Brussels is doing what it does best today: pouring rain. By the time I push open the door to Hanoi Station, a Vietnamese restaurant in Merode, I am half soaked but fully relieved to find a free table in the lunchtime rush. Today’s guest, or rather guests, arrive a few moments later: Manon Le Blanc, Coordinator for Cyber Issues at the European External Action Service (EEAS), accompanied by Julien Strandt, Cyber Policy Officer at the EEAS and a former Virtual Routes fellow. They settle in with an easy familiarity and we order dumpling soup. It is a noisy place for a conversation about diplomacy, AI and cyber, but perhaps that is the point: their work unfolds in a world that rarely calms down, especially these days.

As we wait for the food, I ask Le Blanc how she found her way into this complex EU policy field. “By accident,” she says immediately with a laugh. She had been working at the Dutch Ministry of Justice and Security when, during the country’s EU presidency, she landed a ‘small cyber file’. It turned out to be anything but, as it pulled her into emerging debates on cybercrime, digital evidence and cross-border cooperation. “Cyber was still a niche topic back then,” she recalls. The timing could not have been sharper. Europe was only just beginning to grasp how quickly digital issues were becoming geopolitical. Le Blanc says her “builder instinct” proved useful then: she did not just manage the file, she actively shaped it. Her work eventually set her up to take up a role at the EEAS.

Cyber diplomacy at the EEAS was still in its early days. “There was no toolbox, no UN negotiations we were actively part of, just a small team of people trying to figure things out,” she says. It was a different landscape altogether: cyber incidents were multiplying, but the policy machinery had not caught up. “We did not even have a playbook for how the EU should respond to major attacks,” Le Blanc notes. “We had to build it from scratch.” That also meant working across an ecosystem that was far from streamlined, each with different information and priorities. “Half the job was figuring out who was doing what,” she says. “The other half was building policies and mechanisms to enable actual cooperation between each other.”

Our dumpling soups arrive, steaming, as she tells me how her team began putting structure where there had mostly been improvisation: mapping threat patterns, stitching together contacts across agencies, sketching diplomatic response options and slowly building the coordination channels that today seem obvious. It was slow, occasionally frustrating work, but it gave the EU cybersecurity ecosystem a way to act collectively.  “The Cyber Diplomacy Toolboxmade us visible,” she says, referring to the EU framework that provides diplomatic measures to prevent, deter, and respond to malicious cyber activities.“Suddenly we could speak as one.” Cybersecurity became even more prominent after COVID-19, when digital dependence spiked and high-profile cyberattacks across Europe multiplied. “Cyber became impossible to ignore,” she says. “It forced diplomacy to modernise.” 

And then came AI, interrupting their work much like cyber once had. “There was no natural home for it,” Le Blanc explains. The European Commission was already drafting legislation and working on standards, but within the EEAS the file was scattered across divisions that rarely crossed paths: digital, cyber, disarmament, space, defence, and even maritime. “Everyone was doing their own little piece,” she says. “It was like a cake cut into slices, except no one was assembling the whole cake.” Strandt nods. He joined the division as the AI momentum was gathering speed and remembers the confusion. “There was so much happening we did not have visibility on,” he says. “AI was not just a file: it was changing the shape of all files.”

Within their own unit, the first step was to look at AI through the lens they already knew: cybersecurity. What did AI mean for stability in cyberspace? And how could it support the processes they ran, from governance and deterrence to diplomatic response and international engagement? What began as an internal stocktake grew into larger discussions with Member States, outlining the different streams and identifying where coordination was missing. It ultimately resulted in the creation of an EEAS AI Advisor on Security and Defence, a new role intended to pull together through a roadmap what had long lived in separate corners of the institution. 

When I ask them whether AI governance mirrors that of cyber, they both shake their heads of disapproval. “Cyber is a domain,” Le Blanc says. “We are talking about infrastructure: networks, systems, the backbone of the digital world. In the end, most countries want the same thing: secure networks to support digital development.” She adds: “AI is not just the technology, it is what it does in society: values, data practices, political systems. It is cultural.” Strandt jumps in: “Cyber is sometimes surprisingly consensual internationally, at least on the technical level. AI really is not.” Indeed, cyber diplomacy has long been about behaviour in a shared domain; compromises were hard, but the technical backbone was broadly aligned. AI, by contrast, brings opposing political systems, governance models and notions of control into the same room, at the same as the technology is being shaped and applied from the ground up. “Countries do not even agree on how much autonomy a system should have,” Le Blanc says, “or how much human oversight is acceptable. That is not a technical question: that is a political one.” Both insist that AI has not fundamentally rewritten cyber risks so far. “It accelerates and amplifies what we already know,” Strandt says. “Even if already in use now, it does not change the basic logic of cyber, although a future qualitative shift cannot be excluded.” “Attribution, for example, is never just technical,” Le Blanc adds. “It is motives, behaviour, intelligence. AI does not change that fundamentally.”

If the conceptual distinction between cyber and AI is sharp, the geopolitical implications of that distinction are even sharper. When I ask how the EU positions itself between US speed and Chinese scale, they pause. “The geopolitical environment is getting more complicated,” Le Blanc says. “And that makes it harder for the EU to negotiate as it did in the past.” For her, the pressure shows up in the global governance forums. The long-running UN work on cyber stability focused on behaviour rather than technology, which kept a fragile consensus intact. AI is different. “Everyone agrees AI affects stability,” she says. “But not everyone agrees what should be governed, or where.” Competing proposals now sit in different international bodies and initiatives, reflecting diverging political systems and priorities. Strandt points to the “AI triad”: data, algorithms and chips. Europe holds influence on each, whether through its data regulations, its research base or its critical hardware industries. “We do have leverage,” he says. “But we have to use it strategically. This is economic security as much as diplomacy.” 

Ukraine comes up as an example of the stakes. “They are innovating out of necessity,” Strandt says. Their use of AI for logistics and situational awareness is referenced across Europe, not as a template, but as a reminder that adoption can become existential. “They cannot wait for perfect processes,” Le Blanc adds. “They adapt in real time, and it forces all of us to rethink resilience.” Beyond Ukraine, partner countries are asking for help on AI across security, governance and law enforcement. The EU now builds AI components into cybercrime training and digital reform programmes. “There is huge demand,” Le Blanc says. “And if we do not step in, others will.” She is blunt that assistance also shapes values, because tools come bundled with assumptions about data use and oversight.“Capacity building is not just equipment,” she notes. “It is about the principles embedded in systems from the start.” 

Our plates are cleared, and I ask the usual question of where they hope we will be in five years. Le Blanc offers the optimistic view: “My hope is that we have a clearer global understanding of how to govern AI in line with democratic values, and that our societies are resilient enough not to be destabilised by it.” Strandt provides the counterweight: “Fragmentation will increase, negotiations will be harder. We need to be clear about where we can lead, and where we must adapt.” Le Blanc accepts the tension. “We cannot, and should not stop the technology,” she notes. “But we can shape how it is used, and how we protect our societies from its worst effects. That should be our common goal.”

The AI over Lunch interview series is a project part of Virtual Routes’ AI-Cyber Research and Policy Hub. If you would like to sponsor this series, please reach out to

hu*@vi************.org











.

Have someone in mind we should interview? We’re happy to hear your suggestions!