In Vilnius, inside Nord Security: how AI is changing cybersecurity

One of the most sensitive areas is voice fraud. The Lithuanian manager tells of having personally received suspicious calls with artificial intelligence-generated voices. "I got a call from a Lithuanian number. The voice, generated with AI, spoke for a few seconds and then tried to transfer me to a fake operator,' he explains. It is a concrete example of how fraud is becoming more credible, 'a new era of scams'.

This is why the Vilnius-based unicorn is working on call protection systems, SMS protection and tools capable of recognising artificially generated content. In the in-house labs, Briedis recounts, an AI voice detector has also been developed: 'It is a small browser extension, free of charge. We see more and more often that some online content uses artificial voices. The tool tries to recognise them'. The same logic applies to the dark web. NordVPN started out with a function to monitor compromised emails. Today, that function has become a broader product, NordStellar, designed to monitor exposure of personal data, cards, documents and credentials. "Data leaks happen every day," says the cto. "We see cookies and credentials circulating continuously on the dark web." The reference is also to so-called session hijacking: stolen cookies that allow attackers to get into accounts without knowing the password. "We see about 100 million cookies circulating every day," he says.

Cybersecurity, in short, has now gone beyond traditional antivirus. It is an ongoing race between attack automation and defence automation. Nord Security also uses AI internally, especially in software development. "I use AI every day for programming," says Briedis. "It's like going back to the excitement of ten years ago, when I was writing code myself." But he also sees the risk of a chaotic phase: companies producing more code, faster, with possible vulnerabilities introduced in the rush.

In this scenario, the infrastructure becomes part of the competitive advantage. "With AI you can generate as much code as you want," he explains. "But our advantage is also the infrastructure." NordVPN claims a global network, more than 100 terabits of total capacity, presence in 211 locations and regular no-log policy audits. Here too, the message is clear: in the VPN market, software is likely to become replicable, while scale, trust and infrastructure remain harder to copy.

Then there is the issue of post-quantum encryption. NordVPN started experimenting with it in 2024 and has integrated it into its own protocols. The aim is to prepare for a future in which quantum computers could challenge some of the classical cryptography. "Quantum computers will change many things, including traditional encryption," says Briedis. For this, he adds, the industry will have to migrate to stronger standards.

Nord Security's trajectory also says a lot about the Lithuanian technology ecosystem. In the beginning, says the manager, there was no local capital ready to bet on a cybersecurity company. 'In 2012, there were no people in Lithuania interested in investing in such products,' he recalls. The founders tried to seek funding, did not find it, and decided to grow on their own. The initial profitability then allowed the company to expand, all the way to international rounds and unicorn status. Today, inside CyberCity, Nord Security stands as one of the most visible proofs of the maturation of the Vilnius tech ecosystem. But the challenge told by its cto goes beyond Lithuania. Generative AI is lowering the threshold of entry for attackers, making scams, phishing and voice manipulation cheaper and more credible. For those who defend, the answer can only come through the same technology.

"I wouldn't say that AI has more pros or more cons," Briedis concludes. "It is a new technology. We have to adapt." Then he adds a line that sounds less light than it sounds: 'Learn AI. Or learn how to do something with your hands'.