Risky Bulletin podcast: "AI is Critical to the Future of Cyber Defence"

Host: Casey Ellis (A), founder of Bugcrowd
Guest: Edward Wu (B), founder & CEO of DropZone AI
Date: February 1, 2026

Episode Overview

This episode explores the growing and critical role of artificial intelligence in defending against rapidly evolving cyber threats. Host Casey Ellis speaks with DropZone AI's Edward Wu, diving into insights from a recent report by Marco "Tuna" Rocca (former U.S. Cyber Command deputy commander), which challenges traditional notions of cyber deterrence and addresses the urgent need for automation given AI-driven adversaries and limited defensive resources.

Key Discussion Points & Insights

Wake-Up Calls from the Field ([00:21] – [02:27])

• Shifting Adversary Landscape:
  Edward Wu describes his discussion with Tuna Rocca, highlighting that nation-state attackers now display much-improved technical proficiency.
  • “A couple of years ago it was actually very easy for US Cyber operators to spot Russians, Chinese, North Koreans … their craft was pretty crude. … In the last just couple of years the tradecraft has drastically improved… they are 90-95% there.”
    — Edward Wu ([00:43])
• Scale Asymmetry:
  Nation-state adversaries now operate with massive headcount advantages, overwhelming defenders:
  • “It's not unusual for the adversaries… to have one or two more orders of magnitudes of resources in terms of headcount operators performing the offensive activities.”
    — Edward Wu ([01:38])

The Blurring Lines of Responsibility ([02:27] – [03:27])

• From Financial Loss to National Security:
  The conversation pivots to how organizations historically focused on preventing financial damage, but now face threats with greater implications due to geopolitical shifts.
  • “There’s a lot more at stake than financial damages.”
    — Casey Ellis ([02:40])

Rethinking Deterrence and Cyber Defense ([03:27] – [06:01])

• Deterrence Doesn't Translate:
  Traditional military concepts of deterrence (e.g., nuclear weapons) don’t work the same in cyberspace; threats are harder to attribute and defend against.
  • “In cyberspace, that’s not true. … every organization … is on the front line of this conflict, regardless if they know it or not.”
    — Edward Wu ([04:02])
• Real-World Impact Example:
  Wu recounts an incident where simply canceling employee insurance caused significant disruption, noting an adversary could do this on purpose:
  • “Imagine a nation state just shutting off everybody’s insurance … it’s probably bigger than dropping a lot of bombs.”
    — Edward Wu ([05:32])

Merging of Nation-State and Cybercrime Tactics ([06:01] – [08:32])

• Convergence of Threat Actors:
  The boundaries between nation-state actors and cybercriminal groups are increasingly blurred.
  • “Sometimes those cybercrime organizations are kind of … storefront[s] of nation state interests. … with the flip of a switch they can do other stuff as well.”
    — Edward Wu ([07:09])
• Broader Defender Responsibilities:
  Every organization, private or public, must now consider its role in national defense.
  • "Every organization is now part of the national cyber frontline..."
    — Edward Wu ([07:38])

Peacetime vs. Wartime Cyber Defense ([08:32] – [09:29])

• Traditional Western approaches to defense, shaped in peacetime, may fall short as the threat environment shifts.

The Cat-and-Mouse Game: AI Accelerates Asymmetry ([09:29] – [11:00])

• Lower Barriers for Attackers:
  Attackers use generative AI to create malware, C2 infrastructure, and variants quickly and cheaply.
  • “…with agentic AI systems and all the large language models, it has really further lowered the bar … for attackers to cause harm.”
    — Edward Wu ([09:49])
• Defender Resource Limits:
  Security budgets aren't keeping pace—so defenders need new approaches.

Practical Advice for CISOs and Defenders ([11:00] – [13:00])

• Automation as a Force Multiplier:
  Existing staff can cover more ground by implementing AI-driven automation, especially for routine investigative work (alert triage, etc.).
  • "...look at, evaluate the entire security program and identify areas that could benefit from a lot more automation."
    — Edward Wu ([11:54])
  • "Allows the security team to ... force multiply their budget.”
    — Edward Wu ([12:49])

Team of Teams: Private-Public Synergy ([13:00] – [15:15])

• Information Sharing Evolves:
  Moving past simple “IOCs” (Indicators of Compromise) to behavior (TTP: Tactics, Techniques, and Procedures) sharing, AI can help parse and leverage natural-language threat intelligence.
  • “TTPs are generally like natural language sentences... now with AI systems ... unstructured threat intelligence can be utilized for the first time…”
    — Edward Wu ([14:17])
• Pattern Detection with AI:
  AI is well-suited for finding non-deterministic patterns that blocklists and regex cannot.

Automation and the Cybersecurity "Poverty Line" ([15:15] – [17:40])

• Democratizing Defense:
  Small teams, once unable to afford comprehensive security, can now “punch above their weight” using AI agents.
  • "This great shift in the poverty line in cybersecurity is also something that we are very excited about."
    — Edward Wu ([16:52])
• Single Concrete Step:
  "Evaluate the program and identify opportunities to introduce more automation."
  — Edward Wu ([16:24])

Notable Quotes

• “Every organization that has any asset on the Internet right now is on the front line of this conflict, regardless if they know it or not.”
  — Edward Wu ([04:29])

• “Defenders generally need to spend orders of magnitude more resources to stop attacks that were pretty cheap and simple to launch.”
  — Edward Wu ([09:36])

• “...very few [security leaders] are saying, hey, our security budget is growing 130%, 150% every single year. So what do we do when the budget is not increasing but the ... number of barbarians at the door is increasing drastically.”
  — Edward Wu ([10:43])

• “...organizations who couldn’t afford good or better security could now afford those.”
  — Edward Wu ([17:12])

Key Timestamps

• 00:43 – 01:58: Evolution and scale of nation-state tradecraft
• 04:02 – 05:40: Limits of deterrence and the frontline role of every organization
• 07:09 – 08:32: Blurring lines between cybercrime and nation-state operations
• 09:49 – 11:00: How AI tools empower attackers and the growing asymmetry
• 11:54 – 13:00: Automation as a critical solution
• 14:17 – 15:29: AI-driven analysis of TTPs and new intelligence models
• 16:24 – 17:12: The impact of AI on smaller security teams and the “cybersecurity poverty line”

Memorable Moments

• Edward Wu’s vivid insurance company anecdote, illustrating the real-world impacts of cyber disruptions ([04:50 – 05:40]).
• Clear consensus between guest and host on the urgent need to adapt defender mindsets and practices to a changed, AI-driven battlefield.

Actionable Takeaways for Practitioners

• Implement automation wherever possible, especially for alert investigations and other labor-intensive tasks.
• Rethink the traditional “IOCs” approach: embrace sharing and using behavioral TTP intelligence, enabled by AI.
• Recognize your role (as an organization or security team) in a larger national and societal cyber defense context.
• Smaller teams should leverage AI tools to overcome budget and staffing constraints—security is now more accessible through smart use of technology.

This episode is essential listening for security leaders, practitioners, and anyone interested in the intersection of AI and cyber defense. The discussion offers both a stark reality check and a practical roadmap for navigating a more adversarial, AI-accelerated threat landscape.