Episode Transcript
[00:00:00] Speaker A: You're listening to protect it all, where Aaron Kowe expands the conversation beyond just ot delving into the interconnected worlds of it and OT cybersecurity.
Get ready for essential strategies and insights.
Here's your host, Aaron Crow.
[00:00:18] Speaker B: Hey, welcome to the show. Why don't you introduce yourself, tell us who you are, and a little bit about your background and the company that you guys run.
[00:00:25] Speaker C: Hi, Aaron. Thanks for having me on the show. My name is Savak Avakians. I'm the founder and CEO of intelligent Artifacts. At intelligent artifacts, we have completely solved AI ML's black box problem.
So that's our company. We have a platform that we use to replace underlying neural networks with this specific, transparent technology.
And we could talk more about that as we go.
[00:00:50] Speaker B: Yeah, man. Let's dig in. So AI, everybody wants to talk AI, right? So I work in cybersecurity in both the IT side and the ot side, ot being like, critical infrastructure and power plants. Everybody sees this AI thing coming.
Lots of us are wanting to use it and benefit from it. Obviously, there's pros and cons. There's risk. There's things that we need to be aware of. So let's dig into that.
So you talked about, you solved this thing underlying. Dig into that. Explain a little bit. Remember, some of the audience may have a brief understanding of AI, and their level of AI may be chat GPT. Right? So that's different than true AI and all the other underlying things that you can use in an enterprise type environment, right?
[00:01:33] Speaker D: Yeah.
[00:01:33] Speaker C: Let's get into it a little bit deeper, because the public has a misunderstanding of what the scientists are working on.
And usually the public believes that the scientists have it all figured out, and everyone's in agreement on everything. And the reality is, that's not the truth. Right.
Traditionally, there have been two different ways of approaching artificial intelligence.
There was a bottom up approach using what's called connectionist theory, and that approach is what we now know of neural nets. Like, if you've heard of machine learning today, chat, GPT, dolly, like all of those technologies that have machine learning today, they are all built on top of neural net technologies. So these are open source techniques. They've been around since the 1960s, even before with something called the Perceptron, but they've evolved. They've had a huge lift recently because of a breakthrough in deep learning.
So these are very large models, neural net models, that have been able to automatically do really incredible things that were not possible in the past. People knew that at some point we could get there but they weren't able to deal with what was around at the time.
So those bottom up approaches, all you do is you send it data, and it automatically identifies and extracts features from that data that it thinks are important in order to make the predictions that it does.
So the nice thing about this is any novice engineer, anyone who's an amateur, could go in there and start building a neural net without having to understand the data in any way, right? Sure. You just throw the data at the neural net. You keep iterating on this until your outputs look like what you want them to look like. And that's called the training period. And once you're getting the metrics that you want, that's done with that model, and you freeze it and you put it out into production, and then all hell breaks loose. And we could talk about that in a little bit.
The other approach was a top down approach, and that was called symbolic AI. And over the years, different terms have been thrown out, and that's mostly because of the way funding had dried up, and people try to pivot the technology and remarket it to make it sound appealing again or slightly different. And that happens in AI in both camps all the time. We've had several AI winters. I'm hoping we don't have another one because of all the hype. But the top down approach, the thinking was this, look, we don't need to simulate what brains are, right?
So the neural net approach, you're trying to simulate the structure of a brain, but we don't know enough about how brains actually work. And neuroscientists will tell you, the ones that have looked into these artificial neural networks, that this is not how brains work at all. So those models are completely wrong. As far as cognition science goes, as far as neuroscience goes, the symbolic AI people were saying, look, we don't build airplanes by simulating birds, right? We don't have flapping wings with feathers on it and all that other stuff. What we've done is we've identified the functions that are relevant for the case. For example, the Bernoulli equation allows us to calculate the lift over a wing, right? So as air travels across the top of the wing, it'll move faster than the bottom, and that creates a pressure differential generating lift, right?
So the symbolic AI people were saying, look, let's just figure out the functions of cognition and write code that represents those functions. This top down approach is 100% explainable, right? You could go in that, you could look at the code. You could understand if this data came in, what the output should be. And if the output is not, that, you go back into your code and bug fix.
[00:05:50] Speaker E: Right, sure.
[00:05:51] Speaker C: Completely transparent, 100% traceable too.
[00:05:54] Speaker D: Right.
[00:05:54] Speaker C: So you could identify the prediction came all the way because of this specific function or rule or data point.
[00:06:02] Speaker E: Right.
[00:06:04] Speaker C: So they had actually huge success in the early 80s. But the problem with their solution was that it doesn't scale.
[00:06:13] Speaker D: Right.
[00:06:15] Speaker C: You had to have a lot of really smart subject matter experts writing these rules by hand so that these systems could produce the outputs that they expected.
The ultimate goal of it, though, wasn't to write like, these rules for every domain. It was really to find the rules or the rule set for general thinking in the first place. General intelligence.
[00:06:41] Speaker E: Sure.
[00:06:42] Speaker C: And that turned out to be a really hard problem to solve.
[00:06:46] Speaker D: Right.
[00:06:46] Speaker C: Not impossible, but really hard problem to solve.
So both of these solutions have their advantages and their disadvantages. In fact, some of their advantages are also their disadvantages.
[00:06:59] Speaker D: Right.
[00:07:00] Speaker C: For neural nets, the fact that it extracts the features that it thinks are important actually introduces biases into the solution if it believes that. For example, I'm sure your audience knows about redlining, right? So if the data set had house pricing or it was about getting loans, and they used your zip code.
[00:07:31] Speaker D: Right.
[00:07:32] Speaker C: Well, there's bias inherent in there, even though you're not seeing that specific data point as being biased.
[00:07:40] Speaker D: Right, right.
[00:07:41] Speaker C: Zip code, you think, well, this shouldn't be a matter of bias, but we know about redlining and how that has introduced bias into that same exact data set.
[00:07:51] Speaker E: Sure.
[00:07:52] Speaker C: On the flip side, the top down approach is they demand to explicitly put in the features that are relevant.
[00:08:02] Speaker D: Right.
[00:08:04] Speaker C: So an advantage to that is that we know exactly what goes into it.
Disadvantage to that is, for lazy people like myself, we have to do additional work.
So it would have been nice if those systems could also learn from data.
[00:08:22] Speaker E: Right.
[00:08:23] Speaker C: And that's where we come in. So we basically audited the entire field, looked at the different ways things work and things didn't work. Came up with a list of things that we demand of our artificial intelligence and machine learning systems. And we created a whole new category from scratch, bottom up.
And we call that Gaius. And originally Gaius. So a little bit of history around Gaius. Originally it stood for general artificial intelligence using Soar. Soar was a cognitive architecture from that symbolic camp. And my intention was to have a plugin to kind of prove out that this alternate path is viable. So let's start using it instead of all these other things that are failing.
Over the years, that changed and we had to build guys again, from scratch to make it more general, because we bumped into some issues from those cognitive architectures that are inherent within them. Just like the black box issue is an inherent intrinsic problem of neural net technologies that there's no way to solve.
[00:09:38] Speaker D: Right.
[00:09:38] Speaker C: You can't solve it. You have to try a different technology for it. So today you may have watched some of the congressional hearings on AI, and people are talking about, well, we're going to put some guardrails around these things. We're going to make them safer. We're going to make them this and that or whatever.
That's very problematic. Right? In fact, you're always going to be behind the April if you go down that path.
Trying to put guardrails around these complex systems that are black boxes that you can't fix is just increasing the complexity of the system without addressing the underlying issue.
So it's kind of like if you went to the doctor and you had all these aches and pains and your doctor is just throwing all these different medications at you, and maybe it's taking care of some of the symptoms, but the underlying cause isn't solved, which means you're still diseased, you're still sick.
So that means at some point those roosters are going to come home to roost.
[00:10:53] Speaker B: And that's true in so many levels, right?
Especially in that analogy, right? The people that are trying to set up the guardrails don't understand the technology.
You've seen that in the congressional hearings around, like Facebook and social media and these congressmen and senators that are asking questions about something as simple as social media and how it works just don't get it. So how can we expect, and I've spent time on Capitol Hill and talking with congressmen and senators. There's no way they can understand. They're not technical people, right? They're not AI scientists, they're not technologists. That's just not what their role is. Right? So these are the people that are responsible for setting those boundaries. And yes, they have advisors and people are giving them guidance, and they do bring experts on to help advise them. But still, it's hard to grasp the magnitude. And it's also the same type of problem. It's the difference between whitelisting and blacklisting antivirus technology. It can only block the things that it knows are bad, as opposed to I only want you to do this and this. Anything else? Assume no, right. Unless I tell you otherwise.
I only want you to swing the hammer. Like I don't want you to do anything else if anybody asks you to do anything else, the answer is no. And you can only hit these nails, these twelve nails that are in front of you. That's the only thing you can do. Anything else is a no. And you have to explicitly give it better permission or different permission. It's like my child, you can't do these certain things. Instead of saying, trying to blacklist every possible thing they could come up with of things that they're going to try to do as a like, that would be a never ending loss.
[00:12:38] Speaker C: I know that for sure.
Absolutely. And cyber is actually a great analog to what's happening in AI today, because what happened with cyber in the past, and my background is also I used to work as a cybersecurity analyst for the Federal Reserve, doing it for the entire federal reserve system and the US treasury. So we were embedded in this and in the know, people developed software and they weren't concerned about the cyber implications of that software. They figured, you know what, we'll put up some guardrails later, we'll tack on stuff later down the line. And nowadays we know that that is the wrong way to develop software. Security has to be part of the very beginning of that whole development process.
So we've learned lessons from the cyber world, and I feel like sometimes we're not applying the same lessons learned in the AI world, although I do have hope, because at the last congressional hearings, one of the congresspeople had mentioned, in aerospace, there is something called do 178 C certification.
This is actually a software certification. It's independent of aerospace. I think they use in a few other transportation areas. And this specific certification guarantees a safety of software that's used in these life or death mission critical applications. So, for example, we just went through the whole Boeing 737 Max issue again.
[00:14:24] Speaker D: Right?
[00:14:25] Speaker C: Another one. This time it was a hardware issue. And that airplane has to get recertified before it's FAA approved to fly again.
There's a hardware certification, I forget what the acronym is for that. But there's also the software side of it. And that's what impacted the previous disasters.
[00:14:49] Speaker B: With throttle up thing.
[00:14:50] Speaker C: Right, the throttle thing, that was a software issue.
[00:14:53] Speaker D: Right.
[00:14:54] Speaker C: And the reason why we were feeling safe to fly on that aircraft after that was resolved was because we knew that they had to go back into the code, identify the box, fix it, and that guarantees that that will never happen again.
[00:15:14] Speaker E: Right.
[00:15:14] Speaker C: Maybe a different failure mode would happen, but that failure mode would never happen again.
[00:15:18] Speaker D: Right.
[00:15:20] Speaker C: You can't do that with traditional machine learning using neural nets. They are black boxes. There's no way to introspect inside of them, there's no way to bug fix. And then there's other privacy issues as well.
[00:15:33] Speaker B: Yeah, I use chat GPT and other language models quite often, and I've done some testing and playing around with it, and I can give the same prompt to the same chat GPT at two different times, really changing nothing and get different results. Right. With no other prompts, no other differences other than this time, it spits something else out. Trying to get repetition. And I've built some AI tools in the background to integrate with other stuff and same thing. Sometimes 90% of the time it's great. And then it just throws you this random curveball. It's like, where did that come from? And this is not public GPT stuff, this is local models, right, running in a very small environment. I've only given it my data, but it still just comes out of randomness and it just guesses. And you're not like, no, that's not right.
[00:16:25] Speaker A: How did you get there?
[00:16:26] Speaker B: And there's no way to track its logic from, okay, it did this and then it did this and then it did this, and that's how it got to here. So I can fix that last step. Like you said, there's no way to do that. I just have to continually go back through it and try to retrain it better. But there's no logical path to tell it to stop doing that. That's not right. Don't give me that answer again. It's not the right answer.
[00:16:47] Speaker C: That's right. You're always going to be behind the eight ball with neural nets. And you just described the fact that it's nondeterministic.
[00:16:55] Speaker E: Right.
[00:16:57] Speaker C: We need software, especially safety, mission critical, privacy, legal software that is deterministic. We need to know that it will always do this thing, given that input, not change it randomly.
[00:17:13] Speaker D: Right.
[00:17:13] Speaker C: And with neural nets, you start off with a random seed. That's step one. Start off with a random seed. So everything that follows is based off of that. And it doesn't matter if you lock down that random seed and you say, okay, I'm always going to use this number. What was the intent behind using that number?
[00:17:32] Speaker E: Right.
[00:17:32] Speaker C: Why not a different number?
[00:17:34] Speaker D: Right.
[00:17:35] Speaker C: So it's because of that that you actually have this black box problem that it manifests itself in so many different ways, one of them being what you just said, which is different, outputs the nondeterministic outputs of it.
[00:17:51] Speaker D: Right.
[00:17:51] Speaker C: Another way it manifests itself is as hallucinations.
It just makes things up.
[00:17:58] Speaker D: Right.
[00:18:00] Speaker C: Another problem, especially in the privacy space, is that there's no way to prove that that neural net model didn't use your personal data.
[00:18:13] Speaker E: Right?
[00:18:14] Speaker C: Again, there's no way to introspect inside that model. And, ah, here's Aaron's data. This is Aaron's record.
Aaron asked us not to use this anymore, so we have to remove it. You actually have to throw that model out, go back to your original data, remove your record from that data, then retrain the whole system again. And estimates of how much it costs to train, chat, GPT and range everywhere from like 4 million to $12 million just for training. So every time you have to retrain it, every time there's another errand that says, no, don't use my data, you have to go through that process.
[00:18:52] Speaker D: Right.
[00:18:52] Speaker C: With our system, it's a simple matter of identifying that record and deleting it. It's gone.
[00:18:59] Speaker D: Right.
[00:18:59] Speaker C: So we could show complete traceability of our predictions all the way back to the specific records used at training time that generated that prediction. And if somebody says, I don't want you to have my record anymore, all we have to do is delete that, right?
[00:19:18] Speaker B: And that's a lot of the concern around. If you look at operations, if you look at critical infrastructure, you talked about TSA, you talked about trains and airplanes and power plants and all this type of stuff. We can't deal in what ifs.
It has to be predictable, it has to be reliable, and I have to be able to troubleshoot it down to exactly where it failed so that I can fix it. Or it doesn't make sense.
The cons and the negatives far outweigh the wins of the value added in efficiencies in a power plant or in an airplane. Like when you're flying 30,000ft above the air, you can't risk one little thing going wrong and crashing the plane. Right? It's just not worth the risk. So it has to be in something that you can guarantee, repeatable, traceable, bug fixable, like all of those types of things. And to your point, I'm a novice at best in this AI stuff, but even just a little bit that I've played with it, I know there's no way I could take this to a power plant and have it run. A power plant or have it run. Look at the AI driving Tesla and the self driving cars and you see things all the time. Like if you want to fail it, just put a cone on the hood. Or I was rucking in downtown Austin and one of those self driving taxis was there, and I just stood.
The car he. I called it a he. I don't know why the car was turning right on the street that I was crossing, and I just stood there. It was like 04:00 in the morning, nobody around. It was just me. And the car just sat there. And it did what it. I was just wondering if it was going to freak out or just go straight. I had no idea what it would do. I just wanted to see what it would do. So I stood there for like five minutes waiting to see what it would do, and it just sat there with its blinker on and just sat and sat and sat. And then as soon as I got to the sidewalk, it went. So there's some things about it that they figured out, but what happens if that thing went, hey, wire. And it decided, I've waited long enough for whatever. There's way too many variables in most of these scenarios to be comfortable to use these in production. Where safety lives, criticality is important. Yeah, it's cool to run it for marketing and to post a YouTube video or something like that, but where stuff is mission critical, it's just not there. And I just don't see a path to all the reasons that you just pointed out how that general chat GPT version of AI could ever get to a place where I would feel comfortable trusting my life, my kids life, my community, my country's life on. It's scary, right?
[00:21:54] Speaker C: Aaron, you're a lot braver than I am. I would have not stood in front of that car.
So one of the great things about what chat GPT has exposed for society is this very specific thing about hallucinations. So again, that's because of the underlying neural network. Now we understand it because we've been playing with it, right? So as a society, we've now played with Chachi PT. We put in prompts and we've gotten different outputs. And whenever we're asking you to actually give us information, I always go and Google it afterwards anyway. So I have to confirm it.
But the fact that we are now able to see these things in action and intuit that, hey, wait a second. This really isn't what people are telling us.
[00:22:48] Speaker D: It is.
[00:22:49] Speaker C: It's not that magic genie that everyone's talking about.
[00:22:52] Speaker E: Sure.
[00:22:54] Speaker C: Now translate that over to an autonomous car like the one you were standing in front of.
The prompt is the environment around the car, including you.
[00:23:05] Speaker E: Right?
[00:23:06] Speaker C: And I don't know how many times that car cycled through that same prompt. Was it every second, every millisecond, whatever.
But that's basically putting in the same prompt over and over and over again. And you're hoping that it's not going to run you over.
[00:23:22] Speaker B: It gets the same result every time.
[00:23:25] Speaker C: And then there's that hallucination part that, hey, it might think that, you know what? That's not a person standing in front of me, that is a floating ghost or something.
[00:23:37] Speaker D: Whatever, right?
[00:23:38] Speaker C: And I could go right through it. And this is what happened with, and I believe it was Tesla, the car that killed a pedestrian crossing the street with a bicycle. And there was a bag hanging from the handle. And after the tragedy, everyone was looking for an explanation, and the engineers weren't able to find an explanation. They came up with theories, right? We don't need theories of why something went wrong. We need to identify what went wrong and fix it to guarantee it doesn't happen again.
[00:24:21] Speaker D: Right?
[00:24:23] Speaker C: So that's my concern when it comes to neural nets. Great for chat, GPT.
I love using it. It helps me reword paragraphs and sentences and get my grammar correct because it's always wrong. I'm from New York.
Our grammar is supposed to be wrong. We've invented our own here.
[00:24:42] Speaker E: That's right.
[00:24:44] Speaker C: Those tools are great for some things. Like you mentioned video games and social media. I would say no, too. I wouldn't think that they're actually good for social media because they sway people.
[00:24:58] Speaker D: Right.
[00:24:58] Speaker C: And then we don't know why they're swaying people. Are they swaying people because someone has trained it to make you a little bit more towards the left, a little bit more towards the right, or extreme in whichever direction? Or is it just the algorithm is doing what it thinks it's supposed to be doing because it's extracting the features that it thinks are important. And maybe they're not, maybe they're biased.
[00:25:24] Speaker D: Right?
[00:25:25] Speaker C: So we need to be able to identify all those things along the way before we put these things into production environments.
[00:25:33] Speaker B: We kicked this off with development of code and how we create applications. And I 100% agree with you. Unfortunately, I still think that code that's being created today is not done with necessarily security in mind. Maybe it's a line item, but it's still functionality. First, we'll figure out how to secure it after the fact.
It's whack a mole. It's why there's so many vulnerabilities, it's why there's so many unknowns. Software bill of materials is coming out that should hopefully help at least shine a light on some of those things, but still, it really starts with when I create the code. So what is the use case? Talk through that.
How does a product like what you guys are talking about, how does that help to bring AI into these environments? Do it in a safe way, do it in a secure way where I know I can traffic it down. How does that happen? Is that you guys building it? Is that integrating with other software developers? What does that look like?
[00:26:34] Speaker C: Yeah, great question. So our technology is a base technology, so the framework itself can be deployed in any use case, any use case that requires artificial intelligence, machine learning or computer reasoning. Sure. So we let our customers decide what those use cases are. Our ultimate goal is to put our platform out for public use.
[00:26:58] Speaker E: Okay.
[00:26:59] Speaker C: So right now it's in private beta. We work with some specific customers.
They're able to create these agents.
We've taught them how to build these agents and deploy them.
Our system uses four API calls to get all of machine intelligence into your application layer. And because we separate out the data layer, from the intelligence layer, from the application layer, the customers are able to control their data.
[00:27:30] Speaker E: Right.
[00:27:30] Speaker C: We don't have to integrate it into the agent.
[00:27:33] Speaker E: Sure.
[00:27:34] Speaker C: So they own their data, they don't have to expose it, and that allows them to do a lot more things that they weren't able to do with neural nets. So basically they come up with their data and they don't need tremendous amounts of data because our system is analytical, not statistical.
[00:27:53] Speaker D: Right.
[00:27:53] Speaker C: So you don't need a tremendous amount of data.
[00:27:56] Speaker B: So explain the difference between the two there real quick.
[00:27:59] Speaker C: Yeah, great question. So statistics require a shit ton of data.
[00:28:05] Speaker E: Sure.
[00:28:07] Speaker B: Gobs and gobs of it. That way I can write.
[00:28:10] Speaker D: Right.
[00:28:10] Speaker C: You can't have a few samples of something and say, hey, we're done with this polling results, for example.
[00:28:16] Speaker D: Right.
[00:28:17] Speaker C: If you walked around, let's say you walked our New York City office here and pulled ten people, you're going to get a very skewed political viewpoint based.
[00:28:28] Speaker B: On where you're at, the demographic, the time of day. A lot of things are going to skew those numbers.
[00:28:34] Speaker C: Sure, exactly.
And you can't extrapolate from that and say, well, the entire country is now whatever we are here.
So for statistical systems, you need a tremendous amount of data across the entire population size.
[00:28:56] Speaker D: Right.
[00:28:57] Speaker C: So you have to sample large amounts, and the more data you have, the better the results should be.
[00:29:03] Speaker D: Right?
[00:29:03] Speaker E: Right.
[00:29:05] Speaker C: Well, analytical is completely different.
[00:29:11] Speaker D: Right.
[00:29:13] Speaker C: Think of Nuna's law, f equals ma. That's analytical. We found a function, if we plug in the mass we plug in the acceleration, we know what the force is.
[00:29:24] Speaker E: Going to be, right.
[00:29:26] Speaker C: We don't have to have millions of examples with different masses and different accelerations.
In the beginning, this was done to not millions of examples, but like dozens of examples. And a model was created, an analytical model was created to prove out the formula.
But then you don't have to keep doing that every single time you have the formula, right?
[00:29:55] Speaker B: So flip it on the head there. If I go ask those same ten people, and I have that equation, then that equation can help me to see if this is accurate, if the equation is right, because I can go ask those ten people, then I can go to another state and ask ten people. I can go to another country and ask ten people. And in theory, if the formula is accurate, it should play out no matter who I ask. And when I ask them.
[00:30:15] Speaker C: That's exactly right. So these form different cohorts. Each cohort has their own pattern. You only need to see a pattern once in an analytical system, in statistical systems, you need to see variations of that pattern millions, millions of times before it becomes useful.
[00:30:34] Speaker E: Right?
[00:30:35] Speaker C: Yeah.
[00:30:35] Speaker B: Going back to me standing in front of the car, a smaller human, it may not have seen me as a human if I was too short, or maybe it thought it was a dog, or any number of scenarios. It has to understand all of those different things. If I was super tall, maybe it thought I was a tree.
I can see where that can be a problem. Whereas a statistical would say a plus B equals C every time, right? It doesn't matter the height or the difference is there. So how does that help? I love that, especially in OT. Data is important, right? So there's all sorts of regulations around, how do I secure my data? Can I put stuff in the cloud? I don't want my proprietary. If you think about Coca Cola, like their secret recipe for Coke, they don't want to put that in chat GPT, because obviously then Pepsi and Dr. Pepper and all these others can get it. So if they can use a local model that they're guaranteed and it's statistical and they own their data, it sounds like your agent basically just accesses a call. Hey, I need to request this data. Okay, there's the data lake. I go grab, or whatever it is, I go grab that data from the repository, bring it down in, crunch the data, and then I'm done with it, right? I don't hold it, I don't house it. I'm just accessing it to fill a variable in my equation, and then I get an output and then I'm done with it. I don't need to keep it anymore. Is that fairly accurate?
[00:31:58] Speaker D: Right, that's right.
[00:31:59] Speaker C: So our models, we call them information models, not data models, right. Because what they're doing is they're extracting the information from the data, and they're processing that information. So it becomes more general. We could apply it to multiple use cases. So those information models or configurations of our agents can be static.
[00:32:18] Speaker D: Right.
[00:32:19] Speaker C: And the only thing that needs to change is that data. So as the data changes from one domain to another, or from one customer use case to another, that same agent, now with the different data it's filled this knowledge base with, is now capable of solving that customer's problems.
[00:32:38] Speaker B: What are some example use cases you're excited about? And they can be theoretical. I'm not asking for specific client stuff, but what's some scenario type things that you're excited that you see this really being a differentiation in?
[00:32:49] Speaker C: So one thing that's near and dear to my heart is in cybersecurity, actually.
[00:32:54] Speaker D: Sure.
[00:32:55] Speaker C: So security operations centers require a team of analysts to sit there, watch hundreds of millions of records flying by their screens. And these records are often generated from signatures, which are back to those expert systems, hand generated rules to identify specific types of patterns. But as a Soc analyst, you're not sitting there and looking at each signature that fires and saying, that's malicious activity. Let me escalate this. What you're doing is you're looking at a pattern of signatures that fire, and you're looking at that pattern within the context of everything else that's around it, and saying, this looks malicious. Let me escalate this, or no, this is the it guy doing their daily job, right?
So you have to have that context in that, too.
The thing that I'm most excited about right now is applying our Gaias platform to cybersecurity, and we've come out with a product called CyberSoc that allows different environments, so different network environments, to just stand this up, have the system baseline their network in real time, so it actually can learn in real time. We don't have to go through an expensive, long, dragged out training period. So it baselines their network in real time and then identifies anomalies that are occurring there, because those are the patterns that it hasn't seen before. Unlike with, let's say, a neural net. If we were to try this with a neural net, we would have to train it. And this is what people have been trying to do, train it to identify anomalies. But by definition, an anomaly is something that you haven't seen before, so you wouldn't have the data for it. It's something new. It's the black swan event.
[00:34:47] Speaker E: Right.
[00:34:48] Speaker C: With our system, we could identify those black swans because of the fact that it's not already in its knowledge base.
[00:34:55] Speaker E: Right?
[00:34:56] Speaker C: So it says, hey, this is a pattern I haven't seen before, which means that our system is capable of catching zero days.
[00:35:03] Speaker E: Okay?
[00:35:04] Speaker C: So that's one of the exciting things. Another thing that we could do with this is train it on the miter attack framework. So for those customers who want a little bit more sophistication in their results and not just, hey, this is telling us that this is malicious activity which they could click on and trace through and understand exactly the whole picture.
[00:35:25] Speaker D: Right.
[00:35:26] Speaker C: 360 degree view of that event or series of events with sequences and identify whether it's malicious or benign activity.
But you could do a lot more with something like the miter attack framework.
[00:35:40] Speaker D: Right.
[00:35:40] Speaker C: You could have this system tell the analyst, hey, this is the specific type of attack that's occurring, and this is how to defend against it. So we could also include actions to the system that an analyst or the business decides. They would allow the system to automatically take on their behalf to mitigate those threats in real time, to defend against them in real time. And this plays into the whole self healing networks and self healing computers and all that as well.
[00:36:14] Speaker D: Yeah.
[00:36:14] Speaker B: And I can even see a use case because one of the struggles that we have, and again, I keep going back to OT and manufacturing and all that kind of stuff, maybe I don't want it to take control of the airplane, but I can at least pop a screen up on the pilot's thing and say, hey, this is going on. What you should do. Procedure ABC. Right. And give the operator that way. They're not having to, oh, what's going on? I'm having to figure out which procedure should I use, but more quickly, be able to differentiate. Look at the SoC analyst you talked about, like, I'm looking through all of this code or all these alerts, trying to find the needle in the stack of needles. If I can see this pattern and pop it up and say, hey, it looks like ABC is going on. You've got a runbook that says to do this. I think you should initiate this runbook because of these reasons. Or maybe there's two options. I'm not exactly sure. It could be their A or B. The scenario is different, but having that pop up, that's a one way. And I see that as a path, especially in critical infrastructure and OT and transportation and aerospace type things, where you want them to get that thing up quicker so they can respond. Maybe I don't want it to automatically respond for me, but at least I want it to pop up and say a, this is what we think it's going to do. We got a 95% probability that this is right.
This is what we think you should do. But you're the analyst. You click the button. I'm not going to fire the missile, but I at least want to say you should think about firing the missile.
[00:37:41] Speaker C: That's exactly right. So our customers want human in the loop and human on the loop.
[00:37:47] Speaker D: Right.
[00:37:48] Speaker C: So our platform allows both as well as fully autonomous. So the way I see AI ML playing out over the next few years would be people need to start feeling comfortable with these systems before they can fully trust them.
[00:38:09] Speaker D: Right?
[00:38:09] Speaker E: Sure.
[00:38:10] Speaker C: Having a human in loop and a human on the loop is an absolute necessity. We can't just go straight to fully autonomous because we need to be able to trust these systems. And to build that trust, you have to have a whole bunch of things in play, right. You have to have those kinds of certifications that we spoke about, that deal, 170 C, which proves out the deterministic nature and that you could go in and fix errors that appear and that it's also cybersecure. Right. So those are important bits to it, but also experience over time. Right. We have to know that this system is not going to hallucinate, and it has to be guaranteed.
[00:38:50] Speaker D: Right.
[00:38:51] Speaker C: And we could guarantee all of that with certifications and paperwork and everything, but you also have to have people who aren't in the tech world, they're not the experts.
Just like when they bring in someone, I don't know if your kids are old enough to drive, but if they're old enough to drive, you're not just going to hand them the keys to the car and say, okay, good luck, good luck.
You're going to be in the car with them for a while.
[00:39:17] Speaker D: Right.
[00:39:17] Speaker C: You're going to watch what they do, you're going to see where they're looking, and you're going to provide that advice back before you have enough trust in them to allow them to go on their own. So, similarly with autonomous applications.
[00:39:35] Speaker E: Sure.
[00:39:36] Speaker B: Yeah.
I do have a 15 year old that's in the process of getting his learner's permit, all that kind of stuff. So that one hit very close to home. I definitely am not going to let him drive on his own, although he's a good driver, he's safe, he's just inexperienced. So it's just a matter of, it's not that he's overly aggressive or he's got a seatbelt on, he's not paying attention to his phone, he's ten and two, the whole nine yards. But still, he just hasn't driven enough, right? And in the back seat, or even in the pasture seat, you just don't get it. It's different than being behind the wheel and making those splits of decisions. And like you said, it's the same thing of there's so many scenarios, and the only way you can go through those scenarios is to be in them, right? So what happens when you come to this intersection? Is there a four way stop? Like which directions do I look? And there's a car.
And the other piece of that is I can be in the right and still get in an accident, right? I can do all the right things and somebody else cannot be paying attention and hit me. So I have to be defensive and pay attention to others that aren't doing, following the rules and all of those things. It's no different than in these AI spaces. In my cyber world, doing operations and things like that. In these spaces, when I brought in these new technologies, the way I've been successful is doing exactly what you talked about, right, is I would have them be in parallel. So back in the day when we were implementing next generation firewalls, so, application aware firewall rules, right? Everybody uses them now, but 15 years ago, we weren't using them in OT. So when we brought them into the plants, I would set up two rules. I would set an old school port and protocol rule, and right above it, or right below it, I would set an application aware rule right above it. Sorry. So I would want it to flow through the application rule and never get to the port rule, and I would let it run for X number of months, maybe even a year, to prove that this rule was passing all the traffic it needed to. It wasn't having to get to that next port and protocol rule because it was passing it there. And then after six months, a year, or whatever, where there was zero hits on that port and protocol rule, then I could disable it and everybody was comfortable, right? So the same scenario would probably be, I'd want to have this thing running on the side and compare it to. An operator said I should do XYZ. What did the AI system say? And assuming that they mirror or what, they're at least close and they're not way out of left field. I don't have any ghosts in the system, right? I don't have any. Oh, you should shut the plant down in the middle of the night for no reason. And I feel confident then I can start transitioning some non critical systems, prove it in a non critical system, and then expand it until everybody is comfortable with it running and making either a human in the loop or trying to get to an automated autonomous type scenario, which I believe will happen. It's just a matter of what is that timeline, especially in some of these critical environments.
[00:42:35] Speaker D: Right?
[00:42:36] Speaker E: Yeah.
[00:42:37] Speaker B: So, awesome. So we talked a little bit about it, but next five to ten years, what is something that you're really excited about coming up over the horizon and maybe something that's a little concerning that we need to adjust or shift or really look towards to make sure we don't impact us in a negative way.
[00:42:54] Speaker C: So let me start with the concerning part first, because this is a very real issue and a possibility.
So, right now, there's a group called the G 34, which works out of the SAE, and they are looking at ways of allowing some sort of certification process for neural networks to be able to fly on commercial aircraft.
And their thinking is. I'm saying they're thinking, if there weren't alternative possibilities or alternative technologies that can do the things that we need done. But their thinking is, we have to progress.
We need autonomous aircraft, and we have these neural nets that allow us to get there.
Let's figure out a way, because they cannot pass that deal. 170 C certification.
It's just not possible. All the safety regulations forbid these nondeterministic black boxes, so they're trying to figure out ways of allowing that to fly on civil aviation.
[00:44:08] Speaker D: Right.
[00:44:11] Speaker C: I am extremely opposed to this.
So let me bring up adversarial attacks as an example. And I think your audience, working in cyber, would appreciate this.
You've seen maybe the adversarial attacks on a picture of a panda, where, by changing just a few pixels, they were able to confuse the neural net into thinking that panda was, I think, like a cat or something, right? Now, imagine a vehicle, whether it's a car driving down the street and someone puts a sticker on a stop sign, which we see here all the time, that tricks a neural net into thinking that's not a stop sign, right. It doesn't look suspicious. It's just some small sticker or a few stickers that doesn't change the whole view of a stop sign, but changes some of those pixels that the neural net observes thinking, now it's something else. Right, right. Or similarly for an aircraft, and this is a nightmare scenario for me, where possibly a terrorist mows down a loan somewhere out in the field that is underneath a flight path, and they mow a pattern into the grass there that tricks the aircraft into thinking that it is pulling up, and suddenly that aircraft is doing a nosedive, just like the 737 Max issue that we saw a couple of years back.
[00:45:47] Speaker E: Yeah.
[00:45:48] Speaker C: So that's my fear.
It translates also into other domains.
[00:45:56] Speaker D: Right.
[00:45:56] Speaker C: And I think when Congress looks into this matter further, they will understand that there is already a precedent for software safety, and that is do 178 C standard.
[00:46:11] Speaker D: Right.
[00:46:12] Speaker C: They just need to apply that across the board for all AIML that is in any way affecting life, liberty, or limb.
[00:46:22] Speaker B: Yeah, absolutely.
[00:46:24] Speaker C: And the positive side, now that we've gone through the doomsday scenario of it, on the positive side, I see an acceleration of these technologies, but there is a large trend of people looking at doing this properly.
[00:46:46] Speaker D: Right.
[00:46:46] Speaker C: Not just throwing this out there and hoping for the best. So I do see an acceleration of technology in the right direction.
We should be able to work alongside of these machines to get our jobs done, not to replace our jobs, but to make ourselves more efficient, more performant.
[00:47:07] Speaker D: Right?
[00:47:08] Speaker C: So, for example, if you had that cybersoc agent in a sock where there's a new analyst sitting at that screen and it's guiding the analyst, hey, look at this pattern, right? I think this is malicious because of this. That whatever or this other pattern I think is benign because of this whatever. Or the analyst finds a pattern, and they ask the AI, give me a little bit of information about this so that I could understand what's possibly happening behind the scenes before I escalate this up and becomes a full positive.
[00:47:44] Speaker D: Right.
[00:47:44] Speaker C: So we could elevate everyone's standards, everyone's performance by using systems like this working alongside us. So the human in the loop, on the loop, that human, becomes better along the way.
[00:47:57] Speaker B: Oh, yeah, I see huge implications, positive implications from a training perspective, I'm working with a group right now that's doing some normal, old school tabletop exercises, cybersecurity type things, but using AI to help drive those. So you're not having to have these static, boring tabletops, but integrating using AI local models, that kind of thing. Don't need it to solve world hunger. We're just giving it some basic data and being able to have a not static tabletop. So you can ask it questions, you can give it responses, you can have it do a command line and really do a lot more things. And it does a lot of things. I can do the same exercise multiple times and get different results. So I learned the first time, hey, I should have responded quicker or done this quicker so I can do the same thing again. And because I did earlier, I took a different action. It takes me down a different path. Right. And it's not a static, old school storybook adventure game where I get to question one. There's three choices, and then there's a finite number of answers I can get to. When I use AI to expand that amount of options and the flexibility, I can turn it into a game. I can have more fun with it, but I can train my people better, right? I can have them see more scenarios in a very easy, safe environment. So when that SoC analyst two weeks in where used to, it took years to train a SoC analyst to get from entry level to that next level, imagine the ability to throw all these scenarios at them in a real world type scenario and have them respond and how much quicker they can get because when they see it in real world, oh, I've seen that. I've seen this exact command come up in this tabletop game or whatever, right. And be able to accelerate the effectiveness of all of our people that much faster because of AI. So to your point, it's not taking away from, it's enhancing and making all these people more efficient and more capable to do the things that you want them focused on.
[00:50:04] Speaker D: Right.
[00:50:05] Speaker C: I love that. I love the whole war gaming aspect of it.
[00:50:09] Speaker E: Perfect.
[00:50:10] Speaker B: It's a lot of fun. I have a lot of fun and excitement around AI, and I have a lot of concerns around it too, but it's more around bad implementation than it is the technology. I believe the technology is amazing and incredible and can do a lot of things. It's like the car or the airplane. Yes, there's some risks, but if done well, then it can really enhance all humanity and make us all better at our job. Now there's also some risk because the bad guys have it too. So we have to be watching out for those things too. Well, awesome. Thank you so much for your time today. How do people get a hold of you? What is your call to action for? Anybody listening wants to know more about AI and what you guys do.
[00:50:45] Speaker D: Sure.
[00:50:46] Speaker C: So our company is called intelligent artifacts. So they could go to intelligentartifacts.com. They could also hit me up on LinkedIn. I post very frequently about all these issues there as well. So it's LinkedIn in Savakavakins and I'm sure the link will be in the link.
[00:51:05] Speaker B: Yeah, we'll put all that in the show notes for sure. Absolutely. Well, awesome. Sir, thank you very much for your time today. It was an awesome conversation. Let's do it again sometime, maybe in six to nine months and see what's changed, because this stuff I know is changing super fast and lots of new developments coming in. So I appreciate your time today, sir.
[00:51:22] Speaker D: Absolutely.
[00:51:23] Speaker C: Thanks, Aaron.
[00:51:24] Speaker B: All right.
[00:51:24] Speaker A: Thanks for joining us on Protect it all, where we explore the crossroads of it and ot cybersecurity.
Remember to subscribe wherever you get your podcasts to stay ahead in this ever evolving field. Until next time.
Close.