AI, Adversaries, and the Human Problem in Cyber | Fireside Chat with Max Margolis

Foreign. Just playing catch up here. So I think this would be the fourth iteration of my Fireside Chat. And the main reason I'm doing this now is when I was editing my videos, as we just discussed. Before hitting the record button. Yeah. I was adding my own opinions and pontificating. I'm like, what are you doing? This isn't about you and what you think is happening out there. It's about the guest. But you're intel. Talking about the former Intel. Right. But this is more about career journeys and how they got into cyber. Oh, yeah, for sure. So then I'm like, okay, let me pull back. And then I think with one of my pre calls with one of my previous guests, we were just talking AI and then she's like, you should just do a Fireside Chat and. Exactly. Yeah, that's where it started. Not a bad idea. Yeah. I mean, Fireside chats are fun. I actually just recently guested on another person's. On a person's podcast. Guy is a researcher in Australia, so I'm excited. I'll let you know when it comes out. The new. The episode. But I gave, like, talked about a story as an insert responder when I was early in my career. So he like, interviewed me and stuff. So it's cool. I guess it was like a Fireside, but it's like he gives. He'll basically doing a thing where he gets people's stories about, like, you know, in the trenches because he. He's done it also. Very nice. Gu used to work at CrowdStrike, now works at Huntress. So he's. Well, he's a known person. Awesome. What's his name? Jai Minton. Oh, no. Yeah, yeah. But. But yeah, I'll send you a link to it. It's on. It's gonna be on Spotify. He said he's releasing the second episode, I think this week. I want to say. So audio only or video? You think it's gonna be audio only? Yeah, because I think he might have done video. I don't know. I know it's harder because he was even saying we agree, like both agree that, like, we. We'll see. I don't know how it's actually done. I think he's doing audio to start with right now, but. Awesome. We. We talked on camera, though, just so he could see who it was. He's talking. Yeah, for sure. Yeah. Well, just FYI, this video is going to drop next week, so. Okay, cool. Cool. I have. I don't have enough videos. I've already released all the ones that I've banked. So. Yeah, no looking forward to it. So tell me how we. We're talking about. Claude, let's talk about AI. Yeah. Well, I frame it. Sure. In AI is a marketing term. I agree with you. Intelligence generative AI is what it really is. Truthfully. Well, I even go even deeper and call it an LLM. Exactly. And that's where I was gonna. That's what I would go with. Like so I would say that. And I've, you know, we, we talked about this previously when I worked with you. Like a lot of people were throwing companies, vendors were throwing AI around when we're really like in machine learning and like advanced anomaly detection. Like we're not even at a point. And like the concerning stuff with the AI stuff is like. I don't know if you've been following the stuff with. I started reading up on it. What is it? Claw, flow and molt. I forgot what it's called. Molt bolt now it's so like AI technology. This is really stupid. Whoever came up with this because they concern that happened as you know, is all that whole thing got hijacked by potentially various adversaries. Yeah. Who knows who. But we do know that that's bad because this is essentially an AI built capability that AI was essentially developing like their own language. Which. Right. You know, the former CEO of Google had mentioned like one of his concerns was like when we get into agenic artificial intelligence or we have agents talking to each other, could they potentially get to a point where they develop their own language? Which it sounds like is what this is essentially. But really poor operational security on behalf of the individuals who set it up. Right. So and, and that's not surprising. Right? Not at all. We're still seeing that. Right. Everything is like this. Like cloud was the same way. Right. If you think about cloud, when we first started with cloud, lots of feds were afraid of cloud. A lot of people were like. There were also a lot of people were saying, oh, it's going to be more secure. That's how it was being sold. It's more secure. And if we've looked over the last, I would say decade or so, we've seen there's been more breaches involving the cloud because the cloud is not as secure. It's only as secure as you secure it. Like your controls, like it's not a kill. All right. Like even cloud, Cloudflare for example, gets hit like with these huge DDOs and they've been taken down before. So like they've come back Up. But my point is nobody is sort of invulnerable. Is vulnerable. Is not. No, I had it right. Invulnerable. Nobody has the ability to be invincible when it comes to this stuff. Right. Like. Right, yeah. But no, the other thing that these AI created was a religion. I don't know if you read that. I, I've heard about this. I think it's crazy, but it is funny at the same time with like, almost reminded me of like Terminator esque, like very skynets. It's fascinating, right. But at the end of the day, the way I frame it, it's an LLM and it's probability. That's it. It's. What is the next word? Yeah, but I think they call it sycophancy to make it sound and be warm and I mean, I literally have conversations with my AI and I get angry when it doesn't produce what I want it. I. Yeah, yeah, it's like a normal conversation, but then I know that it's just math in the background, probabilities on. Okay, what is the next word? The way it puts things together, it's like it still makes you pause. Right. I think I don't want to take away from all the people that created this. Of course. Yeah. But then when they're pontificating that it's going to solve the world's biggest problems, that's where red flags go on. Yeah, tell me about it. Like to that, to that point, like one of the things, I think with a lot of generative AI models, like Claude's a great example. So I, I've messed with different things. I mess. I haven't messed with ChatGPT, but I messed with Gemini. I'll say. Claude has been very helpful as a researcher and analyst in threat hunting and in doing like, even cybersecurity engineering, like building a guide, a walkthrough. It's really good for people who are neurodivergent. I'll just say that right now because one of the things it can do is, like you said, it's using probability, but it's also using human language. So you're, you know, you're inputting an idea and it's using its wealth of knowledge, its research, what it can do, like going out to the web, you know, digging things up. And there are people who use it in a way where they got to be more careful. Right. They. They don't. They're not doing it in a very vague way. When I'm doing. I'm doing it a very vague Way, like very high level, like, hey, how do I integrate AWS into this type of tool? Right? Or something like that. So like, because recently I've been working, doing engineering stuff. But, um, the idea though is like you said, there's probability assistance. So like, if you have. I think it's like a temperature. So a lot of AI model LMMs have like, like the Bedrock models, I think with AWS, right, they have a temperature. So if you could set the temperature like 0.7, right, you're going to have a more random, more creative answer. Whereas if you set it back to zero, you're going to get like, hey, I'm talking to a person. Right? Which is amazing because sometimes, especially when you're in, you know, consulting or you work in a contract and you have a small team, you may not have somebody who can easily answer your questions for you. Right? Which is one of the benefits, I will say this, is that can it replace a human? I don't think it can replace human interaction. I'll say that. I just don't think it. And I think you still need a human. Right. A good example is customer service, right. I don't know if you've had this. I'm sure you've experienced it. You'll call a number customer service and you'll get. Please choose from the following options, like the stupid menu. It's like, I'm sorry, I couldn't understand that. I'm like, I'm speaking English. What do you mean you can't understand that? And I joke, joke afterwards. I'm like, to the customer service person, I'm like, hey, I'm glad I could get to you because I don't want to talk to this robotic, you know, automated crap, which isn't even AI. It's probably just automated. But you'd think at that point. And even then AI is known has the models can create hallucinations. If we've seen show up in the news with like, for example, I don't know if you saw the Deloitte thing with Australia. They. Somebody basically didn't. I essentially hallucinated a bunch of facts that didn't exist. Things that didn't exist in an audit report. So they owe Australia a lot of money. Like it's $300 billion or billion. I don't. Some ridiculous amount of money. And then you've seen other rooms where like people don't quote the right sources or that source didn't exist. And like, this is where, you know, go when you're in college or in High school, you learn, you know, MLA style. And I forgot what the other one is. Um. Oh, yeah, crap. I for. You know which one I'm talking about. The one you learn in college. So it's like how to cite your sources and stuff. Same works with AI because. Just because AI is giving you that information and giving. And especially if you're going to present it in a way that you're going to use it in, like you're going to a conference, for example. Right. It's different if you're like just between your peers. Right. But this is also another area. Right. Like you're. You're asking for information. It's not always accurate. And I could tell you this is where vibe coding comes in. Right. What we were like, which you've been following, I'm sure. Like, people are just vibe coding. Right. Which is that MOLT thing, I guess, is a way. Right. If I'm not mistaken, that was the whole joke about it. Yeah. Well, MOLT is more kind of literally agentic, that automative AI. But yeah, the vibe coding, again, it's a marketing term. But I want to dive deeper into the hallucinations because one thing that I noticed, I remember when I was talking to a former guest, she was a former bartender coming in and doing pen testing, kind of offensive security. And she's loving it. And the typical questions that I asked, do you think AI is going to take your job? And you know, she said, no, we still need people in the loop. And in the back of my mind, this is roughly like last summer. And I'm like, now it's happening. Now you see automated pen testing tools. Yes. But I think I'm going in reverse. Why? Because to that hallucinations, or what I call. It's just making crap up at the end of the day. Right? Right. Yeah. And when I was trying to do. I'm going to speaking overseas at a conference, and I put. I use Claude and I put everything in there. Make sure you ask me questions until you understand what I'm asking for is kind of one of the prompts that I use. And it still wasn't generating and creating extra stuff. And I'm like, I had an epiphany. This was late last year. I'm like, it's not going to replace peep, Right. I didn't think so either. And we're unfortunately, one of the things with some of the fields. Right. With pen testing is a great example, red teaming. This is an area where we had already had a lot of automated capabilities like synax a great example. They're a firm that does automated pen tests and does outsource everything to them. And, you know, pen testing is a. Is a. Is an expensive process. It's not like the talent that you need to do it is not cheap. At the same time, you still want to have a human at the end, like, other end. Right. Like, because, like, even. But we're seeing adversaries doing the same thing. Right. They're leveraging a combination of artificial intelligence or LLMs. Yeah. You know, there, there's a balance though. Right. But I think what's happening now, two or three years ago, CEOs of all major global corporations were hearing the AI buzz, or the LLM buzz. Yeah. I don't want to. I don't want to continue with that market. Automation is really what it's called. Let's be honest. It's just automation. It's glorified automation. Ultimately, they got to that FOMO fear of missing out, like with cloud. Yep. They're spending millions, hundreds of millions of dollars. And now they're looking at it. Oh, wow. Because in like, for example, in my. In my current employer. Yeah. Which I've not named. Nobody really knows. I didn't even know. That's good that they found some. That's cool. Awesome. Yeah. And when it comes to that, it's like nobody really knows. Right. Hey, use AI. But it's not. And some people would push back on me. I think it should come from the top. Right. Or create a culture where it comes from the bottom as well, to understand, hey, I could do this, I could do that. But I think right now the industry is at a tipping point where they let go of a lot of people. A lot of layoffs continue to happen, both in IT and cyber, unrelated not only to AI, but. Yes, correct. Right. There's a lot of other empty. We're getting politics involved in cyber. Which is annoying. Correct. But you really shouldn't have that. Yeah, yeah. It. It varies, but I know people that are hit with that, you know, obviously they want somebody to. To blame and it's kind of AI. AI is the, the easy kind of scapegoat right now. Exactly. Yeah. But, yeah, it's just, it's fascinating. But again, we're still going to need people in the loop. And as another example, not AI, but cti. Yes. Yeah. I have a very unique perspective of how AI should be. Should be done in global corporations. I'm going to throw myself out there. In my previous chat, had an AI colleague that I had met and I think a people doing cti, they're doing it all wrong. Why? Because it's underneath the sock. Security operations center. I 100% agree with that. Yeah. Get out of the closet of the SOC in the corner. And it's got to be its own entity that reports directly to the ciso. That's my. So I don't disagree with that, but I'm also under the impression that, like, we have too many silos in many organizations and like, this is where I would. This is playing devil's advocate as someone who's been on both sides. Yeah. So, you know, I mean, like CTI in general, I think just like threat hunting, like a lot of people see threat hunting, don't think CTI plays a role into threat hunting. And it plays a huge role. Yep. Because especially for initial capabilities, when people are developing a threat hunt program in their organization. Correct. The SoC, at the end of the day, is also providing information and useful data points that can lead to building intel in your house. In house. It can lead to building, you know, specialized detections. It can lead to threat hunt opportunities, new opportunities where there's a. Ideally, like the thing with Chris, which Chris created. You remember when he was at. When we worked with us, he had an idea of the OODA loop, which is like term that was, I think, captured by Squirrel does it with their back. And I don't even if they are still exist, but they were essentially. Yeah, yeah. The hot maturity model, the OODA loop. This is a term, you know, the term that, like, you're thinking about, like you have both. But in the way that I think of it is. I think of. It's like a conveyor belt. Right. Everybody is going more or less like back and forth, sharing with each other. Right. That's really the goal. Right. So, like, you want to share with people. You want to. And that's how you get better. Just like AI, if you think about it. I love your perspective on this because you're right. We are in a siloed environment. And another guest that I interviewed, I think I released, her name was Smirti. I talked to her late last year and she talked about systems theory. She was coming from the biomedical engineer field into cyber. And I'm like, hey, I'm pretty ignorant. Can you. Can you elaborate a little bit on systems there? And she said how everything's interconnected, but we live or we view the world in a linear fashion. Right, Right. Yeah. Whether it's coming down from the ciso, the managing director, all the directors and managers, whatever but to your point, everything is interconnected, right? The problem is everyone is in their little silos. Which is a problem. Yeah, which is a problem. And so now what I'm doing kind of, you know, extracurricular activity outside of work, I am looking at systems theory and how we can bridge that or use that to solve our biggest pain points in cyber. Because right now, will more money make us safer? No, not. I don't think so. Even you could have the Cadillac of everything and you're not still going to get hacked. Like the human element is here still. Like you don't just. Yeah, and to your point about the cloud, I think now, yes, people are still getting compromised via the cloud, but the complexity is just enormous. We keep on buying tools, all of this shadow it, right? You're just adding things on top. And then that's the thing. When you have the. I'm a big thing of quality, quality over quantity. Where some people are like, oh, how many incidents did you solve? How many things did you prevent? Why not working collaboratively and then you create your own, you know, in house intelligence. Now obviously this requires a lot. You need to have a mature state, you need to have mature soc, et cetera. But, but yeah, to your point, like you keep stacking all these tools and I always tell this to people like, hey, you know, you have all these tools, you have the data, you don't need any more tools, you don't need more redundancy. What you do need to do is you need to get your, your one year, your personnel or your employees trained on the existing tools, get them to understand it before you start buying more tools. And then, you know, you'll have somebody coming into a contract who will be like telling the customer, oh yeah, you should get this. And like, don't get me wrong, that is what it has. It has become that there's been a lot of salesy and AI has been pushed, by the way, a lot. Where I at, where we are now, where I same. No, I'm saying where you used to be, you'd be dealing with AI. You'd have to take a lot of training and all this stuff now, which is not a bad thing, right? But again, you have to understand how is AI going to help your business reduce risk and how is it going to help what are you using? So this is how I think of it. When I think of AI, I think of it as it's a, it's a tool, right? It's not a solution, it's not a prop, it's not Going to make my day, make everything better. It's not going to like, you know, create world peace, you know, it's a tool like, just like you think of Miter Attack, a great example. That's a tool, I don't think. Or if we're going to look at realistic, like more realism, like a screwdriver, right. It's a tool, it's not meant to like open your door open. It's meant to help you with certain things. The way I think of AI is that it helps us do the monotonous tasks or the mundane tasks and make our lives easier. Whether that's building documentation, whether that's creating like a script that we can then, you know, ask someone to like do a review or build pseudocode for those of us who for example, are not coders, like I am one of them, I'm not a coder, but I've learned to use it, you know, to help me as someone who's neurodivergent. It can help me learn, understand better ways of communicating a thought. Right. Like there is a lot of benefits if we think of AI is not so much as it's like a selling mechanism, right? And a mechanism and a thing where we just sell it, right. Because that's, that's what has happened. We've, you know, we're capitalist society. That's just how it is, right? We sell, sell, sell. So like, the idea I think of when I think of AI is I think of it as, you know, it's not going to take away my job. What it is going to do is it's going to speed up the process. I was, for example, when I'm building threat hunt queries. Yeah, I was asking it, create, can you create a KQL query for this thought, like this use case. And I'd obviously still have to go through it and tweak it and stuff, but I'm saving myself trouble of having to go dig Google everything, look everything up and it's pulling everything up together. Or today, for example, I asked it, can you write up a step by step guide on how to integrate, what is it, AWS, CloudWatch into WAZA? Because I have no idea what I've heard of WAZA. It's an open source tool, it uses Backend Cabana, but that actually worked. So I, I kept tweaking it. I tried it on my Pro account first, then I tried it on, you know, our company AI we have. And then. Which is Claude. I had Claude access. So I went and tried that and then I went through the document, followed the instructions and got it to work and it showed, oh, look, the index pattern is showing up now. And I'm like, okay. And this is someone who's not like, I'm not an engineer. I haven't engineered since like 2015. So like, this was cool and it was a tool. I'm not saying it's gonna replace things. I even said to people, I said like, hey, these still need to be tested. I said in our, like, documentation, they asked me to help with like, hey, you know, this still needs to be tweaked. You can't. I don't want to say these are examples. That doesn't mean you should use these as like, you know, gospel. The idea is like, you're giving, you're using to help take your brain, right? You're giving it what's in your mind, right? Instead of writing it down or having a conversation with somebody and you're saying, hey, can you create a step by step? Right? And for some people, that's very helpful when you have a step by step. I'm very process oriented, as you know. So like, for the, like, that's how I view it. I view it as a tool to helping me, like, make my communication better. Help me task orient, you know, orient my tasks better. Understand, like how to find, like learn things. Like, it really depends what are you going to get out of it, right? That's the end of the day. At the end of the day, when you're using these tools, you have to understand there's, you have to have a goal right in mind of what you're doing with it. Are you strategy? Yeah, exactly, strategy. So like with cti, for example, if you're going to build a tool in AI, like you want to solve a problem, right? That's your goal, right? So like, one thing I was doing was trying to figure out how to pull raw indicators out of like OSINT reporting. Like, just. So instead of having, you know, have an RSS feed, I obviously haven't had a lot of time to work on this, but the idea basically was to pull out indicators of compromise and indicators of attack. So text code words, they're words that like I talked in my presentation years ago. Yeah, with like puzzle pieces or cook or like, you know, puzzle pieces within there. Right. Like, and then pull that out and then differentiate that into like a document or something that would. Then you could easily upload, say the indicators, of course, compromise into your, you know, your sam, your edr, whatever. But the goal is really, instead of someone having to manually do it. Because, like right now a lot of these are very manual. Right. But finding ways to like solve a problem. Right, that's, that's the best way as a society, we should think of AI, should figure out not it isn't us, it doesn't solve the problem. But it may help us think from a higher perspective. Like, oh, maybe this. Because we already have that background. Right. The knowledge to give it that. So, yeah, I guess just the way everything that you said, I definitely agree with. It augments our intelligence. At the end of the day, it doesn't replace us. Exactly. Yes. Even though these Silicon Valley bros think that it's going to replace us and we're going to need universal basic income and all of this shenanigans that they're spewing out there. So where do you see? I don't like, you know, at the end of the year, everybody loves to pontificate, oh, this is what's going to happen in tech or politics or whatever. And I don't really like that because we're crappy at predicting anything. Right. And the Simpsons is better at predicting things than we are. To be totally upfront with you, like, they predicted everything in the last. Well, I mean they've been going for 80 years. So all stories have been, have been released based on that particular show. But again, not to predict. But what do you think? If we do this conversation year from now, what would have passed? Do we see more massive layoffs? Do we see leaps in the capability of these LLMs to say, oh, wow, okay, now this is pretty cool. What are your thoughts? So I see a lot more cyber campaigns involving AI and I see a point to a point from the adversary's perspective. From the adversary's perspective, because the fact we're putting it everywhere. What I. And we've already started seeing this. There was a report by, by Anthropic. No, yeah, no, by Cisco, actually Talos, about. Oh my God Void Link, which they're cat calling. It's a malware framework targeting Linux cloud systems that an individual. They believe right now they assess that an individual created it on their own with generative AI. There was nobody else. They created that. So like whether it's. And apparently it works, it's legit malware. So like it's a sophisticated framework that basically is going after. And I'll, I'll send you the article. Remind me after this, I'll send to you. But what I do see, similar to like what happened with the cloud era and you know, the boot, you Know the, the tech boom, the, you know, the world Wide Web, et cetera. When, you know, when I was younger, yeah, I do see us one adapting. I see society in general becoming like, using it as a tool. I also unfortunately see us relying on it too much, which is a problem because if we look at AI with, with social media right now, a lot of people rely on social media a lot. Like, and I'm talking about the entire, like every generation, a lot of generations. When you say rely, what do you mean? So like it's that tool that you can't, you know how like you have a smartphone, you can't shut it off. There's people who just have addiction. They love looking at their feed. They love. Like that is what I'm talking about. It creates an idea that we think we can replace a human interaction with AI. Like we've seen this in the news, that type of stuff. People thinking, oh, you know, I don't have friends, I don't have a girlfriend, I can make an AI like to that level. I don't, I don't think it'll be as, as expansive. But I, I do think from a cyber perspective because I think especially with the current status quo on what's going on with cuts within the cyber world, within the federal government, when it comes to cyber operations and cyber capabilities, we will see an increase in, in my belief in adversary targeted AI campaigns. We're already seeing that in, in social engineering. We're seeing phishing kits that are built in AI. We are seeing not just criminal actors, but we're seeing, you know, the Beck scam stuff. I expect to continue to see that. I don't think a cyber company that has AI built in their technology is frankly going to be able to stop these threats. Because what I, and this is sort of the idea I have when it comes to cyber, there's a human element at the end of the day. And like you could be crowdstrike, you could be whoever, right? You could be Microsoft. At the end of the day, there's a human on the other side of that, of that computer. And it's not all going to be automated. Like, yes, there's automation, but the problem with automation is it's a lot easier to detect that stuff these days. So what we're seeing at least like for example, China PRC is, I think we will continue to see them being more aggressive, more target. Like, so there was a report, I mean, obviously the anthropic thing, I know about that, there was also a report where I think it was Mandiant was talk, Google Mandate was talking about Strat and Microsoft also talk about like they'd been watching various adversaries starting to leverage artificial intelligence and LLMs to try and ask it questions like we're asking. Right. But more or less to get quick informational vulnerabilities to speed up. So what I think is going to happen is I and genuinely do agree with, I think this is where we're going. They're going to get faster and they're going to get quicker. Like China is accelerating with zero day exploitation almost like three months in advance. This is something that is scary because as you know, vendors don't ever have that visibility. Right. They either don't pay their bug people enough or they cancel their bug programs or you know, they just like someone finds a zero day and they're like, oh, I'm going to give you nothing. Right, right. That kind of thing. Right. We've seen that. But truthfully, like we're seeing it, it's happening like day to day. Like I'm seeing, I'm going online and I'm seeing there's a new compromise, there's a supply chain. Like you have AI supply chains. When you start integrating AI into Salesforce, you start AI entering into that and it connects to other things. Like, like we were talking about, you stack tools on top of tools. When you start adding AI into an infrastructure, right. Your existing infrastructure and you don't have the proper security mechanisms, you don't have the controls. You don't have a good grasp of like usage and how you want it. Strategy, governance. Exactly, exactly. Compliance, like security controls are essentially requ. Like some organizations, I will say, are doing very good with how they're handling AI. They're not rushing it out, they're having it through test groups, they're doing it through pools. That's a smart approach. Yeah. And I will say that one of the. Yeah. That some of the agencies are doing that. I don't agree with just throwing it everywhere. Right. With just shoving it out and saying, hey government, you can have all this AI for free. Nothing is free in cyber. And like if someone says we'll give you the sensor for free, that means they're going to pull in your data. Right. Like truthfully, so what I'm hearing, Max, and not to put words in your mouth there, that the adversaries are going to be leveraging LLMs more this coming year. So then are you predicting or you saying that it's just going to be a tidal wave of data breach after data Breach after data breach. I've been seeing that already. Like, I've been constantly seeing that. I'm hearing breach, breach. Like, there's been what? I think there's been like 20 breaches this year so far, and we've only in like the first month. How can we attribute that unless we're like, behind the scenes doing the forensic work. So associated with, truthfully, like, the pattern of behavior we're observing, like, in just the techniques, the tactics adversaries are leveraging. Got it. They're doing things that are more. Even Mitre's adding things now for AI because they're concerned. Like, they've. They've started adding stuff that's. They've added more to cloud, they've added more to development tools. Right, right. Like, the Notepad plus plus thing is a great example. There is no way in hell, in my opinion, that that was just something they just put together. Right. I'm sorry. So, like, it wasn't a vulnerability. It was essentially a flaw in how the update software worked. But at the same time, Notepad has gotten targeted before. Yeah, but what do you think if, like, they could do this in, like, record time? So, like, one of the zero days, I think for Microsoft or Google, that was outlined not too long ago. I think they mentioned that China had essentially, if I recall Mandy and Evangel saying, like, they had it more or less. It done it in less than, like less than four months or something before. Some of them were like a year before the thing was published. So, like, that is the concern I have. And I'm not saying every adversary is going to have this capability, but the ones that are the most destructive to Western civilization, like, Western culture, like to the west and targeting, you know, Southeast Asia, anyone who supports Taiwan. Right. Like, I think our reliance on it, our desire to utilize it, means we also have to understand how to best defend it. And this is where I'm going with this. As in you won't have that issue. If you understand your ecosystem, you understand and have that visibility. And this is like with Edge appliance, it's a great example, if you notice, with Edge appliance, we continue to see that regularly because those devices were never designed with security first in mind, like firewalls, you know, switches, routers. The reason they get targeted so much is because we don't have visibility in that, because they were never designed to have like an EDR placed on them. And honestly, if somebody comes up with that, they're going to have a billion dollars. They can figure out a way to do that without interfering with the actual operating of the. But that same idea, like there are companies talking about integrating AI into critical infrastructure. I think that's a dangerous idea. Just saying from a perspective as how quick, how long it took them to figure out how to put, you know, to get in the cloud or even move into like more newer versions of Windows or Linux, right? Unix. It's like, it's a dangerous thing because we, we don't like with the thing with the Mult. I forgot what it's called. Mult. What is it? Multbot. So that whole thing, right? What if you create a situation with that type of stuff where the technology and OT is unique because it's like got a single gut job, right? If you give it. Ask AI to give it something, right? Or you program AI, give it a script, you. It's possible hallucination could cause it to not do the job it's supposed to do. So like this is where I think there has to be more research like you said, more governance associated with AI. I think we like genuinely that is how you prevent this, this tidal wave of threats that potentially come to fruition. Right. So. Yeah, yeah, no, I agree. So let's leave on a positive note because you really got me all, all depressed here. It's like, oh my God, I'm sorry man. You know, I work in this field. It's just what we do. You. I know from a. Yeah. From a network defender perspective. I know it's going to be hard for, for everyone. Especially with the cuts. Guts. The cuts to government cuts to private sector. Right. It's just crazy. So how do we, the people that are fortunate to still have, you know, work the greater. How do we defend what are, what's something that we can do is in our respective areas to affect the defender side. Yes. Yeah, yeah. So if, if your network. I guess we're talking network stuff. Let's start with network. You can look at patterns of behavior involving traffic to you know, engine AI sites, for example. So like you could potentially monitor, you know, your user base specifically because potentially that. So I'm thinking of more from like a user risk, like creating risk. But one way is you could prevent that end that level right at that layer. So you could monitor, you could block AI sites and only limit it to like what your, your, you know, your, your organization allows. Right. This one prevents potential inadvertent, you know, leakage of data or someone providing accidentally sensitive data to the cloud up to like Claude or you know, and it also then makes your Live, you know, your defenders lives easier because then they're like, oh yeah, I don't have to worry about responding to this because there's not, there's not a huge concern there. Right. And I'm thinking of like what we have visibility into. Right. Not so much with the, the external. Right. So that would be one way for network. You could look at traffic patterns like see if people are actually regularly going to AI sites. Obviously there are AI sites and they have articles and stuff on them. That's different. I'm talking about specifically prompt engineering, like, or someone going in that's not approved, basically. Right. So you could, that's one way you could stop or prevent threats from an internal perspective. So. But that, that's technical. What would you tell the executive? Sure, sure. What would you say? I would tell them you should block AI sites or artificial intelligence language, LLM sites. Anything that you believe does not fit your governance and it and only allow approved software, approved applications. That's what I would say. You should have an application approval process where you have a security review of your processes and your applications. That's the first step. That's what I would tell them. I would say if you don't have that, you shouldn't be integrating AI, putting AI everywhere. You should have a software, you know, basically a review program or some way where you have a. Whether it's like some sort of documentation pro, you know, process where you put in a ticket. It goes through like a person who's doing vulnerability valuations and reviewing the code, making sure that whatever is being. And like that kind of thing. Yeah. So basically having that element that's less technical, that's just saying, hey, review what you put in place. Just because it's open source and it's free doesn't mean it's free. That would be the one thing I'd say. Right. From a less network perspective and from an, yeah, from an endpoint perspective like set, you know, ensure you have good security controls to prevent individuals from, you know, releasing data that is otherwise valuable to the company. Whether that's, you know, DLP or some sort of, you know, insider threat type. U UA user analytic behavioral analytics tool. Like. Yeah, I think that's where we're going in this direction. I think honestly the scary thing I would say. Well, not scary then the one thing I will say about AI also is not just from an external perspective, but it can be leveraged by an insider as well. So like, I think we're going to actually see, probably the good news for people is I think there will be an increase in jobs when it comes to insider threats, because insider threat roles, because I think that's going to become a thing, a more of a prevalent thing than it has been in the last decade or so. Like, it has been a thing. Right. We hear about every now, you know, you have Snowden, you have all the different people, but point is, like, you just got to think about, like, people are going through hardships, people are going through stuff like, why not protect your organization and ensure that you have good controls and detection in place to identify, you know, but also help those people out if, say, they're struggling. Like, that is. The easiest way to prevent these things is to understand there's a human at the end of the day. Yeah. And that's sort of like my, My philosophy with the. The thing I'm going to be building is, is it's all about humans, like the human cyber element. And yeah, no matter. No matter what happens, I know we'll be long gone 200, 500 years from now. It's always, who knows, China might still, you know, they might be replaced with their organs. You heard that? Like, oh, no, I haven't. I haven't heard. Did you not see that? Xi, Shangpeng and Putin were all. When they all met, I. What was it called? The. I think it was not some summit they did. I think in Russia, they're all hanging out and talking. They see about how, like, oh, we can translate our organs back and forth so we can live forever. I'm like, oh, God, please, no, that is. I don't know why. Makes me think of futurom. I know. I don't know what's the fascination with Silicon Valley and people in power wanting to live forever? I don't know. I think it's movies and medianists have done that or some egotistical slant there. But Max, this has been awesome. It was good catching up with you. Yeah. For sure. And yeah, definitely do this again someday. Yeah. Just for sure. And whenever you get with your podcast, you know, love to. To be on, talk about it. Sure. Awesome. Sounds good, Danny. Thank you.