B (13:25)

If you think about our traditional generative AI that we've got today, you know it's all prompt based. We have users that are prompting something to occur and it's usually a question or a very long question with lots of guidance on how to answer things. And what we're starting to see now with agentic is more agency where there's a, in a lot of ways it's a AI front ending a workflow. So I have a typical process, business process that I would have followed. I have a agent that's front ends that workflow that has a natural language interface to it. And it's like asking a coworker to go do something for me, but within the guardrails of a specific task. And so when I, when I think about agentic AI and where we, where we are today, that's really, you know, how I think about agentic we. I think we're probably a couple years away from kind of the, what I would say is true agency, where the agent just wakes up and says let me go do some work today. Where it has the agency to work like your, your typical employee, without direction. I think we're not quite there yet. I think in the next couple of years, maybe sooner with the pace of change that's happening, we'll get there. But I think what's probably further out is that super AI ability where it has the ability to think independently like a human would, where it has that kind of super agency. I think we're probably a few years out from that occurring. That's kind of the Skynet that we all kind of get worried about when we think about AI.

A (14:48)

Yeah, well you made the point that security professionals might approach this from the point of view of HR leaders, maybe bar borrow some elements from them.

B (14:59)

Yeah, I mean it's. If I think about an employee and we think about agents, you know, if we think about a lot of the work that is being automated with AI today, it's a lot of the very task oriented work. If we think in the cyber world it could be a SOC analyst, there's a lot of focus there today from industry to go build automation and agents around the SOC analyst to go automate all the work looking for the do some of the hunting in the incident research. So a lot of that's being automated. If we think about it, it's the service desk, help desk type roles. How do I use agents to supplement that? If you think in the consulting world it's the research, research analyst going to do all the research work. If you think in the law firm, it's the paralegals that are pulling things together. That's where you see things like Harvey, where a lot of law firms using today to build their own AI around that they stand behind. So when we think about this from an HR standpoint, we wouldn't just hire that entry employee and say okay, good luck. You know, we would have guardrails. We would probably, we're going to restrict what access they have. So if they have access to an HR system, if they're someone that's writing job descriptions, we wouldn't give them full carte blanche access to our workday environment to go in and see everyone's salaries in the company. We would probably have some restricted access. And so as we start thinking about agents, we have to think about this just the way we would an employee. We wouldn't give an employee super admin rights to our systems and nor should we do that with AI either.

A (16:27)

That's a really interesting insight. It also makes me wonder about anyone who has hired an assistant. You go through that transitional period where maybe at first it takes more work to get them up to speed than the time that they're saving you. Is that a peril here with getting an agentic AI up to speed as well?

B (16:49)

Yeah, absolutely. I think it's a Great example too, if you think about assistant, where they start to learn your travel preferences, which airlines you like to fly, what kind of hotels you like to stay in, where do you like to book dinners? Those are all preferences they learn over time. How do you manage your time and do time management? They learn what your personal, they'll help you a lot, but they also learn your personal preferences. I think that's a great example. And I, when I think about it in the context of agentic, I think you end up having the agent that is your travel planner. You have your agent that you're planning your dinners and booking your dinners. You have the agent that is helping you manage your calendar. So I think what we have today is to get to that assistant is going to be the coordination of multiple agents to drive the outcome or the role of my assistant that helps me every day.

A (17:38)

And I suppose each of those assistants would have their own set of restrictions and guardrails dependent on the potential peril that each of them presents.

B (17:49)

Absolutely. I mean, if you're thinking about travel, you have travel policies you have to operate within. So those are some guardrails you would have. So you wouldn't. So they may go search and find the different options and know, based on your preferences, you know, you prefer, you know, one airline ult program over another. So all things being equal, pick that one over this one, which are all a lot of the things that, you know, you would do today. If I log into our travel booking tool, it's going to present me options. It doesn't book the one automatically, but it presents them to me and it may present the ones that I favor as a preference first. But ultimately, the AI might do all the work for you and may come back to you with the options, just like your assistant does and says, hey, here's three options for your flight based on your preferences. Which one do you want to book? I think that'll be our first step. And then at some point you go, you do a pretty good job recommending options to me. So I'm going to make you autonomous. And I think that's, you know, we'll see that happen over time. Is that more autonomous. But there's still going to be the human in the loop. But I think if you know what, you know, the person that supports me today, she brings options to me. Sometimes she just books it and then sometimes she brings options, and that's because she knows me. I think that's the, I think we're going to be on that same journey with agentic as well, you know, I'm.

A (18:57)

Reminded there was an old, old chestnut at this point. You know, from the earlier days of computing. You'd see people would have a sign on their office wall that said to err is human, but to really screw up requires a computer. And I think part of what that joke speaks to is velocity and that a computer can do so much more, so much faster than a computer. How much is that velocity aspect a concern here?

B (19:28)

I think with any technology that's a concern. I think a lot of people automatically have a problem. They jump to what technology is out there that can solve my problem for me. And the problem isn't really that isn't the technology, it's that there's a lack of a process or understanding what the process should be and documentation of that process. And so if you go layer technology, even AI on top of a bad process, you just get to the same bad outcome faster. So I think you need to have an outcome oriented thinking around the problem and then basically make sure you really understand what is the current process we have today. And then how can AI reinvent or rethink that process to get to the same outcome you really want, which ideally is a good outcome versus a bad outcome. And again, a lot of times people race to apply technology to something. When there's a broken business process and it's not really delivering the outcome I want, they think it's going to change the outcome and all it does is get you to the bad outcome faster.

A (20:23)

What's your opinion on how quickly people should be adopting these sorts of things? Is there. How much do you think the risk of being left behind is a real thing compared to your competitors, for example?

B (20:38)

I think we have to be, we have to be doing. A lot of people say we're testing AI, we have tons of use cases. You know, if I go sit around any, any roundtable with peers, that's what they say. I think there are areas today where we know there are use cases we know deliver value that we can, that we can go after. So I think those are the ones that you should be investing in today, right? The ones I talk about like it, how do you automate it? How do you help on the support side? How do you help on some of the content marketing aspects? You know, those are some of the. How do you help on research for sales reps? Those are very easy ones that I think have been proven out to have a lot of value associated to them. But then it's, you start to get into some more advanced use cases. Now, and I think that if you aren't placing some bets now, there's a great book, a guy named John Rossman wrote a book called the Amazon Way. He just released another book called Big Bet Leadership. And one of the concepts there is basically if you don't make a bunch of what would be big bets, but in small ways along your journey, then you're going to be making bet the company bets later. And so when I think about AI, if you're not placing at least some small bets or, you know, a series of, you know, what could be big bets in the future, I think you are going to be at a disadvantage. And so if I think about the, the world today, we think about how Uber disrupted the taxi industry in that world or the executive limousine area and how that hole got transformed with Uber, you know, there's going to be these, some of these new tech companies that don't have the legacy baggage are going to move very quickly. And if you aren't placing those bets, you may be the taxi business in the future that's being disrupted by Uber. And so I think that's the, I think that's the risky run of just standing on the sideline and not doing some testing and placing some bets.

A (22:29)

That's Mike Anderson from netscope. And finally, Denmark has decided it's time to stop letting AI borrow people's faces, voices and dignity without permission. In what it claims is a European first, the Danish government plans to rewrite copyright law so that everyone legally owns their own face and presumably their own bad hair days too. Culture Minister Jacob Engel Schmidt declared the law will send a clear message humans are not open source material. The proposal, backed by nearly all MPs, would give citizens the right to demand removal of deepfakes and digital impersonations. Parody and satire remain safe. Engel Schmidt warned that if platforms fail to comply, fines will follow. And he's even eyeing Europe's chair for inspiration sharing. Denmark, it seems, is politely but firmly telling AI hands off the humans. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Cyber Innovation Day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual Data Tribe Challenge takes center stage as elite startups pitch for exposure, acceleration, and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, D.C. discover the startups building the future of cyber. Learn more@cid.datatribe.com.