UNIT.City — місце, де люди працюють... КРАЩЕ! Обирай свій простір просто зараз 👉
Олег ОнопрієнкоAround IT
27 September 2025, 14:51
2025-09-27
"Social engineering is more dangerous than DDoS": Mykhailo Fedorov told where cyberattacks on the Ministry of Digital Affairs are aimed
Deputy Prime Minister Mykhailo Fedorov and representative of the Ministry of Digital Affairs Dmytro Ovcharenko spoke about the key challenges of cybersecurity and the specifics of testing products based on artificial intelligence (AI). The main vector of attack on state systems is social engineering, while testing AI assistants requires four times more resources than their development.
Deputy Prime Minister Mykhailo Fedorov and representative of the Ministry of Digital Affairs Dmytro Ovcharenko spoke about the key challenges of cybersecurity and the specifics of testing products based on artificial intelligence (AI). The main vector of attack on state systems is social engineering, while testing AI assistants requires four times more resources than their development.
Mykhailo Fedorov at IT Arena in Lviv noted that the biggest threat is social engineering. Hackers try to gain access to super admins of key information systems through attack vectors such as hacking family phones or emails, since technical attacks (DDoS) are less problematic.
To combat these attacks, the Ministry of Digital Affairs built a SOC (security center) in «Diya», constantly conducts Bug Bounty, and posted the «Diya» code in OpenSource. A separate cybersecurity and Cloud vertical was also created, headed by a profile deputy, who functions as an independent tester attacking the product vertical.
The specificity of AI requires new approaches, in particular through the prompt attack vector. Dmytro Ovcharenko noted that the expertise in testing AI assistants in the Ukrainian language is super limited, and the specificity (including surzhyk) adds complexity, as there is a lack of consistent practice. The Red Team of the Ministry of Digital Affairs has done a titanic job to test all known and unknown attack vectors.
«This is something new. And we are probably the first governments in the world to encounter this,» said the head of the Ministry of Digital Affairs.
The development to testing ratio (including non-functional, security, performance) is approximately 1:4. The internal dataset for testing «Diya» has about 50–60,000 messages. The developed testing methodology is now applied to all new applications: Digital Film, «Diya.Education», «Diya.Business».
Previously, dev.ua wrote about how at the IT Arena in Lviv, Deputy Prime Minister and Minister of Digital Transformation Mykhailo Fedorov demonstrated a «small spoiler»: the presentation featured a Diia.AI screen with a dialogue about the new service and a visualization of the Diia bank card with the Visa mark.
