October 3, 2023 • 60 mins
This week's guest is Shashank Tiwari, a seasoned engineer and product leader who started with algorithmic systems of Wall Street before becoming Co-founder & CEO of Uno.ai, a pathbreaking autonomous security company. He started with algorithmic systems on Wall Street and then transitioned to building Silicon Valley startups, including previous stints at Nutanix, Elementum, Medallia, & StackRox. In this conversation, we discuss ML/AI, large language models (LLMs), temporal knowledge graphs, causal discovery inference models, and the Generative AI design & architectural choices that affect privacy.
Topics Covered:
- Shashank describes his origin story, how he became interested in security, privacy, & AI while working on Wall Street; & what motivated him to found Uno
- The benefits to using "temporal knowledge graphs," and how knowledge graphs are used with LLMs to create a "causal discovery inference model" to prevent privacy problems
- The explosive growth of Generative AI, it's impact on the privacy and confidentiality of sensitive and personal data, & why a rushed approach could result in mistakes and societal harm
- Architectural privacy and security considerations for: 1) leveraging Generative AI, and those to avoid certain mechanisms at all costs; 2) verifying, assuring, & testing against "trustful data" rather than "derived data;" and 3) thwarting common Generative AI attack vectors
- Shashank's predictions for Enterprise adoption of Generative AI over the next several years
- Shashank's thoughts on proposed and future AI-related legislation may affect the Generative AI market overall and Enterprise adoption more specifically
- Shashank's thoughts on the development of AI standards across tech stacks
Resources Mentioned:
- Check out episode S2E29: Synthetic Data in AI: Challenges, Techniques & Use Cases with Andrew Clark and Sid Mangalik (Monitaur.ai)
Guest Info:
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Shashank Tiwari (00:01):
The idea is, at least in my mind, that until
this technology matures anduntil there is a good
understanding of how we canpartition it, stay away from
putting any confidential datawhatsoever on those public LLMs.
It's an absolute no-no.
The same way that you wouldhave absolute controls over
confidential data today notbeing put in certain places or
(00:22):
sitting out there in plain textunencrypted.
So, the same kind of policy,that same kind of rigor needs to
be applied, I think, from astandpoint of making these onto
the public LLMs.
So that's definitely one goodarchitecture principle I would
say one should start with.
Debra J Farber (00:40):
Welcome everyone to Shifting Privacy Left.
I'm your host and residentprivacy guru, Debra J Farber.
Today I'm delighted to welcomemy next guest, Shashank Tawari,
Co-founder and CEO of Uno, apath-breaking autonomous
security company.
He started with algorithmicsystems on Wall Street and then
(01:01):
transitioned to building SiliconValley startups, including
previous stints at Nutanix,Elementum, Medallia, and
StackRox.
As a seasoned engineering andproduct leader, Shashank builds
highly scalable systems andhigh-performing teams.
He has keen interest andexpertise in a number of very
(01:22):
disciplines.
That includes cybersecurity,artificial intelligence,
mathematics, investment analysis, trading, law, marketing, and
accounting.
Today, we're going to talkabout machine learning and AI,
large language models, temporalknowledge graphs, causal
(01:43):
discovery, and the design andarchitectural choices that
affect privacy.
Welcome,
Shashank Tiwari (01:50):
Thank you for having me, Debra.
I'm very glad to be here onyour fantastic podcast.
Debra J Farber (01:55):
Thank you so much.
To open up this discussion, whydon't you tell us about your
origin story?
How did you get interested insecurity, privacy, and AI; and,
what led you to found Uno?
Shashank Tiwari (02:07):
Yeah, absolutely.
I think.
For me, as for many peoplewho've been two decades and more
, a lot of this wasserendipitous and natural, if
you may, as we started buildingsystems for the internet, as we
started building the modernstack.
My first encounter, or my firstreal work in the area of
(02:28):
privacy and security, reallystarted almost two decades back
when I was still back in WallStreet working on, as you
included as part of myintroduction, algorithmic
systems up there.
The stacks looked verydifferent.
It was a data center- drivenworld, but there was certainly a
very high awareness and a veryimportant part of the strategy
(02:49):
to make everything securebecause security mattered.
Security mattered, of course,from a standpoint of how we see
today in terms of unauthorizedaccess and breaches, but also
from an IP standpoint, that wehad our own intellectual
property and that nobody elsegot hold of that.
That's where I first starteddabbling with it.
Back in those days, we had farfewer tools.
(03:10):
The world looked much, I wouldsay, simpler to an extent, even
from an attack surfacestandpoint.
The privacy nightmare that hasbeen, I would say, unfurled with
the rise of social media andthe now AI didn't exist.
Privacy in those days was allabout making sure you had the
right controls and the rightlevel of access and encryption
(03:30):
and other few things to keep itall secure and nicely tied up.
That's where I started.
As I started building more andmore technology-centric
companies and started looking atthe core layers of data, the
core layers of intelligencebeing the foundation for many of
these companies, security andprivacy played a very important
part; because wherever there isdata, there is the aspect of
(03:52):
security and privacy.
That's my background, if youmay, of how I segued into the
space and grew into it over theyears.
More specifically, in terms ofUno, we got started about a
couple of years back.
In fact, this October, we'llcelebrate exactly our second
birthday as a company.
Of course, this company wasborn out of our experiences from
prior companies, includingStackRox, where I ran
(04:15):
engineering for a bit; and then,of course, other places where
we had built a lot of scalable,secure platforms.
Those certainly played into thepuzzle.
Of course, the timing was right.
Certain technologies andcertain things become available
at certain points in time intheir evolution and it was just
the AI moment and problems thatwe had been wanting to solve for
a long time appeared moresolvable.
(04:37):
That's when we got going.
That's really the story behindUno.
In the two years, it's been alot of fun, lots of learning and
lots of contribution back tothis community.
Debra J Farber (04:47):
Awesome.
I know that you are using somereally interesting technologies.
Can you talk to us about whatis a "temporal knowledge graph?
" How is that used with LLMs tocreate what you call causal
discovery?
How can this be helpful toprivacy?
I know I'm just throwing awhole bunch of terms out there,
(05:10):
but maybe you can thread thosetogether and give us an overview
.
Shashank Tiwari (05:14):
Indeed, LLMs or large language models, of
course have become commonlyknown, and credit goes to Chat
GPT for democratizing it, atleast for people who are
non-technical and people who arenot deep in this privacy /
security puzzle.
Everyone's heard of it.
Yes, everyone's very enamoredby the fact that machines have
become smart enough to holdintelligible conversations with
(05:37):
humans and appear like it's ahuman across the buyer.
That is something that I thinkwe are getting very familiar
with across board.
There's power in thattechnology, because that
technology can end up doingthings that we as humans do
today, including a large part ofthe puzzle that is either very
mundane or is difficult to dobecause it involves a lot of
(05:58):
effort or plowing through verylarge amounts of data - things
like summarization, orgenerating stories, or
extracting the meaning out ofparagraphs, or reading documents
for us and telling us what thegist of it is.
Then, of course, also askingquestions and then having a
meaningful conversation.
All of this the language modelsprovide, which is fantastic,
(06:19):
and we certainly use that as apart of our stack as well at Uno
.
The problem, though, is whenyou start working with serious
enterprise- grade technology,especially as it relates to
security and privacy andinfrastructure the world that we
live in.
There's a problem that thelanguage models pose, which is a
serious one.
That is really bordered aroundthe fact that, as intelligible
(06:42):
as it sounds, it's not really anintelligent machine.
It's not a thinking machine andit makes things up.
There's a lot of talk aboutthat.
There is, of course, the word"hallucination that is being
used to summarize that wholeproblem space, where the
language model pretends to knowand speaks with confidence, but
in reality what it's saying isactually untrue or complete
(07:04):
fiction.
This is good when you're doingcreative stuff and writing new
stories, but it's extremelydangerous when you are doing
some enterprise- grade decisionmaking, especially as it relates
, as I mentioned, to security,the works.
In that realm.
You will need to temper thatdown with some state of reality.
You need to bring in a state ofreality that can be enmeshed
(07:26):
and mixed with these languagemodels and somehow get the best
of both.
That's where we came up withthis interesting innovation,
which of course builds on yearsof work that lots of people have
done over the years to extendthis concept of knowledge graphs
.
Knowledge graphs by themselvesare not new.
Knowledge graphs have been inacademia and in research for a
(07:47):
long time, for a couple ofdecades at least.
They were originally usedlargely to represent things -
concepts that we as humans knowand the relationship between
those concepts.
Essentially, if you had PersonA and Person B and Person A and
Person B were friends, thatnotion could be captured in a
knowledge graph.
(08:07):
If Person A lived in a certaincity, well, that could also be
modeled in a knowledge graph.
If the Person A had alsocertain sets of choices or
certain kinds of behavioraltraits, those could also be
thrown in.
Essentially, knowledge graphwas looked at as a way to
abstract and encapsulate humanknowledge.
That's where the word knowledgegraph comes from, of course,
(08:28):
because it embeds relationshipsbetween things - the word 'graph
.
' That's where the origin ofthat idea is.
When you relate it back tosystems and the stack and, again
, concerns about security andprivacy, one of the realities we
live in is that no threat, noattack really is just a point in
time activity.
(08:48):
There's nothing that happens atthe very moment and there is
nothing before and after that.
There is no such thing.
If you start looking at most ofthese privacy and security
concerns, it's almost likeunfolding of a story.
There is either a deliberate orinadvertent activity or action
that occurs that leads to somesort of an effect.
(09:09):
That effect leads to either acompromise or some sort of an
exfiltration and so on and soforth, but in any case it's
usually over a time window.
It's almost as if the story hasa beginning, and then the
middle where all the activityhappens, and then an end and an
unfortunate end sometimes wherethe data is leaked or the
privacy is compromised.
(09:30):
And so, from our standpoint,when we started piecing that
part of the puzzle, theimportant piece that we really
kind of thought of early, and Ithink it's very pertinent, was
that we need some sort of a timemachine.
We need a concept which is notjust point- in- time, but
something that we can walk backin time, walk forward in time,
and reason through time.
So, we need to capture almostlike in time windows and think
(09:52):
of it in terms of our temporaldimension: where we started, how
it's evolved, where is itheaded, and then, of course,
even reason through it from"what if?
Standpoint of "where could itgo.
And again, we're talkingsecurity / privacy, so of course
we'll overlay this withconstructs that are familiar in
security engineering and privacyengineering and then kind of
predict what the outcomes couldbe like or what the effectors
(10:14):
could be.
So, all of this getsencapsulated essentially - the
concept of the knowledge and thetime machine into this temporal
knowledge graph that we havebuilt - and we've set up a
patent- pending on it and abunch of other work,
intellectual property work thatwe have done around it.
We, of course, want todemocratize and take this
forward and have the world takeadvantage of this because we
feel that technology is verypowerful, the construct is very
(10:37):
interesting, and very applicablefor the world that we live in.
Now, last but not the least,there is the third aspect, which
is of "causal discovery.
" So, we already sort of coveredthe beauty of the language
models (the LLMs), talked aboutthe temporal knowledge graph;
now, there is one reality,though, which is sort of
interesting to think about,especially in the world of,
(10:58):
again, breaches, compromises,exploits, and any kind of
security or privacy-centricstudy.
You could not run it reallylike an experiment; and what I
mean by that is if you have tointroduce a new drug in the
market - and I'm just shiftinggears a little bit and giving an
example because I thinksometimes examples make things a
(11:18):
little more tangible, if youmay - so if you are introducing
a new drug, you can conduct verycontrolled experiments.
You can figure out what thedrug does.
You can have a small sample.
You have a control sample.
And then, you can study how thedrug behaves and, of course, if
it meets the success criteria;and if it meets the parameters
that one is expecting, youessentially approve it and then
(11:40):
it becomes generally available,and then the whole masses, the
population, can take advantageof that drug.
Now, unfortunately, when youlook at that sort of a model,
which is called a causalinference model - where you're
actually deliberately affectingand then studying what is the
impact of those effectors - thatcannot be applied in a world of
cyber and privacy.
(12:01):
Not always, sometimes you canin terms of "what if?
Analysis, but definitely youcannot apply that post-facto
because the activity has alreadyoccurred.
So it's not like you couldrecreate the activity or go and
conduct the hack yourself.
Of course you do, sometimes incontrolled environments, with
pen testing and red teaming andthose kinds of activities, but
most often than not you areessentially given a post-facto
(12:22):
report and then you have to goand thread the needle there and
figure out what may have beenthe reasons behind it.
What's the root cause?
What caused it?
How did it start?
So, you know, this is a veryclassic problem in research
about what is called causaldiscovery, where the idea is
that you should be able to seesomething and then thread back
the needle and figure out what'sthe root cause behind it.
(12:43):
So, that problem space is verypertinent in the world that we
live in.
And, we kind of bring in thesethree ideas together: 1) large
language models; 2) the temporalknowledge graph that I just
spoke about; and then, of course3) the concept of discovering
root cause by observing, if youmay, the causal discovery piece.
We combine these three thingsand, you know, try and solve the
problems in the world ofprivacy and security.
(13:03):
So that's what we do.
Debra J Farber (13:05):
Wow, that definitely sounds like a lot of
new technology put together tosolve some age old problems.
I'm excited to hear about that.
How do you think, moregenerally, that this explosive
growth of AI and LLMs (so,generative AI) has impacted
privacy and confidentiality?
Shashank Tiwari (13:27):
Yeah, that's a very important discussion that I
think is happening acrosscompanies and across thought
leaders today.
You make a fantastic point, youknow, and if I were to sort of
respond to your point, I thinkthere are two parts of it.
One is that, yes, there is amassive rise of Gen AI, which
means that people will take itplaces.
They will use it in variousdifferent ways that we don't
(13:48):
know what it would mean in termsof implications and
confidentiality and privacy.
And then, the second part ofthe puzzle is there are some
pieces of that, or some evidencealready out there, where it's
becoming very clear that if wedon't have a good thoughtful
approach to it, we could end upmaking mistakes that could be
very expensive.
(14:08):
That could really cost us a lotas a society at large.
Now, to give you a littlecomplexity - you know the scope
of complexity involved here,Debra - and if you start looking
at the world of AI, the worldof AI and largely the world of
language models, which is whereGen AI is kind of sprouting from
, relies a lot on what I wouldcall, broadly, a ton of black
(14:32):
box constructs.
So, there are a lot of theseneural networks.
There are a lot of theseabstractions.
There are a lot of thesebillions of passes and you may
have heard these numbers beingthrown around, that you know
so-and-so is a 40 billion modelor a 60 billion model or a 100
billion model or what have you.
But, in other words, what it'sreally saying is, in very simple
words, is that it's to a pointof complexity and to a point of
(14:54):
iteration where it has become ablack box, where walking back
from it and trying to understandhow and why it's doing what
it's doing is non-trivial.
It's a very complex problem.
So, when you look at thatcomplex technology, which also
is sort of a black box by design, I think it poses some
fundamental challenges from astandpoint of "hat if I made a
(15:16):
mistake?
Right?
So, for example, what if somedata was leaked inadvertently
out there?
Right Like, not intentionally,not from a hack standpoint, but
somebody - just some benign funwith the technology - ended up
leading to the passing of someconfidential data or some
important private data onto thatlarge black box.
Can you actually extract thatout and can you delete it from
(15:40):
it?
That's the next questionbecause that's what happens in
normal life.
If, for some reason, you spillout something by mistake, well,
you quickly try to find tracesof that and you're trying to
erase that and delete it; andI'm talking about more of a
remediation from an inadvertentcase as a starting point.
Now, even something like that,which is fairly straightforward
in a normal case, is actuallyvery complex in the world of AI
(16:01):
because you would not be able tofind where it has gone, where
all it has mixed in, and youknow what has happened with that
data set that got leaked.
In fact, there's an analogythat I like to draw, and I think
in my head that's actually agood analogy to think of, and it
comes to something like themodern AI technology is like if
you took a glass of water andyou walk down to the Pacific
(16:22):
Coast and any of the lovelybeaches that you know we all
live close enough to, and thenwe take that glass of water and
pour it into the ocean, and then, a few minutes later we said,
"Well, I need to find the waterfor my glass of water in the
Pacific Ocean.
Right, and that's an impossibleproblem.
Right, like there is no way foranyone to go and figure that
out.
It's all mixed in, it's becomethe Pacific Ocean right, like
(16:44):
your glass of water has lost itsidentity and it's enmeshed in
it and it's you know, it's allwater right.
And so, in some sense, theproblem space is like that in
terms of data leakage onto AI.
You know, if your data hasleaked onto some sort of a
public LLM model, it's verydifficult to trace it; it's very
difficult to retract; it's verydifficult to take that out
(17:08):
right.
So, that's one humongousproblem that you know we are
living with now, which meanswe've got to find ways, we've
got to find mechanisms thatfirst we avoid at all costs -
which again, by itself, is ahumongous challenge because of
course you could have controlsaround deliberate pieces
potentially, but inadvertentmistakes do happen.
(17:28):
So, even that part of thepuzzle is vulnerable to an
extent, and so that's one bigpart of the problem around
privacy and confidentiality.
The second big part of thepiece, which I think is being
talked about quite a bit borderson what you would call trust.
This kind of relates back tohallucination and made- up
things as your reality and thenmade- up things get mixed with
(17:52):
each other; and as more and moredata is generated using AI, I
think it raises the second-level, second-order complexity, of
which one is truthful data witha source that I can attribute
and go back to and make surethat it's valid and truthful and
makes sense and I can rely onversus something that's derived
(18:12):
data and perhaps even completelyfictitious like the so-called
"alternate facts, if you may,that have become part of the
facts, right.
So that's another part of theproblem that becomes very
complex from a privacy, identity, confidentiality, fidelity
standpoint, because you mightstart seeing in the future
people's identities orinformation or very critical
(18:35):
sort of private facts beingessentially mutated and
mutilated, right, and then itwould be very difficult to then
thread it back and evenreconcile and say, hey, which
one is the made up, nonsensicalone and which one is the actual
stuff.
So I think that's another bigchallenge as professionals, we
sort of live with every day.
And then, there is a third partof it, and of course I could
(18:58):
keep rattling off many of thembecause there are quite a few
and many more emerging.
But the third other big part ofthe puzzle, which is the newer
attack vectors that becomepossible with these sort of
GenAI-type technology, and someof it is being talked about.
I think there is a lot ofconversation around malware that
you can quickly create.
(19:18):
There's also talked about theold type of attacks in this new
world, like the sort of cousinsof SQL injection becoming prompt
injection in the world of LLMsand things like those that we
are certainly talking about.
But, I think it also poses abunch of other important
dimensions around access control, around encrypted data sets,
(19:42):
around how do you make sure thatyou keep certain things
partitioned - because that'swhat keeps the confidentiality
of that particular data set, andthen of course, also evolution
of that data set.
So, I think there are a ton ofchallenges.
AI is, I would say, the newpiece that will keep us very
busy, both from a standpoint ofpolicy and also from a
standpoint of controls and howwe approach it over the next few
(20:04):
years.
Debra J Farber (20:06):
That's really interesting, and you're really
highlighting a lot of thecomplexities of the current
outstanding questions of the day, where everyone's trying to
implement generative AI intotheir products across the world
right now and there's stillregulatory uncertainties,
policies that need to be put inplace, controls, like you said.
(20:27):
So, I'm going to read back toyou the highlights - you
mentioned three separate areasof complexity that are creating
challenges in this space - andmaybe you could then tell us a
little bit about how you wouldsuggest that developers and
architects approach thesechallenges.
What kind of design choices andarchitectural choices and
(20:52):
trade-offs there might be.
Does that sound good to you?
Shashank Tiwari (20:56):
Absolutely.
Yeah, let's do it.
Debra J Farber (20:58):
Okay, great.
You talked about mechanisms toavoid at all costs and you gave
some examples.
What kind of, I would thinkhere, architectural choices are
you thinking about when you sayyou want to avoid certain
mechanisms at all costs?
I'm assuming here you'retalking about protecting privacy
and confidentiality of personaldata.
Shashank Tiwari (21:19):
Indeed.
Yeah, yeah.
Of course, this is an ideal wayof looking at it, and one would
have to come up with variantsof it, which are a little bit
more practical, becauseobviously people will make
mistakes and things will happen.
Bottom line is that I think, ifyou have a certain highly
confidential data set, the onesthat you are very sure as a
(21:39):
privacy engineer or as aprotector of those very valuable
assets that we cannot affordfor these to get compromised;
for example, in our context, inthe world that we all live in,
it could be as simple as socialsecurity data or health records,
or you could look at people'simportant financial trail data
(21:59):
or stuff like that, which isvery personal, which is very
confidential and which is alsovery private, and then, of
course, multiple other thingslike that.
I think my take there, from anarchitectural standpoint for
enterprises which want to takeadvantage of the new language
models and technologies is thatdefinitely there is one rule
they should follow straight outof the gate, which is do not mix
(22:23):
any of this extremelyconfidential data with public
LLMs.
Just keep it out.
Don't even think about having aguardrail and working with it.
There are a lot of proponents -I'll call them the modern AI
firewall for the lack of betterword - essentially creating
filters, creating certain kindsof brokers, if you may, in the
middle.
(22:43):
This is the technology which Iwould say resembles or looks
like what DLP technology, andCASB technology, and perhaps
even firewalls had, but ofcourse, translated into the
world of AI, so they look andsound different.
But, conceptually, they're kindof similar, where the idea is
that "on't worry, I'll have thissuper smart filter that is
(23:07):
going to somehow figure out thatthere are certain data sets
that are confidentiality, andI'll make sure and I'll protect
you from inadvertently orotherwise leaking this over to
the public LLM like Open AI, asan example, or by mistake
copying that into ChatGPT or oneof those types of problems that
we've been talking about quitea bit.
There are quite a few examplesof those also.
(23:27):
For example, I believe somedevelopers at Samsung by mistake
took their code through it inthere and then it became
publicly- accessible and they bymistake leaked their IP.
So, things like those.
I think the idea is, at leastin my mind, that until this
technology matures and untilthere is a good understanding of
how we can partition it, stayaway from putting any
(23:48):
confidential data whatsoever onthose public LLMs.
Just, it's an absolute no- no.
The same way that you wouldhave absolute controls over
confidential data today notbeing put in certain places or
sitting out there in plain textunencrypted.
So ,the same kind of policy,that same kind of rigor needs to
be applied, I think, from astandpoint of making these onto
the public LLMs.
(24:09):
That's definitely one goodarchitecture principle I would
say one should start with now.
The second piece is that ifcompanies and enterprises are
struggling with this dichotomyof, "Hey, I want to take
advantage of AI because AI canhelp me further my cause and,
you know, help my customersbetter, but at the same time,
I'm worried.
Worried about sort of leakingit out into the internet and
avoiding things at all costs.
(24:30):
I think you could look atalternatives.
You could certainly look atalternatives where you host and
manage your own private LLM.
There are options now.
You know, even a few monthsback that was a difficult one
and they want that many choices.
But today, you've got opensource LLMs, you've got self
hosted LLMs that, assumingyou've got GPUs and other sort
(24:51):
of underlying stack available,you could run it internally.
The cloud providers areproviding private partitions,
where Google and AWS and Azurethey all have ways where you can
run your own LLM boundaries,which is partitioned off from
the rest of the world.
I would say those arerelatively safer.
They're not 100% safe.
You could still run into sometrouble and you know we can
(25:14):
talk about that a little bit,but you know that's certainly
better than public LLM.
So, that's another option ifyou really want to go down the
path.
Tread it carefully.
But, architecturally look atsome sort of a self- hosted,
private, contained, or even ifthere's a third party provider,
they should be able to partitionthat off and provide that for
you.
Just as a case in point, that'swhat we do.
(25:34):
As you know, we work withbanking customers, regulated
entities, and that's an absolutepiece of decision that we made.
We don't send out any kind ofconfidential data or any kind of
data that even looksconfidential vaguely on to the
public LLMs.
We just keep out of it.
So, I think that's onearchitecture principle.
I would mention the second part.
(25:55):
I think there is also to makesure that you can abstract out
the data sets as much aspossible.
You know, this is not newtechnology; this is the old
technology of where you use somesort of obfuscation techniques
and privacy, or you know yousort of de- identified or
(26:15):
anonymize those kind of datasets and then use them for
something - for analytics, forexample, which is what a lot of
companies do today for dataanalytics.
I would say use the same kindof a puzzle.
You of course, might have thechallenge of losing some of the
meaning in language modelsbecause you may have abstracted
out to a point where it may not100% make sense to the language
(26:35):
models, but nonetheless, I thinkthat's a safer route.
Definitely have that as thefirst- level filter of
anonymizing, taking out theidentities, and then obfuscating
it as much as possible.
Then, maybe run abstractversions of it so that even if
some of that gets leaked out bymistake or you end up seeing
that out in public, nobody canreally relate it back or abuse
(26:57):
that potentially private data orthe source of private data.
So, I think those are some ofthe pieces architecturally I
think where we need to start.
I would also caution a littlebit to the folks: don't over
index on using accesscontrollers, some of these
modern AI filters or AIfirewalls type of technology
(27:18):
because they're all very new andit's a funny sort of
amplification problem.
LLMs and the technology aroundit, not just the LLMs, but you
could apply the same thing tovector databases or other kinds
of stack elements within thatworld are all evolving rapidly.
So, what we see of them, let'ssay, last month, and what we see
of them today, they're fairlydifferent.
(27:38):
Lot more features and thereforewith it lot more threat vectors
have been added and you know itwill continue to happen.
So it's a sort of the classiccatching up game that I think
many of these newer vendors willalso play for the foreseeable
future.
And so, I feel like, if you'reserious and you've got
confidential data, you should,you know, essentially take the
path of caution and tread it alittle carefully, and not get
(28:02):
over confident that "ey, there'sa particular technology that
seems to have solved this andover index on it.
That would be my take here froman architectural principle
standpoint.
Debra J Farber (28:12):
It's good advice that if something is new
technology, especially when itcomes to AI, that you really do
want it to be tested and battletested, I guess, before you
trust it within your ownorganization.
The next area that youmentioned that has a lot of
complexity was trust.
(28:33):
What advice would you give,what design choices, what
architectural approaches wouldyou recommend so that we can
better verify, assure, and testagainst trustful data?
How do we go about making datatrustful?
Shashank Tiwari (28:52):
It's a complex one.
It's a difficult problem.
If you look at the broaderspace of trust, I think that's
only become an amplified,complex problem across board.
Even before AI was becoming somuch of an important part of our
society.
We saw this conversation evensort of pop up in the world of
social media, and you know allthe content generated today
(29:13):
where we don't know what isbeing said or what is being put
out there is even real.
So, there's a lot ofconversation around it.
Of course, AI is generatingthings, content even in the
enterprise space and in the sortof critical application spaces,
which is sort of making itworse.
I think it all starts with,architecturally at least, two
things that I think you couldstart thinking about.
(29:34):
Again, much of this is going toevolve, but these, I think, at
least in my opinion, are theright ways to start looking at
it.
One is the parallel, or thegood old way of verifying any
content where you go back to thesource.
Right?
You relate it back to thesource and say, "well, let me
make sure, firstly, that itrelates back to something which
is, you know, a trustable source.
In a way, you are applying thetransitive relationship that if
(29:59):
the source is trustable, thecontent they have generated is
also trustworthy.
Right?
So, I think there's a littlebit of that where you could go
back to the source.
Now, going back to the sourceand the world of AI is
non-trivial.
You have a content out there onthe internet and if you cite
the source of where that is from, you could actually very
quickly walk back and check that.
(30:19):
In the case of AI, because it'sgenerated and meshed with some
data that comes from a specificsource and some that is
completely new, done by the AIengine, by Gen AI, it gets very
difficult to actually have thatvery clean traceability, very
clean provenance to the source.
So, this problem is beinglooked at.
(30:42):
Again, both industry andresearch is looking at it and
it's the whole space of what iscalled "Explainable AI.
This also coming up becausethere is a ton of debate in
society around fairness and biasin the world of AI, and there
have been cases where theautomated intelligence systems
powered by AI have madedecisions that have baffled
(31:03):
people.
For example, I think there wasone case, if I have my memory
serves me right, where husbandand wife applied for the same
card to a particular bank.
One was approved, one wasrejected, and then later it was
kind of traced back to say itwas probably a bias against
women.
There was another one where Ithink Google was doing something
in imagine.
(31:23):
It started showing certainkinds of images for certain
racial profiles, which was justessentially not only
inappropriate, but at the sametime, the technology became
untrustworthy.
So, there is a lot of that, Iwould say, more alarming
examples that are coming up.
And so, people are talkingabout how do we go back and
measure the fairness?
How do we go back and measurethe biases, which again relates
back to the same problem (31:46):
the fidelity of the information.
What's the source?
What caused it to generate whatit generated?
So, certainly, I think, keepyour eyes out for this
explainable AI bit.
There are a few open source anda few other frameworks that are
emerging.
I'm pretty confident that we'llsee a lot more companies emerge
in this space over a period oftime, and then, of course,
(32:07):
existing AI providers, vendors,platforms, will also want to
bake this into their mix.
So that's one way sort oflooking at trust.
The second way of looking attrust - which is a tricky one,
but still nonetheless animportant one and certainly can
come handy sometimes - islooking at the ramifications of
that information.
So, I would give an examplewhich is more close home.
(32:28):
Say, if you just went today tothe language model and you went
and asked a simple question, say, "Hey, which is the most
critical vulnerability that canbe exploited between so and so
date?
" the language model, in mostcases, most language models will
come back and give you ananswer very confidently.
They'll say, yeah, it is thisCVE.
Blah, blah, blah, it wasexploited here.
(32:49):
You know, here's the fix, thisis what you should do.
And then, when you look at it,you will feel like, yeah, this
is very actionable and this isso smart, this is so great.
The reality, though, is often,when you dig a little deeper and
double click into it, you'llrealize that, "actually, there's
a lot of inaccuracy in thatinformation.
For example, I saw once when Iwas playing with it, that one of
(33:11):
these LLMs claimed was the mostcritical vulnerability was not
even a critical severityvulnerability.
It was actually a mediumseverity and there was no fix
available for it.
So, you will see all thesekinds of things kind of emerge
that will sound very confident,but you know they aren't.
So thereby, my sort of way ofapproaching that is that I
think, as humans, we need torely on human judgment and
(33:31):
reinforcement loops.
We need to have a seconddataset if you may have some
form, which is where, forexample, in our world, we try to
supplement that with KnowledgeGraph and other things.
But, there are other ways alsoof supplementing it.
There's a whole world today thatis called Retrieval, Augmented,
or Grounded Generation type oftechnique where the idea is I
look at a second source; I lookat a third source; and I try to
(33:53):
make sure that those two / threesources agree with each other -
that there's some sort of aconsensus among them and they're
saying the same thing.
So, I think that might behelpful as well, like that's the
second approach that I thinkmost architectural decision
makers should certainly consider, where they can look at
alternative sources and thenmake sure that all these two /
(34:14):
three different ways lead to thesame path or at least an
adjacent path.
Having said that, I do want tosay again something looking out
a little bit, sort of a crystalball - this might get more
difficult over a period of timebecause as we'll have a larger
proportion of generated data asopposed to real organic data;
(34:34):
and I believe there are someresearch and some numbers out
there which is saying that it'sgoing to outnumber by a few
multiples.
So, 5 years, 10 years, fastforward, we might have actually
5 times or 10 times moregenerated data than real data;
and so, in that case, I thinkreconciling and using some of
these techniques is going tobecome even more challenging
(34:55):
because there's just so muchgenerated data.
Even the tracing back of thesource of a generated data might
lead to data, generated dataand so I think walking back,
that would become an extremelydifficult problem, down to the
provenance of it.
Debra J Farber (35:09):
Yes, in fact, last week's episode actually
deals a lot with that exacttopic and we cover synthetic
data and some of the challengesof training LLMs on that
synthetic data for the exactchallenges that you were
highlighting there.
So, if people want to learnmore, maybe check out that
episode.
The last area of complexitythat you would originally
(35:31):
mentioned was that there areGenerative AI, a new technology
being deployed, that there arenow new attack vectors.
So, maybe you could talk alittle bit more in depthly there
about a few of those vectors.
You mentioned prompt injectionswith LLMs and access controls
around encrypted data sets andsome others.
(35:54):
Whatever comes to your mind,what are some of the design
decisions and architecturaldecisions that you would want to
highlight in order to preventcompromise of data through these
attack vectors?
Shashank Tiwari (36:08):
Yeah, yeah, absolutely.
I think if you look at attackvectors, as I was saying earlier
, I think we are still in theearly innings of that.
So, you're going to see a lotof evolution of that attacks -
attack vectors and attack types- similar to how we've seen in
almost every other technologystack; and I would draw a
parallel, like, if you went back2009 or 2010 timeframe, there
(36:29):
were certain ways of attackingthe cloud or certain ways that
you would be worried aboutprotecting the cloud.
Fast forward, you know, 10, 12years or so, it's a very wide
variety of attacks that arepossible on the cloud, and that
has, in fact, also led to theemergence of a lot of different
categories and ways of defendingand ways of attacking and so on
and so forth.
So, I think AI will go throughthat evolution as well, and
(36:51):
perhaps even more, because it'sa whole completely new, unknown
space within the attack vectors.
Firstly, just from an attackvector standpoint, there are, in
my mind, loosely put, twoclasses of attack vectors.
One is what I would like tocall the garden variety type,
the attack vectors that we arefamiliar with.
Yes, they're dangerous, butthey're preventable.
(37:11):
We understand them.
Among those, I would put thingslike all these newer malware
that are being generated.
GenAI is kind of doing the workthat otherwise hackers would be
doing.
Sure enough, it's making thehackers more productive so they
can generate more malware at afaster rate.
But, at the end of the day,it's malware.
And, at the end of the day, youwould do the same things you
(37:31):
would do to prevent malware?
So, there is that, the way toapproach it.
Similarly, if you start lookingat prompt injection, prompt
injection is a serious problembecause we're still trying to
unearth the power of the prompt,if you may, which is nothing
but basically inputs of thenumber of text or tokens that we
send into a particular languagemodel.
And then, of course, the basisthat the language model comes
(37:52):
back and, you know, doeswonderful things.
And so, if you send in datathat can make it behave in funny
ways or do things that youdon't want it to do, well, you
can cut up the system and youcan take it to your advantage,
similar to how you could dothings like protocol stuffing or
SQL injection, where the intentwasn't that of the maker, but
(38:12):
you know a hacker could abusethat and take advantage of it.
So, we have the same kind of achallenge there - prompt
injection as well - and thereare a few more like that around
access control.
Then, of course, we alreadydiscussed the data leak kind of
problems that can happen.
So, for these - I'm not tryingto trivialize anything, but I
would still like to call them -"the garden variety problems in
(38:33):
security and privacy, becausethese are known, we have
understood it as professionals,there are tools and checks and
balances, at least at a broaderlevel, that are available, and
we'll adapt them and create newones for AI.
So, there is that segment.
As with every other privacy andsecurity concern, I think it
starts with basic hygiene.
So, make sure that you have theright controls; make sure you
(38:56):
validate things; make sure youhave the right protections, as
you would do with a normal casewith malware or any injection
technique.
And, for the most part, I thinkyou would start heading in the
right direction; but nonetheless, I think you have to very
deliberately think about thosebecause you'll have to firstly
know about them right before youcan start protecting.
Now out of these attack vectors, there's also something to be
(39:17):
kept in mind that you will see alot more of these emerge.
Like I was saying earlier, whatwe are seeing is probably a
small subset of what we will see, even six months out or one
year out or two years out.
So, keep an eye out for it.
The most important part herewould be to stay educated, to
understand where this technologyis headed.
What kind of attacks are weseeing, learning from it and,
(39:37):
kind of adding controls to it.
Now, in this, some of theseattack vectors, there is also an
element of maturity of thetechnology or the controls that
we have.
So, for example, one classicproblem is a very simple, good,
old problem, but access control: fine-grained access control and (39:51):
undefined
vector databases.
That is still evolving.
It doesn't exist the way thatit's there in mature databases.
So, yes, it could also beabused and you could get hold of
certain parts of these vectorsets if you may.
That, in turn, could then beabused to do various kinds of
attacks, just as an example; andso, in that case you will also
(40:12):
see those vendors step up andstart adding those so-called
enterprise-grade features, whichare more baked, hardened things
that match the expectations ofthe fine-grained access control
and confidentiality, andprotections that we sort of
grown up with now with morestandard technology.
So that's one type of attacks.
And then the second type ofattacks, which is more dangerous
(40:34):
, and I think that these couldlead to some serious problems,
especially because, if you startlooking out - although we have
been talking about this inscience fiction, I don't think
we have really internalized itas society - is that the future
is going to have a lot ofintelligent systems around us
and we will start relyingheavily on it.
From the car we drive, to homeappliances, to machinery, to
(40:58):
even heavy industrial machinery,to the flights we take, to
systems that reconcile ourfinances, to things that protect
us, to things that purify ourwater for the city, to our
lighting system, all of theseare going to have an element of
AI in them.
They'll all be run by, ordecided by, systems that are
(41:19):
essentially some versions, someevolved version of AI that we
are already down the path on.
So, in that world where you areseeing this AI becoming sort of
part of society.
It becomes sort of an adjacentrobot next to us, and many of
them will be in the sense thatYou know the Terminator style,
(41:43):
if you may, but the reality isthere'll be fewer of those, but
there'll be the invisible typeof robots - smart robots that
will affect our lives every day.
For example, the switch thatwould be figuring out how much a
filtration should happen withthe water that comes in our taps
would probably be governed byAI, and we already headed in
that direction.
So, it's not the same as ahumanoid robot, but it's doing
(42:05):
some very critical pieces,because poisoning of water in a
city could be a war-skillproblem, and so things like
those, I think, are going to bea big problem.
Things like those is where theattack vectors get even more
interesting; and I think theattack vectors around that could
be in the form of modelpoisoning or adversaries really
bringing in data sets that veryslowly seeps into and kind of
(42:28):
pollutes the wholedecision-making matrix.
So now, you're looking at thesedrip feed model attacks, which
are difficult to detect,difficult to trace, and then
difficult to unwind once they'rebaked in into it.
Some of this has been discussedin this whole adversarial
machine learning concept a fewyears back.
But, I feel the real attacksare going to be way more
(42:51):
sophisticated, way more complexthan even some of the initial
theoretical modeling that manyof us have indulged in.
So I think, like that attackvector is serious, it's very big
and you know, unfortunatelyit's coming and I think we've
got to start getting ready forit.
Debra J Farber (43:04):
Oh, wow, okay.
Well, that's definitely a nice,scary exploration of all the
security problems with untestedAI systems that are going online
.
So, that actually brings up mynext question, which is where do
you see all this going?
I know you're looking at itfrom more of a potential threat
(43:26):
perspective, but if we'relooking at enterprises
specifically, how are theycurrently approaching at least
generative AI?
Obviously, AI has been aroundfor a long time, so I just want
to focus on generative AI forright now.
It looks like everybody andtheir mother is coming out with
the ability to integrategenerative AI into a lot of
(43:46):
services to help with creatingchatbots that make it easier for
humans to have more of aconversation level kind of
interface with their computers.
A lot of those companies seem tobe startups and have the
ability to be nimble and makesome bold choices, and if they
fail, they fail; if they win,they could really win.
But, what about enterprisesthat are a lot more conservative
(44:08):
about bringing in innovativenew technology without having
rigorous testing and validationand assurances?
Where do you see enterprisesright now and where do you see
them going in like two years?
Five years?
Shashank Tiwari (44:27):
Well, firstly, the excitement around Gen AI is
very high, and I think that is across board.
You see large enterprises,small startups, and everybody
else in the middle is talkingabout it, wanting to explore it,
wanting to get their hands onit.
I think, like most technologyover the last couple of decades,
(44:47):
it's probably being driven frompeople's experiences in the
consumer world.
So, just like we saw withmobile phones as an example,
first people started using thatfor their personal and fun
things and then eventuallycreeped it into the enterprise;
and then, in many cases, itbecame the primary way to access
certain kinds of things.
So, similarly, I think a lot offolks working across larger
(45:09):
traditional companies, mid-sizedcompanies, traditional sectors,
technology-centric sectors,government, and then the ones in
the startup world, are gettingtheir hands on it, or getting
exposed to it, through the sortof consumer-centric
conversations, starting, ofcourse - I have to give credit,
especially from a marketing andmessaging standpoint to ChatGPT
because it really became verycommonly known.
(45:31):
So, I think that, with thatlittle taste in their mouth, I
feel like the world is hungryfor it, and I see this in
conversations as well.
We as a company engage with alot of large banks, global 1000
companies, traditional sector,even government sector, and what
(45:52):
we are seeing is that there'sdefinitely a very active desire
and an active intent to gofigure out where they could use
Gen AI.
To an extent, I think manyleaders are also feeling like
the time is now and if they weretoo slow and if somehow they
did not have this is a part oftheir deliberate strategy over
the next few years, they wouldprobably be left behind.
(46:13):
So there's definitely a lot ofenergy around Gen AI now.
Whether that'll translate intoenterprise applications
wholesale migrating over to GenAI - just like you could argue
early 2000s where alltraditional client server and
desktop apps eventually madetheir way into web apps and
people stopped building desktopapps - in that big transition
(46:34):
will be seen over the next twoyears, five years, seven years,
more and more newer applications, or rather every newer
application in enterprise andevery existing application
becoming essentially an AI-powered application.
My hunch is likely "yes.
Now, what shape and form itwould come in, how fast it would
come.
I think we will see that.
You know that time will tell us, but certainly the wind is
(46:56):
blowing in that direction, andeverybody wants to sail in it,
right.
So I think, like that'sdefinitely very clear, very
apparent.
Now, what I would mention,though, is that I think, when it
comes to Gen AI, the world isnot evenly distributed, like
there are certain sectors thatare both super excited and also
very scared about it.
For example, those who arewriters and creatives, they love
(47:18):
the energy that Gen AI isbringing into the mix and the
companies around it, but they'realso feeling the competitive
pressure from that technology.
So, there is a little bit ofconflict going on in that space,
even enterprises in that space.
We might end up seeing thingslike editorial businesses, or
publications, or mediaproduction, filmmaking - those
(47:39):
guys will really feel the heatone way or the other, or they
would just take that technologyand unleash some newer kinds of
creativity.
So, both could happen.
They're certainly watching itclosely.
In the traditional sector, Ithink there are some areas which
is seeing a lot more traction.
For example, "hey, can I get asmart assistant to?
You know, give me goodfinancial advice?
(48:00):
Or, you know, can I, forexample, in the world of cyber
and privacy and security, whereone suffers from a lot of skill
gap.
Well, "can I bridge that skillgap by getting these smarts on
my side?
Or those companies that arelooking at very large amounts of
data sets, "an I use AI to kindof munch through it and make
sense of it at a very fast pace?
So on so forth.
(48:20):
There's definitely a little bitmore, I would say, domain
specific use cases that has gotpeople more hooked onto it as
opposed to every sector, rightso there's certainly a little
bit of a you know, hotspotting,if you may, or you know areas
where AI or Gen AI is certainlyseeing more love than broadly,
but I think we'll see it.
We'll see it permeate and goacross sectors over the next few
(48:42):
years.
Now there's one part, though,that I wanna mention that
there's also a ton of hypearound Gen AI, right?
So, as it happens with mosttechnology, I do believe that it
is very promising, but at thispoint in time in history, it's
also a little oversold, and thatsometimes creates its own
problems where a lot of thebelievers have basically come
(49:02):
out with very strong projections, very strong sort of their own
crystal ball gazing andforesight and said, "eah, this
is gonna transform over the next24 months or, you know, next
five years, and this is what theworld is gonna look like, and,
you know, throw numbers aroundit and gotten the whole world
excited, which is cool, which isgreat;
but I do think that they wouldgo through its own trough of
(49:23):
discontentment and illusion, ifyou may, where companies might
not see the value realization asfast as it's promised, and then
you might see some pullback.
So, I think that will be partof this adoption curve, where
you will see a lot of peoplestep up very quickly, build a
lot of Gen AI poweredapplications, and then a few of
them get suspicious of the valueit actually brings to the table
(49:45):
and then kind of roll back alittle bit.
Then, there's gonna be a secondversion or second avatar of
this Gen AI movement, which willeventually then get everyone
towards that sort of overallsuccess.
So, that's at least the way Ikind of perceive this.
Debra J Farber (50:00):
So, that's a good jumping off point, I guess,
before we close, to ask youabout your feelings on
regulation then, becauseobviously there's gonna be
rounds of attempts at regulatingAI.
I also wanna throw out therethat there are plenty of laws on
the books that apply it AItoday.
It's just not specificallyabout AI, but it's not like
(50:21):
there's no laws.
There are plenty of laws, butaround maybe getting more
transparency, and fairness andgetting rid of bias, and you
know we're starting to see thisout of Europe, and rumblings of
legislation being proposed inthe U.
S.
But, do you think that's goingto be pushing the second hype
wave or the second wave ofgenerative AI companies as we
(50:42):
move on - that that'll beinfluenced by regulatory
requirements?
Shashank Tiwari (50:46):
100%.
I think regulation is gonna playa much bigger part than we
think in the world of AI, and Ithink you said it very well,
Debra.
Regulation is already here.
It's just that it's notspecifically worded for Gen AI,
but many existing regulationsapply to it as much as it
applies to a ton of othertechnologies out there.
So, I think there is going tobe some effort across board,
(51:08):
across enterprises, across thelegal sector, across the
regulators themselves, of tryingto firstly translate that to
the world of AI.
Because some things have beendrafted in the world of
traditional, more legacy systemsand you know just like they
were reworded and redrafted inthe world of the modern internet
and the mobile phone era.
They will need to be goingthrough a second iteration, if
(51:30):
you may, in the world of AI?
So, certainly there is that -existing regulations sort of
modifying for Gen AI.
Then, of course, on top of it,and especially as it relates to
privacy and confidentiality(which has been discussed quite
a bit), fairness, you knowthings of that nature, we are
going to see a mass of newerregulations as well.
(51:52):
Some addendums to what we haveand some completely new, fresh
ones.
EU, of course, is two stepsahead in regulation, and in fact
there's a little joke in thetechnology community that I
think they have learned toinnovate in regulation more than
anything else, in EU.
But, there is a little bit ofthat.
(52:13):
They put out the EU AI law, orsomething, I believe, which is
already out there I was, youknow, sifting through it; and
they've already started puttingsome guidelines, which I think
is great because the discussionstarted.
It's also a bit dangerousbecause it's early.
And then, of course, we haveour own Congress discussing some
of this very actively right,where they're having hearings;
(52:33):
they're getting imports; they'retrying to understand; they're
setting up committees to seewhere AI is headed, what are the
risks, what kind of regulationsare required.
I think there's going to be aculmination of that.
It's all going to come together.
My bet is 2024 or 25, you'llsee some big AI regulations come
.
The reason I also say 2024- 25is because, as it happens, we'll
(52:54):
go through our election cycleand then, as the new Congress
gets formed (either the same oneor some new version of it) they
will then want to go and putcertain newer laws together.
I have a feeling that AIregulation is also going to be
part of that puzzle.
But, we will end up seeing 2025for sure - some big AI
regulations coming in some formbecause it's so much in the
(53:16):
conversation.
I don't think they can justslip it under the rug or ignore
it.
So, I think that's definitelycoming.
Now, to your second part ofthat
I think it'll have ramificationson a couple of different fronts
.
One is that you know it willlead to maturity of the
technology and maturity of toolsand products in this space,
because they will be pressuredto, they'll be forced to rise up
(53:39):
to the occasion.
And then also, I think it willdrive awareness because once
people start spending time,energy, money on anything, they
become more aware.
Right?
I think that regulation will bethe forcing function where you
will start having conversationsin boardrooms and at the
operational level, and peoplestart figuring out how it
translates Similar to, in a veryorthogonal way,
I'll take an example.
The SEC came out with a verysimple ruling of "hey, if you
(54:02):
have a breach, you've got areport within four days or so,
right?
Like if it's a materialincident, as they have put it
out there.
And now suddenly everyone'stalking about incidents, you
know, and reporting, and MTTRs(i.
e.
, mean time to repair) and whathave you.
It's a conversation that wasn'thaving as much in the
boardrooms and with executives,but these days I speak to every
CISO, and it's on their mind.
Like everyone is talking aboutit.
(54:22):
So, same way, I think once theAI regulation comes in, you will
see everyone discussing andfiguring out the ramifications
of it.
For sure.
Debra J Farber (54:29):
Yeah, that makes a lot of sense.
I know we're already over time,but I feel like there's a
tangential question there aboutstandards.
Legislation is gonna be carvingout some of the things you
can't do or some of the thingsyou must do, but it doesn't give
you the pathway of gettingthere.
And it seems to me it makesgood sense, if you know
regulations coming, that thereshould be work done on different
(54:51):
standards for generative AItech stacks, I guess.
Are you aware of anythingthat's being worked on right now
?
Is that something that expertsin this space should have
already started on and they're alittle behind?
Or, are we right on time andthere's work being done that you
could report on for us?
What are your thoughts onstandards?
Shashank Tiwari (55:11):
Yeah, absolutely.
I think there is already abunch of that work underway and,
as I see it, the standards arecoming from two different
directions.
One, the open source communityand the sort of community- led
standards, which are being putout there.
Y ou're seeing that comethrough from various directions.
One is, of course, from asecurity threat standpoint, or
(55:31):
just identifying good bestpractices.
More recently, for example,OWASP has put out their own list
for LLMs.
Some of these bodies whichthink on the same lines, and
NIST and others also kind offormulating some.
So, you start seeing some ofthose standards come more
organically.
Definitely, I think that'shappening and some of them will
get formalized and be fairlywidely adopted over the next few
(55:53):
months, I would think.
So I think that's definitelyhappening.
Our second piece that I also seecoming - I haven't seen any
tangible discussion on that yet,but I'm 100% sure that it's
there somewhere behind thescenes - some work is going on
where you'll start seeing someof this creeping into the bigger
standards.
So, like the NIST standardsitself.
The NIST series of standardsthat are very important for
(56:16):
enterprises, or certainreporting standards kind of
pushed by the SEC, or you know,you'll start seeing, even in
terms of compliance frameworksor regulatory frameworks or best
practices.
Again, if a large number ofsystems are GenAI- powered
systems, well they couldn't bejust flying blind in that space.
They would have to have saysomething about it.
So, I think you would startseeing those creeping in,
(56:39):
perhaps as addendums, perhaps inthe next revisions you would
start seeing some of that flowin for sure.
Debra J Farber (56:45):
Well, thank you so much.
Any closing remarks before weclose up for today?
Shashank Tiwari (56:51):
Well, thank you for having me.
I really enjoyed theconversation.
Hope you did and hope theaudience likes it, too.
It's a new space, so I thinkthe only part I would say before
we close is that with any newthing, there is obviously risk
and danger, but there's also funand opportunity.
Being an entrepreneur, I'malways biased on fun and
opportunity.
So, I would say, go for it.
(57:12):
You know, go learn more.
Enjoy the GenAI as much as youstay cautious and stay aware.
Debra J Farber (57:18):
I think that's really good advice to give a
nice balance between skepticism,between being paranoid and
being innovative.
I think that's a great way toclose.
So, Shashank, thank you so muchfor joining us today on The
Shifting Privacy Left Podcast.
Until next Tuesday, everyone,when we'll be back with engaging
content and another great guest.
(57:38):
Thanks for joining us this weekon Shifting Privacy Left.
Make sure to visit our website,shiftingprivacyleft.
com, where you can subscribe toupdates so you'll never miss a
show.
While you're at it, if youfound this episode valuable, go
ahead and share it with a friend.
And, if you're an engineer whocares passionately about privacy
, check out Privado (57:59):
the developer-friendly privacy
platform and sponsor of thisshow.
To learn more, go to privado.
ai.
Be sure to tune in next Tuesdayfor a new episode.
Bye for now.
The idea is, at least in my mind, that until
this technology matures anduntil there is a good
understanding of how we canpartition it, stay away from
putting any confidential datawhatsoever on those public LLMs.
It's an absolute no-no.
The same way that you wouldhave absolute controls over
confidential data today notbeing put in certain places or
(00:22):
sitting out there in plain textunencrypted.
So, the same kind of policy,that same kind of rigor needs to
be applied, I think, from astandpoint of making these onto
the public LLMs.
So that's definitely one goodarchitecture principle I would
say one should start with.
Debra J Farber (00:40):
Welcome everyone to Shifting Privacy Left.
I'm your host and residentprivacy guru, Debra J Farber.
Today I'm delighted to welcomemy next guest, Shashank Tawari,
Co-founder and CEO of Uno, apath-breaking autonomous
security company.
He started with algorithmicsystems on Wall Street and then
(01:01):
transitioned to building SiliconValley startups, including
previous stints at Nutanix,Elementum, Medallia, and
StackRox.
As a seasoned engineering andproduct leader, Shashank builds
highly scalable systems andhigh-performing teams.
He has keen interest andexpertise in a number of very
(01:22):
disciplines.
That includes cybersecurity,artificial intelligence,
mathematics, investment analysis, trading, law, marketing, and
accounting.
Today, we're going to talkabout machine learning and AI,
large language models, temporalknowledge graphs, causal
(01:43):
discovery, and the design andarchitectural choices that
affect privacy.
Welcome,
Shashank Tiwari (01:50):
Thank you for having me, Debra.
I'm very glad to be here onyour fantastic podcast.
Debra J Farber (01:55):
Thank you so much.
To open up this discussion, whydon't you tell us about your
origin story?
How did you get interested insecurity, privacy, and AI; and,
what led you to found Uno?
Shashank Tiwari (02:07):
Yeah, absolutely.
I think.
For me, as for many peoplewho've been two decades and more
, a lot of this wasserendipitous and natural, if
you may, as we started buildingsystems for the internet, as we
started building the modernstack.
My first encounter, or my firstreal work in the area of
(02:28):
privacy and security, reallystarted almost two decades back
when I was still back in WallStreet working on, as you
included as part of myintroduction, algorithmic
systems up there.
The stacks looked verydifferent.
It was a data center- drivenworld, but there was certainly a
very high awareness and a veryimportant part of the strategy
(02:49):
to make everything securebecause security mattered.
Security mattered, of course,from a standpoint of how we see
today in terms of unauthorizedaccess and breaches, but also
from an IP standpoint, that wehad our own intellectual
property and that nobody elsegot hold of that.
That's where I first starteddabbling with it.
Back in those days, we had farfewer tools.
(03:10):
The world looked much, I wouldsay, simpler to an extent, even
from an attack surfacestandpoint.
The privacy nightmare that hasbeen, I would say, unfurled with
the rise of social media andthe now AI didn't exist.
Privacy in those days was allabout making sure you had the
right controls and the rightlevel of access and encryption
(03:30):
and other few things to keep itall secure and nicely tied up.
That's where I started.
As I started building more andmore technology-centric
companies and started looking atthe core layers of data, the
core layers of intelligencebeing the foundation for many of
these companies, security andprivacy played a very important
part; because wherever there isdata, there is the aspect of
(03:52):
security and privacy.
That's my background, if youmay, of how I segued into the
space and grew into it over theyears.
More specifically, in terms ofUno, we got started about a
couple of years back.
In fact, this October, we'llcelebrate exactly our second
birthday as a company.
Of course, this company wasborn out of our experiences from
prior companies, includingStackRox, where I ran
(04:15):
engineering for a bit; and then,of course, other places where
we had built a lot of scalable,secure platforms.
Those certainly played into thepuzzle.
Of course, the timing was right.
Certain technologies andcertain things become available
at certain points in time intheir evolution and it was just
the AI moment and problems thatwe had been wanting to solve for
a long time appeared moresolvable.
(04:37):
That's when we got going.
That's really the story behindUno.
In the two years, it's been alot of fun, lots of learning and
lots of contribution back tothis community.
Debra J Farber (04:47):
Awesome.
I know that you are using somereally interesting technologies.
Can you talk to us about whatis a "temporal knowledge graph?
" How is that used with LLMs tocreate what you call causal
discovery?
How can this be helpful toprivacy?
I know I'm just throwing awhole bunch of terms out there,
(05:10):
but maybe you can thread thosetogether and give us an overview
.
Shashank Tiwari (05:14):
Indeed, LLMs or large language models, of
course have become commonlyknown, and credit goes to Chat
GPT for democratizing it, atleast for people who are
non-technical and people who arenot deep in this privacy /
security puzzle.
Everyone's heard of it.
Yes, everyone's very enamoredby the fact that machines have
become smart enough to holdintelligible conversations with
(05:37):
humans and appear like it's ahuman across the buyer.
That is something that I thinkwe are getting very familiar
with across board.
There's power in thattechnology, because that
technology can end up doingthings that we as humans do
today, including a large part ofthe puzzle that is either very
mundane or is difficult to dobecause it involves a lot of
(05:58):
effort or plowing through verylarge amounts of data - things
like summarization, orgenerating stories, or
extracting the meaning out ofparagraphs, or reading documents
for us and telling us what thegist of it is.
Then, of course, also askingquestions and then having a
meaningful conversation.
All of this the language modelsprovide, which is fantastic,
(06:19):
and we certainly use that as apart of our stack as well at Uno
.
The problem, though, is whenyou start working with serious
enterprise- grade technology,especially as it relates to
security and privacy andinfrastructure the world that we
live in.
There's a problem that thelanguage models pose, which is a
serious one.
That is really bordered aroundthe fact that, as intelligible
(06:42):
as it sounds, it's not really anintelligent machine.
It's not a thinking machine andit makes things up.
There's a lot of talk aboutthat.
There is, of course, the word"hallucination that is being
used to summarize that wholeproblem space, where the
language model pretends to knowand speaks with confidence, but
in reality what it's saying isactually untrue or complete
(07:04):
fiction.
This is good when you're doingcreative stuff and writing new
stories, but it's extremelydangerous when you are doing
some enterprise- grade decisionmaking, especially as it relates
, as I mentioned, to security,the works.
In that realm.
You will need to temper thatdown with some state of reality.
You need to bring in a state ofreality that can be enmeshed
(07:26):
and mixed with these languagemodels and somehow get the best
of both.
That's where we came up withthis interesting innovation,
which of course builds on yearsof work that lots of people have
done over the years to extendthis concept of knowledge graphs
.
Knowledge graphs by themselvesare not new.
Knowledge graphs have been inacademia and in research for a
(07:47):
long time, for a couple ofdecades at least.
They were originally usedlargely to represent things -
concepts that we as humans knowand the relationship between
those concepts.
Essentially, if you had PersonA and Person B and Person A and
Person B were friends, thatnotion could be captured in a
knowledge graph.
(08:07):
If Person A lived in a certaincity, well, that could also be
modeled in a knowledge graph.
If the Person A had alsocertain sets of choices or
certain kinds of behavioraltraits, those could also be
thrown in.
Essentially, knowledge graphwas looked at as a way to
abstract and encapsulate humanknowledge.
That's where the word knowledgegraph comes from, of course,
(08:28):
because it embeds relationshipsbetween things - the word 'graph
.
' That's where the origin ofthat idea is.
When you relate it back tosystems and the stack and, again
, concerns about security andprivacy, one of the realities we
live in is that no threat, noattack really is just a point in
time activity.
(08:48):
There's nothing that happens atthe very moment and there is
nothing before and after that.
There is no such thing.
If you start looking at most ofthese privacy and security
concerns, it's almost likeunfolding of a story.
There is either a deliberate orinadvertent activity or action
that occurs that leads to somesort of an effect.
(09:09):
That effect leads to either acompromise or some sort of an
exfiltration and so on and soforth, but in any case it's
usually over a time window.
It's almost as if the story hasa beginning, and then the
middle where all the activityhappens, and then an end and an
unfortunate end sometimes wherethe data is leaked or the
privacy is compromised.
(09:30):
And so, from our standpoint,when we started piecing that
part of the puzzle, theimportant piece that we really
kind of thought of early, and Ithink it's very pertinent, was
that we need some sort of a timemachine.
We need a concept which is notjust point- in- time, but
something that we can walk backin time, walk forward in time,
and reason through time.
So, we need to capture almostlike in time windows and think
(09:52):
of it in terms of our temporaldimension: where we started, how
it's evolved, where is itheaded, and then, of course,
even reason through it from"what if?
Standpoint of "where could itgo.
And again, we're talkingsecurity / privacy, so of course
we'll overlay this withconstructs that are familiar in
security engineering and privacyengineering and then kind of
predict what the outcomes couldbe like or what the effectors
(10:14):
could be.
So, all of this getsencapsulated essentially - the
concept of the knowledge and thetime machine into this temporal
knowledge graph that we havebuilt - and we've set up a
patent- pending on it and abunch of other work,
intellectual property work thatwe have done around it.
We, of course, want todemocratize and take this
forward and have the world takeadvantage of this because we
feel that technology is verypowerful, the construct is very
(10:37):
interesting, and very applicablefor the world that we live in.
Now, last but not the least,there is the third aspect, which
is of "causal discovery.
" So, we already sort of coveredthe beauty of the language
models (the LLMs), talked aboutthe temporal knowledge graph;
now, there is one reality,though, which is sort of
interesting to think about,especially in the world of,
(10:58):
again, breaches, compromises,exploits, and any kind of
security or privacy-centricstudy.
You could not run it reallylike an experiment; and what I
mean by that is if you have tointroduce a new drug in the
market - and I'm just shiftinggears a little bit and giving an
example because I thinksometimes examples make things a
(11:18):
little more tangible, if youmay - so if you are introducing
a new drug, you can conduct verycontrolled experiments.
You can figure out what thedrug does.
You can have a small sample.
You have a control sample.
And then, you can study how thedrug behaves and, of course, if
it meets the success criteria;and if it meets the parameters
that one is expecting, youessentially approve it and then
(11:40):
it becomes generally available,and then the whole masses, the
population, can take advantageof that drug.
Now, unfortunately, when youlook at that sort of a model,
which is called a causalinference model - where you're
actually deliberately affectingand then studying what is the
impact of those effectors - thatcannot be applied in a world of
cyber and privacy.
(12:01):
Not always, sometimes you canin terms of "what if?
Analysis, but definitely youcannot apply that post-facto
because the activity has alreadyoccurred.
So it's not like you couldrecreate the activity or go and
conduct the hack yourself.
Of course you do, sometimes incontrolled environments, with
pen testing and red teaming andthose kinds of activities, but
most often than not you areessentially given a post-facto
(12:22):
report and then you have to goand thread the needle there and
figure out what may have beenthe reasons behind it.
What's the root cause?
What caused it?
How did it start?
So, you know, this is a veryclassic problem in research
about what is called causaldiscovery, where the idea is
that you should be able to seesomething and then thread back
the needle and figure out what'sthe root cause behind it.
(12:43):
So, that problem space is verypertinent in the world that we
live in.
And, we kind of bring in thesethree ideas together: 1) large
language models; 2) the temporalknowledge graph that I just
spoke about; and then, of course3) the concept of discovering
root cause by observing, if youmay, the causal discovery piece.
We combine these three thingsand, you know, try and solve the
problems in the world ofprivacy and security.
(13:03):
So that's what we do.
Debra J Farber (13:05):
Wow, that definitely sounds like a lot of
new technology put together tosolve some age old problems.
I'm excited to hear about that.
How do you think, moregenerally, that this explosive
growth of AI and LLMs (so,generative AI) has impacted
privacy and confidentiality?
Shashank Tiwari (13:27):
Yeah, that's a very important discussion that I
think is happening acrosscompanies and across thought
leaders today.
You make a fantastic point, youknow, and if I were to sort of
respond to your point, I thinkthere are two parts of it.
One is that, yes, there is amassive rise of Gen AI, which
means that people will take itplaces.
They will use it in variousdifferent ways that we don't
(13:48):
know what it would mean in termsof implications and
confidentiality and privacy.
And then, the second part ofthe puzzle is there are some
pieces of that, or some evidencealready out there, where it's
becoming very clear that if wedon't have a good thoughtful
approach to it, we could end upmaking mistakes that could be
very expensive.
(14:08):
That could really cost us a lotas a society at large.
Now, to give you a littlecomplexity - you know the scope
of complexity involved here,Debra - and if you start looking
at the world of AI, the worldof AI and largely the world of
language models, which is whereGen AI is kind of sprouting from
, relies a lot on what I wouldcall, broadly, a ton of black
(14:32):
box constructs.
So, there are a lot of theseneural networks.
There are a lot of theseabstractions.
There are a lot of thesebillions of passes and you may
have heard these numbers beingthrown around, that you know
so-and-so is a 40 billion modelor a 60 billion model or a 100
billion model or what have you.
But, in other words, what it'sreally saying is, in very simple
words, is that it's to a pointof complexity and to a point of
(14:54):
iteration where it has become ablack box, where walking back
from it and trying to understandhow and why it's doing what
it's doing is non-trivial.
It's a very complex problem.
So, when you look at thatcomplex technology, which also
is sort of a black box by design, I think it poses some
fundamental challenges from astandpoint of "hat if I made a
(15:16):
mistake?
Right?
So, for example, what if somedata was leaked inadvertently
out there?
Right Like, not intentionally,not from a hack standpoint, but
somebody - just some benign funwith the technology - ended up
leading to the passing of someconfidential data or some
important private data onto thatlarge black box.
Can you actually extract thatout and can you delete it from
(15:40):
it?
That's the next questionbecause that's what happens in
normal life.
If, for some reason, you spillout something by mistake, well,
you quickly try to find tracesof that and you're trying to
erase that and delete it; andI'm talking about more of a
remediation from an inadvertentcase as a starting point.
Now, even something like that,which is fairly straightforward
in a normal case, is actuallyvery complex in the world of AI
(16:01):
because you would not be able tofind where it has gone, where
all it has mixed in, and youknow what has happened with that
data set that got leaked.
In fact, there's an analogythat I like to draw, and I think
in my head that's actually agood analogy to think of, and it
comes to something like themodern AI technology is like if
you took a glass of water andyou walk down to the Pacific
(16:22):
Coast and any of the lovelybeaches that you know we all
live close enough to, and thenwe take that glass of water and
pour it into the ocean, and then, a few minutes later we said,
"Well, I need to find the waterfor my glass of water in the
Pacific Ocean.
Right, and that's an impossibleproblem.
Right, like there is no way foranyone to go and figure that
out.
It's all mixed in, it's becomethe Pacific Ocean right, like
(16:44):
your glass of water has lost itsidentity and it's enmeshed in
it and it's you know, it's allwater right.
And so, in some sense, theproblem space is like that in
terms of data leakage onto AI.
You know, if your data hasleaked onto some sort of a
public LLM model, it's verydifficult to trace it; it's very
difficult to retract; it's verydifficult to take that out
(17:08):
right.
So, that's one humongousproblem that you know we are
living with now, which meanswe've got to find ways, we've
got to find mechanisms thatfirst we avoid at all costs -
which again, by itself, is ahumongous challenge because of
course you could have controlsaround deliberate pieces
potentially, but inadvertentmistakes do happen.
(17:28):
So, even that part of thepuzzle is vulnerable to an
extent, and so that's one bigpart of the problem around
privacy and confidentiality.
The second big part of thepiece, which I think is being
talked about quite a bit borderson what you would call trust.
This kind of relates back tohallucination and made- up
things as your reality and thenmade- up things get mixed with
(17:52):
each other; and as more and moredata is generated using AI, I
think it raises the second-level, second-order complexity, of
which one is truthful data witha source that I can attribute
and go back to and make surethat it's valid and truthful and
makes sense and I can rely onversus something that's derived
(18:12):
data and perhaps even completelyfictitious like the so-called
"alternate facts, if you may,that have become part of the
facts, right.
So that's another part of theproblem that becomes very
complex from a privacy, identity, confidentiality, fidelity
standpoint, because you mightstart seeing in the future
people's identities orinformation or very critical
(18:35):
sort of private facts beingessentially mutated and
mutilated, right, and then itwould be very difficult to then
thread it back and evenreconcile and say, hey, which
one is the made up, nonsensicalone and which one is the actual
stuff.
So I think that's another bigchallenge as professionals, we
sort of live with every day.
And then, there is a third partof it, and of course I could
(18:58):
keep rattling off many of thembecause there are quite a few
and many more emerging.
But the third other big part ofthe puzzle, which is the newer
attack vectors that becomepossible with these sort of
GenAI-type technology, and someof it is being talked about.
I think there is a lot ofconversation around malware that
you can quickly create.
(19:18):
There's also talked about theold type of attacks in this new
world, like the sort of cousinsof SQL injection becoming prompt
injection in the world of LLMsand things like those that we
are certainly talking about.
But, I think it also poses abunch of other important
dimensions around access control, around encrypted data sets,
(19:42):
around how do you make sure thatyou keep certain things
partitioned - because that'swhat keeps the confidentiality
of that particular data set, andthen of course, also evolution
of that data set.
So, I think there are a ton ofchallenges.
AI is, I would say, the newpiece that will keep us very
busy, both from a standpoint ofpolicy and also from a
standpoint of controls and howwe approach it over the next few
(20:04):
years.
Debra J Farber (20:06):
That's really interesting, and you're really
highlighting a lot of thecomplexities of the current
outstanding questions of the day, where everyone's trying to
implement generative AI intotheir products across the world
right now and there's stillregulatory uncertainties,
policies that need to be put inplace, controls, like you said.
(20:27):
So, I'm going to read back toyou the highlights - you
mentioned three separate areasof complexity that are creating
challenges in this space - andmaybe you could then tell us a
little bit about how you wouldsuggest that developers and
architects approach thesechallenges.
What kind of design choices andarchitectural choices and
(20:52):
trade-offs there might be.
Does that sound good to you?
Shashank Tiwari (20:56):
Absolutely.
Yeah, let's do it.
Debra J Farber (20:58):
Okay, great.
You talked about mechanisms toavoid at all costs and you gave
some examples.
What kind of, I would thinkhere, architectural choices are
you thinking about when you sayyou want to avoid certain
mechanisms at all costs?
I'm assuming here you'retalking about protecting privacy
and confidentiality of personaldata.
Shashank Tiwari (21:19):
Indeed.
Yeah, yeah.
Of course, this is an ideal wayof looking at it, and one would
have to come up with variantsof it, which are a little bit
more practical, becauseobviously people will make
mistakes and things will happen.
Bottom line is that I think, ifyou have a certain highly
confidential data set, the onesthat you are very sure as a
(21:39):
privacy engineer or as aprotector of those very valuable
assets that we cannot affordfor these to get compromised;
for example, in our context, inthe world that we all live in,
it could be as simple as socialsecurity data or health records,
or you could look at people'simportant financial trail data
(21:59):
or stuff like that, which isvery personal, which is very
confidential and which is alsovery private, and then, of
course, multiple other thingslike that.
I think my take there, from anarchitectural standpoint for
enterprises which want to takeadvantage of the new language
models and technologies is thatdefinitely there is one rule
they should follow straight outof the gate, which is do not mix
(22:23):
any of this extremelyconfidential data with public
LLMs.
Just keep it out.
Don't even think about having aguardrail and working with it.
There are a lot of proponents -I'll call them the modern AI
firewall for the lack of betterword - essentially creating
filters, creating certain kindsof brokers, if you may, in the
middle.
(22:43):
This is the technology which Iwould say resembles or looks
like what DLP technology, andCASB technology, and perhaps
even firewalls had, but ofcourse, translated into the
world of AI, so they look andsound different.
But, conceptually, they're kindof similar, where the idea is
that "on't worry, I'll have thissuper smart filter that is
(23:07):
going to somehow figure out thatthere are certain data sets
that are confidentiality, andI'll make sure and I'll protect
you from inadvertently orotherwise leaking this over to
the public LLM like Open AI, asan example, or by mistake
copying that into ChatGPT or oneof those types of problems that
we've been talking about quitea bit.
There are quite a few examplesof those also.
(23:27):
For example, I believe somedevelopers at Samsung by mistake
took their code through it inthere and then it became
publicly- accessible and they bymistake leaked their IP.
So, things like those.
I think the idea is, at leastin my mind, that until this
technology matures and untilthere is a good understanding of
how we can partition it, stayaway from putting any
(23:48):
confidential data whatsoever onthose public LLMs.
Just, it's an absolute no- no.
The same way that you wouldhave absolute controls over
confidential data today notbeing put in certain places or
sitting out there in plain textunencrypted.
So ,the same kind of policy,that same kind of rigor needs to
be applied, I think, from astandpoint of making these onto
the public LLMs.
(24:09):
That's definitely one goodarchitecture principle I would
say one should start with now.
The second piece is that ifcompanies and enterprises are
struggling with this dichotomyof, "Hey, I want to take
advantage of AI because AI canhelp me further my cause and,
you know, help my customersbetter, but at the same time,
I'm worried.
Worried about sort of leakingit out into the internet and
avoiding things at all costs.
(24:30):
I think you could look atalternatives.
You could certainly look atalternatives where you host and
manage your own private LLM.
There are options now.
You know, even a few monthsback that was a difficult one
and they want that many choices.
But today, you've got opensource LLMs, you've got self
hosted LLMs that, assumingyou've got GPUs and other sort
(24:51):
of underlying stack available,you could run it internally.
The cloud providers areproviding private partitions,
where Google and AWS and Azurethey all have ways where you can
run your own LLM boundaries,which is partitioned off from
the rest of the world.
I would say those arerelatively safer.
They're not 100% safe.
You could still run into sometrouble and you know we can
(25:14):
talk about that a little bit,but you know that's certainly
better than public LLM.
So, that's another option ifyou really want to go down the
path.
Tread it carefully.
But, architecturally look atsome sort of a self- hosted,
private, contained, or even ifthere's a third party provider,
they should be able to partitionthat off and provide that for
you.
Just as a case in point, that'swhat we do.
(25:34):
As you know, we work withbanking customers, regulated
entities, and that's an absolutepiece of decision that we made.
We don't send out any kind ofconfidential data or any kind of
data that even looksconfidential vaguely on to the
public LLMs.
We just keep out of it.
So, I think that's onearchitecture principle.
I would mention the second part.
(25:55):
I think there is also to makesure that you can abstract out
the data sets as much aspossible.
You know, this is not newtechnology; this is the old
technology of where you use somesort of obfuscation techniques
and privacy, or you know yousort of de- identified or
(26:15):
anonymize those kind of datasets and then use them for
something - for analytics, forexample, which is what a lot of
companies do today for dataanalytics.
I would say use the same kindof a puzzle.
You of course, might have thechallenge of losing some of the
meaning in language modelsbecause you may have abstracted
out to a point where it may not100% make sense to the language
(26:35):
models, but nonetheless, I thinkthat's a safer route.
Definitely have that as thefirst- level filter of
anonymizing, taking out theidentities, and then obfuscating
it as much as possible.
Then, maybe run abstractversions of it so that even if
some of that gets leaked out bymistake or you end up seeing
that out in public, nobody canreally relate it back or abuse
(26:57):
that potentially private data orthe source of private data.
So, I think those are some ofthe pieces architecturally I
think where we need to start.
I would also caution a littlebit to the folks: don't over
index on using accesscontrollers, some of these
modern AI filters or AIfirewalls type of technology
(27:18):
because they're all very new andit's a funny sort of
amplification problem.
LLMs and the technology aroundit, not just the LLMs, but you
could apply the same thing tovector databases or other kinds
of stack elements within thatworld are all evolving rapidly.
So, what we see of them, let'ssay, last month, and what we see
of them today, they're fairlydifferent.
(27:38):
Lot more features and thereforewith it lot more threat vectors
have been added and you know itwill continue to happen.
So it's a sort of the classiccatching up game that I think
many of these newer vendors willalso play for the foreseeable
future.
And so, I feel like, if you'reserious and you've got
confidential data, you should,you know, essentially take the
path of caution and tread it alittle carefully, and not get
(28:02):
over confident that "ey, there'sa particular technology that
seems to have solved this andover index on it.
That would be my take here froman architectural principle
standpoint.
Debra J Farber (28:12):
It's good advice that if something is new
technology, especially when itcomes to AI, that you really do
want it to be tested and battletested, I guess, before you
trust it within your ownorganization.
The next area that youmentioned that has a lot of
complexity was trust.
(28:33):
What advice would you give,what design choices, what
architectural approaches wouldyou recommend so that we can
better verify, assure, and testagainst trustful data?
How do we go about making datatrustful?
Shashank Tiwari (28:52):
It's a complex one.
It's a difficult problem.
If you look at the broaderspace of trust, I think that's
only become an amplified,complex problem across board.
Even before AI was becoming somuch of an important part of our
society.
We saw this conversation evensort of pop up in the world of
social media, and you know allthe content generated today
(29:13):
where we don't know what isbeing said or what is being put
out there is even real.
So, there's a lot ofconversation around it.
Of course, AI is generatingthings, content even in the
enterprise space and in the sortof critical application spaces,
which is sort of making itworse.
I think it all starts with,architecturally at least, two
things that I think you couldstart thinking about.
(29:34):
Again, much of this is going toevolve, but these, I think, at
least in my opinion, are theright ways to start looking at
it.
One is the parallel, or thegood old way of verifying any
content where you go back to thesource.
Right?
You relate it back to thesource and say, "well, let me
make sure, firstly, that itrelates back to something which
is, you know, a trustable source.
In a way, you are applying thetransitive relationship that if
(29:59):
the source is trustable, thecontent they have generated is
also trustworthy.
Right?
So, I think there's a littlebit of that where you could go
back to the source.
Now, going back to the sourceand the world of AI is
non-trivial.
You have a content out there onthe internet and if you cite
the source of where that is from, you could actually very
quickly walk back and check that.
(30:19):
In the case of AI, because it'sgenerated and meshed with some
data that comes from a specificsource and some that is
completely new, done by the AIengine, by Gen AI, it gets very
difficult to actually have thatvery clean traceability, very
clean provenance to the source.
So, this problem is beinglooked at.
(30:42):
Again, both industry andresearch is looking at it and
it's the whole space of what iscalled "Explainable AI.
This also coming up becausethere is a ton of debate in
society around fairness and biasin the world of AI, and there
have been cases where theautomated intelligence systems
powered by AI have madedecisions that have baffled
(31:03):
people.
For example, I think there wasone case, if I have my memory
serves me right, where husbandand wife applied for the same
card to a particular bank.
One was approved, one wasrejected, and then later it was
kind of traced back to say itwas probably a bias against
women.
There was another one where Ithink Google was doing something
in imagine.
(31:23):
It started showing certainkinds of images for certain
racial profiles, which was justessentially not only
inappropriate, but at the sametime, the technology became
untrustworthy.
So, there is a lot of that, Iwould say, more alarming
examples that are coming up.
And so, people are talkingabout how do we go back and
measure the fairness?
How do we go back and measurethe biases, which again relates
back to the same problem (31:46):
the fidelity of the information.
What's the source?
What caused it to generate whatit generated?
So, certainly, I think, keepyour eyes out for this
explainable AI bit.
There are a few open source anda few other frameworks that are
emerging.
I'm pretty confident that we'llsee a lot more companies emerge
in this space over a period oftime, and then, of course,
(32:07):
existing AI providers, vendors,platforms, will also want to
bake this into their mix.
So that's one way sort oflooking at trust.
The second way of looking attrust - which is a tricky one,
but still nonetheless animportant one and certainly can
come handy sometimes - islooking at the ramifications of
that information.
So, I would give an examplewhich is more close home.
(32:28):
Say, if you just went today tothe language model and you went
and asked a simple question, say, "Hey, which is the most
critical vulnerability that canbe exploited between so and so
date?
" the language model, in mostcases, most language models will
come back and give you ananswer very confidently.
They'll say, yeah, it is thisCVE.
Blah, blah, blah, it wasexploited here.
(32:49):
You know, here's the fix, thisis what you should do.
And then, when you look at it,you will feel like, yeah, this
is very actionable and this isso smart, this is so great.
The reality, though, is often,when you dig a little deeper and
double click into it, you'llrealize that, "actually, there's
a lot of inaccuracy in thatinformation.
For example, I saw once when Iwas playing with it, that one of
(33:11):
these LLMs claimed was the mostcritical vulnerability was not
even a critical severityvulnerability.
It was actually a mediumseverity and there was no fix
available for it.
So, you will see all thesekinds of things kind of emerge
that will sound very confident,but you know they aren't.
So thereby, my sort of way ofapproaching that is that I
think, as humans, we need torely on human judgment and
(33:31):
reinforcement loops.
We need to have a seconddataset if you may have some
form, which is where, forexample, in our world, we try to
supplement that with KnowledgeGraph and other things.
But, there are other ways alsoof supplementing it.
There's a whole world today thatis called Retrieval, Augmented,
or Grounded Generation type oftechnique where the idea is I
look at a second source; I lookat a third source; and I try to
(33:53):
make sure that those two / threesources agree with each other -
that there's some sort of aconsensus among them and they're
saying the same thing.
So, I think that might behelpful as well, like that's the
second approach that I thinkmost architectural decision
makers should certainly consider, where they can look at
alternative sources and thenmake sure that all these two /
(34:14):
three different ways lead to thesame path or at least an
adjacent path.
Having said that, I do want tosay again something looking out
a little bit, sort of a crystalball - this might get more
difficult over a period of timebecause as we'll have a larger
proportion of generated data asopposed to real organic data;
(34:34):
and I believe there are someresearch and some numbers out
there which is saying that it'sgoing to outnumber by a few
multiples.
So, 5 years, 10 years, fastforward, we might have actually
5 times or 10 times moregenerated data than real data;
and so, in that case, I thinkreconciling and using some of
these techniques is going tobecome even more challenging
(34:55):
because there's just so muchgenerated data.
Even the tracing back of thesource of a generated data might
lead to data, generated dataand so I think walking back,
that would become an extremelydifficult problem, down to the
provenance of it.
Debra J Farber (35:09):
Yes, in fact, last week's episode actually
deals a lot with that exacttopic and we cover synthetic
data and some of the challengesof training LLMs on that
synthetic data for the exactchallenges that you were
highlighting there.
So, if people want to learnmore, maybe check out that
episode.
The last area of complexitythat you would originally
(35:31):
mentioned was that there areGenerative AI, a new technology
being deployed, that there arenow new attack vectors.
So, maybe you could talk alittle bit more in depthly there
about a few of those vectors.
You mentioned prompt injectionswith LLMs and access controls
around encrypted data sets andsome others.
(35:54):
Whatever comes to your mind,what are some of the design
decisions and architecturaldecisions that you would want to
highlight in order to preventcompromise of data through these
attack vectors?
Shashank Tiwari (36:08):
Yeah, yeah, absolutely.
I think if you look at attackvectors, as I was saying earlier
, I think we are still in theearly innings of that.
So, you're going to see a lotof evolution of that attacks -
attack vectors and attack types- similar to how we've seen in
almost every other technologystack; and I would draw a
parallel, like, if you went back2009 or 2010 timeframe, there
(36:29):
were certain ways of attackingthe cloud or certain ways that
you would be worried aboutprotecting the cloud.
Fast forward, you know, 10, 12years or so, it's a very wide
variety of attacks that arepossible on the cloud, and that
has, in fact, also led to theemergence of a lot of different
categories and ways of defendingand ways of attacking and so on
and so forth.
So, I think AI will go throughthat evolution as well, and
(36:51):
perhaps even more, because it'sa whole completely new, unknown
space within the attack vectors.
Firstly, just from an attackvector standpoint, there are, in
my mind, loosely put, twoclasses of attack vectors.
One is what I would like tocall the garden variety type,
the attack vectors that we arefamiliar with.
Yes, they're dangerous, butthey're preventable.
(37:11):
We understand them.
Among those, I would put thingslike all these newer malware
that are being generated.
GenAI is kind of doing the workthat otherwise hackers would be
doing.
Sure enough, it's making thehackers more productive so they
can generate more malware at afaster rate.
But, at the end of the day,it's malware.
And, at the end of the day, youwould do the same things you
(37:31):
would do to prevent malware?
So, there is that, the way toapproach it.
Similarly, if you start lookingat prompt injection, prompt
injection is a serious problembecause we're still trying to
unearth the power of the prompt,if you may, which is nothing
but basically inputs of thenumber of text or tokens that we
send into a particular languagemodel.
And then, of course, the basisthat the language model comes
(37:52):
back and, you know, doeswonderful things.
And so, if you send in datathat can make it behave in funny
ways or do things that youdon't want it to do, well, you
can cut up the system and youcan take it to your advantage,
similar to how you could dothings like protocol stuffing or
SQL injection, where the intentwasn't that of the maker, but
(38:12):
you know a hacker could abusethat and take advantage of it.
So, we have the same kind of achallenge there - prompt
injection as well - and thereare a few more like that around
access control.
Then, of course, we alreadydiscussed the data leak kind of
problems that can happen.
So, for these - I'm not tryingto trivialize anything, but I
would still like to call them -"the garden variety problems in
(38:33):
security and privacy, becausethese are known, we have
understood it as professionals,there are tools and checks and
balances, at least at a broaderlevel, that are available, and
we'll adapt them and create newones for AI.
So, there is that segment.
As with every other privacy andsecurity concern, I think it
starts with basic hygiene.
So, make sure that you have theright controls; make sure you
(38:56):
validate things; make sure youhave the right protections, as
you would do with a normal casewith malware or any injection
technique.
And, for the most part, I thinkyou would start heading in the
right direction; but nonetheless, I think you have to very
deliberately think about thosebecause you'll have to firstly
know about them right before youcan start protecting.
Now out of these attack vectors, there's also something to be
(39:17):
kept in mind that you will see alot more of these emerge.
Like I was saying earlier, whatwe are seeing is probably a
small subset of what we will see, even six months out or one
year out or two years out.
So, keep an eye out for it.
The most important part herewould be to stay educated, to
understand where this technologyis headed.
What kind of attacks are weseeing, learning from it and,
(39:37):
kind of adding controls to it.
Now, in this, some of theseattack vectors, there is also an
element of maturity of thetechnology or the controls that
we have.
So, for example, one classicproblem is a very simple, good,
old problem, but access control: fine-grained access control and (39:51):
undefined
vector databases.
That is still evolving.
It doesn't exist the way thatit's there in mature databases.
So, yes, it could also beabused and you could get hold of
certain parts of these vectorsets if you may.
That, in turn, could then beabused to do various kinds of
attacks, just as an example; andso, in that case you will also
(40:12):
see those vendors step up andstart adding those so-called
enterprise-grade features, whichare more baked, hardened things
that match the expectations ofthe fine-grained access control
and confidentiality, andprotections that we sort of
grown up with now with morestandard technology.
So that's one type of attacks.
And then the second type ofattacks, which is more dangerous
(40:34):
, and I think that these couldlead to some serious problems,
especially because, if you startlooking out - although we have
been talking about this inscience fiction, I don't think
we have really internalized itas society - is that the future
is going to have a lot ofintelligent systems around us
and we will start relyingheavily on it.
From the car we drive, to homeappliances, to machinery, to
(40:58):
even heavy industrial machinery,to the flights we take, to
systems that reconcile ourfinances, to things that protect
us, to things that purify ourwater for the city, to our
lighting system, all of theseare going to have an element of
AI in them.
They'll all be run by, ordecided by, systems that are
(41:19):
essentially some versions, someevolved version of AI that we
are already down the path on.
So, in that world where you areseeing this AI becoming sort of
part of society.
It becomes sort of an adjacentrobot next to us, and many of
them will be in the sense thatYou know the Terminator style,
(41:43):
if you may, but the reality isthere'll be fewer of those, but
there'll be the invisible typeof robots - smart robots that
will affect our lives every day.
For example, the switch thatwould be figuring out how much a
filtration should happen withthe water that comes in our taps
would probably be governed byAI, and we already headed in
that direction.
So, it's not the same as ahumanoid robot, but it's doing
(42:05):
some very critical pieces,because poisoning of water in a
city could be a war-skillproblem, and so things like
those, I think, are going to bea big problem.
Things like those is where theattack vectors get even more
interesting; and I think theattack vectors around that could
be in the form of modelpoisoning or adversaries really
bringing in data sets that veryslowly seeps into and kind of
(42:28):
pollutes the wholedecision-making matrix.
So now, you're looking at thesedrip feed model attacks, which
are difficult to detect,difficult to trace, and then
difficult to unwind once they'rebaked in into it.
Some of this has been discussedin this whole adversarial
machine learning concept a fewyears back.
But, I feel the real attacksare going to be way more
(42:51):
sophisticated, way more complexthan even some of the initial
theoretical modeling that manyof us have indulged in.
So I think, like that attackvector is serious, it's very big
and you know, unfortunatelyit's coming and I think we've
got to start getting ready forit.
Debra J Farber (43:04):
Oh, wow, okay.
Well, that's definitely a nice,scary exploration of all the
security problems with untestedAI systems that are going online
.
So, that actually brings up mynext question, which is where do
you see all this going?
I know you're looking at itfrom more of a potential threat
(43:26):
perspective, but if we'relooking at enterprises
specifically, how are theycurrently approaching at least
generative AI?
Obviously, AI has been aroundfor a long time, so I just want
to focus on generative AI forright now.
It looks like everybody andtheir mother is coming out with
the ability to integrategenerative AI into a lot of
(43:46):
services to help with creatingchatbots that make it easier for
humans to have more of aconversation level kind of
interface with their computers.
A lot of those companies seem tobe startups and have the
ability to be nimble and makesome bold choices, and if they
fail, they fail; if they win,they could really win.
But, what about enterprisesthat are a lot more conservative
(44:08):
about bringing in innovativenew technology without having
rigorous testing and validationand assurances?
Where do you see enterprisesright now and where do you see
them going in like two years?
Five years?
Shashank Tiwari (44:27):
Well, firstly, the excitement around Gen AI is
very high, and I think that is across board.
You see large enterprises,small startups, and everybody
else in the middle is talkingabout it, wanting to explore it,
wanting to get their hands onit.
I think, like most technologyover the last couple of decades,
(44:47):
it's probably being driven frompeople's experiences in the
consumer world.
So, just like we saw withmobile phones as an example,
first people started using thatfor their personal and fun
things and then eventuallycreeped it into the enterprise;
and then, in many cases, itbecame the primary way to access
certain kinds of things.
So, similarly, I think a lot offolks working across larger
(45:09):
traditional companies, mid-sizedcompanies, traditional sectors,
technology-centric sectors,government, and then the ones in
the startup world, are gettingtheir hands on it, or getting
exposed to it, through the sortof consumer-centric
conversations, starting, ofcourse - I have to give credit,
especially from a marketing andmessaging standpoint to ChatGPT
because it really became verycommonly known.
(45:31):
So, I think that, with thatlittle taste in their mouth, I
feel like the world is hungryfor it, and I see this in
conversations as well.
We as a company engage with alot of large banks, global 1000
companies, traditional sector,even government sector, and what
(45:52):
we are seeing is that there'sdefinitely a very active desire
and an active intent to gofigure out where they could use
Gen AI.
To an extent, I think manyleaders are also feeling like
the time is now and if they weretoo slow and if somehow they
did not have this is a part oftheir deliberate strategy over
the next few years, they wouldprobably be left behind.
(46:13):
So there's definitely a lot ofenergy around Gen AI now.
Whether that'll translate intoenterprise applications
wholesale migrating over to GenAI - just like you could argue
early 2000s where alltraditional client server and
desktop apps eventually madetheir way into web apps and
people stopped building desktopapps - in that big transition
(46:34):
will be seen over the next twoyears, five years, seven years,
more and more newer applications, or rather every newer
application in enterprise andevery existing application
becoming essentially an AI-powered application.
My hunch is likely "yes.
Now, what shape and form itwould come in, how fast it would
come.
I think we will see that.
You know that time will tell us, but certainly the wind is
(46:56):
blowing in that direction, andeverybody wants to sail in it,
right.
So I think, like that'sdefinitely very clear, very
apparent.
Now, what I would mention,though, is that I think, when it
comes to Gen AI, the world isnot evenly distributed, like
there are certain sectors thatare both super excited and also
very scared about it.
For example, those who arewriters and creatives, they love
(47:18):
the energy that Gen AI isbringing into the mix and the
companies around it, but they'realso feeling the competitive
pressure from that technology.
So, there is a little bit ofconflict going on in that space,
even enterprises in that space.
We might end up seeing thingslike editorial businesses, or
publications, or mediaproduction, filmmaking - those
(47:39):
guys will really feel the heatone way or the other, or they
would just take that technologyand unleash some newer kinds of
creativity.
So, both could happen.
They're certainly watching itclosely.
In the traditional sector, Ithink there are some areas which
is seeing a lot more traction.
For example, "hey, can I get asmart assistant to?
You know, give me goodfinancial advice?
(48:00):
Or, you know, can I, forexample, in the world of cyber
and privacy and security, whereone suffers from a lot of skill
gap.
Well, "can I bridge that skillgap by getting these smarts on
my side?
Or those companies that arelooking at very large amounts of
data sets, "an I use AI to kindof munch through it and make
sense of it at a very fast pace?
So on so forth.
(48:20):
There's definitely a little bitmore, I would say, domain
specific use cases that has gotpeople more hooked onto it as
opposed to every sector, rightso there's certainly a little
bit of a you know, hotspotting,if you may, or you know areas
where AI or Gen AI is certainlyseeing more love than broadly,
but I think we'll see it.
We'll see it permeate and goacross sectors over the next few
(48:42):
years.
Now there's one part, though,that I wanna mention that
there's also a ton of hypearound Gen AI, right?
So, as it happens with mosttechnology, I do believe that it
is very promising, but at thispoint in time in history, it's
also a little oversold, and thatsometimes creates its own
problems where a lot of thebelievers have basically come
(49:02):
out with very strong projections, very strong sort of their own
crystal ball gazing andforesight and said, "eah, this
is gonna transform over the next24 months or, you know, next
five years, and this is what theworld is gonna look like, and,
you know, throw numbers aroundit and gotten the whole world
excited, which is cool, which isgreat;
but I do think that they wouldgo through its own trough of
(49:23):
discontentment and illusion, ifyou may, where companies might
not see the value realization asfast as it's promised, and then
you might see some pullback.
So, I think that will be partof this adoption curve, where
you will see a lot of peoplestep up very quickly, build a
lot of Gen AI poweredapplications, and then a few of
them get suspicious of the valueit actually brings to the table
(49:45):
and then kind of roll back alittle bit.
Then, there's gonna be a secondversion or second avatar of
this Gen AI movement, which willeventually then get everyone
towards that sort of overallsuccess.
So, that's at least the way Ikind of perceive this.
Debra J Farber (50:00):
So, that's a good jumping off point, I guess,
before we close, to ask youabout your feelings on
regulation then, becauseobviously there's gonna be
rounds of attempts at regulatingAI.
I also wanna throw out therethat there are plenty of laws on
the books that apply it AItoday.
It's just not specificallyabout AI, but it's not like
(50:21):
there's no laws.
There are plenty of laws, butaround maybe getting more
transparency, and fairness andgetting rid of bias, and you
know we're starting to see thisout of Europe, and rumblings of
legislation being proposed inthe U.
S.
But, do you think that's goingto be pushing the second hype
wave or the second wave ofgenerative AI companies as we
(50:42):
move on - that that'll beinfluenced by regulatory
requirements?
Shashank Tiwari (50:46):
100%.
I think regulation is gonna playa much bigger part than we
think in the world of AI, and Ithink you said it very well,
Debra.
Regulation is already here.
It's just that it's notspecifically worded for Gen AI,
but many existing regulationsapply to it as much as it
applies to a ton of othertechnologies out there.
So, I think there is going tobe some effort across board,
(51:08):
across enterprises, across thelegal sector, across the
regulators themselves, of tryingto firstly translate that to
the world of AI.
Because some things have beendrafted in the world of
traditional, more legacy systemsand you know just like they
were reworded and redrafted inthe world of the modern internet
and the mobile phone era.
They will need to be goingthrough a second iteration, if
(51:30):
you may, in the world of AI?
So, certainly there is that -existing regulations sort of
modifying for Gen AI.
Then, of course, on top of it,and especially as it relates to
privacy and confidentiality(which has been discussed quite
a bit), fairness, you knowthings of that nature, we are
going to see a mass of newerregulations as well.
(51:52):
Some addendums to what we haveand some completely new, fresh
ones.
EU, of course, is two stepsahead in regulation, and in fact
there's a little joke in thetechnology community that I
think they have learned toinnovate in regulation more than
anything else, in EU.
But, there is a little bit ofthat.
(52:13):
They put out the EU AI law, orsomething, I believe, which is
already out there I was, youknow, sifting through it; and
they've already started puttingsome guidelines, which I think
is great because the discussionstarted.
It's also a bit dangerousbecause it's early.
And then, of course, we haveour own Congress discussing some
of this very actively right,where they're having hearings;
(52:33):
they're getting imports; they'retrying to understand; they're
setting up committees to seewhere AI is headed, what are the
risks, what kind of regulationsare required.
I think there's going to be aculmination of that.
It's all going to come together.
My bet is 2024 or 25, you'llsee some big AI regulations come
.
The reason I also say 2024- 25is because, as it happens, we'll
(52:54):
go through our election cycleand then, as the new Congress
gets formed (either the same oneor some new version of it) they
will then want to go and putcertain newer laws together.
I have a feeling that AIregulation is also going to be
part of that puzzle.
But, we will end up seeing 2025for sure - some big AI
regulations coming in some formbecause it's so much in the
(53:16):
conversation.
I don't think they can justslip it under the rug or ignore
it.
So, I think that's definitelycoming.
Now, to your second part ofthat
I think it'll have ramificationson a couple of different fronts
.
One is that you know it willlead to maturity of the
technology and maturity of toolsand products in this space,
because they will be pressuredto, they'll be forced to rise up
(53:39):
to the occasion.
And then also, I think it willdrive awareness because once
people start spending time,energy, money on anything, they
become more aware.
Right?
I think that regulation will bethe forcing function where you
will start having conversationsin boardrooms and at the
operational level, and peoplestart figuring out how it
translates Similar to, in a veryorthogonal way,
I'll take an example.
The SEC came out with a verysimple ruling of "hey, if you
(54:02):
have a breach, you've got areport within four days or so,
right?
Like if it's a materialincident, as they have put it
out there.
And now suddenly everyone'stalking about incidents, you
know, and reporting, and MTTRs(i.
e.
, mean time to repair) and whathave you.
It's a conversation that wasn'thaving as much in the
boardrooms and with executives,but these days I speak to every
CISO, and it's on their mind.
Like everyone is talking aboutit.
(54:22):
So, same way, I think once theAI regulation comes in, you will
see everyone discussing andfiguring out the ramifications
of it.
For sure.
Debra J Farber (54:29):
Yeah, that makes a lot of sense.
I know we're already over time,but I feel like there's a
tangential question there aboutstandards.
Legislation is gonna be carvingout some of the things you
can't do or some of the thingsyou must do, but it doesn't give
you the pathway of gettingthere.
And it seems to me it makesgood sense, if you know
regulations coming, that thereshould be work done on different
(54:51):
standards for generative AItech stacks, I guess.
Are you aware of anythingthat's being worked on right now
?
Is that something that expertsin this space should have
already started on and they're alittle behind?
Or, are we right on time andthere's work being done that you
could report on for us?
What are your thoughts onstandards?
Shashank Tiwari (55:11):
Yeah, absolutely.
I think there is already abunch of that work underway and,
as I see it, the standards arecoming from two different
directions.
One, the open source communityand the sort of community- led
standards, which are being putout there.
Y ou're seeing that comethrough from various directions.
One is, of course, from asecurity threat standpoint, or
(55:31):
just identifying good bestpractices.
More recently, for example,OWASP has put out their own list
for LLMs.
Some of these bodies whichthink on the same lines, and
NIST and others also kind offormulating some.
So, you start seeing some ofthose standards come more
organically.
Definitely, I think that'shappening and some of them will
get formalized and be fairlywidely adopted over the next few
(55:53):
months, I would think.
So I think that's definitelyhappening.
Our second piece that I also seecoming - I haven't seen any
tangible discussion on that yet,but I'm 100% sure that it's
there somewhere behind thescenes - some work is going on
where you'll start seeing someof this creeping into the bigger
standards.
So, like the NIST standardsitself.
The NIST series of standardsthat are very important for
(56:16):
enterprises, or certainreporting standards kind of
pushed by the SEC, or you know,you'll start seeing, even in
terms of compliance frameworksor regulatory frameworks or best
practices.
Again, if a large number ofsystems are GenAI- powered
systems, well they couldn't bejust flying blind in that space.
They would have to have saysomething about it.
So, I think you would startseeing those creeping in,
(56:39):
perhaps as addendums, perhaps inthe next revisions you would
start seeing some of that flowin for sure.
Debra J Farber (56:45):
Well, thank you so much.
Any closing remarks before weclose up for today?
Shashank Tiwari (56:51):
Well, thank you for having me.
I really enjoyed theconversation.
Hope you did and hope theaudience likes it, too.
It's a new space, so I thinkthe only part I would say before
we close is that with any newthing, there is obviously risk
and danger, but there's also funand opportunity.
Being an entrepreneur, I'malways biased on fun and
opportunity.
So, I would say, go for it.
(57:12):
You know, go learn more.
Enjoy the GenAI as much as youstay cautious and stay aware.
Debra J Farber (57:18):
I think that's really good advice to give a
nice balance between skepticism,between being paranoid and
being innovative.
I think that's a great way toclose.
So, Shashank, thank you so muchfor joining us today on The
Shifting Privacy Left Podcast.
Until next Tuesday, everyone,when we'll be back with engaging
content and another great guest.
(57:38):
Thanks for joining us this weekon Shifting Privacy Left.
Make sure to visit our website,shiftingprivacyleft.
com, where you can subscribe toupdates so you'll never miss a
show.
While you're at it, if youfound this episode valuable, go
ahead and share it with a friend.
And, if you're an engineer whocares passionately about privacy
, check out Privado (57:59):
the developer-friendly privacy
platform and sponsor of thisshow.
To learn more, go to privado.
ai.
Be sure to tune in next Tuesdayfor a new episode.
Bye for now.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.