A Q&A with Chris Lafleur and Vince Kearns of Trend Micro

AI technology—and all of the promises and threats it embodies—continues to evolve at a breakneck pace. As the cybersecurity world races to adapt to this double-edged sword, it will have to embrace all of its capabilities and vulnerabilities. We talked to Trend Micro’s Senior Cybersecurity Strategist, Chris Lafleur, and Cyber Risk Specialist, Vince Kearns, about their observations and forecast of AI-powered threat detection; including details on how their Digital Twin technology is pushing past the previous boundaries of reactive AI seen in other XDR detection data and tooling.

How does digital twin technology differ from traditional testing methods?

Unlike static penetration tests, digital twins support ongoing adversary attack simulations. They are “living” models that use continuous data from sensors, open data sources, 1D and 3D scans, generative AI, and IoT devices to reflect real-time system behavior. This dynamic approach to cybersecurity monitoring tools provides a scalable, constantly updated virtual environment for testing and monitoring without resource drain or operational disruption.

What are the main advantages of using digital twins in cybersecurity?

Digital twins allow for ongoing simulation and probing of an organization’s defenses to identify potential vulnerabilities and system misconfigurations. When integrated into a cybersecurity platform, simulation outcomes can trigger automatic remediation or targeted recommendations. This proactive approach helps organizations stay ahead of threats by continuously testing and validating their defenses. Digital twins offer several key benefits:

• Real-time visibility into vulnerabilities and system configurations
• The ability to simulate a wide variety of attacks and scenarios without downtime or physical risks
• Reduced impact of penetration tests to production environment
• Improved lifecycle management from design through maintenance
• Smarter, more informed decision-making owing to continuous, accurate data

Does this digital twins technology make other human roles in red teaming, pen testing, and other simulation tech redundant?

Yes, digital twins help security teams test their environment against real world threats to a digital representation of their IT estate. This opens up opportunities for virtual red team exercises without the resource constraints. Additionally, it enables security teams to test the impact of a security remediation effort at scale. To test if there are downtime implications from applying a patch or changing a system configuration.

During DEFCON 33, there was an interesting experiment involving AI and human hackers. What did it reveal about the current state of AI in cybersecurity?

At the DEFCON 33 hacking conference, a human team competed against a generative AI “vishing” engine in the Social Engineering Village. The result was that humans defeated the AI, demonstrating that the human element remains critical in cybersecurity. Despite AI’s ability to scale attacks, humans still excel in social engineering and deception tactics. We’re still stressing about all these AI bots, but I don’t think people realize that we’re just not quite there yet. It’s a reminder that while AI tools are powerful, they haven’t fully replaced human ingenuity yet.

Considering the rapid development of AI, what is the outlook for AI’s role in cyberattacks and cybersecurity?

Some in the AI privacy and ethics field believe we’re just a few generations away from models that could pose significant threats—and maybe much sooner. However, many experts emphasize that current AI isn’t as advanced as some fear. The consensus is that AI, at its present stage, can empower attackers at scale, but human skills remain vital.

How are cybersecurity companies preparing for AI-driven threats?

AI-powered threats are going to become a new norm at some point. What we are seeing is that instead of trying to run away, how about we create AI-powered “fuzzbox” equivalents to counter the surprise of an AI-powered malware. The good news is we are at least a few more AI generations away before anything substantial will impact organizations.

How does your digital twin platform enhance proactive cybersecurity?

Using tooling like a Digital Twin, customers can expect to go proactive all the time to test their defenses with little overhead. This allows them to understand their risks better and actually take charge on what is important and high urgency versus just run the mill ticket events today.

How does this shift from reactive to proactive cybersecurity influence the industry?

AI-powered privacy and security are two big focuses in the cybersecurity tooling race. Unfortunately, trying to catch bad actors in real time is a losing battle. The focus is now on predicting threats and neutralizing them proactively. AI enables us to build digital twins that forecast attack paths and mitigate risks in advance.

What final message would you like to convey to organizations considering digital twin technology for cybersecurity?

Embracing digital twins is a significant step toward more resilient, intelligent cybersecurity management. They provide real-time insights, facilitate continuous testing, and enable faster, smarter decision-making—all vital components of an effective AI-powered risk and threat detection strategy in today’s rapidly evolving threat landscape. By adopting this innovative approach, organizations can better address their security requirements. By combining all aspects of a CTEM program, organizations are able to better protect their assets, reduce risks, and respond more effectively to any incident.

If you would like to start a conversation on digital twinning, AI, or cybersecurity, please reach out to Chris Lafluer and Vince Kearns.