Welcome. we're here to talk about the future of digital identity and the digital business. And I'm here with Joe Carson of Delinea. And we will talk a bit about his perspectives about what is the next big signal from his perspective, that will impact the digital business via something happening around identity. Joe, welcome.
Thank you. It's a pleasure to be here. And, definitely, it's an exciting time. I think when we're thinking about the future of identity, we can't escape the whole, massive hype around artificial intelligence. Now, when I look at how artificial intelligence has been used today, when we think it, let's look at it from a defense and attack perspective, attacking identities. We have all of this assumptions around how attackers are using it, but in fact, they're not using it that much because the basic techniques for attackers still work today. You know, basically being able to compromise credentials, phishing still works. The vulnerabilities are still there. So they're still not really moving into using AI that much. They're using it in some areas such as pretexting and social engineering. One thing in Estonia, for many years, Estonia was protected with the language. The language was a barrier for attackers because it was so complex. And in the past year the generative AI has removed that barrier. So they're definitely using it for better and improved translations. But the acceleration in identity and security has been around the defensive capabilities. It's actually defense which has been accelerating and using AI much more. A lot of it is really to reduce wasted time. It's to make sure that we can see the data that is the most important thing that we should be looking at. So that's where we're seeing, the acceleration of that.
And I think there's also this, you know, this “a” in AI, I think from what we do today it's probably more augmenting intelligence than artificial intelligence. And I think this is also the purpose of it. It augments the humans in doing their jobs better. I think this is particularly important when we look at security, because we always have the skills gap. We have the complexity of these topics. And this is where I believe we have potentially a very huge benefit of these techniques. And also like to always distinguish between the analytical AI which we used for quite a while. So, crunching huge number of data versus the generative AI which is the newer thing, also not really fully new anymore, which and I think both together, the interplay of this is what really makes things different.
Absolutely. I think you have a key point. For me, I'm not a great fan of the using the artificial piece, so I like the term augmented intelligence much more. I like assisted intelligence much more because ultimately it's not... AI's here to help us to make decisions and do it much faster, and make the right decisions, with as much context as possible. So you're absolutely right. And also, when you think about it, I think what's going to really change is that, I started seeing recently in Estonia where they've got this KRATT bot and it's a citizens assistant, and it's got me thinking that eventually we'll start seeing there'll be two versions of AI. There's the AI that I will allow to be autonomous, that will do decisions based on my predefined preferences. And that means that I will be able to audit the actions of it. And I will go back and say, well, what did it perform for me? And I can say, well, actually, if you do this again in the future, I want you to do it this way rather than the way you did it. So having that explainability there. So we'll have autonomous AI agents, and then there'll also be kinetic based or interactive based AI agents, which means is that it's going to present me with a decision, but it's me, the human, that will decide which action I want it to take. And I think this is going to be... it’s huge, I think this is the time where it can make a massive difference to society in regards to quicker decisions, more decisive, more... My concern right now is the training of those models. is how they've been trained. and the lack of, let's say accuracy, or confidence level. That's what I think needs the most innovation and improvements.
Which is easier when you have this, you called it autonomous. I believe, I think we probably will get something which I would better call it semi-autonomous. So when I think about the intersection of decentralized identity, so I have information in a wallet or whatever and a lot of lot of things. I think I could also have all the information in which my current preferences, which may continuously change. So maybe I'm looking for a new car, to purchase one, I might have some preferences to say, I need certain types of information around that, and I want to exclude whatever this type of vendors or want to focus on that, whatever, this type of engine and so on. And well, later it will have changed or I changed other things and then this loads so to speak permanently and updates my preferences, my way of thinking. And that also may help with the other problem. Because in that case, it's not that we are that much saying, okay, these are my preferences, and this is a pre-trained AI bot or model. But it is, we continuously influence the model and maybe also feedback things.
Absolutely. That’s the auditability...
and explainability, I think those things will change. But yes, I think there are a lot of great things. But also back to security. I believe this is this is a super interesting area because we already see that, AI, I think for a while when you look at the analytics of data, log data, etcetera, we had this benefit. But I think it's really, you know, a bit of really almost a quantum leap again, with what we enable with generative AI in the space. So this is also what I like. And by the way, maybe we can quickly touch this. And I think there's a lot of discussion around deepfake again. And I think one of the things you said, the attackers aren’t using AI that much, I think for deepfake they do. But on the other hand, most of the tools that are used are somewhere available. There are for the 40, 50, 60 types of tools to create deepfakes, which also can be used by the defenders.
Absolutely. And there's lots of generative AI models that have actually had all the guardrails removed and is now available to attackers to use as they wish. So you can go and try to create things quickly. But you're absolutely right. Some of the big advancements that has been around, the natural language processing understanding. That's what's made... that's the evolution. But you're absolutely right. Deepfakes. What's happened in that area. It's lowered the bar quite significantly where it used to be something that somebody with more sophisticated skills could do, you know, the deepfakes and recreate the voice and, you know, do the simulations of the facial images and so forth. But the technology with AI is below that bar that anybody can, with an internet connected laptop can do it now.
Yes.
The main focus has been not around things like ransomware attacks or data extortion attacks, where the deepfakes has been moving mostly into things like financial fraud. So and we can say, you know, financial fraud has some digital cyber elements of it, but the primary has been things like business email compromise or invoice fraud or, impersonation in order to do financial crime.
I like what you're saying because I think one of the elements in tackling deepfakes. So I strongly believe we will have, so we know how deep fakes are created and we have a bit of an advantage because as defenders, we only need to spot one weakness in the deepfake, to say, okay, this is a bit, suspicious. Normally we have to defend against everything in this case, and the attacker only has one vector. In this case, the attacker needs to be perfect. We only need to spot one anomaly, which makes it easier for us. But the other element is, and I think this is what you brought up, it's about financial fraud. So we need to combine the two perspectives. We have a lot of solutions, tools for fraud prevention. And if there's the 25 million transaction, it's not only that we... the deepfake detection should raise an alert, but also the fraud prevention systems on the business side. And if we bring this together, then we have something which definitely will be helpful again in fighting deepfakes.
You're absolutely right. So the converge is going to happen in the future. It's already happening today. We've seen it with, you know, different amazing, you know, with Andy Greenberg’s book, Tracers in the Dark, covers it fantasticly. If you look at a lot of the crypto currency crimes, it's all financial fraud. What the criminals in the background have been doing, especially in organized crime, is they've converged already. They've converged the cyber element with the financial money laundering capability, and they've converged and they're conducting it in, in like, almost like a crime ecosystem. In our industry, we haven't yet met that convergence. We haven't brought the cyber knowledge and capabilities together with the financial fraud capabilities as well. And we need to do that because the intelligence and the cybercrime and money laundering is in the financial side and the detection capabilities are there. We're good at detecting the, you know, the cyber digital elements over here. And that convergence needs to happen. I do see in the future that the financial crimes industry in the cyber crimes industry will come together. It's inevitable that's going to happen. But it needs to happen sooner because the ecosystem is already doing that.
But it's the easiest way to fight these challenges. Joe, I think we already at the end of the time we had. So thank you very much for this very enlightening conversation and all the thoughts you've been sharing. Thank you to everyone listening to us.
Many thanks. It's been a pleasure as always. I really enjoy and I think, this is one of my favorite places to be every year. And it gives me a very enlightening, you know, it allows me to be creative and get my ideas to come together. So thank you for the opportunity.
Thank you.
