Welcome to AI over Lunch, our new interview series exploring how leaders across sectors are grappling with the opportunities and risks of artificial intelligence. For this first conversation, we sat down with NATO’s Chief Information Officer, Manfred Boudreaux-Dehmer, to discuss NATO’s use of AI for security and resilience.

‘Safeguarding the freedom and security of a billion people.’ Manfred Boudreaux-Dehmer drops the line early in our conversation, not to boast, but as a matter of fact. That is the scale of NATO’s mission, and his role as Chief Information Officer: keeping the Alliance’s digital backbone secure across 32 nations.

We’re not in a grand Brussels brasserie, but in his office at NATO HQ. It’s a fairly modest set up: a large desk, a meeting table with a couple of chairs, two armchairs… It’s efficient, and it’s comfortable. As I sit at the meeting table, I briefly wonder how I ended up here, casually sharing lunch with the man overseeing the Alliance’s cyber resilience. And yet, it feels surprisingly natural: Manfred is open, unpretentious and disarmingly kind. For the first interview in this series “AI over Lunch”, I couldn’t have asked for a better guest.

As we open our poke bowls, the conversation quickly turns to the main topic of our meeting: how AI is transforming his work, his organisation, and, overall, his field. AI, he says with a smile, is forcing even the slowest adopters to move faster. ‘Governments are rarely first to adopt technologies’, he notes, ‘but that’s changing with AI. Its value is simply too clear to ignore.’

That perspective, both pragmatic and forward leaning, owes something to his background. Before NATO, Boudreaux-Dehmer spent three decades in the private sector. ‘Coming to NATO is very different’, he says. ‘The purpose is fundamentally different. Commercial enterprises are focused on profit; NATO is focused on people.’ He had never worked in government or the military before becoming the first person to take on the CIO role in Brussels four years ago. The CIO’s office was created because NATO’s IT and cybersecurity environment had become too complex and fragmented to manage without a single authority.

Today, the unit is both architect and defender, with a mandate covering IT coherence and cybersecurity within the Alliance. He describes them as closely intertwined: on the one hand, IT coherence involves ensuring that NATO’s internal organisation, which encompasses some 50 entities, from strategic commands to training centers, operates on a consistent architecture and set of services. On the other hand, cybersecurity involves acting as a single point of authority for the Alliance’s digital defense, with the unit effectively acting as chief information security officer. Together, these responsibilities place the CIO Office at the heart of NATO’s digital transformation, from modernising legacy systems to responding to high-profile cyber incidents.

NATO is a mature, federated organisation, facing challenges on multiple fronts: technical, dealing with legacy systems, data silos, strict classification levels; procedural, balancing the ‘need to know’ with AI data requirements; and cultural, developing digital literacy, overcoming skepticism, and managing change. ‘Our digital transformation encompasses cloud adoption, AI integration, and multi-domain operations’, he explains. ‘Success depends as much on people as it does on technology.’ Modernisation is underway, and AI is pushing it forward, bringing huge potential but also significant risks.

Boudreaux‑Dehmer describes a contest between an offensive ‘red side’ and a defensive ‘blue side’, a common framing in the information security community. Red adversaries are using AI to supercharge existing attack vectors, from phishing to disinformation. ‘They’re not inventing new threats yet’, he says, ‘but they’re making the old ones faster, more targeted, more convincing. I expect genuinely new vectors in the next two or three years.’ The blue side is exemplified by NATO’s use of AI to transform its Security Operations Centre (SOC), moving analysts from manual log correlation to high-level pattern analysis. ‘It boosts the SOC’, he says with a smile. ‘Analysts are no longer just processing data; they’re operating in truly analytical roles.’

This shift highlights broader changes within the NATO workforce, even beyond cybersecurity, with AI applications already being used in translation services, document classification, and data loss prevention. While there are some general fears that AI use will erode fundamental skills or further hamper young people’s entry in the job market, Boudreaux-Dehmer strongly disagrees. ‘AI accelerates learning curves rather than replacing them’, he says. ‘Analysts move up the abstraction ladder faster.’ He acknowledges that, over time, some skills may fade, but he believes this is a natural part of technological evolution.

The bigger challenge lies elsewhere: adapting education to the ever-changing needs of the defence industry. Universities must adapt to industry demands, and entry-level jobs are changing rapidly. NATO has a role to play in this regard, by developing programmes and training for young talent, but it is a continuous process of adaptation. Overall, he is deeply convinced that AI will not steal our jobs, but rather elevate them.

For Boudreaux-Dehmer, AI’s impact is thus nothing short of revolutionary, comparable, he says, to the arrival of the internet. ‘AI is a game changer. Those of us who were around when the internet arrived remember that transformation: before that, to find an answer, you had to go to the library. AI is just as transformative: it makes it possible to leverage disparate data in new ways.’

But integrating AI comes with responsibilities. At NATO, this means setting clear boundaries around AI development and deployment. The Data and AI Review Board, established in 2022, oversees this process: it reviews new AI use cases, vets them against NATO’s ethical principles, and develops certification standards to guide their application within the Alliance. Boudreaux-Dehmer is vocal on one point in particular: humans must be kept in the loop when it comes to critical ethical decisions. ‘When it comes to automated weapon systems, and especially the decision to engage lethal force, the ultimate decision must remain with a human’, he says. ‘AI can help provide situational awareness and coordinate across domains, but when it comes to pulling the trigger, that responsibility cannot be delegated.’

Looking ahead, Boudreaux‑Dehmer says the priority is not to chase every possible application of AI, but to focus on the few that matter most. ‘Quality over quantity’, he puts it simply. ‘We have the components: the ethical framework, the acceptable use policies, the technology, the people, and the processes’, he says. ‘All the pieces of the puzzle are in place, and we’re putting them together. Our AI journey has only just begun, and we’ve already seen some early, very promising outcomes. “The proof is in the pudding”, as they say, and as we move further down this road, I expect more of those successes to come.’

Yet his optimism is tempered by one major risk: the danger of ‘data recycling’. As more online content is generated by AI, models increasingly train on their own outputs, resulting in a kind of photocopy of a photocopy. ‘If we don’t keep feeding new water into the pond’, he says, ‘it will get stale. Creativity and invention have to come from humans. Without that injection of fresh ideas, the whole system risks tipping over.’

Balancing promise and risk is where NATO’s AI journey now stands: optimistic, pragmatic, but still embracing the hype. Our last bites of rice and salmon were long finished, the conversation lasted forty minutes longer than planned.

This is the first installment of our AI over Lunch interview series, a project part of Virtual Routes’ AI-Cyber Research and Policy Hub. If you would like to sponsor this series, please reach out to

hu*@vi************.org











.

Have someone in mind we should interview? We’re happy to hear your suggestions!