Cybersecurity Today Weekend: Deepfakes, the Death of Truth, and Verifying AI in the Enterprise

Welcome to Cybersecurity Today on the Weekend. I'm your host Jim Love, and I have an interview that came up based on some questions that have been troubling me, and I presume they've been troubling a lot of you. And the question is, are we witnessing the death of truth? And what the hell does that mean? Before we get to that, we'd like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired wireless, and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com/cst. I don't want to get into a political discussion, but truth be told, I'm a politics junkie as well as a tech junkie and a science junkie. And one of the things that I've been amazed at in politics, particularly, was how effectively video could be used to keep track of someone and their political promises. And over the past years, it's been if somebody took a particular position and gave an answer, you didn't just read an article, somebody would have a video of them and bang. They would nail it and say, this is what you said then, this is what you're saying now. Social media posts are like this as well, and many of those featured videos. But what happens when you can fake these videos so that they look absolutely realistic? This week, a political group issued a deep fake video of a politician. I'm not going to argue the merits or the morality of it, but they use social media posts and they added additional commentary. And it has to be said, they arranged how the person appeared to deliver this. There's a big difference between saying something with a smile, saying something with a sneer. In other words, they controlled how that person appeared, but it looked exactly like him. Now, what's the big news about this? People have been showing off deep fakes for months. The fact is, these have gotten to be really good. They aren't perfect yet, but they're pretty damn good. And I'm not sure how many people would spot the differences. I caught this one because I watched the mannerisms of people, and I know how they speak. And if you do an audio podcast, you can hear a voice, and you know whether it's natural. But I've also seen a video of a famous person that I knew well and followed, and it took me like two to three minutes to figure out that this was a fake. It wasn't that I knew the person's vocabulary so well. It wasn't the picture. It wasn't the voice that would have given it away. There were no obvious mispronunciations. The tonality and the flow of the voice were correct. And since it was just a talking head video, it's hard to say if the mannerisms would have given it away. But I just knew there was something wrong, and I went with the feeling. YouTube is a wash with these now. And I walked away thinking, have we reached the death of truth? And this isn't just politics. It's in all aspects of content. In the world of social media, you depend on trusting people more than you do networks or channels or shows. But what happens when you can't trust the people? When you can't trust your own eyes, when you can't trust your own ears? How do you know what's accurate? And why does this matter for cybersecurity? Well, it bleeds over in a number of ways. We like to think in terms of technical weaknesses that make the news and other, the clever hacker who finds that missing comma in the syntax or the buffer overflow or all of those sorts of things. Most hacks occur because people steal the credentials and or the identity of someone who has access. That doesn't make us go to story, but it's what happens most of the time. And people are often fooled into giving up their credentials, whether these be passwords or session tokens, doesn't matter. The biggest danger we face in cybersecurity, in my opinion, is the death of truth and trust. And in society, in business and in cybersecurity. So when I got the opportunity to interview Rob Gross, I was keen to do it. Rob has an experience from this area that comes from a number of vantage points. Welcome, Rob. I Jim, how are you doing? Thanks for having me. Good. So just a little background to establish who you are and what you're doing. You were a lawyer at one point. Yes. So my my actual my background is I'm training as a CPA and an attorney. I was able to make a shift into the tech world about I would say about 15 years ago, because I've always had a deep love of tech as a kid I grew up, I was a huge video game player. What I wanted to do with my career was actually become a software engineer making video games. That was my passion. My parents actually said, we don't think there's a future in that. We think you should go and be in a count. That's a degree that will always be in value and you should become a CPA. You should learn business first and they have subsequently apologized for that because obviously the video game industry is massive. Some games out there are grossing billions of dollars in sales, but I always had a deep passion for technology. My first computer was a Commodore 64 when I was five years old. So there's always something that I was very interested in. Early in my career, I started off as a technology consultant, helping companies select ERP systems. This was after the death of the internet. It was.com bust. Of course, all companies, all enterprises were like, "Oh, the internet's over." Or they did basically didn't trust connecting their systems to the net and they wanted to do everything client-side and install SAP Oracle Databases. So that's where I first started actually getting back into when I was the first out of college. But then subsequently, I went to law school and then I ended up going to a startup in the city that was a marketing tech startup. And eventually, from there, I met my co-founder, Sayud, and we started fake spot together. Fake spots, whole premise was protecting people from e-commerce fraud. We realized that in the market, there was a huge problem with fake reviews, third-party sellers, specifically on Amazon. We also covered other platforms such as Walmart and Best Buy, Shopify sites had tons of issues with counterfeit problems and fakes. But we were really proud of the work we did there because what we did at fake spot was we took our background in building models and building the first artificial intelligence, right? Classifiers, a small language model. This was before even Transformers. Taking that technology, packaging it up in a very sophisticated way and giving it away to consumers for free, via an extension. Our Chrome extension was very popular. We ended up growing fake spot to around 3 million users worldwide before being acquired by Mozilla. So I've had a very diverse journey throughout my career. But the most exciting thing is now Sayud and I have been together for close to 10 years and we're embarking on our next journey building Cifero. >> And you call it "Prodites of Cifero." So what does Cifero do? >> So right now, we've come out of, we come out of Stealth as a company, but our product is still in Stealth. In a nutshell, we're building an AI verification layer. What we saw on the market was, and this comes from experience of building models. Sayud and our data science team has a lot of experience in this. 15 years or 15 years experience working with artificial intelligence, but also experience working in cybersecurity. And from working with these models, we notice that they are making a lot of mistakes. There's a lot of security problems with them too. And we said, "Okay, if we know about this, what do attackers know about it? What are they looking for? How are they utilizing these models? And how can we protect people and get people, like you said before, get people to the truth, right? You're using an LOM, you're using a popular service like Chatchee B. T. R. Quad. All right, can you trust what's actually coming out of there? You gave it a prompt. What is it returning? Can you trust your interactions with it? Is it actually doing what you told to do? And this goes to the agent side, right? The agents are the big buzz now. I just got back from RSA. Everyone's talking about protecting agents, protecting enterprise AI, but do really people understand what protection means. So that's what we're focused in on CIFRO is providing enterprises that core ground truth that you know exactly what these systems are doing is they end at the end of the day they are systems. What these systems are doing and how they're affecting your enterprise from a productivity standpoint and from a security posture standpoint. I want to ask you a question, then we'll get back on track because it just has been bugging me and you'll know this better net anybody. Agents have they've been around for a while, but they really exploded only in the past like eight to 12 weeks really. Absolutely. And so when you were planning CIFRO, were you thinking about agents? We're thinking about everything. So I think it's good to have, it's really difficult for people to keep up with this for everyone, all of us to keep up with this. It feels like almost every other day there's a new model released, there's new platform released. I know that the team at Anthropic has been just rapid fire with product development and product releases, not just models, but product releases. But when you break it down into a couple of things, it becomes easier to understand. Because one thing is a big buzz word at RSA was we got to secure the MCPs, right? But the people even understand what the MCPs are doing and then it's just it can be overwhelming for everybody. So when you look at it and you're talking about agents, right? What is an agent? It's easy to break it down into. You have a couple categories. The first category is what everyone knows about, which is your Claude and your Chatchee PT. Well, we like to call them, some people call them chat bots. I don't like to call them chat bots. They're more answer engines, right? These are LLMs that you can have a conversation with and they will give you answers they're used for productivity and the like, right? And then on the other end, you have actual models. You have LLMs, you have SLMs, right? They're [BLANK_AUDIO] used by data science teams to build internal products. So if you're a large enterprise, you have a data science team that probably is building a model that they want to self-host because they're tired of paying tokens to the big boys at OpenAI and Anthrophic. And then you have your agents. You have your agents that are going out there and doing actions on your behalf. So this is like a quad code. This is a codex. This is a cursor. We consider those to be coding agents. And then you have a whole another class of things that have come out like OpenClaw. These are personal agents. They're doing actions on your behalf and you're giving them access, which I think is crazy. You're giving them access to your entire computer. And you're saying, "Basically what you can see, please go out and do these following things for me." And then we have our classic, we can't forget this, our classic chatbot that's been on every page, on every consumer page helping out people, book reservations, answer questions about product. And those chatbots too, they become, basically, they've been, AI is now in them. For RSA, I actually used a leading platform, chatbot, it's now it's AI chatbot to book an entire trip. So it's just, the landscape is vast, but when you break it down on those components, it makes it easier to understand. - Yeah, the reason I asked you about agents is, 'cause I thought people would have to, like, when you prepare for one of these shows, they don't just say next week, we're gonna go to RSA. This is a huge, massive, about a preparation, getting your marketing team together, getting all the material, getting your presentations, or getting all the things you're gonna do. And I had some poor guy who's sitting there going, "Wow, I really wanna talk about zero trust." 'Cause I've got the latest thing in zero trust. And this marketing team looks at him, and says, "You got eight weeks. Find out about agentic AI." - No, so that's the thing about. So the way that we approach it, we're a growing team, right? So we don't have the marketing arm. We go out to RSA, we go out to these conferences to have frank conversations with people, right? Just sit down and talk to them. We don't have a booth. We actually just, what you said, be prepared. Yes, we are prepared to have these conversations. But we more just wanna go out there and talk to people and understand what their problems are. Like, what are you actually facing out there? 'Cause you said there's a lot of buzzwords. When I was walking around the floor of RSA, everybody said they had a solution for AI security. Everyone said they had a solution for agentic security, right? Zero trust. Zero trust. One of the big themes, when the big themes there, though, that I found really fascinating, I went to the purple book, one of the purple books events on Monday. And it was about identity, right? It was about establishing identity for all of these AI applications. Now, that doesn't necessarily what we do at Cifero, but I just found the conversation very interesting because one of the CSOs there said it, and it was actually perfect, right? You wouldn't let a random stranger get credentials to your company, right? Like, you would verify who they are and at Cifero, that's our motto, it's trust but verify. So, he said, we always have a policy at our company, trust but verify. So, if it's gonna be a contractor, a new employee, right? There's background checks done. Then after the background check, you're gonna make sure they have a company issue laptop. You're gonna give them a token, right? To access your systems. With AI, with agents, we are allowing basically unidentified things into our network. And he said, that's the most scary thing is that you wouldn't do this with a human, but some teams in companies are running way too fast and are getting into trouble because now they've let an autonomous agent go out there and do actions on their behalf, but they don't know exactly what it is or what it's doing. - Yeah, and I would say, I think that one of the enemies that we face is our own success at cybersecurity. That, I mean, what I call, disparagingly, the tick box culture, but other people might call rules-based cybersecurity. In other words, we've got all these rules. If we follow all these rules, if we do these things, if we go through all these lists, so we do all these things, and we get certified, we're going to be safe. And that just blew up. If it ever worked, it's just blown away. Why? These things are not, they don't respond in the same way, they're not a rule-based system. That might work for algorithms, to some extent. But in the world of AI, you have a degree of unpredictability of the human model you're talking, but probably makes a lot more sense. - Correct. - Personally, I would say, that's what we should have done with cybersecurity in the first place, but we're forced to actually go there now. So as you look at this, do you get the sense that people are getting that realization? - They're getting the realization really fast. So there was a lot of things that happened during RSA that were not outside of the conference, and it started waking people up. There was a couple of attacks on popular AI platforms. There's been various other attacks, too, there was actually one release today. I don't know if I went, it was not verified yet, so I don't want to talk about it. But it started waking people up to the reality that, wow, these applications meant necessarily not be as secure as we thought. I do know that Fortune reported today about anthropics latest model, and internal documentation was leaked. I don't know by who, but they said that this model poses one of the world's largest cybersecurity risks they've ever seen. So this is a new reality that the traditional guardrails will not work. So some seesaw put it to me best this way. When we finally got the quote was, we finally got control of the machines of all the boxes, right? We were able to protect and harden everything because it was a SaaS based infrastructure, right? So we were, the good example is Slack, right? Everyone has Slack, right? We have as teams. So they put Slack in teams throughout the company, and when something goes wrong, Slack and Microsoft would patch it, right? So then we distribute the patch, we fix the problem, we're okay, we can sleep at night. But then came the issue of, okay, so we have, we have someone in marketing using cloud code, and we didn't know about it. Why are they using cloud code? Because marketers now can actually effectively use cloud code or use cloud or chat GPT to do growth marketing, but they're using it on their personal account, and we didn't authorize it. So those guardrails, whether put in by security teams, put in my CTO, the CIO, using large security companies didn't work in that sense, because they were able to go around them and start using these platforms, and like I said, at the same time, policies are policies, right? It said, if you tick the box, yes, I read the policy, right? It's not enough anymore, because these systems, AI systems, are constantly evolving systems. They're not static SaaS platforms, and that's really where a big risk is for a lot of companies. - Yeah, I mean, if I was a CIO, one point in the story about Shadow IT, the Shadow IT I was worried about was nothing compared with this, and that's my position has been, and people can argue with me on this. If I was going to design the most fundamentally insecure model for a computing platform, AI would be it. - Yes, yes, and this is a disclosed thing to Enthropic, but they didn't mention who, what country it was, but there was a country that used, they think it was a country's intelligence community that used Quad Code to go out and infiltrate 30 organizations, including government organizations. And this news went under the radar, but the team in Enthropic caught it and shut it down, but this is how sophisticated attackers were getting. It's, they can automate this entire process, and with that attack, they got Quad Code. They were able to jailbreak Quad Code and get it to think it was the world's best pen tester, and had, and had permission to do this. And they went to those 30 orgs and they got into some of them, automated. And that's just one example. - Yeah, but in some of these things, the secret is the big secret of how you bust through an AI, it's not just cloded door open AI. Yeah, I ask it three times. It's an even anthropic. When people came out and said MCP was insecure, they went, yeah, it is, yeah. - DAW, you thought it was gonna be a security layer? It's a connection layer. You have to harden the security around it. So it's, there's these misunderstandings of, because if you actually shipped a piece of code like MCP with no security on it, they've said that. The five years ago, you got and killed. - Yeah. - So it's a different concept, and I'm not faulting anthropic for this. That's something they've sold. - Yeah, they're, they're, they're, their security team does it. Their security team does a wonderful job. I have to say, like they, they're really thinking multiple steps ahead of a lot of other model companies, and opening eyes making steps in that direction too. They're really thinking way ahead of the risks of these models. They've done a lot of, they've done a lot of great stuff on the trust and safety side. My co-founder and I always say this, is that if you don't put in trust and safety in the foundation, you've already lost it. It's hard to go back. And I know that the team in anthropic has been thinking about this very deeply from day one. - Yeah, but we've never done it. - Well, we always, we develop, launch the technology, goes, "Something we should build in security from the ground up now." - And that's good. - It did, and now, now, it's too, because that's just a, so that's just a, that's just a kind of a feature of Silicon Valley, right? Of the startup world. It's about going as fast as you possibly can, capture it, build the product, release it, who cares, release it, if it's got bugs in it, release it, another one, capture the market, get to your series A, get to your series B. It's all about speed. And when you know this, when you go too fast, you make mistakes. It's just, it's inherent in what, in that, and when you go too slow, you don't get funded. If you go, if you go too slow, there could be other players in the market that move faster, you're correct. They take your funding, they end up passing you. So it's not necessarily a flaw of the feature, and the flaw of the, a flaw of tech startups, but it's kind of like a feature that you have to move fast. But it's always better, it's always best to, are we moving too fast, slow down? Do we have, where do we have problems? Let's fix them before they become bigger problems. Yeah, well, the nice thing is for entrepreneurs like you, it creates an opportunity to contribute, to help improve the security of, and add new ideas. And that's a, Oh, no, that's what we love about this. We sold fake spot, and that's one of those things. People say, why are you doing this again? And I say, I'm doing it again because I love building products that help people. That was what was inherent about fake spot. And that's what makes Say You Night different. Fake spot came from a personal problem that Say You'd had on Amazon. He actually got ripped off on Amazon. And so did I. And when I found out what he was building, I said, this is actually a really cool mission, and I want to join you on it. And that kind of honesty, we built into our product, and we built into our marketing. We always, I made a personal mission. I responded to every single customer on our contact email. Because we had people that said, you stopped me from buying something bad. And I would say, look, I really appreciate the feedback. Can you give me any feedback on the product? And we actually built our product, not from typical growth hacking feedback mechanisms. We built it from real direct consumer feedback. We wanted to be honest about helping people. And that really helped us grow. We didn't have Facebook ads, we didn't have Google ads. We had just out there word of mouth from our own users that we were helping them. And with Ciphero, we're doing the same. We're honest about what we can do with our employees, click to our customers. We're honest about what we can do and what we can't do. And we find that approach really helps in the enterprise world because there's unfortunately a lot of companies out there that tend to oversell their capabilities. And then they get in trouble when the platform goes live, and it's not working in certain areas that they said it could. We're all about, we're all about with Ciphero, and we were a fake spot about transparency and building that trust with our customers. - Just by going back to fake spot for a minute. So you find that you're getting ripped off or people are getting ripped off. And then you started to try to find ways to find the truth in or to find which reviews are accurate. - Yes. - Now obviously there's some algorithmic things you do or things like that. - Yep. - But what was the guiding star for you in trying to figure out what was true and what wasn't? - Yeah, so if you look at online reviews and this has been a problem for a very long time, fake reviews. So at its core, you would have a small business and ask your friends and family, look I got a small business, sales are struggling. Can you go out there and just write some reviews for me and help me get up the page rank for Google. So that's like a small business level when people see a small business. If it doesn't have good reviews, Google may not rank it high. When you go to search for say, I don't know, like in New Jersey, a bagel store, we'll use the Jersey analogy, a bagel shop, right? What's the best bagel shop around here? You wanna have-- - That's what is in Montreal, but that's a lot of the story. - I've been there, I bought a shirt from there actually. And my wife said, "Why did you buy this shirt?" I said, "Because it's the best bagel shop in Montreal and Montreal is famous for their bagels." And she said, "You have to get rid of this shirt." And I go, "Absolutely not." I actually not hiding the shirt 'cause I use it. I wear it to the gym. I love wearing that shirt, it's great. The bagel's up there, fantastic, you're right. - There are some good spots in New Jersey though. - Yes, yesterday, I appreciate your recognizing that 'cause Montreal is definitely amazing. - I worked out of Jersey for a while, so our head office was there for a while, so it was-- - Nice. - Yeah, and New Jersey, I like to say, if your town has, if you're even in a small town, you'll probably have three or four bagel shops and probably one gas station. It's crazy. But yeah, anyways, so getting back to the reviews part, so you wanna try to boost your up your ranking. So that's on a small level, right? That happens, but unfortunately, a lot of e-commerce platforms that happens at a much larger and more than a fit in the various way. Like on Amazon, there's a lot of competition out there to sell the same product. If you were to look up backpack, you would get backpacks from well-known brands. I'm just saying in general, I don't know if LL beans on there, but you would get LL bean, you'd get Jansport, you'd get Osprey, and then on the sun, you'd see these other brands, they're like, wow, that's actually 50% less. Why does it have 20,000 reviews? And then the stats on this going back, I'm trying to think back into our fake spot data, but the stats are pretty much for every purchase. It's like either one in five or one in 10 people believe a review, and you can do the math backwards of what that product sales are. So if you're like, wait a second, this backpack has 20,000 reviews, that means they've had 200,000 sales of this one backpack, that's almost not possible. And what you end up finding out is that a lot of these sellers will give away product for free. And if you give away product for free under law, and you ask someone to leave a review, they have to disclose that they were given the product for free. And it happens a lot on these platforms. Amazon has done a good job at this in recent years, trying to clean up the review platform. I have to give them a lot of credit. They've also done a good job on counterfeits, and they've done a good job on third party sellers where a lot of these problems come from. But they still have issues, all these platforms have issues with people scurrying around these rules. And the penalties are really severe if you skirt around the rules. Amazon has its own program, Amazon Fine, and there was another one too that it actually discloses we were given the product the way, we were given the product for free. But a lot of guys go around and break those rules, and that's what Fakesbot was trying to catch. It's trying to find the unreliable third party sellers that were breaking these rules. So you actually knew this is an honest seller. These are honest reviews, and you can actually trust them. We were never trying to make a product recommendation. We were trying to guide people to the reviews that you can actually trust because we end up verifying that they were real. - And the reason I ask all that is because it's, there really is that there's the idea of how we think through this problem of trust. And I think it lies at the basis of this. So you've got this one idea of going back in, and I think that's actually a great piece of learning in there is hey, would this make sense? If you step back from it, get out of your system one mind, get into your system two mind, and look at it, and say mathematically would that make sense? - Yeah, those are key things. And they really are that step back. Something we all always tell people in cybersecurity is, if it feels it's bad touch, good touch, like you, if it feels bad, stop. Nothing in the world needs to be done that quickly. - You have to use your breath, and ask yourself, is this make any sense? - Yeah, you're right, it's the gut check, right? It's the gut check, and a lot of things, okay, so a lot of things are in our world now, have us programmed and wired to move fast and not think through things. On the e-commerce side, Amazon was the best at this, and they still are the best. Their mobile app gets you to go, get it today. Like it's always focused on, you can get it in a couple hours, you can get it today. And what does that do? - It'll be delivered, if you place this order by now, it'll be it. - If you place it in the next 15 seconds, it will be there in one day. - We'll say the TA yesterday. - Right, so all kind of gamified to that, and this happens to, if you notice this in travel too, in travel, they'll say hurry up, there's only one left, and there's always more left. So it's important, I think, for everybody, whether you're shopping online, or whether you're doing something at a company, to slow down and say, I gotta verify this really quick. Let me verify it, and make sure that this is actually on e-commerce, it's the real deal. I'm getting an actual deal. The product's gonna be good, the seller's good. And then when you're working at any enterprise, we're gonna have any company. Does this answer correct? Imagine you're working with ClawD. And we've all seen this, where I've seen an answer come from ClawD or for ChatGPT, and based on my experience in this area, whether it's legal, it's accounting, I know it's wrong. And I'll say, excuse me, but did you consider this? Did you consider that, and it will go, you know what, Rob, you're right, I didn't. So that's what happens when you actually slow down. There's too much of, hey, ClawD gave me the answer. ChatGPT gave me the answer. I'm gonna share it with my boss. I'm gonna share it with my team. And not actually reading it. One thing we do at Ciferome that we're really proud of is we make everyone review their work. And why do we do this? It's, we're using AI tools, right? We're an AI shop, but I think it's important for people to maintain their skills, no matter what they are. So in my background, I'm maintaining my skills in operations, right, running all operations, maintaining them on a product sense and a marketing set, leveraging these new tools, but always verifying the work and making sure that it's correct. And the same thing goes for what we do on the engineering side. We wanna level up our engineer's skills. We're always proud of how we train our engineers, but we also don't want them to lose their skills. And that's happening way too much in the world today, just in general. - Yeah, it's, and I struggle with it myself, but because I write, like I write constantly, writing news stories. I'm writing all kinds of things and I use AI tools because I can't spell anymore. Yeah, and I'm not so sure that I haven't traded part of that that spelling ability and the ability because the old days used to as an editor you'd do copy editing and I was much better so you but so you watch your skills atrophy because you can depend on them. It's not just AI we had spell check and all those things before but you'll find out you'll just give that away if you don't exercise it and so now I spend a lot of time trying to make sure that I do exercise and read and focus on some things myself but how do you break how do you make that part of your company culture? From the beginning we established that their that Fridays are AI free days. We want to make sure that everyone takes time to review their work. We want to make sure everyone takes time to do something that does not involve artificial intelligence because it's very hard to disconnect from this now right? It's extremely difficult so it's not mandatory for the entire team but we as founders we make it a we make it a priority disconnect from that right and because there's plenty of stuff that you can still do without AI. I'll give you an example right AI is still bad in accounting. It's not the best right you need someone who knows what they're doing to look at what needs to be done so maybe my Friday will be that will be the day that I do the accounting right but also to writing I love writing too say you love us writing we don't use AI to write our blog posts anything we're doing on LinkedIn and you know we noticed it stands out so much better because it's actually genuine and people realize that you're not getting you're not getting you see it on LinkedIn all the emojis all the m dashes right it's wait you're trying to connect with people but you're using an artificial intelligence system to connect with them how about you actually write the way that you write it's okay if you have a couple the grammar is not a hundred percent right I know this with one thing driving me not is the new gmail right and in gmail it will suggest the entire response right and it comes a lot it almost says to me listen you suck at email why don't you just leave this to me what I noticed is it's not the way that I write it's not the way that I talk to people it's it's come it's in a very robotic tone like the response will be like I'm making it up hi Jim thank you for having me on the podcast hopefully we can talk soon thank you Rob I don't say thank you on my emails I say best it doesn't even know that so I do not let those I do not let AI do my emails because I've seen too many of them come out looking robotic and also I've seen too many people sending them to me and it's just it's you know you're not connecting with people you got to be able to connect with people on a personal level so there's AI free days allow our team to disconnect and maintain their skills whether it's you're an engineering whether you're in product management marketing sales you got to maintain those skills that's good idea you've got you've done the reverse google spent a portion of your time out of technology which I think is actually a really good idea yeah it is it we also are very we emphasize we emphasize at cifero time to connect with your family time to connect with your friends go outside take a walk exercise that's really important for us the way too many of us are just plugged in non-stop and we find that if you're constantly plugged in you're probably not going to like what you're doing anymore you're going to be missing out on different events with your friends your family and we always say if you need to take time for that please go and do that because that ends up you end up bringing more to your work because you're happier and I don't necessarily agree with the what became really popular during last year was it was 996 right yeah we don't get me wrong as founders we work very hard right but it's it's also important for I think for everyone to step away from their work and spend time with their friends and family so that you actually are more productive doing doing what you're doing at cifero yeah and I think he just on the personal note I'm obsessive I can't I don't work like other people do I'm writing a book right now I'll finish this I will be up till four in the morning right yeah I will keep working at that my wife looks and she says how long do you think other people have produced a book and I say they they take they work days as well I'm obsessive and the problem we have is if people like me run companies is that you can start to expect it everybody else lives their life that way and it's really destructive yeah no it's it's and it's in it I'm the same Jim I'm the same way I always it's true if you actually love what you do it's not considered you know feel like it's work so you're able to stay up late continue building continue working say I'd like to say this though at a certain point the quality of work goes down it's just it's just it's lining yeah it's this the quality of work goes on and that's when you that's when you know that's when you know to call but if you're passionate about something it doesn't feel like work and that's the way we always felt a fake spot and that's the way we have that same exact feeling it's Cifero and it I was just if you're not pranora right you're a founder and you don't have that feeling when you first start working with your product probably switch to a different product yeah because you have to have that kind of if you have to have that kind of love and passion for what you're building if not every hour is going to feel painful every pitch sales to investors it's just gonna it's not gonna come off natural because you don't believe in what you're building yeah somebody once told me that Steve Jobs was may have been a bear as a boss he might have been a lot of things of people didn't like I think wasdank what said that and Steve could have been nicer and gotten the same result but the one thing that I just that just grabbed me was somebody actually saying this of him holding up the phone one time say I can't fall in love with this how can we expect a customer to do that that part of it and from people who that for people who would beat up by by jobs it did pass a lot of the walk away with some wisdom and that's one of them so if you can't fall in love with it then and you're just trading time for money you're not going to excite a customer it's it's I love that example because it's so true that's what we were fake spot we were fake spot users we built it for our own when you build things for your own problem right that means you actually done something that's very useful probably for others right and if you love your own product you can it's easier to go out there and explain it to people and and if you have to sell it to people I'd RSA I ran into a couple people who were sales guys and and they were saying oh I worked for this company that company and it was the work it was the worst product but I still had to sell it now those are probably the best sales people because they can actually sell something that doesn't work but it yeah you could see in their eyes it was painful doing that but then when you get to a good company that actually has a really great product and the founders and the executive team believe in it and constantly work on it it makes your life so much easier as a salesperson so that's Steve Jobs analogy is fantastic yeah I could I admire people who fall in love with what they do and can develop that I have trouble with people who think they're gonna sell something to you and that that's so that that's always a problem and my audience does as well and they're probably actually the audience probably so you're like why are you guys talking about this sort of stuff this is cyber security but the issue with me and the reason why I love this conversation is cyber security is cultural yes it is it is not technical it technical is the cost of admission you have to good at the technical part of it and if you're not then go do something else but if you don't understand it's cultural and you have to reach people and find ways to get them to think the same way that you need them to think to be safe and that will be different for different people if you can't get a hold of that it's why we why I think people burn out and why they're sitting in a room going those damn users they just don't understand they go do anything yeah I started as a stand-up comedian believe it or not you think I'd be funny or I actually did and I came out of that going you can't tell an audience to laugh correct you have to get them there and it's the same thing in cyber security yeah yeah I was just gonna just to Jim I was just gonna say this one thing I love about the cyber community is it's even though there's a lot of large companies in it right there's a lot of big players what you notice at RSA is it's a very tight-knit community and you have to connect with people I always say this on a personal level understand don't just out there selling the solution right understand what are their problems they're facing let them just just tell you right let them unload about all the issues and really understand them on that personal level of this is what I'm facing here and facing there but also to the knowledge share at this purple book event you had all these top c-sows talking about all the problems they're facing and having frank conversations about it and then what they were doing to actually solve it and so people were exchanging ideas you wouldn't get that in a lot of other industries people would be they're like I'm not going to talk about what we're doing that's a competitive that's a trade secret this that no we it's a community where people have to discuss ideas have to pass around information because if you don't you're not protecting the world as a whole kind of yeah if you're in a company that is not selling a security product obviously and security is your differentiator you've got a big problem because you know it if you're out so far ahead of everybody else with your great security knowledge you chances are you you're overestimated your ability correct and I that's I found the same thing that c-sows are willing to share a lot more privately find you and I think I think that's a good thing. Yes. But then, rarely publicly. So tell me about your new thing and how that relates to how you've made the transition from the ID and truth and so forth. Now, what does it do? Yes. We're keeping what the product does and we're keeping what we do in stealth. But in general, we're, like I said before, we're building in this AI verification layer. That's going to basically allow companies to finally get a real-time picture of what's going on with AI Ether company. And that's basically its core functionality. When we're building on our, building our experience from building our official intelligence experience, we're building models for the past, like I would say close to 15 years right at this stage, knowing that, knowing basically the ins and outs of what these models can do, what they can't do, their limitations, and their problems. The approach that we're taking is we're trying to work with a bunch of partners at the onset to really show them, you may think you have an understanding of what's going on at your company from a security standpoint or just they basically, let's call it an AI usage standpoint. But when you actually put in the CIFRO platform, it gives you a true picture of what's going on. And I think that's very important and differentiating from other solutions out there. They may be capturing information, capturing interactions, but not really giving that complete picture. We're talking about from main platforms to model development to the smallest interaction, right? And we're actually going on at your company when it comes to AI usage and how can you start to get control of it? Because I think that should be the starting point for a lot of enterprises. You necessarily don't want to go and say, I think a lot of companies will be heard in the market is a lot of companies are saying, all right, we have to enable AI at our company or we're going to fall behind. We have to do something about this. But then it falls on and that's usually the CEO, right? Talking to the market, whether it's the public market or it's a private company, we have to put these things in there. So they go out. Maybe the first step is we usually see this. The first step is they go out and they get a clawed enterprise account and they say to the company, start using clawed for your work, but they don't understand how people are actually using it for their work. And then they'll go to the CTO, the CIO and the CISO and go, now it's your job to secure it. But it's already out there, but we already bought it. So there's a lot of pressure, a lot of pressure on the tech suite, right? The tech executive suite to actually go out there and not only secure it, but understand what's going on. So that's what we're trying to do with CIFRO on the onset is we're going to give you that picture and that landscape of what's going on. And then we can decide what to do it down, do with it down the line because you do not want to just block employees. I think it's the worst thing you can do because there's a lot of innovations in AI that are making employees into basically like Superman almost, right? So it would take hours and hours to do, can now take five minutes. So you want to enable those employees to actually be more productive and not just say we're locking everything down and we're blocking it. Yeah. And the old thing of the doctor, no, doesn't work first of all. The thing is you outsmart yourself. I had a CIO on time. We looked at me and this is the early days of PCs and I wouldn't take solitaire off the desks and told me to. And I said, I'm not going to do it, Bernard. And he said, and I was just a director at that point. I was, I wasn't a VP or anything in those days. But the, so I'm talking to the CIO, I said, I'm not going to do it. And he looked at me and went, what? I said, you want me to take that game off those computers. Now I'm going to have to hire somebody to go around and train everybody to use a mouse. Yeah. They're doing it for free. Yeah. And he looked at me and went, oh. And this part of it, we don't think through the unintended consequences of what we do. And that causes us great grief both in. I love the solitaire example because I grew up at a time where I remember the mosaic browser. I remember the beginnings of the internet. I was, I'm a prodigy dial up kid. And I do remember on my parents PC playing hours of solitaire, but I wouldn't do it for hours on street. But I used it as a mental break when I was studying in high school. Yeah. And I used to have companies too. If you give employees a mental break and you say, we're not going to block things as solid number of minesweeper. We're not going to block these things because, hey, we know you use them. They're not a threat. We don't want you spending all day on them, but a lot of people use it as a mental break, right? And then they're more productive at work. And I also love that example because I worked for a large accounting firm and they locked down everything. You could only go to CNN.com. I look at when people are, they can keep you browsing. You can be browsing. They worked there. Oh, no, they did. No, they did. They blocked CNN.com. But and then of course they had their internal dashboard for doing a research. So all the employees were in cubicles just going and doing tax research. That was what I was doing all day long. And you could see people getting sadder as the day went on because they couldn't have that mental break of just going to like ESPN.com and reading about their favorite team. So you don't want to lock people down. People at the end of the day, they have interests. They want to take a mental break. And it's not a good thing just to block them from everything. So I love that solitary example. Well, it's it and it is true. It makes space. And I think that's something that we have, we need to think about in cybersecurity, especially when things get tough. The, in, I put this invention novel, when a problem can't be solved, walk away from it for a little while. And I think that's a tough thing to do, especially when you're under attack. Yes. But you do reach this level of which there, you need to give the brain a break, get need to break off and start to reformulate or whatever happens that helps free us up for thinking. But it's, and that's hard to do when you're under pressure. So it is interesting, it's interesting from an AI perspective too. That's what we, we talked to prospective customers about this. We say, they're the big thing and they say, we want to keep enabling, enabling the employees to use this, but we're scared to do it, right? We're scared that they're going to make a mistake. They're going to do something on a couple of aisle. They're going to copy something they shouldn't copy into a clock. And it's interesting because you don't, you want them to be able to leverage those tools because when they leverage those tools for, I would call just repetitive tasks, mundane tasks that they used to take hours on end. Now their creative thinking is enabled. They have more time to think on, wait a second, I actually kissed Kim with a better idea for our core product. I realized that I know how to talk to this customer now and sell them on this, this thing we have to different strategy for the company marketing wise. It's enabling people that it's freeing up their creative time. Now if they're using it non-stop, and like I said, not taking that AI free day to actually do those things, maybe it's some aspect you're automating yourself out and you don't want to do that. But it's all about enabling these things in companies and doing it safely. So now they can actually work on more important things like strategy, new product development, sales, marketing, things like that actually help increase the bottom line. Yeah. But if I'm a C so I'm looking at two of us and going, that's easy for you to say. I've got documents to protect. I've got things that I have to be, and boy oh boy, I'll tell you, if it breaks down, somebody's going to come and say, who brought in that AI? And it ain't going to be the CEO that takes the head for it. It'll be me that allowed it in. Yeah, and that's what we're seeing more than ever now is that, and they were talking about this at RSA also, but we saw up beforehand where the implementation of these AI systems is falling on a lot of the time now on the CISOs. And because they're saying, look, you have the technical knowledge and the security background to tell us the risk behind this because legal and procurement too will come to them and say, should we buy this, should we implement this? And it can get overwhelming because they already have so much on their plates. So you're 100% right about that. Yeah, what would you say to them? I've tried to think through this. Because you're usual stuff of saying it might take on it when I had to do a security. It was never a technical risk. It was business risk. I'd always push back to being able to say, how much risk can you take? Right. If we lost all these documents, what would that do? I've always been pushed. That's how I've stayed sane through this. But I don't know in AI where the equivalent of that conversation is. So I think you have to do, you have to do a risk analysis on it, but you also have to do like you said, business, the business pros and cons. What are you gaining? I think it's just like everything of the decision matrix. What are you gaining on the business side with regards to productivity, product ideas, like improvements in enhancements, revenue gains, right? Versus, what are the security risks behind this product? What are you willing to trade off? What systems do we currently have in place from a security and risk perspective that we can actually apply to this, right? Before we need to find something that's more fine tuned to what this AI product is doing, right? If we need to enable this now, what do we currently have in our stack that will help us get us to that next stage where we find a vendor that can actually provide the solution for it. So I think it's about just doing that analysis, right? And not just throwing your hands up and going, no, I'm going to block everything. Because I think if you do the analysis, you'll realize that some of the trade-offs are actually worth it. Yeah. Now look at it. You said that AI is useless for accounting and it probably is pure accounting. But I use it to do my expenses. Why? Because who cares? Honestly, if we have, if your racers are put in, not put into office supplies and and they're put into software for whatever, for $3. It's not material, I don't care. So I will get it to do all the grunt work there, and it fills in a spreadsheet for my account and we send it off. - That is actually, yeah. So when I say useless for accounting, what it is, it still has, I'll clarify that. It still has some use for accounting, but the problem is as my, I had a data science like to say, my co-founder likes to say, at the end of the day, these LLMs are statistical matching machines. They are very good, that's why they're very good at coding, repetitious patterns, right? When they see something they've never seen before, but it's not in their, it's not in their training data, they don't know what to do. So with accounting, every company's book is almost different, right? It's all, they're all different. So if you do deploy an agent on your accounting system, it needs time to actually be trained on what your accounting system is, and then it will probably work okay, but it can still run into problems and it also has to know every single rule of gap, right? It's gonna know all the rules of accounting, and then when you get to tax, it's a whole another rule, right? But for things like expenses, of course, it's something that it can easily understand, it can easily auto fill, and the progress that these AI companies like OpenAI and Anthropic have made on the office functions is remarkable, because we were talking a year ago, the spreadsheet thing wasn't possible, it would make tons of mistakes, and now it's gotten a lot better. Oh yeah, and the interesting, it's really curious when you're in accounting, and you were saying, "I worked for a large accounting from this high, "that's why I've learned consulting." - Yep. - And the accountants deal with errors better than technology people do. In other words, somebody would say to me, is this, but sure, I would go, I walked into my partner's office one time, and he said, "This doesn't add up." And he said, "By how much?" And I said, "It's probably three bucks out." He said, "Look, go see a bookkeeper, I'm an accountant." And it was just that matter of fact that, yeah, okay, but they could accept imperfection in if it was non-material and didn't reflect the larger pattern. And I had to risk that was a different way of looking at accounting. And I'm not just chasing bookkeepers or people, 'cause you do want a bookkeeper to be exact, but in technology, it's cybersecurity. We try to be so right about everything that we make bigger mistakes on material things. - See, you don't, you necessarily don't want to take the, the N Ron and author Anderson approach, that's a whole different approach. But with, you're right about this, with accounting, right? It's, you can drive yourself crazy, trying to make everything, every tie, everything perfect. And for large organizations and enterprises, let's be honest, it's almost, there's so many transactions going on, it's almost impossible to do that, but you can come with a reasonable degree of certainty. And I agree on the cyber side, there is still an importance, it's not necessarily being perfect, but being as secure as you possibly can, and accepting that there is going to be problems. Because, look, every day there's a new vulnerability discovered. That's how it can't be perfect, right? Almost every day we discover something new. So it's about staying on top of that and looking at it and saying, are we protected from this? Let's see what our platforms, have they been updated? Are we protected from this? Because if not, I think you'll drive yourself crazy. I know a lot of accounts that drove themself crazy, 'cause they couldn't reconcile books, they couldn't, but it's okay, we'll figure it out, right? We'll figure this out and we'll take the steps to remediate it and protect our company from any of these risks. - Yeah, and I think the best guys that I do, we go back to the processes. Is there a process in place to prevent this? - Yes. And they wouldn't be staring at the numbers. They'd be staring at the idea of how would an error happen, how would a material error happen? How do you prevent that? And I think that's a conversation they're used to having. - A lot of it too comes back. People forget this. A lot of it too comes back to security training and physical security training. We always like to talk about the digital, but the physical part is so important. And I think getting your employees, getting your teammates to understand if something happens, right? If you lose your phone, you lose your token, you lose your laptop, do not be scared to reach out. You're not in trouble. You're actually following what we talked about. And I think there's a lot of people that are worried about I'm making mistakes, I'm making a mistake that I'll get fired for. On the digital side, have you been compromised? Don't try to remediate yourself, you're not the security team. You actually go to the security team and tell them immediately because Jim, you know this every second matters, right? And I think if you take that approach with your team and security, that it's A-OK, people make mistakes, people get compromised. But it's about the reaction speed. How fast can you tell me that this is a problem? And I think for a lot of startups out, this is not, that enterprise is do a good job out there. But I think it's really important for smaller companies and more startups to take a more serious approach about their security and have this training and awareness. Don't rubber stamp it. That's that you don't wanna do that. You wanna have frank discussions with your team as many times as possible about emerging threats, about problems out there, about it's OK to reach out and be something, you think something bad happened. Yeah, especially if you're wrong. And that's the, somebody said to me, how can you be so calm about this thing? And I'm going, what am I gonna do? Y'all at the person? I said, they've learned, we've just had a great training session. They'll never make that mistake again. Yeah. What do you say? And, but if you do try to block people out and punish them, they'll just hide it. They'll hide it. They'll be scared. Yeah, that's the worst thing you can do. And it's just having that, sharing examples from out there in the cybersecurity community of what's going on and making people aware of this stuff. All of a sudden, they become more diligent in what they're doing. And that's like your first line of defense. Yeah, yeah. So what, just back it up to RSA and what you're doing, you've gone there, walked around, seen the world. What does your takeaway when you get home? What are you thinking about right now? I, that's great. You know I'm getting some sleep. No, it's actually a great question. Yeah, so when you go to these conferences, it's crazy. I always say it's just, if there's, I don't know how many people were there, but it seemed like 50 to 80,000 people, every hotel is booked, every restaurant's booked. All the big companies, I saw a crowd strike took over entire block in San Francisco. You go walk the Expo floor, it's extremely overwhelming. Everyone has, they're all competing for the nicest booth, the nicest giveaways. But we take away from it is, this take, I think this year was really focused so many companies were saying we are, we are solving AI security, we're solving agent security. It was definitely the theme of RSA from all the vendors. A lot of discussions were about that. I think, a CISO told me, I talked to a CISO there, he said, I don't wanna hear the word AI for a very long time after this conference. Because it was just not, it was just non-stop. Some companies had AI free zones where they were not allowing anyone to talk about AI. So that was definitely the big theme about it. But also what's great about RSA is getting, you get to reconnect with people in person. There's so much now done remotely. You're on the Zoom call, and you don't actually get to meet up with people and connect with them on a personal basis. So that's number one. Number two, where I think a lot of these side talks, like a lot of the side discussions, not the main stage discussions were amazing. I went to one with the head of security for codex. That was fascinating. So fascinating discussion. There was another one with the CEO of SailPoint talking about that was more in a founder based discussion. Another amazing talk. Purple, the purple book community talk was phenomenal. That was a phenomenal. So I always say to people like, it's, you gotta take time out to go seek these things out. It's not about going to the hotel, suites, going to the parties, doing sales non-stop. No, go and actually listen to people building things, listen to their perspective on things, see it as much intel as possible about what are new trends in the industry. Because if you don't, you're gonna miss out on it. And I think a lot of people, it was sad to see sometimes like, these amazing experts in what they're doing, whether they're CISOs or AI engineers or AI builders, seeing some of these rooms half empty. And I was like, you know what you're missing out on? This is amazing. So I think that's my takeaway from it. I got a lot of exercise in by walking around all of San Francisco. It was another good part because Uber's weren't available and there was traffic jams. But it's just, it's a really energetic environment. It's also like about it too. You get the energy from all the people being there and all the hustle and bustle. But I got to say at the end of the day, it is great to be home and see the family again. And after doing all that traveling. - I bet. And after that, you can still tell me about your product. Really, you and me and 14,000 people here, you can open up, just kidding. - Oh, I'm just okay, sorry about that. - This is the best, no, this is the best job. Anybody's ever done a make building curiosity for something pretty good. What's he doing? We're gonna find out, which is good. - Yeah, no, we're really proud. We're really proud of what we're doing here at CIFRONE, proud of the products that we built. And really appreciative of the companies out there that decided to partner with us early on. It's really great to see in the cyber community, the willingness of some companies and CISOs to look at, they really seek out new products. They seek out new products for new problems. I would think probably many years ago, decades ago, it would be very difficult for everyone to build something as rapidly as we have built it, right? Given the new technologies. But the overall, just maybe a little bit, we're not gonna bring you into a pilot program. I gotta say, there's a lot of amazing companies out there that have these innovation programs. They have these pilot programs. They're proactive. active and looking for the new things. And I just want to say thank you to those companies out there that are doing these things. It means a lot to start up companies that are looking to solve emerging problems and threats out there. Because without that, it'd be very difficult to build something that enterprises can use, right? You have to be able to partner with those companies to solve their problems. And without those programs, it's very difficult for companies to do that. - Yeah. And what are you looking forward to the next year? What the next year could be the next eight weeks and the next week? - The next week, the next week. - So with the, I would say, it's the most exciting time ever I've seen in tech in general with the rapid pace of development that you can build things, right? Because of the new AI coding tools, the rapid innovations coming from the AI platforms, some of it could be scary to certain companies, like we talked about the SaaS apocalypse, which I'm not necessarily a believer in. But I also, I think there's gonna be, there's too much gloom and doom around AI replacing people. And I just wanna say that to me and my co-founders, we have a much more optimistic view of the future. And that is, I think AI is gonna enable all of us to actually not need to work as hard, but be actually more innovative, right? We're gonna be building new skill sets that are gonna be awesome for the future. And it's gonna enable us too to have, like we said before, like one of our things at CIFRO, spend more time with your friends and family, right? If you can be more efficient in your work, and you can be more innovative and more creative, I think that's a great thing for everybody. So there's a lot of gloom and doom out there about AI replacing whole companies, AI replacing tons of workers. I don't think that's the way it's gonna pan out. I think that companies, I look at companies that decide to, you always have, for large enterprises, you always have to have the next generation come in, right? The next generation, you need to train them about what your company does, why it's important, what we do, how our products work. And if you're not willing to give young people that chance, because you think you can be more efficient with AI, I think you're missing out on the next generation that's gonna lead your company. So I think it's just really important that, instead of saying, we're gonna do less hiring, we're going to, because of these efficiency gains, we can lay all these people off. How about actually using these things to build new skills for people, and build the next generation of people who are gonna run your company. And that's an important thing that, I think I'm just way more optimistic about the future with AI and what it can do for all of us. - Yeah, and it's amazing, because I'm much more pessimistic than you are. I believe that, and by the way, this is the, I was informed today that this is the first year of World War III in the Star Trek Universe, 2026. - How about that, yeah. - But, so I'm much more pessimistic than you are, but I come to the same space somehow. And that is, we are humans who have to live, and I go back to this thing of even CISOs, is don't kill the excitement. Like, when people let them have the excitement, you can talk to them about the security of this stuff. You can, but when you can reach people a lot better, if their first move is excitement, and yours is listening. - Correct. And for me, as a founder, you have to be an eternal optimist. I think it's, you can, it's very, if there are gonna be, there are going to be difficult times. But there's always tomorrow, right? There's always a lay at the end of the tunnel. And I think that me and my co-founders have always been optimists about the future optimists about what we're building. You have to do that. If you don't do that, it's probably not, you're probably not in the right business. It's easy to say, there's a lot of competition, there's a lot of threats out there. There's always gonna be competition, there's always gonna be threats. You have to trust in what you're building, believe in your product, and that comes off to your team sees that too. And they see how positive you are. That really, it really makes a difference at the end of the day. Don't show frustration, don't show anger, show positivity and optimism, and good things will really happen. - Yeah, and I think there's a lesson in that for us in cybersecurity as well, is that it's not, that it's not hard. If it was easy, everybody do it. There are, mother warned you, there'd be days like this, she just didn't tell you how many there'd be. And I know as even somebody who started a business, getting up in the morning and facing the fact that you gotta go out and talk to customers, do all that stuff, and you have a half empty room when it should be full. There's lots of disappointments in life, but finding your way through them is probably one of the things that you can give to other people. - Correct. - And that's the sense that I'm engaged, I'm here. - Yeah, it's Ben Harwitz's book, the hard thing about doing hard things, and even though it's from a different era of building tech companies, the lessons in that book still apply. And it's really, anyone interested in building their own company, I don't care if it's tech or you're building a consumer product to definitely read that book, because it goes through the ups and downs, the roller coaster moments that you have as an entrepreneur. And it's, yeah, it's important to know, like you can't get off the ride, right? But you're gonna, good times, you're gonna have, and you're gonna have good times and bad times, and just get through the bad times, it's okay. And just the last thing I wanna get from you is just as we close this off, is truth. Let's return back to our starting point, truth. What are the things that people should be holding onto in your mind that you should be thinking about? Because it goes back to this whole idea, this, we're adrift in a world where truth is escaping us at times. - Yeah. - The key things that you think people should be thinking about. - Well, it's interesting when you're in your intro, talking about all the deep fakes out there, all the problems with social media. And it's, I think the most important thing when you're looking at truth is, like we said before, take a step back, you don't get a question, if you start questioning everything, you're gonna go crazy, right? But take a step back, if you see something on social media that looks off, it probably is. Seek out reputable publications, reputable authors, reputable journalists, who are actually, they take pride in their work. They're reporting the truth as much. And that's the thing is, I think people give journalists too much of a hard time when they make mistakes, because they have to report on things as they happen. And that's what corrections are for, editors notes are for, right? So seek out respected journalists who are actually trying to report the truth and the facts as much as possible, not trying to spin things in a certain way. I know it's more difficult to find than ever, but to get to the truth, you also have to do your own research. You have to question, I think now, see more than ever on social media. It's rapid fire with things happening, right? And a lot of rumor and end-of-end-o-spreads and then people start believing it. But it's important to actually say, okay, is that really coming from reputable source? Where is that coming from? And then with the deep fake videos, it was good to see that open AI is not gonna allow Sora to do those things anymore. That was getting, that's a kind of a dangerous thing where the AI technology's gotten so good that you can't tell the difference anymore. It's very difficult to tell the difference without that watermark, very difficult to tell the difference. But what I noticed was my friends would share videos and they wouldn't even see the watermark. And I had to say to them, boom, that's not real. You know that, right? And people are just, they're in their phones, and just grab my phone, they're in their phones and they're doom scrolling and take a break. Take a break from that because the world's not that bad, right? The truth out there, it is out there. If you do your own, if you take a step back and do your own research and question things, but don't go crazy thinking that everything is a conspiracy theory, right? Some things are, right? Some things are, there are a lot of stuff on social media is, but if seek out reputable people who report on the truth, right, as much as they possibly can. - Rob, this has been fantastic. - Thanks, I know I read. - We've had a lot of wandering conversation but it's been great. But I hope people will draw the parallels to things that they can take back to the security environment. And I think-- - Absolutely. - Because we are all people. And that really what I sound like, we are the world, I was saying, for the song here or something. But it is, this is, it's the technical parts, the cost of admission. It being able to deal with people and the issues that come up from that or probably, that's where you get the excellence. - Yes, yeah, it's in your right. - And Jim, I really appreciate it. Thank you, thank you so much for having me. This was a great conversation. - You're coming on here, this program to announce your product. First announcement happens here. - Well, yeah, this is when we were still, we're still on stealth, but yeah, this is actually-- - When you come out of stealth though, you come in here, right? - First, this is the first podcast we've done as a company, correct. - Okay, yeah. Nice to meet you and say hi to your partner for me and enjoy being at home for a while. - Thanks, Jim, I appreciate it. - Take care. Bye. - Bye. - And that's our show. We'd like to thank Meteor for their support in bringing you this podcast. Meteor delivers full stack networking infrastructure wired, wireless, and cellular to leading enterprises. Working with their partners, Meteor designs, deploys, and manages everything required to get performant, reliable, and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments, and run support. It's a single integrated solution that scales from branch offices, warehouses, and large campuses all the way to data centers. Book a demo at meter.com/cst. That's m-e-t-e-r.com/cst. I'm your host, Jim Love. Thanks for listening. (upbeat music)