Mic Drop: Jon Clay - Pre-crime, Post Click – Precogs Sold Separately

Released on March 28, 2025, by Recorded Future News, the "Click Here" podcast delves into the intricate world of cybersecurity and intelligence. In this episode titled "Mic Drop: Jon Clay - Pre-crime, Post Click – Precogs Sold Separately," host Dina Temple-Raston engages in a compelling conversation with John Clay, Vice President of Threat Intelligence at Trend Micro. The discussion explores the transformative role of artificial intelligence (AI) in predicting and preventing cyber threats, drawing parallels to the futuristic concept of pre-crime.

1. Introduction to Predictive Cybersecurity

The episode opens with Dina Temple-Raston setting the stage for a deep dive into the future of cybersecurity. She introduces John Clay, a seasoned expert with 28 years at Trend Micro, highlighting his role in pioneering AI-driven threat intelligence.

Dina Temple (00:02): "But today we're taking a detour from the past to talk about the future. Not speculative fiction, but real world predictive cyber offense with John Clay."

John Clay elaborates on Trend Micro's mission to not just respond to cyber threats but to anticipate and neutralize them proactively.

John Clay (01:23): "We see a threat and we can now run it through an AI program and models and... we can predict where that threat potentially could go inside your network." (01:23)

2. The Minority Report Inspiration

Drawing inspiration from the 2002 film "Minority Report," the conversation transitions to the concept of pre-emptive action against cyber threats. John Clay compares Trend Micro's predictive approach to the film's pre-crime unit, which stops crimes before they occur.

John Clay (05:09): "If I can predict the murder and who is going to commit it, I will go and arrest them before they commit the murder or get them to not commit the murder." (05:09)

This analogy underscores the innovative shift from reactive to proactive cybersecurity measures.

3. The Cyber Threat Landscape in Taiwan

John Clay provides insights into the escalating cyber threats faced by Taiwan, particularly from Chinese state-sponsored actors. He underscores the severity and sophistication of these attacks, highlighting their impact on critical infrastructure such as public transportation, electricity grids, and hospitals.

John Clay (03:11): "We have definitely seen China step up their attacks against Taiwan both in quantity as well as in quality." (03:11)

The discussion emphasizes the constant vigilance required to safeguard Taiwan's digital infrastructure against persistent and evolving threats.

4. Evolution and Sophistication of APTs

Advanced Persistent Threats (APTs) have become more formidable, with a notable 45% surge attributed to nation-state actors like China. John Clay explains how these groups continuously adapt their tactics, making detection and recognition increasingly challenging.

John Clay (04:00): "We saw a 45% surge in APT attacks... their tools, tactics and procedures regularly." (04:00)

This evolution not only complicates defensive strategies but also necessitates the integration of advanced AI solutions to keep pace with the sophistication of cyber adversaries.

5. Trend Micro’s Predictive Intelligence Approach

Trend Micro leverages vast amounts of data collected from its global customer base—500,000 customers across 160 countries—to feed into their AI-driven systems. This data feeds into a "data lake," serving as a comprehensive repository of cyber attack history.

John Clay (07:31): "We can take all that information and put it into a data lake... a massive artificial intelligence brain on cybersecurity." (07:31)

This approach enables the AI to recognize patterns and predict potential threats, effectively creating a cyber "pre-crime" unit.

6. The Role of AI and Large Language Models

The conversation delves into the technical aspects of how AI, particularly Large Language Models (LLMs), function as predictive engines. These models analyze sequential data to anticipate future events, analogous to predicting the next word in a sentence.

John Clay (06:40): "The beauty of what a LLM allows you to do is it is Massive amounts of data that can predict what could happen." (06:40)

By mapping the anatomy of cyber intrusions, Trend Micro can forecast the trajectories of potential attacks, thereby enhancing their ability to preemptively secure networks.

7. Case Study: Earth Ammit

A pivotal part of the discussion focuses on "Earth Ammit," a newly identified threat actor linked to the Chinese Ministry of State Security. In 2023, Trend Micro detected Earth Ammit infiltrating a Taiwanese software supplier's network, targeting foundational vendors and service providers crucial to Taiwan's digital infrastructure.

John Clay (11:15): "Earth Ammit is a group that is most likely tied to the ministry." (11:15)

The breach extended to a Taiwanese military drone manufacturer, demonstrating the group's ability to laterally move across networks undetected for extended periods.

John Clay (12:17): "When you analyze the malware from both, you see similarities in what they're doing." (12:17)

This case exemplifies the persistent and stealthy nature of state-sponsored cyber threats and underscores the necessity for predictive measures.

8. Proactive Security: The Future of Cyber Defense

Transitioning from the case study, the conversation highlights the paradigm shift from reactive to proactive security. By utilizing predictive AI tools, Trend Micro can identify potential backdoors and vulnerabilities before they are exploited, providing tailored mitigation strategies to their clients.

John Clay (14:56): "We can start informing our customer, in this case Taiwan government. What kind of mitigating controls do you need to put in place to ensure that it doesn't do that." (14:56)

This proactive stance empowers organizations to stay ahead of cyber adversaries, transforming cybersecurity from a reactive necessity into a strategic advantage.

9. Conclusion: A Radar for Cyber Threats

Dina Temple-Raston wraps up the episode by reflecting on the transformative potential of predictive AI in cybersecurity. Rather than merely responding to attacks, Trend Micro's approach acts as a radar system, continuously scanning for and identifying threats before they materialize.

Dina Temple (15:26): "Maybe the future of digital defense doesn't look like a bunker. Maybe it looks like a radar watching the horizon." (15:26)

This vision of a forward-looking, anticipatory cybersecurity framework signifies a monumental shift in how digital defenses are conceptualized and implemented.

Key Takeaways

• Proactive Cyber Defense: Utilizing AI to predict and prevent cyber threats marks a significant evolution from traditional reactive methods.

• AI and LLMs in Security: Advanced AI models analyze vast datasets to identify patterns and forecast potential cyber attacks, enhancing threat intelligence.

• State-Sponsored Threats: Sophisticated APTs, particularly from nation-state actors like China, pose ongoing challenges that require innovative defensive strategies.

• Case Study of Earth Ammit: Demonstrates the effectiveness of predictive AI in identifying and mitigating advanced cyber threats before they escalate.

• Future of Cybersecurity: Emphasizes the importance of anticipatory measures and continuous monitoring to stay ahead of evolving cyber threats.

By integrating AI-driven predictive intelligence, Trend Micro is pioneering a new frontier in cybersecurity, akin to the pre-crime units depicted in science fiction. This proactive approach not only enhances defensive capabilities but also offers a strategic framework for organizations to safeguard their digital futures effectively.