Open Forum #3 Cyberdefense and AI in Developing Economies

Summary

This discussion focused on cyber defense and artificial intelligence challenges facing developing economies, moderated by Olga Cavalli with experts participating both in-person in Oslo and remotely. The panel examined how AI is transforming cybersecurity landscapes, creating both new defensive capabilities and more sophisticated threats that can be executed rapidly compared to traditional attacks that previously took months to develop.

Ram Mohan emphasized that cyber defense readiness in emerging digital economies requires comprehensive capabilities to anticipate, prevent, detect, and recover from AI-driven cyber threats. He highlighted that modern AI attacks can masquerade as friendly forces and are increasingly individualized, moving beyond brute force methods to targeted, sophisticated approaches. Mohan stressed that developing skilled workforces capable of understanding and harnessing AI systems represents a significant economic opportunity for developing nations to potentially leapfrog more developed economies.

Christopher Painter noted the proliferation of international forums discussing these issues, from regional organizations to UN working groups, creating resource challenges for smaller countries trying to participate meaningfully. He expressed concern that AI discussions might overshadow fundamental cybersecurity basics that many developing countries still lack, such as national computer emergency response teams and trained law enforcement.

Wolfgang Kleinwächter drew parallels between today’s “AI divide” and the digital divide of 20 years ago, arguing that knowledge sharing remains crucial since knowledge can be shared without additional cost. He emphasized that the AI divide could lead to a security divide, where some countries become less secure due to capacity gaps.

Philipp Grabensee argued that developing countries must focus on cutting strategic deals with major powers to gain access to large language models, since only the US and China currently possess the resources to develop these critical AI capabilities. Luis Adrián Salazar shared Costa Rica’s experience with major cyberattacks, emphasizing the need to connect human needs with technological solutions and create concrete roadmaps for developing countries. The discussion concluded that international cooperation, knowledge sharing, and strategic partnerships are essential for preventing a widening gap between AI-capable and AI-dependent nations.

Keypoints

## Major Discussion Points:

– **AI’s Dual Impact on Cybersecurity**: Artificial intelligence is fundamentally transforming cyber defense by enabling faster threat detection and automated responses, while simultaneously empowering attackers with more sophisticated, scalable, and personalized attack methods that can operate at unprecedented speed and precision.

– **The Growing Digital Divide and AI Access Gap**: Developing economies face an increasingly severe disadvantage as AI capabilities become concentrated in major powers (primarily US and China), creating what speakers termed an “AI divide” that could leave smaller nations unable to defend against AI-powered cyber attacks without access to large language models.

– **Human Capacity Building as the Critical Bottleneck**: All panelists emphasized that skilled human resources, rather than technology alone, represent the primary constraint for developing economies in cyber defense, requiring investment in training programs that combine technical AI expertise with policy understanding and cyber defense capabilities.

– **International Cooperation and Diplomatic Solutions**: The discussion highlighted the need for developing countries to engage in “cyber diplomacy” and strategic partnerships to gain access to advanced AI defense technologies, potentially through foreign policy deals and knowledge-sharing arrangements with technologically advanced nations.

– **Regulatory Challenges and the Urgency of Action**: Speakers noted the difficulty of creating effective international regulations for AI in cybersecurity, with existing frameworks often becoming obsolete quickly, while emphasizing that developing economies cannot afford to wait for perfect solutions and must act immediately to build defensive capabilities.

## Overall Purpose:

The discussion aimed to examine how developing economies can address the challenges and opportunities presented by artificial intelligence in cyber defense, focusing on practical strategies for capacity building, international cooperation, and policy development to prevent these nations from falling further behind in an AI-driven cybersecurity landscape.

## Overall Tone:

The discussion maintained a tone of cautious realism throughout, balancing optimism about AI’s potential benefits with serious concerns about widening global inequalities. While speakers like Olga Cavalli expressed consistent optimism about developing solutions, others like Chris Painter and Philipp Grabensee voiced more pessimistic views about the growing divide. The tone remained collaborative and solution-oriented, with all participants emphasizing the urgency of action while acknowledging the significant challenges ahead. The early morning timing (with Chris Painter joining at 3:30 AM) underscored the global importance and urgency of these issues.

Speakers

– **Olga Cavalli**: Dean of the National Defense Faculty of Argentina (managed by the Ministry of Defense in Argentina), Director of the South School of Internet Governance

– **Jose Cepeda**: European parliamentarian from Spain (participated via video message)

– **Ram Mohan**: Chief Strategy Officer of Identity Digital, former ICANN board member, Chair of the Security and Stability Advisory Committee of ICANN

– **Christopher Painter**: Former director of Global Forum on Cyber Expertise, first high-level cyber diplomat of the United States during President Obama’s administration

– **Wolfgang Kleinwachter**: Professor Emeritus from University of Aarhus, former commissioner of the Global Commission of Stability and Cyberspace

– **Philipp Grabensee**: Attorney, former chair of Afilius

– **Luis Adrian Salazar**: Former ICT Minister of Costa Rica, currently professor at Universidad Latina in Costa Rica

Additional speakers:

None identified beyond the provided speakers names list.

# Expert Panel Discussion: Cyber Defence and Artificial Intelligence Challenges for Developing Economies

## Executive Summary

This expert panel discussion, moderated by Olga Cavalli in Oslo, examined the critical challenges facing developing economies in addressing AI-driven cyber threats. The panel brought together cybersecurity and AI governance specialists to discuss how artificial intelligence is transforming the cybersecurity landscape and what this means for countries with limited resources.

The panel comprised Ram Mohan (Chief Strategy Officer of Identity Digital and former ICANN board member), Christopher Painter (former US cyber diplomat participating at 3:30 AM), Wolfgang Kleinwächter (Professor Emeritus from University of Aarhus), Philipp Grabensee (attorney and former chair of Afilius), Luis Adrián Salazar (former ICT Minister of Costa Rica), and José Cepeda (European parliamentarian from Spain, who provided a video message).

## AI’s Transformation of Cybersecurity

### The Acceleration of Threats

Olga Cavalli opened the discussion by highlighting how AI has fundamentally accelerated cyber threats, noting that attacks that previously took months to develop can now be executed within minutes. She emphasized that AI’s impact extends beyond speed to include enhanced precision and the potential for autonomous operations.

Ram Mohan provided specific examples of how AI changes the nature of attacks, explaining that AI-driven phishing attempts can “masquerade as a friendly force and do it in a way that is far more superior than it used to be when you had humans doing it.” He argued that this represents a qualitative shift where existing cyber defence systems can potentially be turned against their operators.

José Cepeda, in his video message, characterized AI as “a structural element of cybersecurity,” noting that while it automates threat detection and response capabilities, it simultaneously amplifies the sophistication and scale of potential threats.

### Debate Over Strategy Adequacy

A significant discussion emerged regarding whether existing national cybersecurity strategies remain viable. Ram Mohan argued that “most national cybersecurity strategies are obsolete due to AI changing the entire nature of cybersecurity,” contending that the fundamental assumptions underlying these strategies no longer apply.

Christopher Painter offered a more measured perspective, suggesting that while strategies require updating, they represent valuable roadmaps that took years to develop and shouldn’t be completely discarded. He emphasized the importance of maintaining focus on basic cybersecurity fundamentals alongside AI considerations.

## The AI Divide and Its Security Implications

### Concentration of AI Capabilities

Philipp Grabensee delivered a stark assessment of the global AI landscape: “You need access to the large language models. And we have only so far, we have China and US who have… The race is over.” He argued that the development of advanced AI capabilities has become concentrated in the hands of major powers, leaving other countries in positions of technological dependency.

This concentration creates what Wolfgang Kleinwächter described as an “AI divide” that has direct security implications. Countries without access to cutting-edge AI capabilities may find themselves inherently less secure in their cyber defence capabilities.

### Strategic Dependencies and Diplomatic Urgency

Grabensee emphasized the urgency of diplomatic action for developing countries, stating: “Their foreign policy has to be fast to cutting deals… trade something, cut deals with them, so they grant them access to their large language models.” He noted that the rapid pace of AI development compresses traditional foreign policy timelines, requiring immediate strategic decisions.

## Human Capacity as the Critical Factor

### Workforce Development Consensus

Despite disagreements on other issues, all panellists agreed that human capacity represents the primary constraint for developing economies. Ram Mohan emphasized that countries need a “skilled workforce with security-first culture who understand how to harness AI systems for cyber defence.”

Christopher Painter noted that countries require “both technical training for technology use and policy training for diplomatic participation,” highlighting the multidimensional nature of capacity building needs.

### The Leapfrogging Opportunity

Both Olga Cavalli and Ram Mohan discussed the potential for developing countries to leapfrog traditional limitations. Ram Mohan argued that “the advantage here for a developing economy is it’s primarily about knowledge and skills. If you develop that, you could actually leapfrog other developed economies and become a real force in cyber defence readiness.”

Cavalli embraced this concept throughout the discussion, suggesting that the knowledge-intensive nature of AI capabilities could allow countries to bypass traditional infrastructure constraints.

## Real-World Implementation Challenges

### Competing Development Priorities

Luis Adrián Salazar provided crucial context about the practical challenges facing developing countries. Drawing on Costa Rica’s experience, which abolished its army in 1948, he noted that “developing countries are not thinking about artificial intelligence… they are thinking about how to reduce the poverty, how to increase the access to the water.”

Salazar shared Costa Rica’s experience with major cyberattacks in 2022 that affected financial systems, social security, and hospitals, demonstrating how cybersecurity threats become concrete priorities only after they directly impact essential services.

### Implementation Gaps

Salazar identified “a gap between political language and technical implementation that needs bridging,” highlighting communication challenges between policymakers and technical experts. Ram Mohan noted that “proactive preparedness doesn’t attract funding compared to reactive crisis response,” creating systemic incentives that favor post-incident recovery over prevention.

## International Cooperation and Governance

### Forum Proliferation Challenges

Christopher Painter raised concerns about the proliferation of international forums addressing AI and cybersecurity, noting that “multiple forums debate these issues creating resource challenges for developing economies to participate.” This creates difficult choices for countries with limited diplomatic resources about where to invest their attention.

### Regulatory Skepticism

Wolfgang Kleinwächter expressed skepticism about legally binding AI regulation, drawing on the experience of autonomous weapons negotiations: “legally binding AI regulation is very difficult, as seen with 10 years of negotiations on autonomous weapons without clear definitions.”

He emphasized that “knowledge sharing is key since knowledge can be shared without additional cost if there’s willingness,” suggesting that informal cooperation mechanisms might prove more effective than formal regulatory approaches. Kleinwächter also discussed how the UN Charter principle of sovereign equality applies to AI governance challenges.

### European Cooperation Framework

José Cepeda outlined specific European approaches, mentioning the NIS2 directive, DORA regulations, and the need for shared security infrastructures. He emphasized European cooperation frameworks as potential models for other regions.

## Key Tensions and Perspectives

### Strategy Evolution vs. Revolution

The discussion revealed a fundamental tension between evolutionary and revolutionary approaches to cybersecurity strategy. While Ram Mohan advocated for recognizing the obsolescence of current approaches, Christopher Painter emphasized building on existing foundations while adapting to new realities.

### Priority Balance

Speakers differed on how to balance AI-specific concerns with fundamental cybersecurity needs. Painter worried that AI discussions might overshadow basic cybersecurity fundamentals, while others argued that AI’s transformative impact requires immediate, focused attention.

### Access vs. Autonomy

The discussion highlighted a dilemma between accessing AI capabilities through partnerships with major powers versus maintaining technological autonomy. This tension reflects broader questions about technological sovereignty in an interconnected world.

## Conclusion

The discussion revealed the complex landscape facing developing economies as they navigate AI-driven cybersecurity challenges. While AI offers potential leapfrogging opportunities through knowledge-intensive capacity building, it also creates new dependencies and vulnerabilities.

The concentration of advanced AI capabilities in major powers presents developing countries with strategic choices between technological isolation and dependency relationships. The consensus on human capacity as the critical bottleneck provides a clear focus for action, while disagreements about strategy approaches highlight the need for flexible, adaptive frameworks.

As Philipp Grabensee noted about the pace of AI development, “it’s not a matter of years, you know, it develops so fast.” This temporal pressure adds urgency to an already complex set of challenges, emphasizing the need for immediate action while building long-term capabilities.

The discussion underscored that cybersecurity in the AI era cannot be separated from broader questions of international cooperation, resource allocation, and development priorities. Success will require countries to simultaneously build technical capabilities, navigate geopolitical relationships, and address fundamental human needs within rapidly evolving technological landscapes.

Olga Cavalli: Thank you very much and good morning to the brave audience that we have them at 9 a.m. here in beautiful Oslo. Thank you for joining us and thank you for those that are online. I know that Chris Painter is online. He’s very brave. It’s like 3 or 2 a.m. in Washington, D.C. Thank you, Chris, for that. So this is an open forum about cyber defense and artificial intelligence in developing economies. My name is Olga Cavalli. I am the dean of the National Defense Faculty of Argentina that depends and it’s managed by the Ministry of Defense in Argentina and I’m also the director of the South School of Internet Governance that has been organized since 2009 and organized in several countries in the Americas with its 17th edition this year in beautiful Mexico City. So let me first introduce my dear colleagues and friends here in the panel. We will have José Cepeda. He’s a European parliamentarian from Spain. Unfortunately, he couldn’t come to Oslo for this meeting and he was conflicted with his agenda but he has sent us a nice video in Spanish but it has captions in English. We have my dear friend Ram Moham. He’s the chief strategy officer of Identity Digital and a former ICANN board member and you’re the chair of… of the Security and Stability Advisory Committee of ICANN, right? That’s correct. So you are a very, very powerful person in the panel. And we have Chris Painter, my dear friend Chris Painter, former director of Global Forum on Cyber Expertise. Hi, Chris. It’s so early there. You’re so brave. Thank you so much for being with us today. And also, he was the first cyber ambassador of the United States at the time of President Obama. This is right, Chris, right? You were the first cyber ambassador. I was the first high-level cyber diplomat, exactly. Thank you. Wolfgang will be joining us, Professor Kleinwächter, Professor Emeritus from University of Aarhus, former commissioner of the Global Commission of Stability and Cyberspace. He will join us a little bit late because he’s arranging his things for his travel to home. We have my dear friend Philipp Grabensee. Philipp is attorney and former chair of Afilius. And we have my other dear friend, Luis Adrián Salazar. Bienvenido. He’s the former ICT minister of Costa Rica and now is professor in the Universidad Latina in Costa Rica, a beautiful country that was host of one of our schools, very well remembered, very nice. So, let me briefly make up some introduction about the issue that I’ve been thinking about. It’s important to reflect and to share with you some thoughts. We know that artificial intelligence is bringing profound changes to many things, public management, economy, regulations, has changed the dynamics of cyber attacks, allowing threats that previously took months to develop, now are quick, executed in minutes. So, artificial intelligence has changed the dynamics of cyber attacks, allowing threats Artificial intelligence is changing many things that we live, but also in defense. The strategic and geopolitical importance of artificial intelligence in the military sphere has a central role in the wars of the future. It can act as an advisor, collaborator, autonomous agent in conflicts, although its use poses ethical and governance challenges. We had a very interesting panel yesterday. I was talking about the session that you hosted yesterday. That was very interesting. Welcome, join us. I already presented you, but you’re here. Thank you very much. We were talking yesterday about autonomous weapons and how artificial intelligence is changing also that landscape. We’ll transform warfare by increasing the speed, precision, and autonomy of military operations, altering geopolitical dynamics, and demanding new forms of regulation and strategic preparation. We’ll be a strategic factor in future wars for several reasons. Speed and accuracy of decision making. Artificial intelligence processes large volumes of data in real time, allowing commanders to make faster and more accurate decisions than humans, accelerating the chain of command and the execution of attacks. Automation and autonomy in defense and attack systems. AI can operate as an advisor, collaborator, or autonomous agent on the battlefield, controlling drones, missile defense systems, and unnamed vehicles, increasing effectiveness and reducing human exposure. Shift the global strategic balance. Artificial intelligence can alter the balance of power between countries, generating risk of rapid escalation and preemptive action due to speed of reaction and perception of strategic advantage, new forms of hybrid warfare and cyber attacks. Artificial intelligence empowers faster and more sophisticated cyber attacks. Advanced operation planning, it enables a simulation of tactical scenarios to optimize attacks and defense plans. And there are ethical and governance challenges. The military use of artificial intelligence raises the need for international regulations to ensure its accountability, reliability and governability, avoiding the risk of misuse or uncontrolled escalation. This was also discussed in the very interesting workshop that Wolfgang hosted yesterday in this same room. So the urgency of having an automated response system and trained personnel is key in this new scenario. So the question is, how developing economies can face these challenges and can profit from these new advantages of artificial intelligence? So there are challenges, there are advantages. Are we creating a new divide in between countries that are very well developed in artificial intelligence and others that are lagging behind? Or maybe artificial intelligence can be used by developing economies, perhaps using them from afar, online, using, profiting from the different systems that are online now. So first we will have a video that Jose Cepeda, he’s a European parliamentarian from Spain, sent us. As I said before, he will not be able to be with us, not even online, because he’s busy. But he sent us a very nice video. The video is in Spanish, but it has captions in English. Can we show the video, please?

Jose Cepeda: and the 25th International Forum on Internet Governance. First of all, I would like to send a warm greeting to Olga Cavalli, the soul of all these days, who has allowed me to be here today with all of you, even if it is virtually. Unfortunately, I would have liked to be there, but this time, you know the length, on many occasions, of my obligations, but I do want to thank the opportunity of being able to share with all of you reflections and concerns. On the subject of artificial intelligence, I believe that artificial intelligence is already a structural element of cyber security. It is transforming defensive systems, automating threat detection, shortening response times and expanding, in an important way, the coverage of our protection. But it must be recognized that it also amplifies threats, making them more complex, more scalable and, above all, much more effective regarding their objectives. Due to the impact of artificial intelligence, among other reasons, in a short time we are going to face a panorama of different cyber threats, unprecedented. In terms of cyber security, it is crucial to integrate disruptive technologies such as AI, but also to address post-quantum cryptography and protect digital critical infrastructures. We are seeing the global scenario. It is changing in a very important way. It is strongly fragmented and in many countries, unfortunately, there is no cyber security strategy today or the use of artificial intelligence as a cyber shield, much less a holistic ablition that allows us to maintain or exploit the potential of both technologies together. Today, from here, from the European Union, I want to launch the idea in which we are working to recognize that cyber attacks are… without a doubt more and more complex. Technologies such as artificial intelligence, quantum computing and encryption must be integrated in an effective way in all digital investments to reinforce precisely our cybersecurity spaces and support, above all and especially, their industrial development. The European Artificial Intelligence Law includes explicit cybersecurity requirements for high-risk systems. These obligations are intertwined with directives such as the NIS2, the Act of Cyber Resilience or DORA, generating a large legislative framework, but coherent, which indicates a common political vision of alignment between artificial intelligence and digital security. However, digital threats do not know borders, so cybersecurity and the protection of our critical infrastructures must be a global strategic priority. For this, it is very important for us to talk about how to reinforce international cooperation and move towards a strategic cyber defense based on centralized systems, shared security infrastructures or the use of the IAEA also in the cloud and integrated security controllers from design, we always talk about design, it is very important. In the European Union, we promote global associations, especially with partners who share our values. I am talking about democratic partners in multilateral forums to promote a global governance of the Internet and cybersecurity under shared frameworks and values. However, we cannot forget the importance of defining regulatory frameworks and, in this sense, it is also very important to point out the absence of an adequate international regulation in the face of the use of artificial intelligence in cybersecurity. As you are here, it is very important to mention that we must promote international standards because in the end it is impossible to regulate artificial intelligence and its malicious use in an absolutely isolated way. How to create mechanisms shared by solidarity and joint response at a global level? Well, let’s start with the exchange of information. It is very important to talk about this concept to generate confidence. The NINISTRO report talks about a European security system, for example, where we must strengthen the structural exchange of specialized knowledge, good practices, training in the field of mutual resilience, and for this it is necessary to consolidate and expand all these spaces of collaboration, but also to provide them with means. We also talk about investing in specific projects, such as the creation of a network of regional centers of mutual resilience. It is important to promote international collaboration in applied research to create joint projects, shared environments, sandboxes and regional centers of resilience. All this to generate precisely that mutual trust that I was talking about earlier. When we talk about interregional cooperation, we must take into account that it is very important to integrate countries with less digital development. In all these innovation processes, it contributes in a very important way to reduce that gap of capacities and improve global security. Where there is a space without covering, there will also be a space to generate new vulnerabilities. And in that sense, criminal organizations continue to exploit the digital era, legislative gaps and border vulnerabilities while continuing to work together. That is why I want to highlight the need to have a unified approach among all. This forum is very important because exchanging information between partners should lead us to close this technological and legislative gap, reinforce cyber security and therefore also protect in our last goal what matters most to us, which are our citizens. I would like to thank Olga and all her team for their attention and the space you have opened for me to share this collective reflection, the commitment that this forum represents for all of us and I trust that this space will help us build bridges, lasting bridges between regions, ideas and people, changing the rhythm that is possibly taking place today in other latitudes of the world. So, a cordial greeting and I really wish you a fruitful and especially useful debate to achieve these goals that we have all set for ourselves. Thank you very much. A big hug.

Olga Cavalli: Thank you, José. I know your team is watching the transmission virtually, so… It was a very interesting video. He prompted me some questions that I will include in the comments that I want to share with other panelists. And also I know that his team was going to follow the session online, so regards and thanks for the contribution, for taking the time of not only recording the video but adding the script, which is important because we don’t have translation in this room. He prompted me some new questions that I included to the panelists. I will now switch to my dear friend Ram. You are a very important cyber security expert. What does cyber defense readiness mean in the context of an emerging digital economy? And also, I would like to ask you, how do you think that developing economies could profit from using artificial intelligence systems in the cloud? Not having them on-site, but having them virtually accessed. How do you think that could enhance the national development of strategies and use in defense? Thank you, and welcome.

Ram Mohan: Thank you, Olga, you’re very kind. Look, in the context of an emerging digital economy that is being driven by AI, cyber defense readiness means having the comprehensive capability to understand, to anticipate, to prevent, detect, respond to, and rapidly recover from cyber threats that really could disrupt digital infrastructure, services, commerce, and governance. Our modern world is fundamentally built on internet connectivity. It is no longer just a convenience. It is an invisible infrastructure supporting nearly every aspect of our lives, from critical services to daily activities. Now, this new and evolving digital infrastructure is being driven by dramatic AI enhancements, and that requires a robust and adaptive defense posture. So, what does that mean? Cyber defense readiness means you have to be able to enable critical services, because the internet underpins essential services. You look at healthcare, you look at financial transactions, transportation, energy grids, even emergency response today depends upon the internet to be up and running, right? And so, a resilient cyber defense strategy will ensure that vital services are prioritized and that developing economies, the governments, have a clear set of priorities. and a clear set of plans to keep those services operational. And that requires proactive monitoring, proactive prevention, because you cannot just react to these things. You know, you look at AI and look at national cybersecurity strategies, countries have them, developing economies have national cybersecurity strategies. Most of them are useless now because AI has changed the entire nature of cybersecurity and rapid detection and response in sectors like energy or telecom or finance or healthcare. Most of those sectors are still having plans that for them, advanced cyber defense means they can respond in the cloud. But the cloud is now merely an enabling, amplifying factor for AI-based attack systems. So there is a real need to focus on going beyond rapid detection and response and being able to think about, do you have the ability to even know that the attack coming at you is AI-driven? Because AI-driven systems today can masquerade as a friendly force and do it in a way that is far more superior than it used to be when you had humans doing it. You know, when humans say another state actor was coming at you, you could find traits of those state actors. But AI-driven systems completely understand how your local languages or the dialect is, or, you know, and they can create. images that look absolutely identical to your existing cyber defense capabilities, right? So, it’s a world where your existing cyber defense is going to be used against you. Can you find out that it’s being used against you? Because that’s what AI systems are capable of doing. And in the commercial world, it’s already happening. You look at phish attacks that come through, they are so beautifully done right now. You’re so sophisticated. And it’s not only the sophistication, it is individualized. It used to be that spear phishing was a one-off thing. You had to really work hard to know you’re Olga Cavalli and I have to target you. Let me go look at your social media profile and try to write something special for you that’ll trick you. AI agents can do that automatically and can do that, you know, come at you in many different ways, right? So, I think there is a, for developing economies, the problem that they have is one of, can they scale and can they adapt? Because AI-driven cyber attacks are scaling and adapting faster than ever before. And cyber defenses therefore also have to scale quickly, right? Because the volume is not the only problem anymore. It is now the quality is likely to get much better than before. And so, you are moving from a brute force attack model to a targeted, focused, and very directed set of attacks. So, the attack plane is changing and the scale of it is also changing. One other thing that I want to point out is the AI. and cyber defense, it’s not so much about the technology. In my opinion, most of it is about the people and the processes. Developing economies are not prioritizing or they need to prioritize creating a skilled workforce that not only has a security first culture, but actually understand how to harness AI engines and AI systems in order to mount a cyber defense. So it’s one thing to have the ability to detect an AI-driven cyber attack, but it’s another thing if your economy doesn’t have the skill set to respond to it, then you’re going to have a problem. However, if you’re a developing economy and you as a government, as a university system, focus on that, it is an amazing engine of economic growth because the number of people who actually understand these technologies and can harness these technologies is tremendously small. And if you’re a developing economy that builds a strong base in your economy of having skilled people who understand, not just understand AI, we’re not talking about creating prompt engineers. We’re talking about having people who can go multiple skill sets above that. That I think is a tremendous opportunity, right? Many years ago, there was this idea that you offshore the undifferentiated technical tasks, right? I think we’re now in an era where because of AI, You have a need for differentiated technical work, and only a few countries are going to develop the skills for it. The major economies, even in the major economies, in my opinion, I think the United States and China are well ahead of most other major economies. But the advantage here for a developing economy is it’s primarily about knowledge and skills. If you develop that, you could actually leapfrog other developed economies and become a real force in cyber defense readiness.

Olga Cavalli: Thank you, Ram. Just leapfrog concept just came to my mind when you were saying that, because sometimes when you just start from behind, but you can profit from the development of certain technologies, maybe you can you can capture them. So you think that human resources and training of human resources could be that the the key to to have some some value at the national level, even in countries that have other problems. What happens in developing economies is priorities sometimes capture the attention of everyone. And these problems that seem to be from from other developing economies or other places are lagging behind. But then when something happens, when an attack happens, you realize that it was important to to have trained people. So maybe training would be could be the the key to to solve this trend, a group of trained human resources.

Ram Mohan: Yeah, look, the the pervasive problem is that proactive preparedness is not very attractive, doesn’t attract funding and is not sexy. Right. What what is more interesting is there’s a huge problem. And then you you rally people, you put out a fire. and nations’ leaders then get on TV and get a lot of attention because they are directing the cyber defense at that point, right? But if you invest the time in training a skilled force, workforce, you ought to be able to anticipate these problems and then you’ll find other countries coming to you, asking you for help, and that’s going to develop your local economy.

Olga Cavalli: Fantastic, thank you very much. I would like now to move to Chris Painter. Chris, thank you again for being so early. What time is it? 2 a.m., 3 a.m.? You’re an expert in cyber diplomacy and international relations, which are the international and regional debates spaces and forum where these issues are being discussed. Also, you were involved in several training capacity building in your role in the global forum of cyber expertise. How do you see this evolving? We were talking about this in the workshop yesterday, these different spaces where this is debated and the difficulties of having international rules or treaties to help countries to have some rules. Thank you again for being so early up with us.

Christopher Painter: Happy to join you, even though it’s 3.30 in the morning here, but it’s very nice to be with you all there. I wish I was there. It’s very hot in D.C., or it will be this day when the day starts. Look, I want to build on some of the other comments, Jomi. I think I certainly agree that artificial intelligence is both as the threat, because we see criminal actors using it, increasingly using it, as was just said, but also very much helps the defender, if used correctly. I think one of the concerns here—well, there’s a couple of concerns. One, as you said, Olga, there’s many, many forums. There’s regional forums like the— OAS, and in this region, the Organization for American States, there’s obviously the EU, there’s Organization for Security and Cooperation in Europe, there’s the OECD, there’s the African Union, ASEAN and others, and they’re all debating, and certainly this is being debated in the UN. And I think one of the challenges of all this, especially for developing economies, is just a resource issue of trying to even follow these debates. And this is true for cybersecurity more generally, that we’re, in a couple of weeks, going to be wrapping up at least this phase of what’s called the Open-Ended Working Group for Cybersecurity at the UN in New York, which has been a five-year mission, sort of like Star Trek, which is coming to a close. But one of the problems, especially for not just developing economies, but small countries, is participating in those meetings in New York, participating in the literal plethora of other meetings all around the world on every topic around cybersecurity, and more generally around digital issues, is a challenge. And I think that’s even more exacerbated with respect to artificial intelligence. And while I agree that artificial intelligence poses these real challenges, I worry sometimes that artificial intelligence is completely monopolizing the debate in a way that is important because we do have to debate it, and it’s good to be ahead of the curve to the extent we can be, but it also means a lot of times core cybersecurity issues, which are related and intertwined, but also somewhat different too, don’t get the attention they deserve. So at the policy level, lots of governments are like, we need to do things about AI, which is true, but they’re also sort of ignoring some of the basics that we’ve talked about for a long time and the need for cybersecurity. And I do think cybersecurity and AI, although they’re intertwined, will both be important. AI certainly could be a real benefit. Right now, I think the biggest benefit of AI is just making sense of the giant mass of data for system administrators and defenders to more prioritize different threats, and in the future it certainly will offer a lot more. So I do worry about that deprioritization of some of the basics of cybersecurity. You need to do both. The other thing I worry about, particularly for developing economies, and this is said by others, is that, you know, just like in cybersecurity, a lot of the countries who we’re developing don’t have the resources to do what they need to do in cybersecurity, including policy. And, you know, I do think a lot of countries now have cyber strategies. I don’t think they’re completely obsolete now, so I disagree with you a bit, or with our last speaker. But I think that, you know, that’s good. Those are roadmaps, and we worked for many years to get that to happen. But a lot of countries still don’t have national-level certs. They don’t have, you know, computer emergency response teams. They don’t have really trained law enforcement. They don’t have trained technical people. They don’t have policies within their government that integrate this with some of the digital and other areas. And that’s, I think, a continued problem, because, you know, it needs to get the political attention with every country, whether it’s developing or not. And I think that the rationale for that, the strongest one, is that if every country around the world, which is true, including developing economies most particularly, are trying to maximize digitization, you know, catch this digital transformation, which includes AI, that’s great to help their economies and their people. But cybersecurity is still an important plank of that. So I think that will be important, too. And I worry about developing economies being left even further behind and creating a larger digital divide, where if you have this very specialized area of AI that they don’t have, and this is building on what you just said, Olga, too, if they don’t have that ability, they don’t have that trained workforce to work in this area, if they don’t have the investment in these issues. Not that every country has to be a leader in artificial intelligence. themselves in development, but they need to be able to take advantage of this as a resource and also be able to appreciate where the threat is and, frankly, work with countries, and I think that’s always important. So on that, looking at that kind of framework, I think there’s a lot of things we need to do, both in international and regional forums, but also most importantly around capacity building to help address this issue and not wait till the end. So as I said, I think there’s training, I think others have talked about training, and that training is both at a technical level, so people understand the technology and how to use it, but it’s also at the policy level so that diplomats and others can debate these issues in these different forums intelligently, and really, I think this is not just a debate for, it’s clearly not just a debate for the large countries, it’s a debate for every country as we move forward. So I think that’s important. The Global Forum on Cyber Expertise, which has been around now almost, actually, exactly 10 years, has expanded significantly, having over 225, I think, members and partners around the world in every region of the world, and has several working groups on national strategies, on incident response, on cybercrime, but most recently, in about the last year, there was a working group added on AI and emerging technologies more generally, and I think that’s really important, and what that’s trying to do is both ordinate and promote better capacity building around this among a multi-stakeholder community, which includes governments, private sector, and civil society. I do think this is an urgent issue for capacity building. I worry about that more generally because in the era where there’s increasingly cut funding by governments and others, including the U.S., where capacity building is not being emphasized as much, that, I think, causes a problem for all these countries who desperately need this help, and I think that’s the number one thing. I see when I go to the UN, as a lot of countries are glad to debate these issues, but really need the help, both the technical help and the policy help and the training help. And I think we can’t forget that. So as I look at this, I think it’s going to be, I suspect we’ll have this debate every year for a few years now, because it’s one of these evergreen things that’s going to continue to evolve. But I do worry about, you know, I love the promise of AI, but I do worry about not just the threat, but the potential of AI making it much more difficult for countries to achieve the things they need to achieve, because they don’t have the resources or priority to do that. And we need to address that. All of us need to address it, not just now, but in the future.

Olga Cavalli: Thank you, Chris. I do agree with you, but I’m always optimistic. And I got the concept of leapfrog from Ram, and it was in my mind as well. But I also have the fear of this broaden, of this divide among different countries. I would like now to give the floor to my dear friend Wolfgang Kleinwächter. You’re an expert in capacity building. We have been saying that having the capacity in human resources dealing with these issues is fundamental. How do you think this can be handled by developing countries? And also, which kind of talents we should develop at the national level? Perhaps to have a group of experts. And one of the challenges is when you train them, they go to work to the private sector very quickly because they get more money, which is understandable if you’re young and you want to develop your career. How do you retain them at the state, for example, working for national organizations or governments? And welcome.

Wolfgang Kleinwachter: Thank you very much, Olga. And certainly, thank you. knowledge is key and knowledge can be shared so that means the whole internet development has based on the principle of sharing so sharing the resource that was you know a limited resource was at the beginning of the internet in the 1970s who shared computers and you know to make it work and while you need certainly money but knowledge if it’s available so it doesn’t cost so it’s a question also of readiness to share the knowledge if somebody has the knowledge is he ready to share this you know without any additional cost so that’s a general problem and this leads a little bit to the political problem behind the discussion we have here 20 years ago when business started you know the driving force behind that was not internet governance it was the digital divide because the we did see with the development of the internet we see half and half knots and in so far the United Nations realized that they have to do something additionally to what the G7 decided or in 2000 in Okinawa where they had the dot force and said we have to bridge the digital divide G7 called it we have to turn it into digital opportunities from digital divide to have a positive language digital divide is negative though into digital opportunities and then we had the vices if I take this experiences now in today’s world 20 years later I see basically we have the same problem today so it’s not the digital divide it’s the AI divide if you remember the speech by the minister of communication from Saudi Arabia last year in Riyadh in the opening speech he had this made this very clear you know about the AI divide the skills divide and all this. And in so far, you know, 20 years of development of this has moved the problem, has not solved the problem, but moved it to a higher level. And if you say, you know, use what just Chris has said, that cyber security is part of the national security. And if we agree that, you know, to be safe in the Internet governance ecosystem, you need the skills and you need the knowledge. Then you could argue at the end of the day, the AI divide leads to a security divide, to a security gap. So that means if cyber security is national security and if you have different capacities, then, you know, at the end of the day, some countries are less secure because they do not have the capabilities as others. I think that’s a dilemma, but we should face it and should make clear the only way forward is then to find a certain agreement. And this brings me to the question of regulation. This will be my final point. So I think the basic idea of the United Nations 80 years ago was that all states are equal. Big states, small states should have the equal rights. The principle of sovereign equality of states is the cornerstone of the charter of the United Nations. So and if you translate this into today’s world, then we have to have safeguards. The law always protects the weak partners, the small partners. So and with other words, that we have to look for certain arrangements which are based on the philosophy of sharing, which I mentioned in the beginning. But, you know, leads to the. concept of, let’s say, equality or equal rights in this field. So we have certain discussions on it about projects to regulate this. So I’m very skeptical, and we have this discussion also with Chris over a couple of years, and I share his skepticism that it’s very difficult, you know, to find a legally binding instrument to regulate AI weapons or to regulate AI in general. So we did see the efforts of the European Union to regulate it with this risk-based approach, and after two years we realized the idea was probably not so bad, but the implementation is very difficult. You have to create a big bureaucracy to identify, you know, what is the risk application, and then to evaluate this. We did see the efforts in the Council of Europe, and they have now a legally binding convention to, you know, respect human rights if you develop AI. This is also helpful, but it has to be seen, you know, how this works in practice. If it comes to defense and weapon systems, we have since 10 years negotiations on a less autonomous weapon system, where even after 10 years we have no clear definition what it is. So we feel, everybody feels it, that something has to be done. We cannot delegate the question of life or death to a machine. So I think the human control is in the center, but how you organize the human control, you know, if you get as a soldier, you know, a recommendation from a computer, and says, you know, now you have to push the button, you know, certainly there is human control, and there’s a human in between, but what you can do in a difficult situation. So finally, you know, human control is a good concept. But in reality, in a battle situation, it’s very difficult to have this reflection about is this the right recommendation which comes from the computer, should I stop here or not. I think we have similar situation in the history of nuclear weapons. We all know this story from Mr. Pavlov when he was in the submarine and said, oh, this is the wrong information, I should not push the button. So he avoided the nuclear war, it was in the early 1980s. I think a lot of people will remember this story. So in so far debate, discussion, driven by the spirit of sharing, driven by the spirit of equal rights for everybody is for the time being the way forward. Probably the next generation has better ideas. So let’s wait for the next generation. Thank you.

Olga Cavalli: Thanks to you. Yeah, I’m always optimistic, especially in younger generations. And the challenge is there. But when we talk about it, there are some ideas that come up and we can think about possible ways of not solving all the problems, but address them somehow. Thank you very much, Wolfgang, very, very interesting, as usual, your interventions. You’re an attorney and also you have been leader of very important technology companies, especially related with the Internet. Which policies do you think that governments and development countries should develop in order to harness all this potential AI and also the challenges of AI? We have seen that it’s not easy. They have, as Chris and Wolfgang already mentioned, they have been years discussing about cyber security, international treaties, and it’s very difficult. But how do you think this could be addressed or handled by governments? policies, how those policies could be developed. Thank you, Olga. I think, you know, this session,

Philipp Grabensee: you know, follows up on the session you had in Riyadh and I think we all agreed that the bottleneck is really human capacity and human resources. We all agreed on that and I think, you know, in this session I pointed out and in agreement with everyone, so what can governments and what can policy do? I think to create environment and create funding, very simple, to develop those human resources and makes it attractive for those human resources to get developed and to grow in the country, create economic opportunities, establish maybe, you know, the problem you addressed, you know, that people go to private companies, so establish private, public-private partnerships, so it’s not either government or companies, private sectors, maybe some combinations, so that’s all, you know, that’s really what companies, what countries can do, you know, in the policy which has a, might have a direct effect. I mean, there are a lot of theoretic things and policies, you know, new laws for regulating and all that, but this comes, this comes too late. I think it’s all, you know, the only thing which has a really big practical impact is developing, you know, setting a framework to develop human capacities. Now artificial intelligence comes, you know, that’s new, you know, compared to the other sessions we had, so what does it mean for us? So, and I pretty much, unfortunately, I share Chris, you know, somehow concerns or pessimism, because we have one big problem. To a certain extent, AI might help a little bit to solve the capacity problem, because some of things, you know, which you need, I mean, you still need people who run the AI and all. But still, you know, maybe some of the tasks which are done by skilled humans can be in the future taken over by AI. But the big problem of the digital divide is now, and that makes, in my view, probably the digital divide even bigger now. You need access to the large language models. And we have only so far, we have China and US who have, you know, in those countries have companies to run those large language models. And to develop an autonomous cyber defense mechanism, you need access to those large language models. I think you should not get into, you know, even middle powers. I’m not even talking about developing countries. I think even middle powers, for them it’s too late to enter the race, to compete with those large language models. The race is over. Maybe some, you know, I discussed it yesterday with Rome, maybe Singapore, maybe some others with a lot of funding will develop also large language models. But that’s to be questioned. But definitely developing countries will not be able to develop those large language models. And so they need to make sure they have access to those large language models. So what can policy do to, you know, grant this access or to help this access? So they can first of all create, and that’s again a long shot again, to create an economic environment which makes it attractive for the large companies to go in those economies and make money by offering those people access to the large, so the economic incentive to create an environment which makes it attractive for countries to, you know, for the big companies to give access to them, economic access to their large language models so they can make money in those developing countries by giving them access because there need to be applications in those countries developed which can connect to the large language models and able to make money. But in cyber defense, cyber security, is there so much money? So what is the leverage of countries, developing countries, to make sure they get access? in their cyber defence environment to those large language models. And I believe they have to, and I know this is not very popular, but this is the real world now, and they have to cut deals. Their foreign policy has to be fast to cutting deals, offer, and it’s probably, as per now, the US or China, offer them deals, strategic advantages, trade in something with those nations and with those companies that they, you know, trade something, cut deals with them, so they grant them access to their large language models. Because the US has more funding, and the US has more funding goes, you know, government funding goes into the large language models. The less inclined, you know, the US government will be to share those merits of their large language models if they don’t get something in return. So, I think, you know, as said, as this might be, you don’t have time for many conferences, you have time for this whole framework. You have to be fast on foreign policy, and because it’s not a matter of years, you know, it develops so fast, so you need access right now, and you need grant access right now, so foreign policy has to cut deals and make sure they’re in a position that is attractive for the very country they talk to, that this grants them access to their artificial intelligence capacities. And that’s, you know, what my suggestion, and if this is not, if they don’t cut, and it’s already, the digital divide is much bigger than I think than probably than ever, with two countries having those large language models, and everyone in the world depends on them, but because how can you fight? a cyber attack which comes out of a large language model. If you don’t defend it out of one of the comparable or maybe even out of the same model, right, you have no chance. So that’s what the situation is right now and let’s see how it

Olga Cavalli: goes. Let’s see how it goes. Very good ideas and based on knowledge sharing and information sharing that’s something constant that has been addressed by several of you. And now I would like to go to my new friend Luis Adrián Salazar. We were friends from, I don’t know if we met in Costa Rica, I don’t know. I think someday we met. I feel that we are long time friends but I have just met. This is the most important thing that you feel that we have a lot of time to be friends. He was the former ICT minister of Costa Rica and now is a professor at a very dear university for us, Universidad Latina. And Luis, Costa Rica is a country without army. What happens if you have an attack to the country? How do you define or do you defend? Because it’s a new way of attacking countries like with technology. How do you see that situation? How did you handle the big ransom that you experienced some years ago? Thank you. We abolished the army since

Luis Adrian Salazar: 1948 and we don’t use never the word army because it’s not part of our ideology by a country. However in 22 we received a fatal attack, a cyber attack which affect the financial area, the social security area, the hospitals and we realized that we had to do something. I recognize that since this year and we’ll be in a very interesting point of the government history because The last government was in the last two weeks, and the next government started two weeks late. So it was very chaotic. However, I recognize to the current government all the efforts in order to improve the capacity to work with other countries. Because my colleagues were talking about one thing that is, for me, the most important thing in this area. And this is the understanding. Sometimes governments don’t understand what is happening now. And when I talk about that, it’s about the digital world, because I am an engineer. However, I am former Minister of Science, Technology and Telecommunications in Costa Rica. And when we go to the government, to the different areas of the government, to talk about that you require budget, research, people, technology, to improve the life of the people, because there are where we forget what is the mean, what is the principle that my colleague talked about sharing, about to work together, that we forget. And my opinion is that at this time, cyber diplomacy is a way to collaborate, to cooperate, to try to understand the scale, scope and speed that the technologies are changing. And it’s very important that we talk about infrastructure. It’s very important that we talk about all that we need to increase in capacities, to improve the capacity of the people to help in this area. However, when we talk about putting the human being in the center of the equation, it’s that you understand that when we receive an attack, we are affecting the health, we are affecting the education, we are affecting… the countries which receive attack on missiles, so I think that we have an opportunity and I really love this kind of conversation because I believe that we need to create a roadmap, but a roadmap with a specific result, a concrete result where developing countries are not thinking about artificial intelligence, are not thinking about a quantum computer, they are thinking about how to reduce the poverty, how to increase the access to the water. So when we combine the real world, the human needs with the technology, you find the real goals and real principles that we have to start working or that we must work for a solvent. For Finnish, I think that we must create a group in order to talk about this specific thing because when you try to translate from the political world and political language to the technical, there is a gap and the most recent thing is that we have a gap of gaps, we have a lot of gaps and all of those are increasing for the digital gap. So I am optimistic and I think that if we are still working together, we can have a better future for all of us. Thank you.

Olga Cavalli: Thank you all very much. We are running out of time, we have two minutes and thank you very much. I think that knowledge sharing, information sharing, working with foreign affairs to have this, I like this idea of having the deals with important countries that have more technology and I am also afraid of this big gap in between two main countries and all the rest, especially for developing economies and I think… You mentioned very rightly the priorities in developing economies are always others, it’s not technology, but then technology affects what is happening at the national level. So, thank you all very much. Thank you, Chris, for being so early up with us and I hope to meet you somewhere in the world in the near future. Thank you very much. Thank you, Philipp. Thank you, Ram. Thank you, Luis. Thank you, Wolfgang. And thank you, Karina, for being my remote moderator. Apologies for the audience, we don’t have much time and I ask you a big applause for our dear colleagues.

Agreement points

Human capacity and skilled workforce is the critical bottleneck for cybersecurity and AI defense

Speakers

– Ram Mohan
– Christopher Painter
– Wolfgang Kleinwachter
– Philipp Grabensee

Arguments

Countries need skilled workforce with security-first culture who understand how to harness AI systems for cyber defense

Countries need both technical training for technology use and policy training for diplomatic participation

Knowledge sharing is key since knowledge can be shared without additional cost if there’s willingness

Governments should create funding and economic environments to develop human resources through public-private partnerships

Summary

All speakers agree that developing human capacity and skilled workforce is the fundamental requirement for effective cybersecurity and AI defense, more important than just having technology

Topics

Development | Cybersecurity | Economic

AI fundamentally transforms cybersecurity landscape making traditional approaches insufficient

Speakers

– Olga Cavalli
– Jose Cepeda
– Ram Mohan

Arguments

AI transforms cyber attacks from months-long development to minute-level execution

AI is a structural element of cybersecurity, automating threat detection but also amplifying threats

Most national cybersecurity strategies are obsolete due to AI changing the entire nature of cybersecurity

Summary

Speakers consensus that AI has fundamentally changed the cybersecurity landscape, accelerating both attack capabilities and defense requirements while making existing strategies inadequate

Topics

Cybersecurity

International cooperation and knowledge sharing are essential but face significant challenges

Speakers

– Christopher Painter
– Wolfgang Kleinwachter
– Luis Adrian Salazar

Arguments

Multiple forums debate these issues creating resource challenges for developing economies to participate

Knowledge sharing is key since knowledge can be shared without additional cost if there’s willingness

Cyber diplomacy enables collaboration to understand the scale, scope and speed of technological change

Summary

All speakers recognize that international cooperation is crucial for addressing cybersecurity and AI challenges, but acknowledge significant practical barriers to effective collaboration

Topics

Legal and regulatory | Development

Similar viewpoints

Both speakers express pessimism about developing countries’ ability to compete in AI/cybersecurity due to resource constraints and the dominance of major powers

Speakers

– Ram Mohan
– Philipp Grabensee

Arguments

Proactive preparedness doesn’t attract funding compared to reactive crisis response

The race to develop autonomous large language models is over for most countries except major powers

Topics

Development | Economic

Both speakers highlight how AI development is creating new forms of digital divide that leave most countries dependent on major powers

Speakers

– Wolfgang Kleinwachter
– Philipp Grabensee

Arguments

AI divide creates security gaps where some countries are less secure due to lacking capabilities

Only US and China have companies running large language models, making middle powers and developing countries dependent

Topics

Development | Cybersecurity

Both speakers emphasize the fundamental gaps in developing countries between policy aspirations and practical implementation capabilities

Speakers

– Christopher Painter
– Luis Adrian Salazar

Arguments

Many developing countries still lack basic cybersecurity infrastructure like national CERTs and trained personnel

There’s a gap between political language and technical implementation that needs bridging

Topics

Development | Legal and regulatory

Unexpected consensus

Skepticism about international legal frameworks for AI regulation

Speakers

– Wolfgang Kleinwachter
– Christopher Painter

Arguments

Legally binding AI regulation is very difficult, as seen with 10 years of negotiations on autonomous weapons without clear definitions

Multiple forums debate these issues creating resource challenges for developing economies to participate

Explanation

Despite their expertise in international governance, both speakers express skepticism about the effectiveness of formal legal frameworks for AI regulation, suggesting that practical cooperation may be more valuable than treaty negotiations

Topics

Legal and regulatory | Cybersecurity

Optimism about leapfrogging opportunities for developing countries

Speakers

– Ram Mohan
– Olga Cavalli

Arguments

Countries need skilled workforce with security-first culture who understand how to harness AI systems for cyber defense

AI transforms cyber attacks from months-long development to minute-level execution

Explanation

Despite acknowledging significant challenges, both speakers suggest that developing countries could potentially leapfrog developed economies by focusing on building specialized AI and cybersecurity skills, which is unexpected given the generally pessimistic tone about the digital divide

Topics

Development | Cybersecurity

Overall assessment

Summary

Strong consensus on human capacity as the key bottleneck, AI’s transformative impact on cybersecurity, and the need for international cooperation despite implementation challenges

Consensus level

High level of consensus on problem identification and fundamental challenges, but more divergent views on solutions and feasibility of different approaches. The agreement suggests that while the challenges are well understood, the path forward requires both technical capacity building and pragmatic diplomatic solutions rather than idealistic regulatory frameworks.

Different viewpoints

Obsolescence of current national cybersecurity strategies

Speakers

– Ram Mohan
– Christopher Painter

Arguments

Most national cybersecurity strategies are obsolete due to AI changing the entire nature of cybersecurity

Countries need both technical training for technology use and policy training for diplomatic participation

Summary

Ram Mohan argues that existing national cybersecurity strategies are completely obsolete due to AI transformation, while Christopher Painter disagrees, stating that while strategies need updating, they are not completely obsolete and serve as useful roadmaps that took years to develop.

Topics

Cybersecurity | Legal and regulatory | Development

Feasibility of international AI regulation

Speakers

– Wolfgang Kleinwachter
– Jose Cepeda

Arguments

Legally binding AI regulation is very difficult, as seen with 10 years of negotiations on autonomous weapons without clear definitions

AI is a structural element of cybersecurity, automating threat detection but also amplifying threats

Summary

Wolfgang expresses deep skepticism about legally binding AI regulation citing failed attempts at autonomous weapons regulation, while Jose Cepeda presents the EU’s regulatory framework as a viable approach with concrete implementation through laws like the AI Act and NIS2 directive.

Topics

Legal and regulatory | Cybersecurity

Unexpected differences

Prioritization of AI versus basic cybersecurity

Speakers

– Christopher Painter
– Ram Mohan

Arguments

Multiple forums debate these issues creating resource challenges for developing economies to participate

Most national cybersecurity strategies are obsolete due to AI changing the entire nature of cybersecurity

Explanation

Christopher Painter unexpectedly warns that AI discussions are monopolizing attention and causing neglect of basic cybersecurity fundamentals, while Ram Mohan argues that AI has fundamentally changed cybersecurity making traditional approaches obsolete. This disagreement is unexpected because both are cybersecurity experts but have opposite views on whether to prioritize AI advancement or maintain focus on cybersecurity basics.

Topics

Cybersecurity | Development | Legal and regulatory

Overall assessment

Summary

The discussion reveals moderate disagreements primarily around implementation strategies rather than fundamental goals. Key areas of disagreement include the obsolescence of current cybersecurity strategies, the feasibility of international AI regulation, and the balance between AI advancement and basic cybersecurity. Most speakers agree on the importance of capacity building and international cooperation but differ on specific approaches.

Disagreement level

Moderate disagreement with significant implications – while speakers share common concerns about the AI divide and need for capacity building, their different approaches to regulation, strategy development, and resource allocation could lead to fragmented international responses. The disagreement between prioritizing AI advancement versus maintaining cybersecurity fundamentals is particularly significant as it could influence policy directions in developing economies.

Partial agreements

Similar viewpoints

Both speakers express pessimism about developing countries’ ability to compete in AI/cybersecurity due to resource constraints and the dominance of major powers

Speakers

– Ram Mohan
– Philipp Grabensee

Arguments

Proactive preparedness doesn’t attract funding compared to reactive crisis response

The race to develop autonomous large language models is over for most countries except major powers

Topics

Development | Economic

Both speakers highlight how AI development is creating new forms of digital divide that leave most countries dependent on major powers

Speakers

– Wolfgang Kleinwachter
– Philipp Grabensee

Arguments

AI divide creates security gaps where some countries are less secure due to lacking capabilities

Only US and China have companies running large language models, making middle powers and developing countries dependent

Topics

Development | Cybersecurity

Both speakers emphasize the fundamental gaps in developing countries between policy aspirations and practical implementation capabilities

Speakers

– Christopher Painter
– Luis Adrian Salazar

Arguments

Many developing countries still lack basic cybersecurity infrastructure like national CERTs and trained personnel

There’s a gap between political language and technical implementation that needs bridging

Topics

Development | Legal and regulatory

Key takeaways

AI has fundamentally transformed cybersecurity by accelerating attack development from months to minutes and enabling more sophisticated, individualized attacks that can masquerade as friendly forces

A critical AI divide is emerging between major powers (US and China) who control large language models and the rest of the world, potentially creating greater security vulnerabilities for developing economies

Human capacity building and skilled workforce development are identified as the most crucial factors for developing economies to address AI-driven cyber threats, potentially offering opportunities to leapfrog other developed nations

Most existing national cybersecurity strategies are considered obsolete due to AI’s transformative impact, requiring comprehensive updates to address new threat landscapes

Developing economies face a fundamental challenge of prioritizing immediate needs (poverty, water access) over seemingly abstract technological threats, until attacks directly impact critical services

International cooperation and knowledge sharing are essential, but current forum structures create resource burdens for smaller nations trying to participate in multiple overlapping discussions

Proactive cybersecurity preparedness struggles to attract funding and political attention compared to reactive crisis response

Resolutions and action items

Developing countries should create economic environments and public-private partnerships to develop and retain skilled cybersecurity professionals

Nations need to engage in strategic foreign policy negotiations to secure access to large language models from major powers for cyber defense purposes

Governments should prioritize both technical training for AI/cybersecurity implementation and policy training for diplomatic participation in international forums

Countries should focus on establishing basic cybersecurity infrastructure including national CERTs and trained law enforcement before advancing to AI-specific defenses

A roadmap with concrete results should be created specifically addressing how developing countries can integrate technological capabilities with addressing fundamental human needs

Unresolved issues

How to bridge the growing AI divide between major powers and developing economies without creating permanent dependencies

How to retain skilled cybersecurity professionals in government roles when private sector offers better compensation

How to achieve meaningful international regulation of AI in warfare and cybersecurity given the failure to reach consensus on autonomous weapons after 10 years of negotiations

How to balance immediate development priorities (poverty, infrastructure) with long-term cybersecurity preparedness in resource-constrained environments

How to coordinate across multiple international forums discussing AI and cybersecurity without overwhelming smaller nations’ limited diplomatic resources

How to translate between political language and technical implementation to create effective policies

How countries without traditional military structures (like Costa Rica) can effectively defend against state-level cyber attacks

Suggested compromises

Developing countries should focus on accessing AI capabilities through cloud-based services rather than attempting to build domestic large language model capabilities

Nations should pursue strategic trade-offs in foreign policy, offering advantages to major powers in exchange for access to AI technologies and cybersecurity capabilities

International cooperation should emphasize knowledge sharing principles since knowledge can be shared without additional cost if there is willingness to do so

Countries should adopt a hybrid approach combining basic cybersecurity fundamentals with selective AI integration rather than attempting comprehensive AI transformation

Public-private partnerships should be established to address the challenge of retaining skilled professionals by combining government mission with private sector compensation models

AI-driven systems today can masquerade as a friendly force and do it in a way that is far more superior than it used to be when you had humans doing it… So, it’s a world where your existing cyber defense is going to be used against you. Can you find out that it’s being used against you?

Speaker

Ram Mohan

Reason

This comment fundamentally reframes the cybersecurity challenge by highlighting how AI doesn’t just amplify existing threats but creates entirely new categories of deception. The insight that defensive systems themselves become weapons against defenders represents a paradigm shift from traditional cybersecurity thinking.

Impact

This observation elevated the discussion from general AI benefits/risks to specific technical vulnerabilities, prompting deeper consideration of how developing economies need fundamentally different defensive strategies rather than just scaled-up versions of existing ones.

The advantage here for a developing economy is it’s primarily about knowledge and skills. If you develop that, you could actually leapfrog other developed economies and become a real force in cyber defense readiness.

Speaker

Ram Mohan

Reason

This comment challenges the assumption that developing economies are inevitably disadvantaged, introducing the powerful concept that AI-driven cybersecurity is more about human capital than infrastructure, creating unprecedented opportunities for strategic advancement.

Impact

This ‘leapfrog’ concept became a recurring theme throughout the discussion, with Olga referencing it multiple times and other speakers building on the idea that knowledge-based advantages could overcome traditional resource constraints.

You need access to the large language models. And we have only so far, we have China and US who have… The race is over. Maybe some… middle powers… But definitely developing countries will not be able to develop those large language models.

Speaker

Philipp Grabensee

Reason

This comment starkly contradicts the earlier optimism about leapfrogging, introducing a harsh geopolitical reality that AI capabilities are becoming concentrated in just two superpowers, creating unprecedented dependency relationships.

Impact

This observation fundamentally shifted the discussion’s tone from optimistic capacity-building to urgent geopolitical strategy, leading to discussions about ‘cutting deals’ and foreign policy implications that hadn’t been prominent earlier.

Their foreign policy has to be fast to cutting deals… trade something, cut deals with them, so they grant them access to their large language models… You have to be fast on foreign policy, and because it’s not a matter of years, you know, it develops so fast.

Speaker

Philipp Grabensee

Reason

This comment transforms the discussion from technical capacity-building to urgent diplomatic strategy, suggesting that AI access requires immediate geopolitical positioning rather than long-term development plans.

Impact

This introduced a new urgency and realpolitik dimension to the conversation, moving beyond technical solutions to acknowledge that AI cybersecurity may require countries to make strategic foreign policy choices they might prefer to avoid.

I worry sometimes that artificial intelligence is completely monopolizing the debate in a way that is important… but it also means a lot of times core cybersecurity issues, which are related and intertwined, but also somewhat different too, don’t get the attention they deserve.

Speaker

Christopher Painter

Reason

This comment provides crucial perspective by questioning whether the focus on AI is actually counterproductive, suggesting that basic cybersecurity fundamentals are being neglected in favor of more glamorous AI discussions.

Impact

This observation added important nuance to the discussion, preventing it from becoming purely AI-focused and reminding participants that developing economies still need to address fundamental cybersecurity gaps alongside AI considerations.

The AI divide leads to a security divide, to a security gap. So that means if cyber security is national security and if you have different capacities, then… some countries are less secure because they do not have the capabilities as others.

Speaker

Wolfgang Kleinwächter

Reason

This comment connects AI inequality directly to national security vulnerability, framing the digital divide not just as an economic issue but as a fundamental threat to state security and sovereignty.

Impact

This elevated the stakes of the entire discussion, moving from technical capacity-building to existential national security concerns, and reinforced the urgency expressed by other speakers about the need for immediate action.

When we combine the real world, the human needs with the technology, you find the real goals and real principles… developing countries are not thinking about artificial intelligence… they are thinking about how to reduce the poverty, how to increase the access to the water.

Speaker

Luis Adrian Salazar

Reason

This comment grounds the entire high-level discussion in practical reality, pointing out that developing countries face competing priorities and that AI cybersecurity must be justified in terms of basic human needs rather than abstract security concepts.

Impact

This brought the discussion full circle, reminding participants that all the technical and geopolitical strategies discussed must ultimately serve human development goals, adding essential perspective to prevent the conversation from becoming too removed from practical implementation challenges.

Overall assessment

These key comments created a dynamic tension throughout the discussion between optimism and realism about developing economies’ prospects in AI cybersecurity. The conversation evolved from initial optimism about leapfrogging opportunities through sobering geopolitical realities to practical implementation challenges. Ram Mohan’s technical insights about AI’s game-changing nature established the stakes, while his leapfrogging concept provided hope. Grabensee’s stark assessment of superpower dominance then injected urgent realpolitik, forcing consideration of immediate diplomatic strategies. Painter’s warning about AI monopolizing attention and Salazar’s grounding in human development needs provided essential balance. Together, these comments transformed what could have been a purely technical discussion into a nuanced exploration of how developing economies must simultaneously navigate technical innovation, geopolitical positioning, resource constraints, and human development priorities in an rapidly evolving threat landscape.

How can developing economies create mechanisms for shared solidarity and joint response at a global level in cybersecurity?

Speaker

José Cepeda

Explanation

This addresses the need for international cooperation frameworks that developing countries can participate in effectively, which is crucial for addressing cyber threats that don’t respect borders.

How can developing economies profit from using artificial intelligence systems in the cloud rather than having them on-site?

Speaker

Olga Cavalli

Explanation

This explores whether cloud-based AI access could be a viable solution for developing countries to benefit from AI capabilities without massive infrastructure investments.

How can countries detect whether a cyber attack is AI-driven versus human-driven?

Speaker

Ram Mohan

Explanation

This is critical because AI-driven attacks can masquerade as friendly forces and use existing cyber defense capabilities against the defender, requiring new detection methods.

How can developing economies retain skilled cybersecurity professionals in government roles when private sector offers better compensation?

Speaker

Olga Cavalli

Explanation

This addresses a key challenge in building national cybersecurity capacity when trained professionals migrate to higher-paying private sector jobs.

How can human control be effectively organized and implemented in autonomous weapon systems during actual battle situations?

Speaker

Wolfgang Kleinwächter

Explanation

This explores the practical challenges of maintaining meaningful human oversight when AI systems provide rapid recommendations in high-pressure military scenarios.

What specific foreign policy deals and strategic advantages can developing countries offer to gain access to large language models for cyber defense?

Speaker

Philipp Grabensee

Explanation

This addresses the practical reality that developing countries need access to advanced AI capabilities controlled by major powers and must negotiate for this access.

How can the gap between political language and technical implementation be bridged in cybersecurity policy?

Speaker

Luis Adrián Salazar

Explanation

This addresses the communication and understanding challenges between policymakers and technical experts that hinder effective cybersecurity governance.

What concrete roadmap with specific results can be created for developing countries to address cybersecurity while managing competing priorities like poverty reduction and basic infrastructure?

Speaker

Luis Adrián Salazar

Explanation

This seeks practical solutions for integrating cybersecurity priorities with fundamental development needs in resource-constrained environments.

How can international cooperation mechanisms be designed to address the resource challenges developing countries face in participating in multiple cybersecurity forums?

Speaker

Christopher Painter

Explanation

This addresses the practical burden on developing countries of engaging in numerous international cybersecurity discussions with limited diplomatic resources.

What arrangements based on sharing philosophy can ensure equal rights for all states in AI and cybersecurity capabilities?

Speaker

Wolfgang Kleinwächter

Explanation

This explores how the UN principle of sovereign equality can be applied to prevent a security divide based on AI capabilities.