Transcript
service provider ecosystem, recording live here at Mobile World Congress Barcelona 2026. From securing AI adoption to threat intelligence, business strategy, security operations, and value-added services, we bring expert insights into helping service providers grow, stay resilient and ahead of the curve. So let's dive in. I'm your host, Ronesh Pihar, Director of Technical Solutions Marketing at Fortinet, and I'm joined today by Gary Hervé of Fortinet. Gary, thank you for being on the show. Great having you here with us. Thank you very much. Let's start with something which is a bit generic. There is this race or arm race between, you know, bad guys and the bad guys, attackers and defenders. Where do we stand? Who is winning? Is it the bad guys? Is it the good guys? How would you categorize it? You know, this has always been a cat and mouse game. So sometimes we were a little bit forward. Sometimes attackers were a little bit ahead. Now AI changing this in a way that it's such an interesting technology that we all have to figure it out how it fits the best into the use cases. It's not like other technologies we had before that we designed for something specific and then we could solve it. It's kind of a technology that we have and now we have to figure out how to use it. And we do that parallelly with the attackers. But even before AI, my impression is that we are winning. The good guys are winning because there's a huge amount of attacks, but the vast majority are not successful. Exactly. Right. So in a way we are, even before AI, we are, there is this race, but we are in a better position. Exactly. Yeah. So, I mean, in the last 20 years, cyber defense matured a lot, like, you know, 20 years ago we had a couple of protection devices like firewalls. Now we have full-fledged stocks where, you know, people looking at alerts 24-7 every day of the year to figure out whether it's malicious or not. So there is day and night between how it was done 20 years ago and how it is done today. So and in that sense, attackers also changed. It became more of a business compared to in the past, they were, you know, individual hackers doing attacks, mostly just for the sake of it or for fun. But as, you know, people realize that there's money in it, it turned into a business. We have specific groups focusing on getting credentials, then selling it to other groups. And, you know, some groups are just working on ransomware and providing it as a service. So it is very business oriented, but that also brought down the, it's much easier now to get into cybercrime. Yeah, exactly. Because you don't have to be a born hacker. Cybercrime is a service. Exactly. You buy the credentials from an initial access broker, you buy the malware from ransomware as a service provider, you log in, you have to hack around a little bit. But once you've deployed ransomware, often the ransomware as a service provider does the whole negotiation for you and then you just wait for the money to come in. So in that sense, hacking and attackers also changed a lot. But I think we are in a very good position to defend. I think, you know, often there's this discussion of predicting what's going to happen next year or in two years or in five years. But I think the tooling and the capabilities available today are enough for like 19% of defenders. Yeah, exactly. They just have to use it. Yeah, exactly. Exactly. So I think that's a good starting point. I mean, we are at an arm race, but we are winning. We are in a good position. So let me, at that point, at that starting point, let's introduce AI. So AI is used for attackers and for defenders. So let's investigate these and let's start with the attackers. So how are they using AI today and how do you see that evolving? As CGPT came out, which was obviously a turning point when we talk about AI, the first obvious use case for attackers was to create better phishing emails, which I find a little bit embarrassing that they needed artificial intelligence to write grammatically correct emails. But now they have that as well, so they can do that. Then, you know, the whole social engineering changed a bit because of that. It's much, much faster, much more targeted. You know, deepfakes can be used in various attacks, like, you know, calling the CFO to transfer money or the whole North Korean IT worker scheme where attackers get into the organization as IT workers and then often do the whole hiring process and the team meetings, everything with deepfakes on to kind of cover up who they are. So that was the first obvious use case for attackers. Now, as it evolves, there are multiple use cases where they can still use it. So creating new malware, I think it's not so interesting. Obviously they can make it faster. Now individuals who don't have the skills to actually write the malware, they can do that. But at the end of the day, the malware that comes out of it is not necessarily more sophisticated than what we had before. There might be a turning point where they will be able to create new type of malware or new techniques that we haven't seen before. But that's not the case. Right. An interesting aspect where they use AI in the malware is kind of a defensive agent technique. Instead of having, you know, hard-coded commands in the malware, they use prompts to get those commands. And some of the traditional security tools like antivirus won't be able to detect that because the malicious code is not available. So that's why, and that's what I mean, that we do have the tools to protect against this. So I can EDR have the capability to look at the whole behavior of malware execution and decide based on that, not just the content of the file, whether it's malicious or not. So we have the capability there, but it's important that defenders also deploy those capabilities. So not stick to traditional antivirus, but really move into the direction of state-of-the-art, you know, AI-supported EDR technologies. And finally, what I would really point out is that we have to be careful with AI systems because obviously the deployment of AI was really, really fast. It's not comparable to any past technology we had. So everybody started to deploy AI, but the AI systems themselves are becoming an attack surface. Right. They increase the complexity significantly, especially because these are non-deterministic systems. So we, which means that we don't really know what might come out at the end. So it's really hard to, it's really hard to decide where there could be problems. So, and attackers and security researchers as well. So there's a lot of security research done on that and we have to learn from those. But everybody is looking at AI as a potential attack surface. So if somebody already deployed AI systems, especially if it's externally facing, then definitely look into how you can secure that. Exactly. So you've touched upon it. And my next point that I wanted to discuss is what is the impact on the user of AI? It can be a service provider, it can be a telco, it can be an enterprise, right? So in short terms, how does an enterprise need to now look at AI and the security risks and how do you need to protect it from an attacker perspective? Yeah. So definitely it has to be integrated in the risk assessment. And with special focus, I think, because as I mentioned, because of how AI works, the understanding of the whole system is not trivial. Exactly. So you really have to look into it. So when we look at cyber attacks generally, one important is the input a system gets, because that's where the malicious code or whatever it might come. So the input could be a phishing email into a system, or it could be data in an input field on a website. These could be all used for various attacks. So when we look at the AI system, we also have to look at the inputs. But the problem is that almost everything is an input in an AI system, not just the prompt that you write, but all the data that your system is going to look at, because it's going to look at, parse it and kind of try to understand it. But during this whole process, it could be exploited. So whether it's a prompt or whether it's a calendar invite your email or your AI agent is looking at, those could be all malicious. It's a different way to look at risks when we're talking about an AI. So, okay. So we talked about the attackers. We talked about how the enterprise should maybe change a bit the way that they look at AI and the risks associated with it. Let's talk about the defenders. How do we use AI to defend? I think we have many opportunities. So that's the key point. That's what I would like to emphasize, that AI is not just an opportunity for attackers. Most of the AI features are as valuable for defenders as it is for attackers, except maybe for social engineering. That's clearly more useful for defenders than for attackers. But I think where defenders have an advantage is the amount of data that we have on the defense side, whether it's a security operations with all the logs they collected or a network operations center with all the data. Because AI is based on data, this is going to be a long-term advantage for defenders to use this immense amount of data to build better AI systems for defense. So I think that's a clear advantage for us. But ultimately how we try to look at it, especially at Fortinet, is these three layers of AI defense. The one is AI Protect, which is basically using AI technologies to build better protections. This is not new at Fortinet. We have been doing this for 20 years, starting with machine learning for malware analysis or web traffic analysis, then behavior analysis for EDR, NDR, etc. So generative AI is just an additional tool in this toolset. So that's the first layer, AI Protect, where we try to use AI technologies to build better protections. Then the second layer is AI Assist, which is what we mostly call AI nowadays. So this is this assistant-based generative AI, agentic AI system. And the idea there is that we could provide these assistants in any kind of environment where the assistant has access to the local data. So let's say in a security operation center, the assistant will have access to all the tools in the SOC, whether it's the SIEM, the EDR, SOAR, etc. And when we ask questions to it, or we don't necessarily even have to ask, so when an alert comes in, the assistant can immediately enrich the alert from additional tools. So for instance, reaching out to the EDR and pulling more data from the endpoint where something suspicious happened. And when the alert gets to an actual analyst, there is already more data there and they already saved hours of work manually collecting that data. But this also works in network operations where you might have a performance issue somewhere in your network and the AI assistant can help you pull the available data and analyze it for you and explain why this problem is happening. And it also generates a new configuration file for your firewall to solve the problem. So there are unlimited possibilities, basically, how you can use an AI assistant either in a SOC or in a NOC. And the third layer is secure AI, which is what we talked about, is basically fighting the risk of AI systems, trying to safeguard that new attack surface that AI systems are creating. And this can be done on multiple layers, whether it's looking at the inputs into the AI system with prompt injections or malicious files being uploaded, then seeing the interactions between AI agents, whether there's something being changed, something unexpected happens, but also looking at the output to see whether that could be malicious in any way. So I think that's a really important point that AI systems don't necessarily have the capabilities to save themselves. So we do need some kind of protection around them to make sure that they operate securely. So if I summarize before we terminate this, first of all, probably when we talk about securing the new AI attack surface and the new AI systems and its adoption and integration within enterprises and service providers, we're talking about, as you mentioned, it's very wide. In fact, securing the entire AI stack from the infrastructure that it runs on, the LLMs, the AI agents, the AI applications, and of course the users and data. And another thing is when we look at AI from an attacker and defender perspective, for the long term, we probably have the advantage because we have that enrichment and quantity of data, which they don't have the short term, they might have because they have no more, they have no limits, they can use it immediately and do that. Would you agree with that? Yes or no? Yes. Excellent. Thank you very much for being with us and sharing your expertise. Thank you very much. That's all for this episode of Fortinet OnAir, recording live here at Mobile World Congress Barcelona 2026. Fortinet OnAir is available on YouTube, on all podcast platforms and Fortinet TV.
