- 8 hours ago
For years, trust on the internet rested on a relatively simple assumption: we knew who we were interacting with, where data was stored, and which systems were responsible for keeping it secure. AI is starting to challenge all three. From increasingly sophisticated cyberattacks and synthetic identities to growing questions around cloud infrastructure, data governance, and digital sovereignty, trust is being tested across every layer of the digital ecosystem. As AI becomes both a powerful security tool and a threat multiplier, how do we build systems that people, businesses, and governments can continue to rely on? And in a world where trust can no longer be taken for granted, who is ultimately responsible for protecting it ?
Category
🤖
TechTranscript
00:00So here to further explore this, we have Marius Briedis, CTO of NordVPN, and Damien Lucas, CEO of Scaleway.
00:09And this conversation will be guided by Jamal Basriya, leader of cloud and cybersecurity of PwC.
00:17Please prepare to welcome them to the stage.
00:40So, good morning, everyone, and welcome to this conversation that will focus on AI, security, and trust.
00:49So let me start with a simple observation.
00:52For years, trust on the Internet was almost invisible.
00:56We assumed that identity were real, information was authentic, and systems were reliable.
01:06But today, this assumption is breaking down, definitely.
01:11At PwC, what we see is quite striking.
01:15Organizations are investing massively in cybersecurity, and yet trust is not improving at the same pace.
01:23So many leaders even believe that AI is expanding their attack surface rather than reducing it.
01:30At the same time, AI can now discover and exploit vulnerabilities at a scale and speed we've never observed in
01:38the past.
01:39So we are entering in a world where both attackers and defenders operate at machine speed.
01:45So that was the introduction.
01:46I'm very pleased to have this conversation with you guys, an interesting one.
01:50So let's start with a simple question, quite philosophical.
01:54So has AI broken trust from your perspective, or has it simply revealed that it was fragile in the past?
02:02So probably I will start with you, Damien.
02:04Can you get your perspective on this?
02:07Yes, sure.
02:08And thank you.
02:09Thank you, everyone, for being here.
02:11My perspective on this is probably both.
02:15I'm sorry, that may be an easy question, but let me elaborate a little bit.
02:20Obviously, this space is not that secure, but now with AI, it's possible for a lot of persons to actually
02:31use the different vulnerabilities in our security.
02:35So it's not only it will reveal that there are vulnerabilities, but it's also it will reveal it massively, and
02:44it makes available a lot of different tools that anyone can use.
02:50That's definitely true.
02:51That's definitely true.
02:51What's your perspective on this, Marius?
02:54I'm going to take a different angle.
02:56I think security is all about the protection.
02:58We're going to talk about technology in general.
03:00It's about encrypting traffic, encrypting data trust, and all those things that we know and do these days.
03:06But if we're going to talk about the trust, we have to talk about the confidence.
03:10And the confidence is a totally different topic.
03:13It's about where we are putting our information, do we trust that we put information in the good direction, and
03:19how we are using it and who is accessing it.
03:23So from what I heard from you guys, I feel like trust was fragile in the past, and then there
03:30is a kind of acceleration that we are living right now.
03:32So let's expand on that question.
03:34So everyone tells us that AI will make security stronger.
03:39We've discussed earlier today, and I feel like you have more and more work than in the past, and that
03:46you are investing more and more time in it.
03:48So why is that?
03:51Damien, probably your perspective.
03:53Again, because AI is so easy to use for attackers, for discovering vulnerabilities, obviously we know more and more our
04:06vulnerabilities, and we have to actually fix them even quicker than ever.
04:15So because of that, it's a lot, really.
04:19It's a lot of work, and it's getting more and more work.
04:22And keep in mind, AI is also used to build new services very quickly, not always very securely.
04:33So still, we also need them to be very active on security because the world is going faster.
04:39The whole world is going faster.
04:41We're deploying faster.
04:43We're actually developing faster.
04:45But at some point of time, we still need to spend a lot of time to check the security, to
04:53solve the security issues that we have.
04:56Thank you, Damien.
04:57Are you having more and more work with AI?
05:00We do.
05:01And honestly, I see how we develop software totally different right now.
05:06And I see we stop kind of in the first part of the pipeline, how we develop it.
05:10We do more comments.
05:12We produce more software, et cetera.
05:14But it doesn't mean that we push the production even more because we have to double check and make sure
05:19that the software has the quality that we need and we want to do it.
05:24So I think the first part, we are really good at it right now, just producing the goal and then
05:29sometimes even not looking at it, which is kind of scary from the security point perspective, right?
05:34Well, the second part is how you're going to push it and are you able to push it really quickly
05:39as well?
05:40And that's the second question that I'm totally always asked right now is the ROI of AI.
05:47And nobody can answer that these days, I think.
05:51So are we really solving the problem with AI?
05:53It feels like developers have less work to do and that pushing on us, cyber security guys, the work.
06:00So what's your feeling around that, Marius?
06:03I've talked with a lot of developers from juniors to seniors.
06:06And what I've seen, the trend that seniors is really the last adopters of AI in general.
06:12And for me, it's kind of striking.
06:13When you show them the power of the tool, then they discover and go do it and build with it.
06:19But usually it's about POC and MVPs, right?
06:23But the juniors just take it and do it.
06:26And it's kind of scary to look into the future because they don't even look at code in that direction.
06:30So for me, it's kind of interesting to see where we're going to go from that.
06:35Anything to add on that, Damien?
06:37No, I perfectly agree.
06:38Yeah, me too.
06:41So if both sides, I mean, we feel like defenders and attackers are benefiting from AI as we speak.
06:50So is one of them taking most advantage of AI?
06:54Don't say both, please.
06:57Want to start?
06:58Well, in fact, I definitely have an opinion on that, but I won't give you my opinion.
07:07I'll give you what I assume on an everyday basis.
07:11I assume that it's benefiting more the attackers than the defenders.
07:17I'm telling my team that it should benefit them more than the attackers.
07:22My team is a defending team, obviously, as part of a cloud provider.
07:27We're defending our cloud on a daily basis.
07:29But we should assume that it's benefiting more the attackers.
07:33We should assume that the attackers are using all the latest technologies in AI and even more
07:39because this is the only way we will be able to protect correctly our cloud.
07:44Do you agree?
07:45Totally.
07:46Look, guys, you don't need coding skills right now to do a scam or phishing website in general.
07:52You just shoot up the cloud of code, ask for it, and you just, oh, we go.
07:57Cloud, I don't even deploy somewhere on the cloud, right?
08:00We have these kind of things happening right now.
08:03What's the biggest difference, I think, why the attackers are leading right now?
08:06Because the blast radius, they don't care about it.
08:09They can do it as much as possible and cause as much possible damage as much as possible in that
08:14way.
08:15The problem for the defender is that you have to verify it.
08:18You have to fix the vulnerability or you have to take down the site, etc.
08:21And this takes more work, and this is why for attackers it's easier, in my opinion.
08:26Still, I feel like the attackers are more benefiting from AI.
08:30As we speak, when you look at the trends of attacks, actually, and I think you see that as well,
08:38we really see that they are benefiting a lot from AI.
08:41So let's shift gears a little bit.
08:42You mentioned something earlier.
08:44It was quite interesting.
08:45You used the word, which is trust.
08:48So security and trust are often used interchangeably.
08:52So people really know the difference.
08:55Some others probably not.
08:57So what is the difference really between security and trust from your perspective?
09:02We can probably start with you, Marius.
09:03I think it's about input and output in general.
09:06When you put the information into any LLM that is on cloud or whatever you're hosting it,
09:12I don't think a lot of people are thinking right now what they are doing,
09:15whether they are doing from the B2B perspective or B2C.
09:18I've seen a lot of people and even my friends right now just chatting with the cloud chats about the
09:25medical things.
09:26And this is going crazy for me.
09:28Why are you trusting to put that information in that?
09:30Do you know where it is going and what's happening afterwards?
09:34So not a lot of people are thinking about it.
09:36And this is where we're going to shift about human behavior and how they interact with the technology in general.
09:43Interesting.
09:43I'll get back to that later.
09:45So what's your perspective, Damien, on this?
09:47Well, if you apply that on the cloud, and that's obviously what I'm doing,
09:52think about what's a secure cloud and what's a trusted cloud.
09:56That's pretty obvious.
09:58And there's one word I haven't talked about, it's sovereign cloud.
10:01Maybe we'll talk about it later.
10:03But think about secure cloud, trusted cloud.
10:07Of course, we have a secure cloud.
10:09And most of the clouds are secure clouds.
10:13And we're thankful for that.
10:15But a trusted cloud is radically different.
10:19A trusted cloud is about the way it is operated.
10:21It's not only is it secure,
10:23it's also the way it's actually being operated on an everyday basis.
10:30I fully agree.
10:31And I'll get back to sovereignty because all these topics are very complex and linked.
10:35But before that, I wanted to jump in on your point about trust.
10:41So it feels like, from what you said, that we'll have to check everything in the future.
10:46So do you see ourselves implementing a lot of controls to check whatever is coming out from AI?
10:53So what's your view on that?
10:55I think a lot of organizations are already doing that.
10:58But this is usually what's happening first within the business environment.
11:02We put those guard layers or whatever we are using at that time to make sure that the information is
11:07not leaking, etc.
11:09But I hope that people, especially in this conference, which are tech-savvy, that are going to use the AI
11:14with a little bit of salt right here.
11:17But in general, yes, I think that's the issue right now that we have to solve.
11:22And we're going to see how we're going to do it.
11:26Thank you for that.
11:27So we'll shift now to sovereignty.
11:28So let's talk about this preeminent topic that we've been talking a lot, I think, over the pastures.
11:35But I feel like there is a kind of momentum as we speak.
11:39So many companies have diversified their cloud providers over the pastures to reduce the risk.
11:47So from your perspective, is it enough as we speak?
11:53It's definitely not enough.
11:55And for a very good reason.
11:57Most of the companies, in order to diversify their cloud, they've been looking at the top three clouds available on
12:06the market for the past decade.
12:08And they chose two of them.
12:12Very simple combination.
12:14You put it the way you want.
12:15It's either GCP and AWS, GCP and Azure, or AWS and Azure.
12:20But that gives you most of the combination possible and the way most of the company actually mitigated the risk
12:28of becoming dependent to a cloud provider.
12:31But the risk is now completely different.
12:34The risk is about geopolitics.
12:38And the risk is about depending on a technology coming from a foreign power.
12:44In that case, the U.S.
12:46But if you're looking at other clouds, it might be China.
12:48It can be others.
12:50And now, the right way of mitigating the risk is actually having multiple clouds, obviously.
12:56But having multiple clouds coming from multiple nations.
13:05Not only one nation.
13:07And this is a new risk.
13:09And very few companies have actually one U.S., one European cloud.
13:13Or one U.S., one Chinese cloud.
13:15Or one Chinese cloud, one European cloud.
13:17This is a totally game-changing requirement.
13:23And this is what we announced this morning with LVMH.
13:26LVMH used to have U.S. and Chinese cloud providers.
13:31And since this morning, they now have three different cloud providers, including one European.
13:37And guess what?
13:38It's K-Way.
13:38Obviously, that's the reason why I'm mentioning it.
13:41So, expanding on that, you mentioned that cloud sovereignty is a political issue.
13:47Do we really think it's a political issue?
13:51Or rather, what I feel like being a business resilience, business continuity issue?
13:58I'll let you expand on that.
14:00It's probably at the crossroads on that.
14:04Why is it an issue to rely, for example, on a U.S. cloud provider?
14:10Two reasons.
14:12One is political.
14:13One is business.
14:14The first reason is data.
14:19Data stored in a U.S. cloud can actually be accessed by U.S. federal agencies.
14:28This is basically the Patriot Act.
14:31This is what it is.
14:32And your data is not safe, but it's not safe for federal agencies.
14:37So, mostly political questions.
14:40Even though that could be political questions for business purposes, but political questions.
14:47Second, very important about the cloud is the resiliency of the cloud.
14:52One of the reasons why companies are moving to the cloud is because it's much more resilient.
14:58It operates in a distributed way, et cetera, et cetera, and it runs 99.95%.
15:04This is the SLA you find on any cloud provider.
15:08But then, there is a second question.
15:16And we've seen that this weekend.
15:22And we've seen that this weekend.
15:24There is a kill switch button.
15:27There is a kill switch button.
15:30This is possible to say, this technology will not be accessible by non-Americans.
15:37And it's been used.
15:39And it's not the first time it's been used.
15:41And that put the business in a critical situation.
15:47Agreed.
15:48So, as part of this conversation, we sometimes focus a lot on technology.
15:52And it feels like it's a more deep topic, actually, which includes other considerations.
16:00So, talking to the cyber guy, because I understood you were the cloud guy, and there is the cyber guy.
16:05So, talking to the cyber guy, we often see human being the weakest link when it comes to, I mean,
16:14within cybersecurity.
16:15And we've been seeing that a lot in the past.
16:20So, do you think it's still the case?
16:23And I will add another question on top of that.
16:26What's, from your perspective, the most typical errors we make, or organizations make, when they use AI?
16:36Well, guys, we all love and use technology these days, right?
16:40We cannot imagine our lives besides that.
16:43And it's great.
16:44We create a lot of great things.
16:46We move forward as humans, et cetera.
16:49But usually, how we use the technology is the key, right?
16:52And for us, tech, geeky, savvy people here using the technology, knowing how it works, it's great.
16:58We encrypt our traffic.
17:00We encrypt our data at rest.
17:02We even encrypt data in you sometimes if you're really advanced.
17:05But that's the problem.
17:07When the new technology comes in and we don't understand it yet fully, we tend to make mistakes.
17:13And that's where the human firewall comes in in my mind.
17:17Because the tech, usually you can have the stack and it's going to be great.
17:20But how you use the technology is totally different arena.
17:23And especially if you're going to talk not with so young guys right now who are born with phones and
17:29going to be born with AI these days, I guess.
17:32We're going to see different areas.
17:35When I talk with my mom, usually I teach her about phishing, scanning, phishing, whatever it is these days that
17:41we get the attacks from.
17:43So I think the first part, yes, the human firewall is necessity.
17:47How you approach the technology and you have to be vigilant and you have to educate yourselves like always.
17:53And we do that in the organizations, right?
17:55And the second part, I forgot.
17:57Sorry?
17:58The second part, I forgot.
18:00You forgot.
18:00The typical errors organizations make when they use AI or people like us.
18:05I think the typical error is just trusting what you are seeing online too much.
18:13In general, right now we have the ability to work and create with AI so fast, so many things.
18:19Look, we have only the attacks with the video calls from the CEOs for their CEOs to transfer the money
18:26these days.
18:27You know, the Hong Kong scenario that happened in 2024.
18:30I think you have to just verify and do it constantly.
18:35Thank you very much.
18:36So I'll try to summarize all of what we said.
18:38So if I step back from this discussion, I feel like AI will not reduce complexity.
18:44It will definitely increase it.
18:47I feel like security teams are under more pressure, not less.
18:52And I feel like you're feeling that every day, and you as well.
18:57Trust is required to be built, actually.
19:01We can see now it's getting more and more fragile and that there is a clear call to action to
19:06build it and to make it stronger for the next couple of years.
19:09And we also heard that it's not only a matter of technology, but a broader perspective needs to be brought
19:16in, especially probably broader business consideration.
19:20Business resilience is an important topic.
19:22So probably as a closing remark, how do you see, what's your perspective if you look 10 years ahead or
19:31where we will be standing?
19:32And we'll use that as a closing remark.
19:35Starting from you, Mario.
19:36I'm so excited.
19:37It's the best time to live, honestly, especially within the technology.
19:41And what we see right now, the LLM is going exponentially.
19:45They are getting better and better at coding and everything.
19:49Myself, I am by coding every day.
19:51I'm like kids.
19:53Again, I'm pretty, pretty hyped about that.
19:56What about you?
19:57Fully agree.
19:58Exciting times.
20:00Looking 10 years ahead, I think new technologies will come and will disrupt again, just like AI has disrupted or
20:10is disrupting the current situation.
20:13Thinking of mainly quantum.
20:17I think quantum is coming and quantum will revolutionize all that.
20:22And it's very important to get prepared for quantum.
20:25Getting prepared for quantum is very important.
20:28Most of the cloud providers, including Skyway, already offer some quantum services.
20:33You should start getting acquainted with quantum algorithm because it's going to be big.
20:41So thank you very much, guys.
20:43It was a great pleasure to have you as panelists.
20:45So thank you again for all your insight.
20:48And please give them a big round of applause.
Comments