This episode of Zero Trust Given features Skip Farmer from Primer, alongside hosts Tom Tittermary and Tom Gianelos, and examines the role of AI in the Zero Trust security model. From determining access and trust levels for AI entities to the phenomenon of AI “hallucinations” that produce inaccurate information, this episode dives deep into the possibilities and challenges presented by Artificial Intelligence. This episode is perfect for cybersecurity professionals, tech enthusiasts, and anyone interested in the intersection of artificial intelligence and data security, especially with Zero Trust. Tune in today!
Tom Tittermary
So Hey everybody, welcome to this week's episode of Zero Trust, given your source through Carahsoft and our podcast restoring recording studio here, I'm just going to start all the way over. Hey everybody, welcome to this week's episode of Zero Trust, given where we're trying to be a source for trying to provide some signal for all the noise that exist in that Zero Trust area. I am your host, Tom Tittermary also with me I have Tom Gianell os, say hi Tom. Say Hi Tom. And this week we have a super interesting guest. Every week we're either taking a giant step back and looking at Zero Trust as a whole, or on a week, I'll try to bring a guest in from outside. We'll try to bring a guest in from outside. They can give some really interesting color into one of the individual sub categories, or pillars around Zero Trust. So this week, we wanted to dig in deep, a little bit to one that I find super interesting, the data authorization pillar, but also something that's kind of an overlay to Zero Trust as a whole. And we wanted to get into that conversation. How does AI fit into this as a whole, and specifically with a little bit of a nod around data authorization. So our guest this week is a good friend of mine. You guys are going to love him, one of the smartest people that I know, gentleman named Skip farmer. Introduce yourself, Skip. Hey Tom,
Skip Farmer
thank you too, kind there. But Skip Farmer, I am with primer. I am the director of se engineering. That's a little redundant, I guess, so we'll just say the SES and you know a little bit about primer, real quick primer accelerates the time to actionable intelligence by providing insight through the application of AI to massive amounts of unstructured data. So as we all know, there's more and more data out there. And we were talking about this in preparation here the toms and I about there's just too much information, obviously, for individuals to go through anymore, almost in any task. I feel like it every day in email, right? We get our emails, and now you've got email tools for AI to help you respond and and it's getting pretty busy out there. So I think we have a couple topic areas we were talking about. Did you want to pick one to start? Or we just kind of Yeah, jump in just to
Tom Tittermary
Yes, and what you were saying, anybody who's listening, I my fear is that you could see the amount of unres in my email inbox. I tell people all the time, speaking about signal and noise, right? Like an email will reach me eventually, right? But faster ways to get to me are typically slack, phone, text, like those types of things, right? I probably need some primer to go through my email inbox. But on the topic that we were kind of discussing a little bit at the top, right? So Zero Trust in AI gets really interesting, right? So we've always talked about Zero Trust on the show, and we try to break it down into the primitives, right? There's there's policy decision point, there's policy enforcement point, right? The end of the game is, how do I make sure that people, person entity, or non person entity, people or things have access to the exact right amount of data that they need for task? So write data to the right person at the right time in the right context, right? How do I avoid sharing a sensitive document with the right person in the wrong geography, or on a pwn device, or all of these individual things, right? So Tom, Tom G and I, it's it super easy kind of, from where we sit with the company we work with, we punch those secure tunnels, we make that connectivity happen from a policy decision point perspective, right? There's, there's a ton of data I want to pull about the entity trying to get access to those data, applications, assets or services. Almost as important on the data side, I need a lot of p, VP, about the data from a tagging perspective, what is this data? What kind of circle should it travel in? So I mean, the conversation I want to open up, right? So an AI is going to work its way through data, right? Is an AI a person entity? Is it a non person entity? How do I measure that, PDP around that AI to determine what types of data it's allowed access to, and kind of where do we start that conversation?
Skip Farmer
I think, when you're pulling in vast amounts of data, I mean, how much do you do up front? How much do you know already up front as you begin your processing, right? So as you start to bring in, I think we talked about, you know, publicly available information, which is a common area to do analysis on whether that's news, social media, and you bring that information in, and you start to do your analysis, where where in that process, do you apply some of the items you were just talking about? Is it? Is it immediate? Is it after you begin some processing and some type of collection, you know, because then they're, they're ACLs up front that need to be handled and then need to be addressed before you even get to further processing to deliver that as some actual intelligence for somebody to do something with. Yeah. But
Tom Tittermary
part of the interesting thing is, right? So let's talk about Osint, right? So anything I can that anybody can get individual access to. So I think it's pretty easy from a tagging perspective, that if anybody can get it, the AI can get it, and there's not an issue with being able to hand an unlimited amount at the. Data to an AI to produce a product. At the end of the day, what gets really interesting to me in that conversation is there's going to be a human operator in the loop. They're going to fire a question in normal language query, whatever it might be to that individual AI. It's going to then produce a product out of all of that Osint. And the product is going to be the combination of what might be sensitive information in the question like, why do you want to know that individual thing? Why does this person at this place with this title, with this mission, need to know this individual thing, the product at the end, in a lot of cases, could end up being not Osint. In many cases, it's not osin, right? It's a very targeted piece of information. On the far side, I just don't, I don't know if we're ready, from a tagging perspective, to be able to handle that type of load relative to the process,
Skip Farmer
yeah, and I wonder how much of it then begins to get into the same problem of isolating information that had started as open to be analyzed to get more access. And that's part of that idea is it's all open. You began analyzing that information, and now you go back to compartmentalizing it again, considerably, right? Yeah, because you're adding you're adding tags, you're adding information, you know, there's other metadata that may get associated with it. And now you're back to who should have access to it. How do we separate it? Were you gonna comment? Tom,
Tom Gianelos
yeah, one thing. So despite the fact that all this data sits in an Osint, let's say environment right, where there's no classification level on any of those individual pieces of data, the correlation of all that data and the return value sets that come back actually, you know, not from a classical classification standpoint, but do have some levels of sensitivities, because you've now correlated what otherwise would have been disparate data points, and now they're able to have this little bit of a nugget that may start to sketch out of the osin environment and start getting more toward a more sensitive
Skip Farmer
especially if you add in other information from now another source that gets collated with the original Osint information that you were analyzing,
Tom Tittermary
right? Yeah, you guys really land on that, that really interesting pivot between Osint and product, where you guys are taking in large amounts of data, and then you're basically a system to be able to signal from noise, actionable intelligence from from data, right? I mean, you could argue that that's going to be the prime location where this, this question of, is it OS and is it not right? We've all had the conversation about, you could take five pieces of non sensitive information, put them on the same page, and suddenly it's, it's sensitive information due to the correlation. I just see the AI doing that at massive scale, at breakneck speed right
Skip Farmer
now. Does that propose, you know? Is that a challenge, then, in the Zero Trust model, does that differ than the model that we have today, that we've started applying? Does AI change any of that or or is that model continue? We're just applying it to the latest technology aspect within Zero Trust,
Tom Tittermary
I think the really So trust is that is the big component there, right? Because we say Zero Trust, it's not Zero Trust. It's the absolute least amount of trust that you could give to a thing in a moment of time relative to it performing its task properly, right? So now we're going to take the word Trust and we're going to map it against an AI. So, I mean, one of the big things for me, and the reason I hear AI versus ml talked about so much, is there's so much in AI, which is an ocean of data goes in one side, and then question mark, and then a product comes out of the far side, right. Like, Skip, you were telling a we were chatting before, if you could, kind of, like, reiterate the story you were talking about something that happened in the law arena, right
Skip Farmer
in the legal cases, it in its we were talking about in the in the past, when some AI was being used to do this analysis. And thought was, hey, we can improve the processing the large amounts of data. Well, there's a lot of information legally that that case review that has to go through. And so couple lawyers are saying, Hey, this is a great idea. Let's let AI go through and produce this, this output that we can then go to the court and and very easily and quickly. I think that's part of the key to say that this is everything that supports my argument. And that a couple years ago, I think, already, and then even this week, it came up again that they were looking and it was presenting information that had references, that had case law cited to it, that had a lot of information that was all not accurate. It wasn't real. It made it up. You know, it hallucinated it. And without the human portion of that for that review, a lot of them are getting in trouble, to the point where, I think, you know, some of the courts are not looking kindly on it, and lawyers that bring it in without referencing it are getting in big trouble. Now I will add, obviously, I'm not a lawyer, so that's my disclaimer on all this, but definitely doesn't go along well and and I think the Hulu. Nations we were talking about around, you know, how do you reduce that? How do you get it closer down? Just
Tom Tittermary
because we were talking beforehand? Could you break down hallucation? So hallucinations occur
Skip Farmer
when the AI model is generating information that that has some factual basis, but it's not accurate, and it happens. Do you know, for a lot of reasons, I'm not a data scientist, just like I'm not a lawyer, so you did stay at a holiday in but exactly so. But it there can be biases in the training data, limitations or something built into the model, and that can introduce, based on that information, something that it thinks is accurate, the AI model thinks is accurate, but then produces that is not accurate. And I've even seen it in code we were talking that it can create steps for you to follow that actually don't exist. And in parts of the product that either weren't created never happened, and but it thinks it did. And it, you know, it sounds pretty confident when the machine with no tone right and no context to provide, it says, yeah, do these steps? You look great, but, but it didn't exist. And so everyone's looking at, especially around what we're talking about, Osint and the security aspects of it. How do you reduce these things to zero? Now there's some things you can do. One of the things we've introduced is a retrieval augmented verification. So rag V is what we call it, but that's one aspect to take each bit of information and have a verified and reference source against it, that that the human then interpreting that can see the data, can reference that data, and know that, hey, that this is verified, right? My green little check against it versus my, you know, red little x against it.
Tom Gianelos
So skip, is that? Is that AI checking AI, or is that an that's an individual that's going against the data sets as return that's
Skip Farmer
AI, checking AI, okay with with that information. It's a process within the application that's saying, Well, as I produce this summary, right of information, so some text summary for you, I will take each sentence and then have to show, show my work, right? Where's the reference of this information that is a verified source that I can reference against this?
Tom Gianelos
So how do you how do you know for certain what is a verified source? So Well,
Skip Farmer
it's referencing based on the model of the information that's coming in, if the news source, social media source, what you know, what you don't always know. And this is this would be part of that challenge. And this is where the human in there, who's doing some of the analysis when it comes to social media, that does become a little trickier of a question, right? Right? Because now you get into, like, disinformation, misinformation, which, which I think is a slipper, slippery or slow?
Tom Gianelos
Are you saying there is, miss, misinformation and disinformation on social media right now, I have heard the
Tom Tittermary
bold statement. You heard her first. You get into an interesting point, right? Like when I think about So Tom and I work on the side of things, where we're always thinking about the cyber aspect of things, how to reduce risk, right? We talk about AI, we talk about Osint and osin ingest like one of the big things we run into is if I was gonna try to negatively affect somebody who's trying to use AI in a good way, it's not hard for me to go out to the internet and provide false sources and do some level of AI poisoning to get relative to my adversary, their AI, to come up with the result that I want that's conducive or productive to my interest or mission, right? So for me, one of the big things that I think about, there's two routes there. So one, I think the process that you're talking about, about the verification of the individual piece of data coming in, is a key fact check, right? That needs to come in through the door. One of the ways that Tom and I get involved with this too, yeah, there's, there has to be some consideration about if it's, if it's o sent and saying, Go, hit the internet. Great. If there are individual, private sources of data that an individual in an organization or an agency or debt are looking to share with an AI, there should be some level of DLP data loss prevention check to make sure that this is data I'm willing to share with X, Y, Z, open source model AI, whether it be one that's privately on my premises, or if it's something like a chat GPT, right, there's got to be some level of block where this is not necessarily Osint, based upon the DLP dictionaries that I'm going To put into that. And it says this is data says, This is data I'm not willing to share with with an AI system that might use this for other queries that come from other people at the same time. So
Skip Farmer
you're talking about isolating your your model, your information, making kind of your private, fencing around the information that you want to provide. So. I
Tom Tittermary
think the big thing for me is like, let's say I'm doing a natural language query against an AI model, and I'm going to also, I'm going to leverage Osint, but I'm also going to leverage data that's, that's not private, but specific to my agency that got, that's some level of intelligence that got produced outside of my individual agency. How can I get a query out of the far side, right? How do I keep the gates around the private data and the public data, right? Because it's they're both going to be combined in the response. But what are the from a security perspective, perspective for me, what are the gate guards around? How I manage that, that process running through the system?
Skip Farmer
I think there could be a couple ways to the one could also be taking it from the ocean side, having your response, exporting that out and then reprocessing that again with the other information that you want to isolate, or that's more sensitive. So, you know, maybe two stages in the processing, not doing it all at once, makes sense. I did want to go back to something when you were talking about the social media and we were talking about the misinformation aspect of it too. There. There are some ways that the AI model can then start checking against the social media information as well, and maybe other sources. But when we talk about I think it social media like, how when were the accounts created on social media? How often are they used? How many posts, how much activity do we see? What are are the is the same language of a particular set of sentences used 50 times? Or is it just used one time? An example comes in even in LinkedIn, which I think a lot of us in business use, right? And we go in and LinkedIn and and a lot of accounts that are popping up here lately around, hey, we're helping you, you know, recruit and do things as they're you know, changes in, in in jobs and companies are changing roles. All of a sudden, these accounts are popping in with no activity that were created in February of 2025, you know, chances are that's probably not like a legitimate recruit or legitimate account. So if you can have processing checks against those types of things and create a model around that as well, then you could eliminate and say, well, right away, I'm not going to potentially reference these sources, or I want to reduce them, depending on what you're doing. Maybe you want to be able to see those, but not take those as part of what you're going to take action against or use for, you know, as a viable source of your information.
Tom Tittermary
Yeah, I have to imagine, too. So I have a daughter who's in college, right? So she's writing papers all the time, and every paper goes through the did chat GPT write this. Do you get a thumbs up or a thumbs down? I have to imagine there's some accounting for models. If I was going to try to flood social media with a bunch of misinformation with the intention of poisoning x, y, z, I have to imagine there's some amount of gate check you could do against that flood of bots and the content that's getting produced through them, through AI to be able to sift through that noise, to get some signal to right. These are the real human responses. These are the computer generated responses that I'm seeing online.
Skip Farmer
I feel like there so many different ways this conversation could go right now, because then I think of, you know, on social media and some of the other aspects we're talking about, is a responsibility of the application product owner to reduce some of that noise. You know, it's, is it like spam in email? Is it there? You know, should there be tools that help reduce that automatically before it even goes into the systems to be processed? What's the responsibility for the accuracy that's required or required, like at school? You know, nieces and nephews are going through some of the same thing. You turn in your paper, it gets reviewed. But a lot of the systems, at least initially, that do that processing, also weren't very accurate. And so, you know, the poor kids are getting, you know, they're like, Wow, I used it for a little bit of research, but, you know, but, but this other part is all me. And then it, you know, it said I made up the moment. I
Tom Tittermary
swear there was no copy paste in here. That's the one that I hear the most time. Is like, No, I used it to help me research, and then I put it in my own words, but I didn't copy paste like, that's the the hill that individuals will will die on relative to that at this point, I
Skip Farmer
was, I was trying to use the other day, I was doing some emails, and I was like, Well, let me see how AI could help me speed it up. And, you know, you could click on to say, you know, help me rewrite this or re change this. And for what I had written at least yesterday on the three or four emails, I did, it didn't change any words. So it changed nothing. So I would expect
Tom Tittermary
nothing less. You're a grammatical hero, so you're a gentleman and a scholar. The AI was like, perfect. It's perfect and beautiful. Now am I gonna
Skip Farmer
get they're gonna be like, Hey, you used AI for that, you know? So, oh, you are
Tom Tittermary
an AI. No, you're, you're just an AI that skips, just an AI, ladies and gentlemen, that I'm dumb. But so so on this. Topic, right? So bringing it back. So if an AI is an entity that you need to account for in your organization, there's just a lot of, does it have an identity, right? Or is there a different classification in the model? Because you're going to want that AI to have access to data, applications, access and services, and you're going to want it to be able to get access to that that's appropriate to its its mission, ideally based upon, like, the individual tagging of the data. And at the end of the day, what gets really interesting is, like, do I associate an individual amount of risk to that entity, to that identity? And, like, what are the factors there, right? Because it's not device, it's an AI, it's not geography, it's an AI, right? Is there some just thinking forward, right, like where this all goes? Is there some level of risk model you could do around an AI based upon it had x hallucinations or fired back x non verifiable responses in the future, right around that? And do I, do I use that to change what individual pieces of data it has access to? It's just, just throwing that out there. It's almost like a you're doing
Tom Gianelos
this sort of behavioral analysis an individual, right? Because we could run those, saves, those same types of algorithms against a human and saying, You know what this is. This is out of the ordinary in the way they're behaving. We need to, perhaps, tighten down their their abilities to move about. I do.
Skip Farmer
I do believe it gets closer to that right cognitive psychology around the aspects, and I think, again, not being a data scientist, but a lot of that, you know, the modeling of human interaction, of course, is going to heavily model what, what's happening in the AI space right around that, I mean, and look at, Look at hallucinations, you know, as an example, right bias being introduced. The bias was introduced. Certainly, humans, humans have bias. The, you know, the same thing is happening in this condition, you know, in the in the technology portion of it. I So, where do we go? You know, with that, then do do we, you know, change? Does that change? Actually the action? I don't know that we want to model some of the Zero Trust aspect of that around the bias portion.
Tom Tittermary
It gets interesting, right? Like in a perfect world, you don't want bias and information processing cycles, right? Maybe some, but at the end of the day, I think what it ends up rolling around to is, if I've got an individual every AI model at the end of the day is gold and modeled over time to accomplish a goal, right? Facebook, it's clicks. How do I maximize clicks? That's the overarching number one. Number two is way down the list, but it's not how can I get I'm sorry if this sounds like I'm giving Facebook a hard time, but it's not like I'm educating making people feel better. It's no notes. The system is monetized around clicks. So the goal at the end of the day and the way the AI is modeled is clicks, right? So some thought needs that. And I'm sure there's smarter people than I, again, not a data scientist did say at a holiday in Express last night. I'm sure there are people that are thinking about what this individual motivation around DOD, I see federal DIB models are right, like, what is that goaling mechanism for? I want to think that top one would probably be verifiable data on the back end. So being able to separate false signal from true signal, right? And then being able to develop intelligence product on the far side of that, I hope that that, I would hope that that's the goal wing that's happening on the back
Skip Farmer
end, and I think probably multiple places along the processing where that those types of checks are going to occur, right? So the more I was thinking about, it's not just in one place, as I mentioned, it's not necessarily to the social media provider to reduce that on the front end saying, well, if these you know fake accounts or information we know are being used to spam or bought people, right? So each step along the processing or along the path of that data has some requirement to take some action against against that that that struggle in return. So I call it false information. I call it disinformation. Do? I call it inaccurate information all the above. Yeah, it Roy, I feel like I've opened a can of worms with this.
Tom Tittermary
Technology is going to get better, right? We've all heard stories about, I am not active on X or Twitter, but like, we've all heard stories about somebody who posts something on Twitter and they immediately get a response against it, Directed Response that's basically an AI bot response to the thing that they said, that's just meant to light them up and get clicks and get traffics toward an individual profile, I would hope, right for industry in general, that we can isolate I've always had this individual notion of like having an individual personal identity as a human on the planet that could separate us from right? Maybe there's. Multi factor. Maybe there's X, Y, Z, number of things. But to reduce that computer generated noise out of these social media models as a whole, I think we could all agree that when I'm on Instagram, Facebook, Twitter, you name it, I want to interact with humans. I'm not super interested in interacting with with bots that are generating traffic for clicks. I think any user that platform in terms of, like, what we want out of it is what we would hope for. But then that accomplishes the secondary effect of, well, no, if it's all human in there, if it's all human intelligence product and non computer generated product in there, that streamlines a lot of the misinformation piece, because humans don't lie. Humans would never and they're never motivated. I saw that on
Skip Farmer
the information. Have
Tom Tittermary
you ever like you get way down the road of making a point, you get to the very end, and you're like, No,
Skip Farmer
I'm totally wrong, but I will die. I will die on that hill. I would love
Tom Tittermary
less computer generated traffic. But yeah, misinformation is a tricky one, because we're God. We're going to go back to Greek philosophy. What is truth, right? Right? So it gets back to what's true for you might not be true for me and the whole thing. However, I think we could all agree that, you know, there is clean, verifiable information, and there are systems in place that can be doing some sort of validation against, you know, what is the inherent truth of it was 24 degrees last night in Washington, DC. We have sensors to validate that, right? I
Skip Farmer
think some of what you mentioned too is, you know, when you talk about clicks, is there's a difference between gaming the system. I'm trying to monetize it. I'm trying to, you know, drive track traffic to my Instagram account or whatever it might be, versus trying to manipulate markets or manipulate people or do something nefarious and, and those are a little bit different, right? You know, is one part of a business model, right? Generating the clicks, and they get revenue from traffic that's driven to their Instagram account, their, you know, their tik, Tok, whatever it would be, versus trying to do something on behalf of some entity or series of entities to do something malicious. Is there a different, I mean, the same some some sense outcome and manipulating it, but one definitely has a
Tom Gianelos
different motivation. Yeah, right. Yeah, that's
Skip Farmer
but does that that change any of what we're talking about as far as responsibility area where we process or even how we would process that information? And I don't have the answer, which is why I'm asking you guys,
Tom Tittermary
yeah. I mean, just off the top my head, if I think about our space, and I think about what we are trying to do, the types of information that people would be ingesting, the validation of that individual piece, right, to make good decisions, you need good, validated, non fake legal case type data that comes in that you can validate, right? So where does that information come from? And your validation of sources is a big piece of that. Getting around that notion of somebody being able to poison my AI or decision matrix by flooding it with a lot of fake information, is job one around that. And then the task on the far side is, I think that here's here's the big trending line that I'm having a hard time with mentally is we're giving more and more work to AI and less to humans. And we consistently talk about this notion of where there needs to be a human in the loop. I almost see that being the primary utilization of human intelligence in this going forward is, where do we inject these human experts in loop to do this validation of these individual points, right? Like, how do I take the AI system gave me fake results? The human proves they're not fake results. The AI gave back a an indication relative to a problem statement. And there's a human in the middle that says, well, that's not good, perfect. Like, this is a 10 year old example. But you tell an AI, hey, how do I remove cancer from the planet? AI is like, it's simple. You kill everybody. It's the easiest answer in the world. No more cancer. And humans in the loop going well, we need to, we need to tailor this prompt a little bit better, right? But it goes back to that case of like, is the role of humans in this loop, both from a cyber security perspective and a general perspective, and a general perspective, gonna be guiding, tailoring, dialing in these AI's for more of an alignment purpose, like this is actually why we wanted the data the AI can't know that. It's just processing the data on its side.
Skip Farmer
I wonder more too. It's kind of going back to our email example we were talking about earlier, where, you know, using AI to craft email using AI for more types of information. Are people using AI to help them write better, you know, social media posts or put information out there now, now you're dealing with AI generated content that's now being processed by AI. So. There, although a human may have, you know, kicked off the this is the post I want to do. They may not have written it. AI may have written it. So going to what you were just talking about. Tom, does that change the processing model? My head starting to hurt with some of that. Well,
Tom Tittermary
no, it's so, it's funny. It's so so for people that are just getting to know me, I'm a technologist now, but my degrees are Comparative Literature in Spanish, right? So I'll get weird and quote some things every now and again. But Hemingway, very specifically said, Write drunk and edits over so produce an ocean of content, and then the magic is and this is where the, you know, the human element, really, for this whole AI thing, and how I see it comes into play. Comes into play. AI can produce a mountain of content. I could tell AI to go write me a screenplay tomorrow, right? Me going through that script that was written and tailoring it, making it something that other humans would would want to watch right now, I think is the the in flex point for a lot of this. And I think you're going to start seeing it in more content creation. You're going to start seeing it in a million different categories. But it's, it's tricky. It's, I want to bet that most of the AI produce videos that I've seen are the 14th version of somebody asked the AI for something produces something bad. All right. Let me tailor that second version. All right. Let me iterate on that third version. I think that's that is where this marriage is, is going to end up between A and B from a content production perspective.
Skip Farmer
But there are some models that are predictive models that try and determine what the human would want to see. I mean, we see it in simplistic terms with Netflix, with, you know, a lot of the streaming services like that. Hey, this you watch these bunch of things, and based on what we now know about you, you're going to want to watch these other things, right? So building on models that take in your, you know, your activities as an individual, into account.
Tom Tittermary
Yeah, it's, there's this. It's weird. I don't want to get too like philosophical about it. We are far afield, folks. If you're still listening, thank you. We're going to give gonna get back to Zero Trust in a minute, I promise. But there's this notion of, I'm a huge fan of stand up comedy, right? And there's something about stand up comedy where somebody on a stage will say something that's totally germane, that everybody in the room agrees with and has never heard before, right? So Jerry Seinfeld was the king of this. It's like airplane food, am I right? You could say those two words, and everybody knows airplane food. This is back when airplanes had food. So anybody who's
Skip Farmer
younger than the everyone in this room back when airplanes so let me tell airplane food right on a flight, and for long fall flight, two thirds of the US you would, you would actually get a meal. Two
Tom Tittermary
thirds of the audience just went airplane food. What you lost me anyway. So this, this thing that everybody knows is true, but it's that those individual, tiny, little things that are core to the human experience and well, AI is get there eventually, maybe could be, right? I, part of me, I don't know, maybe part of me thinks that might be the spark that's that's missing, why we still need humans in the loop over time. All right? So we've, we've had a wide area discussion around content creation and AI and AI and many different things. I've tried to anchor it around Zero Trust and cyber. I'm trying folks the conversation I want to get to next and skip. I ask you this because, from a data authorization perspective, you and I have work in history together. We work together at a prior company. We spend a lot of time trying to figure out how to align the right people with the right data at the right time as we talk about dod i see federal dib, right where I come against this is I have a million policy decision points about do I trust a user on a device in a geography? I could pull a million attributes. I could check their access to unstructured data recently to figure out if they're a risk. Great. Now I know if they should get access to something the other angle of PDP, and I'm going to call data tagging PDP there, I did it. Policy decision point. The other side of this equation is I got to marry those two sides together, this person at this risk level right now, the data has a risk level that's associated to sensitivity by category. To do that effectively, I need to take zettabytes of federal data and tag it in a uniform way across categories, because data travels across federal right? So we're not even talking about Osint at this point. We're talking about all the intelligence between IC, DOD, civilian government and federal systems integrator. I keep trying to have the conversation. My brain always goes to taxonomy, right? I was a premed major my first year in college, so my brain goes to, you know, Charles inaeus, binomial nomenclature, Homo sapiens, right? So maybe Tom didn't understand this one, but some people might. So King Philip came over for good spaghetti, right? Kingdom, phylum, class, order, family, genus, species. There's not a thing that walks, slides or crawls that you can't slide into a clean, seven word definition of exactly what it is. I have not seen I've seen attempts, but I just haven't seen something universal like that for data. And I wonder if that's where part of this needs to go, right, like we all know, individual. Classifications, data. Got it structured, semi structured, unstructured, got it but I wonder if there isn't like, a more academic conversation to be had around the data tagging, if we're really going to get to where Zero Trust wants to go around, granularly classifying all these individual pieces of data.
Skip Farmer
I think one aspect to that, Tom I think, is as you were describing it. I was trying to get a sense of how broad you were describing. I almost got the feeling that you were describing that piece of data for the lifetime of that data, wherever it went to and I think it would, it would change by where that data is stored, processed, how it's being used. And and that would change how it gets tagged or how information is grouped together, if you will. I don't know that there. I think there's a way to do it once and across everything I has, I think it has to do with where it sits or lives, or how it's created, and that information, then, does that make it easier? It'll be a narrow focus. So maybe you actually, let me ask you this with, were you speaking about it in that term, across kind of the the whole lifetime of data, life cycle of that, of that piece of information, or were you talking about, yeah, something more.
Tom Tittermary
I think the question you asked. It goes back to the question. I like my next question in this process, right is, what is kingdom? Right? Like, what's that top level designation that we start with? And I think what's interesting is you might have made different decisions over time, but I think if your target now is to build an appropriate taxonomy for data in 2025 its classification and its sensitivity, which goes to storage location, and where it lives, and what it's being used for at that point in time. I think that's got to be the top level. And the nice thing about that is these, these things are already marked, but there's
Skip Farmer
two, I think there's a lot of factors against that that might change how, and then maybe that's why there hasn't been a unique identifier indicator from that, that prospect you're talking about with Kingdom in the beginning, and I'd forgotten about that, by the way. I haven't, you know, thought about the with King Philip, that whole thing, you know, there's
Tom Tittermary
another one also that I can't remember. I just remember King Philip. But
Skip Farmer
so depending on what my mission is, my objective is, that's going to change how I look at the data, what I think of the data, and we're talking about, you know, different forms of the data, so use that at a very broad sense of the term. But that would, that would change how I might, you know, identify it. It already. Is Kingdom really the structure already. Is it, if it's a is it file format? Is that that top level, just some object defining information, and then the other details about it are the lower level aspects of it, you know, because if I'm doing it to process for, you know, some type of business, for marketing, versus I want to do it for a school paper, versus I want to do it for a research, research project. That, to me, seems like it would change totally change how that information is tagged or managed. So let me
Tom Tittermary
it's funny. I'm going to, I'm going to, I'm going to include a tangent, but I swear I'm gonna circle back one of the smartest things I ever heard this public figure. So it was Donald Rumsfeld. Actually took a lot of grief publicly around the statement. It's one of the smartest things I've ever heard. He talks about known knowns, he talks about known unknowns, he talks about unknown knowns, and he talks about unknown unknowns. And the media just thought this was hilarious. But if you break it down, right? There's the things that I that I know, that I know I know, right? There's the things I know that I know that I don't know, right? The most interesting thing, where I'm going to circle back here is the unknown knowns, the things that I know that I don't know that I know, because they're wrapped up in a data repository behind five walls, and I have access to it by based on what my mission is, but I can't get to it. These unknown knowns, and then the unknown unknowns, which is the scariest one, which you can't really solve with this, which is, what are the things I don't know that I don't know that are important to my to my mission, right? So when you say it depends on my task and what I'm using it for, I think in the Zero Trust arena, that's identity, right? If I build a rich enough profile around an individual user. I know who I am, I know who I work for. I know what I have access to from a classification perspective. I know what my mission set is, and go now, if there was, let's just say, let's picture a world in a world. So let's picture there is a world where all the data was tagged across this full taxonomy, and everything was perfect, right? We got there. We did it. My identity would open up all the data that I have access to relative to do the thing that I need to do. And now, by the way, if I have an AI that I trust in the middle, I have a by the way, that's too much data for a human to process. The AI can put against that data set. That's how I produce the best product. That's how I get. All those unknown knowns, instead of just the known knowns relative to my decision set. That's the way that I if we had a clean picture of data, and I've totally figured out identity for the mission set that but you have to, you'd have to figure out there's a lot to do on the PDP side, around the user and the mission set, and all of the individual attributes who we want to associate with the identity, along with all the individual categories of the data, because the fear is, I light up data that that user might not need or might not want, but that's Zero Trust at the end of the day. Right is, how do I make sure that exactly the right people have exactly the right data at will?
Skip Farmer
I think that some of that's also predicated on the human side of that, which is that the behavior doesn't change of the people that are interacting with whatever the systems are, yeah, right? Because that model only works if someone, if, if some group doesn't adapt or modify. Right? So pre Tick, tock, right? It was like, okay, we can build this model. Here's how everything's working. Oh, wait now, all of a sudden, here's this other tool, a system that everybody's on that is doing things totally different than they were five minutes ago. That I think it breaks that model. Yeah,
Tom Tittermary
it's, so it's, it's, it goes back to comply, to connect on steroids, right? Like, is this device viable to come onto this network? Like, so, pre Zero Trust. When your source of trust was, I'm on this network, so I get this thing. The key to get onto that network was, we need to validate the host, right? So then you introduce Yuba, and you get into Ed arts, and you get more granular. So over time, the evolution of this is there's exactly two sides of this that you can really work on really well, right? And they're both policy decision point sides of things. The policy decision point in the data side is as granular as you can to get the data universally categorized right? On the human side of things, on the person or non person, entity. Side of things, there's an infinite number of data, an infinite amount of data on an individual social social media activity around what they've done with their work device, if you're allowed, access, what they do and their personal device, like, what I can get from Osint around an individual there are tools out there. We're gonna have some folks from Ferrone and a couple other companies later on, like, what is this? How is this person's hygiene around unstructured data in my organization? Are they touching a bunch of files that aren't relative to missions? How does that affect that risk score? Right? But I think those are the two meters on either side of that equation. And again, me and Tom's part is, hey, if the two sides match, we'll punch a clean tunnel from A to B, we can adjust all the factors from from both sides. But I think that if I think about the evolution of Zero Trust over time, that's where, that's where I would put the wood behind the arrow is around strengthening those two individual categories.
Skip Farmer
And I guess I from, for me, from my perspective, I think on the processing of the information it at scale, as you mentioned. So whatever that source of information may be, whether it's you know pai or whether that's some other data source that's a collection of you know, records that has some type of text notes in it, or some information that has been, you know, captured by an organization for years that someone now needs to say, I need to analyze that information to find some nugget of gold that I know is in there, but it there's no way to human, you know, humanly process that in any kind of yeah time. So you've
Tom Tittermary
landed against. Here's the other topic I want to get into, and thank you for bringing it up right. Is, there's this notion that there's too much data for humans to handle. The brain immediately goes, Okay, so AI or ml, right? And the question becomes, for systems that ingest zettabytes of data and then produce product on the far side, where they can't show me all of the work, right? There's some level of question mark in the middle. There's a general sense in industry, and I have this concern too, where, what are the boundaries you need to put around those systems when you're ingesting into those systems data that might be sensitive? Right? The word grave comes into play in some cases, right? What do I from a trust perspective, and these machines and entities are going to get and AI is are going to get better over time, right? I don't think there's ever going to be a time for the rest of human history where there's going to be enough humans that can tag the amount of data as it's getting produced. In order to use it effectively, we're going to have to introduce machines in the middle of this, right? Like, what is I'm sure that conversation like pops up with you sometimes. What do you think about
Skip Farmer
that? Yeah, so I agree that, and I think that's partly why today we look at the processing that that we are, that we do today, of that information from just. A new source, just the just even finding information that you want to read and look at that's relevant to what you're doing. There's no way you could process that, you know, as a human for lack of a I don't think I phrased that very well, but
Tom Tittermary
skip, I have faith in you. I think probably you could. There's probably, like, five people. I can count them on one hand here, probably one of it,
Skip Farmer
if only I had some AI tool to help me. Yeah, can you? Can you define that a little more from your perspective? Because I feel like, well, that that's definitely coming from a front end perspective for you, for you is that, am I accurate? And sure,
Tom Tittermary
I'll give you the there's just an underlying we've all seen Terminator. I just, again, I just two thirds of the audience is like, Oh my god. So we've seen Terminator. We've heard about sky net. If you've been to a DOD or an intelligence community show in the last two years, you've seen one of the robot dogs on the floor, right? Oh yeah, I have a significant I think there's like a 78% chance that's the last sound we all hear. Is that the attenuation of those little robot dogs, right? So we know that AI is going to have a massive value for for the DOD, specifically, in the intelligence community, right? So this just speaks to that general unease of there are machines where we can't tell what they're doing and they're producing product. And the general unease of handing to those systems data which could be dangerous, right? And the dagger is that everyone on the planet is having these every one of our friends and adversaries is having the same conversation at the same time, somebody is going to go first, right? So that it's a general and ease. I have exactly no qualifying. Well, I saw this study that, and it produced a but we know the type of data that we're talking about, right? What are the gate guards? Here's here's the funny thing, if you would ask anybody 10 years ago, like, hey, how do you produce a safe AI, they would say, do it in a box. Don't give it access to the internet, for sure. Don't teach it how to manipulate people, right? Like all of the all these rules
Skip Farmer
once, you know, once you set it up and configure everything, power it down, and then it will be safe, right?
Tom Tittermary
We've already whiffed on all of these, right? I think about like, what the next this? It makes me nervous, right? I don't, I don't know, what are the gate cards that are being done or should be done internal to, you know, institutions of power that manage this data relative to DOD, and I see,
Skip Farmer
I think you will see isolation of the llms attempting to to use different ones, and some of it going to be monetary, right? The decisions will be made solely around, I think, solely around how much processing cost, what they're using today, so that you can narrow down and reduce your cost by using one or a smaller number of llms that that would be cost saving. So if you already have one that you're you know some that you're using for an organization today, there's another tool that comes out, rather than have this sprawl, how can you have them plug in to to use the LLM that you already have? How can you reduce the compute cost and the processing cost for that as the data goes up? You know, could potentially cost more, and then how fast do you need to process that those will all be factors. I think you will see more isolation. I do wonder then. I don't know how it applies. There another way to create data now that you're isolating that actually isn't trained against these public models. Currently, I don't know if that's, you know, coming up, or how that would be. It doesn't, wouldn't seem to make as much sense and make it hard. But then you would have something that's unique and not modeled or trained against. You know, that that's another possibility. You know, I did want to talk about a little bit more, you know, kind of going into to a topic and taking this around the idea of, we haven't really talked about as much those systems also being targeted. You know, we've talked about some of the controls for as you use the systems, but now AI targeting other AI, you know, a la sky net here,
Tom Tittermary
but simple. You don't give them access to the internet, right? You're done.
Skip Farmer
And turn the machine off, and everything works great. I just tell
Tom Gianelos
it not to do that. Yeah.
Skip Farmer
Shall we play a game? Yeah? Again, for those of you who are too young to remember a lot of these things, you know, maybe there's an AI tool. We need a generational
Tom Tittermary
translation for half of the references in this show.
Skip Farmer
I do remember it was, it was a website, and in order to enter the website, it had a picture, and you had to select what the and type in what the icon was. And it was like VHS, tapes, rotary phones. It was like all these things. So is it like a
Tom Tittermary
specification? This is a yellow page. Ages,
Skip Farmer
that's that, so, you know, so we're talking about, you know, that vector of, of securing that information as well, and how, how we need to protect those systems, not just from, from, you know, making sure that the entities, whoever is using it has the access to the right information. But because there's more and more information accessible there, protecting it from unauthorized access that could get, you know, leak all this information,
Tom Tittermary
right? Yeah, so it's, it's Tom, you know, this pitch better than anybody, right? So there's things you own, there's things you don't own. It's like the whole Tom and I work for Z scaler, but I mean, your notion around this from, you know, public and private applications and internet and kind of what we're doing in the middle,
Tom Gianelos
like, from a, from a pep or PDP standpoint, sure, so it's,
Tom Tittermary
how do I keep people outside of, you know, we can even go down the talk track of like the adversaries playbook is find all the front doors a Do this. Do you want to run down that, that piece at all? No, by all means, go ahead. Okay, cool. So you know, if I look at and here's the interesting thing, I think if you built an AI tomorrow whose task was to Black Hat my processes and get at my AI and either steel data or poison it. If all the training it took off the public Internet, would say the way to do it is find all the front doors. Great. Now do a query. Cool, find a hardware version of all the individual front doors. Got it. Find a vulnerability for those great fire exploits. Cool, gain network access, done now that I'm on the network. Get access to the individual application front door. Got it. Brute force or social engineer, the password out of the front door. Boom. Now I'm in right now I connect fill or destroy, relative to that, to that data set. The first step in every one of those play books, and I have not seen any variation on this, is find all the front doors. So the fun thing with Z scaler is, if you are fully implemented with one of the products we have, it's turn to page 72 of the DISA Zero, Trust, reference architecture v2 right? It's called Software Defined perimeter. Our version is called zpa. There are no front doors anymore, right? So Z scale is a cloud service, and we have these AI systems, these data repositories, they're going to be calling out to our cloud service, and then the user is going to meet the cloud service at our Z scaler cloud service, and it's going to do all of the rich PDP around. Is the device, OK? Is the identity, good? Is all of the PDP I can adjust on the left hand side, the Z scaler cloud basically makes a call based on the policy you give it, and then it gives access to that application directly or not. It never sticks the user on the network, right? Quote, unquote, that the that the thing is on. So if I want to protect I've got a massive repository of data, and I want to protect it from an adversary, how do I really, like, I think about how I could really get under somebody's skin. It's like, yeah, rewrite your playbooks. That would be the baseline. So could an AI, if you gave it enough time figure that out? Sure, but you got to start
Skip Farmer
from scratch. I think that's where you know. One of the things too, at primer, we look at is not just the role based access controls. And we talked about this a lot today, about, you know, the entity and the person coming in, who, you know or not a person, right? Is it an API? Is it some least privileged access to do, to do some function on there? It's around, also the controls that are applied early on in that process, so so that they wouldn't be able to get access to that fast treasure trove? I think the targeting is going to increase significantly, you know, I don't, I don't know what that means for, you know, some of the publicly accessible information and whether it matters. In some case, that's a, I think, different argument, because some people would say, well, that's already publicly available. You could purchase it today. You know that should be available for everyone to see and access. It's like a photo on a public street. You're out there on the public street, someone takes a picture. There's no reason not to have that picture, so, but I think all of those things together. So I guess it sounds like what I'm hearing. We're saying that the model of how we protect that just because it's AI system, if you will, doesn't really change. We have to ensure that we have build from that, that Zero Trust model. Well,
Tom Tittermary
it's, I think, that the Inside Out SDP mechanism is where everybody needs to go, right? So, so we've talked about PDP a lot, right? So let's talk about policy decision point, policy enforcement point. At the end of the day, I'm just the guy with the bat. I give it and I take it the way access to things. So if you think about the spaghetti net that is modern networking, right? There's an underlay. I We don't make cables or. The routers, or, I don't make infrastructure, but I punch clean tunnels one to one between a user that's validated and the thing they need access to. Great. But
Skip Farmer
this, I think this kind of circles back to a little bit. What we were talking about early on today was around that entity, how you would tag and ensure that information we're we're kind of back to now, okay, we can secure a lot of these other places. It still comes back to that individual that's accessing the information and trying sure they can only see what they have access to and and that we have a mechanism to to tag that information to show that you
Tom Tittermary
make a phenomenal point, right? So we're talking about P, E, P, so where Tom and I end up having input is I could be your disapproved, DOD, validated, route to the front door, right? So again, why I'm worried about 2027, from a full Zero Trust implementation perspective, if we're if we mean it in earnest, right? Is, once I get to the front door, if I'm a user doing a natural language query against an AI. How do I segment the available responses to the data that I'm allowed to have? And how do I have an AI system that can adjust tags and formulate that in response to a user who's validated to get it right? So what does that process look like? How do I segment what would have to happen would be, it's the classic example of like this user in this device, in this context, presents X credentials, got it the AI would have to be able to delimit out the data that that user in that circumstance does not have access to, and the formulation of its responses. I don't think we're there yet, right, but I
Skip Farmer
know. But I think some of that we some of that we can do on how that information is displayed right at the end. So the information is discovered, the information is reviewed by the AI system. Then it's going to display it into a UI. Now, at the point where it's going to display, before it shows you what it's uncovered, there's some analysis that can be done so that that you only see what you would be allowed to see. So in other words, if some other, I don't know how we tag it, we've been talking about tagging, but let's say it's tagged, and at that point, there's something now and some combination or change, as that information is being summarized and presented to you, it's saying, Well, you no longer have the right to see all of this information based on what we've uncovered, and we know that, and we're just going to show you a portion of
Tom Gianelos
that. Well, that's, that's, you'd have to understand the calculus that that brought about that response, though, right, right? That's because, because that's, that's so you'd have to use AI again in that, in that realm, also, because the data is existing in a back end, and it's also just, yeah, it's unstructured, and it is tagged, however, that's going to go through a lot of manipulation in order to bring that response back to the user within that within that UI,
Skip Farmer
right? And I don't think we're there yet. We're not. I think that that is some of the, you know, some of the desired effect, because then you can control it other. I don't think there's any way to control it up front, personally, but, you know, to to the extent that you were just talking about Tom, because, you know, that goes to there too many unknowns,
Tom Tittermary
too many known, knowns. Or, yeah,
Skip Farmer
what if I didn't know it? I don't know it. Now, wait, I definitely don't know it. But so I think that's that's one way to to manage to that.
Tom Tittermary
Yeah, so folks, guys, this has been a phenomenal discussion. Skip, I can't thank you enough for coming. Thanks having me on. Thank you very much to skip and to primer for loan and skip to us for this, this session today. Thank you also to my co host, Tom gianella. My name is Tom Tita Mary. This has been Zero Trust given. And let me offer one more thing we would love, audience interaction, if you if this conversation sparked anything in you and you have additional questions about you know what we were talking about today, or ideas for future shows, or comments on the show, or, Hey, Tom, if you could stop sniffling. It's flu season. Give me a break. That would be great. Any feedback that you have, we would love to have. So the
Skip Farmer
end, can we get better snacks and the show?
Tom Tittermary
So, so again, right? There's no video. I put out nuts and beef jerky and skip, ask for a Coke, and I didn't have one. And I apologize, Skip, I'll do better next time. Fully staffed snack bar for skip farm, but the next time, thanks. Now, now that's
Tom Gianelos
at least nuts. You got this part of the second the nuts and beef jerky. Don't make it
Tom Tittermary
peanuts either. It's like cashews and like garlic almonds, and it's pretty anyway, I was saying skip, sorry. So, so on that again. Comments, thoughts, jokes, by the way, if you give us a question that we think is a valuable question, there's this notion on the show, I think we're putting together care packages of Zero Trust given stuff, if we use your question on the show, we'll happily send you one out, but the email address to fire all your questions. Comments, thoughts, concerns. Tom Smith, Tom. Stop sniffling. Zero trusts given@gmail.com so again, it's zero trusts with an s given@gmail.com and we can't wait to hear from you and have some more interaction with the audience. So skip Tom. Thank you very much. This has been Zero Trust given you.