How Israel's cyber chief is navigating through the dystopian cyber-AI period - exclusive

According to the standards of 2020, cyber winter has arrived and run roughshod over the civilized world, including Israel, leading to broader global economic losses of $10.5 trillion in 2025 alone, with direct losses to hacked companies in the hundreds of billions. In recent years, two quadrillion bytes of Israeli data have been hacked.

First, Karadi said that the traditional advantage of the cyber attacker over the cyber defender has only been augmented by AI.

An AI-boosted hacker has multiple advantages, even when a cyber defender fully leverages AI to enhance their defenses.

It has always been true that a cyber defender needed to succeed 100% of the time, whereas a hacker needed to succeed only once to cause harm, but this imbalance is worse now that black hat hackers can go on the offensive so many more times.

Put differently, white hat hackers must actively cover a much larger digital surface than before AI.

Besides being able to attack more victims in absolute numbers, AI attackers are operating at a much higher quality than before, given that they can find new vulnerabilities much faster. This gives defenders less time to “patch” those vulnerabilities once they are announced to the public.

In the same vein, AI attackers are often more versatile in changing their tactics than their defenders, who are sometimes large corporations or government agencies and require more time to relay new issues and rules across a large platform. This is akin to trying to change the trajectory of a large sea vessel. It takes time.

In addition, AI attacks can more easily incorporate deepfake techniques, including cloning a person’s voice to convince a target to let them into their system or to provide sensitive information.

At a recent conference, various cyber officials revealed that with just two minutes of audio, hackers can now clone a voice – even for words not recorded.

Karadi noted that cyber defenders’ capabilities have also increased through the use of bot agents to automate defensive responses. Further, he said that AI is allowing cyber defenders to study and adapt to cyber attackers’ methods more quickly.

This is crucial, as Karadi warned that in the new age of cyber warfare, there is a constant need to learn and adapt.

Another paradigm shift in the AI hacking era may be a basic strategy.

In recent years, cybersecurity experts have told companies and government agencies to prioritize their “crown jewels” (their most important financial and technological assets) and defend them much more aggressively than the rest of their digital assets.

Now, even these crown jewels are likely to be compromised or damaged at some point, necessitating new strategies.

One fresh approach has been to enhance the ability to counterattack hackers, something many Western countries previously refrained from doing to avoid unpredictable and catastrophic escalations.

Yet another change is that, in the past, even top Russian cyber attackers left clues that could expose their attacks and their identities due to errors they made in Hebrew.

But in the age of AI, Karadi said, the tools for writing in foreign languages are so sophisticated that many of the errors that used to tip off cyber defenders have disappeared.

This makes it harder than ever to catch hackers before or after their attacks.

Recommendations to address such issues involve investing much more heavily in continuous cyber intelligence collection to track potential attackers’ movements long before they zone in on their actual moment of attack.

The INCD issued 2,480 attack alerts in 2025 alone, of which 2,304 were proactive notifications to organizations based on specific indicators of targeted attacks, even though the organizations themselves were not necessarily aware of the attacks.

Israel has been reviewing the massive US cyberattack on Venezuela.

Before US President Donald Trump initiated the operation targeting former Venezuelan leader Nicolás Maduro, Trump announced that he had ordered one of the largest offensive cyber operations in history, shutting off electricity all over Caracas, Venezuela.

Questioned about that cyber operation, Karadi responded, “We are learning about it. We didn’t partner with the US on that. They are a great partner [in general]. Whatever information we receive from them, we will learn.”

The media has extensively reported that the Trump administration cut over one-third of the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Collectively, these and other cuts have left the US’s digital infrastructure, and especially its defense against cyber influence campaigns, much weaker than the high level it had reached in recent years.

Simultaneously, Washington’s cyberattack on Venezuela, and on Iran in June 2025, along with other offensive cyber moves, have shown that America’s offensive cyber operations are as strong as ever, if not stronger.

Pressed about whether these fluctuations in American cyber offensive and defensive capabilities were in any way destabilizing the cyber cooperation between the countries, Karadi rejected that premise.

“We are trying to develop both the best cyber offense and defense. We are running forward with our other partners. The cooperation with the US is still excellent. We are still helping each other. I have sat with them, and the results were excellent.”

Recently, Trump’s trade wars with the EU have led Europeans to explore greater independence from US technological tools to avoid a situation in which Trump could use US technological dependence as yet another pressure point in policy.

Karadi was asked whether US-EU infighting on trade or cyber is impacting broader Israeli efforts to form a larger cyber defense dome with Western allies.

He responded, “We work very well with everyone. We recently signed an agreement to send a permanent cyber liaison to Germany.”

That announcement was originally made on December 9 by Friederike Dahns, the national director for cyber and information security at the German Federal Interior Ministry.

However, at the time, the Post correctly reported that no appointment had yet been made.

Estimates are that it will take another three to six months until the process of interviewing and selecting candidates culminates and the final candidate is selected.

The Abraham Accords have been somewhat frozen or sidelined in some ways due to criticism by Sunni countries of Israel’s handling of the Israel-Hamas War.

Saudi Arabia, which seemed like a guaranteed new addition to the accords in September 2023, is now farther away from joining than at any time in years. The UAE and Bahrain have remained in the Abraham Accords, but have publicly slammed Israel repeatedly.

Asked about the impact this has had on the highly successful cyber cooperation since 2020, Karadi said that all cyber interactions remain very professional and focused on operational issues, not politics.

He added that all relevant countries, which likely include those outside the formal Abraham Accords, are still working with Israel on cyber issues. When it comes to cyber, Karadi said, “It’s not dependent on headlines. Every country wants to work with Israel due to its high level of expertise.”

Regarding his new cyber law, which he proposed on January 25, Karadi is ready to push hard for its passage.

Prior INCD chiefs have also been trying to get through some kind of cyber law for years, to no avail.

So, which countries have similar laws defining cyber authorities, and which have failed, as of yet, to pass such laws?

Most European countries, democratic ones, and even some nondemocratic states with advanced approaches to cyber issues, such as Saudi Arabia, have cyber laws to create some order on the issue.

“Do we want to be on the bad list?” Karadi wondered, noting that the list of countries without such laws tends to be nondemocratic developing countries, far less free and far less advanced than Israel.

Getting more specific, he said the law is needed so that the INCD can “understand what companies have [in terms of vulnerabilities and defenses] in advance in order to better manage their defense in real time. The law defines our powers,” on this and other critical issues.

According to the cyber law proposal, if there is “potential grave damage” to the country, “critical” private sector and government agencies are obligated to report a cyberattack immediately and in real time.

Cyber laws in other democracies have set reporting periods of 24-72 hours. However, the volume of cyberattacks has increased, and since the Israel-Hamas War began, the Jewish state became the third-most-cyber-targeted country on the planet.

This led the INCD to recommend a more immediate reporting requirement.

Several years ago, there were 31 categories of the economy viewed as “critical,” totaling possibly a couple of hundred companies. These parts of the economy are a major focus, and the cyber law imposes minimal defense and reporting requirements for cyber incidents.

As of 2026, the number of organizations that would fall within these reporting requirements could be as many as between 400 and 600, the Post has learned.

For example, Karadi said that if a cyber attack brings down a hospital in Israel, it impacts the whole country. A recent cyber survey in Politico found that a majority of the West would view a cyberattack on a hospital as an act of war.

In 2025, there were attempted disruptions of operations at Shamir Medical Center in Tzrifin during Yom Kippur. There was a supply chain attack targeting a software service provider managing sensitive nursing data, and a destructive wiper attack that resulted in the deletion of client servers at a cloud service provider.

Responding to such attacks, the new law would define when the INCD might send its physical rapid response teams, create a new set of INCD representatives permanently present in government agencies, and provide for remote access to hacked organizations.

In recent months, Iran-linked hackers have compromised the digital devices or accounts of former prime minister Naftali Bennett, Prime Minister Benjamin Netanyahu’s chief aide Tzachi Braverman, former justice minister Ayelet Shaked, and others.

In some ways, these repeated hacking successes by the Iranians, one after another, seemed to indicate an open lack of defensive capabilities for some of the country’s individuals who most need defending due to their access to the most sensitive classified information.

Karadi said that such senior government officials are not within his jurisdiction but rather within the jurisdiction of the Shin Bet (Israel Security Agency) cyber defense department.

The Shin Bet said that as soon as the penetrations were identified, they worked with various senior officials to mitigate and cut off the penetrations.

Further, it said that it provides detailed briefings to all such senior officials on how to avoid being hacked.

Despite those elements, the agency said that if an individual, no matter how senior, disregards the advice it provides, is cleverly hoodwinked by the Iranians into clicking a compromising link, or otherwise provides some of their personal access data, there is little the agency can do to block such a penetration.

The opposition to Islamist Iran’s undoing brings together Russian losers, European cynics, and American foolsKaradi’s predecessor, Gaby Portnoy, was viewed as very successful in his role, especially given that he had to handle it during the two-year Middle East war of 2023-2025, during which cyber threats to Israel tripled.

However, the Post has learned that Karadi has had a structural advantage over Portnoy: closeness to Netanyahu.

Portnoy rarely ever met with or spoke directly to the prime minister. By historical coincidence, he was appointed by then-prime minister Bennett in February 2022.

When Netanyahu returned to power in December 2022, he carried out cordial, professional, and effective relations with Portnoy and allowed him to stay on (unlike the IDF and Shin Bet chiefs appointed by Bennett, both of whom he eventually forced out), but clearly kept him at a distance, likely because he was not his pick.

In contrast, Karadi, whom the prime minister appointed himself, holds semi-regular meetings with Netanyahu.

If an issue is important to Karadi or Netanyahu, then there is no issue with them meeting or speaking. If the cyber chief believes he needs the prime minister’s backing to get something important done, he receives it, and relatively quickly.

Karadi also speaks even more frequently with Netanyahu’s Military Secretary, Maj.-Gen. Roman Gofman.

On October 12, 2025, Netanyahu appointed Brig.-Gen. (res.) Erez Askal as the first chief of the National Artificial Intelligence Directorate (NAID).

Since then, former INCD chiefs have been split on whether having yet another government technology-digital entity would be a disadvantage, leading to unnecessary duplication of efforts and infighting, or a positive, multiplying distinct energies and capabilities invested in digital-technological issues.

Karadi himself came down unequivocally on the positive end.

He said that he and Askal have been “working super close together with regular meetings, whether multiple meetings in a week or once in a month – whatever is needed.”

“I trust him completely – he is doing great work. And if they [the NAID] are able to develop a new data center,” to increase Israel’s energy capacity and overall resources for AI and digital causes for Israel, that would be a big success.”

Also, he said that to date, the roles of the INCD and NAID have been clear, with the INCD still being the only operational digital agency confronting hacking issues, and the NAID working more on building long-term national capacities for AI.

One year into his role as INCD chief, Karadi has had no moment of quiet, and the world he is trying to defend is evolving at light speed.

But with backing from Netanyahu, strong international partners (even when not all of them get along), a new ally in the NAID, and hopes of finally passing a long-overdue cyber law, Karadi feels he is in a strong position to continue as Israel’s chief cyber defender.