While reading this post on your phone, iPad, or laptop, you’re already part of the story.
During the winter, I had the opportunity to listen to Carl-Oskar Bohlin, the Swedish Minister for Civil Defence. As always, he shared what he was reading at the time. Before he finished talking, I had already ordered Nicole Perlroth’s This Is How They Tell Me the World Ends.
Perlroth, a veteran New York Times reporter, spent years uncovering how these digital weapons are bought and sold, not just by cybercriminals but by governments and intelligence agencies around the world.
Even for someone interested in cybersecurity, this book is eye-opening. It reads like part thriller, part cautionary tale, a gripping investigation into the shadowy world of zero-day exploits — software vulnerabilities that are unknown until someone weaponizes them.
In its pages, we meet the hackers who discover these flaws, the brokers who profit from them, and the state actors who have helped turn zero-days into a booming global market. What began as a niche tradecraft — carefully employed by intelligence agencies for espionage — has evolved into a digital arms race where the risks extend far beyond the classified world.
One of Perlroth’s most sobering insights is how easily these tools can escape their original purpose. Zero-days, once hoarded for intelligence gathering, now end up in ransomware attacks on hospitals, supply chain breaches affecting critical infrastructure, and in the hands of authoritarian regimes. The boundary between military and civilian targets in cyberspace is thinner than many would like to admit.
Reading the book, I couldn’t help but think about how the lessons from the zero-day market resonate with the debates we are having about AI and cybersecurity. The arms race logic is familiar. As AI becomes part of both cyber offense and defense, we risk seeing the same dynamics play out: racing ahead in an AI-powered arms race, without knowing how it will end.
This Is How They Tell Me the World Ends is not a technical book. It’s a story about people, incentives, markets, and geopolitics, which is exactly why it’s so valuable.
Closing thought
This Is How They Tell Me the World Ends is ultimately a book about unintended consequences — about what happens when tools escape the control of those who built them. That’s a lesson worth keeping in mind, not just for cybersecurity, but for AI and emerging tech more broadly.
The book also provides important insights into our present day. Almost every week, our lives are affected by vulnerabilities in our software-dependent world. My biggest concern is not one apocalyptic cyber event, but rather many small attacks that erode our societal trust.
It is this slow erosion of trust, not just the dramatic headlines, that forces us to reflect on where we are headed. Because in the end, “this is how they tell me the world ends” — or perhaps, how we can still choose to shape a different future.
Whether you work in cybersecurity, defense, policy, AI, or want to understand why headlines about ransomware and critical infrastructure attacks are becoming more common, this is a book well worth your time. And – to be honest - it’s somewhat of a whopper, so it will take some time to read.