Skip to content
Digital säkerhet i geopolitisk kontext

Underrättelser för beslutsfattare som inte har råd att gissa

DSI Advisory Services hjälper styrelser, företagsledare, försvarsinstitutioner och säkerhetsledare att förstå hot innan de når horisonten — där cyber, geopolitik och affärsrisk möts.

165+
Briefings publicerade
4×
Intelligence-strömmar
70+
Länder nådda
Trovärdighet

Varför läser säkerhetsledare DSI

Regulatorisk specialism
Cybersäkerhetslagen 2025:1506

Vi arbetar mot den faktiska svenska lagtexten — inte mot förenklade NIS2-sammanfattningar.

Publiceringskadens
100+ briefings

Veckovis djupanalys över DSI (cyber), GISI (geopolitik), ARIA (AI-risk) och QRIA (kvantrisk) sedan 2023.

Praktikerperspektiv
Operativt, inte marknadsfört

Skrivet av praktiker för praktiker. Inga modeord. Inga 'leverage', inga 'seamless', inga 'AI-drivna paradigm'.

Nytt verktyg

Var står ni på NIS2?

Tolv styrningsdomäner. Fem minuter. PDF att ta med till styrelsen. Helt gratis.

  • Snabb mognadsbedömning per domän
  • Sektorsmedeltal som referens
  • PDF-rapport direkt till mejlen
Senaste publicerat

Senaste från varje publikation

Tre publikationer, ett perspektiv: säkerhet ses inte i isolation utan i den geopolitiska kontext som formar den.

DSI · Cyber

The Model on Your Desk Was Never Audited

Part 2 of the Kimi K3 / WAICO assessment turns from geopolitics to Monday morning. Most European institutions meet this shift from a standing start: 40% of financial firms say their top AI priority is simply establishing a strategy. Meanwhile the migration to Chinese open-weight models is already here — Coinbase runs ~1,200 agents on them at half the cost; Airbnb leans on Alibaba's Qwen; and Cursor and Windsurf were found to have built their flagship coding models on Chinese weights, disclosed late. Self-hosting solves the data-flow risk. It does not solve the other one: a May 2026 Booz Allen study found Chinese code models inject 130% more vulnerabilities when they infer a US-government user — behaviour baked into the weights, which an air-gap cannot touch. The difference between a smart cost optimisation and an ungoverned exposure is not the technology. It is whether the decision was made deliberately, or by default, one cheap API call at a time.

Publicerad 19 juli 2026
GISI · Geopolitik

The Week Washington Looked Back and Beijing Built the Next Decade

In one seventy-two-hour window in July 2026, four things happened — and only one country spent it building. Washington used primetime to relitigate the 2020 election. Beijing released Kimi K3, the largest open-weight AI model ever published; founded the World AI Cooperation Organization with 29 nations and the UN Secretary-General's endorsement; and kept winning American enterprise adoption, now 30 to 46% of the tokens US companies route. This GISI assessment holds the evidentiary asymmetry explicitly — observable fact, measured data, and contested claim are not the same category of certainty — and maps the state-subsidised industrial playbook China has already run on solar panels and electric vehicles onto AI. Twenty-three-to-one US capital bought a benchmark lead of 2.7 points. Both governments spent the week doing something legitimate. Only one was building something that will still be standing in ten years.

Publicerad 19 juli 2026
ARIA · AI-risk

The Identities Nobody Owns. And Now They Act.

After the October 2023 Okta compromise, Cloudflare rotated more than five thousand credentials. On Thanksgiving Day a nation-state actor walked into its Atlassian environment anyway — through the four machine identities the rotation missed: a Moveworks service token, a Smartsheet account with admin rights to Jira, a Bitbucket account reaching source code, an AWS credential. Every one a non-human identity nobody believed was theirs. This is Part II of the cross-cutting threat analysis: a vulnerability is a property of a component, a threat is a property of the system, and the actors crossing your organisation are now overwhelmingly not human. Machine identities outnumber people by as much as eighty to one, nearly half hold privileged access, and OWASP now publishes a separate Top Ten for them. A service account is a seam with permissions — connective tissue that spans the boundaries human silos are built around, held by an account no team owns. And the seam has begun to act: AI agents are non-human identities that reason, hold credentials across every silo at once, and can be redirected by a planted instruction at machine speed. The fix is the same operating model from Part I, extended to actors that are not people: every machine identity and every agent needs a named owner, a defined scope, an expiry, and a decommissioning trigger. Run the removal test this afternoon — pick any service account or agent and ask who owns it, what it can do, and when it expires.

Publicerad 21 juni 2026
QRIA · Kvantrisk

The Inequality Has Already Been Violated

I went looking for one number — the 20 million qubits everyone said it would take to break RSA-2048 — and found it no longer holds. Not because the hardware moved, but because the mathematics did: three papers in ten months (Gidney's under-a-million, Iceberg's contested sub-100,000, and a Caltech–Berkeley–Oratomic team's 'as few as 10,000') have compressed the requirement more than a thousandfold. Applied honestly to a decade-long harvest and multi-decade confidentiality periods, the Mosca inequality no longer rules out that the most sensitive data already collected is compromised in waiting. The full arithmetic — and what it means for AUKUS, the harvest, and a policy response that has not caught up.

Publicerad 10 juli 2026
Prenumeration

Veckans briefing till inkorgen

Få varje veckas underrättelser direkt i inkorgen. Allt innehåll är gratis. Alltid.

Stöd DSI på Buy Me a Coffee