Vernon Yai is a data protection expert specializing in privacy protection and data governance. An established thought leader in the industry, he focuses on risk management and the development of innovative detection and prevention techniques to safeguard sensitive information. With Italy’s National Cybersecurity Agency, he is on the front lines of defending the upcoming Milano Cortina Winter Games against an evolving landscape of digital threats. We discussed the unique challenges of securing a massive, dispersed event, the rising specter of AI-driven attacks, and the operational strategies required to stay one step ahead of adversaries ranging from petty criminals to state-sponsored actors.
With the Milano Cortina Games being your agency’s first major test, what specific vulnerabilities arise from the event’s global visibility and dispersed Alpine venues? Please detail your strategy for managing such a complex digital and logistical environment.
The scale of this event is staggering, and that scale is its primary vulnerability. We’re not just securing a single stadium; we’re protecting an event held across multiple Alpine regions for the first time. Think about the logistical and digital complexity that creates. Then you have the audience—we’re anticipating around three billion viewers globally and another one and a half million spectators on the ground. That immense visibility makes the Games a perfect stage for threat actors. It becomes a magnet for anyone wanting to make a point, tie an attack to a geopolitical cause, or simply cause chaos for criminal gain. Our strategy is built around anticipating these moves. We’ve spent the last year deeply embedded in the criminal ecosystem, monitoring chatter and identifying threats before they can even be aimed at our systems.
You anticipate attackers will use AI agents to support cyber operations. What specific capabilities do these AI agents provide them, and what new defensive tactics has your team developed to counter these unique, evolving threats before they can cause disruptions?
AI adds a completely new layer to the threats we’ve seen in the past. We expect adversaries will use AI agents to accelerate and scale their operations—automating reconnaissance, identifying vulnerabilities faster, and crafting more sophisticated social engineering attacks. It’s a force multiplier for them. In response, we can’t just wait for the attack to happen. Our entire defensive posture is built on proactive intelligence. I have dozens of specialists, right now, monitoring the dark web and criminal forums where these tools and tactics are discussed. By understanding how attackers plan to leverage AI before the Games even begin, we can pre-emptively harden the targets they might look at and feed that real-time intelligence to our technical teams. We fight this new threat by seeing it coming from miles away.
Given that threat actors range from petty criminals to state-linked groups, how do their motivations and targets differ? Can you share an example of how you would prioritize and respond to an attack aimed at media disruption versus one with geopolitical intentions?
The motivations are incredibly diverse. A petty criminal might want to run a simple ransomware scam on a vendor, while a state-linked group could have broader geopolitical goals, perhaps tied to current global tensions. But what unites many of them is the desire for a grand stage, for what we call “media resonance.” An attack that disrupts a streaming feed or blocks ticket sales for a high-profile event generates headlines and achieves the attacker’s goal of visibility. Therefore, we prioritize threats based on their potential public impact. An attack on a media stream, for example, would trigger an immediate, high-priority response because it directly undermines public enjoyment and trust in the Games. While we take geopolitical threats very seriously, an attack designed for maximum media disruption often becomes our most immediate concern because it’s the most likely scenario.
Your team focuses on early detection by monitoring criminal forums and the dark web. Can you walk us through that process? What key indicators do your analysts look for, and how is that intelligence quickly shared and actioned by the technical teams at the venues?
It’s a constant, vigilant watch. If you were to walk into our operations room in Rome, you’d see rows of analysts, headphones on, scanning screens that are pulsing with data from across the globe. They aren’t just waiting for an alarm to go off; they are actively hunting. They immerse themselves in the criminal ecosystem—the open web, hidden forums, social channels—looking for any sign of coordinated activity targeting the Games. This could be the sale of network credentials, chatter about a specific vulnerability in a system we use, or the emergence of a new attack tool. Once a credible indicator is found, it doesn’t sit in a report. That intelligence is immediately relayed to our senior experts deployed in the Technology Operations Centre in Milan, who then work directly with the on-site teams to patch a vulnerability or block a suspicious IP address. It’s a fluid, real-time cycle of intelligence gathering and action.
Your operational structure involves teams in Rome and Milan collaborating with hundreds of partners. How do you ensure seamless intelligence sharing and a unified response during a crisis? Could you detail the protocol for escalating a threat from initial detection to a full response?
Our structure is designed for exactly this kind of collaboration. We have about twenty specialists focused purely on Olympic intelligence at our headquarters in Rome. They are the initial finders, the ones deep in the data. Ten of our senior experts are then embedded in Milan at the Technology Operations Centre, serving as the crucial link. They operate alongside nearly 100 specialists from Deloitte and 300 staff from the organizing committee. When our Rome team detects a threat, they don’t just send an email; they establish real-time contact. The information is analyzed and validated in Milan, and a response is coordinated across all partners. The protocol is to escalate as soon as a specific risk becomes visible. It’s not a rigid, bureaucratic process. The goal is to move from detection to mitigation as quickly and effectively as possible, ensuring everyone from the analyst in Rome to the technician at a ski-lift has the information they need.
What is your forecast for how AI will permanently change the landscape of cybersecurity for large-scale international events beyond these Winter Games?
AI will fundamentally change the speed and scale of both offense and defense. For attackers, AI will become a standard tool for finding weaknesses and launching automated, adaptive attacks that are harder to detect than anything we’ve seen before. On the defensive side, we will become completely reliant on AI to analyze the sheer volume of threat data and respond in machine time. The human analyst will shift from being a frontline defender to a strategic overseer, training our AI systems and hunting for the novel threats that only human intuition can uncover. Future security for events like the Olympics won’t be about building taller walls; it will be a continuous, high-speed battle between competing AI systems, where victory is measured in microseconds.
