As AI becomes more deeply embedded in every layer of business operations, the cybersecurity landscape is evolving in step. What are some of the big new threats coming into the frame?
The biggest new threat we see is scale. AI is enabling attacks to be scaled in ways we have never seen before. This manifests in a couple of ways, particularly in speed to market. For example, if a vulnerability is disclosed in a product, attackers can now quickly codify against it, bring it to market, and deploy it at an incredible pace. Previously, an entire team of developers would be needed to figure this out, but with generative AI, attackers can go from vulnerability to deployment and attack almost instantaneously. This pace challenges signature-based security systems, which cannot keep up with the speed of exploitation. There is also a growing number of criminals moving from traditional crime to digital attacks, creating an increasingly large and organized ecosystem in the ransomware world.
Additionally, government-sponsored attacks are another major shift, with highly resourced actors leveraging AI for scale and efficiency. We are seeing geopolitical tensions driving a rise in such cyberattacks, with nation-states using cyber as a tool to destabilize infrastructure. A good example is when the U.S. conducted a strike on Iran nuclear sites—there was no blowback on the U.S. as we expected. But this might not apply to China, especially in the case of a potential conflict, such as a Chinese invasion of Taiwan. In that scenario, we would be dealing with an actor with far more advanced cyber capabilities. This is the kind of reality we are facing. We are currently in a period of peace, but that could change quickly when it comes to cyber aggression in geopolitical conflicts.
How would you evaluate UK-built systems compared on the global stage of advanced cybersecurity technology?
We have incredible access to engineers, particularly because of our proximity to Cambridge University, and the Oxford-Cambridge-London corridor has been vital to our growth. During Brexit, there was concern about the impact on talent, but there has been enough done in the UK to ensure the pipeline remains intact. The UK is a world leader in the quality of technology it builds, though it faces challenges in scaling that technology. In terms of talent and technology, the UK remains strong, but the scaling process can sometimes be more challenging.
Darktrace has a self-learning AI, described with terms like “pattern of life”. How does that work?
We use a variety of machine learning techniques to learn the pattern of life inside a business, including how users work and how assets are communicated with. We believe we are the only company using this approach to learn how a business operates and “breathes.” Once we understand that, we can spot anomalies within the system. The biggest benefit of this technology is that it does not rely on external factors to tell it what to look for, meaning we do not need signature-based systems that require constant retraining.
Instead, we use a range of classifiers to monitor everything from digital activity to communication over email. For example, we track how individuals interact with the internet and communicate with their peers. By combining this data, we can identify significant anomalies that might not show up in traditional signature-based systems. Our approach works well alongside traditional security systems and allows us to detect novel attacks.
You spoke about the speed of exploitation ramping up. Darktrace has an autonomous response product. What does machine-speed defense look like in practice? And how comfortable are your clients or enterprises with systems that act independently?
This has been a fascinating journey for our customers. The autonomous response technology has been around for nearly 10 years, but in the early stages, people were skeptical—letting AI decide what to shut down seemed too disruptive. Now, however, it is a boardroom conversation. Clients want AI to take autonomous actions and help solve productivity and headcount issues. There has been a shift from disbelief to an expectation for AI to handle these tasks.
To ensure smooth deployment, we do not just leave the AI to operate in isolation; we give customers the ability to understand the decisions being made. We deploy the system as a “dial,” starting at level one, where customers learn how to work with AI. Over time, as trust builds, they scale up to full deployment, where AI handles the heavy lifting, particularly when it comes to isolating attacks.
In ransomware cases, human intervention is simply too slow to be effective—AI is always on, never takes breaks, and can respond to attacks at machine speed, which puts businesses in a much stronger defensive position.
Can you identify any patterns or increases in cyberattacks in specific verticals or geographies in the last 18 months?
We have certainly seen operational technology being targeted more heavily, particularly in sectors like energy, manufacturing, and healthcare. These industries have connected systems that extend beyond traditional business boundaries, making them attractive targets for attackers looking to hold them for ransom. When you start dealing with complex industrial control systems, security becomes very difficult to implement. For example, in some cases, we cannot even install agents on these devices. Instead, we have relied on machine learning techniques to analyze and piece together data from these systems. This approach has gained significant traction, and we have seen a huge rise in interest in our operational technology offerings.
Where are the world’s biggest hacker hubs?
In terms of attacker hubs, it is still largely nation-state driven, with China, Russia, and North Korea being major players. North Korea has seen a significant increase in its cyber capabilities, largely due to the money flowing in through its cyber programs. China and Russia use cyber as a strategic tool for reaching into other countries, and they tend to have well-resourced operations.
When it comes to cybercriminal activity, there are hubs in South America, but also strong presences in Eastern Europe. These criminal groups tend to operate in areas where cross-jurisdictional police cooperation is difficult, which allows them to act with relative freedom. The harder it is for international law enforcement to collaborate, the more these groups can thrive.
What technology or policy evolutions could fundamentally reshape how attackers target systems, or how we defend them?
One area that is going to be fascinating is the increasing thirst from boards for businesses to adopt more AI, and to do so quickly. This is a very new domain, and it is going to change the attack landscape significantly. As more AI systems are deployed, there will be questions around how to govern these agents, how to test them before they are deployed, and how they respond to different scenarios.
Over the next five to ten years, the rise of artificial general intelligence in businesses will change how attackers target systems, and a lot of research will be required to keep pace with that shift. Another key area is quantum computing, which could revolutionize cryptography. If quantum computers reach the required qubit threshold for Shor’s algorithm, they could potentially break current encryption standards. As quantum-safe algorithms are developed, the big hyperscalers will likely need to take the lead in understanding and providing services around quantum. The question of how governments will manage quantum technology before the private sector is ready is also something to watch closely, as it could have significant implications for global cybersecurity.
