1 00:00:00,920 --> 00:00:05,040 S1: Unsupervised Learning is a podcast about trends and ideas in cybersecurity, 2 00:00:05,160 --> 00:00:10,000 S1: national security, AI, technology and society, and how best to 3 00:00:10,039 --> 00:00:19,119 S1: upgrade ourselves to be ready for what's coming. All right. Well, Alastair, 4 00:00:19,120 --> 00:00:20,759 S1: welcome to Unsupervised Learning. 5 00:00:21,079 --> 00:00:24,400 S2: Yeah, thanks for having me, Daniel. Long time fan of 6 00:00:24,400 --> 00:00:26,320 S2: yourself in the show. So good to be on here. 7 00:00:27,640 --> 00:00:32,520 S1: Awesome. Yeah. So can you tell me about yourself and and, uh, 8 00:00:32,560 --> 00:00:33,600 S1: harmonic security? 9 00:00:34,320 --> 00:00:36,200 S2: Yeah. Quick bit of bit of background, as you can 10 00:00:36,200 --> 00:00:40,159 S2: tell from the accent. Originally from the UK here. So my, 11 00:00:40,159 --> 00:00:42,800 S2: my previous company to harmonic was Digital Shadows which I 12 00:00:42,840 --> 00:00:46,200 S2: set up in London and the threat Intel space and 13 00:00:46,200 --> 00:00:48,400 S2: we were we were really good at spotting all the 14 00:00:48,400 --> 00:00:52,120 S2: sensitive data that had already leaked out of businesses across 15 00:00:52,120 --> 00:00:55,680 S2: the open, deep and dark web. I did the series 16 00:00:55,720 --> 00:00:58,279 S2: A in Silicon Valley, moved here in 2015, so I'm 17 00:00:58,280 --> 00:01:01,600 S2: now ten years into the US in a dual national 18 00:01:01,600 --> 00:01:04,600 S2: and so on. So pretty bedded into the the. Bay 19 00:01:04,600 --> 00:01:09,160 S2: Area digital shadows was acquired in July of 22 and 20 00:01:09,160 --> 00:01:12,319 S2: as you'll remember well November of 22 ChatGPT comes out 21 00:01:12,360 --> 00:01:15,360 S2: and you know the world changes and I you know, 22 00:01:15,360 --> 00:01:18,000 S2: I started just, you know, exploring that and talking to 23 00:01:18,000 --> 00:01:21,440 S2: a lot of smart people in the space and seeing 24 00:01:21,440 --> 00:01:24,200 S2: what I could learn. And, and actually, you were one 25 00:01:24,200 --> 00:01:26,039 S2: of the first people who was writing a lot about it. 26 00:01:26,040 --> 00:01:28,680 S2: I started, you know, picking up your, your newsletter, I 27 00:01:28,680 --> 00:01:32,080 S2: think in, um, early 23 as you were really getting 28 00:01:32,080 --> 00:01:36,480 S2: going on the topic. And so that's ultimately led to 29 00:01:36,680 --> 00:01:40,200 S2: me founding Harmonic Security in August of 23. So about 30 00:01:40,200 --> 00:01:44,040 S2: 18 months old now. Um, we are we're really building 31 00:01:44,040 --> 00:01:46,840 S2: a new data protection technology. We're calling what we're doing 32 00:01:46,880 --> 00:01:50,960 S2: zero touch data protection. And we're harnessing the power of 33 00:01:50,960 --> 00:01:54,120 S2: generative AI to build this. It's it's it's our own 34 00:01:54,120 --> 00:01:57,280 S2: set of specially trained small language models that we're using 35 00:01:57,280 --> 00:01:59,840 S2: for data protection. That allows us to do some very 36 00:01:59,840 --> 00:02:03,040 S2: different things that I'll talk about. But use case one 37 00:02:03,120 --> 00:02:06,840 S2: for us is very much, ironically enough, it's generative AI 38 00:02:06,880 --> 00:02:10,799 S2: adoption from the enterprise. Right. And the challenges, particularly in 39 00:02:10,800 --> 00:02:15,400 S2: sensitive data leaking into these different AI applications and models. 40 00:02:15,680 --> 00:02:18,040 S2: We see that as like the number one barrier to 41 00:02:18,080 --> 00:02:21,840 S2: to adoption in the enterprise, and we're helping them with that. 42 00:02:21,880 --> 00:02:24,760 S2: And so that's really what harmonics about today is we're 43 00:02:24,760 --> 00:02:27,880 S2: building out a pretty unique approach here to data protection. 44 00:02:29,120 --> 00:02:32,760 S1: Okay. Interesting. So there's like an old space I don't 45 00:02:32,760 --> 00:02:36,160 S1: know if it's been renamed, but it used to be DLP. Yeah. 46 00:02:36,200 --> 00:02:41,560 S1: For like for like outbound, you know, sensitive data going out. Um, 47 00:02:41,600 --> 00:02:43,600 S1: it sounds like it's something like that. But at the 48 00:02:43,600 --> 00:02:47,640 S1: same time it's like AI readiness. Um, and then like 49 00:02:47,639 --> 00:02:50,640 S1: the leakage issue. So, like, how do you see those 50 00:02:50,639 --> 00:02:51,880 S1: and differentiate them? 51 00:02:52,560 --> 00:02:55,840 S2: Yeah. It's a great point. I think there's there's been 52 00:02:55,880 --> 00:02:57,960 S2: as you mentioned, there's a few categories that we, we 53 00:02:58,080 --> 00:02:59,880 S2: can collide with a little bit, and we're trying to 54 00:02:59,880 --> 00:03:02,520 S2: not think so much about the existing categories, is just 55 00:03:02,520 --> 00:03:04,840 S2: focusing on what the problem is that the enterprise is 56 00:03:04,840 --> 00:03:08,280 S2: trying to solve today. And that naturally leads us to 57 00:03:08,320 --> 00:03:12,080 S2: overlap into into some of these categories, for sure. I mean, 58 00:03:12,080 --> 00:03:15,040 S2: I think if you think about, as I'm doing about 59 00:03:15,040 --> 00:03:18,840 S2: the problem space today around AI, that's it's kind of 60 00:03:18,880 --> 00:03:21,440 S2: a top three for everybody we talk to is, okay, 61 00:03:21,480 --> 00:03:22,960 S2: you've got you're in a position of having to go 62 00:03:22,960 --> 00:03:26,000 S2: and try and adopt this technology. Um, the business is 63 00:03:26,000 --> 00:03:28,040 S2: pushing for it in most cases. Right. We don't want 64 00:03:28,040 --> 00:03:30,320 S2: to be left behind. We need to go and get 65 00:03:30,360 --> 00:03:35,040 S2: on this. Um, but the obviously, there's, uh, there's a 66 00:03:35,040 --> 00:03:36,960 S2: bunch of people that are worrying about the risks attached 67 00:03:36,960 --> 00:03:40,160 S2: to that. Principally, where does the sensitive data go? And 68 00:03:40,160 --> 00:03:42,680 S2: the start of that journey is visibility, where you need 69 00:03:42,680 --> 00:03:46,040 S2: to understand effectively what's going on today in the enterprise, 70 00:03:46,040 --> 00:03:48,880 S2: because whether you like it or not, employees have already 71 00:03:48,880 --> 00:03:51,600 S2: jumped in and have started using a bunch of these 72 00:03:51,600 --> 00:03:55,320 S2: tools and technologies. And, and so, so you sort of 73 00:03:55,320 --> 00:03:57,360 S2: look at what enterprises have have to deal with their 74 00:03:57,360 --> 00:04:00,880 S2: and often the the approach has been, well, um, let's 75 00:04:00,880 --> 00:04:03,040 S2: just sit, block and wait. Right. Try and block all 76 00:04:03,080 --> 00:04:06,840 S2: this stuff. Pretend it's not happening. Put a policy in place. 77 00:04:06,880 --> 00:04:09,000 S2: You know, maybe we'll start to build, you know, by 78 00:04:09,000 --> 00:04:11,800 S2: one of the an enterprise version of something, right? It's 79 00:04:11,800 --> 00:04:14,920 S2: co-pilot or it's it's ChatGPT. And we'll try to point 80 00:04:14,920 --> 00:04:18,240 S2: everybody at that. Um, but inevitably, you know, there's this, 81 00:04:18,240 --> 00:04:21,839 S2: this sort of Cambrian explosion of other AI applications and 82 00:04:21,839 --> 00:04:24,320 S2: uses out of the core apps that often get blocked. 83 00:04:24,360 --> 00:04:26,359 S2: And and you don't want to frustrate that either. You 84 00:04:26,360 --> 00:04:28,760 S2: want you want to be adopting the majority of the 85 00:04:28,760 --> 00:04:31,400 S2: the technology where you can. So the question comes back to, 86 00:04:31,600 --> 00:04:34,080 S2: you know, how do you do that safely? And and 87 00:04:34,080 --> 00:04:36,400 S2: I think getting getting visibility into it is the first part. 88 00:04:36,400 --> 00:04:39,440 S2: And then the second part is, well what about the controls. 89 00:04:39,480 --> 00:04:41,479 S2: And you mentioned DLP, I think that's kind of the 90 00:04:41,480 --> 00:04:46,080 S2: classic one where where organizations start to look at their existing, uh, options, 91 00:04:46,080 --> 00:04:48,679 S2: whether it's DLP or trying to label all the data 92 00:04:48,720 --> 00:04:50,600 S2: in it in a company. Right. Those have been the 93 00:04:50,600 --> 00:04:53,200 S2: two things we've tried to do for 20 years. Uh, 94 00:04:53,200 --> 00:04:55,240 S2: hasn't really worked that well over the last 20 years. 95 00:04:55,240 --> 00:04:58,120 S2: I mean, it's it's just such a challenge for most 96 00:04:58,120 --> 00:04:59,200 S2: security teams, right? 97 00:04:59,240 --> 00:05:01,520 S1: Yeah, it sounds great, but when you try to implement it, 98 00:05:01,560 --> 00:05:03,359 S1: it turns to garbage really quickly. 99 00:05:03,480 --> 00:05:06,120 S2: Yeah. I mean, it really does. I'm yet to find 100 00:05:06,120 --> 00:05:10,359 S2: somebody who who loves their, their DLP or really enjoyed 101 00:05:10,360 --> 00:05:12,160 S2: the process of trying to label all the data in 102 00:05:12,160 --> 00:05:15,440 S2: the business. Um, you know, and usually it's, it's often 103 00:05:15,440 --> 00:05:17,560 S2: just a compliance tick box. Right. It's kind of there 104 00:05:17,560 --> 00:05:20,320 S2: if the regulator asks, but is it really doing anything 105 00:05:20,320 --> 00:05:23,920 S2: very useful for you? Well, probably not right. It's right. 106 00:05:23,960 --> 00:05:26,479 S2: It's like a yeah, yeah. 107 00:05:26,480 --> 00:05:29,480 S1: So so let me let's do this. This should be fun. 108 00:05:29,480 --> 00:05:31,360 S1: So I'm just going to give you a scenario that 109 00:05:31,360 --> 00:05:34,159 S1: I think is happening quite a bit. And then let's 110 00:05:34,160 --> 00:05:38,880 S1: talk about where harmonic security would fit into this. So 111 00:05:38,880 --> 00:05:40,960 S1: a big part of the use case is simply the 112 00:05:40,960 --> 00:05:46,280 S1: business says, Holy crap, we need to have AI immediately, right? 113 00:05:46,279 --> 00:05:48,760 S1: We need marketing to be moving on this. We need 114 00:05:48,760 --> 00:05:52,200 S1: some sort of product that says something about AI. So 115 00:05:52,200 --> 00:05:56,279 S1: we were thinking it would be something related to like, um, 116 00:05:56,320 --> 00:06:00,160 S1: our CRM lookup. Uh, you can ask questions about your 117 00:06:00,160 --> 00:06:02,680 S1: current account or whatever. So obviously we want to hit 118 00:06:02,680 --> 00:06:06,599 S1: that API. Here's the API internally for that. Um, also 119 00:06:06,640 --> 00:06:09,880 S1: we want to do some external lookups, uh, to combine 120 00:06:09,880 --> 00:06:11,919 S1: it with some web search or whatever. So I guess 121 00:06:11,920 --> 00:06:15,719 S1: we'll need that API. And then like the business kind 122 00:06:15,720 --> 00:06:18,360 S1: of sends over this hunk of garbage over to like 123 00:06:18,360 --> 00:06:22,810 S1: the product team which has like three or 4 or 124 00:06:22,810 --> 00:06:26,960 S1: 10 internal APIs plus some other agent functionality or whatever. 125 00:06:26,960 --> 00:06:30,720 S1: And then you have like this, uh, combiner, uh, sort 126 00:06:30,720 --> 00:06:34,360 S1: of agent that actually formulates this stuff from the API's 127 00:06:34,360 --> 00:06:36,599 S1: and hands it back to the user through this chatbot. 128 00:06:38,040 --> 00:06:42,280 S1: And that's like 20 different nightmares combined. So where is 129 00:06:42,279 --> 00:06:43,839 S1: harmonic security on this? 130 00:06:44,640 --> 00:06:47,720 S2: Yeah, I, I think for, for the reasons that you 131 00:06:47,720 --> 00:06:52,160 S2: just outlined really we're not trying to solve that problem today. Uh, 132 00:06:52,160 --> 00:06:57,240 S2: and I'll talk about why I think. I think the, uh. Yeah. 133 00:06:57,279 --> 00:07:02,080 S2: November 22nd, ChatGPT comes out. I think 2023 and into 134 00:07:02,080 --> 00:07:05,720 S2: 24 companies were were having to say that they were 135 00:07:05,760 --> 00:07:08,599 S2: AI forward. And, you know, every CEO is talking about 136 00:07:08,640 --> 00:07:11,280 S2: AI and telling the board and the market about it. 137 00:07:11,280 --> 00:07:13,640 S2: And and what happened in reality was, I think a 138 00:07:13,640 --> 00:07:16,760 S2: lot of people, you know, spun up some sandboxes in 139 00:07:16,760 --> 00:07:19,520 S2: usually open AI related. They tested out some use cases, 140 00:07:19,520 --> 00:07:22,440 S2: mostly around, as you say, you know, sales or customer 141 00:07:22,440 --> 00:07:26,840 S2: success activities. Very few of those have entered production. And 142 00:07:26,840 --> 00:07:29,640 S2: I think what's happened and continues to happen is that 143 00:07:29,640 --> 00:07:31,760 S2: the the percentage of companies that are really trying to 144 00:07:31,800 --> 00:07:35,840 S2: build out their own AI to solve these problems, particularly 145 00:07:35,840 --> 00:07:39,600 S2: the common business problems, is just going away. It's diminishing 146 00:07:39,760 --> 00:07:42,720 S2: to to be the really sophisticated orgs only. And what 147 00:07:42,720 --> 00:07:44,880 S2: the vast majority of companies are doing is ending up 148 00:07:44,880 --> 00:07:47,880 S2: adopting third party SaaS that has already thought about this. 149 00:07:47,920 --> 00:07:50,160 S2: It's what they do as their bread and butter. So 150 00:07:50,560 --> 00:07:52,720 S2: are you going to build a better CRM than Salesforce 151 00:07:52,870 --> 00:07:55,870 S2: and and all the other players? Probably not. Right? Salesforce 152 00:07:55,870 --> 00:07:59,750 S2: is busy spending all day long figuring that that scenario out. 153 00:07:59,790 --> 00:08:01,710 S2: And I think that's true for most of the common 154 00:08:01,710 --> 00:08:05,590 S2: business use cases right around stuff like customer success, technical support, 155 00:08:06,230 --> 00:08:08,150 S2: the way you're going about your marketing, it's going to 156 00:08:08,150 --> 00:08:10,190 S2: be more, you know, are you going to you're going 157 00:08:10,190 --> 00:08:12,550 S2: to be using the latest tools, though, whether it's, let's 158 00:08:12,550 --> 00:08:15,870 S2: say like gamma for writing presentations now or, you know, 159 00:08:16,030 --> 00:08:19,430 S2: granola for your note taking and all these types of things. Right. 160 00:08:19,430 --> 00:08:21,590 S2: And then some of those get built in ultimately to 161 00:08:21,630 --> 00:08:24,510 S2: Microsoft and Google suites, like big announcements this week from 162 00:08:24,510 --> 00:08:27,470 S2: Microsoft and Google. And so if you've got a bunch 163 00:08:27,470 --> 00:08:29,990 S2: of employees, maybe you're on the Microsoft Suite. Sure. But 164 00:08:29,990 --> 00:08:32,709 S2: your employees want to use notebook LM, right. They want 165 00:08:32,710 --> 00:08:35,710 S2: to be there's that Project Mariner spinning up about how 166 00:08:35,710 --> 00:08:38,510 S2: do you get agents in the browser through Google. But 167 00:08:38,510 --> 00:08:41,750 S2: I think that that's really the direction that most enterprises 168 00:08:41,750 --> 00:08:43,870 S2: end up in. And then there's a bunch that have 169 00:08:43,870 --> 00:08:45,790 S2: failed projects around trying to build their own. There's a 170 00:08:45,790 --> 00:08:47,790 S2: bunch that will have successful projects building their own. But 171 00:08:47,790 --> 00:08:50,190 S2: I think that's for me, that's got a lot of 172 00:08:50,190 --> 00:08:53,110 S2: the attention right now. And, you know, obviously this stuff 173 00:08:53,110 --> 00:08:57,429 S2: like we talk about the, um, you've got the, um, 174 00:08:57,429 --> 00:09:00,030 S2: the top ten, the OWASp top ten, and uh, which 175 00:09:00,070 --> 00:09:02,110 S2: is smart. Like, I think it's a good set if 176 00:09:02,110 --> 00:09:04,470 S2: you're building your own. But I don't see I don't 177 00:09:04,470 --> 00:09:06,589 S2: see these types of, of issues as the ones that 178 00:09:06,590 --> 00:09:09,470 S2: almost the majority of CSO that we talk to are 179 00:09:09,470 --> 00:09:12,870 S2: struggling with. Right? It's it's more, hey, we need a 180 00:09:12,910 --> 00:09:14,830 S2: business wants to use all these tools. We don't know 181 00:09:14,830 --> 00:09:18,230 S2: what we're using today. Who knows what's going on in 182 00:09:18,230 --> 00:09:21,310 S2: marketing right now? Because these people are adopting these tools. 183 00:09:21,309 --> 00:09:23,430 S2: They're firing our corporate data in because they want to 184 00:09:23,429 --> 00:09:26,710 S2: get productivity out. I think that's going to be step 185 00:09:26,710 --> 00:09:28,830 S2: one for the vast majority of companies. And that's our 186 00:09:28,830 --> 00:09:29,630 S2: immediate focus. 187 00:09:29,630 --> 00:09:32,870 S1: You're right. You're right. And that started first. It started immediately. 188 00:09:32,870 --> 00:09:36,150 S1: It started in basically November of 22. Yeah. Because people 189 00:09:36,150 --> 00:09:39,870 S1: were like just dragging and dropping like everything into their 190 00:09:39,870 --> 00:09:42,469 S1: um okay. So what does that look like? What does 191 00:09:42,470 --> 00:09:48,030 S1: that look like in terms of like bringing over sensitive documentation? Um, 192 00:09:48,070 --> 00:09:51,230 S1: PRD documents, like all sorts of stuff that's like, should 193 00:09:51,230 --> 00:09:55,390 S1: not be shared. What does the interface look like for 194 00:09:55,390 --> 00:09:59,030 S1: harmonic security to be able to see it. And is 195 00:09:59,030 --> 00:10:02,670 S1: it monitoring. Is it monitoring and blocking or some combination thereof. 196 00:10:02,830 --> 00:10:05,590 S2: Yeah. No. Great. Great question. So yeah harmonic. What we 197 00:10:05,590 --> 00:10:07,750 S2: are at the core is a browser extension that we 198 00:10:07,750 --> 00:10:11,310 S2: can roll out in 30 minutes across all of the 199 00:10:11,309 --> 00:10:15,350 S2: enterprise browsers. At that point, within the 30 minutes, we're 200 00:10:15,350 --> 00:10:19,870 S2: starting to get visibility into all of the AI adoption 201 00:10:19,910 --> 00:10:23,430 S2: of all of these third party tools and services across 202 00:10:23,429 --> 00:10:26,470 S2: the company. And we can start to show show businesses, right. 203 00:10:26,470 --> 00:10:28,990 S2: These are the ones that you know, that shadow AI 204 00:10:29,030 --> 00:10:32,030 S2: challenge effectively. But the sanction versus unsanctioned as well. So 205 00:10:32,030 --> 00:10:35,150 S2: you may know that you've approved certain coding assistance, but 206 00:10:35,150 --> 00:10:37,230 S2: it turns out your engineering team is pumping your IP 207 00:10:37,230 --> 00:10:39,670 S2: into a bunch of others. It may be that you've 208 00:10:39,670 --> 00:10:44,590 S2: approved an enterprise version of Copilot, and yes, your employees 209 00:10:44,590 --> 00:10:50,150 S2: are adopting that, but they're also creating spreadsheets in, you know, CSV, 210 00:10:50,190 --> 00:10:52,430 S2: for example. They're putting data into that, which is a, 211 00:10:52,470 --> 00:10:54,910 S2: you know, a free tool that is not absolutely not 212 00:10:54,910 --> 00:10:57,589 S2: covered by your enterprise agreements. And, you know, the question 213 00:10:57,590 --> 00:10:59,350 S2: marks around where the data is hosted, how is it 214 00:10:59,350 --> 00:11:02,950 S2: being stored and secured? Um, you know, maybe it's gamma, 215 00:11:02,950 --> 00:11:05,830 S2: which is an awesome product, but you probably if your 216 00:11:05,830 --> 00:11:09,790 S2: employees are firing your data and generating presentations in it, 217 00:11:09,790 --> 00:11:11,470 S2: you probably want to know that you've got the enterprise 218 00:11:11,470 --> 00:11:13,709 S2: plan right and you want to standardize on these things. 219 00:11:13,750 --> 00:11:16,189 S2: So so I think that's the those are the challenges 220 00:11:16,190 --> 00:11:18,590 S2: that we solve very quickly. We give you that visibility 221 00:11:18,590 --> 00:11:21,190 S2: part one. But the visibility is kind of the the 222 00:11:21,190 --> 00:11:23,550 S2: easy bit. And we give you the risk as well. 223 00:11:23,550 --> 00:11:26,430 S2: So which ones are training on your data. Which ones 224 00:11:26,429 --> 00:11:29,350 S2: are hosted in geographies you don't want your customer data 225 00:11:29,390 --> 00:11:33,150 S2: going into. But the the bigger bit though. So that's 226 00:11:33,230 --> 00:11:35,430 S2: the kind of the governance, the visibility and often the 227 00:11:35,429 --> 00:11:37,430 S2: step one. But then we come to the controls. Right. 228 00:11:37,429 --> 00:11:39,830 S2: Because it's it's great. We can see some of this stuff, 229 00:11:39,830 --> 00:11:41,950 S2: but what do we do about it. And that's really 230 00:11:41,950 --> 00:11:45,390 S2: our differentiator. So so harmonica at the core I mentioned 231 00:11:45,390 --> 00:11:47,870 S2: my last company, Digital Shadows, was looking at sensitive data 232 00:11:47,870 --> 00:11:50,949 S2: that had already leaked out with harmonic. We're using knowledge 233 00:11:50,950 --> 00:11:54,310 S2: of that to build small language models that understand sensitive 234 00:11:54,309 --> 00:11:57,910 S2: data really well. Much like a human would. And that 235 00:11:57,910 --> 00:12:02,110 S2: means that instead of just doing PII and PCI badly, 236 00:12:02,110 --> 00:12:05,110 S2: which is effectively what the rest of the industry does today, one, 237 00:12:05,110 --> 00:12:07,829 S2: we could do those things really well. But more importantly, 238 00:12:07,830 --> 00:12:12,670 S2: we can also spot things like architectural diagrams or legal correspondence, 239 00:12:12,670 --> 00:12:20,030 S2: or employee financial information, or corporate spreadsheets, insurance claims data, 240 00:12:20,070 --> 00:12:22,870 S2: things like that you could never spot before because the 241 00:12:22,870 --> 00:12:25,870 S2: the technology was just doing a regex or some sort 242 00:12:25,870 --> 00:12:29,070 S2: of basic rule based. Totally. It doesn't work. We know 243 00:12:29,070 --> 00:12:30,790 S2: it doesn't work, but but we do it because it's 244 00:12:30,830 --> 00:12:33,150 S2: all we've had and the regulator asks us to. But 245 00:12:33,150 --> 00:12:35,710 S2: now there's a better way because we can, you know, 246 00:12:35,710 --> 00:12:39,830 S2: we've got these smart models that have incredibly high accuracy rates, 247 00:12:39,870 --> 00:12:41,870 S2: takes the load off the security team. So this is 248 00:12:41,870 --> 00:12:44,750 S2: where the zero touch data protection comes in, because we're 249 00:12:44,790 --> 00:12:47,670 S2: accurate enough that we're not noisy and annoying for the employees. 250 00:12:48,110 --> 00:12:50,350 S2: so we can jump in with the employee and resolve 251 00:12:50,350 --> 00:12:52,949 S2: issues straight away at the end. The end point with 252 00:12:52,950 --> 00:12:55,710 S2: the end user. And then this load doesn't fall on 253 00:12:55,710 --> 00:12:58,110 S2: the security team. Now we have the data, the audit. 254 00:12:58,110 --> 00:12:59,750 S2: They can go and see what who's been doing what 255 00:12:59,750 --> 00:13:01,550 S2: and what. We've been able to stop getting out. And 256 00:13:01,550 --> 00:13:04,870 S2: they configure it and manage it. But ultimately we're solving 257 00:13:04,870 --> 00:13:08,190 S2: the data protection challenge without the load on the security team. 258 00:13:08,190 --> 00:13:10,750 S2: So why would you go about, you know, rolling out 259 00:13:10,790 --> 00:13:15,309 S2: classic DLP technology or trying to label all the data or, 260 00:13:15,350 --> 00:13:19,230 S2: you know, worry about the the types of casb style 261 00:13:19,230 --> 00:13:21,270 S2: solutions that are that are giving you some sort of 262 00:13:21,309 --> 00:13:23,829 S2: insight into what's going on, but not fixing the problem. Right. 263 00:13:23,830 --> 00:13:25,390 S2: We can fix the problem. We can do it in 264 00:13:25,390 --> 00:13:28,030 S2: 30 minutes with this browser based rollout. 265 00:13:28,790 --> 00:13:31,910 S1: Interesting. And this data could actually be used to power 266 00:13:32,030 --> 00:13:35,270 S1: a labeling project because you'd be seeing the real stuff. 267 00:13:35,750 --> 00:13:37,990 S2: That's right. You actually get a real insight into what's 268 00:13:37,990 --> 00:13:41,510 S2: going on. We released a report earlier this week that 269 00:13:41,510 --> 00:13:43,990 S2: you can you can download and and so on to 270 00:13:44,030 --> 00:13:46,709 S2: look at what what is leaking out. And because we've 271 00:13:46,750 --> 00:13:50,110 S2: gone we've obviously got great visibility now into this, this 272 00:13:50,110 --> 00:13:53,070 S2: type of data across our client base. And the the 273 00:13:53,070 --> 00:13:56,790 S2: interesting thing is it's it's 8.5% of the prompt data 274 00:13:56,790 --> 00:13:59,830 S2: that we see has some sort of sensitive information in 275 00:13:59,830 --> 00:14:02,189 S2: and of that sensitive information, about half of it is 276 00:14:02,190 --> 00:14:06,069 S2: customer data related. But there's a significant minority. It's I 277 00:14:06,070 --> 00:14:08,990 S2: think it's about 15% that is things like legal and 278 00:14:08,990 --> 00:14:13,630 S2: financial information. And then you have obviously IP and employee 279 00:14:13,630 --> 00:14:15,470 S2: data and all kinds of things like that. But it's 280 00:14:15,470 --> 00:14:17,830 S2: not really been possible to have that visibility before. We 281 00:14:17,870 --> 00:14:20,350 S2: sort of kidded ourselves by putting some sort of DLP 282 00:14:20,390 --> 00:14:23,790 S2: that was tuned to spot PII. We've got data protections 283 00:14:23,790 --> 00:14:26,950 S2: covered and things like that, or the labeling, like the 284 00:14:26,990 --> 00:14:29,150 S2: sort of myth of labeling all the data when when 285 00:14:29,150 --> 00:14:31,310 S2: we know the reality is that most, most of that 286 00:14:31,310 --> 00:14:34,670 S2: is inaccurate and you don't find all the data anyway. So, 287 00:14:34,670 --> 00:14:37,630 S2: so this we've been able to show what's really happening 288 00:14:37,670 --> 00:14:40,470 S2: and then put controls around it. 289 00:14:41,070 --> 00:14:43,270 S1: So do you have um, is there any way you 290 00:14:43,270 --> 00:14:45,350 S1: can pull up the interface. Do you want to show 291 00:14:45,350 --> 00:14:46,790 S1: any part of part of it, or do you want 292 00:14:46,790 --> 00:14:47,670 S1: to just talk through it? 293 00:14:47,910 --> 00:14:50,510 S2: Yeah. I mean, we absolutely can. Actually, let me just 294 00:14:50,510 --> 00:14:53,510 S2: check if I can log in. Totally. So. So I've 295 00:14:53,510 --> 00:14:56,870 S2: just got an example here of, um, we're running Gemini. 296 00:14:57,910 --> 00:15:00,430 S2: And so you've got an employee coming along. We're imagining 297 00:15:00,430 --> 00:15:02,950 S2: in this instance we're an insurance company because we're working 298 00:15:02,950 --> 00:15:05,150 S2: with a few of these. So these are things that 299 00:15:05,150 --> 00:15:09,430 S2: that we've seen before. Um, I'm putting in some, some 300 00:15:09,430 --> 00:15:13,630 S2: data here that in this instance is is something we 301 00:15:13,670 --> 00:15:17,510 S2: don't the company doesn't want getting into something like Gemini. Right. 302 00:15:17,510 --> 00:15:21,430 S2: It's actual customer claims data that's going in. We have 303 00:15:21,430 --> 00:15:23,550 S2: seen this. I think it's probably pretty tempting if you 304 00:15:23,550 --> 00:15:25,910 S2: work in claims right now to be getting something like 305 00:15:25,910 --> 00:15:29,070 S2: a ChatGPT or Gemini to start automating aspects of your job. 306 00:15:29,310 --> 00:15:30,990 S2: So we've got an employee saying, hey, you know, can 307 00:15:30,990 --> 00:15:34,270 S2: you review the following claim, propose next steps to determine 308 00:15:34,270 --> 00:15:36,270 S2: if it's legitimate or not. And they've punched. 309 00:15:36,270 --> 00:15:38,590 S1: All this data in. This is worth calling out. You 310 00:15:38,630 --> 00:15:41,790 S1: are on the actual Gemini site. You are actually connected 311 00:15:41,790 --> 00:15:45,910 S1: directly to Google and they're just doing their normal thing 312 00:15:45,910 --> 00:15:48,950 S1: with whatever endpoint. And as long as they're using the 313 00:15:48,950 --> 00:15:52,950 S1: approved enterprise browser because you're an extension, you can see. 314 00:15:53,350 --> 00:15:55,910 S2: Exactly, exactly. And we can. We work with all the 315 00:15:55,910 --> 00:16:00,550 S2: browser types we can install in, in, you know, very 316 00:16:00,590 --> 00:16:03,630 S2: secure ways such that we appear everywhere and see, see 317 00:16:03,630 --> 00:16:06,030 S2: everything that's going on, you know, no matter what browser 318 00:16:06,030 --> 00:16:09,750 S2: is being used, even if the employees are installing their own. Um, 319 00:16:09,750 --> 00:16:12,030 S2: so so that's that's the start point for us, is 320 00:16:12,030 --> 00:16:14,310 S2: you've got an employee that's doing something like this. How 321 00:16:14,310 --> 00:16:17,310 S2: would you spot this with existing technology? You probably wouldn't. 322 00:16:17,310 --> 00:16:19,510 S2: You could argue you can match on the policy number. 323 00:16:19,710 --> 00:16:22,950 S2: So I'll even take that out. Right. But from context, 324 00:16:22,990 --> 00:16:24,950 S2: you and I can see that this is still customer 325 00:16:24,950 --> 00:16:29,670 S2: insurance claims data. Right. Um, but historically, we'd never be 326 00:16:29,670 --> 00:16:32,350 S2: able to stop this if I try to submit this 327 00:16:32,350 --> 00:16:35,150 S2: and I'm running harmonic. We do know that this is 328 00:16:35,150 --> 00:16:37,390 S2: sensitive data. So we've come up, we see we can 329 00:16:37,390 --> 00:16:41,390 S2: see this is insurance claims data here. And the reason 330 00:16:41,390 --> 00:16:44,150 S2: is that this has bounced off our language models. where 331 00:16:44,150 --> 00:16:46,350 S2: we have a small language model that's been trained just 332 00:16:46,350 --> 00:16:50,070 S2: to look at insurance claims data, understands it very well, 333 00:16:50,110 --> 00:16:53,150 S2: doesn't matter to us if it's data from Chubb or 334 00:16:53,190 --> 00:16:56,230 S2: Beazley or Hiscox or whoever, right. Because because the model 335 00:16:56,230 --> 00:16:59,670 S2: understands generically what insurance claim data is, just like you 336 00:16:59,670 --> 00:17:01,590 S2: do and I do. Right. We could recognize claims from 337 00:17:01,590 --> 00:17:03,750 S2: all those companies because we know what one is. Right. 338 00:17:03,750 --> 00:17:06,149 S2: So you don't need to do the old world of 339 00:17:06,150 --> 00:17:09,790 S2: exact matching rejecting on on things goes away. And instead 340 00:17:09,790 --> 00:17:12,070 S2: we can have these, you know, much more higher order 341 00:17:12,310 --> 00:17:15,750 S2: approaches to stopping our sensitive data leaking out. So this 342 00:17:15,750 --> 00:17:16,590 S2: this is completely. 343 00:17:16,830 --> 00:17:19,350 S1: This this is the real experience here. This is not 344 00:17:19,350 --> 00:17:21,910 S1: like a demo. Like you actually press enter and then 345 00:17:21,910 --> 00:17:22,630 S1: this popped up. 346 00:17:22,670 --> 00:17:25,629 S2: Yeah. And so right now this has not gone to Google. 347 00:17:25,630 --> 00:17:28,230 S2: This data is is still with us in the browser. 348 00:17:28,430 --> 00:17:30,790 S2: But I've given in our example here we have the 349 00:17:30,790 --> 00:17:34,709 S2: option to ignore harmonics. I'm going to ignore. And now 350 00:17:34,710 --> 00:17:36,870 S2: the data is gone. Right. We've let it go out 351 00:17:36,869 --> 00:17:40,950 S2: of the door and it's it's sat with Google. Gemini 352 00:17:40,950 --> 00:17:43,030 S2: is going to do its thing and start to start 353 00:17:43,030 --> 00:17:45,350 S2: to give us a response here. But if I come 354 00:17:45,350 --> 00:17:47,669 S2: to the harmonic portal now, and we'll walk through a 355 00:17:47,670 --> 00:17:49,710 S2: little bit more of this in a minute, but we 356 00:17:49,710 --> 00:17:53,070 S2: have logged and audited this. So you can see that, 357 00:17:53,109 --> 00:17:57,629 S2: you know, just a minute ago this was me into Gemini, 358 00:17:57,670 --> 00:18:01,390 S2: which we consider a high risk the public edition. And 359 00:18:01,390 --> 00:18:04,270 S2: I ignored the intervention. And you can go and see 360 00:18:04,270 --> 00:18:07,629 S2: the actual prompt data that was put in in this case. 361 00:18:07,630 --> 00:18:09,350 S2: And there's a lot more we can we can dig into. 362 00:18:09,350 --> 00:18:11,270 S2: But that that's like the if you want to like 363 00:18:11,270 --> 00:18:14,630 S2: the flow is, is is that is the core flow. 364 00:18:14,630 --> 00:18:16,470 S2: But as I mentioned, the kind of the starting point 365 00:18:16,470 --> 00:18:18,790 S2: for most organizations, even before they get to that is 366 00:18:18,790 --> 00:18:21,230 S2: really just trying to understand, you know, what is going 367 00:18:21,230 --> 00:18:24,150 S2: on in the business today because most of them don't 368 00:18:24,150 --> 00:18:27,389 S2: have that visibility. And so we start with that. And 369 00:18:27,390 --> 00:18:30,270 S2: so you've got usage and adoption here where we can 370 00:18:30,270 --> 00:18:32,390 S2: start to show, you know, the number of apps and 371 00:18:33,150 --> 00:18:36,149 S2: the categories that they exist in. 372 00:18:36,190 --> 00:18:41,109 S1: And the apps would be things like Gemini, ChatGPT anthropic 373 00:18:41,270 --> 00:18:43,510 S1: or what? How do you differentiate an app? 374 00:18:43,710 --> 00:18:46,670 S2: Yeah. So so we started out at harmonic just looking 375 00:18:46,670 --> 00:18:50,470 S2: at JNI specific apps, right. Like ChatGPT and Gemini. I 376 00:18:50,630 --> 00:18:53,310 S2: think very quickly that distinction goes away. Right. Because pretty 377 00:18:53,310 --> 00:18:56,550 S2: much all SaaS is wrapping JNI features into itself at 378 00:18:56,550 --> 00:18:57,110 S2: the moment. 379 00:18:57,150 --> 00:18:57,630 S1: Yes. 380 00:18:57,750 --> 00:19:00,710 S2: So we're essentially expanding and have expanded harmonic to look 381 00:19:00,710 --> 00:19:05,590 S2: across the whole stack of your enterprise apps because and 382 00:19:05,590 --> 00:19:07,669 S2: so all of these are AI enabled apps. On the 383 00:19:07,670 --> 00:19:11,510 S2: right hand side that we see is is being active here. 384 00:19:11,510 --> 00:19:14,070 S2: And then you've got newly discovered, we can start to 385 00:19:14,070 --> 00:19:17,910 S2: show outliers, break it out by the category of application 386 00:19:17,910 --> 00:19:21,030 S2: that we're seeing. So this is broader than just the 387 00:19:21,030 --> 00:19:21,750 S2: core apps. 388 00:19:22,550 --> 00:19:26,110 S1: That makes more sense right. Like you said AI is 389 00:19:26,109 --> 00:19:31,150 S1: just an instance. Yeah. It's like it's like saying, hey, um, 390 00:19:31,150 --> 00:19:35,510 S1: are you a database company? Right. Um, and it's like, uh, 391 00:19:35,510 --> 00:19:38,030 S1: what do you mean? We use a database? It doesn't 392 00:19:38,030 --> 00:19:40,990 S1: mean doesn't mean we are a database company. So I 393 00:19:41,190 --> 00:19:43,710 S1: just blends into everything it does. So at that point 394 00:19:43,710 --> 00:19:47,389 S1: it's not it's it's protection from I if you're using 395 00:19:47,390 --> 00:19:51,109 S1: an AI app specifically, but really it's all the same stuff. 396 00:19:51,310 --> 00:19:53,790 S1: You're pasting something that shouldn't be going into a form. 397 00:19:53,910 --> 00:19:56,670 S2: Yes. Exactly. Right. And so for us, ultimately, the difference 398 00:19:56,670 --> 00:19:59,990 S2: between this data going into a Dropbox public folder or 399 00:20:00,030 --> 00:20:03,909 S2: going into Gemini is like, what's the difference really? There is, 400 00:20:03,910 --> 00:20:05,070 S2: there is I think there is a little bit of 401 00:20:05,070 --> 00:20:07,470 S2: a difference because some of these there's something a little, 402 00:20:07,470 --> 00:20:09,310 S2: little insidious about how some of them are collecting and 403 00:20:09,310 --> 00:20:11,590 S2: training on the data that's going in. And there's obviously 404 00:20:11,590 --> 00:20:14,630 S2: this explosion in AI apps that wasn't like no one 405 00:20:14,630 --> 00:20:17,830 S2: was campaigning to get workday installed as an employee. But 406 00:20:17,830 --> 00:20:20,830 S2: but they are campaigning to jump into tools that automate 407 00:20:20,869 --> 00:20:22,430 S2: bits of their job. Right. So I think I think 408 00:20:22,430 --> 00:20:25,590 S2: there is a distinction in kind of in one aspect, 409 00:20:25,590 --> 00:20:28,390 S2: but but for the most part, it's all the same, right? 410 00:20:28,430 --> 00:20:30,470 S2: It's data leaking out of the business and whether it's 411 00:20:30,470 --> 00:20:33,310 S2: going into AI or elsewhere, then harmonics going to help. 412 00:20:33,910 --> 00:20:36,310 S2: But our focus for use case one has been all 413 00:20:36,310 --> 00:20:39,150 S2: about AI adoption. And and so it's sort of giving 414 00:20:39,150 --> 00:20:41,310 S2: that visibility and then allowing you to put the right 415 00:20:41,310 --> 00:20:44,030 S2: controls in place. And and just to show you one 416 00:20:44,030 --> 00:20:46,310 S2: more kind of cool thing that, you know, we have 417 00:20:46,310 --> 00:20:49,629 S2: this whole detection catalog, we're continuing to expand, but you 418 00:20:49,630 --> 00:20:51,790 S2: can see the types of things we can spot, right. 419 00:20:51,830 --> 00:20:56,150 S2: M&A data is obviously absolutely critical. How would you spot 420 00:20:56,150 --> 00:20:59,510 S2: that leaking out historically really difficult. But we've got models 421 00:20:59,510 --> 00:21:03,189 S2: that understand what that looks like. And so instead of 422 00:21:03,190 --> 00:21:06,750 S2: it being a rules based approach, we have these human 423 00:21:06,750 --> 00:21:11,030 S2: readable data definitions that explain to the model like what 424 00:21:11,030 --> 00:21:14,630 S2: is what is that right? What is M&A data? Why 425 00:21:14,630 --> 00:21:16,590 S2: is it important. So we can interact with the end 426 00:21:16,590 --> 00:21:19,389 S2: user and coach them and nudge them appropriately. 427 00:21:19,390 --> 00:21:22,510 S1: That makes sense. Prompts rule the world. I mean ultimately 428 00:21:22,510 --> 00:21:25,190 S1: those are prompts. And prompts are the intelligence. 429 00:21:25,270 --> 00:21:27,070 S2: That's right. And then but then to back it up, 430 00:21:27,070 --> 00:21:28,790 S2: you need a model that's got the right set of 431 00:21:28,790 --> 00:21:32,110 S2: training data and is fast enough to sit in line. Right. 432 00:21:32,109 --> 00:21:34,149 S2: And that's kind of the core of our tech is 433 00:21:34,190 --> 00:21:37,110 S2: is having built that, that data set, train these specific 434 00:21:37,109 --> 00:21:41,630 S2: models and made them really fast. Um, so yeah, that's um, 435 00:21:41,630 --> 00:21:44,550 S2: that's what harmonics doing essentially. So, so the goal with, 436 00:21:44,550 --> 00:21:46,510 S2: with this of course, is you can, you can much 437 00:21:46,510 --> 00:21:49,830 S2: more safely adopt generative AI. You've got some nice reporting 438 00:21:49,830 --> 00:21:52,670 S2: that you can show your AI committee about who's doing 439 00:21:52,670 --> 00:21:54,830 S2: what with the data, the fact that we're able to 440 00:21:54,830 --> 00:21:58,950 S2: protect and intervene and coach the, the employees. Um, but 441 00:21:58,950 --> 00:22:01,270 S2: but then, of course, the beauty is that we don't 442 00:22:01,270 --> 00:22:03,670 S2: need to load up the security team with a bunch 443 00:22:03,670 --> 00:22:06,350 S2: more work here because we're handling this automatically with the 444 00:22:06,350 --> 00:22:06,910 S2: end users. 445 00:22:06,950 --> 00:22:10,110 S1: Yeah, it's being outsourced to the user directly. 446 00:22:10,270 --> 00:22:12,950 S2: Yeah, but at low enough volume and friction that they 447 00:22:12,950 --> 00:22:15,869 S2: don't they don't feel it, which is. Yeah. You know, 448 00:22:15,910 --> 00:22:17,149 S2: we only get in the way when they're going to 449 00:22:17,190 --> 00:22:19,949 S2: expose the company to real risk. It's not just pinging 450 00:22:19,950 --> 00:22:23,189 S2: on a, on a regex match. That's innocuous because they're 451 00:22:23,190 --> 00:22:25,190 S2: doing something. That's fine. Right. 452 00:22:25,190 --> 00:22:28,869 S1: This is really wonderful. I wonder, um, you're probably already 453 00:22:28,869 --> 00:22:31,189 S1: thinking of this, but in the insights tab, do you 454 00:22:31,190 --> 00:22:35,870 S1: have anything around known providers that they've just clearly said 455 00:22:35,869 --> 00:22:38,220 S1: that they train on the data? So it's like an 456 00:22:38,220 --> 00:22:39,139 S1: even higher risk. 457 00:22:39,260 --> 00:22:41,820 S2: Absolutely. Yeah. I mean, and we can do the breakdown 458 00:22:41,820 --> 00:22:45,260 S2: here between the public editions, the free editions and the 459 00:22:45,260 --> 00:22:47,820 S2: ones you have an enterprise license for. So just because 460 00:22:47,820 --> 00:22:50,180 S2: you have an enterprise license from ChatGPT doesn't mean that 461 00:22:50,180 --> 00:22:52,979 S2: people are using that versus their home edition. Right. And 462 00:22:52,980 --> 00:22:56,180 S2: they're logging in with their personal account. So we have a, 463 00:22:56,220 --> 00:22:59,740 S2: you know, we consider the free edition higher risk precisely 464 00:22:59,740 --> 00:23:02,740 S2: because of the training declaration that it that it has. 465 00:23:02,780 --> 00:23:04,220 S2: And we can we can start. 466 00:23:04,220 --> 00:23:06,580 S1: There you go. Training declaration. Hi. 467 00:23:06,619 --> 00:23:09,380 S2: Yeah. So if we want to drill into that, uh, 468 00:23:09,380 --> 00:23:12,540 S2: you know, here's where we've picked it up from. Um, 469 00:23:12,540 --> 00:23:16,020 S2: and yeah, so, so OpenAI state that, uh, they may 470 00:23:16,020 --> 00:23:18,700 S2: use your data to train and improve their models in 471 00:23:18,740 --> 00:23:22,020 S2: that free edition. So, yeah, that's the visibility that we're 472 00:23:22,020 --> 00:23:24,180 S2: giving the enterprise. And then you can put appropriate controls 473 00:23:24,180 --> 00:23:24,820 S2: around it. 474 00:23:25,940 --> 00:23:28,740 S1: Yeah. That's wonderful. And then you define a policy somewhere 475 00:23:28,820 --> 00:23:31,820 S1: I imagine. Um, and that's what gets implemented. 476 00:23:31,940 --> 00:23:34,820 S2: Yeah, exactly. There's a ton of, um, a ton of 477 00:23:34,820 --> 00:23:36,540 S2: things that you can do to configure this, but we 478 00:23:36,540 --> 00:23:40,500 S2: have a have a whole config designer we've taken instead 479 00:23:40,500 --> 00:23:44,340 S2: of just having these these horrendously complex screens with 1000 controls, 480 00:23:44,340 --> 00:23:47,580 S2: we've taken a more visual approach to building the config 481 00:23:47,580 --> 00:23:50,899 S2: out and inspired by some of the great work that 482 00:23:50,900 --> 00:23:53,060 S2: companies like Tynes and others have done recently, to make 483 00:23:53,060 --> 00:23:54,900 S2: things much more user friendly in how you set this 484 00:23:54,900 --> 00:23:58,580 S2: stuff up. And so there's there's a range of ways 485 00:23:58,580 --> 00:24:00,900 S2: you can set up and configure it. And beyond that, 486 00:24:00,900 --> 00:24:04,420 S2: you can also do a massive amount of customization around 487 00:24:04,420 --> 00:24:08,740 S2: the intervention itself. So maybe you want your own logo 488 00:24:08,740 --> 00:24:11,660 S2: and color scheme. You want to put your own security 489 00:24:11,660 --> 00:24:14,220 S2: policy here. You've got an AI policy. You can link 490 00:24:14,220 --> 00:24:18,740 S2: to it in in here and apply, you know, different 491 00:24:18,740 --> 00:24:23,940 S2: controls to redirect employees to secure secure options and things 492 00:24:23,940 --> 00:24:26,140 S2: like that. So depending on how you want to set 493 00:24:26,140 --> 00:24:29,020 S2: it up, some some companies are much more draconian than others, 494 00:24:29,060 --> 00:24:31,380 S2: of course, because they, you know, they're dealing with very 495 00:24:31,380 --> 00:24:35,179 S2: sensitive data or they're highly regulated. Others are a little more, hey, 496 00:24:35,180 --> 00:24:37,460 S2: we want to want to just trust the employees, but 497 00:24:37,460 --> 00:24:40,380 S2: we are auditing and logging this stuff, so if they're 498 00:24:40,380 --> 00:24:42,820 S2: really starting to push our data places, it shouldn't go. 499 00:24:42,859 --> 00:24:44,180 S2: We can we can see that. 500 00:24:45,340 --> 00:24:48,460 S1: Sure. And it allows for both of those situations. It's 501 00:24:48,460 --> 00:24:50,060 S1: more strict or more open. 502 00:24:50,100 --> 00:24:51,940 S2: Yeah that's right. Yeah. 503 00:24:51,980 --> 00:24:54,900 S1: Yeah. This is really great. Um, what what are you 504 00:24:54,940 --> 00:24:57,580 S1: working on next that you can talk about? Like, what 505 00:24:57,580 --> 00:25:01,380 S1: are you excited about? Uh, new threats or new situations 506 00:25:01,380 --> 00:25:02,419 S1: you're trying to address? 507 00:25:02,820 --> 00:25:07,619 S2: Yeah, we're continuing to build out our coverage to, you know, cover. 508 00:25:07,619 --> 00:25:10,820 S2: You know, as I mentioned, beyond the kind of core 509 00:25:10,859 --> 00:25:15,020 S2: gen AI sites and gen AI enabled SAS, we're going 510 00:25:15,020 --> 00:25:17,420 S2: to build harmonic out over time to cover essentially everything 511 00:25:17,420 --> 00:25:20,659 S2: going through the browser. Uh, so it's, you know, you 512 00:25:20,660 --> 00:25:23,300 S2: can see the movement of the enterprise towards browser based 513 00:25:23,300 --> 00:25:27,020 S2: access to most of their services and applications, and we 514 00:25:27,020 --> 00:25:29,660 S2: want to be the essentially the data protection layer for 515 00:25:29,660 --> 00:25:32,300 S2: everything that goes through there. Uh, so that's that's kind 516 00:25:32,300 --> 00:25:34,820 S2: of directionally where we're headed and we're busy building out 517 00:25:34,820 --> 00:25:37,300 S2: a out a bunch of integrations as well at the moment. We. 518 00:25:37,460 --> 00:25:41,419 S2: Next week we're rolling out Okta Integrations. We have entra 519 00:25:41,460 --> 00:25:44,619 S2: ID as standard at the moment, so we're continuing to 520 00:25:44,619 --> 00:25:48,700 S2: add to things like that and building out more insights 521 00:25:48,700 --> 00:25:51,220 S2: is kind of next so that you can start to see, well, 522 00:25:51,260 --> 00:25:53,740 S2: what are the types of prompts that are getting used 523 00:25:53,740 --> 00:25:56,620 S2: by different teams in the company? You know what, what 524 00:25:56,619 --> 00:25:59,580 S2: are our use cases as a business here and and 525 00:25:59,580 --> 00:26:02,140 S2: where are the risks within that. But but the goal 526 00:26:02,140 --> 00:26:05,179 S2: is that this is really more of an enablement tool for, 527 00:26:05,180 --> 00:26:07,540 S2: for gen AI than, than just a data protection tool, 528 00:26:07,580 --> 00:26:11,380 S2: because companies obviously want to be adopting this technology and 529 00:26:11,380 --> 00:26:13,300 S2: we can let them do it safely instead of just 530 00:26:13,300 --> 00:26:15,820 S2: blocking everything where a lot of them sit today. 531 00:26:17,660 --> 00:26:20,980 S1: Yeah. Interesting. You mentioned about the use cases like that 532 00:26:20,980 --> 00:26:24,500 S1: could be a really cool, like you said, a business insight. 533 00:26:24,500 --> 00:26:27,260 S1: It's like everyone's trying to get help with these architecture 534 00:26:27,260 --> 00:26:30,620 S1: diagrams or whatever. It's like, okay, well let's go solve that. 535 00:26:30,660 --> 00:26:31,260 S2: Exactly. 536 00:26:31,340 --> 00:26:33,700 S1: That's pressure that needs to be relieved. 537 00:26:33,700 --> 00:26:36,379 S2: What we found in a couple of instances is the, 538 00:26:36,420 --> 00:26:39,300 S2: you know, the CSO is part of the AI committee, 539 00:26:39,380 --> 00:26:42,500 S2: and they get given kind of the the tools, responsibility 540 00:26:42,500 --> 00:26:45,580 S2: to implement some controls around this, and we give them 541 00:26:45,580 --> 00:26:47,340 S2: the ability to come back to the business and say, hey, 542 00:26:47,340 --> 00:26:49,460 S2: did you know, here's the set of things that we're 543 00:26:49,460 --> 00:26:52,460 S2: using today. What do we think about this? It's a 544 00:26:52,460 --> 00:26:55,500 S2: good starting point for the conversation of which, you know, 545 00:26:55,540 --> 00:26:58,060 S2: we've got obviously teams that want to use these types 546 00:26:58,060 --> 00:27:00,020 S2: of tools in these use cases. Are we going to 547 00:27:00,020 --> 00:27:02,100 S2: standardize on some of them. Are we going to block 548 00:27:02,140 --> 00:27:04,500 S2: like what's our policy. Right. And and I think it's, 549 00:27:04,500 --> 00:27:06,860 S2: it's I think where the security teams often go wrong 550 00:27:06,859 --> 00:27:09,899 S2: historically has been, you know, we get seen as the 551 00:27:09,900 --> 00:27:13,060 S2: Department of No. And it's it's kind of a blocker. 552 00:27:13,060 --> 00:27:15,220 S2: And I think this is an opportunity to say, well, hey, 553 00:27:15,220 --> 00:27:17,500 S2: look we understand you need to do A, B and 554 00:27:17,500 --> 00:27:19,699 S2: C because we can see it. Here's a secure way 555 00:27:19,700 --> 00:27:21,100 S2: to do that. Right. And you go and talk to 556 00:27:21,100 --> 00:27:24,260 S2: your colleagues, talk to the departments and enable them to 557 00:27:24,260 --> 00:27:27,419 S2: be successful. And I think those conversations go pretty well. 558 00:27:28,940 --> 00:27:34,780 S1: Yeah. Well absolutely love it. It's the best implementation I've seen. 559 00:27:35,140 --> 00:27:40,820 S1: I feel like you're really, really in touch with the problem. And, um. Yeah, 560 00:27:40,859 --> 00:27:43,820 S1: I think your history with the previous company, uh, gives 561 00:27:43,820 --> 00:27:46,060 S1: you a lot of, uh, advantage there. 562 00:27:46,100 --> 00:27:48,379 S2: Yeah, yeah. No, it's. I learned a lot of lessons 563 00:27:48,380 --> 00:27:50,899 S2: on that journey. And this time around, being based in 564 00:27:50,900 --> 00:27:52,700 S2: the Bay area always helps when you get. You get 565 00:27:52,700 --> 00:27:54,939 S2: started as well. It's just such a great place. 566 00:27:55,140 --> 00:27:57,700 S1: Ground zero. When? When everything is blowing up. Right? 567 00:27:57,740 --> 00:28:00,659 S2: Yeah. Yeah. Yeah. It does feel like a kind of 568 00:28:00,660 --> 00:28:03,060 S2: a new industrial revolution. And this is the heart of it. 569 00:28:03,100 --> 00:28:05,260 S2: So great to be here for it. 570 00:28:05,940 --> 00:28:09,260 S1: Well, awesome. Well, how can people find more about the company? 571 00:28:09,660 --> 00:28:12,740 S2: Yeah. I mean, harmonic security is is the starting point 572 00:28:12,740 --> 00:28:13,500 S2: on the web. 573 00:28:13,540 --> 00:28:14,220 S1: Great domain. 574 00:28:14,580 --> 00:28:18,540 S2: Domain? Yeah. It's, uh, pretty pretty good for that. Um, but, yeah, 575 00:28:18,540 --> 00:28:22,420 S2: I would say we we love jumping into demos straight away. Uh, 576 00:28:22,420 --> 00:28:24,700 S2: we can roll out, as I said, in 30 minutes. 577 00:28:24,700 --> 00:28:26,820 S2: So a pack is really easy for us to spin up, 578 00:28:26,820 --> 00:28:29,780 S2: and we start to give you those insights in the pack, 579 00:28:29,820 --> 00:28:32,980 S2: which then helps to inform what happens next. So if 580 00:28:33,020 --> 00:28:35,300 S2: you've got companies that are starting to think about that 581 00:28:35,300 --> 00:28:38,340 S2: as their step one inventorying what's happening with Gen I 582 00:28:38,340 --> 00:28:41,700 S2: in the business and thoughts about UI act and things 583 00:28:41,700 --> 00:28:43,660 S2: like that coming down the line. Right. We're a great 584 00:28:43,660 --> 00:28:45,620 S2: first step for that. But then we also have the 585 00:28:45,620 --> 00:28:48,700 S2: controls that come next. So if anyone's interested in that, 586 00:28:48,700 --> 00:28:50,580 S2: we'd love to speak to them. Happy. Happy to jump 587 00:28:50,580 --> 00:28:53,500 S2: on a call personally with anyone that's excited about what 588 00:28:53,500 --> 00:28:54,020 S2: we're doing. 589 00:28:55,260 --> 00:28:59,700 S1: Very cool. Well, thanks for the conversation. I really enjoyed it. And, um, yeah, 590 00:28:59,700 --> 00:29:01,459 S1: I'm sure you're going to get some interest from this. 591 00:29:01,500 --> 00:29:03,740 S2: Yeah. Thanks, Daniel. Been a been a pleasure, as always. 592 00:29:04,380 --> 00:29:09,420 S1: All right. Take care. Thank you. Unsupervised learning is produced 593 00:29:09,420 --> 00:29:13,740 S1: on Hindenburg Pro using an SM seven B microphone. A 594 00:29:13,740 --> 00:29:16,620 S1: video version of the podcast is available on the Unsupervised 595 00:29:16,620 --> 00:29:19,940 S1: Learning YouTube channel, and the text version with full links 596 00:29:19,940 --> 00:29:25,220 S1: and notes is available at Daniel Miessler newsletter. We'll see 597 00:29:25,220 --> 00:29:28,100 S1: you next time.