Last week’s firing of the head of the National Security Agency and U.S. Cyber Command, along with his deputies, is one more reason to conclude that the United States is not led by serious people. As the administration waves off the implications of Signalgate and then fires Four-Star General Timothy D. Haugh et al. on the reported basis that Laura Loomer told Trump they are “disloyal,” any common-sense observer will justifiably doubt whether national security is a priority for this administration. Concurrently, one wonders whether the administration’s security clumsiness, combined with its deepening relationship with U.S. Big Tech leaders, will foster anxieties over data security as organizations in every sector develop new AI models that will be tomorrow’s attack vectors.
While U.S. Big Tech praised Trump’s revocation of the Biden EO on AI as an end to regulation, the move could erode confidence for many organizations that need to develop AI in environments provided by domestic suppliers of confidential computing services. Although the U.S. remains a leader in cybersecurity, Americans are targeted by cyberattacks more than any other country, and rescinding the Biden EO did not reverse any regulation. On the contrary, exacerbating the U.S. history of laissez-fair cyber policy, Trump has been a direct beneficiary of data abuse and micro-targeting misinformation; and more than half of all citizens likely assume that our private data is not only insecure, but that the current administration would not scruple to exploit it for the most draconian purposes.
For my recent post about Section 230 reform, I spoke with Peter DeMeo, Chief Product Officer of Phoenix Technologies AG in Switzerland about agentic AI as both opportunity and threat. Not yet fully realized, the principle is that an AI agent can act autonomously to improve or maintain a given system. “But you want to keep the agents in a good place,” DeMeo says. For instance, he describes a Swiss hospital group where the IT infrastructure crashed overnight, but the staff found the agent had fixed the problem and kept operations running. This kind of positive result, however, should not mask the fact that AI agents are new attack vectors. DeMeo explains…
Imagine a foreign adversary infiltrating a hospital’s network through a sophisticated phishing attack, poisoning the AI agent’s data and turning it malicious. Unaware of the compromise, the IT team deploys these sleeper agents into a trusted execution environment—a secure enclave, where they can operate autonomously. From within this stronghold, the malicious agents launch a next-generation ransomware attack, encrypting critical system data. Surgeons and medical staff are locked out, unable to access patient histories, scans, and essential systems—crippling hospital operations and endangering lives.
Is the U.S. a Robust Data Security Environment?
America’s data security landscape comprises a patchwork of federal law, state law, and what might be fairly described as an honor system among many major providers of confidential computing services. U.S. policy (i.e., let Big Tech do what it wants) combined with “operational assurance” (i.e., trust the provider to do what it says) may not provide the kind of confidence various organizations demand as they develop and deploy agentic AI. And that was before DOGE’s questionable access to, and haphazard handling of, sensitive information—or before Trump fired the top cyber security official without cause.
Meanwhile, a key indicator to follow in this context will likely be the insurance industry. For instance, Chubb, a major provider of cyber insurance, released its first Navigating the Cyber Claims Landscape report early this year. The report shows, for instance, ransomware incidents increasing in the U.S. while they are declining outside the U.S, and it explicitly states that “A zero trust security model is essential to maintain controls.”
If organizations look outside the U.S. for confidential computing, Switzerland could emerge as a hub for the level of data security needed to confront the vulnerabilities inherent to agentic AI. For instance, Phoenix’s business model combines decades of confidential computing experience, compliance with Switzerland’s stringent data protection laws, and pricing tiers that make confidential computing accessible for small and mid-size organizations. Rather than “operational assurance,” as Chief Technical Officer Angel Nunez Mencias, explains, Phoenix provides “technical assurance,” meaning that only the customer holds the encrypted key to their own data. There is no “back door,” and it would not be possible to make a customer’s data available to a third party—not even with a warrant issued under the U.S. Cloud Act.
In compliance with the Swiss Federal Act on Data Protection (FADP), not only must the customer approve every change deployed, but statutory provisions include strict civil, and even criminal, liabilities for mishandling certain data—especially sensitive information about natural persons. Asked whether this approach to security might inadvertently provide opportunity for cybercriminals or terrorist organizations, Mencias notes, “Confidential computing is not a black box. Just as the customer must approve every change, we approve the software deployed in our environment.”
IT professionals at organizations in the U.S. and abroad will decide whether providers like Phoenix offer a more secure environment for advancements in agentic AI computing, but the value proposition DeMeo describes provoke questions that were difficult before the current U.S. administration began breaking things. Now that it shall be the policy of the United States to cede the field of excellence in a wide range of disciplines, it is fair to ask whether various organizations will look elsewhere for data security.
