Transcript
Hi Mike Matchett with Small World Big Data. We are here today talking about, I don't know, how would you say this disinformation, deception, uh, deep faking stuff. I mean, AI is getting a little bit out of hand, and I'm talking about the bad uses of AI. Uh, what do we do about it? Well, we've got we've got some tools at our disposal. We've got some solutions coming out. We've got Netarx here today to tell us about their flaws, which will help us combat disinformation. So hold on just a second. Hey. Welcome, Sandy. Welcome to our show. Hi, Mike. How are you? Um, this is good. Um, now, Netarx is interesting. Netarx is, uh, a company. Were uou involved in Netarx getting started. I mean, how did and how did you get interested in disinformation? I mean, it seems like a strange place to to go in one hand. Yeah. So, um, yes, I am a founder, and and, uh, specifically, it was a few years ago now where I was, uh, literally in a, uh, a lunch meeting where, uh, a mid-market lender was answering his phone, and I saw all the blood just rush out of his face, and, and, uh, I said, hey, are you okay? And and, uh, he said I was just a victim of a wire transfer fraud, and, and his company had given a loan and was convinced it was a social engineering attempt. Uh, was an attempt. It was for real, uh, where they were duped into believing that, uh, they changed the wire transfer information, and and they were fleeced for some $300,000. So, uh, that was the third such incident that I had seen in just a few short weeks and realized, hey, this is going to be a big problem. And so that evening literally started to write, uh, the first of many patents that has, has filed. And, uh, I've written a number of patents over the years and, and quite honestly understand the value of intellectual property. And I realized just how important this problem is to solve. You know, we're at a point now where people just literally can't trust anything that's on their screen. All right. So just just stepping back a little bit, being somewhat, uh, having read a few anecdotes about people who've gotten phished socially and wire fraud. It's not just one thing, though, that they've been fooled with. It's it's a number of different things and a number of different facets. Like it's maybe a phone call, maybe it's a video, maybe it's a some faked up email. Um, and so, you know, we're I mean, is that what you're seeing is that people are getting attacked from multiple directions, and it's starting to become coordinated from this multi-modal, uh, bad guy approach. So, yeah, absolutely. It it is multimodal in many respects. And, you know, email is still the primary vector with which most social engineering impersonation and other sort of deepfake attacks start. Uh, but it quickly escalates into other forms. You know, many people will receive an email with an invoice and it'll say, oh, you know, here's our w-9. And so, um, our own accountant actually had a situation where then she called us and said, hey, look, the w-9 is wrong. And and they're like, oh, we'll fix that for you. And they sent a new one, right. And, and and so, um, effectively, in order to stop the, the problem, the disinformation, the impersonation, the deepfake. You have to ingest every single signal you can possibly make. So, you know, when you walk across someone in the street, you recognize them, you recognize their hair color, eye color, height, weight, everything. And and so it's no different than when you are actually interoperating with someone in a digital perspective. And so you need to ingest all the digital signals. And so why we need to make sure that we're protecting your email and your voice and your video and, um, text messaging, all of the different ways in which we communicate. You will need to ingest all the digital signals associated with all of those different, uh, communication modes. And so you need to understand their IP address and GPS and email and and tenancy whether or not it's, you know, maybe it's a Gmail account or maybe it's a Microsoft 365 account. And and whether or not it's a team zoom to zoom or WebEx, uh, all all of the things have embedded information associated with it. We call it metadata. So I make an inference from metadata. And so you've heard of two factor authentication. Yeah. Well we're currently about 75 factors. All right. But we don't call them factors. We call them features in the AI world features. So so let's just you know I think we cover a couple topics there. So the problem is multimodal. Uh, you in order to solve the problem. And this is all about AI in the background here. Right. Good good and bad uses of AI. I think it's like spy versus spy in the old mad magazine situation with the black hats and white hats doing this, but good, bad AI um, but, um, in order to to to defeat this sort of multi-dimensional attack on. We'll call it an attack because that's what it is, where someone is spoofing you in multiple different ways. You need to apply to protect yourself. Something that can look at all those different channels at once is that that's what you're saying, right? And so you've got you've got the IP in your product, which uh, what's it called? Uh. The. The, the the floor, the floor. Right. Uh, I hope there's a, I hope there's a good acronym there, but we'll go with floor for the moment. Um, and, and it's, it's looking across. It would have to look across all these channels. How does it do that. How does it get information from what you say, 75 different channels. Yeah. So the floor is an agent or a plugin. We have two different flavors. And effectively what the end user, it's installed on every single end user device, whether or not it's an Android or an iOS device, a windows laptop or desktop or a plug in that would go on, you know, Google Chrome or Microsoft Edge. And the point of that agent is to facilitate the ingestion of all these different digital signals. So all the different forms of communication that you're using when you send an email to someone. We're looking at that email's header. And within the header there's a lot of relevant information. There's IP address of of the sender and or the server that they're communicating through the the SPF D mark DKIM the actual tenancy of the organization that you're claiming you're a member of. And and so the reason why we have that agent is so that we can provide a contextual awareness and that contextual awareness is really important. So I may be new to you, but some other coworker you've had hundreds of conversations with. And that will factor in. So that social graph is where we're gathering all this different information. And then the floor itself is actually a visual indication of threat. Right. On screen it's a traffic light red yellow green. And so people understand traffic lights. And so we've decided to make it as simple and easy as a traffic light. Right. So using it is is a matter of looking at a glyph or a symbol as you will red, yellow, green in the corner of what you're doing. But just, you know, in that brief description, um, you're, you're collecting a massive amount of information. Isn't that also IP and protected? I mean, you're basically creating a shadow trust network itself. Yes, absolutely. But, you know, you have to look at it in the fact that, you know, current systems are all based on the OSI seven layer model, right? You've got the the actual physical layer all the way through the presentation. And, and so what you've created is unfortunately a hole in in the security framework. Why? Well, because this isn't about a firewall or anti-phishing and or EDR. Because you're not looking at the device. It's not the technology, it's the person, and it's the human who is being compromised. Human nature is to trust that. Yeah, I'm talking with you. And you are who you say you are. Right. And so what we're doing is, is we have to realize that we have to go up another layer. We have to literally add another layer to that model to address this. The missing piece of, of of the puzzle. And the fact that all these different security technologies, no one addresses the ease with which you can compromise a person. And so we need to tell that person, hey, based on all the signals. This is the person you've had 50 emails and or meetings and or text messages with versus, hey, this is someone who's brand new to you and or this is someone who's using AI generated content. So you've got this detect the your good AI is able to detect this use of bad AI, uh, ostensibly for disinformation purposes. And tell me right on my screen when I'm doing things, uh, red, yellow or green, like, be careful, don't do this or this seems like it's okay in real time. How's that? How's that real time part work? So? So exactly like you said, we're using AI to defeat AI. And so I'm taking in all these digital signals from email, taking them from voice, from text messages, from a video call, and they all roll up into each has their own model. So we've got AI models for video, and we're making an inference from that as well as for voice as well as for email. And any of the different AI models all go into what we refer to as a voting ensemble. And the voting ensemble is in order to distill out an inference in the form of a traffic light for an end user, instead of getting really complicated and and showing too much data or math or percentage, people don't know what that means. And and so we've made it really simple for the end user to just understand, hey, red, yellow, green. If it's green it's it's pretty safe. It's a coworker. It's a it's a client. It's a vendor. Uh, if it's yellow then there may be something in terms of a warning. And if it's red, we're pretty confident there's danger. All right. Uh, you know, I think it's one thing to talk about green. Uh, but maybe perhaps you could show us a little what this really looks like. A little demo or something. Yeah. Happy to. Here's a two minute demonstration that we can share. Welcome to the demonstration of Netarx. Deep fake detection across all your communications. In this demo, we will show you how Netarx protects against impersonations in video phone checking for AI tampered images and in email. First, let's take a look at how Netarx detects impersonations and video calls such as Microsoft Teams, Zoom and Google Meet. From the application, you can easily view and connect to your scheduled meetings. Once the floor is set up in your organization, a new bot will automatically join video calls and meetings as an attendee. You can see the flip turn from green or amber to red as it detects a deepfake impersonator is in the meeting. You can then open the flip to get more information about the impersonator. Flip is also an Android and iOS app that will list all coworkers. When that coworker calls you, you receive a push notification to your phone to confirm their authenticity. If authentic, you will see a green flip. Let's now see how Netarx can verify if an image is real or altered by AI. In this case, a driver's license. With Netarx, it's easy. You just take a screenshot, image, file or item copied into your clipboard and submit it for verification. The image is processed in the cloud and then provides the analysis. Here you can see the red flip. You can then click into the details to learn more. Finally, let's see the floor in action for email. Once added to your email by the system admin, the floor will show green if the email is genuine, Amber if unknown and red if suspicious or likely. Phishing attempt. As with the other media, you just click into the floor for details on the reasons for the floor indication. For more information, visit our website. I'd say that was pretty cool. Uh, you know, I it looked like, you know, it was just in parallel and it didn't really interfere with any of my apps, like, so it's just running almost outside the apps and not and not causing any performance issues or anything else, but always there. Yeah. So so we've spent a lot of time on making sure that it's seamless and easy to use. And so let me explain a little bit how and why. So, you know, if it's a security technology that that that introduces friction and that requires you to put in a username and password and a six digit token code. People aren't going to use it, so it just needs to be there. The act of you joining the zoom call or the team's call or the meet, uh, or, you know, doing, uh, any other emails or phone calls or text messages, you need to just have it be easy and there. And so the way in which we've done that is we've leaned on blockchain technology. Okay. And so the blockchain technology number one is very secure. But it also allows us to federate and provide it on an on prem offering for high security customers. The defense industrial base some very large banks. And basically what this also allows for us to do is also be post-quantum secure such that if you are post-quantum secure, using a zero knowledge proof, you can effectively use the highest level of of security Available. And when quantum computing comes into place, you don't have to worry about that as being a potential weak point in the security and or disinformation tools that your organization is using. Post-quantum is definitely an important thing that we see coming around, uh, as people realize that, you know, things that they're recording today and sending out that they think are encrypted, uh, can be decrypted in the future if someone just records them, like, it's not it's not enough to be secure in flight today, uh, because the threat is tomorrow, right? In this quantum world, like, it's like, yeah, you might. Don't give out your, uh, bitcoin secrets today on a on a on a what you think is an encrypted channel. If it's not quantum secure, um, because somebody will get get into your accounts in the future. Um, all right. So let's, let's, let's, let's just step back and talk about this idea of, of disinformation. Um, we know this is a growing problem. You know, we all have anecdotal evidence of where do you see this going in 2026? I mean, people obviously deepfake videos already that they can change their gender live and dynamically. How bad does this get? It gets really bad. And and you know, we're subject to NDA for a lot of different companies and large organizations that we're that we're talking to who share a lot of scary stuff. But, you know, the ones that many people have seen, you know, if you go back a couple of years and you look at MGM, uh, they had a social engineering attack where someone called the help desk pretending to be an employee, got a password reset. That person then had low level access, which eventually was able to employ a ransomware attack that took down, uh, MGM for a few days. Ended up costing them about $150 million. Fast forward to last summer. You've got Ascension. Ascension healthcare, uh, 150 plus hospitals or so. Uh, it was a $1.5 billion impact to that organization. We're expecting a ten-x, uh, in the next year or two. Right. It's it's it's just going to continue to get larger and larger. We're seeing many, many small attacks because the ease of, of use of, of these deep fake tools, uh, many of which are free. They can run on a, you know, a few thousand dollars laptop and can convince most anyone that you are not who you say you are. Right. And and so we don't see it getting any better. Uh, quite honestly, the problem's only going to get significantly worse. We all use the expression internally here. The winter is coming. Right, right. It's like Game of Thrones reference there. Uh. So, uh, you've gotta you've gotta be running pretty fast to keep up then, I imagine. Yeah. And and the way in which, uh, we need to continue to run pretty fast is by ingesting more and more inference models, more and more digital signals. We look at inference models as a commodity. Right. Um, we need to just be able to pull in all of these different inference models from many, many different manufacturers, not just our own, uh, in order to, to to have as much data as possible in order to provide that inference. Because at any one point in time, what we've seen is, you know, deep live cam or expressions or Magic cam or deep swap, right? All these tools that are free or very, very cheap, um, they'll upgrade their capability and the face and appearance and and all of the the the the deep fake looks better and better and better each time they come out with a new version. And what we've seen is, is half the inference models stop working the instant they come out with a new version. And so then in the next couple of days and weeks, all the inference model providers will just start updating and tweaking and changing and and retraining their models. Um, and so my point is, is you can't rely on just any one inference. You literally need to ingest all of them into these, these voting ensembles that we've created. And in the future we're going to even automate that. Automate that, keep, keep that forest of AI trees growing in that, in that ensemble. Uh, it's just interesting. Um, and, you know, you, you obviously in terms of getting out there and creating relationships. You've got some partnerships that are growing as well. So this is not something you're just trying to do by yourself. Everybody's going to want to need this information security, right. So any news there? Yeah. So we're excited that we have a multitude now of of partners, uh, very large organizations who are strategic, uh, some financial institutions, consultants and, and a lot of MSPs, a lot of, um, large MSPs who are, you know, clamoring to, to to provide that security for their customers and need the tools. And so when you're talking about disinformation, security and the tool that we provide, it's to help those trust operations and the trust operation may either be in-house with their own trust officer and their own team and or outsourced to an MSP. And so we're able to provide the tool, the floor, if you will, for both of those organizations and both of those types. And it's been going really well. So trust operations something if it's not on your org chart definitely needs to be there going forward. Uh, if someone wants to look a little bit deeper into Netarx and, and figure out what floor really could do for them. Uh, what would you have where would you have them start their their research here? Yeah. No. Reach out. Um, go to Netarx.com. And, um, either click on the demo button or, uh, please feel free to read any of the white papers or the materials that we've posted in a number of videos to try and help explain all the different use cases and or fact patterns that many different vertical industries have problems with. And I'll be honest, 99% of organizations have nothing in place for voice and video security right now, and we're hoping to change that next year and the year after. Yeah, it doesn't sound like the problem is going away since it's ballooning so fast. Uh, and that we're in this, uh, this this, uh, neck and neck Red Queen kind of race. Uh, if you're familiar with the term for, uh, who's going to end up on top in terms of good AI versus bad AI? Uh, and I think the only people standing there are probably going to really win in the long term. Out of this are the people who provide AI to both sides. But we'll different different topic for another day. Uh, thank you for being here today. Thank you for explaining this. No. Much appreciated. Thanks for having me, Mike. All right. Uh, you got to have trust operations going into 2026. You learned you heard it here. If you haven't heard it here first, you've heard it here again. So get going on that. Take care folks, but don't.
