The Digital Twin Enters Cybersecurity: With TrendAI, Risk Tries to Become Predictable
The Digital Twin Enters Cybersecurity: With TrendAI, Risk Tries to Become Predictable
The digital replica of a system, the digital twin, has been a well-known technique in manufacturing for years. Bringing it into cybersecurity is the novelty that TrendAI, the enterprise division of Trend Micro, has placed at the center of the Vision One platform at the TrendAI Academy 2026, the first Italian event dedicated to partners under the new name. The international vision is narrated by Bharat Mistry, Director of Product Management, Global Evangelist, and Alliance at TrendAI.
The starting point is the name change, which for Mistry signals how central AI has become for the company. “We are in the age of AI. Leaders want to use this technology for new innovations and new business models, but today we lack the security rails, and that is where we want to intervene,” he explains. The stated goal is to implement the necessary measures to allow organizations to innovate without slowing down.
AI has already changed how the platform is being used. By collecting telemetry and having it processed by models, Mistry explains, it is possible to serve two historically separate worlds with the same data: that of security operations and that of governance and risk management teams. “We are breaking down silos and allowing customers to use the same data for two different use cases.” Internally, AI also serves as an assistant for developers, shortening the release times of new features from weeks to days.
A Virtual Replica to See the Attack Before it Happens
The heart of the proposal is the security digital twin, a virtual replica of the organization on which to simulate scenarios, validate defenses, and predict risks before they translate into an incident. “We are at a turning point. The attack surface is now out of control. We need a mechanism to test our defenses and bring to light risks we have never seen,” observes Mistry. The picture he describes is that of environments that have gone beyond the traditional perimeter: no longer just local systems, but cloud, connections with third parties, and AI systems that need to be tied together.
On the platform, the digital twin becomes an immersive view of the attack surface: you can see how a cloud asset can be compromised, and an operation that would take hours of manual work is resolved in less than a minute. The system first indicates the most probable attack paths, then, through a simulation and validation phase that TrendAI calls Adversarial Exposure Validation, distinguishes what an attacker could theoretically do from what they can actually do, narrowing down the list to priority actions. The credibility of the model lies in the depth of the data: over 900 integrated sources, a number that the company claims is superior to its competitors.
This wealth of data has rapidly grown thanks to AI. Integrations have gone from a few dozen to over 900 within a few months because an agentic system receives various data streams, interprets them, contextualizes them, and channels them into the data lake, with a person supervising the process. This is how, Mistry explains, the platform can now absorb even previously difficult-to-handle data, such as intrusion test results, and use them to enhance risk assessment.
The ultimate point, for Mistry, is to overturn the defensive posture. “It involves moving from a reactive approach to a proactive one. Once you adopt it, risks become more manageable, exposure is reduced, and daily operations no longer consist of putting out fires.” It is a shift from security that chases events to one that anticipates them.
When Risk is Measured in Money, the Conversation Changes
As with its Italian technical counterpart, in Mistry's vision, the economic quantification of risk is the knot that realigns security and corporate leadership. “In any organization, security is seen as the department of no, an obstacle,” he acknowledges, and when teams ask for budgets, they often see them rejected because they are perceived as a cost without return. Translating exposure into financial impact changes the interlocutors: those who understand the numbers are application leaders, business unit managers, the CIO, and the CEO. “We are not talking about cybersecurity risk, but about enterprise risk management. Is it a risk I want to take or not? The conversation becomes completely different,” Mistry emphasizes. It moves away from the realm of bits and bytes, which means little to the leadership, to reasoning in terms of service disruptions, penalties, and reputational damage. This is a path that the company claims to have initiated about three years ago, starting with the alignment between operational teams and risk teams on the same data.
In the field of AI governance, Mistry insists on a reality: artificial intelligence is already within companies, in copilots, agents, and applications, often without security leaders having full visibility. Hence the need to inventory where AI is in use, observe its behaviors in real-time, and apply rules, with particular attention to shadow AI, tools adopted without authorization. All of this falls within a regulatory framework that is becoming stricter, from the European AI Regulation to the NIS2 Directive. Even here, automation does not replace judgment: in the face of sensitive decisions, such as isolating a system or blocking an account that could belong to an executive, a person remains to give the green light.
User experience is also changing. The platform adapts what it shows to the profile of the user: a security engineer sees their own operational priorities, those responding to incidents receive the history of an attack with an estimate of its impact on the business, the operations center manager or the CISO look at the risk score and financial exposure. This is, according to Mistry, a way to transition from a single console for everyone to a view built around the individual.
Protecting the Infrastructure That Produces AI
The final piece expands the field from traditional IT to infrastructures dedicated to AI, those that NVIDIA calls AI Factory. Here, the collaboration is with NVIDIA. The problem is well known: adding security to these platforms means depriving computing resources for token generation. TrendAI has developed a protection technology that runs on NVIDIA’s DPUs, dedicated processing units, freeing the CPU to produce tokens while maintaining visibility over agent traffic. Additionally, there’s protection for NVIDIA’s microservices and a control applied to requests directed at models, ensuring that each request passes a second validation before being processed.
The positioning that emerges is clear: TrendAI no longer wants to be perceived as the department that slows down, but as the enabler that allows business to move quickly while knowing that the controls are in place. The digital twin, the quantification of risk, and the protection of AI environments are the three pillars with which the company attempts to support this promise. The difficult part, as Mistry himself admits, is not showing the final number, but building the technology that allows reaching it.