Florentin Rochet, a professor of computer security at the University of Namur, specializes in applied cryptography and secure communications. Against the backdrop of rapid advances in artificial intelligence and open-source solutions, he shares his analysis of the current situation and offers his outlook for the future.
Cybersecurity, or IT security, seeks to explore the limits of information technology. In practical terms, when we create computer systems or software, we realize during use that they have certain limitations that can be exploited. We therefore seek to understand the root causes in order to make future generations of systems more robust and secure. The highly competitive nature of today’s market conflicts with this approach, as large companies want to develop their software as quickly as possible and stand out from their competitors, often at the expense of security.
The major risk is the growing use of artificial intelligence (AI) by developers to generate code. This AI-generated code may seem well-crafted at first glance, but that is not the case at all. There are a huge number of vulnerabilities in this type of code, which falls far short of the standard an experienced programmer can achieve. By way of comparison, the subprime crisis that hit the United States in 2007–2008 was based on the massive sale of subprime mortgages and their transformation into complex financial products. This mechanism led to widespread mistrust of the banking system, ultimately triggering the global financial crisis we experienced. It’s somewhat the same principle at play with AI: the abundance of AI-generated code could flood the software created by companies, with the risk of growing uncertainty regarding its reliability. The consequences of this situation are difficult to predict, but there will certainly be a significant need for experts in the future to audit software. However, such individuals are rather scarce. Young computer scientists, understandably, are immersed in AI themselves. Unfortunately, recently published research suggests a negative impact on learning. We can hypothesize that it will also affect future generations of experts by reducing their numbers. The academic world and education therefore have a major role to play in rising to the challenge of the situation ahead.
The emergence of a hackneyed narrative surrounding the term “cybersecurity” can also prove dangerous. Under the guise of improving public safety, current political movements—particularly in the United States, but also in Europe—are using cybersecurity as a banner to, in fact, carry out mass surveillance of citizens. This is part of a broader trend of the erosion of democracy and fundamental freedoms. True cybersecurity is that which protects all members of society without discrimination: the state, the police, journalists, businesses, citizens, the defense sector, and so on.
Our heavy reliance on foreign IT solutions should also be a cause for concern. Our society is primarily based on a service economy, which itself depends on foreign IT solutions. What happens, then, if we lose control of these tools?
What is curious about the SPW attack is the entry point the attackers used. It is generally known that cybercriminals exploit known vulnerabilities to gain access to computer systems. However, the vulnerabilities used by the cybercriminals in this attack are covered in basic computer security courses at the university level. This case may highlight the difficulty of updating software systems within an institution and maintaining internal expertise. Indeed, the reliance on external consulting is becoming increasingly systematic, which could be counterproductive to the very development of this internal expertise if knowledge transfer does not occur. Obviously, this is a complex reality in financial and human terms for institutions, one that must not be denied.
Research can help provide additional options and more secure alternatives. For example, open-source software, which offers greater robustness but requires a certain level of expertise in return. Unfortunately, these tools carry less weight compared to more commercial solutions. On the training side, the challenge lies in educating future IT professionals about these issues so they can manage and maintain open-source software. With the automation of IT—and this is understandable—we’re seeing less interest in these more “do-it-yourself” solutions.
With my research group, the Privacy and Security Lab, we are working on anonymous communications and secure communications in general, with expertise in privacy protection technologies. In particular, we are studying communication technologies that allow for the anonymization of internet communications. These tools, which we believe are more transparent—such as Tor, for example—are, however, less efficient and slower, which hinders their adoption by the general public. Our goal is to make these technologies accessible to the entire population by improving their efficiency. For this type of research and the development of new prototypes, we aim to collaborate with the Faculty of Law to leverage their expertise in privacy protection. We are also working to improve the integration and efficiency of encrypted transport protocols within network transport libraries, which leads to tangible results such as more efficient VPNs.
Florentin Rochet is a computer engineer, holds a Ph.D. in applied cryptography (UCLouvain), and has been an assistant professor at the University of Namur in computer security, cryptography, and privacy since 2022. Since joining UNamur, he has been developing the Privacy and Security Lab (PS Lab) research group, whose goal is to conduct research in the field of privacy protection technologies and secure communications.
Cet article est tiré de la rubrique "L'expert" du magazine Omalius #40 (Avril 2026).
