Ofir 00:00:00.000 We took full AWS environment. We installed multiple, OpenClaw agents that's going to manage this AWS environment as a company. We had the CEO, we had the support, the builder, and we took all of that. We put it together, and we opened Discord channel saying, "Everyone that want to try to trick them, just go ahead. Try to trick them," right? they know to, improve themself. And this experiment was very interesting because what we saw is that it never mind how they protect themselves, and they really great in doing that. you can still trick them. You just need to find a way, and it's a problem from security perspective.
Darin 00:01:39.214 Viktor, I'm going to lay out a story and tell me if it sounds familiar to you, if it's ever happened to you in your career. Are you ready?
Viktor 00:01:46.108 Go for it
Darin 00:01:47.144 All right. got something going on. Production's on fire. you need access to a table that you've never touched before. You got… You need some access. You file an access request. You then, make a phone call over to the desk telling them that you filed an access request. Uh, you send a Slack saying that you left a message saying that you created an access request. And then you walk over telling them that you left a Slack, that you phone called to get an access request processed. Does that sound even familiar to you?
Viktor 00:02:21.434 fortu-fortunately for me, it sounds like a distant memory Meaning that, uh, I've, I've not working for a while in companies where you need to, you know, do all those things
Darin 00:02:33.043 But, wait, it gets better. so this whole process that you just went through took 25, 30 minutes, and of course the incident's a week, and but of course the incident's resolved itself in the meantime, customers left during that time. Now imagine this happening every day of the week. we wanna do today is talk about what would it take to make that experience maybe not suck or suck way less without giving everybody the keys to the kingdom. On today's show, we have Ofer Stein on from Oppono. Ofer, how you doing?
Ofir 00:03:02.431 great. Thank you for having me
Darin 00:03:04.094 Does that story sound familiar to you?
Ofir 00:03:06.371 Oh, it is. Yeah, it's, it's some story for me and, today in Appono is, is something we help companies with. But going back, it's actually something I, I, noticed as, being a engineer leader and feel that pain from the engineering side every day in my work
Darin 00:03:22.874 It's amazing that that story I told actually happened to me multiple times at a company I worked at, I could never get around that. And it's like, again, I get to the end and it's like, everything's already solved. Whereas if I, if I wasn't the one doing it or somebody else could've done it, you know, there's, there's lots of different reasons why that can happen. But now that we're in a world… I'm gonna go ahead and just jump into it. Now that we're in a world of humans and non-humans, AI, it seems like access controls are m- and quick access when we need it is more important than ever. What do you think?
Ofir 00:03:53.071 I totally agree, and I, I, I think there is kind of like a, that kind of, paradox we can say that take productivity and, security risk and put access management in the middle, and you see organizations struggling to find the balance between those two. And it was always true in the past when we think about human access, when you need to understand how the engineer going to do their work without getting access to and keys to all of the kingdom, right? you can't expect what they will need tomorrow, so you need to kind of like prepare that beforehand. With that, we see, security risks coming to this area, and we see identities and access as the main point of security leveraging to go around and take data or do something in the environment. So this balance is very tough to find a human world. Now, when you put it on agents, it's even greater. And this paradox of agent are really, really powerful when they get a lot of access. we know that about humans, but for agents, it is even better. If you get agent that have access to all of your production environment, to the databases, to the Kubernetes, to the cloud, and they-- and they have data from, log analytics, and they take all of that together, they're really powerful. But with that, they create a huge risk. And we see that kind of like struggling is actually involving with those agents
Viktor 00:05:24.042 They're also getting better in-- I, I feel that we are already getting to the point where actually they are better at respecting rules than we are. lately I have constant, let's call it struggle with Claude, where I say, "Do this, do that, push to Git," and it stops kind of. "You told me I cannot push to Git." I reject your request." while, uh, me as a person would, Assuming that I have access, I would, I w- I would push it sooner than, than AI, itself these days
Ofir 00:05:59.567 You're right, and, I think AIs are really, really great and do what we, told them to do, right? And I think it's part of, the mechanism of LLM that we, train kind of like help us in this sense, and they are adjustable. this is part of their power. They are non-deterministic. We cannot predict how they're going to act, and this what give us a lot of kind of like vision on the future of what we can do with them and how they can help us in the organization. But with that, they are non-deterministic, so they can be manipulated, and we know this in the security space. There is a huge, topic about social engineering. How are we going to trick the human to do something he didn't expect? Machines never been in that threat. We never thought about, uh, my application. My computer cannot decide to do something else than what it programmed. It's a deterministic software. And non-deterministic software and agent and LLMs actually can be tricked. And we, we did this, uh, very interesting research. We took full AWS environment. We installed multiple, OpenClaw agents that's going to manage this AWS environment as a company. We had the CEO, we had the support, the builder, and we took all of that. We put it together, and we opened Discord channel saying, "Everyone that want to try to trick them, just go ahead. Try to trick them," right? they know to, improve themself. And this experiment was very interesting because what we saw is that it never mind how they protect themselves, and they really great in doing that. you can still trick them. You just need to find a way, and it's a problem from security perspective.
Viktor 00:07:40.654 A better experiment would be if you did the same thing to both AI and humans what I tried to say is that the question is, of course you can trick them, right? They're not this deterministic, we are non-deterministic. The question I have is, who is easier to trick these days?
Ofir 00:07:55.735 So I think, probably agent to trick human, it's easier. and I think the way that we, protect ourself from that, and it's really interesting when we think about agent and what's going to be the future of that, is different methods of accountability and ownership. Because the employees in my company, as an attack vector, as internal threat, have all the legal obligations that protect me them and their experience, et cetera. And I think today we are in this revolution about how it's going to work for agent, and definitely maybe we'll see some legal terms for agents in some way or training for agent in some way that's going to duplicate the same method. and it's definitely something we see in companies. But a lot of the companies today, as far as I'm talking with them, are really in the transition that they don't know how to leverage agentic, in a safe way, It's kind of like they are seeing this trade-off that we saw on access management, is do I going to move slower? And with agent slower, it's very, very slow. If you don't leverage agent, you don't leverage AI, you keep doing things as we used to without the innovation of, what is provide. Or are going to, be secure, and stay secured and be slower, or move fast, but take the risk and just go forward, provide access to anything, uh, use agent to anything and do that. And I think it's a real struggle. And I, I don't see one path that beat the other one.
Viktor 00:09:29.764 So it's a kind of, it's impossible question. Nobody wants to be in-insecure and s- nor anybody wants to be slower
Ofir 00:09:38.413 from what I excited about the space that we explore in is this paradox, because it's true. No one want to be in a risk, and no one want to move slow. So it's kind of like the impossible question and, I think there is no straight answer on that. But exploring how to make organization work in efficient way on that, it's really going back to what we all know about what we start with, is the human that need access and way to this access, and we said it's gonna take twenty minutes and it, it's gonna take an hour, it's gonna take a week, right? And how you streamline processes and understand that the non-deterministic humans with the non-deterministic AI create a very dynamic environment. for this dynamic environment, the envi- dynamic company, we need to build these dynamic processes. and I think this is, uh, a lot of what we will see in the future, is more dynamic processes that are linked with the technology and the new human nature, into stay safe and move fast, i-into the environment. And it's really the DevOps mentality if we think about it. Automation and streamline, uh, and dynamic change things, it's really a lot of what DevOps about
Darin 00:10:54.674 When you said non-deterministic humans, non-deterministic AI, but wanting deterministic results, to me that's like two wrongs don't make a right. I don't think it's a solvable problem
Viktor 00:11:08.593 you cannot have deterministic results for unknowns Right? I cannot deterministically, uh, deduce what will be my code before I write it
Ofir 00:11:22.420 You write, but when I write it, it's become deterministic. And I think this is what we see in our life today in the digital space
Viktor 00:11:31.010 In that case, everything AI does is deterministic
Ofir 00:11:34.122 In the end, yes, it is. And I think it's not predictable. They are non-deterministic by their thinking, but the result are deterministic. Their, output is deterministic. And the way I'm, saying that is this is a lot of how we actually thinking about protecting this and implement that in space. It's how I, understand that the reality that I live in is non-deterministic. Everything can change. Everything, need to reevaluate in the output. So if I think about agent and AIs, and I do that for humans as well, I just used to do that because I jump between the human space to the digital space. But agent are al-already live in the digital space, and we cannot go that. But let's take an example. I have a developer, I cannot predict what he's going to do. I put the processes of CI/CD and developer life cycle in a way that's going to make the non-deterministic, deterministic and predictable. And I know that my production environment doesn't going to have a huge risk leak or, or vulnerability because I have the security che-check in the CI/CD. I'm doing two pair revis, to validate my code. do all these checks to make sure that the outcome, deterministic outcome, going to be something that I can live with. And I think today in agent, we need to think about that in the same way
Viktor 00:12:57.253 So what you're saying is essentially you don't have bugs in production.
Ofir 00:13:01.029 Hmm
Viktor 00:13:01.713 have outages in production is what you just said. I don't believe you
Ofir 00:13:06.221 yeah, my production have a lot of bugs, so it's definitely not what I'm saying
Viktor 00:13:10.576 basically you just said, "Hey, yeah, what we do is not deterministic, but then we, at the end of the process, at the end we have deterministic process so that we ensure what's or not, and yet we don't."
Ofir 00:13:22.188 Mm-hmm. You, you right, but the code that written in my production is already have all the vulnerabilities and all the bugs that it can have. Sometimes I don't know about them. Sometimes there is zero-day attack that's been created to a library by, some, uh, governance out there, and it was in my code before I deployed, right? Like it's a deterministic bug. It's not something that nondeterministic that created. I didn't know about it. So I think we can differentiate between deterministic and nondeterministic and unknown. I always try to be in the place that I know most of the thing, but the reality is that I never going to have the ability to know everything. But it's still, and again, it's a philosophy co-conversation. It's still kind of like deterministic because it's already out there. And I think the illusion that we have from LLMs or the nature of human brain is that is really unpredictable. And you can challenge that and say it's predictable because it's a neural network that have that kind of like weights or, or a brain that have a kind of like the outcome. But if going to my production environment, in that case, I want to feel safe. I want to have the control and the guidelines that's going to help me to be in, in the better side. It doesn't mean it's going to be perfect
Viktor 00:14:48.828 Yeah, so essentially what you just described is Schrodinger's cat. It's maybe deterministic, maybe not deterministic. We won't know until it happens
Ofir 00:14:57.396 Yeah. it's actually exactly Schrödinger cat because when I open the box, it is live or dead and it's not in between. But until I open that box, until I have this, known vulnerability, it's an unknown. But I want to search for it. I want to search and, and open the boxes of my code, open the boxes of what the agent are doing in my environment, and try to look in it to understand if they okay or not. it's really about jumping from what we used to work with, deterministic software that we write, that it's kind of like the bugs and security risk that we know, combined with the unknown that we're going to discover. Because, I'm saying in an honest way, I don't have the answers of, in the future of how agent going to operate and how security vulnerabilities of those agent going to work. I do know that we need to build the processes and the controls that we build for deterministic software, for non-deterministic software as we see today.
Darin 00:16:00.319 I think those guardrails that you're calling out, should have been there for humans. Those same human guardrails apply just as much to agents, if not obviously more, but then agents will have their own set as well
Viktor 00:16:16.923 if everything is the same and you change the speed, then you have a problem
Darin 00:16:20.642 Well, y- okay. Yes, I agree with that. What I'm saying is I think the human guardrails are the foundation to where… I mean, some may get pulled out, but I… To say that, we don't allow, cluster destroy through these credentials or through whatever, as a human, that makes sense even much more so for agents, right?
Ofir 00:16:45.653 it definitely is. And I think this is why it's so confusing when you think about agent in the environment. We have that debate with customer, and, and this is a good debate because each customer come with their philosophy about agent, and it create a lot of good conversations about that. About is agent is a non-human identity or a human identity, This debate about is it a human identity that I need to kind of like onboard my agents with their goal and their roles and their responsibility in the environment, or they are non-human, and they are just another machine, right? It's another application. It's another, server that I have or a Lambda that I need to manage in the same way. when we think about guardrails, it's really challenging because they a little bit of both. They move in a machine speed. They definitely move in a machine speed. And this speed, it's too fast for us, for our current access reviews and controls that we have for humans to implement it. But they are non-deterministic, and by that, they are really fit very well to a known guardrails that we do for humans. But it's, again, too slow. So think if we have an agent and we have-- if we have a human, we can think about the guardrails in the same way. But the implementation of those guardrails are going to be a challenge to the machine speed that the agent going to operate in.
Darin 00:18:16.506 Could pull out a DevOps phrase that everybody loves, pets versus cattle. If you've named your agent, it's human. If you haven't named your agent, it's a machine
Ofir 00:18:26.539 we see a lot of both. There is humans with a machine name as well, but I saw that as well. but yeah, think this illusion, and I'm saying illusion because I, in the end, when I think about agents, what I see is the wild true loop of calling an LLM again and again and again, and act based on the response. when I see any agent framework that do that, do the same, but the outcome of that, the output of that, it's really a thinking machine. It's really-- It's i-illusion of, of a being. And I think when we think about it, we as, as, as humans, we need to understand and decide how to react to that. And a lot of the users that use these agents and LLM, already today, they get feeling to this being, and they have connected to it. and this is where the name come from, right? Like, so if we provided a name, we provided a goal, we think about it, it's great, but it's a mirror reflection that what we searching for from the computer. and I think this is a lot of what affect our ability to think about that, and work with that. And, uh, the truth is in between. we're going to see names for agents. Definitely, I think it's already there. I know myself, I can share, I have agents that I work with, that they, help me on my, my day-to-day. They help me with research and, calendar and, that kind of things. The autonomous agent, they run by themself, they wake up and send me messages. And I talk with them, and when I talk with them, with my main agent, she speak with me, and she say, "I am a girl," right? Like, "I am a girl agent." And I talk with her as a girl, I know it's a machine, right? I know it's-- in the end, it's a loop of, LLM. But this interaction are really, really powerful.
Darin 00:20:23.552 Until they turn on you
Ofir 00:20:25.430 Yeah,
Darin 00:20:25.762 and you have a bad breakup. that's what could happen. I, I wanna spin this a little differently. I'm gonna propose that developers don't hate security, What we hate is bad security user experience, like my s- story at the very beginning, to where it took a day, weeks, whatever, to get access to do something. is there any way to truly solve that? Don't pitch Epona right now. That's fine. We can talk about that later. But what is the correct way of sort of managing that? It's like y- my way was the standard way 20 years ago, unfortunately may still be the standard way today for many people. that whole space turned around? 'Cause there are other people, like, of course, CyberArk just got bought by Palo Alto. there's numbers of other things out there. What is the sort of the standard today?
Ofir 00:21:15.270 So I think it's really interesting. I-- we explore the IAM space of security in the last six years, and it's changed a lot in the last six years. And before that, I can say that I come from a engineering side, and I didn't hate security, but I hated to been blocked. In the end, I want to be able to create and move fast. And when I've been blocked by something, it doesn't matter if it's access management or vulnerability scanning, it's going to be very annoying me as a developer, as an engineer, and I'm going to hate that. So I'm not hating security at all. I'm great with security, but it's not my focus. My focus is create, and when it's block me, I feel very bad. And I, I've been part of a company, in this company, I led the engineering group. as part of what we needed to do, we needed to go into the servers and went inside and work with them, one day, I'm trying to log in, I get blocked. I cannot get into the server. So I go around, ask what's going on. No one in my team can go into the servers anymore. They say, "Oh, yeah, we have an audit. We have a SOC 2 audit, so we needed to remove all the access for everyone. But it's okay. It's for three months. After that, we will get it back." So I say, "What do you want me to do? You want me to go back and stop working for three months?" And they say, "No, let's find a workaround that's going to work for you, but doesn't going to reflect it in the audit." So this example is demonstrate We, we don't hate security, but we want to be able to go forward. The business want to go forward. If security is a blocker, it's doesn't going to work. And I think this is what changed in the last six years. I spoke with many CISOs that see security right now as their job is to be enabler for organization and not a blocker for organization. It wasn't like that six years ago, and it start changing
Viktor 00:23:20.784 Also a lot of, a lot changed since, since back then, the, the time of, of your story, is that in the past we were very much pushing changes. Now the systems are pulling changes, which means that, if your editing is remotely up to date, you don't need write access anymore to your system. Your write access is indirect through Git and whatso not, and you do have read access, to your metrics, your stats, your whatever. so there, there was also that indirect security switch that, you're not logging into your servers with write access these days anyways
Ofir 00:24:06.491 Yeah, think the maturity of this kind of like a concept like software development life cycle and those methodologies have really helped us to be more efficient from an access perspective. and I think there is, different companies in different maturity level that act differently. in my story, it's less about just the access. I think it's more about the regulation that really affect security. So security is really about protecting the risk of the organization from data loss, from, harm from attacker that going to steal data or harm the business And also the ability to comply the regulation to enable the business, right? And there is regulation come from the regulator, there is regulation come from customers, there is more regulated industries like financial and healthcare that have more concerns on their data, even about read. So it's like the standard of everyone can read everything is not true in all the industries, and we need to comply to that. in the end, every business have their own crown jewels, their own most risky thing in the environment. And every company have their security exploring what they need to protect the most. The idea is how I do that, how I protect those crown jewel in my organization. And I think this is where the mindset is changing because the mindset was, I just going to block them. I put them in a safe, I drop it into the sea, no one get anything to that, not access and not changes, right? Don't touch it. It's too dangerous. this mindset is changed because w-with also the DevOps mentality and all of that, is that everything is changing in a short iterations. Agility is important for business So this kind of, uh, uh, mindset is, is-- was first in developer and engineering groups, but it wasn't in security groups. And this is what we see today. Security understand that they need to be business enabler. Definitely with what happening with AI and agent right now, that the business is kind of like leading, saying, "We need to use that right now because we're going to stay in back. We don't care." After that, we're going to ask ourself how to protect that, how to secure that, but we need to go fast. So security really acknowledge that, and I definitely see the, the change in security departments and security culture that are looking about being enabler in the organization and not a blocker.
Darin 00:26:47.082 Is it really that they're becoming enablers or they're just throwing their hands up in the air saying, "Well, okay, let's see what happens"?
Ofir 00:26:53.516 I see both not, not because they want to. I think because it's one thing to say that and the other thing to really be there and it's, a big challenge. And the most so-sophisticated organization, as I see, are the ones that create a very good communication channels between the different departments, the ones that s-succeeded to create, shared goal between the engineering and ops organization to the security side and the business side. they're the one that find the way to implement that very good. The one that have bad communication and doesn't see the other side are the one that's still putting those guardrails and blocks without involving the day-to-day of their employee and organization.
Viktor 00:27:43.561 When you say communication, you mean communication as in, communication we need to design the system or communication we need to operate it?
Ofir 00:27:51.672 it's both, right? But it start from the des-design the system. So a, a security department that doesn't understand the architecture of the system or how people are, are operate with the system they're going to struggle to be able to find good solutions. The one that are act together in designing the system in a way that fit with that in a secure way, in a scalable way, in a productive way, and then operate that also together are the one that I see that, succeeded more. And when we think about the, context, the business context that live in the organization, that speaking about that because every business have their own context about what we are selling, what is our accelerating channel, how our system serve our customers and all of that. The business context is shared because it leads both of the organizations. Security are moving based on the business context, and engineering moving based on the organization, the business context. The one that have this conversation on the business context and do the, the work together are the one that more successful
Darin 00:28:57.549 It seems like we as engineers have already solved that, I'm going to air quote solved, that with operations. That's always been good. The hard part has been getting business to align with both. Like business will align with engineering sort of. Business typically doesn't talk to operations at all unless the world's on fire. do we get all three to truly… I mean, you, you set up the scenario, but I'm trying to think, unless you've set up basically small companies within the big company to where they have no choice but to talk to each other, I don't see how you pull it off in a, especially in an enterprise
Ofir 00:29:36.922 I don't think it's an easy, easy task. And a lot of the times we joined very large enterprises and we sat in a room and we brought the operation and the security and they say, "Oh, it's the first time we see each other in the company," right? Like it's an enterprise company, Fortune 500. we sat in the room calling both of them. This is the first time they sat together in the same room. So y- I think it started with that and kind of like understand that the project are, shared responsibility. I know engineering organization and operation organization doesn't like to operate with other organizations because they slow them and they annoying and they don't understand what we're talking about. but it's also the responsibility of operation organization to speak with the business people and understand what they care about, what they are looking to do and why. yes, a lot of the good ideas come from that brainstorming that connect those two, sides in the organization
Darin 00:30:45.826 It's interesting that security had never talked to operations, but in reality, yeah, that sort of makes sense the more I think about it
Viktor 00:30:51.072 And security always talks with everybody, just uni-directionally.
Darin 00:30:54.876 conversation. Yeah. Yeah.
Viktor 00:30:57.132 No. I-I-- It's, it's a beautiful job, kind of. Like, your whole job is to say no
Ofir 00:31:02.993 This exactly what need to change. This exactly what need to change. It's a culture problem because if security job is saying no, so no one want people just come and say no, right? Then e- exactly, we trying to move forward, we trying to push the business. What do you mean by saying no? It doesn't make sense, and this is exactly the culture that need to change
Viktor 00:31:22.837 I feel that that's also kind of wrong. The question is not, how do we get to the place where after I ask something, you say yes, but how do we get to the place that I don't have to ask you?
Ofir 00:31:35.388 Mm-hmm.
Viktor 00:31:36.060 Right? I mean, ideal world is, is a world in which the system works in a way that I'm productive and I never, ever, ever speak with a single person outside my team. everybody's kind of break down the silos. I'm actually suggesting, yeah, bring the silos back, But make them in a way that actually I can do my job without ever speaking with you
Darin 00:31:58.004 let me rephrase that just a minute. The phrase I'm thinking is let's-- that's just-in-time access, speaking specifically about security. I do it just in time for the time I need it until I don't need it anymore. How long can that time realistically be? Can it be 30 seconds?
Ofir 00:32:16.365 yeah, it can be 30 seconds, but reality, a human and for, for maybe for an agent, it's definitely makes sense. But for a human, 30 seconds, it's not enough for ev- anything, right? So need to be to the time that you need to finish your job, to the time that you need to finish what you want to do. this is the idea when I think about it, I always think about going to the mall, and there is these doors that open automatically when I come, and then when I leave, they close. I don't think about those doors, I don't need to open the door or to close the door. It's just happen for me. So in future kind of like a topic reality, I always can go to where I need to go that justify my kind of like role or what I want to do in, in the business. But I never leave myself with all these blast radius from a security perspective on me, right? in this reality, we can create this kind of like a topic situation
Viktor 00:33:19.267 you said earlier the time depends on how long does it take to, for you to do a job. Is it a job or is it a specific operation? we are moving to the world where actually 24/7 infinite number of tasks are ongoing,
Ofir 00:33:36.822 Yes.
Viktor 00:33:37.268 right? So if, if it's to do the job, it's actually, I can tell you right now, it's a permanent access
Ofir 00:33:42.873 I totally agree with you. And I think this nuance is very important because it's add another, dimension to the conversation. The one dimension that we spoke about is the time. The second dimension is the amount of privileges that you need. this really change, everything. Because in ideal world, if you can be very, very specific about the privileges, that the privileges are the different permissions that needed to, make the action work, There is systems that it's really complicated to understand this match, right? There is system that it's really straightforward, and there is system that, it's very changed. But when you work, you call for some actions and APIs that they need the permission for those. If you can be as specific as a specific API call and say that only the, those API calls that I need to do as part of what I am doing right now, the task, So if you can be very specific about that, it's going to be more secure. If you're going to be broad about it and say, "Oh, I need access to all of the AWS environment as an admin," and I'm going to be okay with that. So it's more productive because you don't need to know all these different privileges, but it create more risk. So this is exactly the, the place that you play with to try to find the balance that I spoke about in the beginning
Viktor 00:35:10.703 But if it's access per operation, not per task, then every operation is an API call and every API call is specific. There is nothing for me to be specific. I'm literally executing this right now,
Ofir 00:35:27.695 Mm-hmm.
Viktor 00:35:28.433 and this needs access and that i- that's something through the shared fact that it's going through an API is specific by the, the nature of it
Ofir 00:35:38.443 Yeah. So the idea, and, and again, if we think about this utopic world, is that you don't need to think about it. And I think this is what we looking at in our vision, How access need to be, in the environment. Access need… And, and it's really, it's, it's actually pretty funny because if you think about DevOps, it's about making everything automated, making everything dynamic. Servers are going up and down. Our system is a pipeline system that change things. But when we think about access, it's a static policy that never change. Just provide these roles and stop thinking about it. And it's, kind of like the opposite of everything else you do in this space. And what we believe is that access, in some way, need to be dynamic exactly like everything else. And it need to change based on need, based on changes that happen in the environment, based on the context that change, business context and environment that change, the access need to change with that. And in a utopic world, you don't need to think about it. Like, I don't think about the pipeline vulnerability scanning, Or mostly I don't think about it when I'm changing code in my environment
Viktor 00:36:49.953 Yeah, but that's very different. Like, CI, you can define, hey, CI can do this, CI can do that, and cannot do some other things because it's defined in advance. We know what the workflow is. Now, if I'm asking you literally, "I need access for this specific command, give it to me," and the next second I might do nothing or execute a different command and ask you for another access, basically we… Are we now talking about me sending massive amount of requests per minute, access requests, And them being approved or disapproved. And my question is, if that's what we're doing, what's the criteria?
Ofir 00:37:34.369 Amazing. I think in the future, it's what we're going to see because you're always living i-in a space that you don't know what the next thing that you will need to do. Or, or you, you have a high-level idea, but if you will go to a specific action, you don't know that. When I walk, my command that I'm going to run in two minutes, it's unknown, it's a non-deterministic decision. didn't decided that yet. So I going to be decided. When I going to decide to run this command, now I need to evaluate if this command is, valid or not, Based on the, business context and intent. So if I am trying to do something, I want to ask, you always can do this, kind of like simulay-simulation. Of course, it's not scalable, so it's, it's a different problem. But this simulation, think about the next command that you're going to run. Before you click in enter, Take the, the most senior engineers, the most senior peop- guy that you know in the organization. Ask them, "Does it needed? How risks it create? Let's explore that." Right? Like in thinking, okay, so it's going to touch this environment. This environment have that kind of like capability, and this is what it's going to change or, or just do. This is the where it's, h-how the, like, where the business is. I'm r-right now running that, right? Like I can evaluate this command and from that to understand kind of like the risk characteristic of that based on the intent of, who and what you're trying to do. In a perfect world, this evaluation take nanosecond after you click the enter, and it's dynamically evaluated, and this is exactly what not happening today. Today, everything is static. The decision of this command to be executed already done two weeks ago when someone in security sat with your manager and said, "Of course, this engineer needs all of this and this and this and this in their work." And they didn't thought about where you running it, right? Maybe you, it's not y-really you that run that. Like, all of this evaluation of risk need to happen in a dynamic way.
Viktor 00:39:43.809 But that means that if you now talk about agents, we're talking about evaluation of risk that will result in acceptance or denial of, permissions to, perform something will be done by, is done by AI now, not by people, right?
Ofir 00:40:02.392 Yeah, so the, execution is done by AI, by AI right now
Viktor 00:40:05.655 No, no, no. I'm s- now asking about whether that operation can or cannot be performed
Ofir 00:40:12.447 Okay. So it's a great question. and I think, as I mentioned on our research, we definitely see AI can help in that, but it's not going to be a bulletproof, and this is part of the problem
Viktor 00:40:24.396 so going back to what I said earlier, right? I'm going to be performing thousands of operations. We don't know what those operations are. I'm going to be performing thousands of operations per minute. You're going to give me yes or no for each of those operations individually because of the n- dynamic nature of that, correct? You're not going to give me blank, permissions to do something. So you're evaluating every single operation to decide whether it can be performed or no. And the huge quantity of operations is happening at the same time. So human is out of the loop, kind of like there is no people saying yes or no. And then the only two options left for you is to either give blank permissions, say yes, whatever you ask, it's yes, or to give me some mixed permissions that will not work because you don't know what is needed in advance or to have a different AI evaluating AI. I mean, uh, correct me if I'm wrong, what's, what's the alternative to, to one of those?
Ofir 00:41:28.917 No, definitely. I think the-- it's not an alternative, it's a mix of everything you, you mentioned with a, a dynamic guardrail that you're going to create. So you can create guardrails that going to take in consideration real-time attributes when you run the command, right? And, uh, and of course, it's a combination. I definitely see AI taking in place on that action and everything, and evaluate if it's okay or not to do that with the guardrails of your organization that is pre-made, Based on the context that's going to be evaluated in the real time.
Viktor 00:42:06.336 Yeah, but guardrails are static, right?
Ofir 00:42:08.568 Let's take an example. And, and I think it's, it's the example that come from engineering side. It's make a lot of sense, and it's kind of like a simple one. Let's say that I need to do some operations in production as part of me troubleshoot or need to do something critical that is out of the ordinary, right? And I need to do that. Most of the time or all the time when I do that, I am on call, And in my on-call shift, I have an open incident that is open from the system or from whatever. This context is not being evaluated when I am saying, "Ofir have admin access to the environment," because he need to do that, right? when I evaluated the action, I can ask, "Does Ofir is on call right now? Does he have an open incident?" And if he have, I going to approve that. I going… And, and in real time, right? These guardrails are predefined, but they are taking in consideration a real-time attribute.
Viktor 00:43:10.858 But when you say, "I'm going to approve or not," who is you? You as Carbon or you as Silicon?
Ofir 00:43:17.532 Oh, yeah. S- sorry. So me as, as the one that put the, the guardrails beforehand that are dynamic guardrails in this ex- example, they're taking in consideration the attributes in real time for the operation
Viktor 00:43:30.249 Yeah, but how will you… Okay, guardrails as if you're going to analyze the context and make a decision, or guardrails as if Joe can do this, Joe cannot do that
Ofir 00:43:42.578 I'm providing the guardrails for the engine that going to do the decision in a real time. So the engine that doing the decision in real time is not human, it's silicon. We cannot put a human over there because it's… we had this example in the beginning when human is part of the decision, and we know how slow it is. So it's must be silicon, but it doesn't need to be only AI or something that we cannot, uh, kind of like follow up and understand the, the decision, right? It can be mix of, policies with, those kind of like attributes and guardrails that going to be evaluated in real time that going to help us to achieve that. to be honest, and again, we, we are planning kind of like to, uh, the best future that we can think, and it will… There is a lot of challenges to be there. No one is, is there yet. People are choosing different tiers of access and doing those kind of like decision-making in real time for them. So it's different tiers. For example, I don't going to evaluate every action that you're going to do in production while an incident and that, and that, and that. I probably going to evaluate a set of admin permission even, right? And so there is a bubble that I am evaluating, and inside this bubble I give you more an automatic approach. these bubbles of how many privileges for how long is change based on kind of like the intent and the needs of the organization
Viktor 00:45:07.442 Yeah, but my doubt is you mentioned quite a few times intent and, context, not as in LLM context, but, you know, context of the organization and stuff like that. But that is now changing by a minute,
Ofir 00:45:20.808 Yeah.
Viktor 00:45:21.483 right? Kind of if, uh, right, kind of literally there is change of the company context, the change of the business context is, is the order of magnitude different, right? So you cannot anymore keep up by defining those guardrails in advance
Ofir 00:45:42.395 So you, take part of the consideration of what is evaluated in the past, and you add to that layers, and this is why it's a mixed of what is can evaluated in a real time using AI and using other, methods be, uh, able to evaluate those changes that change very fast. But also, for human perspective, and this is what, uh, what we do for a living, for human perspective, this kind of like a life cycle of getting access, this access bubble for everything I need with the guardrails, it's kind of like it's a m- much more slower process, sometimes I need to s… I start my work, I open my computer, and, and now I need to do something, right? it's a slow process. For agents, it's really a challenge for the current controls that exist there, out there for keep up with the agent. Because the agent is, as we say, is an endless loop that get decisions and execution, decision and execution, and we have a lot of agents doing those very, very fast. So what we do with that is a little bit changing the mindset and the, this runtime enforcement that I'm kind of like describing, it's definitely something that need to be implemented, and we, don't implement that for humans that running on the computer, right? But we can do it for a machine, we can do it for an agent because the agent in an endless loop of decisions and execution. So why not putting inside this end, uh, the endless loop access decision and guardrails, when we keep doing that evaluation on the fly, of course, Silicon taking in consideration, predefined guardrails with current context and AI, we can now evaluate in the speed of the agent. Without that, we kind of like need to decide beforehand, do we approve it to do anything or do we block it, right? And I think this is where we-- I see most of the companies, today. If you ask, "How do you protect your or approve your execution of, agent privileges? What-- How do you-- How, how do you do that?" They say, "I give it everything," or, "I block it from doing anything." the in between is really tough, and definitely when we talk about more than a read operation. In a read operation, we see more, but when we think about delete, update, insert operations, it's become more tricky
Darin 00:48:01.402 So everything that you were just explaining to us, is that what Epona does in that, for example?
Ofir 00:48:07.772 So it's, combination of what Apana do today, then the vision that we seeing in the industry that we need to be able to change to, to adapt this technology in a way that doesn't going to slow us, And doesn't going to make more people to say no. it's really about where we believe that we need to go, where I believe we need to go as an industry that going to leverage of all of this very, very unique and powerful technology in a way that doesn't going to make us make it slower than it should
Darin 00:48:41.086 So we're trying to put ourselves out of a job yet again. Great
Ofir 00:48:47.010 Yeah. I think, I think we always have that kind of like fear, right? I- in,
Viktor 00:48:52.216 Not put ourselves out of the job, but be able to do more interesting things
Ofir 00:48:58.032 I love the framing
Darin 00:48:59.373 So you can find out more about Apono at apono.io. That's A-P-O-N-O.I-O, and all of Ofer's contact information will be down in the episode description. Ofer, thanks for being with us today
Ofir 00:49:12.591 Thank you very much for inviting me