Thorsten Delbrouck, Group CSO at Giesecke+Devrient – Interview Series

Thorsten Delbrouck, Group CSO at Giesecke+Devrient, is a veteran cybersecurity executive with more than two decades of experience securing enterprise infrastructure, digital identities, and critical systems. Since joining Giesecke+Devrient (G+D) in 2011 as Corporate Chief Information Security Officer, he has led the company’s global security strategy across highly regulated sectors including finance, telecommunications, and government infrastructure. In 2020, he expanded his role to Group Vice President, Head of Security and CISO. Delbrouck also serves as Chairman of the Information Security Forum (ISF), a leading global authority on cybersecurity and risk management, and has held senior security leadership roles at Infineon Technologies, COMLINE, and TÜV Secure iT.

Giesecke+Devrient (G+D) is a Munich-based global SecurityTech company that has evolved from a historic banknote printer founded in 1852 into a major provider of digital security, financial technology, and currency infrastructure solutions. The company operates across three core segments: Digital Security, Financial Platforms, and Currency Technology, delivering technologies that secure mobile connectivity, digital identities, banking systems, payment platforms, and both physical and digital currencies. G+D works with governments, central banks, financial institutions, and enterprises worldwide, including providing solutions for eSIMs, authentication systems, digital payments, cybersecurity, and Central Bank Digital Currencies (CBDCs). The company positions itself as a trusted infrastructure provider for the digital economy, with more than 14,000 employees globally and decades of expertise in securing critical systems and financial ecosystems.

You’ve spent nearly three decades in cybersecurity leadership roles spanning TÜV Secure iT, Infineon, and now over 15 years at Giesecke+Devrient. How has the threat landscape evolved from traditional enterprise security risks to today’s AI-driven cyber challenges, and what concerns you most about the current direction of the industry?

I think the main change over the course of my own career is speed and impact. When I started security management in the late 1990s, a serious security issue meant a misconfigured firewall or an unpatched server, the blast radius was typically quite contained. Over the last three decades I’ve seen the consequences of a single breach grow from operational inconvenience to systemic risk.

And everything is faster. We are dealing with more systems and higher bandwidths. Today, barely half of all internet traffic is generated by humans – and by some estimates roughly 40% of the total traffic consists of malicious activity like malicious scans, malware, and DDoS.

At the same time, the landscape has become heavily consolidated and concentrated. The internet’s original design philosophy of redundancy and decentralization has been lost. As a result, attacks targeting just a few central points of failure have far more devastating consequences than they used to. This leaves virtually no room for error in the setup and operation of modern IT systems. And now AI is compressing the attackers’ timelines even further.

Recent comments from Dario Amodei have reignited fears around advanced AI systems identifying software vulnerabilities at scale. Do you believe enterprises are underestimating how quickly AI-assisted development could overwhelm existing security processes?

Yes, I believe many enterprises are underestimating the speed of this shift. At first, it seemed as though AI would benefit both sides, attackers and defenders, roughly equally. But a concerning reality is emerging: AI hasn’t invented entirely new categories of cybercrime; instead, it has democratized sophisticated attack capabilities, allowing threat actors to automate reconnaissance, eliminate the language barriers in phishing, and discover software vulnerabilities at a speed and scale that human defenders are struggling to absorb.

The problem is that while AI has sparked a massive surge in vulnerability identification, it isn’t yet being deployed to the same extent in the remediation process. That creates a dangerous imbalance. AI-assisted vulnerability discovery is simply producing more work than defenders can handle. This may improve in a few years as AI for remediation catches up, but right now it is a growing issue.

Additionally, it is not without irony that the same companies presenting their latest models as salvation from cyber threats are, at the same time, fueling part of the problem. AI-assisted coding tools accelerate software production, but they frequently produce sloppy, vulnerable code – expanding the very attack surface their security products promise to reduce. From an economic standpoint, this is brilliant. From a security perspective, not so much.

At G+D we evaluate AI use cases in a structured way through an AI Board and do not scale them in an uncontrolled manner. The problem is not AI per se – it is the lack of governance in its deployment. This aligns with the principle G+D also applies internally: AI requires not just innovation, but institutionalized evaluation and approval processes.

Many organizations view AI primarily as a defensive cybersecurity tool. In your view, where is AI currently creating more risk than protection inside enterprise environments?

Most cybersecurity teams already deploy AI to varying degrees for detecting, classifying, assessing, and triaging security events – and it works remarkably well.

Yet, entirely new risks are surfacing alongside these benefits. The vulnerabilities native to the AI architecture itself are already widely discussed and mostly understood. We are no longer just securing static code; we are securing non-deterministic systems. This introduces entirely new threat vectors, such as prompt injection (where malicious data tricks an LLM into ignoring its guardrails), data poisoning to corrupt a model’s logic during training, and data leakage, where proprietary enterprise data is accidentally exposed through model outputs. It fundamentally changes the definition of an exploit.

But our traditional, well-rehearsed defenses must adapt as well. For many organizations, User and Entity Behavior Analytics (UEBA) is still a relatively new concept. In fact, many companies haven’t fully adopted the approach due to stringent data privacy regulations, strict labor laws, and workers’ council co-determination rights. Now, the baseline has shifted and it is uncertain how effective UEBA will remain in a future where AI can flawlessly learn and mimic human behavior.

Moving forward, will UEBA even be capable of distinguishing human behavior from automated attacks, or telling a benign AI agent from a malicious one? There are already products which promise just that, but typically it takes some time to go from marketing promises to actual, working, real-life performance. We will need new concepts with modern security architectures to address that.

As Chairman of the Information Security Forum, you engage with security leaders across major global enterprises. Are CISOs becoming more concerned about AI-generated code quality, or is the larger issue the operational burden of securing exponentially larger codebases?

Both issues are real, but they land differently. AI-generated code quality is a genuine concern. The code AI produces often looks clean but can carry subtle logic flaws, insecure defaults, or misused libraries that are harder to catch precisely because they appear plausible. CISOs are rightly worried about that.

But in my conversations with security experts across ISF member organizations, the louder alarm is operational: it’s the sheer volume of code that could carry vulnerabilities and thus needs to be checked.

What I’m hearing consistently from peers across industries is that the dependency problem has become the defining burden. The heavy reliance on external components and third-party libraries means every single dependency must be meticulously tracked, managed, and continually patched. In the code but also in the tool chain, potentially across different cloud environments. That was already a significant challenge. AI-assisted development is now amplifying it. Not because the nature of the problem has changed, but because the scale has exploded. More code, produced faster, with more dependencies, across more repositories.

So if I had to prioritize: code quality is a solvable engineering problem – better tooling, stricter reviews, tighter guardrails in the development pipeline. The operational burden of securing an exponentially growing codebase and its sprawling dependency chains is the more structural, more persistent challenge. That’s where the real pressure lies, and that’s what comes up repeatedly in senior CISO discussions.

Giesecke+Devrient operates across highly sensitive sectors including digital identity, payments, banking infrastructure, eSIM technology, and central bank digital currencies. How does securing critical infrastructure differ in the AI era compared to protecting traditional enterprise systems?

At G+D, we face the same core responsibilities as any organization that takes security seriously. However, our standards are exceptionally high, and the margin for error is very small. We are acutely aware that a security incident within our infrastructure carries far wider-ranging implications than a breach at a typical enterprise – which is why our appetite for cybersecurity risk is exceptionally low.

Where AI does add a distinct layer of complexity for us is in the operational architecture itself. Many of our high-security components, particularly those tied to payment systems, digital identities, or products for central banks, are high value assets and subject to stringent certification and security requirements. These components must be developed, tested, and operated in separate environments, ranging from purely logical separation all the way to fully air-gapped networks with no external connectivity whatsoever.

That was already demanding before AI, but now organizations everywhere are integrating AI-assisted tools into their development and operational workflows. Tools that typically depend on cloud connectivity, large-scale data access, and continuous model updates. Reconciling that with environments where even a network cable plugged into the wrong port would be a serious policy violation is a very real engineering and governance challenge.

It forces us to be highly intentional about our AI integration. We aren’t just choosing the right AI model, we’re making strategic decisions at an infrastructure level about whether these tools need to be deployed locally or can be used via the cloud.

We’re seeing rapid adoption of AI coding copilots and autonomous development agents. Do you expect enterprises to eventually require AI-generated code to undergo separate validation and certification processes before deployment?

I do not think the decisive criterion should be whether code was written by a human or AI. The decisive criterion is risk. But AI-generated code will certainly need provenance, traceability, and stricter review in regulated or high-security environments.

Threat modeling, secure coding policies and incorporating SAST tools into the development toolchain is already standard practice today, and the tools are naturally becoming AI-enhanced. Additionally, development teams must meticulously track which functionalities are security-critical or belong to regulated, highly sensitive components. Beyond that, underlying dependencies must be thoroughly understood and continuously tested.

Economics will inevitably play an increasingly critical role. Right now, token pricing from major AI providers is not cost covering. The major AI providers are absorbing staggering infrastructure and inference deficits to secure market share. A subsidized model that is economically unsustainable long term. When the commercial costs of deploying AI into corporate workflows are adjusted upward to reflect those true infrastructure expenses, we’ll have an issue. At that point, the industry will have to shift toward small, localized, and purpose-built models. Training these smaller models for targeted use cases will become a vital strategy to mitigate severe cost increase.

And for categories with the highest security demands, human oversight will remain mandatory and that is precisely where the challenge lies: leveraging finite human capacity as efficiently as possible.

AI systems can now identify vulnerabilities far faster than human analysts, but remediation still depends heavily on human workflows. Are enterprises approaching a point where patch management itself must become autonomous?

Yes, autonomous patch management is no longer a luxury – it’s an operational necessity. The sheer volume of vulnerabilities today simply exceeds human triage capacity.

That said, I believe the actual deployment has to follow a tiered, pragmatic approach. For standard, non-critical environments, full automation should be entirely achievable, provided the right guardrails are in place. Fully autonomous remediation in critical, high-impact systems, while certainly necessary, will most likely remain quite difficult to implement for the foreseeable future.

This is where the fundamentals really matter. The distinction between those two categories sounds straightforward, but in practice it demands an enormous amount of precise, detailed, and sustained housekeeping to operate a complex environment with such divergent approaches in a clean and automated way. That work is easy to underestimate.

The real challenge, as so often, is not the mechanical execution of the process itself – it’s the broader system. Intelligent decision-making is only possible when the whole system supports it. Patch management needs to become significantly smarter and faster, not just more automated.

And, as always: in highly sensitive contexts, controlled stability and high velocity have to go hand in hand. That tension is the hard part – and the part most organizations aren’t yet ready for.

Governments worldwide are racing to implement digital identity systems, CBDCs, and connected infrastructure. How concerned are you that AI-driven cyber threats could outpace regulatory and national security preparedness?

Regulatory frameworks like NIS2 and the Cyber Resilience Act are pushing things in the right direction, but regulation is ultimately just one piece of the puzzle. Regulation matters for the overall system, but we can’t assume that issuing a rule immediately solves the problem. Companies still have to implement the guidelines, keep their systems permanently secure, and maintain a solid understanding of their threat landscape and protection targets, continuously refine them, and keep them aligned.

I’m cautiously optimistic, provided organizations don’t treat regulatory compliance as a substitute for actual security. And modern security management doesn’t wait for regulation. If anything, it should be the other way around: The best real-world practice should flow into regulation, not the reverse.

In high security domains like digital identity and payment infrastructure operational preparedness is not a given. G+D is not only a supplier here, but also a dialogue partner for central banks and governments worldwide. G+D is also actively engaged in the protection of critical digital infrastructures – for example through Secunet as IT security partner of the Federal Republic of Germany.

Some experts describe advanced AI models as “cyber weapons,” while others argue that framing is exaggerated. From your perspective, what are people getting wrong about the real-world risks posed by frontier AI systems?

What people get wrong is the assumption that cyber conflicts follow the logic of physical warfare. That a sufficiently powerful weapon will inevitably breach any defense. Much of the “cyber weapon” framing borrows from that kinetic mindset: bigger cannon beats thicker wall, smarter missile beats faster aircraft. But cyber doesn’t work that way.

A successful cyber-attack almost never succeeds through brute overpowering force. It succeeds through exploiting a gap: a misconfiguration, an unpatched vulnerability, a human error, a weak link in the supply chain. AI doesn’t change that fundamental dynamic. It makes the search for those gaps faster and cheaper, and it lowers the skill threshold for exploiting them. That is a serious problem, but it’s a very different one from the “unstoppable weapon” narrative.

The real risk isn’t that AI creates some all-powerful offensive capability that no defense can withstand. The real risk is that AI accelerates and scales the exploitation of ordinary weaknesses – the same ones we’ve been struggling to fix for decades – at a pace that outstrips our ability to close them.

Framing AI as a cyber weapon distracts from that. It encourages an arms-race mentality when what’s actually needed is better operational hygiene, faster remediation, and more resilient architectures. The threat isn’t a new super-weapon. It’s the old gaps, exploited at new speed. So yes, framing AI as a cyber weapon is a significant overstatement.

Looking ahead, do you believe the biggest cybersecurity threat from AI will come from sophisticated nation-state attacks, autonomous exploitation at scale, insider misuse, supply chain vulnerabilities, or something the industry still isn’t paying enough attention to?

Predicting the future of security is always particularly difficult. Nation-state attacks, autonomous exploitation, insider misuse, supply chain compromise – all of these are real and growing threats, and I wouldn’t dismiss any of them. But I’d argue they are all consequences, not root causes. They succeed when defenders can no longer keep up, regardless of the reason: A vulnerability might not yet be publicly known, a patch not yet available or the workload too high.

And that last aspect is where I see the top risk looking two to three years out: security teams being overwhelmed by sheer workload.

All the current and emerging topics – regulation, sovereignty, complex cloud infrastructures, and everything that comes with them – are landing on teams already stretched thin by alert triage, incident response, phishing analysis, vulnerability and patch management, documentation, audits, and reporting. The workload added by everything AI could be the straw that breaks the camel’s back. Except it’s far, far more than just a straw.

And given the current global economic situation, all of this is hitting organizations under real cost pressure, across the board. If that isn’t managed extremely well, it will eventually become too much.

Thank you for the great interview, readers who wish to learn more should visit Giesecke+Devrient.