Risky Business - Soap Box: Why AI can't fix bad security products
Episode Date: August 1, 2025In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where ...it isn’t, and why AI can’t save vendors from their bad product design choices. This episode is also available on Youtube. Show notes
Transcript
Discussion (0)
Hey everyone and welcome to another risky business soapbox episode.
My name is Patrick Gray.
For those of you who don't know, these soapbox editions of the show where we talk to a sponsor about some big topic, and today that topic is AI.
These soapbox editions are wholly sponsored.
And that means everyone you hear in one of these shows paid to be here.
And today we're speaking with Josh Camdew, who is one of the founders of an email security company,
named Sublime Security. And we're going to talk all about AI, what's hype, what's not, why
every single day, Josh, I get an announcement land in my inbox saying, hey, guess what?
We've now got agentic AI into our product. You're not interested in agentic hot dog or not?
Yeah, yeah, yeah, exactly. It's like hot dog, not hot dog, was literally talking about that the
other day with a friend. That's a Silicon Valley reference for those who might be confused.
But like, it just seems like every single vendor right now, they're doing some sort of agentic AI, LLM-based thing.
You look at a lot of it and you're like, okay, you've done this engineering work for the press release.
Like, this isn't a real thing.
But I have to say, that's the minority.
If I look at what most people are doing with large language models, it actually seems pretty sensible.
So before we talk about what you're doing, what's your general take?
on our industry's approach to using this stuff because I got to say I you know most of the
time I'm looking at what people are doing and I'm like okay that makes sense that's that's
useful yeah I think it makes a lot of sense for a lot of use cases the way I think about this is
there are there are problems that we have as an industry or if you are like a security
analysts or a security engineer or a detection engineer. There's problems that you face every single
day as an organization. And there are problems that AI agents, LLMs, are genuinely good at
augmenting your workflows or automating a lot of that work. And there are some use cases that
doesn't make as much sense. But for the most part, I think it's a very good thing for the industry.
Yeah. I mean, one of the things we were talking about before we got recording,
just in a little sort of pre-briefing chat
was that one thing
that LLMs have done mercifully
is put a bullet into the head
of the idea that people need to use
scripting languages, right?
Like the idea of someone introducing a new seam product
in 2025, 2025, 2006,
and saying, yeah, it's really awesome,
you've just got to learn this query language.
Everyone's just going to tell them
to go shoot themselves in a ditch, basically.
Yeah, I mean, it turns out LLMs are very,
good at developing generating detections, whether it's, I mean, you've seen, I'm sure, like,
Claude Code if you're doing like Python or Go. And so if you give an LLM enough context and
documentation and tooling and knowledge on if it's some sort of scripting language or
a DSL or whatever it might be, it can be extremely good at doing that work. Yeah, so that's, but that's
the interesting thing, right? Which is that the scripting language will still exist. It's just the
user won't have to have anything to do with it anymore. Yeah, yeah, yeah, exactly. And I think
there's a lot of capability, like raw horsepower behind some of these tools. And I think
enabling, it's basically like all the good without any of the sort of like, you know,
learning curves that you might have to take on otherwise. And that's just like one sliver of
the use cases, like there's the generation, these are more kind of like GPT-esque or LLMs, but then you get
into really more agentic workflows where we're talking about alert triage and like post-processing
and analysis. And there's like this whole kind of ecosystem of use cases that may make sense or
don't make sense to apply to. Yeah. So let's get into what you're doing with all of this stuff.
because for those who are not familiar, sublime security is, you know, it's an email security firm
much in the same way. You know, it's just a modern take on the proof points of the world on
what are the other ones? I mean, you've got, oh, what's that one? I always forget what they're called,
Mimecast, they're still a thing, right? I mean, yeah, there's about, there's 150 maybe, maybe more.
Yeah, but there's like a handful of ones that just like are really big. So you'd say that would be
proof point I think abnormal is one of the sort of newer ones that's that's quite
popular so very much in that vein right which is filter out business email
compromise filter out malware filter out fishing and whatnot I guess one of the
things that makes sublime different is every installation is different you know
basically you use machine learning language so that your product adapts to
every environment it's efficient it allows people also to do detection
engineering across their their email info
which a lot of these services don't, right?
Like, stuff will be slipping through
and you send them an email and say,
hey, would you mind catching messages like this
and maybe someone gets to it in a couple of weeks?
With Sublime, you can kind of crack the hood.
So it's very much like an email security platform
where a security team can go mess with it.
So I can already tell that there's going to be opportunities
to do stuff with agents, with AI agents in that.
Seems a pretty wide open space, though, right?
So why don't you tell me where you actually chose to focus
and what you did there.
Yeah, well, maybe a couple words on, like, why it's even important to even, like,
solve these, like, solve these problems.
Like, I mean, I'm sure the audience is probably tracking all this stuff.
But what we're seeing in the threat landscape in the email space, I mean, we're seeing
this in not just in email space, but we're seeing adversary adoption of generative AI tooling
to make their attacks more efficient.
Like there's all of these really rad use cases that we can use on the defensive side.
Obviously, any good thing an adversary is going to see if they can leverage for to make their operations more efficient.
So, you know, Google Threat Intelligence Group put out this report on, because they have, they have vantage point of Gemini.
So they can see adversaries using and abusing Gemini to conduct targeted spearfishing operations and, you know, iterate on malware and do recons.
and things like that. So we're seeing more and more sophisticated attacks. We're seeing more
rapid adaptation. We're seeing more tailored attacks. It's basically like spearfishing,
which previously was like super manual and time intensive and low volume. And now it's like mass.
It's happening everywhere. It's automated. And so being able to like adapt to the threat
landscape is super important. It's one of like the key things as we actually as we see the threat
landscape evolve more and rapidly. And so the way that we're applying these capabilities on
top of our platform, because you mentioned like the way that we are designed, we're architecturally
different than every other email security solution. So we have a core detection engine that's,
that is actually like a purpose built domain specific language. And so that can describe complex,
attacker behavior. And like you mentioned, it's customized and tailored and it learns on a per
organization basis over time. And because it's a language that computers can speak, it's a ripe
use case for AI agents effectively to autonomously or even semi-autonomously with human review
improve efficacy over time. So you see a new technique. Well, the traditional approach to this has
been you file a ticket and you wait and like maybe at some point in the future weeks months
sometime passes and maybe there is a hand wavy like yeah we we we close this well if you can
have an agent speak this language and this is like one of the really really cool things that
we built and we're rolling out to our customers as we speak is our autonomous detection engineer
or ADE and it can basically just like monitor our customer environments and autonomously like
improve the efficacy and respond to changes in the threat landscape.
Well, how does it do that?
Because you mentioned earlier, right, oh, well, you know, some of it's autonomous and some of it
requires human review.
Yeah, yeah.
And this is where this is where the rubber meets the road when we're talking about agentic
stuff, right?
is because there are some things that like LLM driven agents can do where you can be completely
hands off. You don't have to touch them. It's fine. Right? Yeah. But when it starts getting into
more subtle, nuanced, context dependent stuff, everyone's, especially around like creating
detections and things like that. Everyone tells me the same thing, which is it gets you 90% of
the way there. Yeah. So at what point, you know, where do you draw the line between what features you
release, like how autonomous versus semi-autonomous does it need to be before you ship it out there
to customer? Like, I just want to get an idea of your thinking there. Yeah, yeah. So we have,
we have two agents. And so we have our autonomous security analysts. And the way that we think about
how, like, what makes sense for an agent to solve and how we solve it, we were talking about this
before we, you know, we started on the show was like, what are the functions that humans do today
that we think an agent could be effectively like trained or guided or given the right tools
and knowledge to perform really, really well.
So the first is our autonomous security analyst basically acts as a tier one, tier two analyst
to investigate triage attacks in depth and then take actions.
And one of the really just really like valuable things that ASA has access to is
is the context of the environment because it knows prior communication patterns, it knows what's
normal, what's not. It also has a really deep knowledge base. So we have basically fed it our
entire detection repository. We basically told it, this is how you build detections in sublime.
And we've also given it basically all of our like machine learning functions and enrichments.
And so it can basically go and do these investigations. It can take actions like quarantine
a message. It can reply to an end user and say, hey, thanks for reporting this. And so that's Agent 1.
And I'll come back to how we think about efficacy and automation. Well, and straight away, like you
mentioned that I can thank a recipient of a bad message. It can thank for reporting it. So I can imagine
that like if you set up a workflow, which is someone reports a message, then all of these things
should happen. But there needs to be a little bit of investigation. And these things are usually either
obviously really bad or not. So, like, I can understand how you would get an agent in place
that would just handle that for you. Like, that makes sense to me, what you described. Yes. Yes,
100%. And I think there are certain classes of problems in security that are actually, like,
not solvable by agents today. Like, we call this, I've been kind of on the road show
giving this talk called like machine versus machine. And one of the things that I've been talking about,
is the security AI agent Trilemma.
So I have officially coined this term.
So if you hear it around, you heard it here first.
And it's basically this Trilemma that there is a tradeoff in terms of what you can actually,
in terms of the constraints that you have with agents.
So basically like if you, the Trilemma involves basically speed.
cost and efficacy. So if you want something that is low latency. It's a pick two out of three
sort of thing, right? Yeah. It's pick two out of three. Yeah, exactly. So like if you want it to be
really fast and really cheap, then it's not going to be effective, basically. And so alert triage
turns out to be one of those use cases that is actually really perfectly kind of fit for this,
for using agents because it doesn't have to be like real time.
And when we're talking real time, we're talking like milliseconds.
So you can take a little bit of time to do it.
And the volume is like relatively low.
When we talk about real time detection systems, we're talking very high volume.
We're talking like an email security system that's analyzing every message.
There's millions and millions of messages.
So you can't apply an agent to every one of those messages because it's going to
to be far too expensive or the latency is going to be too high. So alert triage, it's like
relatively low volume. So it's just like it's like a great use case for that. I remember a paper
coming out, I don't know, 15, 20 years ago about a concept called near real time detection.
And the context was absolutely around like sandbox, blowing up attachments in sandboxes, right?
And they called it near real time detection. Because if you detect something a few seconds
after it hits someone's inbox, that's fine. Yeah. You can just nuke.
you know, you can go and nuke that message, right? So I'm with you. And also just on alert triage.
I mean, there's entire businesses that exist. And I know you know Ed Wu over a drop zone, right?
And like that's all they do is like alert triage in a seam using agents because it does.
You're right. It works really well. Because it is that mind-numbing work.
Exactly.
That people just don't want to do anymore. And this is going to keep coming up as a theme as well, right?
which is like you kind of have to think about these AI agents instead of thinking them about,
you know, computer science lecture building blocks, they're much more about like, you have
to think of them as like kind of people with limited capacity, right?
Exactly.
And I think there's a couple key things when it comes to efficacy and evaluating efficacy.
It's like if you try and solve every problem or every, every, let's say every alert,
let's just stick with the alert triage problem.
If you try and have the agent basically like force a verdict and force a decision on every single one of those,
you're going to get some misclassifications.
And so one of the things when we're talking about efficacy in sublime is that particularly specifically with our autonomous security analyst is a around transparency of the of verdicts and chain of thought,
but also allowing you to passively basically see what it would have done.
So instead of taking an action, you build confidence over time.
And then I think the really key thing also is not just like an analyst in the sock,
like a tier one, tier two analyst where at the end of their investigation, if they don't know the
answer, they are going to escalate that to tier three, right?
And so if you, for, just so for ASA, if ASA isn't confident in its verdict, then it will actually
render an unknown judgment.
And so that is at the point where we want, we want a human review.
And obviously you can, you can customize that too and say, hey, I don't want any, like,
in this unknown case, insert a warning banner instead and just like, you know, mitigate
some of that risk.
But I think it's important to kind of understand what are the limitations and then be able to
account for that in the decision making process.
Yeah, I mean, I think it was, again, going back to Ed, right?
Because he's very deep in this stuff.
I did an interview much like this one talking to him about these agents,
and he said, you really just have to think about these agents as being really like 14-year-olds
who are really eager to please, right?
And they will lie to you if they think they're going to tell you something you want to hear
because they haven't yet grasped that lying is bad, you know?
Yeah, yeah, yeah, yeah, exactly.
So this is like, so that's a.
Now, the agent that I'm really, really excited about is Ade, our autonomous detection engineer.
And this is the first time that we are talking about this publicly.
So hopefully my marketing team won't kill me for this.
But we are starting to roll this out to our customers.
And the Ade will basically be able to take any sort of misclassification and tailor and autonomously build a
fix for that misclassification within the context of our customer's environment.
And you asked about like efficacy and kind of like, how do we know if something is good?
So one of the one of the problems with agents is the lack of predictability in some cases, right?
It's not, you can't guarantee certain outcomes.
And so for us, we're able to combine ADE with our underlying detection language to make it predictable.
And so when we're talking about tuning a misclassification, we first take an attack.
Let's say there's a new technique.
You know, your QR codes were big about a year ago.
There's all kinds of like new techniques.
Now SVG smuggling is big.
and so the first thing we do is we pass it we give it to asa actually so we we've got like a multi-agent
system these agents are communicating with one another so asa will actually produce a report
initially and get its verdict and get its analysis and summary of what's suspicious about the message
pass that to ade and ade basically has this knowledge base it has access to the dsl this really
specialized toolkit. It will generate a new detection. And then it will backtest that detection
across historical messages. So we've got a backtesting and retro hunting capability that you
mentioned earlier. So it'll run that retroactively. And for every one of those results,
we'll run those through ASA. So to assess, hey, are these false positives or are these actually
attacks. And so it'll basically iterate on that detection and ultimately until it gets to a highly
effective detection. And then it'll output that to like this final result along with full explainability
on how it got there. And so then you can, you can like accept the new detection after that.
So you can accept the new detection after that. I guess once it's already kind of run,
it's showing you what's working, right? It shows you the output. So I think,
that's a little bit different because what a lot of people are doing right now and this is still
early days right but they're using an agent to generate some sort of detection as code right
they they crap that out into a window and then people kind of have been reviewing it line by
line making sure that it works before they deploy it to prod so this is a bit different right
in that you're getting the whole thing has has gone through you're seeing what the what the
output of it is yes before you're actually choosing to approve it
So that should make it actually from a workflow point of view work pretty well.
Do you have like beta users of this already?
Yeah.
And this is how we get to fully autonomous, to be clear.
Because once you, like if you're just generating a new detection and yoloing it, right?
Like you have to, you're not actually doing the work of a detection engineer.
And so a detection engineer is going to validate the efficacy of a detection before they publish it.
And so that's exactly what Ade is doing.
And so what we're moving towards, right now we call it, you know, semi-autonomous because at the end of it, we still require human review to actually like accept, you know, review the results and accept it and push it forward and then deploy it live.
But once you, you can establish criteria, like efficacy criteria after you build confidence and say, hey, if this comes back and we ran it over 30 days of retro data.
and it flagged 10 messages and Asa said all 10 of those were an attack, then I want to
automatically approve that rule to go live in my environment. And that's how we get to fully
autonomous. And that's ultimately how we, I think we can solve this like, you know, we've talked
about how real-time classification at high volume is not a problem that can be solved directly
by agents because the cost is too high because of that security trilemma. But in this architecture
where you're basically, you have the DSL at the core and then you have this agent ecosystem.
I think we're effectively doing that, so where we can basically autonomously improve over time.
Yeah, now, this begs the question. Like, this sounds awesome, right? But like what, where does it
not help where do the human detection engineers who are working with sublime because the whole point
of your platform right the whole point of it is you can crack the hood you can mess with it yourself
right like that's the point of sublime but now it sounds like what you're building is like it just
goes full auto mode now i get that there's a level of inspectability uh that is not there in other
products so that's that's really cool but like is it getting to the point now where the detection
engineers won't really have to do anything except if
If something slips through, say some other controls, some other control detects that an attachment got through to an endpoint or something, EDR flags it, and you're like, whoa, what, you're just going to go tell these agents, hey, you messed up, go fix. And it just didn't, it goes and it goes and fixes. Is that sort of the future there?
That is like the reality that we're living in now with sublime is that the threat hunting and the kind of more advanced use cases.
those are like, that's like an on-demand functionality where you want to pop open the hood and
you want to do something very specific, very bespoke. And, you know, like maybe it's an IR use
case or whatever it might be or maybe Ade failed to generate an effective rule. That is one thing
that we, like, it's not going to go on forever, right? Like there is like, you know, some sort
of feedback and validation where at the end of the day, if it doesn't work, then we're not
going to push it live, right? And so we are, we're now working with customers who are never
touching any more advanced functionality of Sublime, right? They're just deploying it. It's largely
set and forget. And it's just, it just works really, really well. But because you built this
with the scripting language to begin with, it's given the agents something to use, right?
because it's like it's you you actually build something with an architecture that was well suited
to have AI bolted onto it in the end so i mean you kind of you kind of pulled a homer on this one right
it is it works really well because like we get to do we get to do everything we get to work with
you know we're working with one university who is a hundred thousand mailboxes one person
IT and security team right they never look at sublime ever it's full autopilot and then on the other
hand we're working with you know like some really sophisticated
organizations like Netflix and Spotify who are in the weeds building detections or doing threat
hunting. And so these days there's there's, you know, sublime works for all of these types of
companies really, really well. I mean, you know, you just mentioned, okay, they're doing this
really sophisticated stuff around threat hunting. I mean, you and I both know Damien, right,
building a company called
Nebulaque which is
and I can talk about it because like at the time
of recording their stealth but they're
going they've announced that they're going live next week
which is and I know you know them so it's fine we can talk
about it oh yeah so by the time this goes live
they will have announced but they're doing like
automated threat hunting right
so at like at what point
does their agent like ring up
your agent yo hey
incident responder you know incident responder
slash threat hunter here
I need some data.
Can you help me, right?
Yeah, yeah, yeah.
These are, so we've actually been thinking about this, like agent to agent architecture.
So we're, Sublime is basically like a multi-agent architecture where we have got many of our
own agents.
Our agents can spawn other agents.
They can work together.
And then the next evolution of where I think we are going as an industry is you're going
to have agents of other companies talking to other agents. So Sublime's agent, ASA, or Ade, or maybe
our incident response agent or whatever, is going to need more information. Did this execute on the
endpoint? Okay, let's go talk to the Nebulauch agent. Let's go talk to, yeah, let's go talk to Mr.
Crowdstrike agent or, yeah, exactly. Crazy. So that's, that's where we're headed. 100%.
That's where we're headed, yeah. Yeah. And I mean, I guess the question is at what point
do we develop some sort of standardized method for these agents to exchange information, right?
Because they can just do it by talking to each other, but it's not exactly computationally efficient, right?
And do we develop that method of interchange, or do we let them work it out?
Because they probably can.
Yeah, I mean, there's MCP now, but for many of these use cases, the APIs are well documented,
and the data is like pretty kind of, like, it's not that crazy where,
you can just give it the data, and you can just give it the data model or the schema of how to make an API call, and it can just figure that out.
So I'm sure we'll see more adoption of like standards.
Oh, you want some data, do you? Here's my schema. Go have at it, right? I guess it's like that, right?
Oh, do you need help using my API?
That's right. A little clippy, clippy for AI agents. That's what we need.
Yeah, it looks like you're trying to query a database.
That's right. It looks like you're doing incident response.
Do you need a query a hash?
But I mean, you know, just look, something interesting has popped up here, right?
Which is that any sort of agentic, anything worth at salt is multi-agent now, right?
Like the idea that you're just going to do like one agent, you know, and I think that's why,
I think that's why people are skeptical still about some of this stuff is because if you go
and start messing around with like chat GPT or Gemini or whatever, like it's a frustrating
experience because you're dealing with these single models that are trying to be all things
to all people. Yeah, yeah. You know, and it's, they're bad. Like, let's just say, like,
as a replacement, you know, they're frustrating to use. But I think when you're talking about,
like, specific models that are designed to only be given bite-sized tasks that they can
actually chew, that's when it starts getting genuinely useful, right? But you have to scope it
properly and part of scoping it properly is using a bunch of models together and each one of those
models knows what its job is and its job is small. Yes. Yes. So this is a really important point,
especially for anyone who's like thinking about doing this, right, is that these models,
like a better model, like a model that quote unquote performs better generically will perform
worse at a specific task than a lesser model that's given the right context tools and knowledge
and that's something that like we have valid and that's why ASA works so well is that the extent
of the contextual information it has in the environment the tooling that's available to it with
our DSL the knowledge base that we provide it we are literally I mean we have so much knowledge that
we are basically as part of like, you know, like the context window and the prompt that we give
it, it's all, there's so much deep knowledge and domain expertise. And so if you, like, those are
the things that are super key to making them really effective. Now, what you're describing, right,
in terms of what sublime is now. And it's interesting, right, because I'd imagine that there's a lot
of these other large email security providers who, like, they just can't do this, right? Because
they don't have the DSL. They don't have the site-specific context, right? Yes. It requires like this
next, it's like a next generation of architectures that I think that this is like the architecture of the
future for real-time detection systems at large, like not just for email security. Yeah, I think that
this is like the future of real-time detection and prevention, yeah. Yeah, but the way you've laid it all
out, I mean, it really does sound at full disclaimer here, right? Like, I'm an advisor to sublime,
I'm so they do well, I do well, but it does pretty much sound like the way you're describing
it. Like it is kind of the holy grail, right, of like a system like this. Like what, what more
can you do here to like make it, make it better and like easier to use and more effective?
Like I'm sure in five, 10 years, someone will think of something, but like right now, like it's,
you know, at what point are you just like, ah, I'm done. I'm done. I'm out. I'm out.
I'm going to resign. Like,
But like what, you know, where do you go from here?
Okay, so there's a question.
Where do you go from here with it, right?
Now that you've nailed down this sort of agentic stuff and it's like a self-sourcing
pudding.
Yeah, well, we, the way that we think about this, I mean, there's plenty of things that we're
thinking about, but just in the agentic space, like, we're just getting started, even
within, like, even for our existing, for our customers today.
So the way that we think about it are like, what are the, what are the things that humans
do on teams today. And so there's, hey, we review alerts, like we review user reports,
we tune detections, we threat hunts, we do IR. And so the way that we're thinking about it is
what are these like different things that humans are doing today and how can we take that
workload off of them and augment them? So we want them focused on the most high leverage things.
them doing the the menial things like that that should just be automated away and we want them
focusing the most high leverage stuff but i mean it sounds like you it sounds like you're there already
with most of it like what's left to automate away i i don't want to i don't want to give too
much away but there's things like you know there's like i what do you there's like a bunch of things
that you do in like i are you know like you you want to maybe correlate campaigns and you want to you know
We do a bunch of that already today, but I think there is opportunity to...
So is this for customers to do, or is this for you to do back at Sublime HQ to get yourself
like that God view of like malicious actors?
Like within a customer's environment.
Okay, just within their environment.
So you're not sitting back like pulling in some metadata across all customers and, you know.
Well, we do.
We do federated threat intelligence too.
But what I'm talking about, like, I think that's ripe for automation to in agentic use cases.
but there's also, like, at the per customer environment level, when you receive a campaign,
you, if, like, large campaigns might hit, you know, for a really large organization,
it might hit 1,000 people, 10,000 people.
And so now what we're seeing is more and more diversity in those campaigns.
And so with Sublime today, like, we have a fuzzy grouping technology, like we have fuzzy
grouping under the hood where we do our best to correlate similar messages in a campaign together
so that it's one click to remediate or it's automatically remediating all of them at once but as we
see more and more diverse campaigns that fuzzy grouping problem may get harder and so from an
iR perspective you want to go and you want to understand the full impact of a of a campaign what other
users receive this and so today you might be doing some manual operations via your sword
to like you know search for a wild card and the subject and you're all these techniques to find
similar messages well that's something that could potentially be automated yeah no i'm i'm with you
i'm with you so it's like it is that sort of threat hunt use case where you've got another
agent that is just you might it might get a tip from yet another agent
right like this is a bad message go and go and investigate see if there's anything else that could
possibly be clustered with this like i get what i get what you mean yeah yeah and like i'm not saying
that's the next thing kind like that's where even doing that it's just like those these are this is how
we're thinking about it that there's a bunch of just like manual things that people do today
how can we augment them how can we let these agents work together more efficiently and and uh
to solve the problem solve these problems for our
customers. Now, before we wrap it up, I've got to ask, what is the most spectacular,
like, agenic fail you've seen developing this stuff, where it just went absolutely haywire
and did something insane in a dev environment? What's the best one? I can see from your smile.
There's, like, many, many cases, but like... RM-RF on the prod database. No, I'm just kidding.
Did you see that Twitter thread recently on this?
I think it was like repelit.
Repelit agent went rogue and like completely wiped some dudes like entire prod database.
And he was just like just developing and it just went off and just like wiped all of prod.
It's like, holy shit, dude.
I don't know.
You know, it's hard to know if those stories are real or if it's just like social media.
This one was very real.
Yeah.
Oh, dear.
Man, you don't need that.
I mean, you know, so maybe not our MRF, but was there anything, you know, anything you could think of
where it just, I mean, I'm guessing most of the time it's just like, oh, well, that didn't work
really well or that classification was wrong, but can you think of any, like, funny ones?
You know, I'm mining for comedy here.
Yeah, like, there hasn't been anything to that degree, like, because the way that we, like,
these are very constrained problems.
Like, we don't have agents going off and, like, going into these other systems doing crazy
it's, like, very much a constrained problem where you're, you have an output.
you know you're rendering a verdict you're rendering a judgment you're building into a detection
you're a threat hunting it's kind of very constrained problem so we haven't had anything
crazy like that yeah oh that's a shame that's a shame i expect i expect to be the first to know
should that happen i will let you know for sure all right josh camjou thank you so much for
joining us uh for that discussion uh very interesting stuff um yeah it's it's cool it's just cool
This stuff is like, you know, I'm a believer, right?
As much as it annoys me to say it, I'm a believer.
I never thought, you know, like, I'm a security guy to my core.
And, you know, I would have been a skeptic like a couple years ago, but I am a believer now.
Yeah, I mean, I'm not a believer in the whole, like, are these generic agents.
I mean, I think they're an efficiency tool.
I stand by my initial take, which is that they're an efficiency tool.
I think the generic agents are only ever going to get so good.
but yeah I mean I caught up with a friend in Melbourne a few weeks ago
who's like one of those people who loves to poop on new tech
and I hadn't seen him in years and I'm like hey what have you been up to
he's like man I've been playing around heaps with AI and it's amazing
and like seeing this guy like Captain Cynical it's really sick it really is
he's like he's like the grumpy cat of Australian Infosec
and seeing him sitting there just like raving about like all of the cool stuff
he's been doing with AI anyway anyway we'll wrap it up there
Josh Camdrew, great to see you as always, my friend, and I'll look forward to chatting to you again soon.
Thanks, Pat. Me too, man.