AI is changing the cybersecurity threat landscape
Practical AI: Machine Learning, Data Science, LLM
Deep Dive
- AI is changing the cybersecurity landscape.
- Human defenders remain crucial in cyber defenses.
- There is an AI standoff between attackers and defenders.
Shownotes Transcript
Welcome to practical AI, the podcast that makes artificial intelligence practical, productive and access. Like this show, you love the changes interviews days in on fridays and awesome talk show or your weekend enjoyment. Find us by a searching for the change log whereever you get your broadcasts, thanks to our partners at fly out I O launch your AI apps in five minutes or less. Learn how at .
why I O was up. Nerds, i'm here, the curt magi cofounder and CEO of fly. You know, we love fly. So curd, I want to talk to you, buck the magic of the cloud. Yeah.
thousand is right, right? I think it's valuable to understand the magic point to cloud because you can build Better features for users. Basically, if you understand that, you can do a lot of stuff, particularly now that people are doing l am stuff, but you can do a lot of stuff if you get that, then can be created.
So when you say clouds aren't magic because you're building a public cloud for developers and you go on to explain exactly how that works, does that mean you and .
someone is that means these all came from somewhere like there was a simple or time before clouds where we d get a severe rag shack and we have or tell that into IT even and put file somewhere and run the web servers ourselves to serve them up to users. Clouds are not magic. On top of that, there's just more complicated ways of doing those same things in a way that meets the needs of a lot of people instead of just one.
One of the things I think that people miss out on a lot of this is actually because ab s and G C P have created such big black box subtractions like lambs, really black box. You can't like pick apart land and see how works from the outside. You have to sort of just use what's there.
But the really is like land that is not all that complicated. It's just a modern way to a loge little vms and serve some requests from them and let them like kind of pause and resume and free up like physical computing. The interesting thing about understanding how clouds work is that let you build kind of features for your users.
You've ever would expect IT, an archeology version of those for us, is that, like when we looked at how we wanted to icily user code, we decided to just expose this machines concept, which is a much lower, lower of interaction of lambda that you could use to build lambda on top of. And what machines are just these vines that are designed to start really fast, or designed to stop and restart really fast, or designed to suspend of, like your laptop does and I, and resume with fast when you tell them to. And what we found is that giving people is permanent is actually there's like new apps being built that couldn't be built before, specifically because we went solo level and made such A A minimal abstraction on top of generally like linux kernel features. A lot of our platform is actually just exposing a nice us around linux kernel features, which I think is is kind of interesting. But like you still need to understand what they're doing to get the most use set of them.
Very cool. okay. So experience the magic of fly and get told the secrets of fly because that's what they want you to do.
They want to share all the secrets behind the magic of the fly cloud, the cloud for product of developers, the company for developers who ship learn more. And I started ted for free at fly dot I O. Again, fly dot I O.
Welcome to another episode of the practical AI podcast. I am Christenson a principal, A I and autonomy research engineer, lucky Martin. And with me today, I have two guests.
They are going to join the conversation. They are both from blackberry. One is gregory Richard son, who is vice president and global advisory.
see. So I had black berry, and there's also smile vala swell. A did I get that correct?
Yes, thank you.
And I not only have Daniel for that, and he is vice present of threat research and intelligence of, like, very gentlemen. Welcome to the show. Thank you so much for joining .
honor to be here. Chris. Thank you.
Thank you, Chris.
Really glad to have you. Uh, we're going to talk today, uh, all about security and threats and see a issues like that. I know that there is a blog post to get a started, and i'll let you guys kind of take IT from there that you have on the blackberry blog.
That was the a stand off attackers versus defenders. And I know Daniel was the first person to see IT and said, we ve got to get these guys on the show and that ironically, he is not to get here today and I know he's disappointed about that. But um what kind of start off and and kind of can you tell us a little bit about a the topic in general before we dive into the specifics in the landscape? And who does IT affect and why should they care?
So so maybe IT has to little bit with backgrounds as well, right? So I cannot really say i'm an expert in A I well, I not really say am an expert on anything. And the more I spent you know time in this industry, the less you feel you know right.
But I can say my career has been mostly dedicated to cyber defense. I I started on the offensive side, but then I quickly moved into the well, not quickly, but over years I am moved into the defensive side. So i've seen both sides.
And I still like to, you know, pick on the offensive side to learn from from. And I call that think red like blue, I think is a an attacker to become a Better defender. So obviously, when I was a writing about this, I had to bring the A I flavor to IT like this is really U C.
I going to represent an advantage to attackers or defenders. And we usually get that that question. So I wrote this from a cyber rence perspective, right and and that's what you see there.
So before we die fully into the article, what what was driving the need? What are you seeing you guys both blackberry there is clearly a need driving, uh, addressing cyber. Tell us a little bit about how you see the lay of the world from a cyberstalking um and what IT is that what's the problem you're trying to solve in the large .
yeah let me give you the contrasting kind of perspectives because I actually didn't know that is smell who have worked with for many years now, even at different companies before blackberry, I didn't know that you were um you started on the offensive side and then switched to the defensive side. Um I am very much the opposite. Well, except for the switch, I started on the offensive side and I remain on the offensive side.
The part that I am most intrigued by and always have been is what I call well, what's call vict um attacker ontology. So i've always wanted to understand what makes the attacker behave like an attacker so I can Better defend. But my primary areas of research and areas of work and my primary focus has always been trying to anticipate what the attacker is going to do um you know so that I can help our clients strategized IT set set.
It's always been like even before h and just from A A I perspective, cyber security has been using A I for well over twenty years. I'd say probably thirty years almost um so it's not as novel as IT is to you know the average lay person but even before the popularization of the democratization of A I that we've seen in the last two, three, four years with companies like OpenAI sea, even before you know I was so much in the forefront, i've been very intrigued with how we can build strategies that help customers, organizations, governments anticipate earlier what they need to be protecting against. And that's kind of where my perspective come.
So my I didn't contribute to to the blog I believe was primarily this smells blog and maybe a smell in this team. But my perspective on the blog was um very much how can we use A I to also help level the feels a little bit more. It's a constant, you know battled with the fields going back and for that kind of who's winning the race between attackers, no siber criminals and defenders. So anything we can use to help baLance that out, that's always been my interest.
I'm curious before we fully dive into the AI stuff, can you describe because we have a very AI focused audience diversely in that area, but a lot of folks maybe have never been really addressing cyber themselves.
And when you talked about that the interlock and kind of talked about maybe some of the motivators that you know why? What are these people out there who do they represent? What are they trying to do in a baseline like weather without A I? What's what are we dealing with the world?
I remember and again, i've been at this for a while, probably longer than most. Um you know like your age, Chris, approaching sixty years old actually off my long, that's right. So i'm approaching that age that you know scary.
Age of sexy at least is scary to me. So I remember a lot of things historically about the cyber um security industry that give me perspective. One was I want to say I was around two thousand ten, eleven or twelve somewhere around there. IT was the first time that I noticed um in the FBI threat intelligence report that they used to release every year in that report around two thousand and ten, eleven, twelve was the first time that they reported the fd N I reported that profits derived from cyber crime surpassed globally surpassed profits from hero win cocaine, marijuana sales combine well and for me that and i'm talking this was you know two thousand ten like I said that to me was a tipping point that in my mind, i've built the narrative that right around then, or maybe a year or two, year three, before then or after then.
That's when a criminal organizations focused in on cybercrime and IT switched from being, you know, the harmless packer in the grandma's basement you know thinking like a Kevin nick type of a guy um who who kind of started off that for those were in the cyberspace they know the name you know he was kind of like a cold and cold harmless actor. He was arrested I think he's might have been one of the first cases of of of full fledge arrest and conviction for cybercrime. But you know, his his cybercrime was always focused on, what can I learn? You know, what can I gain from these things that i'm illegally getting access into? IT was less if if I all IT was not about um you know what can I financially gain now IT is largely financially motivated or let his mill deal with this a little bit more because you know this is his first day he runs our threat organization. But from my perspective, IT is largely based on what can we monetize is what .
do you have add to that?
Well, the first thing is i'm so happy to know i'm the Youngest one in the room. okay. So says me with a White beard.
right? We're all showing IT a little bit, but that's okay.
We're on top of things, man. But yes, so was greg says h my team um our job is to characterize the adversary and to translate that into we call IT countermeasures right? So think about you know your analyzing uh your goal is to design a vest to protect law enforcement, for example, right? So we we analyzed the weapons, we analyzed their tools, we analyze the motivation, but how they Operate.
And then we take all of that and we use this information to be signed the most effective vest to protect against those bullet, right? But it's not just about the bullet is about like who is using these weapons and what's the reason they are using them for. That's the motivation.
That's really the key pace. And this financial motivation, greg been saying, has been growing very fast. And that's why we all know about ran support, for example.
But there's a lot of other motivations and maybe we can talk about that much. Well, some of them we do. Spanish nation states, the so called A P T. Advanced persistent threats that we often seen the news and especially, you know, right now run election times, is a lot of talking about about this manipulation of information by are these nation state actors. These are very well funded, and typically they are the most advanced of all of them.
But these other motivations to this activism, you know, we have seen groups, so like anonymous in the past, like many others, that they would target, get organza just because they make money. I don't know, selling records, right? And they think that's evil.
But at the end of the day, cyber just a weapon, right? It's a weapon that can be used for good, a weapon that can be used for for evil. Msci, right? A, I just one more tool in the arsenal of any people. So that that's what I like to talk about the motivations, because he helps us to understand what's the purpose of using a tool in this case, like ai, in this cyberwar, if you want.
So how does blackberry can you kind of layer in blackberry have having kind of given us that that landscape of what what you're looking at in the world? And how does blackberry start layering into this? What what are your interest in that capacity and what are you trying to accomplish?
A good question. Uh, well, so we have been in the world of uh security communications for for quite some time, right? And nothing members. Those blackberry devices, we don't we don't do devices anymore, but we do uh software to protect our devices, not just phones but also employees so far all over all over the world. And specifically my team.
What we do is to mention before try to correct these these attackers to be able to to protect uh, customers, right? And this takes the form of products IT takes also the form of services from m point software to zero to trust network access to um you know high military grade scription, to secure communications, to even a software to manage crisis could be no instant response like the environment on fire, the attackers here and we need to remediate that or we could be even like a natural disaster. So when we talk about threads, we just even go beyond just a cra security threats. That's a high level. All of you, I know, greg, if you want to go deeper into that.
I don't if I go deeper, I make something off of one of the branches. The side of blackberry that i'm manically focused on is really just, I want to say, surely the cyber security part. So obviously, black very does a lot of the things we have, our automotive and IoT um section segment that that's very, very, very large, probably a billion dollar business enough itself with x Operating systems that run in any car that has anything digital in IT.
Etta, um the part that i'm focused on though is pretty much purely my area of expertise, which is cyber security. So on what we've been doing from my side of the house is helping customers mailed their defenses in a way that allows them to do something that I call preemptive security. If you remember, in my earlier pambo, I referred to, you know, we need to be able to predict what the attackers are going to do so that we can defend against IT.
I help my customer strategize around building those platforms, those tools, those combination of different tools to do exactly that. The new ones of IT with cyber security is just because of organically how the industry has grown and you know VC investment in a million and other reasons we've sfr wed very much into, you know there's thousands of tools to get the job done and there's probably thousands of not tens of thousands of different, different aspects that need to be protected in the average organization. You might have you know and pots, you know the computers, you might have servers, you might have a network, you might have stuff up in the cloud, you might have Operational technology or I O T technology, all different aspects that all need to be protected, that all require completely different tool sets.
That sprawl has made IT difficult for customers to hang a homogeneous approach to how do we defend against IT? All is not can probably talk more about one of the things that attackers do, I want to say very, very, very well, is attack the gaps between our tools. So if they detect that you have a great tool, that the the foremost tool on protecting computers, your end pots, but your network attack is a little bit week, they're going to attack right in the middle networks back and gain access to the end points vise versa.
They see your your network in your end point, your rock salt, but you have a weakness over in the cloud. You going to start seeing cloud attack. What the industry has not been very good at that blackberries trying to help resolve is how do we help customers pull all of that telemetry try in to be able to get, as I said, a homogeneous few of everything that's attacking them and everything they're doing about defensive across all those little silos.
That's what I helped my customers strategized on. And my customers vary from governments. I met with the government of meracle couple of weeks ago um to large CoOperations, the biggest banks in the world, the biggest airlines in the world at sea and IT IT IT just stands the range but all of them have that problem.
The most matured organizations have well developed tools that are uninterested and the the least like the S M B S, which are also our our targets. Our customers um have six often times less develop security stacks. But the problem is the same, even if they say, well, you know we can make an investment in this one little tool, then they have their gaps and they're not being able to install of that intelligence that they have.
IT says something about the industry, and i'm going to kind of shoot at my own job now. IT says something about the industry that a strategist at that level focused on those types of problems is even needed. Like you don't have that in the medical industry, as far as I know, you definitely don't have that in.
For example, the automotive industry, like there aren't integrators that need to help you with how to integrate you know your car to work properly. You go afford you say I want A S U V. They give you the whole S U, V.
They don't say by the motor ham, and then go down the street and get four tires and go across the way and get a transmission. You glew IT together and you make IT work. They give you the whole thing. Cyber security doesn't do that.
We don't give you the whole thing so that necessary tes of cross section of strategists like myself and the team that supports me um to go out and actually help customers pass through this web of tools that theyve built. If you probably don't go to siber security industry events, I do smell does as well. Smell speaks at many of them.
The amount of vendors on the expo floor. I remember going to R S. A thirteen years ago. Also, handful of vendors was a small convention. Now, early, thousands, three, four, five thousand fingers.
forty thousand people last year.
So what I do, I thought that was black. I went to a conference call, jy, tex, holy smoke, playing most a million people at jy, tex, at a conference talking about technology. IT was crazy, insane. The amount of boots, I think, was forty thousand vender, like insane, that there is an appetite for all of these tools and customers are pumping them up and IT makes their environment more complex. And that's .
where we often times come in a this in the ship.
OK friends, here's what I love about notion. And i'm a big fan of notion. I think all the new improvin ce that made recently with notion A I built rate in is just a standing being able to have your notes, your doctor projects or to do your asks, your dashboards, all the things in one single place, beautiful ly designed.
And then add on top of that notion AI, with the ability to search, analyze, chat and even described you how to build dashboards, you can ask you, hey, I want to do this. And that will help you build out a dash or or a data base or a template that makes sense for you. Follow your business, your orgues, or whatever notion really is the perfect place to organize your tasks, track your habits, right? Beautiful dogs collaborate with your team.
There's just so much you can do with IT and notion I already has. The context of all that work is also connected to multiple knowledge sources. IT uses a acknowledge from GPT four and clod share with you about any topic search across thousands of notion dogs in seconds to quickly answer really any question you about your context, which is all of your notion dogs.
They also have A I connectors. This is now in beta. Notionally, I can search across slight discussions, google documents, google slides, google sheet and even tools I get have in gea.
Those are coming soon. And the call thing with notion is that could be used by a small teams, individuals or even fortune five hundred companies. IT is a very scalable tool that can help you spend less time emAiling or meetings, save your time searching for all your work and reduce spending on multiple tools.
And this helps everyone, beyond same page, try notion today for free. When you go a notion dotcom slash practical AI. That's all of our case letters.
Notion 点 com flash practical ai to try the powerful, easy to use notion AI today. And when you use our link, of course you are supporting our show, and we love that again. Notion 点 com slash practical ai。
okay. So as you guys have watched the industry explode and your and you're dealing with these things that, that other industries don't necessarily have to dress, you talked about kind of just the sprawl of assets to defend and the gaps between them and the fact that there are so many tools addressing different components.
Um I would imagine that's quite a chAllenge, which is one of the reasons i'm sure the industry has got ten as big as IT is as you're looking at that and you're starting to see these new things. And when I say new, meaning some of the more recent tools on the A I romance to like that as cyber experts, how was A I starting to layer into this the ecosystem? What are you? How do you see that? What the the prosing cons, the risks uh and threats that IT creates. Uh can you tell us a little bit about how those to uh convert?
Yeah this is just mentioned before. I explained really well that this is say, a an industry that is always like chasing the new shiny right like what's the new thing that can solve all of my problems? And there is no such a thing is a lot more complex than that.
And every time that we try to find that single tool that super bullit, we often fail, right, because of a lack of an understanding of how all these things need to come together. So where we're in the midst of that hype, and now the tool is, of course, A I, right? And I would say even more specifically, L A.
Generate A I. Because we know, and and you guys in the show know well, that we talk about the eye one thing, right? It's a lot, lot of different things. For example, of blackberry we have been using for many years coming from the silence engine, from the silence days, a predictive AI engine, right? We know, talking about predictive machine learning, essentially.
And I remember well, I was in, I wasn't at silence at that time, but some of the Michelle gues and wear told me that they were a black hat. I think probate two thousand, two thousand and sixteen or something like that, right? They were talking a black hat about this.
And a lot of people like go to, you know that that that's not possible, your sudden, slow, you know that's not the way you detect. Now we are fast forward to today and everybody understands that you cannot fight mware with signatures right in our report. And we we produce these report on a quality basis.
We talked about the latest increase in the last quarter. We're talking about a fifty three percent increasing unique pieces of mile, right? I think I don't know if the audience is familiar with the concept of a hash or a fingerprint.
You take a binary, a glove of data, and you create, I think, of prints or a hash of that. And that says we get that unique right? Different hashes, different files. So we're talking about over eleven thousand pieces of unique maler quarter that we have seen with our telemetry. How in the world are you going to, you know, create a database.
maintain a .
database? All right. So predictive machete learning helps us with that. And it's been helping us for many years to have a look of really, really good detection of these type of things. Now in alams can also be useful for different things.
So once again, I think the summary is A I is a useful tool in the hands of defenders. IT is also used by attackers. And we can maybe getting to that if you want. But I I would say that once we go over this hype cycle that we always have in this industry, we ably understand that is just one more tooling in our arsenal and that we need to remain problem focused. Just because we have a solution to a specific thing IT doesn't mean that it's gonna be the a solution to absolutely everything, right?
But but of course, IT helps. Yeah, I comment on that if I .
make Chris sure absolutely IT smell.
touch a little bit this. He kind grazed over l, and i'm glad you only graze over IT because of what I am about to say. We think L M.
As good as they are, and they have some excEllent use cases in value. I think they contribute to a lot of the noise and the high machines that we hear in the industry right now. I'll speak specifically for cyber security.
I am not yet convinced of the utility, the usefulness ess of an LLM particularly for its natural language um ability ability to process things that I A natural language. I'm not you that that was the problem we had. And I speak to sunk analysts and chief information security officers literally on a daily basis.
That's my job. And you can remember in the last thirty years doing this that a group of Operator soc analysts and sarraf told me, you know what? We great, greg, we don't know how to extract the data from our tools.
If we could only say that in natural language, that would really help. That's not the problem. The people that are doing these jobs in the sox at that very adept at their tools, they don't have the problem communicating with the tools and writing A A passing demand or A, A, A query whatever to extract the data.
That's not the issue. There's loving things that A I and machine learning can help with. Classification is a big one. A smell has already referred to prediction. I think that's a very, very big one that is underutilized ed today.
But classification, how do we classify not only files and hashes, but behaviors, indicators of attack, indicators of comfort? How are we able to classify, you know, these three things that are connected together, or in the case of a cyber attack, these different things, these different behaviors of indicators we find, how can we hold them all together and say, listen, this is leading up. These people belonged gether.
These ten things that we found on your network, and these fifteen things that we found on your end pots, and these twelve other things that we found simultaneously in the same temporal window in your cloud environment, they all belong together. They're all part of one attack, that classification process. I think that somewhere where I can help because that's where the gap is, taking the tune of data that comes in, that swap our security Operation centers with alert fatigue passing through that, to quote pope, make sense of IT. And kind of now with down to a few cases. And when I say few though, that few may be thousands still, but it's an order of magnitude or more job from the tens or hundreds of thousands of events that you get if you can drop that down to a significantly smaller amount of cases and then tackle those cases that one of the problems that I see A I solving in cyber security extremely well it's .
really interesting to here you to say that um and I wanted I I just isn't aside for a moment uh for our audience who is is going episode episode this is a topic we talk about a lot IT sounds like you're going through. You're familiar with the gardener hype cycle. Know when he goes up over to the top maximum hype.
People become frustrated, plunges down in the trough of disillusionment where they're very unhappy and they say, distinct, I don't want to deal and then people kind of take a second look and they go, well, it's good for some things. It's it's not the solve, you know doesn't a solve everything and they find their their platov productivity what is actually useful. And IT sounds like you've been going through that same process like like many other industries have um and and you're really practical.
And you also drew out another point that i'd like to emphasize and that, that when IT comes to generate A I and allies and such, we have a habit forgetting that there are that there are other techniques in the A I realm out there classification other ways here. exactly. And and you guys are like, we have other tools here that are really productive for what we're doing, just maybe not the super hype part of IT. So i'm i'm really glad that you shared that with us because we are practically ee on the show and we're trying to to give people on track.
I just giving an example of help. Sorry, this is getting I saw a large vendor. I'm really time to say the name but I want uh there was a showing um you know how cool this generation V I is applied to the sock.
So you know that the solid secure departure center, they typically use dashboards right now, they have dashboards and they are looking at, for example, number of, I don't know, DNF requests on a number of alerts for these or for that. So there is this dashboard and there is a peak of activity at seven P. M.
So now the yes, the LLM is like, see, I saw a pic of activity at seven b and i'm like, how much money are you pay for that, right? This is a large cost in in this type of subscriber, and I can easily train analyst to catch that and that person can give you a more context, right? And have probably more intuition, more maybe the knowledge of the strategy, right, talking about strategy, gregory, and even more creativity than that.
So absolutely, like you got to know what the tool is useful for, is very useful for context olisar summize ation pad of matching generalist hypotheses testing, right? I could go and say, hey, based on all of these reports that I have written on, all of these database that I have, give me a going to the offensive side of greg, give me a emulation plan for emulating this reactor, right? And is not gonna super creative because it's going to be based on things that have already been the data that has already been gathered.
But IT will save me a lot of time because I will not have to go through all of these documents myself and have to extract all of these different things. So I may eat ate over that faster and gets to that faster. But yeah.
there's a lot of hype. One of the things that I again, i've been in this industry for almost forty years, so it's pretty much the only thing i've done professionally, you know, since I came out of college. So i'm very passionate about IT in case that's not extremely evident to your audience yet.
Therefore, I also I also tend to look at myself and my industry with a really sometimes a bit of a harsh lens. And so i'm going to say something now that might be inflicted outside of cyber, but I see IT from inside of cyber. And we cut ourselves.
We do legit ARM to ourselves by feed. And when I say we the vendors, primarily by feeding into the hype cycles and selling stuff that we know good and washed and well, are absolute smoke and mirrors or have limited usefulness, but they sound well, you know, that the notion of we're gonna A A I power soc. And you're not going to need soc Operators anymore.
You know, know these analysts, you won't need them. You're onna get just less analysts as the AI is gonna all of that for you. The more we hide that up, the more you get that the gardener flight cycle, where people fine, they go to cut this is doesn't work this way at all.
I still need the humans, the humans, and as smell, self content and awareness and situations, strategy, not to mention things like money, which AI is terrible at now. Can the A I do bulk volume of of data processing and absolutely can. And that's where that's one of the places we lead to been touched on things like vision and you know some of the more esoteric parts of A I that we don't speak about every single day.
So i'm i'm not limiting IT to prediction, classification and and large language models, but i'm just saying large language models are amazing. I use them regularly for processing anything having to do with the language, whether that's pold language, indicator language or spoke in red language. One of my very practical things that I do with almost every piece of content I am attempting to digest now is I, I tried to get the audio and I run a transcript.
Send IT to whisper, send IT to whatever A P I give me a transcript of IT analyzed the transcript for me, give me some key talking points. What are the things that I said? what? What are some twisting lines that I want to broadcast out? What are some key quotes that I that I said? And I build my brand on social media, and I flavoured my other talks with that content that i've said already i'm going to do IT with.
I'm doing right now. That's why i'm in addition to as a back up, i'm also recording my own audio here so that I can extract that and so that I use L, M, S. They have utility, but it's they're not the end.
All panache, you know. Oh my god, they are great. We should throw everything out. And L M. It's at the more we do that, I think the more we do in trinity. C harm to the industry and most importantly, to our customers ability to defend themselves because the threat actors are not at least I don't see the threat actors out there building a hypes cycle. I see them out there efficiently sharing threat intelligence and leveraging IT to build new novel attacks so that there's unique ways that they can get their objective, which is you monodist. Because in our environment, we are not as manically focused on our task at hand as that yet.
What's your friends? I've got something exciting to share with you today, a sleep technology that's pushing the boundaries of what's possible in our bedrooms. Let me introduce you to eight sleep in their cutting edge pod for ultra.
I haven't gotten mind yet, but it's on its way and literally counting the days. So what exactly is the pod for ultra? Imagine a high tech mattress cover that you can easily add to any bed, but this isn't just any cover.
IT is part with sensors, heating and calling elements, and it's all controlled by sophisticated A I algorithms. It's like having a sleep lab, a smart thermos stat and a personal sleep coach all roll into a single device. IT uses a network of centers to track a wide or ray metrics while you sleep.
Sleep stages part rate variability, respiratory rate, temperature and more IT uses precision temperature control to regulate your body sleep cycles. IT can call you down to a 7 fifty five degrees for and high, or warm you up to a good, nice solid temperature of one ten for night. And IT does this separately for each side of the bed.
This means you and your partner can have your own ideal sleep temperatures, but the really cool part is that the pod uses A I and IT uses machine learning to learn your sleep patterns over time, and IT uses as data to automatically adjust the temperature your bathroom at the night according to your body's preferences. Instead, IT is giving you some stats, IT understands them, and IT does something about IT your bed literally get smarter as you sleep over time. And all this functionality is accessible through a comprehensive mobile APP you get sleep in Oliver s trends over time and you even get a daily sleep fit.
Or now I don't have mine yet. IT is on its way. Thanks for friends. Over eight sleep. And i'm literally in the days I get IT because I love this stuff.
But if you're ready to take your sleep in your recovery to the next level, head over to asleep dcom slash practical AI and use our code practical AI to get three hundred fifty books off your very d ultra. And you can trap free for thirty days. I don't think going to send a back, but you can if you want to.
They're currently shipping to the U. S, canada, a kingdom, europe and australia. Again, eight sleep dcom slash practical ai.
So greg, that was that was great kind of explaining how you're approaching that, trying to keep the AI practical, trying to have the right A I in the right place and in great call out for the fact that like so many other industries, there is a proclivity in your industry uh to also do the kind of you know A I and everything you know you said you use the race.
You know selling smoking mirrors and stuff and you guys is working really hard to productively give solutions and strategies that are not built around the hype side of all this. Could you dive in to a little bit more of that? Um and also this smell if you could also address a bit about the blog itself that your vote so that we can draw some rosemary listeners into that and they can also read that as they are finishing up the episode and understand that i'd really appreciate that.
So kind of both the what are you doing in that practical sense? Uh, and and what are you producing for your customers? And then kind of how's the blog contributing to that?
Do you want to to start me with the blog of them where you can talk about the solutions were building? Yeah so so the blog is centrally trying to address the hype and we're just talking before, right, and saying OK, so what what you say I being used for by the attackers to start with that um some people may think that oh you know attackers are crafting this now where that is saw tonic ous that he just go sd and find a vulnerable like a zero day right we call zero day this industry like something that we haven't found that it's nobody knows about that vulnerable.
Now this autonomous agent is going to exploit IT. It's going to get into the company is steal the data, transom the environment. And no, then you wake up right there is no such thing, not as of today, at the very least I think we're talking about people among the same to say around the same age 啊。 You ably remember blade runner from ninety two, the gin al one right with the republicans.
There is no real licence as of today. There is deep fakes. That's a different thing that could look like humans. That's a closest thing. But there's no autonomous agents that can do all of these things or we don't see people that I don't know like you you are training dolphins right for your entire life.
And then of the sudden now because of A I, you can hack into companies and make a lot of profit out of that? Probably not. So what we see is attacker system. This is a tool essentially for the initial faces of the attack, and that means that they're getting a lot Better. Add writing fishing emails.
We have seen an increase in fishing emails with language of is non english, for example, before we would see, you know, some of these 啊, eastern european organizations or russian criminals sending emails in english, there was a broken english and you could quickly spot them and and say, oh yes, this is fishing or its spam. These days everybody speak, speaks only perfect english, also perfect japanese. We have seen an increase in the number of fishing against japanese companies were all the languages that hardly would be used by this cybercriminals.
And that's a clear use of LLM. Now in terms of coding, there's a lot of debate is very controversial. Like can you learn coding from scratch? Or can you just like use these to create code from a scratch? We'll do these things.
Probably not today. These models are getting Better. But I still find out that every time I ask any of these agents to create some code for me, I still have to understand the code, understand what i'm trying to do and being able to refine IT and to tune IT.
Also very mind that these models are crafting, uh, things based on the training that IT has received based on previous data that is already known. Therefore, when greg maybe talks about predictive solutions and A I, that makes us also even more successful in the use of our A I because we have train these models with everything that you know has been seen in the past as well. So at the end of the day, I think that A I is not gonna be that much of fee uh and advantage to attackers.
They always a little advantage because they are attackers because they they take the first step and you're on the different side and you don't know, right, if they're coming tonight. We've are coming tomorrow morning. We've are coming next month. You may anticipate that.
And that's where you know my team is fighting intelligence, which is looking at the geopolitics, looking at, you know like the weather forecast, right? What are the the cloud signaling? And then based on dad, you adapt your friend model, but you're always like one step behind by by nature, that's what difference is about. But even though defenders may take may have that temporary vantage, I think when used properly by defenders, the field could be leveled and A I could be effectively used to do more things that scale, especially when you have a solid strategy.
It's interesting. And is smell referred to updating our threat model? And he drew that analogy back to, you know, like the weather, like you look at the clouds and you be based on what you see in the clouds, you react accordingly. You might pack a umbrella or something along goes lines.
I think that's such a purpose analogy because interestingly, as he killed in the seventies, growing up in the carribean in a hurricane zone, I remember sitting around the big box T V in the living room, I think was even black and wait at one point because i'm old and promotion ini, as I said earlier, and watching the predicted hurray e track for some storm that left the the western post of africa is borrowing towards the rubia island's. My island is a small five miles by seven mile island. We could get and routinely got deserted by hurray e so if hurray es come in, you need to know those predictive trucks with the little circles and saying the storm looks like it's gonna.
There are those in the seventies already were drawn and calculated by A I IT was one of the first very widely um use use cases for predictive AI. So it's interesting that is smell uses that as an analyst because that is exactly what we're doing. We're taking a use case that was well developed with weather prediction, and that's what we're replying to attack ker prediction.
So you asked how we can apply this to the customer environment. One of the things that I am mani focused on right now is helping customers, as I said earlier, draw this all together. So i'm going to get into product names.
So this is in the sales speech, but we've just developed something in the category recalled and managed extended detecting response tool set. And what's unique about our approach that, that approach in that space is not unique at all. It's been existed just about every large cyber security vendor has something that place in that space.
What unique about our take on IT? We are heavily focused on regardless to what your security stack consists of. That's what we're gonna.
Just most of the other vendors use uh X D, R type tool to say, listen to get the maxim benefits out of our tool. You should really be using all of our stuff. So you should get on a fire, all just get up and point.
You should get our clouds of and then is going be maximized. Our take is different. Our take is we understand that you, the customer probably struggle with two things, a widely diverse um echo system of security tools. And the second thing, especially for medium to smaller companies, you're probably struggling with finding the human resources to do these jobs.
So we we have a managed solution where our threat analysts, our security analysts are well trained human experts combined with predictive A I, that, as a smell says, has been well drained on sensors and sensor data and threat data that we've been receiving for the last in ten fifteen years. Um that final, we are able to not just injust all of the data, classify and recognize that this is an attack that we've seen before, even if it's using novel and brand new, unseen before male and then provide you defense defensive strategies against IT. That's how I believe blackberry can help the market, the customers the most.
I mentioned that I started as on the the attacker side, I I was never an illegal attacker. I started as a penteconter and then you know supervised into reversing code and doing some other things like that. And you know, I went from there, but most of my career was on the customer side. I proactively switched or maybe was convinced to switch to the vender side probably about ten years ago because I saw that gap. I saw that as a customer, I took biology, new ridds and toys, and IT really wasn't making me more secure.
So I came to the vender side to try to influence the vender defensive motion and product strategy to put out more products that legitimately can help customers solve those two problems, the manpower problem, the diversity of tool set problem, the amount of times I am told by A A, greg will rip everything out and put in whatever you tell us that's in fantastic and has happened. I have had to top of Green field customers and sadlers n with none of its work in taking all out and help us replace IT, but that's rare. Most of the customers either have financial constraints, time constraint or some other constraints, so they need to make do with what they have. Let's build a tool set that allows customers to use what they have and maximized the value, the extract dome.
So as you as we wrap up here and you've kind of you've done great kind of level setting how you guys were able to add value for your customers in this room. This is such a fast changing a arena. You've got a AI playing at some productive place in euro approach or strategy in your solutions. But this is a fast changing world that we're dealing with as we wind up. Do you have any thoughts from either of you or both of you about what you're expecting to see over the next few years um how you think things will change um when you know what that what that outweight a little bit looks .
like yeah so I get started. I think we're gonna see more deception, right, used by attackers leveraging A I especially you with a deep fakes. I think that's that's a very powerful application of A I to offensive capabilities.
We already see a trend in the increase of volume and scale, right? I think that's one of the key things that they also enables attackers with, which is the documenting their existing capabilities, make them make them scale. But that's exactly what the defenders can do as well, right? But the main thing is starting with the definition of the problem, I think that's the most.
Powerful question you can ask as a defendant like what is the problem i'm trying to solve because A I or nor any of the technology IT doesn't really change the mission of your organza, right? Are you a hospital, small hospital or a large hospital? Your goal, your mission is to you know protect the citizens, uh uh the the the people right that go to to have care and you don't want to know this environment to get transom and and admissions to be done by pen on paper so people could effectively die because added to the hospital that that kind of thing that we're looking at here, right, to protecting critical infrastructure, protecting school, where are kids go to? So A I didn't change the mission of organza.
A, I doesn't change even the approach, the strategic approach to saber security. Just need to find out where are the areas that can help you to scale and maybe some cover some of the gaps that you have. And I think we talk a little bit about that, right? But improving detection and response times, disrupting attacks at a specific places of the attack chain, giving you the ability to contextualize a lot of data to give you some am a firm believer in the human machine teaming right to give you some input, so another human can, with that information, take an action. And then also the models, the machine learning models, learning from that to to effectively combine that human machine team, right, that blade runner, that or this case of replicant, that takes the best out of out of both worlds. That's kind of my my vision about that.
I'll chairman on that as well. The top five companies in the world by market capitalization right now are tech companies, all founded or cofounded by individuals with heavy technical background. This is very unique in this era that we find ourselves in.
Now this is changing leadership in a way that we had leadership, entrepreneur, ship and just vision and strategy in a way that we haven't seen before. I think we're at a unique recipes to where we can max mize some technological applications that ten, twenty years ago, we wouldn't even been having the conversation. The technology was there was readily available like A I that was written in textbooks in the late one thousand fifties.
The technology has been there. It's being popped into the forefront now because of that seismic shift where the biggest companies are tech companies. So my daughter, whose fifteen years old is my tech savy, when I was fifteen years old, I was an odd ball because I was tex hevy like they looked at me like, you know, I had three heads.
So what do I predict? I predict we're gonna, uh, acceleration in how those types of use cases and opportunities and candidly, business opportunities are going to appear. But I also see, so there is always the positive and the negative.
I see a risk, a huge risk of moral and character failures at the level of those leaders who have a unbaLance sense of my technical progress. But potentially low minerals, potentially low leadership acute, potentially low spiritual acute, there's an opportunity to baLance that out as well. Personally, that's where my focus is. That's how I met Daniel from this podcast because, you know, we've spoke in that events or I met each other events where we're trying to talk about those type topics. You know how do you pull together technology and other things that are more from a moralistic perspective um and you know help have the technology but baLanced out and vice versa.
I think that's where we're going to have to be very cautious that we don't over rotate and you know end up accidentally and i'm not time of politics now at all, but end up accidentally handing the rains over to people whose gifting got them to a place where their character potentially could not sustain them. Um and I think we are at big risk of that. So those are the two things that I see kind of for the future, both opportunity and risk.
Fantastic insight from both of you, gentle man. Thank you very, very much for coming on the shows. Great conversation. I learned a lot, and I hope I can as as things progress going forward. I hope you guys I would come back on and and give us updates on on where cyber is going forward. Love, have you on .
the show? Thank you. Thank Chris. Thank you, Chris.
All right, that is our show for this week. If you haven't checked out our change log news letter, had to change loda com slash news. There you'll find twenty nine reasons, yes, twenty nine reasons why you should subscribe. I'll tell you reason number seventeen, you might actually start looking forward to mondays.
Sounds like somebody a more reasons .
are waiting for you at change. Log up com slash news. Thanks again to our partners at flight to I O to break mater sylva for the beats and to you for listening. That is for now, but we will talk you again next time.