B (5:32)

I love how you put that together, because defense obviously impacts all of us. We rely on for just our way of life. I've got five kids, so I think about it all the time. And you made an interesting characterization that sort of this more recent set of AI, this LLM driven AI, the breakthrough really is in this human interface. And so we're seeing such rapid Adoption of it, even inside of a home or in somebody's daily life. And this shadow AI term is getting thrown around a lot. So people that are using this kind of technology, maybe on their own, might be sanctioned by the company, might not. How do you define shadow AI in practical terms, and how does it differ from general AI adoption risks?

A (6:28)

Well, we should probably talk about shadow because sometimes shadow is a good thing and sometimes we have to operate in the shadows in order to be effective on our missions. But if we, if we look at the negative side of shadow, you know, what we're really talking about is really unauthorized or sort of informal use of these AI tools by teams, individuals, organizations, really outside of the enterprise governance. If you think of sort of that normative range of what's reviewed and approved for tools and processes and sensitive data classifications, that's really what shadow is. We think of shadow in that way, in that regard. It's really not much different than shadow it. In fact, spoiler alert, AI is just software. So it's really no different really than any other IT system we have out there, except for what you talked about, this natural language processing, this ability for the software to learn as it goes, and that's really powerful. And that's very different than your typical ERP system that you've deployed, you know, for your enterprise. So we're very anxious about shadow, shadow AI because we put a lot of energy around governing the effective and ethical use of AI. And when shadow AI exists, they may be operating with AI outside of those norms. And that's really what I meant by normative. And so if they're operating outside those norms, we may accidentally be doing something that really is inappropriate or potentially unethical. And that's not part of our brand ethics is one of our core six values that we have across the enterprise. And so that's why we're anxious about shadow AI.

B (8:09)

How do you think about the governance then, around identifying shadow AI and where it is and when people might be using these unauthorized or unsanctioned tools? How do you get your head or what advice would you give to people to get their head around identifying them and getting control over them?

A (8:32)

Well, fortunately, we've been to this movie before with Shadow it, so it's not new in that sense. And look, the easy button is look for the shadow. Somebody shined a light on it and there's no longer a shadow. The good news is a lot of these AI systems, especially the commercial ones, typically run over the web channel, so they've got to go off through your proxies and your firewalls and talk to the Internet and do all those kinds of things. So generally you can see them if you know what to look for. And so yes, they are on HTTP and ht GPS and some of those kinds of things, but there are other protocols that come into play too. So really just doing that, sort of hunting for and detecting for those things, what's approved, what's not approved. I know, this is in my list. This is not in my list. Do anomaly detection like we talked about. Guess what? AI is good at that too. So AI can actually help us find the shadow AI and give us that information. And there's quite a few products emerging now, but that's really the key thing. It's setting up your governance, making sure that folks know if you're going to sort of close the door, open a window properly. It's really about channeling and doing it the right way. So it's less about. No, you may not use this stuff to K N o w know this is how we do it properly. This is how we do it safely and effectively and under the enterprise governance so that all of our customers and employees of the company know we're doing this and using these tools in an appropriate and ethical manner.

B (10:01)

How do you think about policies and guardrails to put in place to guide the safe and ethical use of generative AI? Is it the network that you focus on? Because this thing's going to go out and reach out to the web somewhere and you put the controls there and you shine the flashlight in there with new tooling. Just would love to get your thoughts on that.

A (10:25)

It's a lot of things. I mean, for the AI to work effectively, you're probably moving beyond just prompts. I mean, you know, certainly prompts are the sort of early way that you're getting into this activity. And so trying to be able to monitor the content going into prompts is one way of dealing with it. And I'll share with you, that's kind of like one of the hardest ways of doing it. And the reason is because the traditional data loss prevention tools are typically not really great on the web channel. You know, they're really good for things like dealing with email. They're really good when you're trying to like write data to portable media drives and that kind of thing. But the web channel has always proven very difficult and it's not impossible. There are things we can do, we do a bunch of things in this area, but they're not as simple as Some of these other ones. So looking at the network data is certainly a way of doing it and monitoring control. One of the things we did very early on when ChatGPT showed up and shocked everybody was we put in a speed bump. So we didn't block it outright. I mean, we're an AI company, so we wanted to embrace the technology. We just wanted to do it safely. And part of that, of course, is educating and informing your employees and your contractors, you know, of what to do, how to do it, how to safeguard sensitive data, what's appropriate for this tool, what's not appropriate for this tool, what does it mean to have residue, and how do we prevent some of those harms from happening? So we didn't block it, but we put a speed bump in. So you came to this website and we just had a little reminder, hey, click here if you will, just to verify and validate that you understand what these risks are. And then over time added more technical controls in addition to those sort of policy and governance things. But, you know, network activity is definitely a good way. Cloud. I mean, we're all working in cloud, so things like CASBs also can give you insight and understanding to that kind of traffic, what people are using these cloud services for. So that's one way to deal with it. A simple way of detecting is people are using this, they're garnering insights, and they're using them in their data and their reports and the deliverables too. And typically they want to kind of, you know, boast about that. And so sometimes you, you learn about these things as simple for that. Another area that we've spent some time on, of course, is, is at the firewall level. So if we know we have a site that is particularly sensitive, for example, like Deep Seq, you know, is, is a, is a large language model that, you know, for our defense missions and purposes is really not fit for use for us. So that's one of the few that we actually will put in a technical control like a firewall block, so that people can. You can't implement those things, but you can use, of course, application white listing or approved listing, if you will. You can monitor API usage. I would argue that's a really key one. We'll probably talk about that later in our Talk today. Because APIs tend to be your screen door in your submarine, and it tends to be the area where a lot of integration and activity way beyond prompts is happening. And you may not be seeing that. So that's an area to focus on going forward. And then I think the last little control I would put into place is technical control around software, using the software itself really to help you discover where you have these problems. And the software is pretty good at that. It can analyze a lot of the data that you're bringing in, then it can look for this and go, hey, you know what, I think that's AI. And I can tell by the way the sessions are working with information coming in and certain data coming back out and of course token use. So any, any site that is using tokens, that that's also another integration that takes place. So that's another way to sort of monitor for and discover these shadow AI instances.

B (14:17)

You talked about embracing AI, which again I love that so, so much potential to make the business more effective, you know, in your case, kind of protect society. How do you strike this balance between enabling individuals to harness this new type of technology, AI driven technology versus locking down risky tools? Is it mainly an education topic? Is it a education meets controls? How do you think about that?

A (14:51)

I think it's both. I think it's definitely education. I think it's definitely tools too. I mean you can have process controls and technical controls and we really want those things to be coming together to be effective. You know, we really want to teach people how to fish, not just fish for them. And a big part of that is understanding what the risks are, but more than just the risk because people have different perspectives on risk. And your risk tolerance may be different than mine. I know my kids risk tolerance is a lot higher than mine as a dad, you know, but that's how people perceive it and they tend to personalize that and make choices. So as a large enterprise it's important to share the principles here. You know, what is it we're trying to do with this technology? What is it we're trying to do internally for our processes and to be very efficient and very effective as a company. But what are you also doing in terms of building solutions for our customers? And we want to assure that our customer that we are doing things in an ethical and appropriate manner. You're not paying a human rate for an AI response, for example. But we are using technology in a way that assures, you know, that we are doing this from a trusted mission AI perspective. And to do that, well you get to have governance and, and I think it starts with the principles. Put those principles together, share those principles, train on those things and then really teach people the right way to use these tools and because if you don't, they'll sort of be Left to their own devices to figure stuff out on their own. And then things start maybe slipping into the gray space. So, so I think you're right that education is, is really important, but it's education with understanding. And the understanding comes by training people up on the principles. What are we really trying to do with this technology and what are these risks and how can you then embrace that in your use of this technology?

B (16:44)

I wanted to go back to something that you'd said earlier around DLP and maybe just broaden it to data protection and classification in general. Just to give you some personal background. I used to be the CTO at Symantec years ago and of course we had a very large DLP business even back then. Pre these LLMs and PRE. It was really hard once you got to unstructured data, really hard. Now you could have sensitive information and it's in a poem, it's in another language, it's in a. So some of the tools even that we might have used in the past, you know, it's different now, especially if you're looking at prompts and responses. How do you, what's your paradigm for thinking about data protection in this world or data classification?

A (17:37)

DLP is hard. Conceptually it makes perfect sense, but it's just really difficult to do. And when you have structured data, it's much easier. And even unstructured data that you can tag or attribute and persist that attribute over time you can establish policy and having a common policy engine that really runs across all of your, not just detective, but also your preventive defensive mechanisms can be, be hugely beneficial. And that, and that's what we've done, you know, so most modern high technology companies and in the defense world, because we're here to safeguard sensitive data, you know, have implemented these kinds of things. So data classification is huge. Knowing what your data is, where it is, and then putting in those tags, those labels and persisting those labels, you know, is huge. And that really, I mean, takes DLP from this level of performance an order of magnitude up. Just because you have these classifications and because classifications are well defined, policy is easier to impose at the various touch points, whether it's in an application point, it's in a data store, it's going onto a device, it's running over a web channel, it's on an email channel, etc. So those are, those are easier to do. I have this, this document that's controlled on classified information. So it's, it's a sensitive document or I've got sensitive personal information in this other document. And all I'm doing is clipping out a little piece of it and I'm popping it into this prompt. Is that a spell? Well, the answer is, it really depends, you know, so what portion we've gotten to this place on our evolution where the artifact, you know, this, this structured piece of data, this object, you know, a word document, a PowerPoint, a spreadsheet, and we put a label on it. Yeah, but now we're taking a piece out. Conversations don't typically work that way. And that's really what we're doing. We're having a conversation with the machine. So how do I know? So taking a little page out of the book from what we do on the classified side of the house, where we portion, mark all of our statements, the idea is to do more of that kind of thing. And you can actually use the machine to help you understand that, because it can go through an artifact and help you understand, hey, what portion of this, if you will, is really controlled, unclassified information? What portion of this artifact is really sensitive personal information? I think that's the next evolution of our data tagging and our data labeling is to take the broadsword and make it much more surgical and much more specific and then apply policy throughout there. So that way, if you take that out, the attribute associated with it comes with it and that helps us with our detection. And if I can detect it, it, I can probably put a preventive control in place. Now that sounds good, let's do that. However, comma, sometimes you don't have that in place. And sometimes, you know, one of those notions that we have is that in aggregation, certain pieces of information coming together all in one place create a classification by itself. So how do you know that? Well, without a human today, that's hard to know. So again, we can train the machine, we can feed the machine information that says, this is sensitive, this is sensitive, this is sensitive, this is sensitive. When I hear this term or this program or these certain terms coming together, that is sensitive. If I'm using the word Social Security, I put in a string of this character, relate those two things together and disrupt that. And so we're training the machine by building either small language models or large language models to detect those kinds of situations. And so when somebody either types it, it then hits enter into the prompt, or they cut and paste out of an artifact and puts it into the prompt. We run it through a gateway, the gateway takes a look at that kind of thing, makes a query again, sometimes rag oriented type of query. Against that information and try to make a decision. Is that okay or is that not okay? Now, let me tell you, we are early days, Hugh. I mean, this is not perfect by any means, but this is the direction we're heading. And we're trying to use the machine to help us do things more appropriately with the machine.

B (21:59)

But I love how you phrase that because there's such optimism in how you said it. And I agree with you. Like, if we can actually harness this power to reason for us, is this data interesting? Is it sensitive, is it problematic? Then you're sort of using a great power against a great power.

A (22:20)

That's how we embrace it. I think that's how we use it for good, if you will. Obviously it's being used for evil too. But we are working to fight fire with fire here. And this will be an important part of our evolution. And we have to harness this machine and do it in an appropriate, ethical, responsible, explainable way. And if we can't, then it's not a good thing, it's only a bad thing.

B (22:47)

Let me ask you this. With any kind of technology, it comes with good and bad, right? You know, it's neither good nor bad by nature. There's lights and shadows, there's positives and then risks. It seems, particularly with these LLM oriented systems, the utility part, the positives, the I can get work done quickly, I can suddenly write a report almost instantly based on a prompt. The utility is so visible so quickly, but the risks are not particularly obvious to a random person that they're early on. And using these kinds of technologies. How do you educate your staff about the risks of generative AI without stifling their curiosity or productivity?

A (23:45)

Yeah, I think it's use cases. And you're right, because that is the balance here. I mean, this is not user experience or security kind of debate that we've been having for 30 years. It's really about how do we do the things that we know we need to do and want to do. Because that's differentiating for a business or it's differentiating for our customer, but do it safely. And most folks get kind of an idea in their head around safety. Security is a bad word. But most people can get their head around safety, whether it's personal safety or family safety, or community safety, or company safety, nation, whatever, they can get their head around that. And so I think putting it in that context and then providing use cases around this. So hey, here's a use case. I'm building a proposal and I'm trying to Harness all of the past work that we've done in a particular domain. My customer has this problem, I'm trying to solve it, and so I can use the AI system to help me figure that out. In large companies, that's really hard. You know, everybody's got this idea of, you know, collective consciousness around prior proposal submissions and how meaningful they were and what is reusable. It's difficult. It's like dlp. It's a hard problem to solve. Guess what? This technology can really help with that kind of thing, and it can maintain context associated with those situations that we're trying to build. So similarly here, we want to put people into use cases and scenarios to teach them what's right, what is ethical, what is appropriate. This is a scenario that makes perfect sense. Let's do that and do it within the framework that we've established for fair and ethical use of these AI tools. But here's one that's not. And let's talk about the why. And if we can understand the why, then people will clearly steer in a direction to get it done. You know, and look, we're not trying to beat people over the head because they make mistakes in any. It's a business risk, you know, like any other business risk, and we've got to manage the risk. And one of the key ways to manage the risk, like we talked about earlier, is education. You know, we need to train the workforce to use these tools appropriately and be effective with them. Yes, it's a skill, but there's also an ethical question here, and we need to make sure that people understand the ethical boundaries of using these tools. And so we have training on that too.

B (26:14)

Have you found effective ways to bring shadow AI into the light and turning it into something that's sanctioned and safe versus the we have approach? Yeah, tell me about that.

A (26:29)

Yeah, we definitely have. In fact, you know, it always starts with a good amnesty program, you know, so allowing people a path forward is really good. And it starts off with a conversation like, I noticed that you were using this tool, which is not yet on the approved list. I'm imagining, you know, that you were, you know, had some really key issue you had to solve very fast for your customer and you thought that was acceptable risk to use the tool, and then you stop and then. And then the conversation goes in one of two ways. One is a what or. Or the other way it goes is, oh, you're absolutely right. And thank you. In fact, I appreciate your help guiding us on how to use this effectively. In fact, what enterprise Tools exist already that we could have used in this particular situation. So I think just approaching it with a mindset already that we want to use this tool, but we want to use it effectively. And not that, hey, all we're going to do is sort of provide the hammer and we're going to come around and lock you up and put you in jail is an important one, one. Now, having said that, we need to be serious about this. I mean, there are very important risks. You don't get to sweep them under the rug. And we need people behaving in a responsible and ethical way in the use of these tools. So there's teeth here for sure. But I think bringing a mindset that, you know, we want to help teach you how to use these tools properly and effectively and with the right kind of data and how to safeguard these things is really the mindset that we have and that's working. In fact, we've had several, you know, there were very, lots of early adopters, if you will, of some of this technology, but some people were just scared of it, quite frankly, and just afraid. Some afraid that, hey, if I use this technology, people see me using this technology, they'll think I'm not important anymore because the technology is doing the job and not me. So some people are just, just avoiding it just because I feel like we're, we're trying to pull some people in to say, no, you can actually use this. Well, and this, this can help you be even more effective. You know, it's more augmentative, you know, to, to what you provide. It's an aid, an assistant kind of a thing where, where others, of course, were out the door pretty fast. And, and we have had some situations where we've noticed where people put some sensitive data out there and we've had to work with them to teach them how to do that properly. And a lot of times it's just, it's just steering them to the right tools that these are the ones. And like I mentioned, you know, the really heinous stuff we are going to block, but for the most part, you know, we make these tools available and we spend a lot of energy on governing and communicating and educating and explaining how to use them correctly. What's appropriate, what's not appropriate.

B (29:20)

You've been living both the opportunity and the risks of AI for a while now. And I've got to ask you just a big picture question. What are you watching most closely in this space over the next 12 to 18 months?

A (29:40)

Well, so we'll do that in Two views, maybe. Let's talk about the I'm scared view. So the scared view of this is obviously the adversary is using this technology and they're using it to develop up really, really good attack chains. I'm sure you're tracking what happened, you know, to Anthropic here recently, where, you know, leveraging the tools and, and, and Anthropic, good company, you know, smart guys, they thought they put controls around the tool to detect these kind of situations and prevent them from happening, but the adversary was able to figure out how to work around that, you know, so that's just one area of innovation that's happening all from the bad guy side of the house. And to earlier comment, you know, it's now growing very quickly to machine on machine, and these machines are going after each other, and we have to be using this technology or we are so behind. You know, this is like backing up, you know, 200 years ago where, you know, the cavalry would show up with horses and guns and folks are trying to fight them off with bows and arrows. I mean, this will not work. You will lose. And so speed is so important here, and the machine can help us with the speed. But even in those defensive areas where we try to justify or rationalize these kind of things, it's for defense, it's for good. You know, you still have to use them ethically. You have to use them ethically and appropriately, but that's what we do. So I am concerned about adversarial use of this technology. And it's important for us to appropriately embrace these things so that we can fight that off, because speed and volume and veracity and variation of the attack now is changing because the bad guy's using the machine too. So that's really key, I think, on the good side of the house. How do we use it? Being explainable in AI is a really interesting technical problem. You can give a source or a link to a source, but that doesn't mean it wasn't hallucinated. So one of the areas that we're watching and spending a lot of time researching ourselves is how to develop explainable AI, you know, to build truly trusted mission AI so that, so that we can use it, you know, in a way to make decisions and then to impose maybe a consequence or at a minimum, take an action. We need for it to be accurate, we need for it to be reliable. And explainability is a really big part of getting to a high confidence interval. You know, we used to call in the military, it was sensor to shoot, you know, and so, you know, the sensor says, oh, bad guys over there with a 30% confidence, right? Geez, I'm probably not going to lob on this hole over there with 30% confidence, you know, so, so using the technology to really sort of train on this and to develop this to get that confidence interval higher. And then when that confidence interval is higher, we can, we can act, we can act with more confidence. And then based on what happens, we learn and continue to develop the machine just like we have as humans, you know, learned in this way, this sort of iterative way. We're going to be doing the same thing with the software. And I think that's a very important way to get higher confidence intervals is to have better explainability, you know, onto the system. I think, I think even when we talk about sort of the four, you know, the wheel of, you know, sort of AI around this idea of analytics and automation and autonomy, you know, sort of human, human in the loop versus human on the loop. The biggest problem we've had with soar, you know, SOAR is a great thing. Security orchestration, automation and response. This is how we brought automation to bear in our security operations. It allowed us to deal with increasing volume without having to hire, you know, an army more of people to deal with that, with that incoming threat. And we're using automation for it. And that's great, that's really good. But the one thing we rarely do with SOAR is the R. It's the response. And the reason is because our confidence is low. Oh, I'm seeing all this attack and it's on this port. Let me shut that down. That's a bad day for us just to shut stuff off. So explainable AI will really help to build confidence, I think, to help us do more automated response. And that's going to be important for machine to machine confrontation, which is the direction we're absolutely heading. So I think that's an important one. I think governance is elusive. Governance feels like one of these things where we could put out pithy principles. This is what responsible looks like. But actually imposing preventative controls around ethics can be very challenging. But this is an area where I think the machine can help us because the machine is really good at, perhaps more so than humans at looking at volumes of information and quickly synthesizing and summarizing, you know, what's good or what's bad based on, you know, large language models and the learning that we've done to train the machine. And I think that can be very helpful because we can look Much more broadly than what internal audit teams have been able to do in the past because we'll be able to more actively monitor in more real time situations. So I think that's an area, you know, that, that is interesting to watch and, and I think something that we want to be able to do more with. And then I think maybe the last thing just, you know, I'm the CISO of the corporation, so I'm obviously very interested in cyber security. So I can't talk about this without talking about cyber. I mean, I think there's definitely an area of opportunity in graph neural networking and graph neural networking to help us not just expose sort of the relationships of the data, you know, because graphs have been around for a long time, but now taking all of those relationships, just, you know, millions and trillions of signals that are coming in, you know, from all of these endpoints and applications and data systems that we have out there and relate them together, but then apply machine learning to that to understand how they relate to each other better. And once you sort of build that understanding, you can almost create like a digital twin of your operating environment. And now I can do what if scenarios on that. I can actually attack the model like the adversary would attack the model. In fact, I can ask questions of my generative AI. Hey, how would you attack this network? How would you get access to that application? Where is all my sensitive data? What's the best way to get to it and exfiltrate it out in a way that the cyber defenders of that company aren't going to be able to detect it? So that's cool. That's where we shift left. That's where we go from detect and respond to an issue or an incident, you know, a breach to predict and prevent. And that's great because that gets us out of this business of occasionally reviewing our security controls to now constantly reviewing our security controls. So, you know, gone is going to be that once a year, you know, annual penetration test that you, you do, you pay a third party and you send it to the board of directors and say, hey, look how good we are kind of a thing. And now it's a constant everyday moment of beating the crap out of your environment and trying to find where the weak spots are. And then once you do find those weak spots, correct those weak spots or create deception if you want, you know, if you're, if you're in that part of the mission, but find those weak spots and deal with those before they have a surgery. Can.

B (37:29)

I love that perspective because it's you know, if I take something you said earlier, which is these adversarial use cases or tools are getting so good, the attacker will be able from the outside to find a lot of holes much faster, run different variations, tailor it just to you. If you could create the ultimate internal pen tester that has all the knowledge and the expertise of the systems themselves, the relationships of data, you almost have to, you almost have to have something like that that's constantly going after you to anticipate an attack that may come downstream. And if we can get to that, that's an amazing place. That's an amazing leap forward in cyber.

A (38:18)

And I think the intersection of graph neural networking and machine learning with generative AI on top is how we get there. So I think that's a really important area to take a look at and to continue to explore and investigate. At lidis, we're building this for ourselves and for our customers. Others will, I think, get into this space too, but a really important area to look at.

B (38:47)

Jer, one last question for you. And this is just coming full circle on shadow AI. If you could give one piece of advice to other CISOs on managing shadow AI risk, what would it be? Where would they start?

A (39:03)

Man, I'd probably give like a ton of advice, but, but I would start with one and I would say, look, you know, let's start with. It's 10pm do you know where your data is? You know, kind of a, kind of a question, because if you don't know where your data is, you don't know what your data is, then you don't know how your employees or contractors or customers who have access to some of that data are using it. But I guarantee you they're going to be using AI. AI is going to be embedded everywhere and they're not just popping it in the prompts. Soon it's all going to be on our phones. Agentic AI is going to transform how we interact with these machines and these agents are going to be out there working on our behalf all the time. And by the way, that's going to be super powerful. I mean, I can't wait to have that because as I mentioned, I can't buy enough cyber warriors, you know, to, to defend Leidos. So I need to be able to use the machine and the technology to create more and, and to support the ones that I have, you know, to do their jobs that much more effectively. They become superpowered or supercharged because they're, because they're using these, these tools. So. But it all starts with knowing where it is, what it is, and, and what is it that the adversary wants? I mean, why, why do they want this stuff from you? So getting that done, I think is, is really important. And then I would say create this mindset that we talked about, Hugh, where at the end of the day, it's not about slamming doors and windows shut and boarding everything up against this impending storm. You know that that's coming. That's already happened. It's already here. You're living in it. You are the boiling frog right now. So, so it's really more about assuring that you're teaching and training and start with the why. Start with the principles of what it means to use these tools in an ethical and responsible and hopefully soon explainable way. And I think when you teach people that, they'll learn to fish themselves, they'll take care of themselves, they'll do things in an appropriate way, and they'll really help to get things done better and smarter than how they've done them in the past. I love it.

B (41:12)

JR thank you so much for being here today and just sharing your knowledge, your experience and listeners. Thank you for tuning in. Please keep the conversation going on our RSAC membership platform by visiting onersac.commembership and be sure to check onersac.com for new content posted year round.