Yeah.
Fantastic. Thank you. Both of you for being here today. We really appreciate your time and also sharing your, your research areas, your interests and your expertise. So I think to begin for everybody's benefit, be great to go through some introductions.
And so, Lex, maybe you can begin and share a bit about yourself, what your work or your research is, is going into. And why are you sitting here on a security and AI panel? So thank
You. Sure. Thanks everyone. My name is Lex I'm, founder and CEO of motions cloud. So motions cloud is a MUN based inspect tag or insured tech company, help insurance company, claim management, company, fleet management, company, auto automotive companies, and property management company to streamline and automate inspection processes powered by AI, computer vision technology. Yeah.
So today motions cloud already serving clients around the world in the us, Germany, Austria, Italy, Switzer, and Southeast Asia. And yeah, this is motions cloud. And about myself I'm CEO and founder I'm I'm actually, I see graduate from K T as a, as engineer physicist, physics engineer. And then I founded several company in the past. So very senior and then also, yeah, very much interest interest in the AI technology in terms of security as, as well as internal of development of the future futuristic futuristic trend in the future. Yeah.
So that's, that's why I'm here. Yeah.
Fantastic. Thank you. And Barbara.
Okay. My name is Barbara Mandel at the moment. Currently I work for a small company called foster forum. I'm in charge of the cyber security there, and I advise companies as an interim CSO or as, you know, providing the CISO help. And on the other side, four years ago, or five years ago, I was still the group CISO of Daimler. So I had a global function and I was also responsible for the global identity and access management. So that's why I think I'm here, but I really like German mark. So why am I interested in AI?
Same point I I'm trained physicist and mathematician so many, many years ago. Some of you were not even born. Then we were working on pattern recognition and this was the start, you know, that started getting into machine learning and all that stuff. And it's kind of fun because it was very theoretical work at that time that finally somebody's doing all, everything with it. Thank you. So it's quite interesting. Yeah.
Yeah, absolutely. Thank you. And so then just to start off very broadly, where do you see the intersection between AI and security?
You want him to answer me
If there's yeah. You wanna start, let's throw it to let you
Start start.
Yeah, because there's two perspective that we can see. Right. The first perspective is some people utilizing AI to abuse. So that's one of the security risk. And the other one is how do you secure your AI system? Right.
So just, yeah. So there's two perspective. Maybe I can share a bit about the, how people use AI to abuse the security. Yeah.
Because, because you see right now we know that we there's a deep learning and that's a fake media, so that's why all the deep fix come in. Yeah. So it's manipulate the public perspective and also manipulate different kind of different kind of perspective to the politics, to the view. And so to the activism and so, so on. So I think that is one of very how to say common example that people know that how this fake media affecting the securities.
I mean, in a very global skill, I would say. Yeah. So that's the perspective that I can share for now. And then for the other side is how we secure the, I mean, how to secure the AI system, then that's more technical technically that organizations need to need to do a lot of different kind of compliance and so on. But I think maybe can share a bit more about in this per perspective in,
Okay. So to your first point, I see AI at the moment, obviously with a lot of focus from my field for cybersecurity. So that's why I've been looking more like what's there in that realm.
So that's why I am very interested. I mean, I know all these other stuff are also very, very interested and to do, but I have the application cybersecurity in my head. I think one of the issues, and that is a part, we talked about it yesterday in a workshop with women in identity, I think in cybersecurity. And I'm now I'm having fun because I work with small, medium enterprises. So I've been in this huge global thing and I could buy anything. It was just simple.
I mean, it's hard to be a CSO, a group CSO. I'm not saying that, but you have money, but my customers now are small or medium enterprises. And I find that very intriguing. I have one customer he's also like us, he's an astronomer. So he started doing his own, I IA stuff. And this is for detection and it works brilliantly. So I think, so this is my combination. Does that answer your question? I think it does.
Right? Absolutely.
But, but from that we've, we've actually pulled out three different perspectives here. So how can AI be used as a weapon in a sense, yes. How do we secure AI itself, but also how do we use AI in encompassing cybersecurity, right. On a larger perspective for the organization. And so that leaves us many, you know, wild goose chases to have during this conversation. And so I'd love to keep it open. When you have an idea, when you have a con contribution, feel free to jump in and just run with it.
So then with that, with all of this ambiguity, you know, these three different perspectives, what do we even mean when we talk about AI and security, there comes a lot of insecurities from organizations. So in your conversations with FIS, what are their fears? How do they build?
They're not that far that they understand it, but no, I mean, that would be too early to say that. But what our fear is from as cyber security experts is actually the first point is for me that in general, not even only the security part, but what you're doing is you are collecting data. Now let's not go into that.
The data might not be okay that you're collecting, but the other part is really, you need to know your governance and this sounds awfully boring, but you need to know when to get rid of certain data. You have to know the GDPR, you have to know the retention policies, et cetera. So that's what I'm a bit worried about when too many people start doing fun stuff that they might be forgetting that because it has to be a gone the second part, the security itself.
Yes. I'm very worried myself. I'm very worried about it. It's not the algorithms.
I mean, they, I, those, I know the algorithms are fine, but the implementation of the algorithms, what I'm seeing, a lot of people are taking tools from the internet. And if people are smart, they can use, you know, for, for Al AI or ML, they have to really see that these tools are clean from a security perspective. Now the really good people know that they know what to watch out for, but if you're principally more mathematician, you don't know that stuff. So that's one point.
The second point, I've also been in a lot of companies the last couple years who do development and I've seen a lot of problems there. Software development is still we're talking for years. Y and I have been together for years back there about security, but in the development realm where this goes into again, it's sometimes I would say very much the security knowledge is underdeveloped.
So I worry a bit about that because AI is starting, right? So in startups, but if you do not consider that, that's my third problem.
The third problem with AI is actually that, which is your last question as well. But not that I'm gonna ask you that, answer that yet, but the third problem I find, and then I go back general to AI. Okay. So we used AI and I'm not exaggerating 83, 19 83 in the, mm. Looking at turbulence in which is very dangerous and turbulence. And we used ML. And what you call AI today, the problem with it, you really have to know how you do this because otherwise you have outcomes, which are not correct because the mathematics can deliver anything.
So the integrity of your data, that's why I like in cybersecurity, because there you have data to compare with, to compare with, because if you do, you know, like 20 now, 30 years ago, we couldn't do the weather forecast very well. I, I worked with those people for a while and now we're very accurate, but the problem was it had to learn, this algorithms had to learn. And so we would say, it's gonna rain in 10 days.
Well, it was the best day of the life. So you need this comparison with real data. So these three points, the integrity of the outcome, the security in itself. So the technical security really knowing what am I doing as a developer? And the third one, I forgot.
We get it.
Yeah. Yeah. I did notice the question from the audience. I'll come to you in a moment, but I'd love to let Lex respond.
And maybe I can form the question a bit more towards your situation, but as you're, you know, standing in a startup, what do you have to consider then about your own organization or about the, the customers that you're working with?
So I also can add a bit more points that what be we mentioned, because she mentioned almost all the points already.
Sorry,
But it's good. Yeah. It's with a different perspective, right? So I think what be already mentioned is the data, data, data accuracy is very important because as when we build a ML model, right, the, the algorithm can be easily manipulated. Yeah. If you input something that is biased, you know, with a biased, unbiased, supervised, or unsupervised training in the AI AI deployment.
So, so it is very important to, to really secure the accuracy or also integrity of, of the data. And then of course, usually when you train the data, you train on the historical data, right. But the world is moving very fast. So you need to always keep training, keep training, keep updating the model.
And, but then there's always tricks or maybe some sort of manipulations that some in the public that people will like to do. Like for example, like give a very common example. Like let's say self-driving car. I think that's the most easiest example.
You drive, you drive, you drive, you see all the common things, but then what if that somebody want, just want to trick the trick, the self-driving car. I just, you use some spray to spray on the traffic light a little bit spray on the stop sign a little bit. Then the AI was kind of a bit confused and dunno what to do. And then of course, then the human come in, you know, to secure this,
I just wanna point out to you. That's why we decided many years ago at Dan, that there would always be a driver on board stuff.
Yes, no, but that's exactly the point because at a certain point, the driver has to be able to react. I don't know what they're doing now because I've been gone too long, but that was exactly the point. That that's an interesting observation. Yeah.
And then if you talking about the other second point, I went by, I mentioned about the clean source code that you get it online because there's so many open source that you can grab. There's so many authors that open source code, you grab it. Oh man. It's work is fantastic.
But you know, that's some reason maybe this code is actually have some snip, the security trade insight that nobody knows. And one is in your system is start to spread in the AI way. Could be. Yeah.
So, so that, that like another things that you like, we really need to be aware and also have different kind of expertise when you want to build AI, AI model that look at different kind of perspective and also get the, how to say authentic source of this free train or transfer learning model. Yeah. So I think this two points I can add on now.
Yeah. Fantastic. We
Do agree. See?
Yes. Yes.
Still agree.
We still agree at this moment.
Right. That's good. That's good.
Raj, can I ask you yeah. Hold the microphone for our yeah.
Yeah. Very much. Yeah. I have a question in Ellen Foster's presentation, he mentioned some use cases. And if I look at it from a mathematical perspective, it's, it's more or less.
Well, I would, I would say it's not AI more or less like percentage calculation and maybe some association mining. Yes. I would be interested really in understanding what real AI cases you see in, in the governance area, in, in security and governance.
Well,
I think
From a, from a CISO perspective,
Especially, yeah. The one, when I think he pointed out he wasn't, so the stuff he showed, this is my small customer. Yeah. This astronomer did all that. Right.
They, he just does it by himself. He's candy. He can do that. So that's cheap for the customer and what he did point out, which I thought was interesting as a CISO is what I'm also doing with his customer. I show his graphs, you know, how, how the people are doing their stuff and he's, let's call it more ML if at all. But he's using some of these algorithms where I see the future is, but I've been talking about this. I'm not lying at least 20 years. The first time I went to IBM to really learn that the machines are starting to learn like the one he said, the manager who's granting access.
Well, I think you could learn, right?
You could learn. I let's say you have a department of 30 people, or you have 300,000 people working for you that this, by learning this that he can see, or the algorithm can recognize, this is not the person who has to have access or on the, the other hand, which I'm more interested as a CSO is, is this person still in that department?
Now, if you do that statically, just an example, just small examples. You can do that more interesting. I find it in detection. So let's go away from identity and access mention because that's Allen's field.
And I, I think there's a lot of future in there in the governance as well, but, you know, okay. But on the other hand, I'm more interested and I think that should be the future for cybersecurity itself. We have this enormous problem with all these threats, with all these, right?
You, you go nuts, right? So you have all this information around you suppose. You're now a small business, big business has a SOC. They do it by hand, which is also silly to get this information, to see which information is really relevant and relevant for you, for your company, for your environment. It's a bit hard to say that that's how I would want to see. So that detection is not only for the big companies. Yeah.
I had the money, like I said at, so I bought that stuff and I had a lot of people, but for the, which I think is the bigger threat at the moment are the small medium enterprises because they cannot work the same far away. We've started working in the big companies. So that's where I think as this is. Or does that answer your questions or, yeah. Okay. Thank you. Then I can stop.
Yeah. Okay. Yeah. Great.
Next, do you have any comments to add
There? Yeah. Maybe I can add a bit comments because I mean, we know that today it is, it is a digital world that there so much data that, that, that, that a human can handle to triage the yeah. To triage the, our security trade. Right. So in that, in that sense, we are using some sort of machine learning to actually triage the security trade and also a machine that not just based on statistic, not just based on percentage, but based on a system can learn over time, along. Yeah. Along the way. Yeah.
So I think, I think that's, that's where the AI actually could be, could be better or could be very good assistant to the human, to actually secure the yeah.
Secure because there's so many influences. Right. And that's what I'm thinking like, okay. Alan showed the identity and accident. That's not that hard to do that part, but it's good that it's there, but that combination, the combination he knows and which we get from other infrastructure, but also from the HR department, I'm just making it up as I go.
But all these influences and to figure out which are really important, it's like the weather forecast. Right. You need to know which parts could be important, which are not, and that ML can learn. So that's what I, that's my vision. Yeah. For security. Yes.
Yeah. Yeah. And I'd love to chase that down a little bit more.
I mean, we can, we can go down many other rapid trails, but somehow the time is
Watching
Is running out. I don't know where it went and we still have so much to talk about, but I would like to focus on, you know, we brought up a, a good point. Okay. What are we really talking about? AI or ML or mathematics, you know? So what is then the future of perhaps we stick with ML, what is the future of ML and security and going in the direction of cybersecurity for the organization?
Yeah, I can actually, yeah, let's start with L
So in, in my point of view and also in with, with our experience in the companies, I think it's very, very, very important to have crosscheck between, between machine learning, between a system, build a system that can crosscheck this AI system, but did the AI system, as well as a human, also involved in this and know the crosscheck is very important to, to double check. Yeah.
Like for example, if, if the AI model is kind of biased, if, if, if there's a system that we use open source that is kind of manipulated or some very suspicious code insight, and, and of course in the end data, privacy is also very important that we, we are making sure that the data has been secure is kind of anonymized in a good way. And also not really trying to try to store and try to use it utilize for any, any other way. Yeah.
So, so I think these are the points that I can, I can see at least in a, in a very particular perspective.
Yeah. I agree with you. Yeah. But you always have the checkpoints with human interaction. The bias problem is always, I also think even for our security problem, there is bias, you know, about employees and stuff like that. And then you always have to watch out. That's why I think it's really something depending on what the field is. So automated cars is not totally unknown to me. And so that was really an issue.
And, and, and when we then figured out, well, we have to have a driver, also people like to drive some people like to drive.
So yeah. So
That was the point. So I have nothing to add to this
Question. Yeah. Maybe you can add one more point.
I mean, usually, I mean, I think AI in security is still very new, still very new and that's still black box and so many people still figuring out. And that's one thing that I think is very important to, to understand is if, if, if, I mean, we, we trust human more in AI sometime. Right.
So, so sometime we tend to try to get more human to secure the AI, but then if more people involved in this, then the security trait increase, you know? So, so yes.
So you, you need some sort of balance that, okay, very limited human can, can actually secure this and maybe another system that actually can be also AI to secure this. So in that way, then you get a balance.
Then, then the security trade will be in, in a balance way. Not because human, you can be like, can so random, right?
Yeah. Yeah. And you really brought up this kind of yeah. This paradox then with security and AI, because you know, when we're talking about machine learning, we often say, okay, we need to keep human in the loop. But oftentimes with cybersecurity, we're saying, no, get the humans out. Like we are the security issue. So then how do we bring these two together to meaningfully increase our security? Yeah. Yeah.
So that's the,
That, that's a good question.
I mean, I, I do agree. Well, I agree with that part when the humans have to act on something, you know, like putting access or, or also my favorite thing is changing the firewall rule.
That's, that's always awful. So that could be helpful also in that realm, I'm just thinking about that in the operations realm, that could also be helpful, but the outcome is my issue. So suppose we're doing what Alan is doing, which my little customer is doing. The outcome is like, so, and so many people have used this and that machine and they, and how many identities have changed or identities, accounts have changed. All that kind of stuff. We see that very well. And so the CEO is very happy cuz he sees all that. I'm not so sure.
You know, it starts to be interpreted and let's go in ethics just for one sec, one sec, please
That's allowed.
Yeah. So this is an issue because some people and that is the human, what could interpret it like that?
Oh, that's probably that guy who sits in Benefil who never does anything. But now he worked at night. That can't be so the interpretation, just as an example, it's very in, in, in innocent one, but it can, we noticed that when we started doing AAM, I am more and more years ago more operational that obviously we saw things, which is not so good that people see it. So AI might have the advantage in security. Still people should be working with it, but sometimes things pop up that even the it personnel should not see. Right. So then we're going to your question.
This is allowed for the CSO and the compliance manager. Those are the two, many people who, who should see that, that maybe that is a chance cuz I hate that in it departments they see so much, which is okay, but they sometimes can't keep their mouth shut. Yeah. And then they go brag what they know about Mr. Soandso. So that's a very simple example.
Absolutely.
Yeah, no, unfortunately we've, we're reaching the end of our time, but yeah. Lexi, if you have, you know, a 32nd wrap up comment to add to this.
Yeah. I mean just to summarize, I think security is also very important in building an AI and it is, I think one of the, when you're building an AI system is one of the top three things that you really need to look at.
And, and, and, and yes, the data is very important accuracy integration of it. And then the ML, although you can use open source, but make sure the source is authentic. And then the data privacy part is also very important to secure the likelihood of, of all the parties that involve this project. Yeah. So I think that's what I can summarize.
Yeah. A great wrapup and Barbara again, 20, 30 seconds. Okay. I just short wrap
Sentence. Yeah. I think I'm really hoping that AI will finally come and get going.
Cause I still think they're in the beginning phase and I really hope this will help that you do not need expensive SOCs as a very expensive cyber security tools so that we can use it with regular people in smaller companies and maybe even for the individual. So that's my hope.
Yeah. Great. Great. Then thank you so much to both of you. We really appreciate having you was a pleasure.
Great meeting you.
Yeah. Thanks. So we'll move over. Yes.
