As cyber threats are evolving fast, this session explores AI-driven attacks, global risks, and how organizations can stay ahead and secure.
At Davos 2026, leaders from Cloudflare, Mastercard, Europol, and e& warned that cyber risk is intensifying in scale, sophistication, and societal impact—driven by AI, geopolitical tension, and deepening dependence on interconnected suppliers. Michelle Zatlyn noted that the DDoS record was “beat 25 times in 2025,” while “AI bots that impersonate humans” rose 1,400%, accelerating phishing and fraud. Europol’s Catherine De Bolle argued “the DNA of crime is changing,” as criminals treat data as an asset in a “steal, deal and repeat” cycle, and organized crime shifts from hiring digital talent to building it “in-house.” Hatem Dowidar emphasized the expansion from financial crime to “weaponized cybercrime” targeting critical infrastructure, where attacks can pressure “whole nations.” Michael Miebach framed trust as the prerequisite for AI-led growth: “If people don’t trust AI, they will not use it.”
Panelists converged on pragmatic defenses: zero-trust architectures, faster intelligence-led detection, and stronger public-private partnerships that overcome legal and cultural barriers to sharing. The biggest leadership imperative is board-level ownership and supply-chain accountability—using contracts to “raise the standards”—plus foundational investments in digital literacy, workforce capacity, and better identity systems to restore trust and attribution.
Encourage all of you to engage with this conversation through the hashtag VF 26 to send in your thoughts as well. Now we have a fantastic panel which has Catherine Diebold, executive director of Europol, and she's going to be speaking on international partnerships and also from a from a criminal prism perspective. We will have group Chief Executive officer iand from the UAE, and he's going to bring in a different perspective from his vantage point. Michael Maibach Chief Executive Officer, Mastercard USA and of course, part of the International Business Council. Michael is going to, Mastercard has been working on cyber resilience and cyber threats for a while. And we're going to hear from you, Michael. The big picture and of course, Michelle Zeitlin, co-founder and president of Cloudflare, someone who's been at the forefront of keeping us all safe. So this is the panel. And to just set the context, this panel is actually going to form its point of departure, the convergence of real threats, physical threats, supply chain threats, digital threats, the geopolitical moment, the polarizations, the lack of international cooperation, and, of course, the struggle for defining partnerships for the future that can keep up with technology and keep pace with technology. There's a global Cyber Security Outlook report. Please tune in to that. It has some interesting findings. But most important question that I derive from that report is the kind of leadership that we need, to respond to this moment, which once moves beyond the hard reality, then starts thinking about AI and other emerging technologies that will fuse into the questions of cybersecurity, will become an interesting board poser for the board level officers, the C-suite officers. So without further ado, let us set a baseline. Let us ask each of the panelists first. How is the threat changing? How is the world changed from a cyber resilience perspective? And what are you in your jobs finding different or or or similar to what happened before? So let's start with you, Michelle.
Great. Well, thank you so much. And I think you covered so much, Samir, in your opening remarks. And I'm excited to dig into all of that. And so some of the things that we're seeing changing at Cloudflare is that, bigger and more so there are more cyber risks and cyber attacks and they're larger and scarier. And so just to give you an example, in 2025, we saw the record for a certain type of attack called a distributed denial of service attack, also known as a DDoS attack. The record was beat 25 times in 2025. So there was like a record beat. And then it got beat another 24 times. So that that is bad. That is bad, a bad news. I think that, we'll get into it. But just I do think that some of the solutions today are getting a lot better. So that's the good news. But it is absolutely something that leaders have to stay top of mind. And then AI is accelerating the new types of attacks. And so in addition to more and bigger, there's a lot more new ones that are scary and so a lot more phishing. And so the other data point is, AI bots that impersonate humans, we see up 1,400% over the year. And those are very credible, very real. And as leaders, it's it's very scary. There's a lot of impersonation happening.
You know, before I turn to Catherine, let me ask you one more question. How are the different sorts of enterprises responding to this new age big enterprises versus the smaller ones?
So it's interesting, I think that there's a there's a dividing, there's it's quickly the field is getting divided. There are some organizations actually a lot of financial institutions, including Mastercard, who take cybersecurity very seriously. When you're dealing with money, you have to you've had to deal deal with anyone. Dealing with money for a long time has taken cybersecurity very seriously. And so they have very modern defenses. And so they're actually very well protected. What I worry a lot about are some of the enterprises who haven't adopted the modern solutions, because the legacy solutions are falling over and not meeting the need. And so what happens is this often happens on a Friday night, a Saturday morning when the teams aren't online and it becomes an emergency and a crisis in these organizations. And it's it's very stressful. And so there's a separation of the field. And so there's a group of organizations who have modern defenses and are in good positions. But there's there's kind of the the messy middle where they haven't quite adopted it for a bunch of reasons we can get into. And and there they are feeling the impact. And that that is worrisome.
Catherine, let me turn to you. How is the nature of cyber risk changing, especially in the geopolitical context? Yes, in the context that the physical and the virtual are fused. And of course, the world we live in today is far more exciting.
Yeah. So we call it, in fact, that the DNA of crime is changing. And the DNA for us is a digitalization online that is making that is the new crime area we need to work on. It's nurtured online and it's accelerated by AI. So all the crime areas we saw before, we see them now, but accelerating accelerated much more. And the reach to regular people is much bigger. So when we when we were talking before about data, data, it is something static. It's something we own. We protect. When we look at criminals. Now, it's a feature. It's a weapon. And how we describe the cycle of digital data, it's still deal and repeat. It's really an another way of working with data. If they have the data, it's an asset by itself. You get it. You can sell it. You can sell it again. And, it is not staying stable anymore. So the steal deal and repeat, thing for us, it's very important. What we are confronted with is a law enforcement. Of course, we we still work on national level. We have a lot of police cooperation, but I think, what we need to do much more is align with private sector to see how we can make our economy or system or a digital ecosystem safer for the future.
I'm going to come to that as a separate thread of conversation. But let me ask you another question. How is the linkage between organized crime and cyber crime now playing up in your world?
When I look at the period of corona, the Covid 19 period, then we saw that organized crime groups they hired in, digital, people, now we see that organized crime group, they invest themselves to have the digital people in-house, to make their own digital safe environment and to make abuse of their digital environment. And we also see that AI is massively used by organized crime groups because it facilitates the business model. You only need a computer, you need a bit, a bit of people that are technically, schooled. And you can reach a lot of people where we saw in the past that the drugs, cartels were the most important ones for destabilizing our economies and our rule of law. Now, we predict that in the future it will be. The digital crime frauds are much more easy. You don't need an infrastructure, and you gain a lot of money and you reach a lot of people with that. So we see that everything is moving online, and that is very worrying because we do not always have the right protection tools to prevent crime in.
The digital environment. I'm going to come back to you a little later on the cross-border partnerships and relationships we need to foster to respond to it. From from your perspective, Hatem. How is risk change in a geography? You're in a geography, which is perhaps a digital first geography, which is an exciting, dynamic, fast growing economic unit which is based on technology and adoption of technology, is being the service hub and innovation hub. How are you seeing this play out?
I think there's, definitely the same threats that we talked about, which is the threats on organizations and companies. But also now there is the worry that with, the increase of cyber threats on infrastructure, on some of the things like, self-driving cars as we're getting now into a drone environment. So the cyber threat is going from just normal criminal behavior that will try to have a financial side to a very disruptive, almost weaponized cybercrime as well. So we've seen also this coming from, let's say, criminal organizations to state actors. And at the moment, I mean, in addition to our normal businesses in technology like fintech and content and so on, we run a critical infrastructure in 20 countries. So mobile networks and fiber networks, and we see over that a huge increase. So, you know, Michelle just mentioned, you know, the increase of DDoS attacks 25 times. We see that. And it's now important not only to protect organizations. Sometimes there are whole nations that get that pressure on their networks, which is very, very disruptive to the ecosystem overall. So this is one side that we see and we need to move as fast as these. Let's say bad actors are moving to provide the protection. But on the other side, we have the great opportunity that we see coming with AI and also a lot of exposure coming from AI, because as more and more companies are implementing AI agents, that become another potential loophole where again, the bad actors can come. So as these, agentic AI, processes and agents are able to talk to systems within companies, we need to make sure that we create more of the zero trust systems to prevent the incursion of new threats coming from these new technologies. So it's a it's, you know, as much as opportunity is coming now, we have to all be very, very careful. I don't think it's optional anymore whether to invest in cybersecurity or not. It's become essential.
Now I want to ask you a specific question that I think is is also coming from the surveys of large organizations. They find supply chain challenges, third party vulnerabilities. It is the component integrator integrations into your fiber networks and other networks that you manage as being one of the key determinants of secure systems, right. So how are you managing cyber resilience and cyber threats when you are dependent on so many external parties to service your big large networks and businesses?
So again, as I said, the opportunity and the threat are there. So we're using a lot of new tools. I mean, we we cooperate with lots of partners. Cloudflare is one of them, but with a lot of other partners to make sure that also from a network perspective, from an infrastructure perspective, we are looking at any unusual behavior. So sometimes you need to, isolate a certain customer to prevent a whole network or a whole nation from being under threat because of an attack on that customer until you can remove that threat. So we need more intelligent networks. We need to continuously monitor for different behaviors. And the same way that, you know, people are using AI, capability or agents for hacking or for bad action. We also have agents that are looking at new behavior or different behavior and isolating it early on to be able to protect the network.
So you are in some sense more cognizant of malicious hardware being embedded in your systems today.
Very much so.
Okay. Michael, I want to take this conversation to a higher level. I think there are a number of points raised right now. One, of course, is the digital divide. Big corporations are safer than smaller ones. And I think Mastercard has been working on this. And I probably want a perspective on how you are onboarding many of your customers to a safer plane, but generally from from where you sit. And we heard that financial systems need where there is money, there needs to be safety. How are you assessing this new landscape where you have hardware and the digital sphere now deeply interconnected and in many ways mutually beneficial or harmful?
Yeah, it's a it's a great question. So underlining a lot of what was said here before, a headline for me is like, it's systemic and cutting across the physical world. It's cutting across the geopolitical world, cutting across the societal world and the corporate world. So these cyber threats are all there. I think we are realizing, the magnitude of the problem, we're far away from, having all of the answers. You just laid out a lot of options there that certainly need to happen in the corporate space. I think there's another angle to this. We are, you know, we just raised, how AI can help in defend. But if you take a step back and think about the promise of AI is a technology that can do so much for a path to prosperity, for driving growth and so forth. If people don't trust AI, they will not use it. So this is not the defense side of this conversation. It's the offense side of the conversation. So if we don't build in a trusted layer around these technologies, the use will not be there. So we have a strong partnership with Cloudflare. And that's exactly for that point. We say this is kind of cyber proof is a very big word. So I don't want to go there. But embedded security, we're using all the threat intelligence there is. And you as a consumer or as a small business, you can trust that. So let's talk about small business for a moment. We just talked large corporations. Where do the fraudsters go? They go for the weakest link and small business, largest employer in the world. And they are unprotected. So we feel really for us as larger corporations and people who are focused solely on cybersecurity, we have to do a much better job in protecting that. So those are all things that come together to take this to a higher level. But I think we're all alert, and the fact that we're even having this conversation is going to take this forward.
You know, Michael, I think I heard a conversation yesterday that, in fact, I moderated a session yesterday where on the barometer, cooperation barometer that was produced by by.
Edelman.
McKinsey and, and McKinsey. And, one of the interesting outcomes was that even as, collaboration has is tapering off and some of the partnerships are seeing a steep fall, new forms of, of arrangements are coming up new innovative way you know, systems multilateral sorry mini laterals or public private partnerships, new relationships are emerging. Are we seeing in the cyber threat domain some new kind of partnerships that are essential and that are emerging and that are actually responding to some of these threats?
So let me respond with, just a slightly different angle to start with. So we see some geopolitical fragmentation. No question. We're seeing more focus on self-sufficiency and resilience in countries across the world. But it's very interesting when wherever I travel, you bring the topic of cybersecurity on the table, topics of sovereignty and so forth recede a little bit to the background and said, oh, yeah, we should talk because the hackers and scammers, they don't care about borders, they're not interested. So it's all about partnership. Now there's different variations on how much you partner and all of that. And here's where you know, to in a more specific answer to your question, Sameer, the the idea of kind of digital spheres that are secured, where you find different kind of arrangements, I think that's that's definitely true. So Europol there is a focus on international. Yes, but there's a focus on Europe. With that in mind, we put Cyber Security Center in Europe to bring together the private sector, to bring together law enforcement and say you have the law enforcement authority, private sector has the innovation can bring the latest technologies. That's a model, and you go somewhere else. You have different kind of models, but the thinking is there. We need to find something. Clearly the it covers everything solution is a dream that will not happen. So we got to be pragmatic, but it's also very clear. Like this morning I was in a conversation on stablecoins. Yeah, I was all about excitement. How all the things that stablecoins will solve. And I think there will be the answer to a lot of things, not everything. But it was also clear, hey, this technology will not deliver. If there is a question on who's behind the transaction, where, how do we deal with fraud? What happens if something goes wrong? So there was suddenly a conversation under partnership where you have the crypto players and the stablecoin players and established organizations and banks, we got to come together. I think it's still early days to say, here's five models emerging, but there's enough to go with.
So Catherine, let me turn to you. Europol catering to Europe, not necessarily international. So let me now ask you that question that the cross-border nature of criminals. And we discussed some of that in your previous intervention. How are law enforcement agencies keeping up in this moment when politics is failing us? So how are institutions continuing to keep the the train running, as.
It were?
When I look at Europe, the European Union and the partner countries, we have around 50 countries in our home, in the headquarters, working together. There is really an understanding that we need to fight together to tackle crime, and that we also have a responsibility to share the knowledge we get out of the criminal activities, to share that with the private sector, so that you can develop tools to protect the ecosystem, the networks, traditional law enforcement activities are not acceptable anymore. It's not enough for the future. So we need to look at other ways of working. And for me, this is and for Europol, we invest a lot in working together, not only with, for instance, our national, partners like the intelligence community, but also the private sector. That's why we were really vocal on having an agreement from the political level to allow us to work together with the private sector. And, we are setting up different projects, worldwide with private sector. For instance, we have this project asset where we put the countries together with cases of fraud, where we would all our experts together to do the crypto tracing and where we put the financial sector with us. Also Mastercard, PayPal and so on. And there is a direct communication about, the activities of criminals we see in the digital environment so that private sector immediately can take actions too. So I think that is the future. I saw this, in Singapore working very well already, and I think also in Europe we need to work in that space. But yes, we have laws. We have to convince people, and we have to have this open mindset. But what is very much important for me is that out of the operational data, we take the lessons to share with the private sector so that you can, in fact, help us to make sure that the ecosystem is more secure and that people still believe and keep the trust in the ecosystem they use on a daily basis.
So I'm going to ask you a slightly, maybe slightly provocative question.
Yes.
And it's for all of us. And maybe you might be, best placed to respond to it. Others might shy away from it. So so here is my question to you. Catherine. National governments and formal actors today are weaponizing cyber space. In the last 2 to 3 years, we have seen a massive, overwhelming weaponization of the space by by actors of all colors. And let's be honest, all of us have weaponized this space. How does this development, where now it is seen as a legitimate arena of contest color, the capabilities to keep businesses safe? Because now we are dealing in a real world, right. So how does it influence your operations as a as an institution that is actually meant to meant to keep us all safe? When your armies and your governments use the same domain for for conducting operations against adversaries and maybe, you know, I'm going to come to you as well because you would have seen this happening.
Yes.
Yes, we see indeed the blurred lines between state actors, non-state actors and criminal groups. We see that state actors are using criminal groups for their own purposes to launch DDoS attacks. And during the day they use the infrastructure of the state. And during the night they launch the attacks for the state. So for both, there is something in for the state. They can hide after the criminals and for the criminals. They can hide after the state, and they do not have to make the investment because the infrastructure is already there. Then, when you look at our traditional system of policing, it's not enough that police forces are working on that. That's why we need to cut the lines between, and to reflect really on the future. How will defense police intelligence services work together to tackle this also together with the private sector? And that's where we are working on at the moment. It takes time. It takes discussion. We need to respect the boundaries of the different agencies. But if we do not put the information and the intelligence together to tackle that, we will never win the battle. And there is a readiness to discuss that and to work already together. We did set up also some activities and some operations in that area, and it's working. If we have clear understanding and if you can work in a trusted environment with trusted partners, of course.
Do you ever have a conversation where you tell the governments, can you keep away from this domain and stop making my life more difficult? Do you ever have to say that to them? Yes. I mean, don't answer that. Let me.
I want to hear the answer. Don't you? Yes, yes. No. I mean.
Samir, you bring up a good point where there are some very sophisticated bad actors out there. And as an organization, whether you're a small organization or a large organization, that's scary because it feels like the adversary is very well-funded and very sophisticated, and that absolutely is happening. We've seen in a lot of different ways. Catherine took us through some examples. We see that. And I think that's one of the and and they are sophisticated and very well resourced. We do see this, especially the nation state attacks. The other part that actually hasn't been brought up, and this is also very scary since Covid, is how many insider threat insider issues there are. There's been, some very well documented cases from just last year where, people are employed, but they're really working for the Iranian government, and they've been employed by many organizations, many organizations in this room. And it took a long time to catch those people. And they have their their identities. It's it's it's very it's very sophisticated. So these things are happening. And, you know, when I work in cybersecurity, when we first started to I mean, we're 15 years old when we started to to talk about cybersecurity, everyone said, you need to use more fear, uncertainty and doubt to sell your services. I've never been one to use fear, uncertainty and doubt to sell my services. It's more about, hey, let's help protect and find the solution. But these things are scary. You have to take it seriously. The good news is that even with these nation state advances which are happening if you're an organization, small or large, there are good modern day defenses that will help you. And Cloudflare is one solution. There are many others. It's not just us and the same resources they're using to launch these attacks. Modern day defenses are using the same things to help protect the organizations, and the name of the game is to have better defenses than than the than the adversary. And it's possible. And so this is back to your point about large networks and the capacity. And so the modern day solutions have that including ours. And we can just see how effective it is. And so I think that is the good news. So even it's a very scary time. But if you're an organization taking this seriously, you can protect yourself. And you can never say you're 100% protected because that word just never doesn't exist in cyber, because you know that there's always you have to stay ahead. But you can you can be doing all the right things and be in a much better position than not. And so I think that's the good news, and I hope that more entrepreneurs and more organizations keep to provide the solutions so that as these other threats emerge, which are scary, you say, well, at least there's a solution, something I can do about it.
I'm going to get to here, and I want to just, draw a little bit of a convergence here. I think she brings us back to the point on trust. Now, you know, when identity can be faked. You know, when the permission led systems are over, the idea that you would give access through permissions is over, and you had to build a culture of trust within and outside, the ecosystems you work in. And I think I'm going to come back and ask you a little bit on that, that how do you create that trust based ecosystem first to you?
Okay. So I think there are some best practices to to address this question. And I think.
I thought you were going to tell me, how do we stop nations from weaponizing cyber.
Yeah.
This is it.
Okay. So this is it. I haven't I have something on the trust which I will add later after Mike. But on this level, I think the best practice is to have a lot of sharing of information. And that can happen in two levels. One is the national level. The best practice is to have a national entity that coordinates between all the different between the police, the intelligence, the network operators and the big, let's say, critical infrastructure companies. Actually, for example, in our home market in the EU, there is a Cyber Security Council that does exactly that. The gentleman who runs that was speaking in one of the sessions in the morning. So this is one level where we share information on a national level, and we have that in quite a few of our markets, but not everywhere. And then the other one is sharing information, for example on police level. So on, on security level or for example as a telecommunication network in the GSMa, which is our industry body, we have a security center where we share immediately when we see any new threat, so that people know that these threats are there and understand either that we have found a way to to prevent it, or at least other people can help work and prevent it. So this is on these two levels. So one is sharing internationally with the with like minded organizations how to protect. And the other one is on a national level. So this is happening today and is effective to a great extent. And of course having a global partners that see also on a global scale. And they talk to their customers, including us, like Cloudflare, for example, saying, look, this is happening. Be careful. And they send that to everyone. So while the sophistication is increasing, also the defenses are increasing.
Michael. Lots of it. Lots to unpack. One, of course, the weaponization of the space by state actors. Right. Those the good guys. I'm talking about the good guys weaponizing the space as well. And that's a.
That goes both ways. Absolutely.
But also the question of, moving from permissions to trust and how do you create that transition?
I just want to comment on a couple of things before.
We get there. The trust point you talked about, Katherine, when it comes to information sharing, you know, we live in litigious societies, and sharing that you've been compromised is not everybody's first thought. So, you know, there are some complications in that. And it does really require to take a look at the legal environment to say, this is this is good. It's permitted. You're not going to get in trouble with your shareholders and all these kind of things. So I think lowering that threshold to get more trust and information sharing is important. And I think to your point, yes, there are there is information sharing going on. It's effective. We've been leading in the US across the whole financial sector for a while coordinating exactly that across sector. You're doing cyber defense range and all these exercises. The problem is if a participant is attacked and then shares, it's already happening. So speed is the problem. So we've addressed that and said, okay, we got to kind of get into the business of from, you know, predicting. So I cannot just sit here and react. And even if it's the best reaction, it's too late. So what can I do to pick up signals earlier? So we acquired a threat intelligence company to do exactly that recorded future. And this is what we now do with our customers and partners and across the industry to basically say, hey, there's this activity. You should expect that there is a set of, threat vectors that are emerging very, very quickly. Please raise your your defenses, because nobody can outspend this problem. You cannot defend against everything. So if it's not intelligence led, you're going to lose. So we got to be much more targeted. And so I think this all adds up to a pretty good plan. And Samir, your question was.
And my question was. that my question was exactly what you responded.
Great.
But of course, within organizations for the insider, for the insider threat, right. As companies move from a permission based architecture of the past, where you actually had passwords to allow people entry to certain domains. So now, a trust based architecture, how a big corporation like Mastercard thinking about it.
Yeah. So the whole zero trust approach obviously goes through. We only get as far as you need all that I think most organizations develop organizations would would do that when it comes to how we take these solutions and expose them in the digital economy for our customers and their customers. Take banks, take businesses that bank with banks and so forth is get as many signals as possible. So we just talked about bigger threats, but it comes down to other things. Could be identity. You raised identity earlier. It could also be your location data. It's many, many data sets that come together with a 99% probability score. This is a good transaction. Let it happen. So more data which requires organizations to have access to their data. So a lot of work has to happen to make the data available. So if I sit a lot of data then and I cannot use it and use it quickly, then it's obviously a problem. A lot of people are organizing their data for a whole different reason is they want to make use of AI solutions. So this is actually where the two topics come together very nicely. You can use the updated data infrastructure and lineage work and everything that you're doing to also drive the defenses and say, I'm going to take ten signals. And now I can say this is good, let it go.
Okay, I'm going to open this up to all of you now, and you can come in and pose your questions to this wonderful panel. But as you prepare your questions and thoughts, let me just put one and I can see a hand there. We can get the mic here, please, if we can get a mic to the gentleman here, to this gentleman here. But let me also just put a question out there for all of you, which I'll come back to later and just think about it. What is that one big idea or one big investment that leaders need to be making now to keep their organizations and the ecosystem safe? And I'm just keeping that. We'll use that as a concluding. Thoughts from each of you as we move towards the last five minutes. But please go ahead, sir. Quick introduction and pose your question.
Dave. I'm the chief technology officer for Pearson, the world's largest learning company. I appreciate the human element that you've brought into this different piece. We know we need to do a better job at, you know, we have enough difficulty getting where biologically suspicious as humans to to, you know, and yet we still can't get training to be done. Right. You know, the pencils down. Let me go somewhere else and take a 20 minute course, then answer multiple choice questions. Doesn't work. So we're focused on how do we embed those learnings into people's lives. But the question I want to raise you triggered, and Michael and Michelle, you reinforced it. As we think about applying agents within our environment, agents again, unless you've messed with the weights of the models underneath C ten to want to please. And so the notion of how do we how are we collectively sharing insights around how we're creating and tuning these agents to be suspicious and to be able to not be fooled by the same ploys and tactics that humans are fooled with. I'm just I'm simultaneously motivated and terrified that we have enough difficulty getting the humans trained to be effective at preventing cyber attacks. Now I've got to do it for humans and agents in the combination. I'd love one. I'd love to work on it with anybody, but. But I'd love your perspectives on on progress being made to get agents inherently tuned, or a Guardian agent that's embedded into the workflow, and an agent agent basis progress around how do.
We you know, I like this. I like the way he's posed the question and implicated each one of you.
And I did start with a thank you. I thank, thank you, thank you for all you're doing to protect us.
So go ahead.
Look, I think actually you touched on it. So the same way with human agents that you need to have a monitoring system. So with human agents, you know, remember many, many years ago we started saying all calls are recorded for quality purposes. So the same way that this is happening today in the way human agents are there, where you have a monitoring system to see how the agent is performing and what they do. We would need to create that also for AI agents. So you need to set up guardrails and having kind of guard agents that are in a separate system that look into how your AI agents are behaving and immediately flagging anything that is going out of the ordinary. Because as you say again, many of these agents are being programmed in plain language, and it's very easy that they the programming goes a little bit awkward if something goes out of context that lets the agent do something that they shouldn't do. So having these guardrails and having these Guardian agents that overlook your AI agents is essential. We never could have relied 100% on a human agent to work if there is no supervision, and that will hold true.
So now we will have a hierarchical supervisory architecture for agents as well.
But it's much cheaper, it's much cheaper.
And and I would add one of the things I would just add.
Because I think that you did a great job describing that is so this word zero trust has come up a little bit. And what that just means is it's you have to prove who you are every single time you're doing something. So instead of like, what if you get into the front door of your house, you can get it through the whole house. Now it's you get through the front door of the house, but then there's a key for the drawer in your kitchen, like so. And you have to different key for the vaults in your in your house anyhow. So, so that's what zero trust means in a corporation. And what's interesting with agents is you need to think about it as an extension of your team. So you think about them as an extension of your employee base. So just like this idea, organizations are adopting zero trust for their employees so that if something happens they can't get very far. The same thing will happen with agents. And so you will have the checks and balances, but then you'll also have the other security systems that you can use. Now, your question wasn't quite like that. You were more about the llms going into it, into the content. I think it's interesting. We have a lot of these technologies where you don't want any of your company data to be leaked, so those are more like data loss prevention. The same things will be happening with the agent side. But then how do you train them in a way that makes it. And again, these are these are all solvable issues. And I'm excited for these conversations to come together. And people will go solve the problems as they arise.
So you can work you can be working with her. So now you got Michael. You want to come in?
Yeah. So it's a great question.
And, you know, we sit here today and we talk about the answers. I will expect that the answer is how to deal with, keeping our world safe with a lot of agents. They will evolve. But there are some examples today, and it's, in my view, a lot of our existing defenses, although they are imperfect, but they're getting better, as we have just spent 20 minutes talking about, they actually do work for, for agents. So if you think about an agentic experience that touches our lives increasingly and, you know, it happens in companies, but where are we all exposed to that is in the context of agentic commerce. So, you know, you're going to go to your favorite chatbot and you're going to ask chatbot for whatever you want to buy, and it gives you ten recommendations, and you're going to say checkout. So suddenly there's somebody conducting a payment on your behalf. So how do we keep that safe? That's a very practical example to your question. What are we going to have keep it safe the exact same way as every other payment, because the same set of rules there extended is exactly when you said, just think about another team member, it's just another payment, entity in the existing ecosystem. So for now, that will serve us well for some time. While we think where the where the world is going. But I would argue e-commerce is one of the use cases that touches our AI use cases that will really touch our eyes rather quickly, while the rest is being talked about here in Davos quite intensely. But it hasn't reached us. But that will. And we got to keep it safe from day one. Otherwise the digital economy and digital commerce will kind of lag.
Catherine, you want to comment?
Yes. I think, the monitoring of, of, of this is extremely important and having standards worldwide that are, that are accepted worldwide.
That is also.
I just want to have a look behind me if someone wants to come in and pose a question here, I just want to make sure that I've covered the room. Otherwise, as we move into the last five minutes, I really want to come back to that leadership question that a our has cyber now really got the space at the boardrooms that it deserves and merits and necessitates. And two, what should be that big idea, big investment that companies and leaders should be making at this particular moment as we move into a whole brave new world. So who wants to start? Let me start with you.
Sure. Great. Well thank you. I, I, I think we can do more at the C level and the board on the topic of cyber, what I see is some of the business leaders outsource it to their technical teams because it is a pretty technical topic. But I do think it's a business topic. And, and I do think CEOs need to have a point of view and actually think Michaels is an incredible example of a CEO of a large organization that that doesn't outsource, that that has a point of view on it. And so I think there's still room to grow there. Of course, we all love our security teams and our technical teams, but as a business leader, you can also understand the basics of this. And you're going to need to because it's really important for both, making sure that your revenue keeps flowing and, and and minimizing risk. So I think that's just point one on on that that hasn't been brought up. And then just the big idea, you know, we this panel is about cyber supply chain. We touched on it a little bit. But in a more interconnected world and we are absolutely more interconnected. That is a huge risk for organizations. And you can do, especially if you are at a large organization, you actually can help raise the standards there. And what I mean by that is you can insist within your contracts with these third party services saying, hey, what kind of security posture do you have and you have and insist that they they meet the need? And I do think that will raise all bar, because right now what's happening is, there's a lot of taking advantage of some of these third party services that don't have such strong security postures, and that's how they're getting into these other larger organizations that have very good security posture. And if we don't solve that, it's going to be hard to continue to push forward a lot of the interconnectedness work that we've been able to make happen in the last five years, but we really have to solve that piece. And so that does concern me, and I think that there's still work to be done there.
So in a climate change vocabulary, we have to be now worried about the more three vulnerabilities 1,000%. Thank you. So, Catherine.
I think it's a responsibility from all of us, private sector, public sector, that we build more and more on the resilience of society, of children, digital literacy, and then also the critical mindset of the people in the future who will use all these tools more than we do now. So I think we need to make a big investment in that, to have the training schemes and the schools up to date, because we are not there yet. I think it's also a responsibility to us.
So from a telecom perspective, I think there are two, two sides. So one is building security into the connectivity. So observing what's happening in the connection, whether it's for a single customer or a corporation and being able to immediately flag when something wrong seems to be happening. So this is one side and then the other side, I remind you of something. Although telecommunication is, you know, considered a little bit old technology, we still have the SIM card, whether it's physical or it's an e-sim, but the identity associated with a phone number is still a very, very strong, way to protect people and businesses, because it's unique and it's and it's safe. And now we work, for example, with GSM, not us, only in M, but the whole industry, for example, with Mastercard, that with the customer consent, if they're using their card, we can check immediately if they are in the place where their card is supposed to be used or not, and flag if something is going wrong. So there is also an evolving, you know, evolving technology by working together. Telecommunication provider, you know, the owners of the cyber prevention or cyber crime prevention, software and of course, financial institutions and other institutions. By working together, we can protect people more.
And a very quick question. Are you looking at the supply chains as a business prerequisite when you make decisions on on procurement or partnerships?
Of course we are. Yeah.
Good, good. So that's that's a response to yeah of course Michael.
Yeah.
Let me just add on that point, you know, what we're finding as a company, what we're finding with our customers, not everything matters the same way in your company. So you will have as a business the crown jewels, whatever it is in your business is, you know, it is allowed. So if you look at that and say for that, I want to go to the nth degree of third party dependency. So it's not third party dependency, it's like 10th party dependencies. You really have to do that. You cannot do this for your whole company. But I think that is a really important part of what we should all do. I feel there's a fundamental investment that needs to be made across the private sector and the public sector, and it should be a joint initiative. And that is truly building on what you just said, Tim, is we need better identity. We generally need better identity and the kind of smorgasbord that we have on identity solutions across the world, like India has done a great job. There's other models elsewhere, but a number of times I live in the United States. Like it's your local driver's.
License, Estonia.
And, you know, there's too much divergence there. And that is a big building block, in terms of somebody is behind any, any activity. And if that's a fraudulent activity, if you know who it is, at least it makes it a lot easier. The final thing I do want to say is, the human aspect of it, you touched on capacity building. So you need a cyber workforce. In the US, we have 700,000 open cybersecurity jobs that are not filled. That's a problem. And then I don't know the numbers from from other countries, but they will be big. So putting that capacity behind it but also in the company. So yes, we have zero trust and we yes, we have an exciting we have a we have the board focus. But what happens in an attack. How do you avoid it. Everybody freezes and doesn't know what to do in a ransomware attack. So really, you know, training the workforce constantly on dealing with.
That.
On how do we respond to all sorts of situations.
Really important.
We are completely out of time and we've had a fantastic conversations. No need for a wrap up. Just watch this again. Please join me in thanking the the panelists for the wonderful.
Thank you, thank you, thank you.