From Basement to Boardroom: How AI-Powered Digital Twins Are Reshaping Cybersecurity
Trend Micro's strategy reveals how LLMs predict attack paths and digital twins create new frontiers for both defense and risk
The cybersecurity industry has undergone what Shannon Murphy, Senior Manager of Global Security & Risk Strategy at Trend Micro, calls a "basement to boardroom" transformation. Where security teams once struggled to gain executive attention, the post-Equifax era has fundamentally changed the conversation; boards now have personal liability for security failures, creating unprecedented urgency around cyber risk management.
But with this newfound attention comes a critical challenge: translating technical security concepts into business language that boards and executives can understand and act upon. During our interview at Black Hat 2025, Murphy revealed how Trend Micro is leveraging AI-powered approaches, including digital twins and predictive analytics, to bridge this communication gap while addressing the rapidly evolving threat landscape.
The Language of Risk: Speaking Dollars, Not CVEs
The transformation from technical jargon to business impact requires more than just better presentations; it demands a fundamental shift in how security teams quantify and communicate risk. Murphy's team has moved beyond traditional scoring systems to financial impact modeling that resonates with business leaders.
"The business understands dollars and cents," Murphy explained. "We need to find a way to actually translate our cyber risk into a financial metric. When we look at any other type of risk in the business—operational, financial, human—it's all quantified in dollar amounts."
This approach involves scenario-based modeling that accounts for industry-specific impacts. A leaked Marvel movie represents tens of millions in lost revenue for a media company, while a manufacturing site might continue operations despite certain types of breaches. The key is providing contextualized financial risk assessments rather than generic industry averages.
"You're not saying 'Verizon's risk of a data breach is $1.2 million,' that's not the context of my business," Murphy noted. "You need a dollar amount that's extremely contextual to what you do."
Predictive AI: Beyond Historical Analysis
While many cybersecurity solutions focus on analyzing past attacks, Trend Micro's approach centers on predicting future attack paths using AI that thrives on context. The more information fed into their large language models, the more specific and actionable the predictions become.
"Generative AI really thrives on context," Murphy said, drawing parallels to consumer AI experiences. "If you want dinner suggestions, you'll get something generic. But if you specify South Asian cuisine with specific flavors and spice preferences, you get something really targeted."
The company applies this principle by combining vulnerability assessments with threat intelligence to identify likely attack paths. By understanding where risks exist in an environment and pairing that knowledge with typical adversary playbooks, their AI can predict the path of least resistance for attackers.
"Attackers are lazy. They follow a playbook," Murphy observed. "We can pair our risk assessment with knowledge of typical vulnerabilities that adversaries exploit to predict where they're most likely to succeed."
Digital Twins: The Ultimate Testing Ground
Perhaps the most innovative aspect of Trend Micro's AI strategy involves digital twins—virtual replicas of entire network environments that allow security teams to test attack scenarios without impacting production systems. This concept, announced at Trend Micro's AI Summit, addresses a persistent challenge for security professionals.
"Our customers said it would be so cool if I could twin my network, because today I understand that I have risks and I want to test that risk before someone else can, but the business won't let me," Murphy explained.
Digital twins enable security teams to simulate attacks against real assets without operational impact. Teams can test phishing campaigns, evaluate the consequences of taking vulnerable legacy systems offline, or assess the ripple effects of various security incidents; all within a safe, simulated environment.
"You can almost chat with your environment," Murphy said. "You can simulate attacks to see what would happen in different scenarios."
AI vs. AI: Fighting Fire with Fire
Trend Micro's "AI on AI" approach recognizes that as attackers leverage artificial intelligence, defenders must match that sophistication. The company is implementing several AI-powered defensive strategies, including agentic red teaming that automates breach and attack simulations.
"We need to be red teaming our systems more than ever before," Murphy said, referencing guidance from industry leaders. "But we can't scale traditional red teaming without technology. We only have so many red teamers with limited time."
The solution involves creating a technology abstraction layer that enables automated red teaming, providing continuous security validation without the resource constraints of human-only approaches.
Additionally, Trend Micro leverages NVIDIA's Morpheus technology for threat detection in AI infrastructure environments, particularly for monitoring both human and non-human identities. As organizations deploy more AI agents, the need to baseline and monitor agent behavior becomes critical.
"Identities aren't just humans anymore," Murphy noted. "We want to monitor agent behavior and be alerted when they start behaving anomalously."
The Challenge of Agentic AI Security
The intersection of digital twins and agentic AI creates what Murphy describes as "unpredictable security challenges." While digital twins themselves can be secured using traditional approaches, AI agents operating within these environments introduce new complexities.
"The agents are trickier because we have MCP [Model Context Protocol] and agent-to-agent protocols," Murphy explained. "There's not a ton of security solutions around these pieces right now, and people are running to adopt them."
Her recommendation for organizations venturing into agentic AI is to start with zero trust principles—least privilege access, segmentation, and other foundational security practices—while security vendors develop specialized solutions for these emerging technologies.
The Proactive Imperative
For Murphy, the most critical shift security leaders must make involves moving from reactive firefighting to proactive risk management. This transformation requires what she calls a "continuous process of discovery and inventory" combined with AI-powered prioritization.
"You have to know what you have, assess the risk, and then, most importantly, prioritize," she emphasized. "If you have a long list of problems with no prioritization, you can't handle all the problems."
This approach moves beyond traditional vulnerability management that prioritizes based solely on severity scores. Instead, AI-powered systems consider contextual factors like asset importance, threat intelligence, and business impact.
"If you have a high severity CVE on an irrelevant asset and a medium severity CVE on your CFO's laptop, the medium one should be prioritized," Murphy explained.
Protecting Developers from Security Friction
For development teams increasingly relying on AI coding tools, Murphy advocates for "low friction security technology" that operates transparently within the developer pipeline. Trend Micro's Code Security solution exemplifies this approach; developers never interact with security tools directly, yet their AI-generated code is automatically scanned and remediated.
"Developers get frustrated by security because they feel it slows them down," Murphy said. "They shouldn't be responsible for security. The code passes through our security layer, and vulnerabilities get flagged and fixed without developer intervention."
The Advantage Question
While some industry leaders worry about attackers gaining the upper hand through AI, Murphy maintains optimism about defenders' advantages. She points to substantial investment in defensive technologies and talent that adversaries lack, noting that much of what appears in criminal underground markets involves "jailbroken legitimate tools" rather than novel AI innovations.
"We're not seeing a ton of ingenuity from cyber criminals," she observed. "They're using tried and true techniques because they work. Defenders have more to feel good about than not."
Looking Forward
As AI continues reshaping both attack and defense capabilities, Trend Micro's approach emphasizes practical implementation over theoretical concerns. By focusing on contextual risk assessment, predictive analytics, and transparent security integration, the company is addressing the real-world challenges organizations face in securing AI-powered environments.
The shift from "basement to boardroom" may have given security teams unprecedented visibility, but with that visibility comes the responsibility to communicate effectively and deliver measurable business value.
As Murphy's work demonstrates, the organizations that succeed will be those that can translate technical security capabilities into business impact—speaking the language of risk in terms that matter most to decision-makers: dollars and cents.
