Treat AI agents like human employees

The CISO and the IT team needs to own AI in a company. Don't give it to someone else. You need to own it. You don't manage the IT for the human. You have to manage for the whole. Welcome to Trust Issue by DMO, the podcast where we go beyond checkbox compliance and get real about security. In every episode, we break down what's happening in the world of CMMC, cybersecurity, and GRC, straight from the people building, auditing, and living it. Real conversation about real security. All right, today we're going to be talking about AI security. So AI around, or security around, Copilot, Microsoft 365 Copilot, Copilot Studio, ISO 42001, basically the sort of AI maturity framework for companies and kind of starting their AI journey. And becoming more and more mature and kind of what are the sort of 4 steps to AI maturity. So Bruno, maybe you want to just get us started with what are sort of the 4 different phases and maybe talk about like what is BeMo's, you know, BeMo's history with AI security. Yeah, and what I will start, I will preface it, you know, I took a class at MIT and the professor told us, that what takes, what before would take 10 years will take now 1 year. So everything goes a lot faster. So think from the world of AI now, 1 month pretty much equal 1 year. So even now as I talk about AI and I will talk about the journey of BMO and again, if I think we really started last summer, so a year ago, not even, 9 months ago, and it looks like it has been years, but it's just from the speed, from the, just, and so it's kind of very interesting. If I put myself as a CISO again, the first question was, you know, do we deploy Copilot at BeMo? Like, would I see an ROI? You know, at one point was just like, you know, it was the, you know, I feel like the beginning 9 months ago and we were like, you know, am I going to pay this $30 times, you know, all the employees? Would I get my money back? You know, is it worth it? It's just, you know, and we were like, you know, let's bite the bullet. And you know, so first we just gave it to, you know, 5 people and they are like, wow, you know, I was one of them like, wow, I didn't realize what you could do with it. Then we gave it to the whole company. So as of last July, the whole company had Copilot. But again, part of it, what was interesting is when you go to the system, when you were looking in the backend system, you're like, wow. Everyone was already using AI. You like it or not, people are using, they go on website, ChatGPT, they go and we check the, you know, remember in July you had 38 AI system on BIM that people will go to all SaaS. How could you tell? Were you using Microsoft MCAS? Like what are you using? Exactly. In MCAS, it will tell you, you will get and you're like, oh shit, that ChatGPT, someone went to Claude, someone went and very often it's even people using, you know, we at BMO, we use HubSpot. And you have Breeze AI. You're just like this. People don't even realize they use it. And it was like, oh shit, you know, we have to block this right away. So the first thing we did is we blocked every app, every AI. And we just said, okay, we are only going to allow Copilot. Because from our perspective— Microsoft 365 Copilot. Microsoft 365. Because from our perspective today, What I love with Microsoft 365 Copilot is I know when I put my data into it, it's not being used to train. So for that, I would have to buy ChatGPT Enterprise for the same thing or Cloreprise. But if you have the free version of every AI, they use it to train. So we didn't want to block because again, at the end, let's face it, I could not, I could say I block everything and I'm sure people will go on their phone, on their tablet outside and then we'll ask anyway. So it's like, you know, why, why, you know, kill myself on like, no. So we say, okay, we are going to control it. And every month we check because there is a new AI coming. So we create, and it's how we create our first offering from BeMo. Again, it's what we call shadow AI. So again, it's just block, block AI and decide as a leadership team, what do you want to allow? Okay. So control it. You don't have to sort this. So this is all first offer. So you're basically, you're able to do this with Microsoft MCAS or data loss prevention, like DLP policies. Yes, exactly. So this is the first thing you do. Then the second time, what we did again, we deploy Copilot. So again, same thing for Copilot is, woof, you have to make sure before you deploy it that your data, your secure, your SharePoint has the right permission, that you have the right label on your document. How do we make sure? Because Otherwise, you can take Copilot, what is the salary of Joe? If he's on a SharePoint that is open, he's going to go find information and he will give it back to you. So there is a lot of things that you should deploy before you deploy Copilot. And I always feel like Microsoft, Google, or all the vendors, they try to make it very easy. Just buy my subscription and you are good to go. Yeah, they are right. You are good to go. I mean, it's kind of like the GRC platform saying all you have to do is buy a GRC platform and you'll become SOC 2 overnight. Exactly. You'll be compliant. You'll be compliant. Turn it on. It's not true. Yeah. It's not true. So here is the same. So, and the difference is, you know, I see with a lot of clients before they didn't really care. They cared about SharePoint, uh, permission, but they will never go back. Yeah. Microsoft Purview seemed to always be like maybe the stepchild of the Microsoft family where people didn't really understand or really care about Microsoft Purview, right? We see it with our customer. As soon as we wanted to deploy Purview, many of them, no, I don't need it, I don't want it, I don't know. And now it's becoming the first one you will deploy. So again, this is from Copilot. So again, from a BMO perspective, what we did, I remember it, September, October, November, December, the whole company took classes. So once they're from outside, remember, for first month was a Copilot class, so basic class on Copilot. The second month was prompting. The third one was, you know, build your first agent. So kind of how as a company we, you know, start to learn it together. And, you know, and we are now at the phase 3, which means, you know, now everyone use Copilot a lot and now we have our deploying our own agent. Okay, interesting. Well, maybe before you go into talking about agents, let's stop at step Stage 2, which is deploying essentially safely and securely deploying Copilot for everybody within your organization, at least specifically Microsoft 365 Copilot. But what are sort of the prerequisites that you recommend organizations take before simply assigning a license to everybody? Oh yeah. So again, the first thing, now Microsoft, go again, first thing, all your SharePoint, go check your SharePoint permissions. Are you sure that the person, no one outside of finance can go see finance? So again, you decide who should have access to what. Okay, so this is ready. So go check that. You'll be surprised how many people have shared files or stuff outside. The permission is open. And it's just like, okay, go fix it. The second is identify again when we deploy what we call document protection. Okay, which documents are sensitive in your organization? Which one is just— so it's— Right, so this is the Microsoft Purview's ability to essentially identify, classify, and label your documents. So for example, within Microsoft Purview, let's say you're a healthcare company. You could identify, okay, of the million files we have, Microsoft can immediately identify which of those million files has PII on it. Let's say Microsoft, find all the documents that have Social Security numbers on it. So now you've identified it. Second is how do you want to classify that and what type of labeling do you want to put on that? Do you want to add a sensitivity label? Automatically and have it only people within a certain SharePoint or M365 group have access to that? Do you want to just automatically encrypt or whatever? So you're saying that you should have a good understanding of all the different types of information or files that you have within your SharePoint and OneDrive. Then the third thing that we saw internally, our CFO, again, CFO is in spent his life in Excel creating numbers, you know, doing calculations. So he has multiple versions on the financial part. Okay, so this is very classic in finance. You have a financial model V1.12, V1.14, uh, uh, Model B, Model C, right? Yes. But the problem is Copilot, you ask the questions, if you are not careful, he's going to look at a draft one. Right. And you need to— what's my cash on hand? Well, my cash on hand from which version of what model? My actual P&L, you know, my actual balance sheet and actual P&L, or all the 15 different models that I have that are drafted, right? So we had to come up with a process of like, you know, no, Copilot, when we ask those questions, you can only go to the document label approved for that, approved for that, you know. So essentially final versions and not works in progress. Exactly. Okay, because I'm raising your finance. So again, it's also, you have to prep all that otherwise, when I say garbage in, garbage out. And you know, so I think it's, so once you have that, then go deploy it and start small, see, oh, you know, right. But, uh, you're saying start with some power users or maybe some people in IT and maybe the C-suite. Uh, and once you've done beyond that, you can go, uh, try and deploy and monitor and audit. So again, from an IT, but monitoring audit, again, you have a lot of reporting now. You can see how is it used, what do people do, what do people do. So again, don't, you know, start and you see yes, it's being used correctly, not correctly. You know, it's, you know, the advantage of that from what we deploy, because we have deployed Purview into it. Same thing, you can try, can someone, is a good trick, you know, Take someone who doesn't have access to finance and have that person ask questions about finance and see if you get a return. If you get a return, something is wrong. So again, I have a lot of testing. So again, it's— All right. So we have phase 1, which is essentially the shadow AI. Use your abilities within Microsoft DLP and MCAS to be able to identify which AI solutions you want to approve as an IT organization and block the others. And then once you have the ones that are approved, then go do your work within, you know, within SharePoint, Purview to be able to apply automatically sensitivity labels across the entire organization so that the people using Microsoft 365 Copilot only have access to the things they should have access to. Okay, great. Now we're on to phase 3. What's phase 3? Phase 3 is now, you know, if I look at Bevo now, we have 65 agents running. So it went back to one person create one agent, two agents, you know, went through the training and now people are developing agents. So now again, now you're entering in a new world of, okay, what do you allow, not allow again? Can the agent make decision on your behalf or not? Can, and so it's again, now I look at it is to treat your agent as a human. You know, you have, you know, we have access for human and you have access for agent, but it's the same thing. The same as for human, what you want that role to do and not to do. So I'm someone in HR as a human, you have access to XYZ, but you're not, you're not allowed to talk about XYZ. Same thing with the admins because, again, what we have seen, you know, you see some hack right now is someone go to a chatbot run by AI and people start asking these questions to the chatbot and they are getting all the information from the company because the chatbot is connected to the company, but they didn't put the safeguard. And now it's just like you can just ask anything. So again, from that is— So what is Microsoft doing to essentially apply what is essentially identity and access management policies to AI agents. Exactly. So again, there's now Agent 365 and Agent, you know, and Entra, you know, it is all same thing. So they treat the same as a human. You have every agent has his own identity. They has what they can do, what they cannot do. So it's the same. What level of access it has or privileges across the tenant? Yes. Yes. Wow. Okay. So BMO even took it to a different level where our agents, so it's very funny. From the human at BMO, we have levels from 1 to 11. So 1 is, you know, you are a trainee and you go up. We have applied the same model to the agent. Oh, you're talking about like HR levels, like— HR levels, sorry. Like level 1 being an intern to level 11 being the CEO. Yes. So you go there. We have applied the same thing with the agent. So our level 1, you know, is kind of thing of the trainees. This is, he can only read, he can only do, you know, only one thing at a time. So it's kind of your first level. And then he goes to different levels. So, and after that, we have the level for orchestrator. So same thing at BMO, you can be level 1, IC 1, 2, 3, 4. But if you can be a manager, manager 4, 5, 6, What we have for the agent is we have the same concept of InsetVion. The agent is not a manager, it's an orchestrator. So it's one agent that can manage multiple agents. All right. So again, it's all, so again, when you go at that level is what do you allow or not to do? Do you allow read and write? Do you allow read, write, delete? So for example, at BMO, we made the decision no agent can ever delete. Only human, only a human can delete. And it's the same thing of we are tying to the level of an agent. If an agent is level 5 or 6, a lot of power, I'm not going to have a trainee manage this agent. No, it has to be someone high in my company that understands the impact of the agent and how it works. So what you're saying is now you have to, you have to, uh, what, what you're essentially BMO's policy or your policy within your AI policy is that a human IC4 can only manage or create agents that are, have up to an equivalent IC4 power within the company. So essentially the idea is that like if you're the CEO or the C-suite, your agents will have more capabilities than the agents elsewhere within the company because it also comes with more privileges. So, I will— so at BMO now, our HR person, senior director of people and digital worker, okay? Manage both. Again, there's policies for the human and the agent, okay? So again, is how do we manage? Now on the org chart, you will have someone, an employee, IC4, and he may be an individual contributor, but he may be managing 3 agents. He is responsible for what the agent do, can do, for the testing. At the end, he's accountable for that agent. Okay. So it's the same as, you know, if he was managing people, he's managing agents, and he has to understand how the agents work, what can, you know, because, you know, you don't want the agent to— What are some of the agents that, uh, you're using at BMO? On software, so we have the simple one, for example, that will automatically, for the support, will automatically have the queue, will go through the queue, okay? And will automatically send an alert when the SLA is within the limit, or like, hey, if we don't act now, so you automatically go. You're going to fail the SLA from a Teams. It goes through a group, it sends, hey, be careful. It's like a Teams notification. It's a team notification where again, it goes, it's live and it goes back, you know, so this is again, you have a— It's essentially a simple workflow. Yes, you have a workflow. You have one, so one that I manage at BMO, we call it the CISO agent. So again, what it does, if I have a BMO perspective, is every month, the first day of the month, I automatically get about 60 reports created live. All my Entra ID, all my Entra log, my Purview, F60. And then the agent will automatically go through all those millions of lines, you know. And what is very cool, it is able to now analyze all the files together and be able to give me, this is the statute of BMO today on IT perspective. This is where I see there is an issue. Where I see, so it goes through, I get my report, and it can automatically— All right, let's pause for a second. Especially if you're a US-based business dealing with compliance, if you're navigating CMMC, GRC, or other cybersecurity requirements and still feel like you're stuck in checkbox mode, we at Beamo are offering a free 30-minute consultation to help you get clarity. And no, it's not a sales pitch for us. It's a focused conversation with experts who actually understand what real audit-ready security looks like. Whether you're preparing for certification or trying to fix gaps before they become problems, this consultation is your chance to get practical, actionable guidance. If we've got your attention, head over to bmo-pro.com and book your session. And when you sign up, don't forget to let us know that you heard about BMO through Trust Issues. We really want to know how many of you we're reaching. Create tickets to make sure we address it. So essentially, let me think if I understand this correctly. So within the millions of different Microsoft portals, right? Entra portal, into, you know, Defender, all that stuff. Sentinel. Sentinel. Essentially each of them have reports. You might have an Entra, you might have things like risky sign-in reports. Within Defender, you might have device compliance types reports. And so what you're saying is you found a way to take these 60 different reports across— I have an agent that go get the report, go get the report. Okay, you have an agent that simply just aggregates all the reports. Aggregates all the reports, save it internally so I have, from a compliance perspective, I can show every month we go— So it saves it within SharePoint or something? Yeah, it stores it, then we save it in SharePoint. And then you have another agent that basically, it takes all the different 60 security reports and tries to make sense of them comprehensively across the board. It runs for 45 minutes on average, you know, to run again. And you get a report from a CISO, and we have our security team will review that. And so what you're saying is that then what this agent will do is if it finds any anomalies or events that need to be actioned, it will go create a ticket within Zendesk and assign it to the correct person within BeMo to go review it. Exactly. So it goes through a card. So the way I look from a security view at BeMo is we have our SOC teams, or security operations center, that think of them as they are trying to make sure no one try to come in now. This is what they do. They are live every day. It's SOC, SOC, or a SOC team is inherently reactive to what is happening today on the test. First, because now my agent here is shaking my entire system every month to make sure that, you know, I have, I know my, my security level keep going up. The higher this, the less issue is being found month after month using real, you know, month data. So it's kind of how we move up the, the food chain and say, which was impossible for me to do before. I can tell you it was impossible because before I would have to manually go to get those reports one by one. It was no way to take all those signals. You just, I don't have the, we don't have the— Yeah, there's no, right. Previously it would probably take an analyst the time, hours and hours just to collect the reports. And then you had to like somehow make sense of it. And from my understanding, this is probably kind of like, let's call it like Azure Sentinel logs where it's like, it's, there's a ton of rows and you're like, is this even important? Right. And so now you simply have the bandwidth to make sense of it. Yes, exactly. Okay. So, and this is, that's just phase 3. I feel like, I feel like things really got complicated from phase 2 to phase 3. Yeah, we are, we are going to. So again, if I think in Copilot, the whole company, uh, is running Copilot on phase 2. In phase 3, you know, not everyone is going to be a, an AI developer or an agent developer, you know, it's just again, so some people will submit ideas of what they would like to see and some are very passionate and will go develop and from a business perspective is also Again, from my learning of it all last 9 months is try to go after the, what you need from a business perspective, not just do an agent for an agent and you don't have, you know, so, but comes the, comes the entire review. So we have this process. You create an agent, is being reviewed by a team. What does this agent do? What do you know? And, and we have a monthly review of all agents. Okay. So let's call it like, um, geez, agent lifecycle management. Yes, exactly. Exactly. Wow. Okay. We have agent lifecycle management. And, you know, the more complex your agent is, the more you have to show that, you know, uh, you are doing due diligence, you are reviewing what's being done, you are reviewing the answer. Again, it's just, you know, don't trust, you know, we all have used a copilot and you believe what— Who's responsible for that though? Is it like the person? Each person who is responsible for their own agent is required to do the auditing of their own agent? Exactly. So, so it's why again, it forces the business. You're not going to allow 500 agents because it's depending on the size of the company, but for the size of BMO, it will be possible to manage. So again, you just want to make sure it forces you to keep, I have the right agent for the business and it's why I am keeping them and some, you know, some some business, some agent, after 2 quarters, we kill it. It didn't work. It didn't, you know, just— It seems like it's very similar to kind of this concept of, um, you know, when you think about files, everybody creates files all the time, right? Everybody's putting stuff in their OneDrive all the time. And essentially what you're doing is you are, you know, more or less doing like the SharePoint lifecycle management, but now for agents, which is like, all right guys, like, This is duplicative. This doesn't make sense. Like this doesn't actually work. It's kind of useless. Let's just go delete. This is like an in-progress project, but like, what was this for? Okay. I see. But so again, so it's where for me, this is a big step between, you know, in our case, option 2 and option 3. Once you go to an agent, you are going to, you know, and after it depends on the agent for internal facing only or internal or external, right? Because the way I feel like is the same thing, you know, with Microsoft, there is a risk insider for agents. So if you are a human— Insider risk for agents? Yes, yes. Because again, it works the same. The difference is, as a human, you will get— I will get an alert when someone, you know, I will get an alert when someone will download 100 files versus before with only an error. So From a human, you're like, I could download a file, but an agent can download thousands of files. So the problem is the impact, the good and the bad. So you can do so, always from Microsoft. Right, it's kind of like, it's kind of interesting. So for people listening, Microsoft Insider Risk Management is essentially a tool within Microsoft 365 E5. Is it under purview technically? Purview, yeah. It's under purview, yeah. Where basically the idea is to kind of like stop, catch people from stealing from the organization. So think of it like maybe you have a disgruntled employee and they're thinking about quitting, right? And right before they want to quit, they're going to try to download their entire OneDrive and try to take it with them to the next company or whatever. Microsoft has tools in place to be able to identify that behavior and immediately block it and then also identify IT So the idea is that, you know, obviously corporate data doesn't get leaked or stolen by, you know, traditionally people who are being offboarded. Right. And so it's kind of interesting where maybe you had, right, say up until now you had these insider risk policies that would prevent humans from downloading a lot of stuff. But what would stop a human from simply creating an agent to have an agent steal everything. That wasn't me, it was the agent, you know. Yeah, yeah, yeah. Okay, so again, so it's just so again, so you have to treat the same as an IT team will look at the logs to make sure nothing is the same with the agent, you know. It's just the problem, he goes 10 times faster than you. Especially since the agent can just, it simply amplifies everything that the human could have been able to do. They amplify the good,, but didn't prefire the worst. Yeah, yeah, yeah. Okay, well, how does insider risk even work for agents? Is it in the same way that it works for the human side? Same, same. So, for example, you know, today, you will get, so, it's the same as my, for the insider risk for humans, 95% of them are false alerts. Okay, it goes back, that person had a good reason, like, oh, very often, Brian said, we say, oh, Brandon downloaded too many files. You look, yes, what he did was legit. So you ignore it, you check, it's correct. So same thing with the agent right now. Again, you are still learning and sometimes we'll say, hey, that person entered, tried to paste information within Copilot. Okay, tried to paste. So because you take a document and the document was for BMO, put it as confidential. And the person presses confidential information, you get an alert and you're like, that person could do it. So again, you tweak, you tweak how it's configured again. So it's part of it, but it's kind of the same concept. So same with the agent. So same again, it's at the end, there is not, we treat human agents the same. So who's, Who do you think is going to be responsible for what sounds like a new, like new responsibilities and that sounds like additional workload for IT teams? Who's in charge of that? Like, is the IT team responsible for that? Today it would be, I mean, I think this, I think for me, the CISO and the IT team needs to own AI in a company. I think they need to own it. You know, they need to, Don't give it to someone else. You need to own it because you just— Don't give each department. So what you're saying is don't give each department head, like sales shouldn't be in charge of sales AI and operations in charge of operations AI. Okay. Yeah. For me, again, you don't give, you manage the IT for the human, you have to manage for the role. Yeah. Wow. Okay. All right. Wow. Okay. So that's all, uh, stage 3. Of AI maturity and AI security maturity. What is stage 4? So stage 4 is pretty much, again, you want to be ISO 42001. So again, ISO 42001 is for— 42001. 42001. 42001. So again, this is pretty new. I think it's 2 years old. From a compliance perspective, again, it's making sure that, again, a third party Auditor will come and check that, do you have all the process again to manage your privacy, to— everything that you do in stage 3 is someone checking that you are doing correctly. So let's call it, uh, what you would normally have to do for CMMC or ISO 27001 or SOC 2. You bring an external auditor to verify that you have the governance, lifecycle management, all the rules, identity access management, all that stuff. So we are right now in that step, you know, in the process, you know. So again, but at the end, because we have all steps done as part of our step 3, it's pretty much now is, you know, so if we didn't care about compliance, we would be okay, we'd be running okay. Now it's because again, we want to show the world when people say, how do you manage, you have AI at DMO, how do you manage it? How do you know? Tell me more. You know, I see, you know, you've got this screenshot and we'll try to share the screenshot with, you know, in the show notes or, you know, have, have our producers add this screenshot to it and to the YouTube video as well. Tell me more about this risk and ethics mapping. Like what? Like, well, I see the two parts on here about about the ISO 42001 happened to be the continuous compliance monitoring as well as the risk and ethics mapping. Yeah. So again, it's the same as for any compliance, ISO, CMMC, it's all a game of, you know, so if one of the risks is, have you checked, you know, can someone, I will say, pollute your data? Can someone, again, I go to a chatbot, you know, let's imagine I have done an agent. Public-facing, can the person, you know, best talking to my agent steal data from my company? So it's just again, so you have to do your risk assessment. How do you manage? How do you mitigate? Also, it's the same as, you know, any process. So same thing for privacy. Hey, I don't want to go on the chat and, hey, tell me about Brandon XYZ and the thing. Oh yeah. Do you think that this is going to be like a popular framework that's going to be, you know, let's say, let's call it SOC 2 and HIPAA or some of those popular— I would tell you, me at BMO today, one from a CISO. Everyone wants to sell me tools and everyone sells tools. They are all AI tools. You know, everyone now, it's all— everything's AI tool. SaaS is dead, quote unquote. Everything's there. Yeah. So from our perspective now, the requirement we ask is you have to be 42001. If you have 42001, we will— you will have a chance to come in. If you are not, you have a long test of documents you have to give us to make sure. You're going to get a 300-page security questionnaire, essentially. Yes, just to make sure. Yeah, yeah. But I would imagine that this seems even newer or, I don't know, maybe, I don't know if less popular is the right word, but how many organizations are even going to have this framework? If I had to do my bet, and we be more, you know, we do SOC 2, ISO, CFC, I believe in A year from now, this will be our number one framework, I believe. Just, we are the speed of AI, like anything is just like 2 years ago didn't exist. Edgeuntu, you know, a year and a half ago you weren't even talking about it and now it's all, you know. So I think again, this is part of let's wait for 2 or 3 big breaches that will make the news. That'll hit the news and it'll all be about how you know, someone, you know, stole all the private information of some hospital or bank, right? And then people will stop, you know, the same thing as why frameworks get created. They all get created because at one point something went bad. And to be honest, again, it goes back, me being the CISO of BMO, I don't do we don't deploy framework internally for the fun of it. Yeah. But for me, but for me, I feel very good. Again, security first. I feel very good that someone, a third party will come to BMO and audit us. For me, it's a, they audit and they come back either, well, this is the issue we found or shit, wow, yeah, this is not good, let's go fix it. Oh, I know you're all clean, good. I think for me, it's kind of like, It's like, you know, you, you're supposed to do your annual checkup, you go to the doctor and you hope he will tell you you're all good. And if not, you have time to, you know, go fix things before they become a long term problem. So it's kind of how I see it versus some people, I think this is what I know, people say, oh, I want my checkbox. I need the certificate. I don't care about security. I don't care. So, and I think, you know. Yeah. Uh, for this particular framework, um, you know, CMMC Level 2 being challenging versus SOC 2 being less challenging. Where along the spectrum does an ISO 42001 land for you? So I will tell you once we are done because we are maybe in the middle of it, but I think for me today, the lowest is SOC. After, I will put ISO 27001. And again, the security of ISO 42001 is the security of 27001. So it's 27001, plus AI on top for 42001. Okay, so I would put them in the middle, and CMMC being above. Kind of how— okay, well, I feel like ISO 27001 is kind of like the comprehensive standard, right? So essentially, ISO 27001— so if you're already ISO 27001, you're saying 42001 should be an easy step for you? Or no? For us, it's, for us, it's necessary because again, we still have to maintain it. So again, you have your annual audit, you know, and so from our perspective where we are, security, we're already there. So what we have left is all about the governance of AI, privacy of AI. So this is part, but from a security perspective, we already have it. And so what you're saying is within BMO, the CISO group, so essentially, let's call it the security engineer, IT manager, they're responsible for this type of work. Oh yeah. Okay. Wow. Okay. Well, very good. So, so I, and at B. Morgan, you have a, so same thing. You have, uh, you have kind of two team also to, to, so we have monthly what we call a CAB review. So again, any, any CAB, uh, change advisory board. Change advisory board. Oh, that's a, that's an ISO 27001 thing, isn't it? Oh, it's, you're supposed to do it. If you look at SOC, you're supposed to review. Again, it's not as easy. Oh, it's supposed to do. But so the way, again, we look at it is, again, any big IT changes has to first be reviewed by the team, by security team and business owner to say, yes, we can do that. And you go there. We do the same for AI. So it's just now we have this AI advisory board. That again, reviewed how every single agent is doing and how is it. So it's kind of how the process of, you know. Very cool. All right. Well, there you have it. So you got your 4 phases of AI security. The first one is really all the shadow AI. Obviously everybody across any organization is using AI these days, but the question is, is IT actually aware of it? Are they paying for the tool? Is it an enterprise-approved vendor. So the first step is go identify those things, remove all the ones that are, you know, should be blocked and make your list of enterprise-approved AI solutions, whether that's, you know, Cursor or Microsoft or Claude, like, you know, whichever ones. Then step 2 is do the work to get prepared for your Microsoft 365 Copilot or the Copilots in general, right? Do the document and cleanup, do all the access management. And then step 3 is agents. This seems like it's a huge step along the maturity curve and is going to be more challenging, probably the first really challenging phase for people where it's all the agent lifecycle. Management and governance and conditional access to the agents themselves. And there's a lot of— seems like there's a lot of like design decisions within the C-suite to decide who should access what level or, you know, what power, how powerful of agents. And then the last is ISO 42001, which is essentially you're bringing in an external auditor to validate all the things that you've done in phase 3 and give the final stamp of approval that this organization is correctly using AI and, you know, kind of safely, right? One comment to finish, I will say, because I hear that, you know, so yesterday we had a meeting with one of our customers and, you know, we were talking about the option 1. They don't say, hey, do you help? No, me and my company, we know no one use AI. So, you know, so We got a lot. Yeah, right. Okay. Are you willing to do a live check? Yes. A live check? Yeah. So we went, of course, we checked. So he was surprised. You know, it was in his case 17 AI in his environment. And then we were able to show him that people pasted some of his documents inside. So not only they were using it, but they were putting company's documents paste it inside. The person was, became livid on the screen, like, that's it. So it goes, it was sad on one side because he was honestly truly believing, no, we discuss internally, no one uses. Ah, what's the, it's, I feel like it's like almost like the first rule of CISPE and the CIA triad that's like, don't trust humans. Like if they can do it, they will. And then Savini. I will go back now, don't trust human and don't trust agent. Yes. Yeah. So kind of a zero trust, right? Zero trust all the way. Yeah. Yeah. Wow. That is really crazy. Well, man, sounds like we need to start doing AI security audits for everybody. Oh yeah. This is, you know, we would win a contract all the time just by showing that, you know. All right. Well, that's good for today. Oh, thank you. That is another episode of Trust Issue. If this conversation helped you think differently about compliance, security, or trust, share it to help someone who is still stuck in a checkbox mode. Each week, we will keep bringing you more episodes, resources, and real-world insights from the BeMo team. Wherever you are listening from, don't forget to rate the podcast podcast and follow us to stay up to date on the latest developments in the GRC space. Remember, compliance gets you certified, but real security, that earns trust. Thank you for listening.