Transcript
Having flexibility to be able to, as seamlessly or as autonomously as possible, be able to understand those changes and change decisions. You need to be very principled and kind of have your tenets around how you want to make decisions and how you want to test and live through those things. And then the success metrics around what you want to watch. Welcome to Control Alt AI. I'm Dimitri Sirota on the show. I sit down with the leading voices of what's next in AI, data, and risk. We go beyond the buzz to unpack the real-world strategies shaping the future. Your shortcut to clarity in a world built on data and driven by intelligence. Hello, everybody. Welcome back to Control Alt AI. I'm excited to have with us as our guest this time to talk about everything agentic, Matt Swan, who's been a CISO, a CTO, and all things technology for quite a long and storied career. So hello, Matt. Thank you for joining us on the podcast. Morning. So Matt, maybe just to get things going, introduce yourself to the audience. Tell us a little bit about you. Absolutely. So for the most part of the last 30 years, I've been in various operating roles, largely at leading-edge e-commerce and financial services companies. So former CTO at Nubank, at Booking.com. Spent about 16 years at Amazon. Spent some time with some incumbents like Citi and large hedge funds like Citadel. And I've been spending more time, kind of recently, helping sort of early-stage and kind of late-stage companies through this shift to agentic and very much security-focused. Well, certainly it's topical. It seems like almost yesterday, we were all shifting left. And now we're all shifting AI, right? In our products, organizationally, Meta and countless other companies are announcing fourth reductions to be AI throughout. But what's interesting about AI, from my perspective, is in a very short amount of time, 2022, I think, is when OpenAI or ChatGPT introduced 3.5. And that was kind of like that kind of earthquake-level effect. But through that period, certainly vendors have kind of had to deal with, hey, we need to be kind of LLM first and embrace LLM and maybe small-language models. That it was all about co-pilots. Everybody had co-pilots in their product. And over the past 12 months, maybe nine months, 10 months, it's been agentic everywhere. Maybe give us a little bit of your take on that very abbreviated evolution from, we need to be thinking about how we adopt LLMs or their kind of derivative SLMs, to, hey, we need to be an agentic company throughout. So what's your sense of that? I think it varies by company sort of size, shape, and maturity level. I think larger incumbents that have much larger engineering workforce that is going to have to adapt to a lot of the change. Like, you want all of it, right? Like, I need a strategy that incorporates the use of LLMs. And also, I want to make my developers more productive. And so I want to use the GPTs. And hopefully, I've been using machine learning in a number of things. I've got some competencies kind of in places. But I think the thing that I'm seeing with earlier stage companies that are really building agentic first and AI first, where the development methodology is changing, right? Where it's almost more prompt development and prototype development, as opposed to sort of those past kind of ways of working. And so it's accelerating much quickly. I think at the larger companies, it's as much of a challenge, but it's an equal kind of people challenge to work through that change of how do you arm and train and embrace that new methodology versus building your company up the first time or in a pocket within your company. You know, there's a lot to be said about that, right? I do think we are at an inflection where people are just saying, hey, do you have AI technology, right? Do you have LLMs in your product? Which I'd be hard-pressed to find a company that doesn't to, hey, the whole organization needs to shift to be AI first. Yeah. No, and it's interesting. This is where I think the tooling really matters because I think how you're investing in a goal or making your engineers more productive, as an example, is one thing, or protecting the code that's kind of it's being produced. However, as you start to get into more agentic development and there's this sort of feeling of a loss of control, but it's really how you insert those humans in the loop to help give you that comfort and trust and embracing the sort of the validation, you know, points and the governance points, you know, along the way. Because I just think increasingly as this unfolds, you're going to just continue to see more agentic, I'll call it staff augmentation, you know, in addition to migrating what's there. It sounds like your general take is that the agents become kind of part of this staff, right? They are an augmentation. It's no longer just about a clippy assisting you as an individual in your day-to-day. You know, it's not just like the grammarly modality where I'm going to help you with some spelling. I'm going to help you with deciding, you know, which nouns and verbs succeed each other. I'm going to do everything for you. And then maybe come back with a finished product. Is that kind of how you see this kind of shift from just pure kind of LNAI to kind of an agentic load of operation? Yeah, I think it definitely will follow a maturity curve. Right? And I think with that, the more you build out this ecosystem, the more trust you have kind of in that ecosystem, the faster that it will evolve. And it's just important. I think it points around like how you govern this and ensure the integrity of it is what's, you know, the most, I think the most important. You know, one of the things, you know, we see ourselves as we're making that kind of shift, like so many other startups or technology companies is trying to understand, you know, which LLM. Are we going to use Codex? Are we going to use Cloud Code? Are we going to use a wide coding platform like Lovable or Replit or something? What are the harnesses, right? What are the kind of rules of the road? Are we going to allow different people to kind of build their own? So you could determine the skills you need for your kind of daily job. Somebody else is going to do that for their job. It's very noisy. How do you see companies thread the needle today, right? There's a lot of different opinions. No two companies seemingly do things the same way. How do you get to kind of something that feels like a gospel or kind of an orthodoxy, a truth of some sort? Yeah, well, I think the truth that's going to be constant is change. And so I think in that, I think in your orthodox, if you will, like having flexibility to be able to as seamlessly or as autonomously as possible, be able to understand those changes and change decisions. Like, so for example, you mentioned kind of multiple LLMs and, you know, which one is going to be the best or most efficient for this task, right? And efficiency, like you see a lot today where over the last 10 years, developers were the biggest constraint and developer spend maybe behind the cloud were kind of top of the list. Token spend and the augmentation, you know, of agents around these things or what's, you know, increasing kind of at that, at that same rate. And so I think you need to be able to build an instrumentation and tooling that allows you to be predictive, not just reactive as to what that spend and what those paths may be. And I think there's going to be multiple winners, right? So I think you need to be very principled and that kind of have your tenants around how you want to make decisions and how you want to test and live through those things. And then the success metrics around what you want to watch. Yeah, you know, I was convinced three months ago that there would be probably three winners, right? Maybe Google Gemini, maybe OpenAI and maybe Anthropic, but it now seems not only with Cohere and those kinds of more specialized LLMs and models, but even like Lovable, there's so much new capacity coming online from these core weaves and from XAI or SpaceX that people can for the first time kind of afford, right? There's these kinds of exotic structures. So maybe we will see a world where there's a whole host of models. And now with these new inference engines that are coming online, these new chipsets, maybe people, even companies could do inference and maybe even training. You know, what's your take on it? Are we going to still be limited to three or maybe we'll see a more expansive world where everyone will be able to kind of dip their toes? I think it will be a bit of both. There's no question that there will be a dominant market share amongst the three or the leaders that are these early adopters that have kind of gotten the scale. Although I think if you think about just because you mentioned, call it chips and inference. So if you think about sort of the Moore's law analogy and kind of how that carries forward with AI, it's not just limited to chips becoming more dense and cost-effective. You're going to see exponential growth, I think, in the way that AI kind of adapts to those things. And so it's 100% within reason that you're going to have a long tail of a lot more capabilities by others, even though you may default, you know, to some of the leading players. Now, one thing you mentioned a couple of times is that with the companies you work with, you're seeing really development is kind of the first area where people are embracing agentic, right? They're going from kind of more traditional kind of scrum teams with epics, and they're going kind of individual developers that have this constellation of agents that, you know, work on their behalf. Some are doing QA, some are doing kind of functional bits. Where else in the organization are you seeing people embrace agentic? Marketing, success, sales, is it everything? No, I mean, look, it's a bit of everything. I think there's no question you can follow the revenue a little bit when people start to look at marketing and sales and how can I drive kind of more penetration and adoption kind of of my product. I think things that are gonna get continually commoditized very quickly are areas like you think about corporate development, like mergers and acquisitions and commercial agreements, like the amount of time to do the diligence or the types of diligence that you can do exhaustively is just, you know, accelerating quite a bit in the space. Same thing with the commercials around, you know, time it takes to legally negotiate and kind of expedite these things and ensure that you're kind of more protected. But I think when sales, customer service and engineering, sales slash marketing, I think of a top three that I see. And in order to enable that, like, is it the CTO in the organization that's kind of covering it or departments doing their own thing? Is it, you know, sales is kind of embracing, marketing is buying some of their own tools like clay, like, are you seeing it spread or centralized? It's a little bit of both. I think it's centralized in the sense that for CTOs and tech leaders, when you look around the table, kind of at the CEO's desk, not everyone is always the most technical. And as a result, they kind of defer to the CTO to say, oh, well, AI must be technology, therefore we must rely on, you know, that tech team to kind of go deliver these things. However, as all of these capabilities with third parties are being evolved and kind of coming up to stack, I think you're seeing people being pitched and embracing more in, you know, when it comes to whether it's marketing or sales or product or, you know, even customer service and kind of down the line. So I think you see it from both angles, although there's more of a concentration, I think, with CTO and tech leaders. I think the pressure is coming from the CEO regardless that we knowing that this wave is breaking and that we have to advance. Yeah, you know, I'll just share with you what we're doing. We actually brought in a COO with explicit mandate to provide some uniformity and some coherence across different groups, different lines of business. So we don't have like a repeat of 2021 where everybody buys 15 tools and everyone's kind of doing their own thing. And some people maybe are just doing things in the periphery and some people are doing things more fundamental. And so we brought in a kind of an AI change agent to specifically make sure that we have some planning and consistency and cross-team sharing. But look, you know, I think it's because we were doing it, everyone's kind of doing their own thing that we kind of realized that we needed to provide some level of centralized, I don't wanna say centralized planning, it's not a communist effort, but certainly orchestration, if you will. So there's a lot of things that are kind of required in the enablement of this kind of agentic future, right? We talked a little bit about, you have to kind of pick a model, but there's also kind of data readiness. You gotta, you know, what data are we gonna use and support, what context information am I gonna give them? I obviously don't necessarily wanna give them my employee data, I don't wanna give them my healthcare data, I don't wanna, you know, you have to make sure the data is sanitized. There's also the whole decision around MCP. If you're doing MCP historically, you would have to have something publicly facing, which creates exposure risk to the organization. I think now, you know, beginning we support for our product cloud and local. And I think Anthropic just announced that they're gonna have like a tunneling technology so that you can use a local MCP and still have it work with their model services. What do you think, if you had to kind of double click on what people should be thinking about, what is it in terms of kind of getting ready for this agentic future? Is it just picking the AI? Is it picking the framework? Is it picking the harness, right, that consistency? Is it the MCP side? Like, where do they need to be thinking or do they need to be thinking about everything? I think you have to think about everything. Look, I think the last thing that you wanna do, especially at this time, at the moment where things are evolving and changing and maybe not all as mature as they could be or will be, you know, in the not too distant future, you have to protect yourself. Having the right architecture to ensure that you're protecting, you know, your data, your IP, you know, those types of thing is kind of paramount. I think when you start to get within, you know, within those boundaries, then, you know, absolutely, look, the LLM, the harness, your approach to MCP, like, honestly, how do you wanna handle governance? I think that, you know, one of the things at a large, you know, travel company that I was kind of recently at, they were early to adopt, you know, a governance strategy, you know, even at the board level in the same way that you would think about sort of security, recognizing, you know, how much of a shift or change that this is going to be kind of in the environment. And so I think you have to look at it at all levels. If you treat it like a point solution, you'll get a point solution. And I think that's where you'll start to run into some risk. And when you think about governance at the company you were at, do you think in terms of product? Do you think in terms of people? Do you think in terms of process or a little bit of all three? I mean, I think you have to think about all three. I mean, people are your biggest variable when it comes to, you know, wild kind of things. So I think you've got to work to protect around it. You have to have a good process. You have to think about your data and the product. And so I think having kind of a layered, you know, approach where you can look at these things end to end and evaluate your maturity is important. You know, related topic to this, and this is something obviously very, very, I think, close to home for a CTO, maybe a CFO as well. You're going to have some decentralized activity. Every team is going to be working on some initiative and hopefully they have some centralized orchestration like governance, maybe they have a COO or some AI department or committee. Token spent, right? We worry about cloud spent. Everyone is worried about token spend. It seems like you could lose your business based on the cost of tokens. And moreover, a lot of technology companies are experimenting with new pricing where there's no more CAC. You're just paying for like E5 or E7. I've heard Microsoft is rumored to be thinking about that to have like a pure token model, which means it could go up. The more you use, the more you spend. So how should companies start thinking about introducing governors? Are there mechanisms to route between AI models? Are there optimization strategies? Any opinion you could share or is it too early? It's a little early. People are talking about looking at it because it is 100%, the biggest, I think one of the bigger problems that we're kind of facing at the moment. Will governors kind of come into play? Absolutely. You know, I know someone I'm talking with quite a bit that's kind of building out this capability. You think about it like a control plane for AI to kind of help manage your teams of agents. How do you keep a human in the loop, but also kind of more effectively predict and manage the spend? I think the interesting thing is if you look at a lot of the historical cost plays with cloud, it's been, in my opinion, kind of very reactive. Like you can look at the exhaust that comes out of cloud and then make sort of an analytical decision around, oh, what's driving that? And then how do I go fix it? However, with a lot of this agentic development, you now have the sort of the driver on the revenue side or the proactive side of being able to say, before I even deploy this code, can I catch these things proactively and manage them and improve that time to market? No, look, I hear these stories, how people are able to optimize how the agents operate, you know, play around with the context window, and they have huge impact. So the optimization is both internal, and I presume there's going to be some mechanism to do external as well. But look, you know, a brave new frontier for sure. Look, you and I both have backgrounds in security. Obviously, besides the spend problem and kind of deciding over, you know, all the various artifacts that you have and building out an operational AI model or agentic model, security and trust is a huge, huge thing for end users. And because it's a huge, huge thing, it's seemingly there's 2000 companies that have launched in the past 12 months to help you give you peace of mind. How does a CISO get through the clutter, right? There is so much noise, and everyone seems to be doing security for agentic, and you really have to unpack exactly what they're doing to understand what is an access, is it vulnerability? What's your advice as a CISO to other CISOs in terms of cutting through the noise? Keeping it simple is important. Focusing on metrics is important. But then I think also just having, look, it is a broad landscape, and so I think you need a framework to kind of manage your way through it and sort of to assess your risk and maturity levels, I think is also going to be very important in this. And it's the only way to kind of be able to cut through a lot of that, the fragmentation, diversification, just so much stuff that's out there to know really where you have to focus. And I think that if you become overwhelmed or that aperture is sort of is too wide, I think it becomes easy to be overwhelmed. I think the more that you can kind of narrow in and be principled about it, the easier it gets. And these frameworks that you reference, are you thinking of something specific, like from OWASP or from NIST or from like an organization, or do you think they could provide influence for you really should develop something bespoke to you? I think at this stage, until something evolves that kind of becomes a standard, I would leverage the best practices that you use today as a starting point. So when I think about NIST as a good example of whether NIST is 100% tailored for everything agentic and everything AI, you can adopt that flavor to the way that you want to think about it through your organization. And I think it's going to be a little bit of picking the best of kind of what's out there and what you're seeing. And eventually I believe standards will evolve in a more consistent way, but for right now, you got to do the best with what you have. Okay, well, maybe we could develop a framework as we speak. I'd love to get kind of your thoughts in terms of areas where people should be thinking about. Is it the kind of data prep in terms of what data is exposed to the agents? Is it MCP in terms of understanding what resources are exposed, what tools are available? Are you thinking about access control and managing, you know, identifying an agent, whether it's a internal, external understanding kind of whether, you know, where it gets its privileges to access certain things? Is it just monitoring agents for kind of rogue behavior? What do you prioritize? How do you think about, you know, what is a holistic agentic security model? I tend to think about those perimeters and access points for sure. So things like you talk about, you know, MCP and you think about permission. I worry about those things more than the data prep. People have all kinds of data challenges today. They always have. Agentic will help streamline correcting those certainly as we go forward, but that's just kind of known and a little bit kind of is what it is. However, I think once you open up different attack vectors or access points where, you know, agents and others, if you're unable to identify them can move much faster and potentially be much more malicious or, you know, impactful, that's where, you know, I would focus on my initial control. If you think a little bit about the choices that end users have, CISOs, CTOs, people like yourself, they've always had a choice of saying, look, you know what? I see this as an evolution, not a revolution. I want to be able to solve multiple problems. I still need to solve the human problem, right? I have employees I need to manage their access to sensitive data, but I also need to do the same thing with non-human agents. I have exposure points, right? Like APIs, and I have to secure them. But now I have additional exposure points, maybe through APIs, maybe through MCP, maybe through CLI to agents. So what is a best practice? Is it to basically look at the established vendors that already provide value in the human side and have evolved their product lines to support humans and non-humans? Or is it better off saying, look, this is something, there's been a break, right? Treat humans as completely different kind of pathway. And you should focus on brand new companies, right, that are agent-exclusive, because these are the choices that companies have, right? There's no shortage of new vendors born seemingly like in a Cambrian explosion daily. Yeah, I think it depends on how much you're intending to kind of lean in on this, because I think that the thing that I've seen the most challenge with is that larger companies that are more mature, I'll call it, to this point, are having a harder time embracing and adopting a lot of these capabilities. And I think if you go back to, I guess, maybe the early days of cloud and common other things, you could set a team off to the side and say, hey, go be the agentic startup within my company and then go embrace those newer technologies and see if you can kind of build the ecosystem around it. I think as long as that stuff can interface effectively with the rest of your systems and you can learn a lot from it, that's a good thing and that's a way to certainly stir the pot and kind of advance your thinking. I think it is still going to be pulling along the rest of that organization that is going to have to generally adopt and adapt and deal with a lot of the legacy in different ways. Okay, agreed, agreed. Final question for you, Matt, and thank you for being such a great guest. This is the look out in the future, the horizon question. As we kind of talked about earlier, we've come a long way just in three years, three, four years, right? Since 2003, we're in 2026. I think it was maybe even later in the fall when Chet GPT-35 kind of came out and everyone got so enamored with it. So maybe under four years. What does the next two, three years look like? Are we still going to be talking about agents? Are we just going to be getting our arms? Are we going to be talking about something completely new? And any thoughts? Obviously it's hard to predict. We don't have eight balls. It's hard to foretell the future, but any kind of informed guess? I think there's no question that agents are going to be a huge part of the conversation. I think that ecosystem is going to fall and mature. I think it's going to take on more of an enterprise view and kind of, I'll call it, move upstream, fill it with companies. I don't know that I know around the corner like what the next thing is, but it is, I think, between agentic development and agentic commerce and what that's going to mean for kind of so many different segments. Those things alone are going to be probably fairly disrupted, both in evolutionary. A little evolution and probably a lot of revolution. That seems to have been the kind of path of the last three, four years. Matt, thank you again for coming on the show. I really appreciate you. I think a lot of sage advice for the audience. So thank you again. For our audience, thank you for joining us on another episode of Control Alt AI. Just to remind you, you could get access to this. So we encourage everyone to download, subscribe, and of course, leave comments. So thank you again. Well, that's it for today's episode of Control Alt AI. If you liked today's conversation, make sure to subscribe so you don't miss the next one. And for more insights on AI, data, and risk, visit bigID.ai. See you next time. ♪♪
