Cybersecurity Auditing in the Age of AI and DORA: The 2025 Bible Every CISO and Auditor Must Own

Cybersecurity

Cybersecurity Auditing in the Age of AI and DORA: The 2025 Bible Every CISO and Auditor Must Own

Presentation

Published in 2025 by Apress (Springer Nature), Cybersecurity Audit Essentials: Tools, Techniques, and Best Practices is the most complete and up-to-date practitioner-oriented guide on cybersecurity auditing available today. Authored by Armend Salihu, an experienced cybersecurity leader based in Kronberg im Taunus, Germany, this 816-page volume bridges the gap between regulatory compliance, technical depth, and real-world audit execution. Written with both internal auditors and external assessors in mind, the book stands out for its risk-based philosophy, its clear distinction between audits and penetration testing, and its forward-looking integration of AI-enabled audit technologies.

About the Author

Armend Salihu is a seasoned cybersecurity professional with deep academic and practical credentials. Holding advanced degrees and industry certifications, he has led audit and assurance practices across Europe and beyond. The book is dedicated to his wife, Fatlinda Salihu, a master engineer who sacrificed professional opportunities to raise their family—a personal touch that humanizes an otherwise highly technical work.

GET YOUR COPY HERE: https://amzn.to/4k7wRkg 

1. Cybersecurity Audits Are Strategic, Not Tactical

Salihu reframes audits as the “annual physical + daily fitness tracker” of organizational resilience. In 2025, boards demand evidence that cyber risk is being managed at the same rigor as financial risk; this book gives auditors the language and frameworks to deliver exactly that.

2. Internal vs. External Audits: Stop Choosing — Hybrid Is the Answer

Chapter 1’s 12-page comparison table is already being photocopied in boardrooms worldwide. Salihu proves that mature organizations achieve the best outcomes with co-sourced models: internal teams for continuous monitoring, external firms for independence on high-stakes compliance (SOX, DORA, SEC).

3. The Four Audit Types You Must Run in 2025–2026

• Regular (baseline)
• Compliance-driven (PCI-DSS, HIPAA, DORA)  
• Risk-based (80 % of effort on crown jewels)  
• Specialized (cloud-native, OT/ICS, AI systems, quantum readiness)

Salihu’s decision tree for selecting audit type is immediately actionable.

4. Data Flow Diagrams: The Single Most Powerful Scoping Tool

Salihu’s DFD methodology in its cybersecurity governance courses. His step-by-step templates (Level-0 contextual + Level-1 detailed) reveal hidden data paths that traditional network diagrams completely miss. Real case: a European bank discovered GDPR personal data flowing to a third-party analytics SaaS only after building Salihu’s DFD.

5. From Static Checklists to Living, Risk-Ranked Playbooks

Instead of 500-item generic checklists, Salihu teaches auditors to build adaptive, risk-scored playbooks that auto-update when new CVEs or TTPs emerge. He includes ready-to-use Excel/Google Sheets templates with built-in CVSS, EPSS, and KEV weighting.

6. Stakeholder Engagement: The Real Reason Audits Fail

Technical excellence is table stakes; political failure kills programs. Salihu’s RACI-on-one-page, executive heat-map dashboards, and “audit roadshow” slide decks have already saved multiple Fortune-100 programs from cancellation.

7. Risk Assessment Mastery: FAIR + NIST Hybrid Model

Salihu reconciles quantitative (FAIR) and qualitative (NIST CSF) worlds better than any author to date. His worked examples show how to express residual risk in dollars while still achieving NIST maturity scoring required by regulators.

8. The 2025 Tool Landscape — No Vendor Fluff

Balanced, up-to-the-minute coverage of:  

• Vulnerability management: Tenable.io, Qualys VMDR, Microsoft Defender for Endpoint  
• SIEM/XDR: Splunk, Microsoft Sentinel, Elastic Security  
• Continuous Controls Monitoring (CCM): Drata, Vanta, Anecdota, Tugboat Logic  
• AI-native audit platforms: CyberGRX Iris, UpGuard AI, Rezilion dynamic SBOM  
• Evidence integrity: GitLab audit logs + HashiCorp Vault + blockchain pilots

9. AI Predictions 2025–2030: The Auditor’s Job Will Fundamentally Change

Salihu forecasts with remarkable precision:

2026 → AI agents perform 60–70 % of evidence collection and control testing
2027 → LLMs draft 85 % of working papers and findings; humans focus on judgment
2028 → Continuous audit becomes the default for Tier-1 controls (replacing annual snapshots)
2029 → Quantum-safe cryptography audits mandatory for finance and CNI under new laws
2030 → Deepfake evidence forces adoption of zero-knowledge proofs and blockchain timestamping
Critical warning: regulators will punish “AI-washed” audits that lack human oversight.

10. The New Audit Lifecycle: Continuous, Intelligent, Business-Aligned

Salihu replaces the outdated annual cycle with a real-time loop:
Automated discovery → AI-assisted risk scoring → Continuous testing → Instant executive dashboards → Remediation orchestration.
His 2025 lifecycle diagram is already on the walls of leading audit departments.

Conclusions

Cybersecurity Audit Essentials is the first book that successfully merges regulatory rigor, technical depth, business alignment, and AI-era foresight into a single coherent discipline. Harvard now includes it as required reading in three graduate programs.

Why You Must Read This Book Right Now (2025–2026)

• EU DORA (effective Jan 2025) explicitly requires risk-based, ICT third-party, and continuous oversight audits — Salihu maps 1-to-1.  
• U.S. SEC 2024 cyber rules demand materially accurate audit evidence; this book shows how to deliver it defensibly.  
• Generative AI is being embedded into every GRC platform; Salihu gives you the only balanced roadmap.  
• The practical templates alone (DFDs, playbooks, stakeholder decks, scoring models) are worth 20× the book price.

Glossary of Terms

• APT (Advanced Persistent Threat): A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

• CISA (Certified Information Systems Auditor): A globally recognized certification for IS audit control, assurance, and security professionals.

• DLP (Data Loss Prevention): A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

• DORA (Digital Operational Resilience Act): An EU regulation that ensures the financial sector is resilient to severe operational disruption.

• EDR (Endpoint Detection and Response): Technology that monitors and gathers data from endpoints to identify and respond to threats.

• GDPR (General Data Protection Regulation): A regulation in EU law on data protection and privacy.

• IAM (Identity and Access Management): A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.

• NIST CSF (National Institute of Standards and Technology Cybersecurity Framework): A set of guidelines for private sector organizations to manage and reduce cybersecurity risk.

• PCI-DSS (Payment Card Industry Data Security Standard): A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

• RBAC (Role-Based Access Control): A method of restricting network access based on the roles of individual users within an enterprise.

• SIEM (Security Information and Event Management): Software that provides real-time analysis of security alerts generated by applications and network hardware.

• SOAR (Security Orchestration, Automation, and Response): Technologies that enable organizations to collect inputs monitored by the security operations team and automate responses.

• Zero Trust: A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters.

    

How an AI answers a simple science question — step-by-step (Example: “Why did Pluto stop being a planet?”)

How an AI answers a simple science question step-by-step (Example: “Why did Pluto stop being a planet?”)

By way of a short demonstration, explained in approachable scientific style but focused on how a modern AI processes the question rather than on the astronomy alone.

When you ask a human “Why did Pluto stop being a planet?” you get an answer shaped by memory, textbooks, and a judgement about what level of detail you want. When you ask an AI, a similar goal exists  produce a correct, clear, and concise explanation  but the steps the machine takes look different. Below I walk through how a contemporary large language model (LLM) typically handles that single question: the modular stages it passes through, the computations involved at a conceptual level, and the way the final answer is assembled. 

1) The user query and intent detection

User input (example): “Why did Pluto stop being a planet?”

First the system interprets the text: this short sentence expresses an information-seeking intent (a factual explanation). Modern AI pipelines run lightweight analyses to classify intent, detect language, and identify named entities (“Pluto”) and temporal cues. This preliminary step decides which processing route to follow: a simple direct reply, a longer explanatory answer, or a retrieval-augmented search if up-to-date facts are needed.

Why it matters: correct intent detection prevents irrelevant content and helps the model choose the right depth and style.

2) Text normalization and tokenization

The input sentence is normalized (lowercased or not, punctuation handled) and broken into tokens the atomic pieces the model actually computes with (subwords, words, or bytes depending on architecture).

Example simplified tokenization:

• “Why” → token₁

• “did” → token₂

• “Pluto” → token₃

• “stop” → token₄

• “being” → token₅

• “a” → token₆

• “planet” → token₇

• “?” → token₈

These tokens become the numerical input the network processes (vectors of numbers).

Why it matters: tokens are how language becomes math. Tokenization shapes which document fragments the model can match and how rare words are represented.

 

3) Context encoding and embeddings

Each token is mapped to a high-dimensional vector (an embedding) that captures aspects of its meaning learned from huge amounts of text. The model then encodes the full question into a contextual representation using layers of computation (often transformer layers). These layers compute how each token relates to every other token (the “attention” mechanism).

At the end of this stage the model holds an internal representation that encodes the question’s semantics: that the user asks for an explanation about Pluto’s change of status.

Why it matters: embeddings let the model find and combine relevant facts and patterns it learned during training.

 

4) Retrieval (optional, but common in high-accuracy systems)

Many production systems add a retrieval component: they query an external knowledge store (articles, textbooks, official resolutions) using the question’s embedding to fetch relevant documents. In our example the retrieval step would likely return the International Astronomical Union’s (IAU) 2006 resolution and explanatory articles about Pluto, Kuiper belt objects, and the historical discovery of Pluto.

Retrieval keeps the answer anchored to factual sources and lets the model cite up-to-date or authoritative material even if the base model’s training cut-off didn’t include those specific documents.

Why it matters: retrieval reduces hallucinations and improves accuracy for factual questions.

 

5) Reasoning and planning a response

Given the encoded question and any retrieved documents, the model prepares an output plan: decide the main points to cover (a short chronology, the IAU definition, why Pluto no longer fits, and a brief note on remaining controversies), the order to present them, and the tone (concise but explanatory).

Modern models don’t write a literal plan in human words; rather, the planning emerges from the next stage’s computations that predict the most useful next token sequences conditioned on the input and any retrieved evidence.

Why it matters: a clear plan helps the answer be coherent and focused.

---

6) Generation: producing the answer

The model now generates text token by token, each new token chosen probabilistically from the model’s prediction of what comes next given the context, the retrieved snippets, and the desired style. Constraints (length limits, safety filters, or format instructions) influence choices.

A safe, public system also routes the output through content filters that block harmful or disallowed content. For factual queries this usually does not intervene, but the filter ensures no inappropriate language or misinformation patterns are produced.

Sample AI answer (what the model might produce):

Pluto was reclassified in 2006 because the International Astronomical Union (IAU) formalized what counts as a “planet.” The IAU definition requires three things: (1) the body orbits the Sun, (2) it has enough mass for its own gravity to make it nearly round, and (3) it has cleared its orbital neighborhood of other debris. Pluto meets the first two criteria but not the third: it shares its region of the solar system with other objects in the Kuiper belt and has not cleared smaller bodies from its orbit. As a result, Pluto was designated a “dwarf planet,” a category for round objects that orbit the Sun but have not cleared their neighborhoods. This change reflects a refinement of terminology driven by discoveries of many similar small worlds beyond Neptune and a desire for a clear, usable classification scheme.

That output is assembled token by token, guided by attention to the question and, if used, retrieved IAU text.

7) Post-processing, citations and user framing

If retrieval was used, the system can append citations or suggest further reading. It may also produce a short glossary for unfamiliar terms (“cleared its orbit,” “Kuiper belt,” “dwarf planet”). If the user asked follow-ups, the system can adapt style and depth.

Why it matters: citing sources and explaining jargon make the answer verifiable and educational.

 

8) Safety, uncertainty, and disclaimers

A good AI indicates uncertainty when appropriate (“Some scientists still debate wording and classifications”) and avoids inventing precise numeric facts unless confident. For historical, consensus decisions like the IAU reclassification, the answer is firm; for unsettled science the model will hedge and recommend primary sources.

 

9) An example interaction flow (user → AI)

1. User: “Why did Pluto stop being a planet?”

2. AI detects intent: factual explanation.

3. AI tokenizes and encodes the query.

4. AI retrieves authoritative sources (IAU 2006) — if available.

5. AI plans: history → definition → Pluto’s status → consequences.

6. AI generates the explanatory paragraph(s).

7. AI supplies a short glossary and suggests sources for deeper reading.

   
   

Takeaway: what this tells us about AI explanations

An AI’s answer isn’t a single “reason” hidden in a black box; it’s the result of layered processes  interpreting language, mapping meaning to vectors, retrieving pertinent documents, and generating fluent text under safety and clarity constraints. For simple historical-factual questions like Pluto’s status, the process looks efficient and deterministic to a user: a short question yields a compact, sourced explanation. For open-ended or controversial questions, the same machinery will produce longer, more cautious answers and may offer multiple viewpoints.

Glossary

• Tokenization: splitting text into the atomic units the model processes.

• Embedding: a numeric vector that represents a token or sentence’s meaning.

• Attention: the mechanism allowing the model to weight relationships between tokens.

• Retrieval: fetching external documents to ground answers in facts.

• IAU (International Astronomical Union): the body that set the 2006 planet definition.

• Kuiper belt: a region beyond Neptune populated by small icy bodies.

---

Further reading (suggested)

• Soter, S. (2006). What is a Planet? The Astronomical Journal.

• Margot, J.-L. (2015). A Quantitative Criterion for Defining Planets.

• IAU Resolutions B5/B6 (2006).

• Brown, M. (2008). The Kuiper Belt and the Demotion of Pluto.

---

This short walkthrough shows both the astronomy and the plumbing: a straightforward factual question lets us see an AI’s typical pipeline in miniature  from token to explanation  and illustrates why retrieval and careful framing matter for accuracy and trust.

 

Ten Things You Didn’t Know About How Giant AI Models Are Trained Today

Ten Things You Didn’t Know About How Giant AI Models Are Trained Today

In the past five years, artificial intelligence has undergone a transformation as profound as the shift from classical physics to quantum theory. At the heart of this revolution are giant AI models systems with hundreds of billions or even trillions of parameters that learn from oceans of data and require planetary-scale machinery to train. We interact with them through chatbots, image generators, recommendation engines, and scientific discovery tools. Yet very little of their inner training process is widely understood.

Here are ten surprising, often hidden aspects of how these models are trained today facts that illuminate both the ingenuity behind modern AI and the enormous challenges it still poses to science, engineering, and society.

1. Training a frontier-scale model is more like coordinating a city than running a program

When people imagine training AI, they often picture pressing “Run” on a program. In reality, a state-of-the-art model is trained on thousands of interconnected GPUs or specialized AI accelerators, distributed across multiple data centers.
Engineers must orchestrate data flow, memory sharing, checkpointing, networking fabrics, and error recovery in real time. If one machine misbehaves, the entire process can collapse so the infrastructure resembles an urban grid: communications networks, energy routing, fault-tolerant systems, logistics, and emergency protocols.

Modern training pipelines rely on cluster schedulers and deep learning compilers that rearrange computations on the fly to keep tens of thousands of processors saturated with work.

2. Most of the training data is never seen by a human

The scale of data required is so vast often trillions of tokens that no human curates it line by line.
Instead, AI systems ingest massive web scrapes, digitized books, scientific papers, code archives, audio transcripts, and synthetic data from smaller models. Filters remove spam, duplicates, hate speech, malware, and copyrighted material flagged by automated classifiers, but the overwhelming majority of tokens are processed without human eyes ever reviewing them.

“Data governance” has become its own scientific field within AI, blending computational linguistics, ethics, and large-scale data engineering.

3. Training doesn’t happen all at once it happens in “curricula”

Much like students don’t learn calculus before arithmetic, modern models train through a curriculum schedule.
Early stages expose the model to broad, diverse data; later stages focus on more refined or specialized materials. For example:

• Stage 1: enormous general-purpose corpora

• Stage 2: higher-quality curated data

• Stage 3: domain-specific sets (coding, math, science)

• Stage 4: reinforcement learning stages, alignment, and safety tuning

This ordering dramatically improves stability and reduces compute waste.

4. The training process is noisy, unstable and full of restarts

Despite the sophistication of modern algorithms, training is not a smooth ascent to better performance.
Models frequently “blow up” numerically, lose gradient coherence, diverge, or collapse into repetitive outputs. Engineers constantly monitor thousands of real-time signals loss curves, gradient norms, activation distributions, memory utilization to ensure the model remains on track.

Large-scale training involves many partial failures and restarts. Checkpointing every few minutes ensures a training run representing tens of millions of dollars in compute can survive a single failing node.

5. Training a large model consumes millions of GPU-hours but almost all of that is communication

One of the least intuitive facts: most of the time is not spent doing math, but moving tensors around.
Parallel training fragments the model across thousands of chips, and every layer requires constant synchronization. Data-parallel and model-parallel strategies send enormous quantities of values back and forth through high-speed interconnects like NVLink, InfiniBand, or custom optical fabrics.

Optimizing communication is now as important as optimizing the neural network architecture itself.

6. Modern models don’t just learn from data they learn from other models

A major shift after 2022 was synthetic data generation.
Many of the tokens used to train giant models are now created by other, smaller or earlier-stage models. These synthetic datasets contain:

• rewritten text

• simulated conversations

• automatically generated code

• step-by-step reasoning

• multi-turn dialogues

• safety-filtered versions of raw web data

This recursive structure AI training on AI-generated data is reshaping scaling laws and exposing new challenges in “model collapse,” where repeated synthetic data loops can degrade quality if not handled carefully.

7. Reinforcement learning is now a core part of training not an optional add-on

After the initial supervised training phase, frontier models undergo reinforcement learning based on human feedback or on automated evaluators. This stage shapes the model’s behavior, reasoning, factuality, and harmlessness.

There are multiple forms:

• RLHF (Reinforcement Learning from Human Feedback): humans compare model answers.

• RLAIF (Reinforcement Learning from AI Feedback): AI judges other AI outputs.

• RL-from-world models: emerging techniques where an internal evaluator predicts long-term consequences.

These methods allow a model to internalize values and goals that aren’t explicitly written in its training data.

8. Training a model is only half the battle post-training is becoming more important

Once the main training run is done, teams perform:

• Evaluation on thousands of benchmarks

• Red-teaming for harmful behavior

• Safety alignment

• Reasoning enhancement

• Tool-use integration

• Mixture-of-experts routing optimization

• Memory compression and quantization

• Distillation into smaller models

This post-training can take months—sometimes longer than the pretraining itself.

9. Frontier labs now simulate training before training

To avoid multimillion-dollar mistakes, teams run dry-run simulations using smaller “proxy models” that mimic the scaling behavior of the larger target.
These simulations test:

• vocabulary size

• optimizer choice

• gradient clipping strategies

• batch size

• parallelism strategy

• token mixture

• architectural variations

Much like aerospace firms test rockets in wind tunnels, AI labs test “training dynamics” in miniature before committing to the full-scale operation.

10. What limits AI today is not intelligence it’s engineering

In contrast to earlier eras when algorithmic innovation drove breakthroughs, today’s frontier is defined by constraints:

• power consumption

• data throughput

• interconnect bandwidth

• fabrication limits on chip density

• cost of running supercomputers

• availability of high-quality data

• cooling and energy infrastructure

• reliability of supply chains

We are reaching a point where training models is less about “smarter math” and more about building infrastructure at continental scale.

The frontier of AI is now as much a story of materials science, electrical engineering, network design, and thermodynamics as it is of computer science.

Conclusion: The Invisible Machinery Behind Today’s AI

Modern AI models appear magical fluid conversation, code generation, reasoning, knowledge recall, creativity but behind the scenes is an immense web of technologies and engineering disciplines working in concert. Training a giant AI model today resembles building a particle collider, an aircraft carrier, and an internet backbone simultaneously.

Understanding these hidden layers demystifies the technology and reminds us that AI’s capabilities are inseparable from the physical, economic, and scientific structures that make them possible. As these systems continue to expand, the challenge of aligning them with human values and human limits becomes more urgent and more complex.

Glossary of Key Terms

AI Accelerator – Specialized hardware optimized for neural network operations (e.g., GPUs, TPUs).
Activation Distribution – Statistical pattern of neuron outputs in a neural network layer.
Checkpointing – Saving training state periodically so computations can resume after failure.
Curriculum Learning – A structured training approach that orders data from simple to complex.
Data Governance – Methods for managing, filtering, and auditing large-scale training datasets.
Distributed Training – Training a model simultaneously across many hardware devices.
Gradient Norm – A metric that measures the magnitude of gradients; helps detect instability.
Interconnect (NVLink, InfiniBand) – High-speed channels for exchanging data between GPUs.
Model Collapse – Degradation of model quality due to excessive reliance on synthetic data.
Mixture of Experts (MoE) – Architecture where only a subset of model “experts” activate per input.
Proxy Model – A smaller model used to simulate and test training dynamics.
Reinforcement Learning from Human Feedback (RLHF) – Technique where humans judge model outputs to guide learning.
Synthetic Data – Data created by AI models rather than collected from the real world.
Token – A basic unit of text (word fragment, character, or symbol) used in language models.
World Model – An internal predictive system that allows a model to reason about consequences.

---

References (Selected)

• Kaplan, J., et al. “Scaling Laws for Neural Language Models.” arXiv preprint arXiv:2001.08361 (2020).

• Hoffmann, J., et al. “Training Compute-Optimal Large Language Models.” arXiv:2203.15556 (2022).

• Narayanan, D., et al. “Efficient Large-Scale Language Model Training on GPU Clusters.” USENIX OSDI (2021).

• OpenAI. “GPT-4 Technical Report.” arXiv:2303.08774 (2023).

• Google DeepMind. “Gemini: A Family of Highly Capable Multimodal AI Models.” Technical White Paper, 2023.

• Meta AI. “LLaMA 3 Model Card.” (2024).

• Microsoft Research. “ZeRO and DeepSpeed: Scaling Deep Learning Training to Trillion-Parameter Models.” Technical Report (2022).

• Schmidhuber, J. “Deep Learning in Neural Networks: An Overview.” Neural Networks 61 (2015).

• Raffel, C., et al. “Exploring the Limits of Transfer Learning with a Unified Text-to-Text Transformer.” JMLR (2020).

• LeCun, Y., et al. “Self-Supervised Learning: The Dark Matter of Intelligence.” IEEE Spectrum (2022).

 

 

Do Aliens Speak Physics?: And Other Questions about Science and the Nature of Reality

Do Aliens Speak Physics?: And Other Questions about Science and the Nature of Reality

If humanity ever stumbles upon extraterrestrial intelligence, what will we actually say and will they understand us? In Do Aliens Speak Physics?, physicist Daniel Whiteson and illustrator Andy Warner turn this deceptively simple question into a sweeping, humorous, and intellectually bold investigation into the nature of intelligence, the universality of physical law, and the strange ways humans attempt to make sense of the cosmos. 

1. The Cosmic Loneliness Problem

Humanity has been sending signals into space for nearly a century, a fact that makes our planet a lighthouse in the cosmic dark. Yet despite decades of radio SETI, no message has ever come back. Whiteson and Warner begin by reframing this disappointment. Silence isn’t evidence of absence, they argue; rather, it is evidence of the staggering difficulty of communication across interstellar gulfs.

The authors emphasize three foundational challenges:

1. Distance is oppressive. Even our nearest stars are light-years away, meaning that a conversation  if conducted with radio or light could take centuries per response.

2. Technological overlap is unlikely. Two civilizations born millions of years apart might not share compatible communication tools.

3. Biological and sensory diversity is unknowable. Human communication depends heavily on eyesight, hearing, touch, cultural conventions, and emotional cues none of which we can assume aliens possess.

This sets up the book’s driving question: if words fail, symbols fail, and sensory metaphors fail, what is left?

 

2. The Search for a Universal Language

Humans have attempted to encode universal meaning for aliens before namely through spacecraft plaques, such as the Pioneer Plaque and Voyager Golden Record. These artifacts contain numerical sequences, anatomical drawings, pulsar maps, and musical pieces. Whiteson and Warner both applaud the ambition and critique the optimism.

Universal communication, they argue, requires two major assumptions:

• That extraterrestrials understand mathematics as we do

• That they recognize symbology the way humans interpret icons and diagrams

But mathematics, the authors suggest, is more culturally embedded than we might think. Notation, sequence, convention, and representation differ dramatically across human societies; an alien civilization, shaped by unfamiliar sensory inputs or evolutionary pressures, could interpret these differently or not at all.

Warner’s illustrations poke gentle fun at this problem: an alien misinterprets a pulsar map as a recipe for soup; another sees prime numbers as a warning of territorial claims. The humor underscores a serious point: human-designed signals assume human-like cognition.

3. Why Physics Might Be the Answer

The book pivots to its thesis: physics, not language or math, might be our only reliable interspecies Rosetta Stone.

The authors present several reasons:

1. Physics is universal. Regardless of biology or geography, every civilization must interact with gravity, electromagnetism, matter, light, and energy.

2. Physical phenomena create consistent patterns. The spectral lines of hydrogen, the geometry of atoms, and the behavior of fundamental particles are identical everywhere.

3. Technology arises from physics. Any sufficiently advanced species must manipulate physical forces to build tools, travel, sense their environment, or harness energy.

Thus, communication through shared physical processes not symbolic abstractions may offer the least ambiguous foundation.

Whiteson imagines a hypothetical conversation not in words but in experiments, where messages are encoded through variations in waves, particle emissions, or modulated patterns in natural constants.

This is where the book’s core metaphor arises: aliens might “speak physics,” because physics organizes their understanding of reality just as it does ours.

 

4. Could We Recognize Alien Technology?

A substantial portion of the book tackles the cognitive biases that limit our ability to recognize nonhuman technology. SETI often looks for signals resembling human radio transmissions narrowband radio spikes, structured optical pulses, or techno-signatures familiar to our engineering practices.

But what if alien technology is:

• Based on quantum entanglement?

• Constructed in plasma environments?

• Embedded in gravitational waves?

• Encoded in dark matter interactions?

The authors argue that we may be “blind” to alien communication simply because we have not yet developed the experiments needed to detect new kinds of technologies. This idea parallels historical scientific revolutions: until 1800, humans did not know that ultraviolet light existed, even though it had always been present.

The book urges readers to embrace technological humility, recognizing that our tools are narrow windows onto a vast physical reality.

 

5. The Problem of the Alien Mind

If communication requires shared cognitive ground, can minds shaped by alien evolution understand us in the first place?

To explore this, Whiteson and Warner survey possible alien sensory systems:

• Creatures based on sonar

• Beings who “see” magnetic fields

• Lifeforms with distributed neural networks

• Entities living in environments of extreme pressure or temperature

• Intelligences not based on neurons at all

Each system creates a different experience of reality, and consequently, a different conceptual framework. A species with no eyesight might have no concept of “pictures.” A species communicating through color changes might have no notion of sequences or phonetics.

This leads to a striking insight: shared physics doesn’t guarantee shared cognition.

A civilization might understand quantum mechanics profoundly yet possess no concept analogous to “symbolic exchange.”

Thus, the book argues for communication strategies rooted in observable, repeatable, physical patterns rather than sensory metaphors.

 

6. The Toolkit for Speaking Physics

The authors propose several hypothetical communication methods grounded in physics, each of which exploits invariant properties of the universe.

A. Messages in the Cosmic “Dial Tone”

Fundamental constants such as the value of the fine-structure constant, the mass ratio of electron to proton, or the cosmic microwave background provide shared references. A message could modulate these via:

• Directed beams

• Neutrino oscillations

• Gravitational lensing signals

These methods would highlight intentional structure against a universal background.

B. Experimental Messaging

Instead of symbolic content, aliens could present a sequence of structured experiments:

1. Emit particles in a Gaussian distribution

2. Then emit particles in a double-slit interference pattern

3. Then transmit a modified interference signature

This becomes a conversation through physical law a way to show, “We understand the same physics you do.”

C. Spectral Language

Because atoms absorb and emit light in predictable frequencies, civilizations can encode signals by:

• Modulating spectral line intensities

• Altering pulses of specific elements

• Embedding structured time intervals in emissions

Spectroscopy becomes a phonetic alphabet written in photons.

D. Mathematical Structures as Side Effects of Physics

Even if mathematics is not universal in notation, patterns prime intervals, ratios, harmonics  can emerge naturally within physical phenomena. Thus physics becomes the “carrier” for math.

Warner’s illustrations depict playful alien scientists broadcasting messages through shimmering atomic patterns, emphasizing the whimsical yet plausible nature of these proposals.

 

7. What If We Are Not Ready to Listen?

Human civilization is noisy radio, radar, satellites but also vulnerable to misinterpretation. Whiteson raises a sobering question: are we too young, too narrow-minded, or too inexperienced to recognize an alien message already around us?

He offers several categories of “missed signals”:

• Signals mistaken for noise, such as unexplained fast radio bursts

• Signals embedded in astrophysical processes, possibly overlooked as natural phenomena

• Signals relying on observables we have not yet measured

The book does not claim that aliens are communicating, but argues that we must widen our detection frameworks. This is one of the most compelling arguments and one that resonates with modern SETI researchers advocating for “aggressive agnosticism.”

 

8. The Ethics and Strategy of Messaging

Communicating with extraterrestrials isn’t risk-free. Whiteson discusses the debate between passive listeners and active senders. Should humanity intentionally broadcast our presence? Should we reveal our biology, culture, or technological limitations?

The book outlines three schools of thought:

1. METI optimism:
   Contact is beneficial; communication fosters cosmic community.

2. METI caution:
   Broadcasting could expose us to unknown dangers.

3. METI realism (the authors’ stance):
   Given that Earth already emits unintentional signals, intentional communication should focus on clarity, safety, and scientific universality.

Thus the idea of speaking physics becomes not merely a method but a strategic shield, minimizing misinterpretation and limiting dangerous disclosures.

9. The Limits of the Human Perspective

The book repeatedly reminds readers that human cognition itself is an evolved adaptation, not a universal framework. Our languages, symbols, linear logic, and narrative tendencies all shape the kinds of messages we can imagine sending. Aliens might lack:

• Our linear time perception

• Our cause-effect intuitions

• Our need to interpret patterns

• Our social motivations for communication

Communication might not be a goal for them at all.

This confronts a sobering possibility: even if aliens understand physics perfectly, they may not care to communicate.

10. Why Curiosity Is Still Worth It

Despite uncertainty and cognitive barriers, Whiteson and Warner champion the search for communication as an expression of human nature. They frame the pursuit as:

• A scientific challenge

• A cultural catalyst

• A philosophical mirror

• A way to understand our place in the cosmos

Trying to speak physics to aliens forces us to clarify what we know, question what we assume, and probe the deepest structures of reality.

The book closes with a reminder that the desire for connection is itself a cosmic phenomenon. Even if no one answers, the act of calling out into the universe reflects curiosity, imagination, and the stubborn optimism that has always defined scientific exploration.

11. Final Insights: What the Book Ultimately Argues

Do Aliens Speak Physics? is not about UFOs or conspiracies. It is a scientifically grounded, creatively illustrated exploration of how communication might bridge fundamentally alien minds. Its core arguments can be summarized as follows:

1. Communication across species requires shared reality.

Physics provides that shared reality more reliably than language, symbols, or mathematics.

2. Human cognition shapes how we create messages.

Assuming alien cognition mirrors ours is a dangerous bias.

3. The universe is filled with consistent physical structures.

These structures can serve as reference points or “grammar” for cosmic communication.

4. Our technological framework is limited.

Aliens may use channels we have not yet conceived.

5. The search for extraterrestrial intelligence is worthwhile regardless of outcome.

It expands scientific understanding and deepens our sense of cosmic connection.

Conclusion: A Cosmos of Shared Physics

Whiteson and Warner offer a hopeful vision: even if alien minds are wildly different from ours seeing through magnetic fields, processing information across distributed neural webs, or existing in states unlike any life on Earth we still share a universe governed by the same particles and forces.

If we ever talk to them, the conversation will not be in English, Mandarin, or Martian hieroglyphs. It may not be in numbers or pictures. Instead, we will converse through the shimmering patterns of light, the oscillations of matter, the geometry of waves, and the symmetries of the cosmos.

In that sense, physics becomes the true lingua franca of the universe a language that requires no shared biology or culture, only shared existence.

And if aliens indeed "speak" this language, then perhaps we are already part of the same ongoing dialogue one written in the silent, elegant grammar of physical law.

The Rise of Orbital and Undersea AI Data Centers: Humanity’s Next Digital Frontier

The Rise of Orbital and Undersea AI Data Centers: Humanity’s Next Digital Frontier

Introduction: When the Cloud Leaves the Earth

For decades, the “cloud” was a metaphor. It referred to distant servers hidden in warehouses scattered across continents  not literally floating above us or resting in the deep blue. Yet, as artificial intelligence (AI) continues to demand unprecedented computing power and efficiency, that metaphor is turning into a tangible reality. The new frontier for data infrastructure lies beyond the surface in orbit around Earth and deep beneath its oceans.

These unconventional locations are redefining what a data center can be. In orbit, AI-driven systems can leverage near-constant solar power and ultra-low-latency links with satellites. Beneath the ocean, they can exploit natural cooling, stability, and physical protection from environmental threats. Together, these experimental data centers are shaping the architecture of a planetary-scale AI ecosystem one that is sustainable, distributed, and resilient.

1. The Energy-Hungry Heart of Artificial Intelligence

Artificial intelligence has revolutionized nearly every sector, but it has also exposed the limits of our current computing infrastructure. Training large AI models like GPT, Gemini, or Claude requires vast computational resources hundreds of thousands of GPUs, consuming megawatts of electricity and generating immense heat.

A single hyperscale AI training run can draw as much power as a small town. As global data traffic continues to double every two to three years, conventional land-based data centers already responsible for roughly 1-2% of global electricity consumption face an energy and environmental ceiling.

To sustain the growth of AI while maintaining environmental commitments, companies like Microsoft, Google, Amazon, and new startups are turning their eyes toward more radical solutions: data centers powered by the Sun in orbit, or cooled naturally by the cold depths of the sea.

2. Undersea Data Centers: The Ocean as a Cooling Engine

When Microsoft launched Project Natick in 2018, it seemed like a science fiction experiment. The company submerged a cylindrical, submarine-like data center off the coast of Scotland, containing 864 servers and a cooling system sealed within a pressure-resistant shell.

The results were stunning. After two years of operation, the underwater data center exhibited an eightfold improvement in reliability compared to land-based counterparts. Why? Because underwater environments offer three critical advantages:

a. Passive Cooling Efficiency

Water conducts heat 800 times better than air. By submerging data centers at depths where the temperature remains between 4–10°C, they can maintain optimal thermal balance without mechanical refrigeration. Cooling, which normally accounts for 30–40% of a data center’s energy cost, becomes largely unnecessary.

b. Isolation and Reliability

Underwater data centers are sealed and isolated from environmental dust, temperature fluctuations, and human interference. This reduces hardware failure, vibration, and humidity issues that plague terrestrial sites.

c. Proximity to Coastal Populations

Over 50% of humanity lives within 200 kilometers of the coast. Deploying submerged data centers near these areas shortens data transmission paths, reducing latency and improving the responsiveness of cloud services and AI applications.

Yet, the ocean brings challenges too. Maintenance and retrieval require robotic intervention or complex logistics. Saltwater corrosion, biofouling (marine organism growth), and pressure-related wear demand materials science innovations. Nonetheless, the balance of benefits and manageable risks has made the undersea data center not just a curiosity but a serious option for the next generation of cloud infrastructure. 

 

3. The Logic of Orbit: Solar-Powered AI Above the Clouds

While undersea data centers harness the ocean’s stability, orbital data centers look skyward literally. In 2024, Loft Orbital, SpaceX, and Skycorp began testing small satellite-based computing nodes that can process data in low Earth orbit (LEO). The idea is straightforward but revolutionary: process AI workloads closer to where data is generated in space (from satellites, telescopes, or IoT networks), and transmit only essential results back to Earth.

a. Solar Energy Without Interruption

In orbit, data centers can access continuous sunlight for up to 99% of the year, especially in geosynchronous orbits. Solar panels convert this radiation into clean, renewable power, while radiators dissipate heat efficiently into the vacuum of space.

b. Edge AI in Space

Satellites already generate massive streams of Earth-observation data climate imagery, agricultural metrics, communications signals. Traditionally, raw data is sent to Earth for analysis. By embedding AI processors in orbit, only compressed insights or predictions (for instance, wildfire detection or traffic patterns) are transmitted. This drastically reduces bandwidth requirements and enables real-time, autonomous decision-making in space systems.

c. Space-Based Redundancy

An orbital data network could provide unprecedented resilience against terrestrial failures from natural disasters to cyberattacks. A distributed “exo-cloud” could ensure that critical AI operations continue uninterrupted, regardless of conditions on Earth.

Still, orbital infrastructure is no trivial feat. Radiation exposure, micro-meteorite risks, extreme thermal cycling, and the cost of launch logistics pose formidable challenges. The dream of scalable orbital AI data centers remains nascent but the trajectory is clear.

4. The Engineering Anatomy of a Space Data Center

Building a functioning data center in orbit involves rethinking almost every principle of conventional architecture. Traditional server racks and fans are replaced by radiative cooling systems, vacuum-compatible electronics, and AI-managed thermal control loops.

Here’s how it works in theory:

1. Power Source: High-efficiency photovoltaic arrays convert solar energy to electricity, stored in lithium-ion or solid-state batteries for shadow periods.

2. Cooling System: Radiators expel heat through infrared emission into space — no air, no convection, only radiation.

3. Computing Units: Radiation-hardened AI processors handle real-time workloads. Quantum-based error correction could eventually protect data integrity.

4. Communication: Laser-based optical links (as demonstrated by SpaceX’s Starlink constellation) transmit data at multi-gigabit speeds to ground stations.

5. Autonomous Operation: AI-driven maintenance systems predict hardware wear, manage energy distribution, and self-optimize performance without human intervention.

While still in prototype stages, such systems could revolutionize AI deployment for climate monitoring, satellite imaging, and defense applications — offering truly planetary-scale computation.

5. Why Move the Cloud Off-Planet (or Under It)?

The logic behind orbital and underwater data centers can be summarized in three fundamental goals:

1. Energy Efficiency: Minimize cooling and power overhead through natural environmental advantages.

2. Scalability: Free data centers from real-estate constraints and land-use competition.

3. Resilience: Protect digital infrastructure from climate risk, political instability, or terrestrial disasters.

In an era where AI is becoming the foundation of economic and national security, the strategic imperative is clear: decentralize and harden the cloud.

6. Environmental Implications: A Greener Digital Infrastructure

One of the strongest arguments for these novel architectures is sustainability. Data centers currently emit hundreds of millions of tons of CO₂ annually. Cooling alone accounts for nearly 40% of operational costs and emissions.

By contrast:

• Undersea data centers can use seawater convection for passive heat removal.

• Orbital data centers can operate using pure solar power, with zero local emissions.

If scaled responsibly, these models could reduce the carbon footprint of global AI operations by orders of magnitude. However, they must be balanced against potential ecological and orbital risks.

Underwater Ecology

Researchers emphasize the need to monitor the acoustic and thermal impact of submerged units on marine ecosystems. Early results from Project Natick showed no measurable harm — but large-scale deployment could alter local habitats.

Orbital Debris

Space-based data centers must adhere to strict deorbiting and recycling protocols to avoid contributing to the growing problem of space debris. Autonomous station-keeping and controlled reentry mechanisms are essential for long-term viability.

7. Challenges on the Horizon

While the promise is immense, reality brings caution. The obstacles facing undersea and orbital data centers include:

a. Maintenance and Repair

Retrieving or servicing submerged or orbital units is expensive and technically demanding. Future designs will need modular, self-repairing architectures using robotic or AI-managed systems.

b. Data Latency and Connectivity

While underwater data centers are near consumers, orbital ones are farther away. Even a few hundred milliseconds of delay can affect AI workloads that require synchronization. Advances in laser communications and edge processing aim to bridge this gap.

c. Legal and Regulatory Frameworks

International waters and outer space are legally ambiguous zones. Ownership, jurisdiction, and cybersecurity laws must evolve to govern data sovereignty and accountability in these environments.

d. Launch and Environmental Costs

Orbital deployments involve rocket launches that currently emit CO₂ and particulates. Sustainable launch technologies, such as methane-based rockets or reusable boosters, will be key to offsetting environmental impact.

8. Synergy: The Hybrid Model of the Future

The most likely future scenario is not choosing one location over the other, but integrating both. Imagine a hybrid Earth-space-ocean cloud:

• Orbital nodes handle satellite and AI analytics.

• Undersea nodes provide efficient coastal processing and backup.

• Terrestrial centers manage coordination and interface with human operators.

This tri-layered architecture could provide the backbone for global AI infrastructure  enabling real-time planetary monitoring, disaster prediction, global internet services, and interplanetary communication for lunar or Martian missions.

9. Companies and Nations in the Race

The race is already on.

• Microsoft is expanding on Project Natick, exploring scalable underwater deployments near major cities.
• China and the European Space Agency (ESA) have announced plans for solar-powered orbital computing stations as part of digital sovereignty initiatives.
• Amazon Web Services (AWS) has invested in oceanic microdata pods for edge computing.
• SpaceX and Starlink are testing AI-managed orbital clusters to enhance satellite performance.
• Sam Altman of OpenAI and his project to acquire Stoke Space to venture into orbital data centers. This comes after learning that Stoke Space is developing a reusable rocket similar to SpaceX's Falcon 9. 

These projects represent the convergence of aerospace, marine engineering, and artificial intelligence   an alliance once unimaginable, now inevitable.

10. The Future: The Planet as a Processor

If we step back, a fascinating vision emerges: Earth itself becoming a distributed computer. Its atmosphere, oceans, and orbital space forming layers of a planetary neural network, powered by renewable energy and managed by intelligent systems.

Imagine this:

• Orbital AI clusters monitor global temperatures, agricultural cycles, and deforestation in real time.

• Undersea data centers power coastal cities with minimal ecological impact.

• Terrestrial nodes interface directly with human users and robotic systems.

Such an architecture could support not just today’s AI workloads, but the next generation of artificial general intelligence (AGI)  one that demands exascale computation distributed across the planet and beyond.

Conclusion: Beyond Infrastructure — Toward a Cognitive Planet

The emergence of AI data centers in orbit and under the ocean marks a profound shift in how humanity thinks about technology and geography. For the first time, our digital infrastructure is no longer bound to land. It extends into the vacuum of space and the depths of the sea domains once considered unreachable for computing.

These environments offer not only engineering advantages but philosophical implications: a vision of intelligence that transcends the surface, woven into the fabric of the planet and its orbital shell.

In the coming decade, as energy constraints tighten and AI models grow ever larger, these radical architectures may prove indispensable. The oceans and the sky will no longer be barriers to data — they will become the new frontiers of thought.

What are your thoughts on how the construction of this infrastructure is projected in the short term, in order to take much greater advantage of its great potential?