is exponentially larger and more confusing than ever before, and it's going to require a different kind of collaboration and regulation than before.
So, Jill, will you just talk about that? Because I suppose there are two there are two suspicions I've got in response to what Jessica said. I think this session is called Cyber Defenders in the age of AI. It sounds like a marvel movie. It sounds amazing. And you are, of course, those characters. But, but, but I think the citizen suspicion is the people on offense are are smarter, stronger, more mischievous than the people on defense. And that that, that, that the sort of dark traces of the world are always having to play catch up with the people on offense. And the second thing is that what Jessica just described, which is find a place where people can collaborate and share information, is actually really difficult for you because your competitive advantage is not necessarily sharing that information. So. So how do we have faith in the cyber defenders of the age of AI?
Well, let's look at two things. One, historically, cybersecurity has been attacker centric. We've been really focused on who are the attackers. Where are the attackers, what are they doing? Darktrace has, since its inception, looked at this differently. We look at an organization. We have an understanding of that organization's network traffic. It communicates. And then with that, as an established normal, we defend against anything that's not normal. So we look at anomalies, we have anomaly detection. And we can do this for any organization. And we do it for many in that anomaly detection then runs up against a multi-layered AI threat model that checks to see is this cyber risk? How do we need to prioritize this? And with de-identified customer data, over the course of 15 years, we've been able to figure out pretty precisely what's going on, and then we move on to autonomous response. And so in this world where AI is making the velocity of these threats just so quick, right, we can precisely respond and ensure that the organization stays safe by defining normal and then preventing anything that's anomalous.
So understand that. But I suppose my question is if you do get called in by the gchq's, which of course you do, and, and others and they say to you, great, we really appreciate your identification of risk, your autonomous response. But we really need you to start sharing that with other organizations because they're working with others. What happens then?
Well, it's interesting because Nadav and I just had a conversation right outside this room where we really want to work together because we are complementary solutions. And when you're de-identifying data and when you're fighting against the same thing, believe it or not, we work together in the background as well. If we see a vulnerability in another solution, we have a team that goes and tells that solution that the vulnerability exists. Rather than coming in and talking to the media, we're going to go tell them so that they can shore that up.
Yeah, we're smarter than you think. Actually. I'm relieved. I'm relieved.
Sorry. Not have.
To do. I mean, I agree.
I think that the dogma that has been in for the last decade or so, it used to be consolidation, consolidation and a closed garden. Nobody's going to figure this out by themselves. The only way to go forward is an open platform. And we are and will build this open platform alternative where you can choose best of breed capabilities, where you can interoperate, where I'll see something Darktrace will see another thing. We'll find ways under the radar with our APIs to make sure that at the end of the day, the customer is secure.
Can I, can I can I just ask you about a bit about the geopolitics of this? Because of course, the Telefonica customer base is, I think, to use the jargon of the times, spread across more than one hemisphere.
Yeah, yeah.
That's right. And in different hemispheres, it seems as though we're beginning to have different models of AI. And I wonder whether that means we have different vulnerabilities or different system approaches to defense.
No, I would say that in general, what we see is a symmetrical management of vulnerabilities. So we're managing security in a similar way in Brazil than in Spain or than in Germany. What is different is that the use of the of the data, that is, that is set, set in there. But, you know, if I might pull the string a little bit regarding geopolitics. So. With regarding blurring lines of state or non-state actors, I'm pretty sure we think the same. There might be some semantics about it, but there is a big difference with regards to the objectives, right? A non-state actor will want to steal as much money as they can process, right? Because if suddenly somebody in the middle of Barcelona has €20 million, what are they going to do with those €20 million before the the actors, the police come, come from there. But a non-state actor is going to have different objectives. Right. So and and you've got to defend the whole the whole system and they can choose wherever the system is vulnerable. There's good news that that I think is implicit to what has to what has been said. And let me give a very prosaic example. For example, if you want to eavesdrop on somebody. So before the five years ago, the problem of eavesdropping of somebody for the police or for a criminal is that you need five people because eight hours a day, you know, eight hours listening and, and 99.9% of what you hear is absolutely useless. And you can be there for three months listening, fall asleep for the five minutes and and you've lost it. And now with AI, you don't need that. You can just record that. And that is what a criminal can do. But the advantage is that the good guys, if this is a marvel universe, you know, the Avengers, we work together better or worse, and the whole system is antifragile. And it was being discussed here. Every vulnerability makes the makes the system the system strong and and and one day I will retire. One day everybody here will retire, but somebody will take over. And making the system a solid and and safe whilst the, the the non-state actors or the state actors, they'll be here, they'll there and one day they'll go or there, you know, the regime will will collapse or somebody will will take care of them.
Can I ask, can we ask a couple of minutes, if you like, on security inequality. I'm always I can never work out with technology. Like who gets the better end of the deal. And, and and it always promises to be a democratizing force and so far hasn't generally turned out to be that. And so I suppose my question is, you started, Jill, by saying, look, I've been deep faked. And then Mark, you said, I've been deepfaked. And now I sort of have a world in which all these CEOs have been deepfaked. And I'm thinking, oh, is it the case that actually, you know, generally people are not victims of deepfake at the extent, the the extent to which kind of wealthy, prominent people are deepfaked or is it the other way around. So like just within society, who's more vulnerable?
You know, I don't think it's only a question of risk in economic environments. When I was running the Federal Communications Commission, I came in one morning and before I had my coffee, I learned that President Biden had called several thousand people in New Hampshire and urged them not to vote in the primary. I heard it sounded just like him, incredibly cheap and easy to make that and distribute it. And we went to elaborate efforts to figure out who developed it, traced it back through the network, found the people on the system. It took a lot of work. And when I think about how cheap and easy it was to produce that and the volume with which we can produce it, and the velocity with which we can push it onto our networks. It is, an extraordinary challenge, but I don't think it is just a question of risk in a commercial environment or for CEOs, it's a risk with a broader population and even in voting in democracies.
But but here's the good news, right? Because the democratization works both ways. Right. So, to your point, about millions and millions of subscribers, that, you know, all they have is they have a they have a line and they pay a subscription to Telefonica. And ten years ago, they wouldn't have they. Yes. Given they weren't susceptible to very sophisticated attacks, but they couldn't hire, you know, the latest. We can have an agent on every phone they're carrying, that has the latest and greatest policies that the US government used to have ten years ago. So that is being democratized again as well. You know, we always used to say in security when you used to ask, what's the biggest problem in security? You would say talent. We used to count. We're missing 2 million people. We're missing 3 million people. Well, what do you know? A lot of those people used to do used to do things that these new agents are really good at. And so now on every one of your customers, we can embed, ten different agents that work for the customers. One of them will read the emails, however, one will be the Guardian, you know, the Guardian, agent that will look after that. And honestly, you know, to your point about Europe, just as an anecdote we looked at, at checkpoint, we looked we wanted to build our own foundational model. We looked at the whole world. We actually found two startups that were relevant. One was British, and the second was here in Zurich.
Really? Both were European.
Both were European. And for us, we decided like so we talked to the Brits, but somebody else outbid us. We bought the company in Zurich. We already have 200 PhD researchers that are working, and they're super passionate about this because you know, what they're concerned about from their sort of their ethos is about privacy, And they're creating a small language model, which we are now embedding into all of these. And so and, you know, we just had a meeting today with the Prime minister of Netherlands. They're there. They also have like some universities that are pushing out these brilliant PhDs in mathematics. They don't need cyber background, they need mathematics.
And and so how does quantum fit into this conversation? Or can we come back in 2029 and talk about it then.
Well, I mean, I'm not an expert. I know you you probably from from the MIT perspective have more to say about that than I do now.
Why don't you go ahead?
Look.
I can give you my if they're very dumb. Question is, people seem to be saying it's happening sooner and that when it does happen, it will remake the whole world of kind.
Of so.
So not really. Not really. I don't for from cyber perspective, I don't think it's, it's as big a problem as the bigger problem is that people are recording now to use it later that we cannot solve. So if somebody has all my data, a government has all my data, it's all encrypted. They can't use it. Maybe ten years from now they can use it. Okay. I'm not super concerned about that. What we need to do right now is do something that we call quantum encryption. And quantum encryption is available. And we can't get ready for that. I honestly.
We can.
I believe that we can.
Jill.
That requires changes in bandwidth. And, you know, it does unequal access if people don't actually globally have the same bandwidth for quantum communications and quantum.
It's sort of the encryption models that we're using now, the RSA model and are built for a Non-quantum era. Yes. And they're based on factoring. Right. And everything can be broken if you have enough time. When you have quantum computing, it shrinks time literally. Right. And so if you shrink time, the current encryption doesn't work. But there are other forms of encryption that we are deploying now.
But not other products.
If I understand you correctly, if I understand it correctly, what you're saying is by the time the quantum, capability is in place and current encryption is no longer secure, a lot of the data will no longer be of interest to the people who have those capabilities.
That's what I hope. That's what I hope. And if we get ready for that, I think we'll be in okay shape.
Yeah.
And, you know, because I don't think it's some very narrow use cases perhaps are in the next couple of years, but general use, we have a little more time, in my humble opinion.
Can I, can I, I want to sort of bring people in. If people have thoughts or questions, please catch catch my eye. So I'm going to get this gentleman to bring you the, mic. But I'm going to just make sure that I come back at one point to, to pull all this together. So when we finish, I just to warn you, I'm going to ask you whether or not we should, given everything you've said, come away from this, optimistic or not. Sir.
I have a question about attribution. I think in terms of cyber security, at least in a technical level, it doesn't actually matter who is the one doing the hacking. It could be Russians, it could be North Koreans. In the technical level, it doesn't matter. But in terms of geopolitics, it matters a lot. Yeah. And but the thing is, with AI, maybe, these attackers are getting very at hiding their linguistic comments, for example, or these different measures to obfuscate and to make sure that we don't know where those attacks are coming from. And in geopolitics, it matters if it was the Russians doing it or the North Koreans doing it. So in terms of attribution, how do how does AI play into how does AI play into that?
I'm afraid. Jessica.
Yes.
Yeah.
It gets harder.
Yeah.
But of course, you know, most security authorities have degrees of, you know, they follow trends and pattern recognition. So they do have some sense. But you're right, the public attribution has enormous consequences for geopolitics. And the information informing that attribution going forward may not be of the quality it was historically.
And the confidence, presumably, of making that attribution decreases.
Most politicians are confident.
That's true.
But agencies, I hope, you know. Wait, other thoughts? Questions? Do you want to come in on that? Other thoughts or views? Don't be shy in about 6 or 7. Yes.
Thank you very much. My name is Liz Corbyn. I'm from the European Broadcasting Union, which represents, public broadcasters around Europe. And some of the things that you were talking about around the integrity of information, the integrity of content, obviously has really wide things and something that we're deeply concerned about. And everybody in this room who's running businesses depends on information that they have. And I'm wondering what you see around the threat to, the information ecosystem in terms of how that impacts businesses and the decisions that they make and how they can protect themselves against this and what the, producers of these products, the big techs should be doing about this to support the the integrity of our of our news and information.
Who wants.
By the way?
So last last Saturday, the Saturday before last, we were trying to put together a package just on Iran. Right. We we sat, we looked at we laid out a table of 20, 20, 25 pictures. Two of them were real. We but it took us the afternoon to figure out what was real.
So you're the journalist here. How would you respond to that?
Fearfully.
Okay.
Yeah, but but but but what Liz is describing.
Everybody relies on the information.
So yeah.
What should the big techs be doing. But what would you see that the development of this technology needs.
To take? I think if you're I think the question honestly it depends. It depends what you're looking at. Right. So if you're looking at deepfake, you know specifically video, there. If you, if you put your, if you, if you invest in it, we are coming up with solutions that can vet what is fake and what's not. That is possible. But in my opinion, to your point, it has nothing to do with cyber. The problem is what is the source of truth? Yes, this is a real video, but what does it mean? Like how do you interpret it? And you know, now that, you know, politicians around the world are claiming, some data, you know, it's that person saying it, but how do you verify that the data is real or just made up? And I think what that is doing is deteriorating trust completely. And, you know, in some way, from the eerie part about it, is that trust is, you know, the foundation of a civilization. So these things are happening at the same time. But again, just like you said, it has both sides, right? Because the the playing field is leveled. We, you know, from a, from a, from a security side from a, from a data sovereignty side can also harness these technologies to verify, you know, now the question is, do your readers, your public, your listeners, do they want it.
But that's.
That's a different story?
No, I think I think people generally do. I just the reason why I talk about security inequality is these things are expensive. You know, the I'm imagining the people who are customers of Darktrace are often protecting, you know, very valuable, you know, communications networks and information. What what Liz is talking about is what happens when information is there in the for the public good, but itself hugely susceptible to what are your three things? Eavesdropping, stopping and stealing? Yeah, I think so.
I think.
So there's a term coming with a mic.
Tom Czech, University of Colorado, Boulder I think education has to be come into this as well, perhaps starting even at the elementary school level. Certainly once kids have cell phones in middle school, high school and college students, because the need for to be skeptical about you're talking about what is the truth or what is real data. Yeah, the need to be skeptical, the need for validation. We're teaching these kids the same way we did 50 years ago, and they're now going they're now operating in a very different world, and we need to help prepare them for that.
Yeah.
I think that's that's. Any other thoughts questions points of view would just come towards. Yes, sir.
Thank you. Fantastic conversation. Daniela ING a Dutch digital bank mostly. A question for you. Are we looking to the end of the digitally mediated communication in general? Our clients are getting scammed, spammed. You know, they don't trust anything coming, pretending to be us, and not the sophisticated users that the skeptical ones. But, you know, normal people on the street. Do we have to anticipate something for the end of digitally mediated communication?
Great question.
Actually, Mark, why don't you do that?
Well, So, so I the easy answer and the hard answer. So the easy answer is, look, hey, we just move, data from side to side. It's up to you to find the, the the system. And if anybody tries to manipulate what you do once you send it to us, then that is our job to to to keep it. So that would be my, my my first easy way out. The second and the second is there is I mean, I know I think I know a lot of things, but some other, I don't think and don't know, but there are ways of, of, of, of destroying this and I would, I would come up with one is that we all have our, our mobile phones on us all the time. And there are ways to certify that. So based on that, I think the, the impersonation bubble can be, can be, can be destroyed. And that can be done precisely with a telecom market system that doesn't go through the through the internet. So I'm pretty sure there's many ways to, to, to destroy that.
But so, so can I. Can I finish up? By the way, I love the question because, you know, the more emails you know, we get from people now I'm answering fewer and fewer emails and I can't work out whether I'm clever or rude, you know, because it's not answering. It's really it's confusing. Well, I'm going to finish up by saying, thank you because it's like an eye opening conversation. But also, to be honest, that I'm, I'm confused because you could listen to the conversation we've just had and say, Jessica, your point about devices to begin with or your point about the extent to which, you know, there are kind of agents talking to other agents or your point that that people are getting deepfaked but not talking about it publicly, that we've still got a taboo and think, actually, we're in for an age of much greater insecurity and we're more vulnerable. Or you could take your point, Mark, that, you know, we could pop the impersonation bubble. We could take your point, Nadav, that that actually we've got agents that can act as defenses within all of our devices and think we're actually heading to an age that's more likely to be safe, more likely to be secure. So here's my last question. Which one is it? In the next two years, are we likely to be more or less safe when it comes to cyber attacks? Jessica.
The next two years.
Next two years.
The next two years are going to expose a lot of vulnerabilities. But I think over the long term, there's an opportunity to be more safe. If we work on technical trust in the digital age and also cultural trust.
Not of.
I think it's a tale of two cities. It's really the best of times and the worst of times. We're going to see both, we're going to see that, you know, impersonation killing what we know right now, but we're going to change the way we look at identity and make it contextual. We have limitless compute power. We have limitless. We have the ability to code everything with human language. And and so we can check everything from a contextual basis. It won't be, you know, binary is this person or not is because I know everything about that person. I can ask more questions. I can do it with a, you know, extremely fast. And I can make identity contextual and layered. And so I think it's both the next couple of years, I agree, are going to be tough.
Jill.
I'm going to go with more safe because I believe in human resilience and brilliance, and we are resilient and we are working diligently together to solve this problem. And I do think it starts at the in the early days, we have to change the way that the education system works. So it's agile and nimble enough to produce, to continue to produce people, to use these technologies for good and to ensure that they continue to be safe for humanity.
Thank you. Mark.
The first is starting with a disclaimer. I can say things are going to be safer and and get.
Home, of course. Yes. Boom. Yeah.
So disclaimer with security it's always very dangerous. Then I know you're asking for two years, but five, ten years I would say safer safer safer. That's what I would say in the next two years if I had to say something more or less equivalent. I think the arms race is more or less balanced. And I think we, the Avengers, will win in the end.
They tend to. That's the way the movie goes. Ladies and gentlemen, please join me in thanking Mark and Jill and Nadav and Jessica. Thank you very much. Thank you. Thank you very much. Great job.
Yeah, that.
Was fun. Absolutely fun. Yeah.