[00:00:04] Welcome to another episode of Tech

[00:00:06] Unhinged, where we dive into the raw

[00:00:08] unfiltered word of technology,

[00:00:09] innovation, and the incredible people

[00:00:11] driving the change. I’m Ashar, and today

[00:00:14] we’re exploring why LLMs are cyber

[00:00:16] security’s next frontier. Joining me is

[00:00:18] one of the most influential voices in

[00:00:20] cyber security, Matthew Rosenquist.

[00:00:23] Hello, Matthew.

[00:00:24] >> Hello. Pleasure to be here. Should be a

[00:00:26] great conversation.

[00:00:27] >> Great. Awesome. So, Matthew, just for

[00:00:29] our guest, Matthew is a chief

[00:00:31] information security officer. He has

[00:00:33] served in the past as cyber security

[00:00:35] strategist at Intel, um, and is a

[00:00:38] trusted adviser to many Fortune 500 and

[00:00:40] governments worldwide. With over, you

[00:00:42] know, 30 years of hands-on leadership,

[00:00:44] he has keynoted on international stages,

[00:00:46] published several cyber security

[00:00:48] predictions that kind of, you know,

[00:00:49] shape how the industry think. We look

[00:00:51] forward to having a conversation with

[00:00:53] him and it’s great to have you on the

[00:00:55] podcast as well.

[00:00:56] >> Pleasure. So starting off Matthew, you

[00:00:58] are the voice that you know shapes the

[00:01:00] cyber security industry. So where do you

[00:01:02] intentionally kind of target your

[00:01:04] influence towards or who do you think

[00:01:06] you know these are the people that

[00:01:07] should really be understanding what’s

[00:01:10] going on nowadays?

[00:01:11] >> Yeah, I focus on the strategic picture

[00:01:13] really looking towards the emerging

[00:01:16] risks and threats and that’s important

[00:01:18] to everybody in our industry and what we

[00:01:21] see in the news today actually began

[00:01:24] weeks or months ago. what’s really

[00:01:26] important is what’s coming at us

[00:01:28] tomorrow and that’s where I focus.

[00:01:30] >> Okay. So it’s more like you’re trying

[00:01:32] and to get towards the broader

[00:01:34] ecosystem, right? So not only inside the

[00:01:36] organizations or companies or

[00:01:38] governments but largely overall in the

[00:01:40] broader ecosystem.

[00:01:41] >> Absolutely. So you’ve got cyber security

[00:01:43] leaders, you’ve got operators, you’ve

[00:01:46] got uh planners, you’ve got

[00:01:48] technologists, developers, all of these

[00:01:51] things, including service providers and

[00:01:54] vendors that deal in technology, digital

[00:01:56] technology. They all need to see what’s

[00:01:58] kind of coming forward so that they can

[00:02:00] better prepare and defend their

[00:02:02] products, their services, their

[00:02:03] environment, and their customers.

[00:02:05] >> We see that more is less is becoming

[00:02:07] more of a, you know, mainstream mindset.

[00:02:10] So uh people are starting to understand

[00:02:12] that concept really well. Do you think

[00:02:13] there’s still a belief or cyber security

[00:02:16] belief or practice that the industry

[00:02:18] kind of still gets wrong despite all the

[00:02:21] progresses that we’ve made?

[00:02:23] >> Yeah, I’ll give you three. Right. Um the

[00:02:26] first one being how important the basics

[00:02:28] in cyber security are. We often forget

[00:02:30] that or we don’t get that right or we

[00:02:32] don’t stay persistent. The second one is

[00:02:34] that security is not just a technology

[00:02:37] problem to be solved. There are many

[00:02:39] other things around that around process

[00:02:41] around people around intelligent

[00:02:43] threats. And the third thing is that we

[00:02:47] don’t actually eliminate risk. I know a

[00:02:49] lot of people want to think the cyber

[00:02:51] team does we make everything safe and

[00:02:54] but rather we actually manage risk to an

[00:02:57] optimal level which means there is going

[00:02:59] to be some pain. That’s part of the

[00:03:01] design and we want that right everybody

[00:03:03] actually wants that but we don’t

[00:03:05] eliminate risk.

[00:03:06] >> Okay. So basically when there’s so much

[00:03:09] hype you kind of tend to forget the

[00:03:11] basics right. So getting the basics

[00:03:13] right is still something that the

[00:03:15] industry at times is you know just gets

[00:03:17] it wrong. That’s that’s what you’re

[00:03:19] saying. Besides and that’s one point and

[00:03:21] the other being that it’s never just the

[00:03:23] policies. A lot of time it’s the human

[00:03:25] behavior that really has to be addressed

[00:03:28] in the long term.

[00:03:29] >> Yes. Both on our side but also in

[00:03:31] understanding there are humans on as our

[00:03:34] adversaries. Yeah.

[00:03:35] >> So, um it’s not just a tech problem.

[00:03:37] Tech problem you can go in, figure out

[00:03:39] the root cause, solve it, and then it’s

[00:03:41] gone. In my world, that’s not the case.

[00:03:44] The moment you fix that, the attacker

[00:03:46] sees and goes around or over or under,

[00:03:49] and it never really goes away because

[00:03:51] the attacker’s still there.

[00:03:52] >> So, they have to be right just once, you

[00:03:54] have to be right every time, right? So,

[00:03:56] >> yes, that’s the philosophy.

[00:04:00] >> And they may be more persistent than

[00:04:02] you. They may have more resources than

[00:04:05] you. They may be smarter than you. They

[00:04:07] may know your environment better than

[00:04:09] you. So, it’s never a fair fight. And

[00:04:12] you know, we we shouldn’t expect that

[00:04:13] that is.

[00:04:14] >> And now they have this all intelligent

[00:04:16] human being. Oh, not a human being.

[00:04:18] Sorry.

[00:04:18] >> Now they have AI

[00:04:21] >> intelligent LLM as well that you know

[00:04:23] that’s like supposed to have infinite

[00:04:26] intelligence in its own self. So that’s

[00:04:29] another new challenge. So yeah, we we’ll

[00:04:30] get to that.

[00:04:32] And actually my next question is around

[00:04:34] that. So we’ve we’ve we’ve spent

[00:04:36] decades, right? So securing

[00:04:37] infrastructures, securing access rights,

[00:04:40] securing identity frameworks, networks,

[00:04:43] applications with the LLMs coming up.

[00:04:45] What do you think has changed? Do we I

[00:04:47] feel that there’s a completely new

[00:04:49] security problem that has now emerged?

[00:04:51] What are your thoughts?

[00:04:52] >> So I’ll be a little controversial here.

[00:04:54] >> Okay.

[00:04:54] >> The LLMs in my opinion aren’t really a

[00:04:58] problem per se. And let me explain that,

[00:05:01] right? They’re simply a tool that helps

[00:05:03] with communication. It’s an interface to

[00:05:06] control other AI systems and it’s a

[00:05:10] means to communicate with computers via

[00:05:12] code and other people. So, it is a tool.

[00:05:15] It’s an interface tool. But the real

[00:05:18] risk is when we have AI agents that are

[00:05:21] granted permissions and have the ability

[00:05:23] to access and change and manipulate and

[00:05:26] orchestrate in our digital world like

[00:05:28] aentic AI. LLMs are an interface to

[00:05:32] those, but it’s not the root of the

[00:05:35] problem. It’s just another communication

[00:05:37] interface,

[00:05:38] >> right? But there have been researches

[00:05:40] that simple prompt injections can

[00:05:42] override system instructions and and

[00:05:44] whatnot.

[00:05:45] >> Yeah. No, it’s a good point. But again,

[00:05:47] there it really isn’t security through

[00:05:49] obscurity. So, you do need to have the

[00:05:52] knowledge. And whether you’re going to

[00:05:54] Wikipedia, whether you’re grabbing

[00:05:56] someone else’s code off GitHub, whether

[00:05:58] you’re just putting in a plain prompt

[00:06:00] into an LLM and having it go do all of

[00:06:02] that, it’s not the interface tool that’s

[00:06:04] the real big problem. It does expose and

[00:06:07] lower the bar to a whole new set of

[00:06:10] attackers. That’s true. But the

[00:06:13] fundamentals is still what access does

[00:06:16] it have, right? What does it gain when

[00:06:19] it gets access to that vulnerability?

[00:06:21] The real risk is the vulnerability. We

[00:06:24] normally have problems when we’re

[00:06:26] communicating or interfacing. And

[00:06:28] whether it’s a computer, right, through

[00:06:30] an LLM or whether it’s just a human, I

[00:06:32] may use social engineering and find a

[00:06:35] great way of communicating to you that

[00:06:38] you give me your password. Right? So,

[00:06:40] it’s not necessarily the communication

[00:06:42] interface. It’s the vulnerability that

[00:06:45] it’s going after and how well it can

[00:06:47] exploit that. That’s really where the

[00:06:49] biggest risk becomes. Got it. Okay. So,

[00:06:52] but let’s say tools like chart GPT,

[00:06:55] claude, core work specifically or code

[00:06:57] CLI or something. So, I feel has made

[00:07:00] those decisions very trivial. So, for

[00:07:02] instance, I I’ve recently started using

[00:07:04] claude a lot in the last 6 months,

[00:07:06] right?

[00:07:06] >> Okay. Can I have permission to do this?

[00:07:09] Can I have permission to do this? Now,

[00:07:10] I’m a I’m a little bit of techie myself,

[00:07:12] right? So, I can understand what it’s

[00:07:13] asking me to do. I can just say no. But

[00:07:15] I have friends who are in organizations

[00:07:18] who working in enterprises. they have

[00:07:19] their laptops and everything and they’re

[00:07:20] like go go go okay you’re done so that

[00:07:23] what you’re saying is I agree right so

[00:07:25] the whatever it has access to that

[00:07:27] becomes runnable but at the same time

[00:07:29] giving that access has become a trivial

[00:07:32] decision for somebody to yes just say

[00:07:34] allow permissions for all and boom so

[00:07:36] that’s

[00:07:37] >> absolutely and that’s the tension in the

[00:07:39] system right the value of these AI

[00:07:42] systems whether it’s LLMs or aentic or

[00:07:45] whatnot is predicated on the access they

[00:07:48] have to sensitive data, right? And the

[00:07:49] ability for them to act on it. And we

[00:07:52] want the greatest possible value of

[00:07:55] these tools. That’s that’s something we

[00:07:56] want. So, it’s very easy to say, I’m

[00:07:59] just going to give you all my

[00:08:00] permissions and and just tell you what

[00:08:02] to do when you’re going to go do it. And

[00:08:03] in a perfect world, that’s wonderful.

[00:08:06] The problem is these tools are new and

[00:08:10] there are new tools, new t capabilities,

[00:08:12] new features coming out every single

[00:08:14] day. So, there’s very little stability.

[00:08:17] And with that rush of these new tools

[00:08:19] and features and competitiveness,

[00:08:20] security is an afterthought. So security

[00:08:22] is not built into these tools. And now

[00:08:25] you’ve just given them out of

[00:08:27] convenience and out of productivity

[00:08:29] needs, right? You’ve given them all your

[00:08:31] permissions. Yeah.

[00:08:32] >> So that’s the equivalent of giving the

[00:08:36] brand new intern on their first day and

[00:08:38] they don’t know anything. Giving them

[00:08:40] administrative privileges and keys to

[00:08:43] the safe. Now, you wouldn’t do that to a

[00:08:46] new intern, right? But we see technology

[00:08:49] and go, “Oh, well, of course, because I

[00:08:50] want you to be productive.” So, part of

[00:08:53] it is the problems in our own head, the

[00:08:56] expectations and understanding that

[00:08:58] these are not by default secure. They

[00:09:00] were not made to be secure by default.

[00:09:02] They were made to be functional. Just

[00:09:05] like when you grant it permissions, you

[00:09:07] are doing it for functional reasons.

[00:09:09] You’re not thinking about the security

[00:09:10] consequences.

[00:09:11] >> Correct. Yes. And that kind of

[00:09:13] reinforces the earlier point that you

[00:09:15] were saying that it’s it’s just three

[00:09:16] things right. So getting the basics

[00:09:19] right. So and then also teaching humans

[00:09:21] both sides right. So this side as well

[00:09:23] that the basics right being you can’t

[00:09:25] just give it blind permissions

[00:09:26] understand or train your people to

[00:09:28] understand what it’s asking for and and

[00:09:31] that’s where you know there’s the safety

[00:09:33] come in. But generally we do see that

[00:09:35] language as a vulnerability is something

[00:09:38] that you know now it’s getting um more

[00:09:41] traction right so prompt injections just

[00:09:44] talking in simple natural languages

[00:09:46] versus me knowing what an SQL injection

[00:09:48] attack is or what I’m attack is and so

[00:09:52] on so forth. So it’s just kind of become

[00:09:53] relatively easier there. So it makes

[00:09:55] your job harder. it lower it definitely

[00:09:58] lowers the bar from that perspective and

[00:10:00] it also accelerates the speed that

[00:10:03] you’re going to get results and that’s

[00:10:05] going to work on both sides right it’s

[00:10:07] not just the attackers right now it’s

[00:10:09] the attackers finding those

[00:10:10] vulnerabilities as we get further into

[00:10:13] the year we’re seeing better and better

[00:10:14] IT tools for the security people and

[00:10:16] it’s going to be the exact same tools if

[00:10:18] the attacker can say find a

[00:10:20] vulnerability in this code well the

[00:10:21] defender can and the developer can too

[00:10:24] ahead of time and if we get there first

[00:10:26] we can identify and close that

[00:10:28] vulnerability.

[00:10:29] >> Correct. Becomes a race. It’s an

[00:10:31] escalation.

[00:10:32] >> I agree. Yes. So the real risk is is

[00:10:34] kind of moving beyond the model now

[00:10:36] because LLMs are connected to multiple

[00:10:38] systems. So maybe that’s where attackers

[00:10:41] get a pathway to influence those

[00:10:43] external systems. I guess that’s that’s

[00:10:45] part of the problem as well.

[00:10:46] >> Yeah. Especially when we look at agentic

[00:10:48] systems because now your your AI or your

[00:10:51] agent you want them to connect to every

[00:10:54] possible you know other system they can.

[00:10:56] Again the value is predicated on its

[00:10:59] access to sensitive data and systems and

[00:11:02] it might be your bank account. It might

[00:11:04] be your work you know domain login. It

[00:11:06] might be your email account your

[00:11:08] calendar all these different things.

[00:11:09] Yeah.

[00:11:09] >> And for it to give its maximum value it

[00:11:13] needs access to all that. But you better

[00:11:15] be prepared and make a good intelligent

[00:11:18] decision on whether you want to accept

[00:11:20] that risk at the same time.

[00:11:22] >> Absolutely. And and we’re going to talk

[00:11:24] about agentic AI as well, but one thing

[00:11:26] that that kind of stems from what I’ve

[00:11:28] the one trend and I I’m sure you would

[00:11:30] know it much better is that what I’m

[00:11:32] seeing is that cyber security within

[00:11:35] organization within businesses

[00:11:36] absolutely that’s that was always a

[00:11:39] challenge. There’s still a challenge and

[00:11:40] everything but cyber security for

[00:11:42] individuals that were just using their

[00:11:44] laptops but now are using their laptops

[00:11:47] with LLMs and integrated that trend that

[00:11:51] risk you know has has kind of

[00:11:52] skyrocketed because now every other guy

[00:11:55] like you said is connected their systems

[00:11:57] even and doesn’t know how to protect

[00:11:58] them.

[00:11:59] >> Yes. And you know the the LLMs

[00:12:01] especially when you know chat GPT hit

[00:12:03] the scene everybody started using it

[00:12:05] just like you know everybody uses Google

[00:12:07] or Wikipedia or whatnot

[00:12:09] >> and there was an incremental risk in

[00:12:12] specifically data exposure because

[00:12:15] somebody again not knowing may put

[00:12:17] social security numbers or those HR

[00:12:19] records or the next business deal in

[00:12:23] there and ask for revision and

[00:12:26] unfortunately that then became exposed

[00:12:28] and searchable and part the training.

[00:12:30] And so there were some privacy issues

[00:12:33] around that, but overall it was actually

[00:12:35] kind of small because one person going

[00:12:38] through an interface can only upload so

[00:12:41] much, right? Whereas attacker hitting

[00:12:43] your entire database, they can siphon

[00:12:45] everything off.

[00:12:46] >> And the type of people that were doing

[00:12:48] that weren’t very well trained to begin

[00:12:51] with. They were willing to do that for

[00:12:53] an email or for a text message, right?

[00:12:56] or some other tool that they may have

[00:12:58] downloaded or used. So the behavioral

[00:13:01] weakness was really the problem there

[00:13:03] for most of it when we looked at the

[00:13:05] first introduction of LLMs. But now as

[00:13:08] you’re connecting those LLMs and

[00:13:10] especially Gent systems to your backend

[00:13:12] systems and they have permissions to the

[00:13:15] entire database or you’ve established an

[00:13:17] MCP to expose that to the world because

[00:13:20] your API isn’t good enough in bleeding

[00:13:22] data. Right now the problem has become

[00:13:26] amplified exponentially and now that

[00:13:29] really hits the radar about everything

[00:13:31] that we have to worry about in cyber

[00:13:33] security.

[00:13:33] >> That’s a good sentence. API leading data

[00:13:37] connected.

[00:13:39] >> Yeah. If you thought APIs were risky,

[00:13:41] stand by. MCPS are your nightmare.

[00:13:45] >> It’s it’s a dream. It’s a cloudy

[00:13:47] wonderful dream for the attackers. It’s

[00:13:49] everything they would have asked for.

[00:13:50] >> Correct. Correct. No,

[00:13:52] >> no authentications very if lose

[00:13:54] connections and and whatnot, right?

[00:13:56] >> We’ll even tell you what we have access

[00:13:58] to. We’ll selfannounce. We’ll guide you.

[00:14:02] >> Yes,

[00:14:02] >> it is crazy. That’s true. That is true.

[00:14:05] There’s one other thing I was just

[00:14:07] reading the other day uh actually a

[00:14:09] couple of months back actually and then

[00:14:10] you just mentioned data. So that thought

[00:14:12] just occurred to me. I was just reading

[00:14:14] that training data can be poisoned,

[00:14:16] right? So at scale in terms of cyber

[00:14:18] security and everything. I never really

[00:14:20] saw it from that perspective and then I

[00:14:22] thought how vulnerable this can really

[00:14:24] be and now that I’m talking to you I

[00:14:27] would love to put that question to you.

[00:14:30] >> Yeah. So poisoning data and really we’re

[00:14:32] talking training data um it’s always

[00:14:34] been one of the risks that have been on

[00:14:36] the table even early on when deep

[00:14:39] learning first came out and even before

[00:14:40] that with machine learning um you know

[00:14:42] the security community said hey this is

[00:14:44] one of the problems. Now the industry

[00:14:47] actually has taken note. The developers

[00:14:49] of these systems have taken note. But

[00:14:52] it’s really important to understand that

[00:14:54] it’s a little different than our

[00:14:56] perspective. They look at poisoning of

[00:14:59] data as a risk to the accuracy of the

[00:15:03] result that their tool is producing.

[00:15:04] That’s great. That’s valid. But from my

[00:15:07] perspective, the security perspective,

[00:15:09] and you may not like this, I don’t care

[00:15:10] whether the output is accurate. I I

[00:15:12] really don’t. I care whether it creates

[00:15:15] a vulnerability to my back-end system,

[00:15:17] whether it’s going to expose data,

[00:15:19] whether it’s going to bring down the

[00:15:21] system or or reduce the availability.

[00:15:23] So, I worry about those things. But the

[00:15:26] developers really aren’t.

[00:15:27] >> Yes.

[00:15:28] >> Right. As long as the output is

[00:15:30] accurate, they’re done. They’ve won. But

[00:15:32] if that system, even though it’s

[00:15:34] producing, you know, accurate results,

[00:15:37] exposes the backend and allows an

[00:15:40] attacker to gain root access and own the

[00:15:43] company. Eh, that that really isn’t part

[00:15:45] of their engineering scope, right?

[00:15:47] >> Their engineering scope, their goal was

[00:15:49] to make sure the LLM accuracy was there.

[00:15:53] >> So, we look at it from two different

[00:15:55] perspectives. Okay? Now I would say and

[00:15:57] as I’ve always said training data is a

[00:16:00] foundation to the system especially a

[00:16:03] system that can get around security

[00:16:05] controls. So you have to maintain

[00:16:08] control and security around the training

[00:16:11] data especially if you’re continuously

[00:16:13] learning and if you’re not then yes

[00:16:15] somebody can manipulate that just like a

[00:16:18] SQL injection right if you’re not

[00:16:20] controlling the inputs then yeah

[00:16:23] somebody can take over your database the

[00:16:25] exact same fundamentals are true when

[00:16:28] you’re talking about AI systems so if

[00:16:30] you don’t have the proper guardrails

[00:16:32] then yeah they’re going to be able to

[00:16:34] manipulate your system it will become a

[00:16:36] vulnerability. So there are security

[00:16:38] aspects beyond the accuracy of the

[00:16:41] output that are absolutely necessary and

[00:16:44] it goes back to the basics,

[00:16:46] >> right?

[00:16:47] >> Controlling that data, sensitive data,

[00:16:49] the foundations of your code, right?

[00:16:51] That’s a basic.

[00:16:52] >> What kind of examples can we share? So

[00:16:55] let’s how A, how can that training data

[00:16:58] be manipulated or poisoned? So what can

[00:17:01] potentially happen? And then B, how do

[00:17:03] you typically prevent that? and you know

[00:17:05] kind of how can you circumvent that? Oh,

[00:17:07] there’s it’s a very long discussion

[00:17:10] because you can prevent it at the user,

[00:17:12] you can prevent it at the gateways, you

[00:17:14] can prevent it, you know, as part of the

[00:17:16] input controls and validation, you can

[00:17:18] prevent it in, you know, system memory

[00:17:20] and processing, you can uh detect it and

[00:17:23] block it as it’s going outputs. I mean,

[00:17:26] there’s tons of different ways of doing

[00:17:27] it. Uh, it’s really about inputs and

[00:17:29] outputs. At the end of the day, one of

[00:17:32] the things that we were concerned with

[00:17:33] at the very beginning is again you get

[00:17:35] those users that throw in let’s say the

[00:17:38] HR records or something sensitive

[00:17:41] because the system is remembering that

[00:17:43] and then using that for further

[00:17:47] refinement of its output. It’s in

[00:17:50] memory. It’s resident there and it may

[00:17:52] be capturing that and then integrating

[00:17:54] it into training that then becomes

[00:17:56] exposed to other users. Again, if you

[00:18:00] don’t have the compartmentalization

[00:18:02] in place, right, the security

[00:18:04] boundaries, right,

[00:18:05] >> that data then may be able to be

[00:18:07] reconstructed or exposed to other users

[00:18:12] that you did not intend that data to be.

[00:18:14] And again, this is back to the basics.

[00:18:17] We saw this with simple web pages where

[00:18:20] back in the day when you would go to

[00:18:22] your bank and look up your your account,

[00:18:25] right? Some other user would go into the

[00:18:27] URL and just change one number and they

[00:18:29] would get to see somebody else’s

[00:18:31] account. The simple guard rails there

[00:18:34] need to be in place. SQL injection, same

[00:18:37] thing. You have to guard against what

[00:18:39] you’re allowed, right? What the user is

[00:18:41] allowed to input that the system will

[00:18:43] process.

[00:18:44] >> Yeah.

[00:18:45] >> Same thing with LLMs. So a lot of these

[00:18:47] problems aren’t new. It’s just a new

[00:18:50] more complex tool that has a greater

[00:18:52] risk if it’s manipulated and used

[00:18:54] against you. Yeah.

[00:18:55] >> So that’s where the urgency comes from.

[00:18:57] >> Yeah. Yeah. Absolutely. No, I agree. And

[00:18:59] I agree with we are going back a little

[00:19:02] bit with these MCPS with these prompt

[00:19:04] injections with this working with MD

[00:19:07] files just reminds me of the good old

[00:19:10] so. So yeah no I agree with that. Coming

[00:19:12] to aentic now we talked a little bit

[00:19:14] about it. you know when models start

[00:19:16] acting. So LLM’s evolving from passive

[00:19:19] responders to now autonomous agents

[00:19:22] deployment within the systems. How does

[00:19:24] the risk profile change overall?

[00:19:27] >> Okay. So we go from LLMs where you do

[00:19:30] have a slight increase of some exposure

[00:19:32] of a limited amount of data, right?

[00:19:35] That’s an inconvenience. It is out of

[00:19:38] all the security things we have to worry

[00:19:39] about that user was going to do this

[00:19:41] anyway. This is just the tool that they

[00:19:43] ended up using it with. Um so it’s a

[00:19:45] little inconvenience. We move from that

[00:19:47] to a system that can expose everything,

[00:19:50] destroy everything, bring the company to

[00:19:53] a state that it is no longer recoverable

[00:19:55] or viable. So we go from a you know a

[00:20:00] you know pin prick or a sliver to a

[00:20:04] catastrophic emergency room kind of

[00:20:07] situation. It is the situation we’ve

[00:20:10] been warning about for many many years.

[00:20:12] AI is not new. So, we’ve been warning

[00:20:15] about this capability for many many

[00:20:17] years and it’s the the greatest risk

[00:20:20] that we’re going to face in the next

[00:20:22] several years around all of this. Again,

[00:20:25] back to basics, I’m guessing, right? So,

[00:20:27] have more access controls, making sure

[00:20:28] the agents are not able to access to the

[00:20:30] data, they’re not able to talk to each

[00:20:32] other. So I was reading this research

[00:20:33] from Google deep mind and that that was

[00:20:35] saying and it was kindly you know kind

[00:20:37] of addressing it that this could be a

[00:20:39] potential systematic vulnerability

[00:20:42] across all agentic systems

[00:20:44] >> unless it’s addressed.

[00:20:45] >> Oh absolutely and I’ll take it even a

[00:20:48] level higher than that right it is a

[00:20:51] behavioral and cognitive a social and

[00:20:54] business risk. Now, here’s the thing. AI

[00:20:56] is amazing. We all know that. It’s even

[00:20:59] more amazing than we can imagine. And it

[00:21:01] is incredibly powerful, right? We want

[00:21:04] this. We need this. And so, there is

[00:21:06] tremendous momentum to embrace this. And

[00:21:10] that same momentum is to make it better

[00:21:12] every single day. There are financial,

[00:21:15] right, incentives to embrace this, to

[00:21:18] use this, and to evolve this. And that

[00:21:20] is a tremendous push. We’re talking

[00:21:22] hundreds of billions of dollars if not

[00:21:24] trillions of dollars of value. So that

[00:21:26] is great momentum moving forward. So as

[00:21:29] a security person, right, one of the

[00:21:32] worst things we can do is tell

[00:21:33] everybody, oh, just stop and let’s

[00:21:35] secure it first because that’s not going

[00:21:37] to happen, right? We’re just going to

[00:21:39] get steamrolled. It was the same thing

[00:21:41] when cloud emerged and we tried to tell

[00:21:43] everybody stop. It’s not secure, which

[00:21:45] it wasn’t. You know, let’s just wait

[00:21:47] until it’s secure. No. and they just

[00:21:49] rolled over the top of us and there were

[00:21:51] problems. Same thing when worldwide web,

[00:21:53] right? Wait, it’s not sec. So, we as

[00:21:55] security professionals need to

[00:21:56] understand we can’t stop this train.

[00:21:59] It’s going a million miles an hour.

[00:22:01] Instead, we need to work with it. We

[00:22:04] need to ride that wave and instead of

[00:22:07] saying no, stop, we need to say yes, but

[00:22:11] let’s put the guard rails in as we’re

[00:22:13] doing this. So security needs to adapt

[00:22:15] and understand and accept that AI is

[00:22:18] moving forward with us or without us and

[00:22:21] we want it to be with us. So we need to

[00:22:23] move at the same speed and see the same

[00:22:26] value and enable those use cases that

[00:22:30] are important. We need to be on the

[00:22:33] front end, not on the back end saying,

[00:22:34] “Okay, what did you deploy? Now I’ve got

[00:22:36] to go secure it.” We will never keep

[00:22:38] pace with that. So, we need to be in the

[00:22:40] forefront looking ahead and working as

[00:22:43] closely as possible with all those

[00:22:45] developers, with all those users, with

[00:22:48] all those third parties and service

[00:22:50] providers, right? We want to help make

[00:22:52] it successful. And if we’re seen in that

[00:22:54] way, and that’s where we’re allocating

[00:22:56] our resources, that’s where we’re going

[00:22:57] to get the biggest bang from the

[00:22:59] security buck and help get those

[00:23:02] fundamentals in place early versus

[00:23:05] having to clean them up later.

[00:23:07] >> No, absolutely. And yes, I think that’s

[00:23:10] that’s agreeable. So, right, so back in

[00:23:12] the day, we used to teach people, you

[00:23:14] know, one of the traditional cyber

[00:23:16] security training was that, hey, do not

[00:23:18] click on suspicious links. Do not

[00:23:20] >> It’s still valid. By the way, don’t say

[00:23:22] it’s old. People will think, “Oh, I

[00:23:24] don’t need to worry about that.” No,

[00:23:26] it’s still important. Basics. Basics.

[00:23:28] >> Yes. Basics. So now we have to figure

[00:23:31] out the exact same analogies for how to

[00:23:34] chat with an uh AI, how to talk to AI

[00:23:37] and what not to do on an AI. So those

[00:23:39] kind of I I’m guessing, you know,

[00:23:41] similar training materials would need to

[00:23:42] be set up for there as well.

[00:23:44] >> Yes. So again, we talked about how

[00:23:46] powerful AI is. Well, the attackers out

[00:23:49] there, the fraudsters, the cyber

[00:23:50] criminals, they realize it and they’ve

[00:23:53] adopted it. they are adopting it much

[00:23:56] faster than us for their purposes,

[00:23:59] right? To commit better fraud, better

[00:24:01] fishing, better scams, better. And so we

[00:24:05] are kind of behind on the security side

[00:24:07] there because they get to adopt radical

[00:24:09] new tools even before they’re tested.

[00:24:11] So, and we can’t in security. We have to

[00:24:13] wait until something is polished and

[00:24:15] tested. I can’t implement a tool that

[00:24:18] will bring down the environment. So,

[00:24:20] there’s a certain lag. they can because

[00:24:23] oh if it breaks whatever I don’t care

[00:24:25] right I’m trying to do harm anyway so

[00:24:27] let me see the let me maximize the

[00:24:29] benefit out so they’re an early adopter

[00:24:31] we’re a late adopter so there’s a lag

[00:24:33] but because it’s so powerful

[00:24:36] >> they can use it especially for social

[00:24:38] engineering and we’re seeing that even

[00:24:39] by the end of last year over 80% of all

[00:24:43] uh social engineering attacks think

[00:24:44] fishing and things of that sort had some

[00:24:47] benefit of AI the attackers were using

[00:24:49] AI to make it more powerful

[00:24:51] >> yeah This just came in two days ago. I

[00:24:53] forgotten but Anthropic is calling their

[00:24:55] they have a new model which actually

[00:24:58] they have a new model which actually

[00:25:00] they didn’t launch it. It broke

[00:25:01] containment and it broke the guardrails

[00:25:04] which is the reason they did not launch

[00:25:06] it. And I was like okay Skynet is

[00:25:09] probably now coming.

[00:25:14] There’s another interesting fact. It’s

[00:25:15] slightly off topic but I’ve noticed

[00:25:17] there’s no good movie about AI.

[00:25:23] We’re living it, Ashar. We’re living it.

[00:25:27] >> But you have Terminators and Skynet. You

[00:25:29] have that Ultron in Avengers that was

[00:25:32] bad.

[00:25:32] >> Coming back to this breaking guards. And

[00:25:35] so there’s one what I also feel is the

[00:25:37] the the amount of now data that is more

[00:25:41] public, right? So for instance, you’re

[00:25:43] talking to your banks AI go wallet. You

[00:25:46] know, open up Bank of America and you

[00:25:47] have that uh what do they call the

[00:25:49] Erica? I think they call it Erica. And

[00:25:51] you ask her that, hey, what’s my balance

[00:25:53] for today? You’re looking at XYZ

[00:25:55] dollars. Can I pay my credit card? Yes,

[00:25:57] of course. Uh, how much did it go there?

[00:26:00] 600 went there. What was my latest, you

[00:26:02] know, biggest expense via 600 or

[00:26:04] whatever? And, you know, it tells me XYZ

[00:26:06] and and all of that is going. Now,

[00:26:07] imagine if Bank of America is integrated

[00:26:09] to, you know, one of the open models or

[00:26:11] the public models and this kind of

[00:26:13] information. Okay, it was in PDFs or

[00:26:15] emails, but not really out like this,

[00:26:17] right? So what is your thought on public

[00:26:20] or these cloud models versus private

[00:26:23] models, right? So maybe Bank of America

[00:26:25] having an private model that they set up

[00:26:27] on their onre and whatnot.

[00:26:30] >> It’s wonderful from a security

[00:26:32] perspective in principle, right? We’re

[00:26:34] oh it’s going to be on prem. We’re going

[00:26:36] to put guards. It’s going to be in its

[00:26:38] own VM VM and controlled by a separate

[00:26:40] VMM. I mean we oh yes yes yes it’ll be

[00:26:43] fine. But it goes back to that

[00:26:44] discussion of value. Imagine going

[00:26:48] instead to your Bank of America web page

[00:26:50] and talking with Erica or whatever. And

[00:26:52] if she didn’t have access to any

[00:26:54] sensitive information, she wouldn’t be

[00:26:56] very valuable, would she?

[00:26:57] >> Correct.

[00:26:58] >> Right. You wouldn’t be able to ask what

[00:26:59] my balance is cuz she wouldn’t know. She

[00:27:01] would go, “Hey, you got to log in.”

[00:27:02] Well, well, that’s not good, right? So,

[00:27:04] okay. Well, we want to make it valuable

[00:27:08] to the user. That’s that’s the most

[00:27:10] important thing. Functionality. Oh,

[00:27:12] well, that means we have to connect it

[00:27:13] to the back end. Erica has to be able to

[00:27:15] see everybody’s balances. Oh, okay. So,

[00:27:18] again, it’s that tension in the system.

[00:27:20] We could make AI secure, but it wouldn’t

[00:27:23] have any connectivity, which means it

[00:27:24] would have a very low value. The drive

[00:27:26] and the the importance of AI and the

[00:27:28] power of AI is because we want it to

[00:27:30] have great value. Therefore, we have to

[00:27:33] now connect it to all these sensitive

[00:27:35] systems. And when we talk about

[00:27:36] jailbreaking again, you can put it in an

[00:27:40] area that’s controlled, but as people

[00:27:43] start using it, right, the value goes

[00:27:45] down and almost immediately the input

[00:27:47] will will be I need I need it to do X or

[00:27:50] Y. I need it to have more power, more

[00:27:52] power. And we’re giving it more power.

[00:27:54] We’ve given it enough power now that it

[00:27:56] has the ability to jailbreak itself.

[00:27:58] >> Yep.

[00:27:58] >> So, we don’t want the jailbreak, but is

[00:28:00] that really the most important thing?

[00:28:02] No. We want it to be powerful so it can

[00:28:05] provide tremendous value to the end

[00:28:07] user. So if you can imagine people

[00:28:09] sitting in a room and the security

[00:28:10] person going oh no we need to limit the

[00:28:13] power and the business person goes no we

[00:28:16] can’t do we we need to expand the power

[00:28:18] so do whatever you need to do security

[00:28:21] but don’t limit us don’t restrict access

[00:28:24] don’t restrict data right well then I

[00:28:26] can’t do anything well that’s okay we’ll

[00:28:28] we’ll deal with it later and that’s what

[00:28:30] happens

[00:28:30] >> but yeah the counter to that is uh and

[00:28:33] and interestingly enough this this came

[00:28:36] up when I was talking to one of our

[00:28:37] clients they were very hesitant towards

[00:28:39] you know sharing their data with open

[00:28:41] AAI or claude or enthropic or anybody

[00:28:44] and and and they kind of asked me that

[00:28:46] hey what’s the how do we prevent them

[00:28:48] using our data for training our models

[00:28:51] as well that because that’s the other

[00:28:52] problem right so there’s this cyber

[00:28:54] security challenge as well but then and

[00:28:55] I said there’s this button in settings

[00:28:58] which I turn off and then I say do not

[00:29:00] share my data or do not create my model

[00:29:04] so

[00:29:05] I can do that and hopefully we’re good,

[00:29:09] right? But then she was like, “Do we

[00:29:11] trust them and what not?” I I was like,

[00:29:13] “You already AWS, you’re using AWS with

[00:29:16] us. All of your data is already with

[00:29:18] them.” I mean, it’s the same behavior.

[00:29:20] It’s just that it’s another company that

[00:29:21] has now come and is asking for access to

[00:29:24] your data. So, you know, it’s it’s

[00:29:25] simple. It’s not that big of a risk.

[00:29:27] Then eventually, yes, if you absolutely

[00:29:30] absolutely want to be sure, uh, deploy

[00:29:33] an on-prem model, set it up, you know,

[00:29:34] in-house, do not use any of this, but

[00:29:36] then you don’t know how that open-source

[00:29:39] model is even working because, you know,

[00:29:41] you would then have to have it vetted

[00:29:43] through going through all those

[00:29:44] penetration testing whatnot and having

[00:29:46] audits and all of that stuff done. So,

[00:29:48] yeah, it’s it’s I see that as a real

[00:29:50] challenge with organizations because in

[00:29:52] the bigger scheme of things, this data

[00:29:54] is their mode now. this is what their

[00:29:56] proprietary IP and the value addition

[00:29:58] would come in from where they have this

[00:30:01] very specific data to their industry to

[00:30:03] their vertical that they’re working in

[00:30:05] and you know making sure that it stays

[00:30:07] with them. So it’s going to be

[00:30:08] interesting times the way I

[00:30:10] >> very much so right uh even to even if

[00:30:14] you did want to contain it and not you

[00:30:16] know for me or for the industry to even

[00:30:19] test that model to see if it’s actually

[00:30:21] doing what it’s doing and it can’t be

[00:30:23] exploited or or there’s vulnerabilities

[00:30:25] in it. It would take so long to test it.

[00:30:28] The next new model’s already out or the

[00:30:29] next two new models and of course the

[00:30:32] users wanted going to jump to those and

[00:30:34] jump to those. So, we don’t even have

[00:30:36] time to test if that was your intention

[00:30:39] and you were willing to do that. And

[00:30:41] that also means you’re willing to limit

[00:30:44] the functionality and the value. And

[00:30:46] right now, people aren’t. We don’t have

[00:30:47] the stomach to say, “Oh, no, absolutely.

[00:30:50] I want to limit my AI or my agent or

[00:30:53] what I I absolutely want to limit it.”

[00:30:55] People don’t. They want no limits. They

[00:30:57] want it to be able to do everything.

[00:30:58] They want it to be able to wake them up

[00:31:00] in the morning and make breakfast for

[00:31:02] them and clean their house and and do

[00:31:04] all their work. So it’s the intention

[00:31:06] and the motivation is more value which

[00:31:08] means more access which means more risk.

[00:31:11] >> Yeah. Absolutely. And and companies like

[00:31:14] Enthropic and AI OpenAI are investing a

[00:31:16] lot in alignment and red teaming right.

[00:31:18] So

[00:31:19] >> yes,

[00:31:19] >> you can’t match that investment in in

[00:31:22] your own private models. It’s going to

[00:31:23] be very hard. But I don’t know

[00:31:25] eventually we’ll have a solution or

[00:31:27] something. But yeah, that’s a that’s a

[00:31:29] very interesting debate that we have

[00:31:31] ongoing with our clients and looking at

[00:31:33] different ags and you know figuring out

[00:31:35] what’s the best way to do it or not. I

[00:31:37] was looking at your top 10 cyber

[00:31:38] security threats in 2026 article. Uh,

[00:31:42] one of the things that you highlighted

[00:31:43] was hyperpersonalized AIdriven social

[00:31:46] engineering at scale. I love to know

[00:31:48] what that means.

[00:31:52] >> It goes back to the social engineering

[00:31:54] and and I see them all the time. Uh,

[00:31:56] because I love it. I love trying to be

[00:31:58] fished, right? It’s it’s just a hobby,

[00:32:00] right? I want to understand

[00:32:02] traditionally, right? When you talked

[00:32:04] about cyber criminals and fishing or any

[00:32:07] type of social engineering, they had a

[00:32:09] challenge. they could either make a real

[00:32:11] generic attack and just widely

[00:32:14] distribute it, right? And that’s where

[00:32:16] you saw the real weak misspellings and

[00:32:19] it didn’t sound right and sometimes they

[00:32:21] got your name wrong, right? But they’re

[00:32:23] able to distribute out to millions. So

[00:32:25] they can either go very very wide but

[00:32:28] not very good or they could focus their

[00:32:30] time on a particular target and make a

[00:32:33] very customized kind of attack and

[00:32:36] handhold it and and make it real

[00:32:38] quality. But they couldn’t do that to

[00:32:40] everyone. So it was it was kind of on a

[00:32:43] scale. Do I go broad or do I get really

[00:32:45] good? AI has completely blown that out

[00:32:48] of the water because now they can use AI

[00:32:50] to create very good customized real

[00:32:54] interactive real time right at machine

[00:32:56] speed and now do that for mass numbers

[00:32:59] of people and the customization can be

[00:33:02] wonderfully incredible. Good for them,

[00:33:04] bad for us, right? Um, I got one in my

[00:33:06] inbox the other day and it that, you

[00:33:09] know, they engaged me and they had set

[00:33:11] their AI to go off and look to do a

[00:33:13] search on me on Google and LinkedIn and

[00:33:15] pulled in a whole bunch of things and

[00:33:17] two full paragraphs it was flattering me

[00:33:20] saying hey no it’s great what you do and

[00:33:23] hey you spoke at this conference and

[00:33:25] that really resonated with me and and oh

[00:33:27] and it was very in now I was able to

[00:33:30] very very quickly identify they had

[00:33:31] frayed they had interpreted something

[00:33:33] slightly off right that a

[00:33:36] I knew it instantly that it was AI, but

[00:33:39] it was it was really well done. And they

[00:33:41] had hit several different typical

[00:33:43] cognitive vulnerabilities, right?

[00:33:46] Flattery and urgency and and you know,

[00:33:48] appeal to wealth, all these kinds of

[00:33:50] things. And then it started to get into

[00:33:52] what it wanted me to do. And I had

[00:33:54] noticed at the bottom they had put you

[00:33:57] know this is my name and title and but

[00:33:59] here’s our company web page. I’m like oh

[00:34:01] well that normally isn’t done. So, I

[00:34:03] went and grabbed the URL, put it in a

[00:34:05] safe sandbox and launched it and the

[00:34:08] company’s web page came up. It had a

[00:34:09] beautiful image of their headquarters

[00:34:11] with their name on it and I start

[00:34:14] clicking through and it’s got, you know,

[00:34:16] its products and its marketing materials

[00:34:18] and I go to the about page and it’s it

[00:34:21] lists all of their executives, their

[00:34:24] founder and CEO, their co-founder, their

[00:34:26] chief all and so I start clicking

[00:34:28] through and it goes to their LinkedIn

[00:34:30] page. All these people are synthetic.

[00:34:32] All the accounts are fake. All of them,

[00:34:35] right? The images were generated. The

[00:34:38] the profiles were create. They created

[00:34:41] LinkedIn accounts that were completely

[00:34:43] fake, right? Every page on that web page

[00:34:46] was synthetic. And so I dive into the

[00:34:47] code and I actually found it was an AI

[00:34:49] tool that it’s a legitimate tool that

[00:34:52] you can go and it will create your

[00:34:54] company web page for you. They had used

[00:34:56] that to create a fake web page to

[00:34:59] reinforce, right, the legitimate

[00:35:03] of the fishing email and I thought it

[00:35:05] was fantastic. I just I I I got giddy.

[00:35:08] I’m like, “Oh, this is awesome.”

[00:35:10] >> And we’re going to see that we’ve got

[00:35:12] deep fakes coming. We’ve got, you know,

[00:35:14] synthetic web page, synthetic

[00:35:16] personalities, executives, right? Oh, I

[00:35:19] spoke at this and they’ll have a web

[00:35:21] page or or they will start feeding the

[00:35:24] news feeds out there, right? The Googles

[00:35:27] of the world that indexes stuff. So that

[00:35:30] yeah, if I Google that, they did speak

[00:35:32] there. Why? Because they seated that,

[00:35:35] >> right?

[00:35:36] >> Right. And now that can all be

[00:35:38] automated. That used to take a nation

[00:35:41] state level, a crew of 20 people to

[00:35:43] build all that, right? And do all that

[00:35:46] research and make sure the wording is

[00:35:48] correct in the correct language of your

[00:35:51] target and maybe even in a regional

[00:35:54] dialect, an accent, right? And then yes,

[00:35:57] when you click on less chat, it’s going

[00:35:59] back and forth with you in real time. So

[00:36:03] it’s amazing

[00:36:05] what it can now do to the benefit of the

[00:36:08] attackers. Are we prepared as potential

[00:36:10] victims to deal with that? Probably not.

[00:36:13] I mean, I enjoy it. I expect it, but I

[00:36:16] don’t expect anybody else to dive that

[00:36:19] deep.

[00:36:20] >> Yeah, I agree. So it’s more it’s a 100

[00:36:23] times evolved version of that Nigerian

[00:36:25] prince email that we used to get was

[00:36:28] there right so

[00:36:30] >> and people were sad at that time because

[00:36:33] it was completely new they didn’t know

[00:36:35] and whatnot this is like that you know

[00:36:37] 1,000 times evolve version but it’s it’s

[00:36:40] it’s crazy the amount of work it can do

[00:36:42] uh the problem would be that this would

[00:36:44] eventually erode a lot of trust right so

[00:36:47] I mean what do I trust then and and the

[00:36:50] and the consequence of that is that even

[00:36:52] legitimate outreach, you know, gets

[00:36:54] ignored because I just I just don’t know

[00:36:57] what’s the difference between the two.

[00:36:58] You know, somebody is really is a

[00:37:00] legitimate outreach versus like this and

[00:37:03] it just becomes hard really becomes

[00:37:05] hard. So I guess you know as early on

[00:37:08] you could you could see those dashes and

[00:37:10] you would realize AI written but now

[00:37:12] people learn that you know you can give

[00:37:15] a prompt and make sure that there’s no M

[00:37:17] dashes. It’s going to be hard.

[00:37:19] Definitely. Definitely. That’s

[00:37:21] >> We’re going to have to learn new skills.

[00:37:23] And the first piece of that is to simply

[00:37:26] assume that we can be manipulated,

[00:37:29] right? Don’t we we just can’t trust it.

[00:37:32] Right now, we still believe in certain

[00:37:34] areas of trust.

[00:37:36] >> Yes.

[00:37:36] >> Right. Um it used to be back way back in

[00:37:39] the day when you got an email, you

[00:37:41] assumed it was from that person, right?

[00:37:43] If it had their name. We we and then we

[00:37:45] learned, oh, it can be spoofed. So we

[00:37:47] didn’t trust that uh originally when

[00:37:50] photographs came out they were

[00:37:51] definitive proof of reality and then we

[00:37:54] realized when tools came out you know to

[00:37:57] to modify image or create images okay we

[00:37:59] can’t trust that and then you know video

[00:38:02] nowadays video we trust it it’s video

[00:38:06] but now we’ve got AI that can create

[00:38:09] video that we can’t really discern

[00:38:11] whether it’s fake or not so we can’t

[00:38:13] really trust that well oh wait what if

[00:38:16] we get on a phone call. I mean, you’re

[00:38:18] talking with them that you should be

[00:38:20] able to, right? No, we’ve got deep

[00:38:23] fakes. Oh, what about a video? A video,

[00:38:26] you know, video chat. No, we’ve got deep

[00:38:28] fakes for that, too. So, every time

[00:38:31] technology evolves, we have to

[00:38:33] re-evaluate, right? And decide, can we

[00:38:36] trust that or can’t we? We are at

[00:38:38] another pivotal point here where the

[00:38:41] things we thought were absolutely true

[00:38:43] in video and voice and in real time

[00:38:46] engagement we have to then step back and

[00:38:48] go I’m not going to inherently trust

[00:38:50] that there have to be other ways that

[00:38:52] then face to face meeting or physical

[00:38:57] >> a handshake actually is pretty good but

[00:39:01] you know and that’s just to make sure

[00:39:02] it’s not AI you may you know shake the

[00:39:04] hand of a fraudster and they’re using

[00:39:06] other social engineering

[00:39:08] you know, a old ones. So, you know,

[00:39:11] personally, I think we are actually

[00:39:13] going to go deeper into having to use

[00:39:17] different digital technology tools,

[00:39:19] encryptions, tokens, certificates,

[00:39:22] challenge response, those kinds of

[00:39:24] things.

[00:39:25] >> So, I have a unique QR code assigned to

[00:39:28] me that nobody can have access to.

[00:39:30] >> Yes. Yes. Right. I’ve got, you know,

[00:39:33] I’ve we’re using an encryption or a

[00:39:35] validation or certificate protocol and

[00:39:38] only you have the private key. So now I

[00:39:41] can I can validate this really is that

[00:39:43] person.

[00:39:43] >> That that would just be a web page URL,

[00:39:46] right, anymore. So we’re going to have

[00:39:49] to video call. So before we say hello,

[00:39:51] hi, my name is this and my QR code XYZ

[00:39:54] and what’s your

[00:39:56] >> Well, think now think about it. It may

[00:39:58] actually be easier because if a zoom

[00:40:02] right or whatever tool that you’re using

[00:40:04] when people log in if as part of it they

[00:40:08] have to prove that authentication right

[00:40:11] through a challenge respond asymmetric

[00:40:14] you know encryption or a token or

[00:40:16] certificate and it automatically

[00:40:17] validates that

[00:40:18] >> interesting

[00:40:19] >> right it comes up on your screen and you

[00:40:21] may see a list of attendees but some of

[00:40:23] them have a little key on it or a check

[00:40:25] mark or something like that that you now

[00:40:28] know the system has done a digital

[00:40:30] verification on them, a high, you know,

[00:40:34] degree of confidence and, you know,

[00:40:35] validness that you can trust it’s a real

[00:40:38] person. We’re not there yet.

[00:40:39] >> You might end up there yet.

[00:40:41] >> Yeah. But, but yeah, you might end up

[00:40:43] wearing those badges. I am real or I am.

[00:40:49] No, what’s even worse will be the day

[00:40:52] when we actually prefer it to be this

[00:40:55] synthetic one because then they’ll

[00:40:57] summarize it and they’ll capture

[00:40:59] everything and they’ll pay attention,

[00:41:01] right? They won’t walk away on a call.

[00:41:03] They won’t be doing something else.

[00:41:04] They’ll listen to every word. So at some

[00:41:07] point we will evolve to the to a state

[00:41:10] that we will actually prefer your

[00:41:12] digital agent who will gather everything

[00:41:15] pertinent to you summarize it

[00:41:17] specifically for the key points that you

[00:41:19] need right and that way you will will

[00:41:22] get the attention that’s required so oh

[00:41:24] there’s we will not stop evolving that’s

[00:41:27] that’s the thing this is always a moving

[00:41:29] target correct what we see as a

[00:41:30] detriment today will be a benefit

[00:41:32] tomorrow

[00:41:33] >> correct and evolution I mean this

[00:41:34] evolving this evolution is moving much

[00:41:37] much more rapidly right so previously it

[00:41:39] would take a century to get to some

[00:41:41] place now it just takes decades or 5

[00:41:43] years or half a decade even I mean

[00:41:45] millennials typically 40 45 years people

[00:41:48] have seen casset players or walkmans to

[00:41:51] AI right so that’s in in just 40 45

[00:41:54] years and it’s crazy the the way things

[00:41:57] are moving now so you never know what’s

[00:41:59] come you know what April 2027 going to

[00:42:02] going to look like so you know

[00:42:04] >> very hard to predict now

[00:42:05] >> and and we see that technology curve,

[00:42:07] right? I mean, we’ve got the Aremis

[00:42:09] missions that that’s currently in space

[00:42:11] now. And most people don’t realize the

[00:42:13] vast amount of history of mankind, we

[00:42:16] couldn’t fly, right? It really wasn’t

[00:42:18] until the Wright brothers got it right.

[00:42:21] And there at Kitty, you know, Kittyhawk

[00:42:23] Field when the Wright brothers took off

[00:42:25] to the point that we landed on the moon

[00:42:27] was 60some years. But for the 800,000

[00:42:31] years prior to that, we couldn’t even be

[00:42:33] in the sky. And so we went for 800,000

[00:42:36] years, couldn’t even be in the air, and

[00:42:38] then 60 something years after that, we

[00:42:41] were standing on the moon.

[00:42:42] >> Absolutely.

[00:42:42] >> I mean, that’s that’s compression. We we

[00:42:45] see that all the time, and we’re

[00:42:47] experiencing it now.

[00:42:48] >> That’s a better than my cassette player.

[00:42:50] So, yeah,

[00:42:52] you’re right.

[00:42:53] >> Imagine what the next 60 years will be.

[00:42:56] >> Absolutely. No, I agree. I agree. All

[00:42:59] right. So, last question. And uh for

[00:43:02] leaders listening today, what’s your

[00:43:04] advice for making sure uh that their AI

[00:43:08] systems that they’re now, you know, a

[00:43:09] lot of organizations are trying to

[00:43:11] actively adopt, embed into their

[00:43:13] workflows, their process, giving access

[00:43:15] to data, you know, are actually secure

[00:43:17] and not only just working. What would be

[00:43:20] a couple of things that you would, you

[00:43:21] know, kind of give them advice on?

[00:43:22] >> Yeah, nobody’s going to like this

[00:43:24] answer. Um, and let me predicate it by

[00:43:27] saying we we’ve touched on a lot of

[00:43:29] reasons why, right? the rapid speed, the

[00:43:31] desire for functionality over security,

[00:43:34] all those kinds of things. My advice is

[00:43:37] to assume that it is not secure, that it

[00:43:41] is not trustworthy. Start from that

[00:43:43] point. No matter you know what what the

[00:43:46] vendor is saying, hey, we red team this

[00:43:49] or hey, we put it in a VM. Just assume

[00:43:52] it’s not secure or trustworthy. We start

[00:43:53] from that point and then think about how

[00:43:56] we limit the damage. goes back to the

[00:43:59] fundamentals, right? We want to limit

[00:44:01] that exposure. We only want to give

[00:44:04] permissions for what that agent needs.

[00:44:07] We only want to expose the limited

[00:44:10] amount of sensitive data that’s

[00:44:12] required, right? Start putting in

[00:44:15] controls and we call it governance.

[00:44:18] start putting in those guard rails to

[00:44:21] help minimize damage because if you

[00:44:24] start out expecting, hey, this is not

[00:44:26] secure. Then you get to a point of

[00:44:29] going, okay, we know we need this and we

[00:44:31] need to move forward. How do I manage

[00:44:34] the risk? I’m not trying to eliminate

[00:44:36] it. I can’t do that, but I want to

[00:44:38] manage that risk, right, to an

[00:44:40] acceptable level while we continue to

[00:44:43] support moving forward. And it goes back

[00:44:46] to that example, right? You don’t give

[00:44:47] the intern on their first day full

[00:44:50] administrative rights to the world to

[00:44:52] your digital world and and keys to the

[00:44:56] to the safe that has all the cash.

[00:44:58] >> You don’t do that. But over time, you

[00:45:01] start to expand slowly, right? What

[00:45:04] access they have, where they should be

[00:45:06] able to go, and what they should be able

[00:45:08] to do. AI is absolutely no different. It

[00:45:11] is that intern that’s going to help you,

[00:45:13] but you can’t give it total control. Not

[00:45:16] in the beginning. Rationalize figure out

[00:45:18] what it needs. Guard rails, governance,

[00:45:20] controls, but let’s move fast so that we

[00:45:23] continue to get the value that’s needed.

[00:45:26] We need to support that rapid adoption.

[00:45:29] We just have to move faster in security.

[00:45:31] >> All right, awesome advice. I think

[00:45:33] that’s that’s really really good. So

[00:45:35] assume it’s unprotected, it’s unsafe,

[00:45:37] start from there. Do not give access to

[00:45:39] everything. Treat it that way and get

[00:45:41] back to the basics. So all right, great

[00:45:43] advice, Matthew. It’s it’s been a

[00:45:45] pleasure having you on Tech Unined. We

[00:45:47] really appreciate your time and your

[00:45:49] cander. I loved the energy for the

[00:45:51] podcast today and I really enjoyed it.

[00:45:54] >> Absolutely. My pleasure.