Episode 09

The Geopolitics of AI-Cybersecurity

Who benefits, where does Switzerland stand

15:00 February 09, 2027 with Cynthia, Robert, Lukas, Chris
▸ Listen to Episode 09

What this episode is about

The strategic episode of the series. AI in cybersecurity is not just technology, but politics. Who benefits geopolitically, where does AI shift the playing field between states — and where does Switzerland stand in this? Chris frames the episode with a differentiation: state cyber operations come in two classes. Espionage — long-term, ideally undetected information collection. And pre-positioning — placing access in critical infrastructure that can be activated in conflict. AI changes both. Espionage gets cheaper and deeper. Pre-positioning gets more reliable and harder to detect.

Volt Typhoon and Salt Typhoon

Robert summarizes the documented situation. Volt Typhoon has been active since 2021. CISA published a joint advisory with the Five Eyes partners in February 2024: PRC state-sponsored actors have persistent access to US critical infrastructure — communications, energy, transport, water. Microsoft classifies the operation explicitly as pre-positioning: not primarily data, but options for conflict. In January and November 2024 the FBI disrupted several botnets — KV botnet from end-of-life routers. Nevertheless: the operation continues. According to 2025 reports, Chinese officials indirectly confirmed to US representatives that Volt Typhoon is a state operation — diplomatically unusual and part of a signal.

Salt Typhoon is the sister operation, run by the MSS — China’s Ministry of State Security. Different focus: espionage, targeted at telecommunications providers. In autumn 2024 it became public that Salt Typhoon had compromised US telcos — AT&T, Verizon, Lumen. The attackers had access to lawful-intercept systems — the interfaces through which law enforcement requests phone interception. As of March 2026: at least 200 affected companies worldwide, in telco, hospitality and IT-service sectors. FBI in February 2026: threat still active.

From a Swiss perspective these operations are primarily directed against the USA. But they show a pattern that can also hit Swiss critical infrastructure. Robert identifies three Swiss sectors with high geopolitical risk: energy (Swissgrid, Axpo), finance (banks with US correspondent relationships), pharma (US-licensed active ingredient manufacturers). Anyone bearing cyber responsibility there must know the Volt Typhoon TTPs — living-off-the-land techniques in routers, edge devices, long-term persistence without malware.

Where AI enters the game

Lukas names two observation layers. The first, documented by Microsoft and OpenAI in February 2024: five named state actors — Forest Blizzard from Russia, Charcoal and Salmon Typhoon from China, Crimson Sandstorm from Iran, Emerald Sleet from North Korea. Then: efficiency tool. The second, important shift is what Anthropic documented in August 2025 as GTG-1002 — a Chinese-attributed autonomous cyber-espionage campaign. The first time a frontier-model provider could prove a fully agentic operation by a state actor. No longer human using LLM. Rather human configuring LLM, and the LLM operating autonomously over days.

Methodologically important: these observations all come from model providers monitoring their own systems. With open-source models — locally deployable by any state actor, completely invisible to Microsoft, OpenAI, Anthropic — we only know what happens through endpoint telemetry at victims. Plus North Korea: Lazarus Group. The operation has been running for years, but in 2024 and 2025 we see AI augmentation in two directions. First: fake employment — North Korean IT specialists get hired at Western companies with LLM-generated CVs. Second: crypto heists — Lazarus stole over 1.3 billion dollars in cryptocurrencies in 2024 by estimate, and investigations show LLM-supported social engineering operations as initial vector.

Switzerland in the tension field

Chris explains the Swiss position. The Federal Council report on AI in cybersecurity, triggered by Postulate 23.3861, is soberly formulated: AI is a catalyst of existing trends, not a game changer of fundamentals. A deliberately reserved formulation, contrasting with the alarmist tones in some US or EU documents — methodologically honest. Three regulatory poles shape the 2026 frame for Swiss CISOs. US: Biden’s Executive Order 14110 set first comprehensive AI regulation in 2023, partly revised under the successor administration. EU: AI Act in force since August 2024, in staged application. China: regulatorily tight with the 2023 AI regulation package. Switzerland: end of 2024 a consultation draft on the Council of Europe AI Convention, a sectoral approach instead of comprehensive regulation. Operational consequence for Swiss CISOs in 2026: three compliance frames in parallel — Swiss data protection and NIS-equivalent rules, EU AI Act for market activity in the EU, sectoral US rules for US business. Plus international standards like ISO 42001 and NIST AI RMF.

What you take away from this episode

Swiss critical-infrastructure operators must take Volt Typhoon TTPs seriously — living-off-the-land techniques, long-term persistence without malware. This is not a US problem; it’s a global problem in 2026. From the research view: we are observing the transition from LLM-augmented to LLM-autonomous espionage. With open-source models this evades detection. That is the open research question in 2026 — how do you measure what you cannot see. From the AI view: with the CAS title “Strategic Defence” Switzerland has chosen the right term. It has research, it has industry. What it needs are more professionals who can translate between technology and strategy. That is exactly the gap the CAS closes.

Sources and references

  1. Cybersecurity and Infrastructure Security Agency. (2024, February). PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure (Joint Cybersecurity Advisory AA24-038A). CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
  2. Whittaker, Z. (2026, March 9). Salt Typhoon is hacking the world's phone and internet giants — here's everywhere that's been hit. TechCrunch. https://techcrunch.com/2026/03/09/salt-typhoon-china-who-has-been-hacked-global-telecom-giants/
  3. CybelAngel. (2026). Volt Typhoon 2026: Still active in U.S. critical infrastructure. CybelAngel Blog. https://cybelangel.com/blog/volt-typhoon/
  4. Microsoft Threat Intelligence, & OpenAI. (2024, February 14). Staying ahead of threat actors in the age of AI. Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
  5. Anthropic. (2025, August). Detecting and countering misuse of AI: August 2025. Anthropic. https://www.anthropic.com/news/detecting-countering-misuse-aug-2025
  6. Schweizerischer Bundesrat. (2025). Bericht in Erfüllung des Postulats 23.3861 — Wirkung von KI auf die Cybersicherheit. Bundesamt für Cybersicherheit BACS. https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2025/po233861.html
  7. OST – Ostschweizer Fachhochschule. (2026). CAS AI-Driven Cybersecurity and Strategic Defence [Programmseite, 15 ECTS, 14 Präsenztage, Campus Rapperswil-Jona]. https://www.ost.ch/de/weiterbildung/weiterbildungsangebot/informatik/cybersecurity-networks/cas-ai-driven-cybersecurity-and-strategic-defence