Is the future of cybersecurity less about stopping the attack and more about understanding the physics of deception? That’s the question Strahinja Janjusevic, or “Strajo” as he’s known at MIT, is tackling – and it’s a far cry from the typical Silicon Valley narrative of AI as a purely software-based solution. The real story here isn't just the rise of AI in cybersecurity – it’s the increasingly crucial need to ground that AI in the tangible realities of the physical world it’s meant to protect.
Janjusevic’s path to becoming a leading voice in maritime cybersecurity is anything but conventional. Originally from Montenegro, he was selected to attend the U.S. Naval Academy after high school, a program designed to cultivate future leaders from allied nations. He excelled, earning dual bachelor’s degrees in cyber operations and computer science, and gaining invaluable experience collaborating with the U.S. military and the National Security Agency. But it wasn’t enough. He recognized a gap – a need to bridge the gap between cutting-edge technology and the complex policy frameworks required for its effective deployment. That realization led him to MIT’s Technology and Policy Program (TPP), where he’s now a second-year master’s student.
This article draws on reporting from news.mit.edu.
His current research, conducted with the MIT Laboratory for Information and Decision Systems (LIDS) and the MIT Maritime Consortium, focuses on securing critical maritime infrastructure against increasingly sophisticated cyberattacks. Specifically, he’s developing AI-powered systems to detect GPS spoofing – a tactic where malicious actors transmit false GPS signals to mislead ships, potentially causing them to veer off course or even collide. This isn’t a hypothetical threat; vessels have already been lured off course in contested waters, as noted by Saurabh Amin, Edmund K. Turner Professor in Civil Engineering. Janjusevic’s approach is novel because it doesn’t rely solely on identifying anomalous signals. Instead, it layers physics-based trajectory models with deep learning, essentially asking: does the ship’s reported movement make sense given wind conditions, sea state, and the vessel’s physical capabilities?
This emphasis on the physical world is a critical departure from many cybersecurity approaches. Too often, we treat networks as abstract spaces, forgetting that they ultimately control real-world systems. Janjusevic’s system utilizes a long short-term memory (LSTM) autoencoder to analyze signal integrity while simultaneously predicting vessel movement. By comparing these predictions to reported GPS positions, the system can distinguish between legitimate sensor noise and malicious interference. It’s a hybrid approach designed to augment, not replace, human operators, providing verified navigation data that allows watch standers to make informed decisions. The system isn’t designed to prevent all attacks, but to provide a crucial layer of verification in a world where trust in digital signals is rapidly eroding.
Janjusevic’s experience extends beyond academia. A summer 2025 internship with Vectra AI, an AI cybersecurity company, exposed him to the emerging risks posed by AI agents and the Model Context Protocol (MCP), the standard for AI agent communication. His research revealed how this technology could be repurposed for autonomous hacking operations, a finding he presented in a recent preprint titled “Hiding in the AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming.” This isn’t about a distant future; it’s about understanding how the tools designed to defend us can be weaponized against us, and the speed at which that weaponization can occur. He found practical application for his academic research, gaining insights into how data science teams use AI models to detect anomalies in networks.
But Janjusevic’s unique perspective isn’t just technical. As Fotini Christia, director of IDSS and the MIT Sociotechnical Systems Research Center, points out, his Navy training provides a crucial grounding in actionable policy. He understands that technology alone isn’t enough; it must be integrated with robust policy frameworks and international cooperation. He’s actively involved in the MIT Maritime Consortium, a collaboration between academia, industry, and regulatory agencies, and is helping to organize major conferences focused on technology and national security. His goal, he says, is to be a “bridge between Europe and the U.S.” in the realm of cybersecurity, bringing his knowledge and experience to both sides.
The implications for ordinary users are significant. While his research focuses on maritime infrastructure, the principles apply to any cyber-physical system – power grids, transportation networks, even connected vehicles. As our reliance on these systems grows, so too does our vulnerability to attacks that exploit the intersection of the digital and physical worlds. The cost of failure isn’t just financial; it’s potentially catastrophic.
Looking ahead, expect to see a surge in “physics-informed” AI for cybersecurity. The era of relying solely on anomaly detection within the digital realm is over. The next generation of security systems will need to understand the laws of physics governing the systems they protect, and Janjusevic’s work is at the forefront of that shift. The question isn’t if a sophisticated GPS spoofing attack will succeed, but when – and whether we’ll have the tools, and the policy frameworks, to detect and mitigate it before it’s too late.
