The New Frontier: Implications of an AI World

Alex Stamos (00:07):

Hey everybody. I want to thank DataGrail for putting up a checkpoint so you can see how my beard is turning whiter and whiter. My daughter told me last year, "Daddy, next year you could play Santa Claus," which was very sweet of her. Yeah, my name's Alex Stamos, I currently work with a guy named Chris Krebs, who you might have heard of being fired by a Tweet in the aftermath of the 2020 election of him doing his job. It turns out I don't have enough time to talk about it, that raises all these interesting questions under the Administrative Act of how you get your pension in your Cobra if you're fired by a Tweet. There's a bunch of interesting case law that was created by my partner Chris.

(00:49):

But Chris and I have a consulting firm and we work with big companies on their risk management, tech risk management, especially at the intersection of cybersecurity issues and geopolitics. And one topic has come up over and over and over and over again with these big global 500 companies that we work with, and it's AI, and I'm sure that you guys have heard this all the time, AI, AI, AI, from boards of directors, from CEOs, from executive leadership teams, from CIOs. Everybody's talking about generative AI.

(01:24):

Daniel mentioned RSA World. I am super not looking forward to RSA. I never look forward to RSA, I'm really not looking forward to it this year because every single booth on the floor will be a company that's done generative AI security for 12 years, somehow. It wi'll become the magic term you use to unlock the wallets of venture capitalists, but there is something legitimate there in that I think in the hype cycle we had this huge crush with the release of Chat GPT, which was not a huge shock for those of us who have ties in academia or who have been working on this stuff privately. I mean, it was a step forward, certainly in large language models, but not a crazy one versus what other people had demonstrated before, but that has created this huge burst of interest.

(02:09):

We're now in a quiet period again, when normal consumers are thinking to themselves, "Oh man, my life hasn't completely changed because of AI, nor has the world ended as folks, so it must have not been real." But what's going on beneath the surface, I think, is probably the largest shift in enterprise compute since cloud computing. Since we started to move aggressively into software as a service, platform as a service, infrastructure as a service. And that pretty much every company we deal with has AI on their roadmap as something that they care about.

(02:42):

And a lot of that's being pushed down from the top. It's being pushed down by board members who are all sitting on these different boards and all of them are talking to each other about how they're terrified about a competitor using AI to cut their costs of goods sold, to be able to get rid of a bunch of employees, to be much more flexible in downturns of getting their lunch eaten by a smaller, more nimble competitor or even a large competitor who's just able to have first mover advantage on deploying AI in this space. And it's being pushed by CEOs and CIOs who believe that there's humongous cost savings possibly for it.

(03:16):

As a result, if you are a person who has to deal with the downside of tech risk, which I'm expecting is most of the people in the room, that you're dealing it from a privacy perspective, a security perspective, some kind of tech risk, then AI is going to be a big part of that. What I want to talk about today is what frameworks are coming up and to propose the kinds of things you can do right now inside of your enterprise to start getting ready.

(03:39):

Here's the punchline, we're all screwed right now in that we don't even know what the true risks of these AI products are. To me, it feels a little bit like, as Daniel said, I've been in this doing this for a while, which is a nice way to say I'm an old, but I tell my students sometime about the late nineties, early 2000’s of that era of computer security where somebody could write a whitepaper on a new kind of vulnerability or they could give a talk at Black Cat, and then the next two years would be applying a totally new vulnerability to software all over the world. It would be bugs after bugs after bugs of something that you could never have predicted as a software engineer.

(04:23):

And I think that's where we are in the generative AI cycle where one of my students at Stanford is the one who figured out how to trick Microsoft into giving up its secret name through prompt engineering. They had not thought of that because nobody had tried it before. And so we're in that part of the cycle where we really don't know how these systems can be manipulated because there are smart kids every day doing new things and one of them is going to give a talk at a conference and then you're going to be like, "Oh my God, we could not have considered that at all," and you have to rush back to your office and integrate that. And that's where we are in this cycle.

(04:55):

And so you can't really solve these problems right now, but what you can try to do is to build a framework where at least you're understanding where your risks are and then you could be nimble when new things pop up. The governance problem here is still really a work in development. There are some emerging standards. NIST has an AI risk management framework. It's not very good. It is way less mature than what they've done on the cybersecurity side for sure. We have some, and we'll talk a little bit about the regulatory frameworks, some of the regulatory frameworks are coming out. And so as a result, for the lack of any kind of consensus framework or any kind of regulatory required frameworks here, we have vendors rushing in. And so for pretty much all the big management consultancies, for the low, low price of giving them your email and getting spam, you can download a 76-page PDF where they'll talk about their AI risk management framework.

(05:49):

And some of these are actually decent. McKinsey's is not bad and can be useful, but applying them to what you're doing can be a little bit hard, but it is interesting to look at them and to read them and to compare them to each other because what you find is that the way that everybody's addressing these risks is from totally different places that they're considering totally different kind of categories of risks that are happening. And so as a result then you have companies rolling their own frameworks of how are we going to manage decisions that we're making around AI internally?

(06:21):

How is this being driven by regulation? Here in the US, there's been lots and lots of discussion. You might've seen there was just a big event in Congress. And one of the things that's interesting about the US discussion is it's almost completely focused on the big model makers, almost all of whom are American companies, and it is being framed up in the traditional tech company space. Now, all of you understand that every company that is competitive these days is a tech company. I once had the CISO of a big bank come and visit Facebook and we exchanged notes on secure software development and we realized that his bank had more software engineers than Facebook did. And so in both the US and Europe, you have this focus on this being a tech company problem where they're ignoring the fact that any widget maker, any large services company, any retailer has large software engineering teams that might do some kind of AI work.

(07:17):

In the US, there's an AI Bill of Rights model that's being pushed by the White House. And so it's really focused on what kind of impact could AI have on individual consumers and the services they use. From a Congressional perspective, there's a broader discussion. What we lack in the United States is, as you all know, we do not have a comprehensive Federal privacy law. A lot of this is just silly around the risks, the PI risks and the legal risks that we're putting the cart before the horse that we're looking at this very specific set of technology when we don't have basic guidelines for how you can use people's data and what kind of responsibility you have around data that's broader.

(07:53):

Now in the EU, they have a very extensive privacy framework, and now what they're significantly looking at is AI risk through two lenses, through a regulatory directive and a liability directive. Both creating a liability component for companies that use AI that then have some kind of downside risk for consumers or a poor decision is made, and on the regulatory perspective of creating a risk management framework that would require anybody that utilizes AI in a consumer facing service to run through a risk assessment, and then if it's of the highest risk, you're not actually allowed to ship it, and for everything below that, there is a centralized registration and the availability of those kinds of things.

(08:41):

The model here is again, based upon the Digital Services Act, is really, it seems to be the framework that they're using and they're considering the AI risk framework. The Europeans have this problem because they think every problem that humanity has can be solved by regulating eight American companies and they try to build their laws to only target American companies. In fact, when a European company was caught as a VLOP, a very large online platform under the Digital Services Act, there's a huge uproar in Europe because it's like, "Oh, we didn't mean our companies." You have to very carefully draw these lines that only Americans are ever affected.

(09:19):

But again, as we'll talk about, they're missing the big picture, which is there's very few European companies that are shipping fundamental models. That's true, but there's a ton of European companies that are deploying AI internally in a variety line of business apps as well as in the products they ship, and that's going to cause all of this risk that Europeans are mostly blind to.

(09:39):

China has been very interesting in that they have extremely aggressively clamped down on AI, somewhat similarly to their treatment of cryptocurrencies. AI has been seen as actually a real risk to the Chinese Communist Party, and so when you read their regulatory frameworks here, one of them actually says that we need to have regulations that make sure that AI is aligned with socialist core values, which I'm not sure what socialist AI looks like, but I guess we're going to find out at some point.

(10:10):

And so there's a real focus on the political downside of having systems that are trained on millions and millions of lines of non-censored inputs. And so you have this interesting tension in China where they both don't want to fall behind. An interesting thing that you'll find is if you look carefully, we had our intelligence team found a couple of examples where analyst groups inside of China that have a bunch of connections to the government were doing dossiers on people, either just engineers or especially engineers of Chinese origin, who work on AI in the US and these detailed dossiers on these people, which is effectively a shopping list for the Ministry of State Security to try to get information out of these people or to entice them to come to China.

(10:59):

On one side, they have a tension that they are terrified of falling behind the US and the West in general in generative AI. On the other, you have bureaucrats who are terrified about the possibility of AI loosening the grip of the Communist Party. And so we're going to continue to see AI deployed in really scary ways. We've seen that with facial recognition, that facial recognition while used in all kinds of ways around the world, here in Illinois, we've got this facial recognition law that's applied against people who are doing database searches and applied perhaps against people who sell some stuff to law enforcement, but that are often used under lawful process.

(11:36):

And then China, you have facial recognition being used for mass surveillance of hundreds of millions of people in the oppression of entire religious minorities. And so just the scale of the issues here are so much different in China, and so it's interesting to see this tension that at least publicly, they really want to control these technologies while privately they're being deployed in support of the authoritarian instincts of the Chinese Communist Party.

(12:01):

India is the canonical example of the country that's trying to find the fourth way that India does not want to live in a tech sphere that is the wild west of America, the bureaucratic non-innovative morass of the European Union, or the authoritarian instincts of the People's Republic of China. India is trying to create their own model here, and initially there was a discussion from the Indian government that they really wanted not to regulate AI because they wanted Indian companies to be highly competitive. But then even the Indian government then fell to the hype around AI risk and has totally changed their mind and now are extending their existing regulatory frameworks to cover AI. A real focus in India on privacy. And so it's interesting, it's a real focus on the extension of their current data privacy laws to explicitly keep you from building any AI system that is trained on or makes decisions based upon people's PII.

(13:01):

And then Brazil's an interesting example of how you see countries that are not traditionally seen as tech regulation powerhouses reacting here. There's a big Senate investigation in Brazil, hundreds and hundreds of pages of output that was created, and their draft regulation is based upon risk registries, risk management in the same way that Europe is talking about it, but a lot on transparency for any AI powered products. And so I throw up Brazil here just to demonstrate that the regulatory environment here is actually incredibly complex, that there's a number of countries like Brazil that are afraid of getting left behind on the regulatory space just like they were with privacy, that you have all of these unaligned countries that have to effectively accept GDPR as their privacy regulation because they were too late to get there to set the stage, and they do not want to let that happen for AI.

(13:55):

When talking about this regulation, part of the problem I think we have as a society is we really only focus all of our concerns and our regulatory discussions on one part of the entire supply chain of all of the different ways that people might touch upon generative AI, use AI in their work. And so what's the supply chain look like? You start with the hardware manufacturers who are obviously making all this stuff. Because generative AI saved Nvidia stock after the collapse of cryptocurrencies. They're super happy that it turns out that the matrix multiplication that they've built their hardware for is really, really good for both training and inference. And so you have the hardware folks, you have the infra people who buy the hardware and then actually run it as a service.

(14:47):

Now, some of those people are also model devs of the people who are building large language models, are building diffusion models, are building the kinds of things that are really sexy that we go see those demos of, and almost all of the focus is on those people. Now, there is a good reason to focus on them, but it turns out that if 80% of the concern is about these companies, that is not where 80% of the risk exists because for the most part, the models that are being created by these companies are not directly applicable to almost anything. They're not things that can be generally used by consumers. The only exception there is effectively Chat GPT, which OpenAI runs as a sandbox, they run it as a demo. It is not a serious product by OpenAI. I would not be shocked if eventually OpenAI cuts off Chat GPT or any consumer product, because it's not where they make money. It's not where they want to optimize for.

(15:43):

For the most part, these people are building blocks that are then actually utilized by companies who are using it in their applications directly for interesting purposes. And that app dev is the obvious people who are doing it, like the GitHubs and the CrowdStrikes and Adobe, but it also includes probably a lot of the companies in this room, and we'll dive into this a bit, but I think this is one of the things that people are forgetting is that a huge number of companies are now importing fundamental models, either open source or they're using commercial products.

(16:17):

The easiest way to do this commercially is on Azure, and so Microsoft has inserted themselves into a really interesting place where they're this intermediary where they could suck down. Right now it's OpenAI, but it doesn't have to be that forever, they can suck down OpenAI's models, they can create a private version of GPT-4 for you. And then you can have this playground where you're able to interact with GPT-4, you're able to feed it your own data. You're able to create checkpoints and such on your own without that data leaking back out to OpenAI or into any shared space. And so lots and lots of companies have people who are now trying this out.

(16:51):

And this is going to become a problem for anybody who hires software engineers because this is now how software engineers are being trained. I teach two classes at Stanford and the one in the spring is called Trust and Safety Engineering. And in that class, most of the grading comes from this one project where we tell the students to figure out a trust and safety issue, such as the abuse of female journalists in India on Twitter. That would be a trust and safety problem that they need to study. They need to come up with policy solutions, but they also need to build a technological solution including some kind of classifier or some kind of automated system, and I give them a bunch of options for the way to do this.

(17:31):

And it used to be they'd build heuristics. It used to be they'd use Google perspective API and do some of that stuff. And now they are trained to just go to Hugging Face, they go download a large language model, they go retrain it with a bunch of checkpoints with data sets that they built and they integrate it into their 10-week project. And that takes, I mean, they tell me it takes them 60 to 70 hours. It probably is five hours of work for them, and then they act like it's really hard and the assignment's too tough, because that is students are being trained that just like a developer might go to PIP and install a Python library, or you might go download an open source framework from GitHub to build your product, they're being trained that if you have any kind of hard problem, general purpose generative AI models have some kind of solution for you.

(18:21):

And they're right, the things they build actually work really well when you think that these are undergrads and they're doing this over a 10-week period. And so that is not just going to be in a situation like a class about trust and safety. That is going to be every single problem that they are faced in their career in the future is instead of building something that is hard, that you have to think about, that you have to understand, the state diagram that you have to have all this logic, ah, let's just get an deterministic large language model, train it a bit, and then it's 80% good enough and that will make their job so much easier.

(18:57):

And so the number of companies that are about to become app devs is incredibly broad, and we've actually seen this in our consulting, that working with companies that are not tech companies, these are companies that make widgets. They're companies that provide consumer services. They become if they start using their security tools to look internally and figure out, huh, how many people are integrating generative AI systems? How many people are running Anaconda on their local desktop? How many people are downloading from Hugging Face? How many are downloading Llama 2 from Meta? They are absolutely shocked, they have dozens and dozens and dozens of generative AI projects that nobody told the Central SecurityTeam.

(19:38):

And so lots and lots of companies are actually app devs now, and I expect just like almost every... Every Fortune 500 company has software engineers that are building internal lines of business apps. Every single Fortune 500 company in the next couple of years is going to have at least shadow IT, where generative AI systems are going to be used internally without anybody knowing. And so now is the time to come up with those frameworks of how are we going to understand this and manage it? And we'll talk about that in a second.

(20:05):

And then every company is going to be at least a consumer because the basic products that everybody uses, Word, Office, eventually Salesforce, Oracle Financials, every one of these services that every large enterprise depends upon is building generative AI in some kind of AI system in features into their product. And so there are risks just if you're a consumer that you have to manage through a vendor risk management process as well as thinking which kind of features do I want to turn on and off?

(20:34):

Let's say you're a consumer. You're not going to go with all of these details. We actually have a blog post if you're looking for these, what we call the Wheel of Doom. If you're looking for positive stuff, I'm the wrong speaker, I'm sorry. If you go to intel.ks.group, we actually have a substack post about this stuff. But as a consumer, there's a bunch of very interesting issues, even if you're not building generative AI stuff yourself, just as a company who's going to have it turned on. We're on the verge of every company deciding whether their Microsoft 365 license is going to turn on Copilot or not. And so are you going to have Microsoft's AI system looking at everything your lawyers write and then rewrite it?

(21:19):

In fact, the day that Microsoft did their big AI reveal, I was actually speaking at a conference at Westlaw ran and the CEO of Westlaw went up there and gave a demo, and almost everyone in the audience was a General Counsel and he gave a demo of Word, and it was you go into Copilot and Word for the special version of Copilot that you pay extra for. It's Copilot plus Westlaw put together and you type, "I want a contract to purchase this kind of asset in California," and it generated a contract. It said, "I want a 30-day exclusivity period," pops it in there. "I want to remove this, I want to do this," and it just automatically edits this contract.

(21:56):

And then unlike other kinds of situations, you're like, "Oh man, it's just hallucinating stuff," you could go through those paragraphs mouse over and it would tell you, "This is from this part of the California commercial code, and this is controlled by this case," because it's Westlaw. Westlaw's got 200 years of precedent that they've digitized and that they use to retrain, they use basically the knowledge of English that Chat GPT has, but then retrained it with all of the history of the law and of all the cases and such from Westlaw, and the General Counsels in that room lost their minds. It was like being at a Taylor Swift concert. You had just totally, it was like every single one of them was my 11-year-old daughter at Taylor Swift because every single one of them is like, "Oh my god, how many billable hours am I going to be able to cut? How many people do I not have to have in my contract division? I can have two contract attorneys do all of my stuff because 90% of the work's going to be done here."

(22:55):

One, probably not a time I'd be in law school right now. It's not going to be a great time to go be an associate at big law where that kind of work is the kind of thing that you can bill a bunch of hours in the beginning to get trained up. It's going to be great to be a very high-end lawyer because if you're a $1500 buck an hour partner, you're going to be able to effectively supervise instead of young lawyers that you have to recruit and wine and dine and that complain about stuff and do things like take vacation, you're going to be able just to have Copilot and other tools do a bunch of that basic work. And so there's a bunch of interesting impacts economically and huge job losses, but there's also obviously really interesting information security risks there of the fact that the contracts your lawyers are writing, or very sensitive documents they're writing, are basically being automatically uploaded to the cloud.

(23:45):

And so a couple of the general counsels asked, "Well, what about security?" And he was like, "Oh, we've thought about that." And I was like, that hand waving, he literally waved his hands, I was like, "Oh, well that's where this is going, the rubber's going to hit the road." But the problem is that the upside for those general counsels is so incredibly large that there's no way you could be the CISO or the head of Privacy or even part of the General Counsel's team who does risk management and stand astride history and yell, "Stop." It's impossible for you to stand in front of that train. You will get run over. And so we're going to have to find mechanisms by which those tools can be used, but the risk has been managed.

(24:24):

And so thinking about how does IP get leaked, what gets retrained in them, I think a fascinating question here is just the legal issues around these training sets. As a bunch of you know, there's a bunch of lawsuits now, I think Sarah Silverman's one of them, where because you can go to Chat GPT and you can say, "Write me a standup monologue about avocados in the style of Sarah Silverman." And if it generates something that's completely new, but in her style, is that a violation of her intellectual property? 

(24:55):

One of the interesting things with these large language models is they're in the range of dozens of terabytes, but they have petabytes of data. They're actually incredibly efficient compression systems for compressing all of the texts that human beings have ever written into relatively small files. And so if you prompt it correctly, you can actually get it to give you real Sarah Silverman jokes. Not just stuff in her style, but stuff that's directly ripped off from her. What are the intellectual properties issues with that?

(25:22):

Again, a bunch of law professors are super excited about this. If you're interested in this kind of stuff, a friend of mine named Mark Lemley, he's a professor at Stanford Law. He's a famous intellectual property guy. He's also the wizard in my D&D group, and so between fire bolts and... never play D&D with lawyers, because every game, 30 seconds of game time takes seven hours because they're trying to find every single corner case and they're arguing over every rule that's in the rule book, and he's the worst at that, but he's really good at intellectual property law. And so he's written a bunch of stuff about this and there's going to be lawsuits of whether these large language models have any kind of risk.

(26:01):

And some of the things you’ve got to think about is if you're building those things internally, and this comes more to the application developers, let's say you're Target, and you build an AI system that helps you do pricing. When Walmart sues you to say, "Our pricing information was integrated into your model," you need to be able to know one, whether that's true or not. If you've been asked, "Answer the question of does this model include data from Walmart?" For the most part, people who are doing generative AI stuff cannot answer that question. They actually can't answer the question of what kind of intellectual property has flowed into the model.

(26:34):

And then second, if the answer is yes, be able to then have the explainability of, "Well, yes, obviously Walmart's website is public and it got scraped by this underlying model. We didn't do it intentionally. And what we found is by looking at it, the questions that we asked and were answered were determined in a way that actually didn't touch Walmart's intellectual property." Explaining that to 12 people who couldn't get out of jury duty, that's going to be a really interesting problem of, "Let's talk about matrix multiplication in 11 dimensions." That's going to be tough, but at least if you know about what was going into these models, that will be something that you can deal with because we don't know what the intellectual property issues are right now.

(27:16):

The other interesting problems here are going to be AI systems, especially if you're an app developer, are non-deterministic. Figuring out what they're going to do in different circumstances is spectacularly hard. Really, the only way to do that is to try it. And again, this is a lot like I was saying in the early days of the security industry and that right now people are trying lots of things that have never been tried before with these AI models. And in doing so, they are expanding our knowledge of the things that can go wrong, but doing so in a way that's comprehensive is actually quite hard.

(27:48):

And this is something that I think every company can learn from the large language model providers, is that the large language model companies that we talked about there, the OpenAIs, the Microsofts, the Metas, now have dedicated red teams where their entire job is to try to manipulate these models in ways to get them to do bad things. An AI model doing a bad thing is called the alignment problem. You want it aligned with what you want it to do. And unlike traditional information security, that turns out to be an incredibly non-deterministic thing, where as hard as it is to look at a piece of software and say, "I can determine how it will react when attacked by a bad guy," doing that on a large language model is effectively impossible right now. And so at least having a team that can front run that is going to be key.

(28:36):

Which brings us to an interesting question, which is whose problem is this? No company here has a Chief AI Risk Officer, and so a lot of this stuff has fallen in the lap of the CISO. As a former CISO, I can speak with authority that random tech risk issues that nobody else owns falls in the lap of the CISO because often you're the highest up person, along with the general counsel, who's all about downside, not about upside. Everybody else in that meeting, the CEO's Monday morning meeting with all the key executives, everybody else is super excited about the company. "We're going to crush it this week. We're going to hit our targets. We're making the world open and connected." And then I come in and people are like, "Oh, shit, it's Alex." And I'm like, "Things are horrible and dark, and if we do our job, people will get hurt." And like, "Oh, we're not inviting you to this meeting anymore."

(29:28):

And so when that's your job, you end up catching anything that's an undefined risk. There's actually literally a quote in a meeting I was in that you can try to figure out the context where somebody, who is somebody you would recognize their name, said "Russia, that sounds like Alex." "Okay, thanks." It's not actually my problem, not information security problem, but it's Russia, so that's an Alex problem. And that's what's happening to CISOs right now. It's like, "AI, that sounds like the CISO," but these risks are not just information security risks. They're actually not even purely technical risks.

(30:03):

And so for companies that want to be thoughtful about this, you need to have effectively a committee of a couple of different executives. You have to have the general counsel, you have to have the CISO, you probably need the CIO, and you need people who represent the product development teams, either the line of business apps or the products that you're shipping, to talk about how are we going to manage this? And then a team has to own the operational side, and it's probably going to be the security team, but in the end, they need support from all these other folks because there's a bunch of risks here that a CISO is not qualified to speak to by themselves.

(30:36):

And so if you're going to take something away from something you do in your own company, my suggestion would be to build a spreadsheet that looks something like this and try to fill it out. You can see here for the use cases, here are a bunch of examples for these different categories of things, the kinds of things that you might be doing in AI with AI inside of your company. And for each of those categories, you want to have three levels of maturity. The first level of maturity is discovery. You want to know if this thing is happening or not with reasonably high confidence inside of your enterprise. The second is then to be able to monitor what's exactly happening. Discovery is, "Oh, somebody's uploading our contracts to Westlaw." Monitoring is, "These are the contracts that were uploaded," and then eventually you want control of, "Ah, this person tried to upload this contract that had this magic word in it, and because that was there, they're not allowed to do this."

(31:30):

The third column is effectively impossible as of 2023. These tools don't exist, the mechanisms don't exist, but for the first two, existing products that you already have can be used. One of our clients tried to figure out, "Well, what's the scale of our problem?" And so they looked into their Zscaler logs, which is just monitoring all their outbound traffic, they're like, "How much flow has there been between our employees and chat.openai.com?" Turned out to be about 50 gigabytes a month, which is not good because this isn't people watching Netflix. This is text. 50 gigabytes of text flowing up and down, that's a lot of data and probably a lot of proprietary data. And so your next step after that would be to use monitoring agents, to use man in the middle capabilities, to use DLP systems, to try to watch what is actually flowing up and down so you can determine how bad things are, and then you might want to build controls.

(32:29):

I'll let our host today, DataGrail, tell you about all the different boxes here that they can fill with their product, but it's the off the shelf stuff right now, if somebody sells to you, "We can solve all your AI problems," they're full of it, and I would not believe them. But if somebody says, "Oh, well, you know what we can do, is we can help you figure out when this data is going, we can help you monitor it, and then eventually we will be able to help you control it in real time and try to control your risk, as well as control the risk of products you've built internally of the decisions they're making, of what kind of prompt injection and attacks are happening, of whether or not they're doing non-deterministic things that are actually hurting your users or your customers."

(33:10):

Eventually, that is your goal, but right now, that's completely unrealistic. Instead of trying to boil the ocean and have analysis paralysis, my recommendation is try to fill out that first column now and then go to your executives and say, "This is the size and the scope of this problem. We need to build a framework internally that helps us at least get to the second and eventually to the third," so that when you have those in place, when that new talk happens, when you see somebody go up on stage and say, "Here's a way that I can break generative language model systems, large language model systems to make it do something really bad," at least you know, where is that in our system? What kind of impact could it have? And then perhaps have a tool that allows you to mitigate it without throwing the whole thing away, which is realistically as good as you can get right now. Anyway, I want to thank our host, DataGrail. I'll be hanging around if anybody wants to chat. I'm also [email protected] if you want to chat at all. Anyway, have a great day.