Name: Cybersecurity in a Post-Mythos World: What Comes Next?
Uploaded: 2026-05-19T18:30:12.071Z
Duration: 1 h 30 min
Description: Cybersecurity in a Post-Mythos World: What Comes Next?

Transcript for "Cybersecurity in a Post-Mythos World: What Comes Next?": Alright. Hello, friends, and welcome. I am really excited for this conversation today and this kind of, came out of our reaction month ago with their Meetos preview model, that was able to find vulnerabilities across virtually every major operating system and platform with more news drops since. And at this point, it is a lot safer to assume that you've been breached. And we're here today to talk about what comes next. For those of you joining us live, this is a live ask me anything. So we have a few questions prepped, but we wanna hear from you. So, say hello in the chat, tell us where you're tuning in from, and if you have questions, please do drop them in. We'll be weaving them throughout. So with that being said, I figured we'd start with some intros of who we have here. I'm I'm really excited to be joined by Dev and Mike. Dev, why don't we start with you? Tell us a little bit about your background, and then we'll pass it over to Mike. Yeah. Thanks very much for that, Cal. I'm Dev Rishi. I was one of the cofounders and CEO for Predabase, which was a generative AI infrastructure startup that, Rubrik acquired at the end of last summer. We really helped our customers and organizations deploy specialized small language models at scale. And inside of Rubrik, I'm working as GM for AI, which means that I oversee a lot of our AI products and services, including the newest product that we put out on market using some of Pratabase's core infrastructure and what Rubrik had to offer previously as well, and really combining them into a product we call the Rubrik Agent Cloud that's all about adjunctive governance and security. So excited to talk a little bit more about what we've been hearing in the market and also what some of the frontier, initiatives have meant, I think, than cybersecurity market. Awesome. Thank you, Dev. Mike oh, you are on mute, Mike. First full pause of webinar. Now that's taking care of, no more problems. So, thanks for having me. So Mike Ronski, I am a Director of Product Management here at Rubrik. I cover all things platform security. It's really how we secure our platform against bad actors as well as providing features and functions that help our customers ensure they're defending themselves and defending their data. I've been doing infosec and cyber since before we called it that. You know, the early days of IP access list and early firewalls, through multiple startups that were doing things in the virtual world when everybody was going virtual and that was the big fear is all the things that were going to happen security wise in virtual. We keep having these huge shifts in technology that bring us back to the table for conversations like this is, okay, how do we adapt? The technology is moving, cyber and infosec have to move. This makes this conversation that much more interesting to me. Awesome. And I I I love having both the respective dev from the AI and Frontier model development side, and then, Mike, yours from the security and, like, building a platform that can be resilient to these types of risks. And for those of you who don't know me, I'm Kal Al Dhubab. I am a principal technologist here at Rubrik, and I've spent the last decade of my career leading ML and AI teams developing AI solutions in heavily regulated environments. And so my career has been very focused on navigating conversations around AI risk management, and it feels like this is a a really timely conversation. So let's let's dive right into, our our q and a here with, just we'll start with you, Dev. In the past, these zero day vulnerabilities took a lot of effort to find. And, basically, the the so what factor is that we've now reduced the cost to be able to launch a sophisticated attack, with these Meetos class models. So can you tell us a little bit from your point of view what implications the rise of Frontier AI powered threats have on cybersecurity? Yeah. I, I think the first thing is well, you call it, like, the mythos class of models, and I think that's. the right frame to use because I do think that mythos is probably, like, an instantiation of a trend we're gonna see, which is that these frontier models are gonna get increasingly good at being able to find vulnerabilities in code both human generated and historical software systems, which is where a lot of those zero day attacks might exist today. And then increasingly also I think in like the, let's say, vibe coded landscape of AI generated software that's coming up as well. So I think we should expect that the trend is going to, continue. And it's really, I think, you know, exemplified by what OpenAI did more recently too with Daybreak, and, you know, we had obviously, Methos get a lot of looped into project gloss swing. I think the Frontier Labs are starting to notice and detect this. What I think it means from a cyber standpoint is that, the cost of exploits and then a time to exploit are all going to compress massively. Just like the cost of, like, developing software, I think it's, like, compressing really massively. And where, that's gonna become an implication is for cyber professionals now to think about what it means to be ethos ready. So I spoke with a CISO of a large fortune 200, which who basically told me, like, the board level mandate from security standpoint was, like, to be ethos ready. First thing that needed to be done is define what it is what does that even mean. And in his words, what it meant was, well, everything we are doing for prevention is is gonna come under a lot more scrutiny because we, you know, we are already trying to keep up with the lading edge as it is, and now we've just opened up, I think, the bucket. And, everything that we have to now be able to do for what happens post attack is going to get, really the spotlight and, like, where we're gonna be able to see a lot of the additional, focus come in. Because if you compress the time towards an attack and you increase the number of attacks, then I think it comes down to, yes, you wanna prevent as many as possible, but, you know, on aggregate, your resilience strategy, what happens after an attack is gonna become the most important thing. So I think maybe just summarize, you know, there's two key things that I feel like these developments really have in mind. The first is we should consider this as a trend, like, that's gonna continue to exacerbate the future. And then the second is I think being meet those ready for CSOs is going to mean having a, really comprehensive strategy for what to do when something goes wrong, Yeah. rather than maybe just being able to think about how we're gonna go and prevent that. Love that. Mike, from from your perspective, as somebody who's, like, on the defense team, what does the implication mean for. you? But, you know, it's interesting. and has your anxiety level gone. up since? Oh, I mean, absolutely. What's what's funny is when and and Deb brings up the zero day. We won't in this industry, we always talk about the zero day. But if we look back at the history of big breaches, it probably wasn't a zero day. That really tells us that our prevention, if we're going to all be intellectually honest across the board, probably isn't as great as it should have been. There's a lot of places where people are getting compromised by the five year old defect of the unpatched server in the corner. Now you get this high volume and velocity. So not only is, you know, this class of models able to try something new, they'll try all the old stuff too. Like, why waste your time with something fancy and new when you can assume that your target may not have been doing it well in the first place. So absolutely right. We have to kind of really refocus on what we thought was our prevention game and take that next step is great. If we're gonna assume it's gonna happen, and it's gonna happen possibly more often we expected, what are our processes and procedures to getting back online? How do we get back to the good state again and iterating very fast on that cycle? So I think it's gonna make a lot of people step back and really rethink their entire idea of what they defined as their cybersecurity strategy. Deb, before we get too much farther down the rabbit hole of, like, what we do about it, let's, let's take a step back and maybe talk about what is different. So how do these foundation or frontier models execute, attacks in maybe different ways than before? Yeah. You know, I think that in terms of, like, how they execute attacks in different ways from before, one of the things I think to acknowledge is that the models aren't necessarily built to be able to execute attacks. And a lot of the time I think that the Frontier Labs are doing on post training certain behaviors into the model and aligning them are to try and prevent those attacks from happening. So. it's almost as if, like, the intent that like, you know, sometimes I feel like there's a concern that the intent of, like, one of these cyber models is to be able to, like, a great tool in the case of a hacker, and certainly that's not the case. I think the issue is that, the models were post trained for, doing really well on coding tasks in particular. This is obviously where, like anthropic has seen an exponential rise, and I think their revenue, both through tools and harnesses like Claude code, and then open a I with codex. Obviously, get up copilot had seen a little bit of pull on this as well. But the core idea is I think these models are really good at doing code generation. Even at Rubrik, one of the things that we see is that some of our best engineers haven't written code in months. You know, it's, it's like a prompting back and forth workflow that a lot of users are directly taking. And so I think, what that essentially means, though, is that these models can become very useful tools in the hands of a malicious threat actor. Because just as you had now, like, your, 10 x engineers, essentially becoming a 50 x or a 100 x engineer being able to orchestrate agents. The challenge is that if you're now starting to go and set these models up to be able to do the types of tasks that, otherwise would have required human manual time to be able to actually look at and try and do an exploit, execute a certain phishing attack, what you're able to do now instead is actually throw an autonomous agent or a system against it. And that system is operating in, you know, I think a lot of the ways that we can see, a, with the level of competence that we typically might see from a reasonably seasoned engineer, but, b, I would say, like, with the level of, like, execution competence, but sometimes maybe, like, lacking some of the more few, nuance points of judgment we like to see from our senior engineers from, like, both architectural and security best practices standpoint. And so, you know, an example of this was, I think Carnegie Mellon released a study that and I hope I get the stats approximately right, but I think it said that, like, 60% of AI generated code was, like, functionally correct, but, less than 10% of it that was analyzed was, considered secure. And so I think you're really seeing two things happening. The first is we're developing a lot more code and software in general because I think the coding models and harnesses have made that easier. But some of the code detection vulnerabilities haven't necessarily caught up, number one. Number two, and I think it's actually a lot more present here is that these tools are becoming really helpful, not just in the hands of the good guys, but also unfortunately in the hands of the bad guys who might actually be looking to be able to use it for an exploit. And it it you know, actually, I've been trying to conceptualize this, and it's like we have these two circles of risk. You have, you know, threat actors. They're they're way more productive now with their AI tools, and so they're able to, like, use that to execute faster. And then we have, like, our own internal use of AI, which we're generating code that might be a little bit more subject to one of these types of attacks, or we have an AI system that executes in an unexpected way, and then you have the intersection of these two things. And now your very own AI generated code or your AI tool could unintentionally become an autonomous insider or an opportunity for a threat actor to get inside and and take control. Is that is that a fair way of, like, articulating that kind of compounding risk? I think it is a fair way to articulate it. And one thing I'm really curious about, Yeah. and, Mike, if you have a thought on this too, is, like, which do we think in the limit is gonna end up becoming a bigger risk? Like, do we think that the harder piece will be that AI generated code is full of vulnerabilities and that these are now easy for an attackers to exploit? Or do we think we're generally gonna generate reasonable let's say, like, at least as airtight systems as we had created so far, Okay. but the challenge now is that these, you know, the the the frontier models now have given ammunition to some of the malicious threat actors that can now carry out more sophisticated attacks. I think you're right, Cal, that, like, both exist and they compound each other. Yeah. And over the next three to five years, one of them is probably gonna dominate in terms of which introduces the most incremental risk. Yeah. In in my view, at least we do have the same benefit the attacker does in that, yes, we're regenerating code. We can also review that code using similar models and and and and tactics. So we do get an option to, and I think the term, and this is probably one where maybe dev can help explain this to our audience. I don't think everybody understands the difference between a harness and a model. The idea that you start having these harnesses that are really designed to play the persona of the security code review expert. Much like what you see with Methos is this is a harness that is unleashed and allowed to design exploits and look for vulnerabilities. I think these are going to evolve at the same type of pace with obviously the investment in the good guys, to use the general term, are looking to build more and more harnesses that help us make sure that we're building better code. Security has always been somebody takes a step forward, somebody else has to cut ahead. That's going to continue. I think just the velocity is going to keep going faster and faster. And those cycles are gonna go faster as well. Mike, I'm curious, and and we've talked about this before. The idea that we don't even need to wait for these mythos class models for threat actors to to already be taking advantage of. of AI as a part of their their efforts. And so, you know, just today, can you walk us through, like, some of the ways in which, like, we can use the models already available, even open source to execute mean, threats? let's just say we can use it. Let's have the, in so we don't I would say it's already here. And and a great example of this is if you looked at the original set of press releases and where where we got on this streak of Mythos is that, Anthropic mentioned they found a twenty seven year old bug in BSD. Old BSD is like the Everybody thought this is like the most secure platform. What's funny is the one of the original developers, another security reacher, Niles Provost, took a look at this and he's like, I think I wrote that code. I'm the one that created the defect that they found twenty seven years later. He's got a great write up that I was going through recently where he's like, Well, can I do this with existing models? This comes back to that harness conversation. He's like in the hands of a well versed security practitioner, this is a reality for them today. He was able to come up with a open source based harness model that played all these roles and discover very similar bugs. Didn't quite do it as fast from a time perspective, but relatively still very quick. Still great. That I thought was a very interesting scenario that we should be assuming this is the reality today. Anybody who's well funded and is able to go after these type of targets is probably already building these systems with what's available for them today. They're not going to wait for the next gen model to release and be available to the public. Now it's it's interesting, and this is something I wanna nerd out a little bit about. A big challenge with AI models that that they hallucinate, but in interesting way, could hallucination kind of change the asymmetry in the favor of an attacker? I I'd love like, Deb, let's start with you and kind of talk about, like, okay. What is this intersection of, like, the very same thing that makes them unreliable actually might end up, like, working in the favor of threat actors. Yeah. I think, hallucination is a really interesting kind of term. Right? And. so, like, hallucinations, I think we oftentimes as humans perceive when the model is coming up with some answer that's either not grounded in context, so not grounded, for example, the retrieved context we've given the model, or not grounded in, you know, reality, for example. It's like making up a factual statement, or the other. What's really happening, I think, in a hallucination is that the model is generating tokens that, are still according to, like, maybe statistical distribution of outputs that it might have expected, but the combination of those tokens gives us something that we weren't expecting or have not seen before. What I find really interesting about hallucinations is that, if you I don't know if you've watched the AlphaGo DeepMind documentary, but, one of the things that I think happened during so what happened in AlphaGo DeepMind documentary is DeepMind actually trained an AI agent. This was, I think, previous to generative free train transformer models. It was using, like, some really deep neural networks, but they trained these, models to be able to play the game of go. And I think one of the things that they found was and there's, like, a really famous scene as they were playing some of the world's best grandmasters echo. I don't know if grandmasters is the exact right term, but, like, one of the best, or Go players in the world. And, one of the things that they found was, like, the model made a move, I think, at, like, move 32 or something along those lines that was very different to what, like, the consensus view of every other Go expert would have been at that point. And at the time I think that, you know, when people saw this move get made in real time, what they assumed was that this is a hallucination in some ways. Right? Like the models made some sort of stochastic mistake, something on like the tail end of a distribution. What they actually ended up finding out was that, because the depth over which the AI system was able to explore next moves was much larger than what a human actor normally would have been able to do, The AI was actually executing on a game plan that was generally different, not necessarily, like, not wrong, just different than, like, what most humans might have conceived. And I think the big takeaway from demonstrating that, during that, like, documentary was that AI might actually be able to help us teach may be able to teach us new ways to be able to think about, like, existing constructs that we've had like gameplay. Might actually be, like, able to come up with what we might otherwise consider novel thoughts or novel ideas kind of in that space. And I think that's, like, where hallucinations come in. It's not dissimilar to how we might think about evolutionary algorithms in, like, computer science, which is, like, we're gonna come up with a lot of wrong approaches, but we're gonna come up with very diverse approaches and some that are gonna, like, seem that they're outside the normal context and bounds. But from some of their successes, I think we'll see what, truly novel or good ideas could look like. So the risk here is with attackers. Hallucinations for, you know, positive user is maybe considered a nuance. Oh, sorry. Like, like a a nuisance. Right? It's considered like, hey. Okay. Every x percent of the time it gives me the wrong answer. But the way I think about hallucinations from attacker is, like, there are a 100 creative ways that maybe a normal human would not have thought about to be able to attack a system and probably 95% of them are silly or 99 of them are silly. But the risk comes out of, like, you know, being able to exploit something in the long end of the tail distribution that actually is a potential attack vector that we had an architected defense systems to be able to go out and solve, which I think is similar to the, you know, the AlphaGo example of when the AI system figured out a really interesting and unforeseen, strat strategic move. So that's where I think, like, hallucinations one of getting, more involved in the conversation. I think that's where we're gonna see some of the more interesting vulnerabilities found as well. It's the idea that this context was just the Dac chain was so long and so complex that mostly even the the expert human wasn't able to keep that context in their brain. And yet the AI will figure out that I can somehow get from a to b because that's a really complex chain that's very hard to understand. I think there's a little bit of that in that BSDX example. Because when you start looking at these things, you know, you know, the answer is, like, it's not quite novel. Like, we we look at it and went, oh, I totally understand how it worked and how it got there. But the average person would not have found it just because the the the number of steps was way further than they would have thought you had to go to make it work. They probably either would have given up or not not understood the connection to get to the last few steps to make it work. Well and and, Mike, on on that thread, I think we were talking about how, you know, you can you can chain together, these individually innocuous moves, Mhmm. but collectively, it's kind of an attack on identity and going from one identity in your system to another identity to another. Can you elaborate on that a little bit? And then it looks like we've we've got, a really juicy question that was just dropped, so we'll. we'll switch to the. next. Yeah. Yeah. I think the the general idea is that we used in in the security world, we've always tried to prioritize things by kind of the the blast radius, the criticality of an individual vulnerability. Right? And they they tend to getting put into buckets, you know, low, medium, high, critical. Is this the only way we can deal with them at human speed? So we would, you know, fix the critical ones first, then do the high ones, then hopefully get to the mediums and lows eventually. But, with even with identity or any other type of vulnerability, there's many cases where the small ones give you a small bit of information or give you a tiny bit of access. And able to chain many of these together gets interesting, very interesting, very quickly from a pure compromise perspective. In the identity world, things are also crazy complicated. When anybody gets into anyone's identity infrastructure and you realize how many roles that are being managed, both human and non human, overlapping permissions, overlapping access to various systems. It's easy to get wrong. Similarly, once again, because AI is really good at these complex contexts and being able to put these together, it's able to say, wait a minute, I can jump from someone's really basic, I can print this report role and slowly expand my permissions over these different role overlaps and find my way to getting something interesting to the bad actor. So another avenue of a very similar concept, but I think it just speaks generally to where AI, exceeds, you know, our traditional human capabilities for just holding the context and understanding what's going on. So. it's a it's a dual edged sword. And so this kind of is the spirit of the the next question that we've got here, if we can get that on on the main stage, but but essentially Jeremy is saying, at present, you know, token costing is heavily subsidized. And I love to talk about this idea of AI economics or trickle down AI where the labs are really subsidizing the true cost of using these systems in the hope of scale, and we're paying for next year's models or they're paying for next year's models today in the hopes that, you know, there's even more adoption. So with the current, you know, the the idea that these AI systems can actually open up vulnerabilities to attackers to take advantage of, Do we think that this will either, be headwinds to consuming more AI in, like, white hat code reviewing, or do you think that it might actually slow down adoption based on the current concerns of, like, the vulnerabilities of nonhuman identities? Let's let's start with you, Dev. Take this where you wanna take it, and then we'll we'll go to you, Mike. Yeah. I think that the, you know, the idea that the token spend or infrastructure cost for AI, is subsidized has obviously been a large concern for a number of folks for a period of time. I do think that the like, on the flip side, the thing that I think we're generally seeing is that inference costs, which is essentially, like, the querying of the AI models, are dropping substantially year over year. Oftentimes, you know, at a much greater rate than any of the other kind of compression and cost. So I think if we looked at g t 3.5 turbo or better, equivalent models, like, we've probably seen those, models per token a per million tokens decrease in cost something like 50 to a 100 x is oftentimes like the benchmarks that we see. And I know g v 3.5 turbo seems like forever ago, but that was, like, about a year and a half or two years ago. And so in general, what we see, I think the, like, standard accepted trend is that each year about another token cost for the equivalent intelligence model drops by an order of magnitude. And, obviously, on the flip side, we're generating and post, both pre training and post training even larger and more, you know, expensive and capable, capable models. I guess my, my quick thought on this is that I I don't think that I I think that the cost of intelligence is gonna continue to shrink quite rapidly. One of the reasons for this is, like, you actually see a lot of small models that are quite capable, especially when equipped with, I think, what Mike was saying, which are, like, the right agent harnesses around them. And I'll use the opportunity maybe just to quickly define, like, the definition between an LLM and a harness too. One analogy that I often hear is that you can think about the LLM as the brain and the harness is like the body plus connection towards arms or the nervous system's ability to actually, you know, execute some control around it. More substantively, like, you can think about the model as something that's really just trained to be able to take an input text and then be able to give you a sequence of output text tokens as well. What a harness really is is almost like the wrapping around the model that helps it embed and be able to take action. Oftentimes in a Gentic world, which we think about is, like, models plus access to tools or access to be able to do an execution. So in harness might be like the wrapper around that feeds the model real time, and run time context. So it says, great. I've got this, like, good model that OpenAI or anthropic or an open source model trained. Now I'm gonna build in, like, a harness capability that helps also embed and enrich with the context inside of my organization. Harnesses also do usually a couple of other things, like, to give it access to tools. So saying, like, I'm not only wanna have this model, like, to cute, you know, in an isolation, but I wanted to be able to execute tools instead of Salesforce or otherwise. And then handles, like, orchestration and guardrails, I think, along those as well. The core point of this, I think, is that, I I think, yes, like, AI spend probably, especially on the top end of the market has been, like, historically subsidized. It's still gonna be subsidized towards some extent. I think realistically, what we're probably gonna see is that, like, the frontier end of models will probably still be somewhat expensive because of, like, the GPU and supply constraints on chips. But overall, like, the cost of, like, pretty good models is getting, relatively commoditized. And if you combine, like, a pretty good small model with a really good harness, I think you have a really, really effective threat actor or really effective good guy either way, kind of rolled out into the box. And so my quick point of view is that I don't think it'll, like, really serve as a dampener, towards it, like, the move towards profitability, revenue driven operations for it. I think that these companies have more than enough runway to go. I think today, if anything, they're already supply constrained more than they are demand constrained, which is like a wild statement considering the scale which they're operating at. And I think that it's going to be something that'll continue kind of to I think what we're actually gonna see is, like, consumption continue to grow, you know, rather than be able to rather than kind of hit a plateau or anything along those lines. Oh, we're we're very quickly approaching a point where the energy to supply the next generation of models is is just not we can't expand the grid more than what we have. This we may very well be stuck with whatever next generation comes next for for a little bit. With that being said, Mike, any anything to add or or or is, you know, this is probably more dev's world than mine just just from, you know, where he's. been planning and understanding all this from, you know, driving AI companies. But I and I think it's a nice thought process that something like this would dampen the issue, but I don't I wouldn't want anyone to take away that, oh, well, you know, this this is gonna run out, and I can I'll be safe if I just can hold on for a few years. It's a little bit longer. So it's probably. the wrong takeaway even if that's you know, it's a very provocative question. There's there's a lot of very interesting things about, you know, the investment in AI, the ROI, all this. But the reality we all live in is we have to run applications today. We have businesses that have to keep running today. The old adage, hope is not a strategy, and I don't really think this one's got a lot of backing in it. We just need to keep moving and accept, like we started off the conversation with and Dev mentioned that the good enough model that can be equally open source with the right harnesses can get the bad actor here. We can do the same thing. We can start doing much more tailored harnesses. Today everybody's like the major harness like Claude code. It's general purpose coding. I think we're going to start seeing the evolution of these purpose built harnesses that'll be commercialized as well, or the expertise of people like security professionals is going in, is developing ways to harness the simple and the new, the next gen models to do these tasks. It's not going to dampen. I don't think it's going away. I'm sure it's, you know but just much like six months ago, we we wouldn't have really understood this conversation the way we do it today. Six months. from now, we'll probably have some very interesting new perspectives. But, it's crazy think one of the premises brain cycles that have. gone into the thinking about this post announcement. I mean, even with us internally. And so I'm actually Mike, from your point of view, you're responsible for, like, our like, security capabilities and product. So can you tell us a little bit about, like, how this has changed your thinking or, like, what what assumptions you started to to change as a result of that? Yeah. What's interesting is I think it just solidified the assumptions. You know? And and since I've been at Rubrik, you know, in this role, it's always been about, you know, the the cybersecurity term zero trust and expect that you will be breached. So those basic fundamental premises haven't changed. It's really about, are we really doing all the fundamentals? And I think this is the general message again to not just how we build product, but to others in in this space. We have to go back and really look at the fundamentals of security on the prevention side. Right? So, you know, we can't prevent everything. That's you know, anybody tells you they prevented everything or the magic bullet doesn't, you know, be highly questionable. But making sure that we're covering that really well, all these you know, with the assumed breach on the back end, it's been our rubric model forever. You know, we've been talking about that for a long time. I think I just now we're just put adding a lot more impetus to how do we ensure that this is all survivable and what are the, you know, extra backstops. So the and also, like, long term, security adage is defense in-depth. That depth, just you're taking this out and really looking at your entire estate. What do I need to defend? How many lawyers of prevention and control do I need? What things do I really think have to be, for lack of return, logically virtually air gaps? So when the event happens, I know that this class of my data is going to be available and I can restore it. Now we're just taking the same lens. We know we've got a really rock solid platform. We've been doing this for a while, and we're starting to apply the same agentic techniques. Help me find any things we missed. This is where I think some of the I love the Dev's explanation of hallucinations. But I feel like as we start throwing the agents at our own code, which we've been doing for quite some time now, helping us expose usage paths. It's not the happy path. It's not where the user would normally go. It's not where the APIs were intended to use. You know, oh, this is interesting. This is a unique path that we wouldn't have even considered, and now we can bolster that. So we're just embracing the tooling for how do we use it to make our product better under the exact same set of, initial principles of, you know, zero trust everywhere and presume breach always and leverage the tools to help us do this in a better way. So, it's quite interesting. I'm I mean, it's I think it's absolutely fascinating, the way things have moved, in the last few months alone, much less you know, a little bit longer than that. Awesome. Well, thank you. It looks like we got one more question from Jeremy, and, actually, I'm I'm kind in excited. Jeremy. Somebody's, gonna yeah. Jeremy Jeremy, this is awesome. Please, if you you any of these, like, threads are intriguing anyone, drop some questions in. It's really the more that you ask, the more that you get out of this. But, you know, there there's been a rise of these bug bounty programs. Anthropic, like, you know, famously said, okay. You know, if you can find a bug, we'll actually pay you for it. And so now folks are using sloppy AI to create automated kind of reports, and some of these bug bounty programs are now going away. Do we think that this is gonna create a brewing risk? Because there are true threat actors who are in fact sophisticated, who are building behind the scenes. And and maybe to kinda take this back to our discussion, six to twelve months from now, do we think that there's going to be increasing level of enterprise risk? Where do we think this this goes. I'll jump in. I've got some I think, Jeremy's reading some? of the. same news feeds that I have as I saw a fun report from a Linus Torvalds, who many may know as the, credited for inventing Linux. He was complaining about this exact thing. But in basically saying that people are submitting all of these kernel bug reports saying, and it's obvious that they are AI generated, it's obvious that they're kind of slop. Honestly, my view here is that the slop ones aren't really a risk because we're finding those anyway. I think the point of this is that people are out there trying to think that I can just grab my basic pro subscription to a coding model, and I can somehow make money by submitting easily discoverable issues versus these are the things that we're finding on our own due diligence using the similar tooling if they are truly bugs. I think it can cause some noise, and I understand I think the world of bug bounty will probably have to be reinvented with an expectation that you're not just giving us a pointer, but how about, you know, proof of concept, more details, show this is real and not just creating noise. But then, of course, you know, if you put on the full on, AI model hat, then more than likely then something's gonna filter these and go, Yep. We, you know, we found this already too. We know about it. Move on. And only really think about the more interesting ones if there's a payout involved. But this is comes back to what we started off with that how we define security is gonna change. It's tech it's a massive shift. And a year from now, you know, maybe bug bounty doesn't exist anymore because it doesn't make any sense. Like, we're finding a lot of these, but or or maybe there's a new class of bug bounty that is truly novel things that, deserve that accreditation too. No. I don't know. Deb, where do you where do you fall in this this area? I feel like it's really interesting because, just to take some like a concept from core, like, deep learning and AI. There's this concept of, like, these there's these class of models called generative adversarial neural networks like GAMS. The way that they work is essentially you have a generator generative model and then you have a discriminative model. So these were initially and I I think it'll be relevant and brought back to bug bounties probably in about a minute. But, the way that they work is, you know, you have one model generate an image, and then the second model would go ahead and critique and tell you everything that was wrong about the image. And then the set you know, that initial model would again generate, the next image. The second model would, like, discriminate and try and say, like, hey. No. This computer generated. It's clearly not human. And the idea was, like, this generative model was getting better and better based on, like, trying to outsmart the discriminator model. And this is how, previous to some of the, like, more, I'd say, advanced computer vision models that have come out recently, even, like, five years ago, you could go to something like this persondoesnotexist.com and it show you, like, an amazing, like, picture of, you know, some, artificially generated human, which was wild five years ago and today just looks commonplace. And the reason I mentioned this is I think what we're gonna see is a really interesting kind of tug and pull, with these bug bounties as well as, like, let's consider with, like, AI generated slop in general. Just right now, we have, like, AI generated slop that looks good. Like, what slop is is stuff that kind of looks good at a very surface level, but then you take one quick look underneath the covers and you're like, this isn't exactly right. Like, there's clearly mistakes. It's using the same type of language we think, you know, we might have found, interesting. It's saying the things that you would wanna see in a bug bounty report, but if you actually understand kind of what Mike was saying in terms of, like, you get the next level of detail, you start to go beyond beneath the covers, like, it falls apart quite quickly. I think over, like, two to three years, what you're actually gonna see, maybe shorter, is, like, similar to the way that, GANs massively improved the quality of image generation. I think you're gonna see the same pattern now start to apply towards AI slop, which is to say, like, today, we often can look at content and start to discriminate whether or not, you know, that content is slop or not or whether it's, like, shoveling been prepared. I can't really go to this persondoesnotexist.com and consistently decide whether or not the person actually is a human or a real image. And I think we're actually gonna start to see that as well, in things like bug bounty reports. I actually. think it's gonna be in aggregate a good thing because what it's going to mean is, like, the actual detection and the, systems that we use to create things like, and detect bugs are gonna, like, end up getting better. So it's that the rate of false positives is much lower. But that's where I think, like, the future of these, like, where slop's gonna go. It's gonna be harder and harder for humans to be able to verify, you know, whether or not something actually is slop. We're gonna have in aggregate, like, as a percentage of the overall amount of content that's created, a smaller percentage that's slop, just like we see a smaller percentage of, like, let's say, humans with clearly, like, this morphed, figures from the AI systems. And I think it's gonna make it a little bit trickier, though, for us to be able to catch the instances that, you know, the smaller instances that are not slopped because they're gonna be much higher quality in general. Right. That's kind of like what I think the future for both bug bounty and AI slot programs is. gonna go. The the the extra fingered, humanoid is no longer a thing. Right? That that one we can all we don't fear invented that anymore. Right? Exactly. Wait. Wait. That guy's got nine fingers and wait. That's not that. Those are things that we don't see anymore. That's where this has gotten better. But I think that's definitely where things are going. We do something very similar with how we look at our pipeline and our secure code development is to create the small chunks and writing specific personas for a separately instance model to go back and look, hey, this looks weird, change it, you know, look for standard security pieces. So a lot of that is already starting to happen. I think what we're like I mentioned earlier, we're gonna start seeing it's more purpose built. Like, we're having to build a lot of that stuff ourselves because it doesn't come out of the box, but it's very effective. We see huge results where it lowers the, the error rate. Now, we don't say, I don't see a lot of I wouldn't use the word slop in what we build. But what ends up happening is there is syntactically correct, meaning in a narrow scope, the code is correct for a task, but it may not fit the larger landscape. I think we see a lot more of that when you've got ten years of software development that was done by humans. Understanding how to integrate with that from a model perspective might be doing things that are syntactically correct, but not necessarily fits into how we operate. And that's where we have to train things to do it very specifically, the rubric way to make sure it works in a proper sequence. It's very, purpose built for for doing things like that. And I expect the tooling to get better and better so we don't have to necessarily develop this kind of intelligence on our own side as much as we do today. So this kinda, like, brings me to one of the the themes that we have here is the role of the cybersecurity professional. We've been saying, you know, the only way to combat these AI originated threats is with AI. We're gonna now need AI to be able to look at slot or sift through slot, for example. We're gonna need AI that can help us write more secure code. We're gonna need AI to help contextually understand what, AI systems are doing within our environment and be able to block contextually incorrect actions in the moment. Those kind of like micro, threats that can move without us being like, being able to detect them. And so I'm kinda curious to hear both of your thoughts on this. Deb, we'll we'll start with you. But if we have to evolve to use AI, what does the role of a human become? Yeah. I I guess, like, my first point of view is, like, I do think we are gonna have to evolve to use AI to specifically, like, secure. and govern, AI and, especially agents. And, I I've sort of heard some variance, like, from security leaders in certain organizations that that sounds something like, hey. I was just another class of software, and it means, like, I need to get, you know, my, it means that what I really need is, like, hey. AI is another nonhuman identity problem, for example. It's just another nonhuman identity. So what I really need is to make sure to get my nonhuman identities kind of an order. And my point of view is that AI is a first class of software, but it looks very different to the, like, previous software that we had actually, thought about building tools to secure. That actually looks a lot more like human execution and operations than conventional software execution. And we haven't had we've always had tools to, like, really secure and govern, like, the tools that humans use, but not so much like the human execution and actions as much because we rely on things like consequence models, like management chains, the ability to fire humans, you know, human judgments to make sure that they don't inadvertently do the wrong thing. Right? Like, a human doesn't hallucinate and delete a database or something along those lines. So I think that one of the key things we're going to need to do is start to use agents and AI to be able to secure and govern, like, what it is that AI systems themselves are doing, in large part because these systems are acting at just too high of a volume and without being able to follow, like, a traditional rules based approach that, you know, conventional static software would be able to solve. One thing we found when we were doing large rollouts of clogged code internally was that the, types of, like, new issues clogged code might be able to create was something that was really hard to enforce, like, any static guardrails around. Right? Like, as a small example, like, I think the Google Drive MCP connector and clog code was disabled, but had executed a command that said, like, hey. Create a document and populated it with x y z. Clog code noticed that the MCP connector for Google Drive was disabled, so it's like no problem. I'll go around it, created a browser window, typed in drive.google.com, and then had, like, a mouse click on a certain set of coordinates, which if you looked at it, it was on, like, the upload file button. Like, open up my file upload. It's just like a small example of the fact that, like, these models are quite good at circumventing, you know, the types of static rules we put into it, and they're executing so quickly. There is a thread in one of our channels that was essentially, like, a spirited debate on, like, should a human have to review every single action that clogged code takes? And, like, you know, one reasonable side is, like, yes. The agent is basically taking an action on your behalf, and so you need to make sure that, you know, you understand each of those actions. The other side of it is, like, this is kind of like the iTunes terms of service where, like, what you're really just incentivizing if you're not triggering only the most dangerous actions, but every action is like this, you know, dash dash dangerous, at least get permissions or what I've heard people describe as, like, YOLO mode and other things along those lines, which is all here. And so what's the role of the, human? I think I've often heard people describe it as, like, hey. The agent's gonna be like this copilot for this, human, that'll, like, help augment its capabilities. I hope that the way it operates is almost the opposite, which is to say that I hope the agent does, like, 95% of the work, and then can escalate the issues that it doesn't have. I I actually think that it's not gonna be if the agent doesn't have enough, like, intelligence to be able to solve, but where, like, we might not have equipped it with the right context in the harness for it to be able to make an assessment on, where it needs to go and escalate it towards the human. I that's what I think is going to, like, end up becoming, you know, increasingly the role of that human. It's not going to be like it's every I I don't think human loop is gonna work for, like, 95% cases, because the things execute too quickly. And so I think it's gonna be agents understanding when they need to be able to pull in a human, having that be a minority of overall use cases, usually one in which, like, the harness didn't include the correct context. Maybe some in which there's really nuance in the policy and it requires, like, some more, additional oversight, and being able to pull on the human in that case. But I think this, like, general question of what's the right interaction model for, like, humans. and agents over the next three years is very much an open question. Well, there's a lot of reviewing the behavior of these models then in retrospect and then using that to update, like, your your overall strategy and your architecture of the harness and the rules that you have in place, because it's like, you know, some of these edge cases and what I think we're seeing happening is, you know, instead of a nice little bell curve where you the exception is the edge case, we now live in the edge cases. There's an infinite. possible combinations of actions and data sources and context that you can't ever hope to test all of these in advance. And so I, you know, I see a small part of that is also humans are now moving to a review of what's happening and using that to evolve and adapt. But sorry, Mike. You you were about to to add to that. No. No. It's all I mean, it's you know, as far as the human loop thing, I think a great example of I don't know how much the audience has even used Claude code or played around with the tools, but it has some we'll call it Lagos Herman seat belts. Like, it's gonna do an action that could be questionable. You get this yes or no. But the you know, what I always look at that and I said, well, does the person sitting behind that keyboard even have the understanding to say yes is a good thing, like, or a bad thing. Right? So that, you know, adding a human requires a specific human that actually understands a much greater context and it makes a big assumption. So you can see that's failing very quickly where where eventually it just becomes, you know, the Homer Simpson model. I'm just gonna hit here and I only need a keyboard with two keys on it or maybe one key, just one yes key, and I'll let Claude go away. And then you're not getting any kind of governance out of that because they don't. understand the context. And so that's probably what keeps me up at night. Like, I think we're like, I'm not worried about internally, but, you know, as a general security professional, like, I'm waiting for some organization out there who's just going to, you know, open ended throw a lot of tools at something without having the thought to say, you know, where where should we phase out our rollout? Where does it make sense to use these tools now? Where do I not have the governance control that I really need for, you know, this you know, where things could be non deterministic? And, you know, I you know, that's gonna happen. I think I would just we we're like one news story away for someone that does this and doesn't pay attention. And and and then they're like, well, I just had no idea I could do this. You know, you're gonna just get that dead goofy look on their face in the news report. Hopefully, There's been no, shortage I think I think I think all of us don't know. It's it's just a matter of when it happens, not you know, we've already seen some pretty high profile ones. that are anecdotal about, you know, AI AI. deleted my code. I'm like, wait a minute. No. No. Let's step back and how did we get there? Like, what's the chain of events that got to the point where some AI agent deleted all your code? Cloud code keeps trying to post internal source code to public repositories. Like, it's one of the, like, great things that we noticed internally and then catch and block with our internal security system for agents that we call Rework Agent. Cloud. But, like, keeps trying to do these things, and I would say, like, internally, like, the same thing Mike was saying, which is, like, we're gonna see, we're going to see this happen until, like, you know, it's gonna hit the headlines one day. It's like, it's not in the headlines, but it's absolutely happening. Like, and, you know, I think the headline is almost a question of, like, when the PR, ends up finding it, but it's inevitable. And I think it's kind of like a I think that to some extent, people would like to ideally take comfort in, like, a hypothetical guarantee that the human fully understands what the coding agent is doing and could take full responsibilities towards it. But then I think if you talk to anyone who's using this, it's like, that's not quite exactly how it works today. I've heard someone just described as, like, a fast car without brakes. Yeah. Like, you know, it's either, like, try to put on a break every two seconds or, Well, you have think bias. Like, I mean, I I I see this all the time. Like, even when I'm I'm using this for for content creation, one slipped by me the other way, and I'm I'm very diligent about that. But, like, everything was exactly as I had worded it except for one word, was swapped. Didn't even notice, didn't register. And so we have this automation bias where even if we are doing the quality control, it's actually really hard when you're trying to move quickly to get, like, 100% completion. And so, you know, it's it's it's interesting. Is this a part of the cost of doing business now? Like, if the value of using AI is so high, it's almost like assume that some of these issues will arise, and it's all about mitigating the overall cost of those issues in in the face of the value that you get by using these tools. Yeah. I think. it comes up to I feel like you there's a level of education that has to happen that. maybe isn't happening yet in a lot of organizations. We're really understanding that with, you know, the the point you just made, Cal, is, like, there's a huge obvious, performance gain. Right? I'm gonna be way more productive if I use some of these tools. But using them without considering the failure scenarios, which, you know, I guess, Yep. me and the security world, we're always thinking, you know, we think doom first, happiness later. Everybody has that has that creative mindset. Like, what could go wrong? But that's what I think really has to happen. now is really understanding, like, do I really understand what I'm getting out of this tool and what could go wrong? And am I doing it in the right right way for the technology my company has available now? If not, do I need to grab that technology? Now I've just given myself a business case. There's a huge gain as long as I get the right tooling in place to make sure the bad things can't happen or I'm getting some level of insurance that I've got governance in place. And that discussion needs to happen more and more at every level of an organization that's trying to roll out, you know, any kind of AI tooling. Well, as we we come to the end of our our conversation here, I think this is a really good note to end on and, talking about the importance of resilience. And so, I've been hearing this a lot more since joining Rubrik, but the idea of an office of resiliency is kind of an extension of what was traditionally the defense and the purview of the CISO, or the chief, cyber resiliency officer. And it's this idea of acknowledging that you can't defend against everything. You can't prevent every unintended consequence. And so the only thing worse than getting breached or the only thing worse than having AI wipe your code because you didn't set up the right contextual guardrails to begin with is not being able to gracefully recover or act on and and course correct when things do go wrong. And so can can we talk a little bit about, like, what are organizations doing today to become more resilient? Deb, we'll we'll start with you, and then we'll we'll wrap up with Mike. Yeah. I think that one of the things that I've, always loved. from Rubrik's early days was, like, the motto that they have, like, assume breach. Right? Like, Yeah. your Polaris is always good, like, best practices, and then something's gonna go wrong. So what do you do when you do, like, something does go wrong? What do you do when you do assume a. breach? I would just argue that I think, if you are bullish on the AI trend to continue with respect to consumption, so I'd say like most macro signals would probably again demand, indicate that they're like really just supply concern, not demand constraints. You'd expect it to continue as long as we can feed at the supply we need. Then I think you need to be also bullish on this idea that you are going to need insurance. Essentially, like if everyone on the road is now getting cars that go 10 times faster, I think you're in aggregate gonna need to end up having, like, a little bit more premiums and insurance. Right? There's always benchmarks I think people think about with respect to, like, infrastructure costs and how much to think about, protecting, securing and making sure resilient in the case of the infrastructure. But, like, I would I would argue that, like, you probably wanna key that in as, like, an underlying assumption as you think about rolling out any of these agents or these, AI systems internally. But what does it. actually mean in what our organization's doing in practice today? Personally, I actually think it's a little bit of a gap in the market. Like, I think that I think Rubrik, obviously, like, we all work at Rubrik. This is why we do it. Right? We think that we have a unique offering and capabilities that helps provide resilience not across, like, just data systems, but also identity systems and also AI and agents as well. And we think we have, like, an excellent solution towards it, but, you know, keep it not a vendor pitch on us. I I will say if I thought about, like, let's just say what people might do independent of talking to Rubik. It's one of those situations where I kind of look at an organ. I'm like, I'm not exactly sure what you would do if you didn't have, like, lightning fast, recovery tied to observability. Well, it starts with assuming and acknowledging, like, hey. We're gonna mess up. There's gonna be some mistakes. And I think that that's, like, been, like, a dirty word so far. Like, we we've gotten really good about doing that with innovation and, like, building new things and products will fail, but this idea of, like, your cyber defenses, they're gonna fail. Let's talk about that. Your AI systems are gonna fail. Let's talk about that. That that's not so normalized yet. I I think that's right. And maybe I'll just end by saying, like, I think that maybe historically dirty word is potentially correct. Like, it was like a minority that might maybe people. might put towards resilience, almost like a little bit of an afterthought. Yeah. But I think this is probably when I think about the CSO at that large Fortune 200 that was talking about being Meet Those Ready, is. probably what I'm saying is that, no. We can start to acknowledge that, like, we were never gonna get it all, like, completely correct, on that first take, and that's more of the reality of the world that we're going into. So I I, like, just absolutely think that's gonna be the macro shift that ends up happening is that relative spend is gonna go more and more towards resilience, and, like, this idea of I need insurance when something goes wrong. At the very least, over three to five years because it's gonna be a very chaotic period as this gets rolled out in the enterprise. Agreed. Mike, Yep. bring us, you. know, partially, I agree. So I think part of this is, like, what's old is new again. Right? Terms, BCDR. Right? Business continuity disaster recovery. This is really what it's all about. Never? heard of that. Right? Why do we wanna be resilient? Right? Is it it's not just because you you know, there's there's it's a business that you wanna run. So we're just. shifting to that has always been something people did. Maybe they did it for compliance reasons. They they wrote up a paper that looked like they had a plan. They got around a tabletop and did an exercise once every couple years, and it kind of worked. That was all great before. Now you have to do it for real. Like, so all the talking about that, now we really have to understand, like, what is our business continuity story? Like, how do how are we going to be resilient? How are we now that the way we become resilient and when we recover from disaster may be different, but the thought process is the same. What's important? What do I have to make sure is protected? How quickly does it have to come back? These are all now, like, some of the most important discussions you have to have is, you know, we make we lose how many dollars per minute if the applications are offline or per second, if you're talking about financials. So, you, know, this we actually have a plan? And and what are we gonna do to make sure that this comes out? And I'd I'd argue that many didn't actually have a plan. That's where we have that intellectual truth has to come out is they had something, but whether or not it worked or not, maybe they didn't know. But, the reality has changed. It has to work if your business is going to succeed. I I love that. And, you know, it's it's really, like, it's it's emphasizing the idea that, like, this is not a trivial thing. This is not a one time exercise of, alright. We have a resilience strategy. It is actually something that's gonna get more complex, that needs more hands as assumptions change. Like, the work is going to end up being, like, defining resiliency and updating your assumptions around what it means to now be resilient as new processes are added, as new tools are added to your environment. And and and also what am I resilient against? Right? It's it's. not it's not earthquakes and fire. And then we move to ransomware and cyber attacks, that was the disaster. And now it's that same category of things as well as what could happen if one of my AI agents goes rogue or it's just not really rogue, it's as you know, to use Dennis' term, it's like it's trying to complete the task you gave it. It's going to try really hard. That's really what they're designed to do is complete the task and it will try every avenue it can that it has available to it. So without the governance in place, it's gonna keep trying and some of those methods might not be the outcomes that we want. Well well, on that, Dev and Mike, I I consider myself so fortunate that I get to chat with you guys on a regular basis. This has been a really fun and insightful conversation. For for everyone who joined us today, thank you so much for giving us an hour of your time as a thank you. And if you found this conversation interesting, we definitely wanna make sure that you join us at Forward, which is coming up in just a few weeks, June, both in person in Vegas and streaming live virtually for those of you who want to tune in online, where we'll be having so many more conversations just like this on all the various different facets of resilience. There is a link. Don't miss forward. You can click on it there. It'll take you to the registration page with a discount code applied, and we'll also be sending that as a follow-up. But with that, Dev and Mike, thank you both, and thank you everyone for tuning in today.