Risky Bulletin: Srsly Risky Biz – “Cyber Bullets Can't Replace Political Will”
Podcast: Risky Bulletin
Host: Amberly Jack
Guest: Tom Uran, Policy and Intelligence Editor
Date: February 19, 2026
Episode Theme:
Exploring the limits of cyber operations as a solution for political and security challenges, particularly in Europe’s response to Russian sabotage, and delving into AI model theft as a geopolitical and business risk.
Main Theme Overview
This episode dives into the current landscape of cyber policy and intelligence, focusing on:
- The recent push from European officials for enhanced cyber “strike back” capabilities to address Russian sabotage, and why this is more about lacking political will than technological capability.
- The risks of AI model “distillation attacks” (model extraction) highlighted in new Google and OpenAI reports and the call for greater US government involvement to protect intellectual property.
Key Discussion Points and Insights
1. European Response to Russian Sabotage
[00:54 – 08:12]
Munich Security Conference and the Push for Cyber Capabilities
- European leaders at the Munich Security Conference are calling for new, offensive cyber capabilities to counter Russian sabotage.
- Tom Uran’s central argument: Europe already possesses a wide array of tools—including cyber—but is failing to use them effectively due to a lack of political will.
Russian Sabotage Campaigns
- Russian state actors (linked through Telegram and Wagner Group) are recruiting disaffected and marginalized European youth to perform acts like warehouse bombings and sending letter bombs.
- These recruits are "disposable agents." Arresting them addresses only the symptoms, not the root state-driven campaign.
The Ineffectiveness of Cyber “Magic Bullets”
- Cyber retaliation appears attractive because it’s covert and deniable, unlike overt, kinetic action.
- Democracies are reluctant to "stoop" to Russia’s tactics (e.g., recruiting own thugs) and may see cyber as a way to avoid direct escalation.
- However, effective use of “cyber” for deterrence means matching or exceeding Russian escalation, which is itself a political, not technical, challenge.
Notable Quote
"The difference between hiring Russian thugs and having an exquisite cyber operation that causes a warehouse to catch fire is the political will."
— Tom Uran [06:12]
Alternative Actions Beyond Cyber
- Uran points to several non-cyber measures Europe could take:
- Additional sanctions.
- Disrupting Russia’s “shadow fleet” circumventing sanctions.
- Conventional and diplomatic levers available immediately.
- Cyber operations are a complement, not a replacement: “Complementary actions need something to complement.” [07:18]
Memorable Summary
"People are talking about, here’s a magic bullet that when we get it, it’ll be great, rather than let’s do things now and then also work on that magic bullet... it’s a complement to what we’re already doing."
— Tom Uran [07:38]
2. AI "Distillation Attacks" and Intellectual Property Theft
[08:12 – 18:33]
What Are Distillation/Model Extraction Attacks?
- “Distillation attacks” (aka model extraction attacks) involve querying a proprietary AI model and using its responses to train a competing model, often at much less cost.
- Recent Google reports and OpenAI memos highlight a surge in such attacks, particularly from China, and frame them as a major threat to Western innovation and competitive edge.
The Policy Dilemma: Free Markets vs. State Assistance
- OpenAI, Google, and others are lobbying US policymakers to take action, arguing traditional IP protections don’t work since model theft occurs via ordinary queries, not network intrusions.
- Notably, US companies—previous advocates of free markets—now ask for governmental intervention, representing a marked rhetorical shift.
Notable Moment
"I found it somewhat amusing that you’ve got an American company so blatantly saying we need government assistance."
— Tom Uran [12:03]
Responses Proposed by Industry
- Intelligence and info-sharing to uncover threat actors.
- Industry standards to prevent model extraction.
- Stricter export controls on chips (since compute power is a limiting factor in building large models).
- Citing China’s massive investment in electrical power as a comparative disadvantage for the US.
Memorable Analysis
"The way to make sure that there’s a level playing field is to make sure our competitors don’t have the chips that they need… I’m not a fan of hypocrisy and that kind of language, but I think they could be right."
— Tom Uran [13:55]
The Stakes: Commodity vs. Sovereign AI
- Will AI models become a commodity (i.e., no competitive advantage, everyone’s models are similar)?
- Or is having sovereign, indigenous AI a crucial part of national economic and security strategy?
- Tom expresses uncertainty about which scenario will win out but says most policymakers would be prudent to plan for the latter.
Notable Exchange
Amberly Jack [15:01]: "...surely if you are a policymaker, it is better to err on the side of this is going to be really important, just in case."
Tom Uran [15:28]: "Yeah, I think so. I think so. Like, I think I’m uncertain about the future, but it seems that the consequences of that path, if you … fail at becoming a leader ... the consequences seem quite bad. So you should try and avoid that."
Where Governments Can Intervene
- Focus is on chips/export controls and maybe, less so, on talent acquisition.
- The challenge: distillation is not preventable like "old fashioned cyber espionage"—so the main levers are at the infrastructure level (compute, electricity, supply chain).
Analysis
"There's a form of intellectual property theft that you can't stop ... What are the other levers we've got? ... If you can't do anything about electricity, there's also chips."
— Tom Uran [16:45]
Notable Quotes & Memorable Moments with Timestamps
- “The difference between hiring Russian thugs and having an exquisite cyber operation that causes a warehouse to catch fire is the political will.” — Tom Uran [06:12]
- “Complementary actions need something to complement.” — Amberly Jack [07:18]
- “People are talking about, here’s a magic bullet ... rather than let’s do things now and then also work on that magic bullet.” — Tom Uran [07:38]
- “I found it somewhat amusing that you’ve got an American company so blatantly saying we need government assistance.” — Tom Uran [12:03]
- “The way to make sure that there’s a level playing field is to make sure our competitors don’t have the chips that they need.” — Tom Uran [13:55]
- On Policymaking:
“If it’s all a commodity and it doesn’t matter ... what’s the worst that’s happened? You’ve spent some time and effort ... but the consequences are not that bad. So, yeah, I think it totally makes sense.” — Tom Uran [15:28] - “Cheating at school would have been so much easier if you could just ask the person next to you straight up, what’s the answer?” — Amberly Jack [18:33]
Important Segment Timestamps
- [00:54] – European cyber “strike back” debate introduction
- [01:55] – Breakdown of Russian sabotage campaign
- [05:35] – Analysis of escalatory dynamics and political will
- [07:18] – Discussion of holistic, complementary approaches
- [08:12] – Introduction to AI model distillation attack topic
- [10:00-14:00] – US industry’s advocacy for government assistance on AI theft; chip export framing
- [15:01] – Amberly/ Tom exchange on policymaker risk calculus
- [16:45] – Policy levers available: chips, electricity, infrastructure
Summary & Takeaways
- Cyber tools alone won’t fix Europe’s Russia problem: The core barrier is not technological capability, but the absence of political will to use all available measures (cyber included) in a strategic, coordinated fashion.
- Industry’s changing tune on government action: US tech leaders now openly seek state protection of AI IP, highlighting the limitations of market solutions and the strategic nature of AI leadership.
- Policy challenge: With distillation attacks unavoidable and the supply chain (chips, electricity) as the main bottlenecks, governments may further escalate tech wars to preserve competitive advantages.
- Policymaker calculus: It’s more prudent to prepare for a world where AI matters for national power—because the downside risk of getting that wrong is enormous.
This episode offers nuanced, clear-eyed perspectives for anyone interested in the intersection of cybersecurity, geopolitics, and technology policy.