Artificial intelligence is advancing at an unprecedented pace. A 2019 report by Stanford, McKinsey & Company, Google, PwC, OpenAI, and others revealed that while AI performance once doubled roughly every two years—consistent with Moore’s Law—since 2012, compute has been doubling every 3.4 months. This dramatic acceleration is evident not only in the frequent rollout of new models by tech giants but also in the emergence of innovative competitors.

Recent confirmations by Google and OpenAI reveal that state-backed APT groups are increasingly employing AI tools—such as Gemini and ChatGPT—to expedite reconnaissance, malware development, and influence operations. AI-tools have the capabilities to discover zero-days.

Current evidence indicates that several state-sponsored APT groups utilize AI-tools to enhance cyber espionage, phishing, and influence campaigns. Certain threat actors are reportedly employing generative AI for targeted reconnaissance on critical installations, scripting automated attacks, and establishing persistent post-compromise footholds. Similarly, some groups have been observed fabricating job applications to infiltrate organizations under false identities. In contrast, other adversaries, while exploring AI-enhanced malware modification and encryption techniques, appear to engage less with externally developed AI tools—likely due to heightened operational security considerations.

Recent debates have focused on whether DeepSeek’s achievement in generating a new model with comparatively limited resources qualifies as a “Sputnik moment” for Western AI companies. This discussion requires distinguishing between developing an entirely new model and adapting pre-existing models. DeepSeek’s approach exemplifies the latter; their methodology involves refining established large language models rather than constructing a new system from scratch.

The figure shows the state cyber program ecosystem to “support or perform cyber threat activities.” (Source: CCCS, 2024 p. 10)

The full report is available at the Canadian Centre for Cyber Security.

Canada’s National Cyber Threat Assessment 2025–2026 by the Canadian Centre for Cyber Security (CCCS), part of the Communications Security Establishment (CSE), brings forward an urgent question: How do cyber threats impact Canada’s national security, economy, and society? By examining the range of state and non-state cyber actors, emerging trends, and strategic vulnerabilities, the report provides insights for understanding Canada’s cyber challenges.

Utredningen återfinns på Regeringskansliets hemsida.

Uppdraget är slutfört. Utredaren har överlämnat delbetänkandet “Ett nytt Nationellt cybersäkerhetscenter – Ändamålsenliga och effektiva former för ledning, organisering och styrning”.

Vad betyder detta för NCSC, näringslivet, samhället i stort och Sverige?

Nedan ger jag mina tankar som baseras på utredningens innehåll. Först beskriver jag de utmaningar som NCSC stod inför. I nästa steg presenterar jag de lösningar som rapporten rekommenderar. Därefter utforskar jag vad dessa förändringar kan innebära för näringslivet, samhället i stort, och Sverige. Slutligen reflekterar jag över den bredare betydelsen för det svenska samhället och Sverige i stort.

This is a translated English version of the original, which is in Swedish at DI Debatt.

Sweden needs a cyber deterrence strategy and, together with national and international partners, conduct offensive cyber operations against threat actors

A clear Swedish cybersecurity policy is important for deterring cyber threats and showing that attacks have consequences. Examples of a well-designed deterrence strategy can be found in the US, the EU and Australia. In light of the recent ransomware attack that affected more than 120 authorities and businesses, this should also be considered for Sweden.

Note to readers: I was scheduled to participate in the panel discussion at the CyberPeace Summit 2023. However, due to unforeseen timing constraints and prior obligations that I could not reschedule, I was regrettably unable to present my intervention. As I believe the contents of this speech are critical and worth sharing, I have decided to publish it here for the broader audience. While I wasn’t able to deliver these thoughts virtually, I hope they provide value and insight to those interested in the topic.

Cyber Security, Definitions and Agencies

Cyber Security is a fundamental pillar and of utmost importance to secure our reliance on interconnected information systems in networks of networks facilitated by information and telecommunication technologies. Supervising two extraordinary individuals participating in the Leadership in International Security Course (LISC), a highly competitive eight-month course in international security designed for high-performing professionals seeking to enhance their careers and effectively respond to the world’s most pressing security challenges, has been a transformative journey: a journey where it not only underlines the importance of not only cyber security but also the invaluable role of guidance and supervision in updating and deepening the knowledge of the participants in the cyber security policy field.

On 24 April 2023, The US Director of National Intelligence (DNI) Dr. Avril Haines was invited to a public conversation with Carnegie’s Dan Baer on combatting digital authoritarianism. This is a summary of her presentation. The entire presentation including the Q&A session is on Carnegie Endowment’s YouTube-page.

Today, democracy is increasingly challenged by autocratic leaders that contest over information, defined as “the increasing use of digital technology to promote authoritarianism.” The DNI highlighted the importance of intellectual exchange between the intelligence community and think tanks like Carnegie Endowment to “challenge our thinking and work to ensure that we are focused on what matters, and not missing the broader strategic pictures.” This collaboration is especially fruitful in understanding the landscape, addressing the problem, and focus in one aspect of a problem.

On 16 March 2023, the U.K. Cabinet Office announced that the social media app TikTok is banned on government electronic devices. The reason?

A security review ordered by the Cabinet Office Ministers aimed to look “at the potential vulnerability of government data from social media apps on devices and risks around how sensitive information could be accessed and used by some platforms.”

Euronews reported on 17 March 2023 that in addition to the U.K., “New Zealand, The European Parliament, European Commission, and the E.U. Council,…, Belgium, Canada, Denmark, India, Taiwan, and the United States” have banned TikTok from government devices. Euronews reports that Afghanistan and Pakistan have also banned the app.