Operating digital services across borders means complying with a hodgepodge of laws and guarding against potential threats from many directions. Even for NordVPN, a virtual private network provider, this calls for frequent adaptation — these days at the speed of AI.
Marijus Briedis, NordVPN’s CTO, visited New York recently with a flotilla of company colleagues to discuss white hat hacking, the dark web, and the company’s specialty — online privacy and access.
NordVPN, owned by Nord Security of the Netherlands, operates servers in some 118 countries and is one of the largest players in the VPN space. After giving a presentation to a room of journalists, Briedis took some direct questions on the company’s AI strategy and how it navigates the international patchwork of digital regulations.
Though NordVPN is still building up its in-house AI resources, Briedis made it clear that the technology would be an important part of the company’s path forward. “If you are not using AI these days, you are basically 20-30% slower than everybody who is using that,” he said — the operative word being everybody.
On a prior visit to Silicon Valley’s big players, Briedis said he saw AI used by everyone from company presidents to customer engineers. So, while the full impact of AI remains to be seen, and the duration of its current boom is also unclear (it could last at least another two more years by his reckoning), Briedis stressed that AI’s role in providing a competitive edge is undisputed – hence NordVPN’s intentions to scale up its in-house development of the technology. “Right now, if you are not using AI, you are behind really, really badly,” he said.
Investing in AI While Prioritizing Security
As NordVPN invests more in AI, security concerns, including data privacy and transparency, are top of mind. Briedis explained that NordVPN currently uses local models within its client application and supporting software, rather than relying on cloud-based platforms. This approach helps the company operate more efficiently, he said, by reducing latency and boosting user privacy . “It’s not so expensive computing, in general,” Briedis said.
NordVPN does make use of third-party AI resources at the moment, but its long-term plans point to developing more AI elements in-house. “We are still using external LLMs, but in the future we’re going to introduce ours,” he said. Another Nord company, Nexus AI, offers LLM routing and guard railing while NordVPN uses those external LLMs, Briedis said.
As NordVPN deepens its in-house LLM development, there may be a need to ramp up its computational power while also meeting other business needs, he said.
Rapidly Shifting Security Policies and AI Strategy
In addition to planning for future AI tech needs, NordVPN operates in a shifting landscape of security and data privacy requirements across different nation-states. Briedis said the company has looked to the National Institute of Standards and Technology (NIST) for its robust cybersecurity framework to ensure businesses are secure.
VPNs offer services that can bypass geoblocking and localized censorship controls, while also masking users’ private information when they use the web. This can involve defending against bad actors who might strike from around the world and figuring out how to meet different standards for data protection.
NordVPN also keeps abreast of the recently released NIS2 Directive, which establishes a legal framework for cybersecurity across the European Union. Briedis said just as threats can evolve, so must security frameworks.
“Throughout these past 10 years, everything changed so quickly that I don’t think that we’re going to have one framework that’s going to stay for a longer period than five years,” Briedis said.
Standing Firm on Internet Freedom While Embracing AI Regulation
NordVPN has rankled certain national governments that are historically not keen on citizens having open access to information. Russia wanted the company, and other VPNs, to block user access to websites that the regime prohibited. Earlier this year, NordVPN shut down its servers in Russia rather than comply.
AI is having its own effect on international policies that govern digital resources. Briedis said developments with AI completely change the security environment and how security should be approached in general, and that may mean new policies on how the technology is used. “We’re going to have an AI act coming soon in Europe. I’m pretty sure that we’re going to have something here in the U.S.,” he said.
The United Arab Emirates already has laws on AI and security, Briedis said. This includes what may be the world’s first policy to regulate the use of AI in national elections. Under the National Elections Committee Policy on the Use of Artificial Intelligence, national campaigns in the UAE must register their use of AI.
Briedis seemed eager for the challenge of this evolving space, where breakthroughs in AI and new regulations may be part of the controlled chaos.
“The main thing here — and that’s why I’m in cybersecurity honestly — is because the field is changing constantly, you have to adapt; this is so exciting. That’s the thrill of it,” he said.
