Mic Drop: Jon Clay: Pre-crime, post click – precogs sold separately - Click Here

Summary5 min read

Mic Drop: Jon Clay - Pre-crime, Post Click – Precogs Sold Separately

Released on March 28, 2025, by Recorded Future News, the "Click Here" podcast delves into the intricate world of cybersecurity and intelligence. In this episode titled "Mic Drop: Jon Clay - Pre-crime, Post Click – Precogs Sold Separately," host Dina Temple-Raston engages in a compelling conversation with John Clay, Vice President of Threat Intelligence at Trend Micro. The discussion explores the transformative role of artificial intelligence (AI) in predicting and preventing cyber threats, drawing parallels to the futuristic concept of pre-crime.

1. Introduction to Predictive Cybersecurity

The episode opens with Dina Temple-Raston setting the stage for a deep dive into the future of cybersecurity. She introduces John Clay, a seasoned expert with 28 years at Trend Micro, highlighting his role in pioneering AI-driven threat intelligence.

Dina Temple (00:02): "But today we're taking a detour from the past to talk about the future. Not speculative fiction, but real world predictive cyber offense with John Clay."

John Clay elaborates on Trend Micro's mission to not just respond to cyber threats but to anticipate and neutralize them proactively.

John Clay (01:23): "We see a threat and we can now run it through an AI program and models and... we can predict where that threat potentially could go inside your network." (01:23)

2. The Minority Report Inspiration

Drawing inspiration from the 2002 film "Minority Report," the conversation transitions to the concept of pre-emptive action against cyber threats. John Clay compares Trend Micro's predictive approach to the film's pre-crime unit, which stops crimes before they occur.

John Clay (05:09): "If I can predict the murder and who is going to commit it, I will go and arrest them before they commit the murder or get them to not commit the murder." (05:09)

This analogy underscores the innovative shift from reactive to proactive cybersecurity measures.

3. The Cyber Threat Landscape in Taiwan

John Clay provides insights into the escalating cyber threats faced by Taiwan, particularly from Chinese state-sponsored actors. He underscores the severity and sophistication of these attacks, highlighting their impact on critical infrastructure such as public transportation, electricity grids, and hospitals.

John Clay (03:11): "We have definitely seen China step up their attacks against Taiwan both in quantity as well as in quality." (03:11)

The discussion emphasizes the constant vigilance required to safeguard Taiwan's digital infrastructure against persistent and evolving threats.

4. Evolution and Sophistication of APTs

Advanced Persistent Threats (APTs) have become more formidable, with a notable 45% surge attributed to nation-state actors like China. John Clay explains how these groups continuously adapt their tactics, making detection and recognition increasingly challenging.

John Clay (04:00): "We saw a 45% surge in APT attacks... their tools, tactics and procedures regularly." (04:00)

This evolution not only complicates defensive strategies but also necessitates the integration of advanced AI solutions to keep pace with the sophistication of cyber adversaries.

5. Trend Micro’s Predictive Intelligence Approach

Trend Micro leverages vast amounts of data collected from its global customer base—500,000 customers across 160 countries—to feed into their AI-driven systems. This data feeds into a "data lake," serving as a comprehensive repository of cyber attack history.

John Clay (07:31): "We can take all that information and put it into a data lake... a massive artificial intelligence brain on cybersecurity." (07:31)

This approach enables the AI to recognize patterns and predict potential threats, effectively creating a cyber "pre-crime" unit.

6. The Role of AI and Large Language Models

The conversation delves into the technical aspects of how AI, particularly Large Language Models (LLMs), function as predictive engines. These models analyze sequential data to anticipate future events, analogous to predicting the next word in a sentence.

John Clay (06:40): "The beauty of what a LLM allows you to do is it is Massive amounts of data that can predict what could happen." (06:40)

By mapping the anatomy of cyber intrusions, Trend Micro can forecast the trajectories of potential attacks, thereby enhancing their ability to preemptively secure networks.

7. Case Study: Earth Ammit

A pivotal part of the discussion focuses on "Earth Ammit," a newly identified threat actor linked to the Chinese Ministry of State Security. In 2023, Trend Micro detected Earth Ammit infiltrating a Taiwanese software supplier's network, targeting foundational vendors and service providers crucial to Taiwan's digital infrastructure.

John Clay (11:15): "Earth Ammit is a group that is most likely tied to the ministry." (11:15)

The breach extended to a Taiwanese military drone manufacturer, demonstrating the group's ability to laterally move across networks undetected for extended periods.

John Clay (12:17): "When you analyze the malware from both, you see similarities in what they're doing." (12:17)

This case exemplifies the persistent and stealthy nature of state-sponsored cyber threats and underscores the necessity for predictive measures.

8. Proactive Security: The Future of Cyber Defense

Transitioning from the case study, the conversation highlights the paradigm shift from reactive to proactive security. By utilizing predictive AI tools, Trend Micro can identify potential backdoors and vulnerabilities before they are exploited, providing tailored mitigation strategies to their clients.

John Clay (14:56): "We can start informing our customer, in this case Taiwan government. What kind of mitigating controls do you need to put in place to ensure that it doesn't do that." (14:56)

This proactive stance empowers organizations to stay ahead of cyber adversaries, transforming cybersecurity from a reactive necessity into a strategic advantage.

9. Conclusion: A Radar for Cyber Threats

Dina Temple-Raston wraps up the episode by reflecting on the transformative potential of predictive AI in cybersecurity. Rather than merely responding to attacks, Trend Micro's approach acts as a radar system, continuously scanning for and identifying threats before they materialize.

Dina Temple (15:26): "Maybe the future of digital defense doesn't look like a bunker. Maybe it looks like a radar watching the horizon." (15:26)

This vision of a forward-looking, anticipatory cybersecurity framework signifies a monumental shift in how digital defenses are conceptualized and implemented.

Key Takeaways

Proactive Cyber Defense: Utilizing AI to predict and prevent cyber threats marks a significant evolution from traditional reactive methods.
AI and LLMs in Security: Advanced AI models analyze vast datasets to identify patterns and forecast potential cyber attacks, enhancing threat intelligence.
State-Sponsored Threats: Sophisticated APTs, particularly from nation-state actors like China, pose ongoing challenges that require innovative defensive strategies.
Case Study of Earth Ammit: Demonstrates the effectiveness of predictive AI in identifying and mitigating advanced cyber threats before they escalate.
Future of Cybersecurity: Emphasizes the importance of anticipatory measures and continuous monitoring to stay ahead of evolving cyber threats.

By integrating AI-driven predictive intelligence, Trend Micro is pioneering a new frontier in cybersecurity, akin to the pre-crime units depicted in science fiction. This proactive approach not only enhances defensive capabilities but also offers a strategic framework for organizations to safeguard their digital futures effectively.

Loading summary

Transcript72 lines

[00:03]
Dina Temple
From Recorded Future News and prx, this is. Click Here. Can you tell me a little bit about the Minority Report? Not the Tom Cruise one.
[00:20]
John Clay
Interesting. Yeah, it's kind of funny story.
[00:22]
Dina Temple
So from Recorded Future News, this is Click Here's Mic Drop. A longer listen to one of our most compelling conversations of the week. I'm Dena Temple. Rest in. And today we're taking a detour from the past to talk about the future. Not speculative fiction, but real world predictive cyber offense with John Clay. He's the vice president of threat intelligence at the cybersecurity company Trend Micro and he's part of a team that's using artificial intelligence not just to detect cyber threats, but to actually anticipate them to stop bad actors before they make their move. Which should sound a little familiar.
[01:11]
John Clay
Let's not kid ourselves.
[01:12]
Dina Temple
We are arresting individuals who have broken.
[01:13]
Brooke Gladstone
No law, but they will. The pre Kongs see the future and they're never wrong.
[01:18]
Dina Temple
And while John won't claim to never be wrong, he thinks they can see a version of the future.
[01:24]
John Clay
We see a threat and we can now run it through an AI program and models and. And we can predict where that threat potentially could go inside your network.
[01:39]
Dina Temple
Stay with us. Click Here is brought to you by Progressive Insurance. Do you ever think about switching insurance companies to see if you could save some cash? Progressive makes it easy to see if you could save when you bundle your home and auto policies. Try it@progressive.com Progressive Casualty Insurance Company and affiliates. Potential savings will vary. Not available in all states. I'm Dina templewest and this is Click Here's Mic Drop. And you don't have any people in tanks being kept alive? No.
[02:24]
John Clay
No, we don't. Thank go.
[02:31]
Dina Temple
John Clay has been at Trend Micro for 28 years. That's a long time in cybersecurity years. And the company headquartered in Japan has a huge presence in Taiwan.
[02:43]
John Clay
We work extensively with the Taiwanese government and they utilize our solutions and platform inside their networks.
[02:51]
Dina Temple
There are a thousand people in their Taipei office, which puts John in the eye of a growing digital storm. China's ongoing cyber attacks against the island nation. Someone told me Taiwan's networks are riddled with Chinese intrusion. Is that true?
[03:11]
John Clay
That's the challenge we have. We have definitely seen China step up their attacks against Taiwan both in quantity as well as in quality. And it's definitely causing challenges for not only the government side of Taiwan, but also the commercial side. Public transportation, electricity grids and hospitals are among the targets.
[03:38]
Dina Temple
Is Taiwan launching similar attacks on China?
[03:41]
Unknown
I cannot say. That because, you know, if it's a war.
[03:50]
Dina Temple
Chinese cyber espionage isn't new, but it's evolving really fast. Are they getting better?
[04:00]
John Clay
100%. You know, we saw a 45% surge in APT attacks.
[04:06]
Dina Temple
APTS advance persistent Threats. Nation state hackers like China, they are.
[04:12]
John Clay
Constantly changing their ttps, so their tools, tactics and procedures regularly. I mean, it's pretty wild a lot of the back.
[04:22]
Dina Temple
That evolution doesn't just make attacks harder to detect, it makes them harder to even recognize. The Chinese are also notoriously patient, quietly lurking inside Taiwanese networks for years at a time.
[04:36]
John Clay
The hard part is how do you root that stuff out? Because a lot of these agents or backdoors or whatever you want to call them there are sitting there stealthily, not doing anything, just waiting to be called upon. And it's difficult to root those out and find those, which is where Trend.
[04:53]
Dina Temple
Micro decided to think different. As Apple might say. What if they didn't just respond to cyber attacks? What if they got ahead of them and their inspiration was that Tom Cruise Hollywood blockbuster.
[05:09]
John Clay
I'm placing you under arrest for the future murder of Sarah Marks and Donald Dubin that was to take place today, April 22nd at 0800 hours, 4 minutes. No, I didn't do anything.
[05:18]
Dina Temple
That's a scene from Minority report, Steven Spielberg's 2002 adaptation of a Philip K. Dick short story. In the film, the Washington D.C. police Department launches Pre Crime, a futuristic unit that uses psychics to stop crimes before they can happen.
[05:36]
John Clay
And the idea was, if I can predict the murder and who is going to commit it, I will go and arrest them before they commit the murder or get them to not commit the murder.
[05:45]
Dina Temple
It sounds fantastical, but around 2008, John and his colleagues began to wonder, what if there was a kernel of truth there, at least for cyber threats.
[05:55]
John Clay
So we had a similar kind of concept with cybersecurity. We said, hey, if we can detect a threat, we have all this information, can we predict where that threat goes inside the network?
[06:06]
Dina Temple
At the time, the answer was not yet.
[06:08]
John Clay
SQL databases were not going to be able to do what we were able to do. Machine learning was not going to be able to do what we needed to do.
[06:16]
Dina Temple
The tools didn't exist.
[06:17]
John Clay
But now fast forward to today. You have massive amounts of compute capability. You have the new AI and Generative AI.
[06:30]
Dina Temple
Generative AI and Large Language models, or LLMs are engines of prediction. They operate in precog fashion by anticipating what comes next.
[06:41]
John Clay
The beauty of what a LLM allows you to do is it is Massive amounts of data that can predict what could happen. It goes, here's the first word and the answer now what is most likely the next word and then the next word and the next word.
[06:57]
Dina Temple
So John's team asked, what if instead of using this prediction engine for text, they used it to predict attacks? What an LLM needs is data, lots and lots of it. Fortunately, that wasn't a problem for John and the team.
[07:18]
John Clay
We have 500,000 customers, you know, in 160 countries. So we see attacks all the time from everywhere. And we can take all that information and put it into a data lake.
[07:32]
Dina Temple
The data lake, essentially a massive repository of cyber attack history.
[07:37]
John Clay
And it becomes a massive artificial intelligence brain on cybersecurity. You can ask it, you know, hey, what does this do? And it'll tell you what it does. Hey, you know, what is salt typhoon doing these days? Boom. It'll give you that information. It's amazing to see.
[07:54]
Dina Temple
Using that same data pool, Trend Micro built a kind of pre crime for cyberspace. They call it attack path prediction.
[08:04]
John Clay
So we are now able to actually, we see a threat and we can now run it through an AI program and models and, and we can predict where that threat potentially could go inside your network.
[08:16]
Dina Temple
Just like language models detect the structure of grammar, this tool maps the anatomy of an intrusion.
[08:22]
John Clay
How did they get access? How did they laterally move? What were they, you know, what did they exfiltrate, you know, how did they wipe their tracks out? A cyber threat is always going to follow some type of a, a path or multiple paths. And so now because you have that information, you have that historical information, you have the ability to predict what happened.
[08:49]
Dina Temple
They can even assign a risk score to vulnerabilities forecasting the likelihood of an attack. And that's a big deal, especially for a nation like Taiwan, which lives under a constant threat from Chinese hackers.
[09:02]
John Clay
And that's, that's where we're shifting to proactive security versus reactive security. You think about, you know, probably for the last 20 years it's been mostly reactive. Moving to a proactive stance is now helping customers to be more in control of their, of their future.
[09:22]
Dina Temple
When we come back, what this tech means for Taiwan and why in the digital age, seeing the future might be the best way to survive it. Stay with us.
[09:46]
Unknown
There's a lot going on right now. Mounting economic inequality, threats to democracy, environmental disaster, the sour stench of chaos in the air. I'm Brooke Gladstone, host of WNYC's on the Media. Want to understand the reasons and the Meanings of the narratives that led us here, and maybe how to head them off at the pass that's on the media specialty. Take a listen wherever you get your podcasts.
[10:26]
Dina Temple
In 2023, Trend Micro got a call. It came from a software supplier that worked with the Taiwanese government. They weren't under immediate threat, but they had a suspicion that something wasn't quite right, Something invisible. So John Clay and his colleagues from the company's incident response team went to work. They scanned the company's system, sifted through their data logs, and then confirmed their worst fears.
[10:50]
John Clay
Through that discovery phase of our incident response process, we were able to identify that, yes, they were, in fact, breached.
[11:00]
Dina Temple
Not just breached, but breached by someone entirely new.
[11:09]
John Clay
This is a brand new group. We were the first to identify it.
[11:12]
Dina Temple
They called the threat actor Earth Ammit.
[11:15]
John Clay
So Earth Ammit is a group that is most likely tied to the ministry.
[11:22]
Dina Temple
As in the Chinese Ministry of State Security. John couldn't reveal exactly who Earth Emmett had targeted, but he did say the group had set its sights on the connective tissue of Taiwan's digital infrastructure.
[11:39]
John Clay
What they did in 2023 was compromising what we call foundational vendors and service providers. These are organizations that a lot of private as well as public organizations used to access the Internet.
[11:53]
Dina Temple
But after John's team spotted Earth Ammit, they just disappeared from their client's network, at least for a while, you know.
[12:01]
John Clay
Again, we get called in on another case.
[12:04]
Dina Temple
This time, the call came from a different kind of client, a Taiwanese manufacturer of military drones. So Chen Micro started digging, and it didn't take long before the patterns felt really familiar.
[12:17]
John Clay
When you analyze the malware from both, you see similarities in what they're doing.
[12:23]
Dina Temple
Enough similarities to draw a line between the two.
[12:27]
John Clay
We tend to be a little shy in attribution, but in this case, we had enough information to be able to tie the two back together.
[12:37]
Dina Temple
Turns out Earth Ammit hadn't just returned. They'd never really left. The drone company had been compromised through the first company.
[12:46]
John Clay
As they were inside the initial victims in 2023, they saw that the drone manufacturer was one of their customers, so they were able to island hop across to this other organization.
[13:03]
Dina Temple
In 2024, Earth Amit moved laterally from vendor to client, right under everybody's nose.
[13:11]
John Clay
They were able to gain access through the software that was used by that drone manufacturer.
[13:23]
Dina Temple
It was a reminder. These actors aren't smashing windows. They're picking locks. Slowly, quietly, sometimes over years.
[13:32]
John Clay
These groups are thinking long term, right? It's not a snatch and grab. But then what they are getting very good at, dena, is laterally moving across the network and staying resident for many, many days, even months, even years. And in some instances, so they're very good at hiding their tracks and staying resident within these organizations networks.
[13:59]
Dina Temple
But where patience is their weapon, pattern is their tell. And that's where predictive AI begins to shine. Because Earth AMMIT may be careful, but they're not original. They reuse tactics, infrastructure, even the code. And that makes them visible to an AI trained to recognize the footprints of a cyber attack before it fully lands.
[14:23]
John Clay
The more you can put in attack campaign information, the more likely you can say is, okay, hey, I identified a phishing email that targeted this individual. And then once you have that information now you can predict, well from there you can go here, here, here, and here, or you can go in this other direction.
[14:45]
Dina Temple
So instead of just waiting for Earth Ammit to make its next move, John is watching the board, looking for Earth Ammit's tells with the help of their AI tools.
[14:56]
John Clay
So we see a new backdoor, for example, and we're able to then predict what could happen with that backdoor. Where is that backdoor located? And we can start informing our customer, in this case Taiwan government. What kind of mitigating controls do you need to put in place to ensure that it doesn't do that? That's the power of AI and the power of where technology has gotten us to, and it is taking us into the future.
[15:26]
Dina Temple
It's amazing to see so much of cybersecurity is reactive. It's cleanup, containment, damage control. But maybe that's beginning to change. Maybe the future of digital defense doesn't look like a bunker. Maybe it looks like a radar watching the horizon, tracing the signals and sometimes getting there first. From recorded future news, this has been Click Here's Mic Drop. It was written and produced by Megan Dietrich, Sean Powers, Erica Guida, Zach Hirsch, Lucas Riley and me, Dina Templest. It was edited by Karen Duffin. We'll be back on Tuesday with an all new episode of Click Here. Have a great weekend.
[16:24]
Brooke Gladstone
Looking for more of the cybersecurity and intelligence coverage you get on Click Here, Then check out our sister publication, the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to therecord Media.