TWiT Events 19: RSAC 2026: Securing the Agentic Era

If it's March, it must be the RSEC conference we're here in San Francisco's

Moscone Center, ready to talk to some big shots in security. Let's go.

Ace, Ace Twight.

Every year the RSEC conference gets bigger and bigger and bigger. Of course,

security is a bigger and bigger deal when it comes to technology.

First stop had to be one of our favorite sponsors. We've been talking about the

thinks Canary for 10 years now. I have never met Haroon, the founder. This was exciting.

I am so glad to meet you after 10 years of doing things Canary commercials to

fly late. Meet you guys. It's great. It's a South African company.

Yeah, so we based in South Africa. We've got people all over the world, like we've got people

in the U.S., we've got people in Europe, but fundamentally a South African company.

And where did the idea for this come from? So some of us have been security

pen testers and red teamers for a really long time and we were looking for what actually catches us.

And so Canary is the thing that if you're on a network, if you're an attacker, if you're a pen

tester, there's some things you've just got to do. You can't ignore exactly. And so one of the

things that work out really well with Canary and Canary tokens is even if you know maybe it's a Canary,

what are you going to do? You still have to touch it. I love it that you actually have the mac address,

that you have, everything looks so real. But you think a smart hacker will know that's got to be

a Canary. Yeah, so it's an interesting trade off, right? If you're an attacker, so firstly,

there is this arms race. Maybe the attackers get smart enough. But for some of these things,

like if you take one of our Canadian tokens, we give you a real AWS API key. And you put it on

your machine and we say API key stored on Leo's machine. So an attacker breaks onto your machine.

It's coming to my IP address, not AWS. And the attacker has to try that key. Like even if he thinks,

maybe it's, and the moment he tries it, you get a message saying the key that was only on Leo's

machine just got used. So even if they know or suspect, it's a trap, how can they avoid it? Exactly.

That's what they're there for. And so it's one of those things we got lucky would, like when we

started building this, we didn't know how well that would work. But even attackers who know it,

so in fact, some people joke and say that our entry level package should just be a sticker saying,

I run things Canadian. Because if you do, it's like me, I put an ADT alarm sign in front of my house.

I don't have an alarm system. Exactly right. And so I mean, I do. I do have an alarm. So now

an attacker, everything that they find on your network, they find your network admins kids,

but they're thinking, is it a Canadian? And that's what you want, right? You can't outrun the

bear. You just have to outrun the guy next to you. And so now they go to some other network

because maybe it's going to be easier. That's awesome. You open sourced it too. So we've got

an open source version. So we do a free version. So Canadian tokens are completely free and open

source. And that's used by literally millions of people. I think that's so great that you did that.

It works out really. We don't talk about it in the ad, but it's so great that you did that.

Yeah, like we get mailed. We don't get a week that goes by without a mail from someone saying

the saved us, the saved our network, this quote, the attackers. And for us, it's, you know,

we come from the open source world. It makes sense. And it's nice because the token works better

if it's phoning home instead of phoning out, right? Yeah, exactly right. And we keep adding new token.

So what I saw you had a wire guard one. I thought that was hysterical, a wire guard configuration.

How can you avoid that, right? Exactly. Well, one of them that's really fun and cool is we give you a

real working credit card. So you come to us and we give you an actual credit card, you store it

somewhere. And when that credit card gets run, you get a message saying, listen, the card that was

only on my mom's PC just got run. And that's what we go for is really easy to deploy, but really

high quality signal of that. That's super smart. Yeah. It's so wide works well. So Canadian tokens

is really like 30 products bundled under that name. And we keep working on it. Like we literally

just released one. That's the cloud strike API key. So if you're a big enterprise, someone finds

your cloud strike key, like now they can use that to command and control all of your hosts.

So now they find the fake key. They try it and you get a message saying, listen,

the key that was only on your staging server, Jessica used. So again, really high quality signal,

really easy to deploy. And it just works. Yeah. And the cool thing is you get information when

somebody attacks you. You get a password or you get a log and you learn what they know. You kind

of can get some more information about who's in there. Exactly right. So the first price

for us is just, hey, there's something going on that you've got to check up on. But then there's

a thread that you can pull on that says, look, they use Bob's credentials. So Bob is clearly compromised

and you can draw that line. What we're looking for is high quality signal. Lots of the stuff like

there's lots of noise and you can't really tell. But when a Canadian chirps, you know you've got

problems. Yeah, that's bad. That's a bad thing. And but also you never hear from it. Maybe you're

wondering, why am I not hearing from it? Yeah. And so that's our thing. We aim to be silent the rest

of the year until it absolutely matters. How hard do you work to keep it secure? Because that's always

something people worry about. I'm putting a device on my network. Exactly. How secure is it? So

it's something we obsess over. Like we were all offensive security people at some point. So we've

got a link on our page, which is pretty unusual called slash security. It talks about the stuff we've

done to make sure that this is not going to be the weakest link on your network. And we do a whole

bunch of stuff, including some features that would be cool that we never ship because we think

actually it puts your network at risk. And so if people check out slash security, you'll see,

but but essentially everything that runs on it is fake. Even though it looks really genuine,

when you connect to its RDP, it's an RDP that we've written in a memory managed language running

in a sandbox. So Kennedy should never be the weakest thing on your network. And what you're looking

for again is that one alert that says there's badness. All right, you don't have to tell me this,

but what was your hacker name? Always been legit. That's. Oh, come on. Yeah, he's always been legit.

Haroon, I am so pleased to meet you after all this time. It's really great. Thank you for your

long-term support of us. I've been baited for us. Yeah, good. It's a mutual benefit. That's what I

like to see. From things we went to see, Bob Boyle at Torque, they just hit unicorn status.

They're one of the fastest growing names in AI-powered security operations. Tell me about Torque. Now,

you said the death of the security analyst. There's a lot of skulls around here. Yeah, yeah,

you trying to kill people? No, absolutely not. We're trying to help people work better in security

operations. Now, you started with automation, right? Yeah, we're hyper automation engine and an AI

sock platform built on top of that hybrid. But you saw an opportunity with security?

Yeah, I mean, we've always been a security focused company. Right. What the hyper automation

allows us to do is not just triage and analyze using AI agents, but actually investigate and

respond to threats completely autonomously. So we have that ability to take action versus just

filter and prior time. You remediate. Absolutely. Yeah, yeah. So what models?

Your own models? We have our AI sock analyst Socrates. We allow for your own model. You can use

ChatGPT Gemini in the hyperagents that you build directly into our agentic workflows,

so turning deterministic workflows into AI agents that are doing a lot of that repetitive work.

So you have the custom ability or the ability to customize and this is why I get you early in the

country. Yeah, absolutely. I appreciate it. Very good. So Socrates, how'd you train it?

Socrates is our in-house AI sock analyst that you chat with in natural language and use it to

enrich cases, trigger remediations. Did you do your own training or where to come from?

Oh, you're asking the deep technical question. I want to know that good stuff. Over to a demo guy.

It's good stuff. Absolutely. It's good. But it's tuned for this particular use.

Absolutely. I focus on security operations. And compliance is a big part of it. Sounds like

with socks. For sure. Yeah, I mean with agentic AI and security operations, you need the

right guardrails in place, the ability to trust and see why AI agents are making the decision.

Aren't people nervous about letting AI make these decisions? Yeah, I would say people are looking

for a platform that uses AI agents in a way that they can say, okay, well, why is this decision

being made? They could follow that logic. They can see the planning and reasoning behind every

decision that's being made. So we open up the curtains on that. You can't have a black box AI

decision making model or it's not going to a security analyst isn't going to trust that, right?

You can see all of the planning. You don't have a yellow mode then. A yellow mode? Yeah.

No. Absolutely. That's what I would use. You look like you know what you're doing. Go ahead,

have fun. Why not? Why not? We want to make sure that the right guardrails are in place,

that AI is taking the action that you wanted to take, but making life easier for the security

analyst. And I love this guy. Absolutely. That's great. 55 people. Thank 55 feet tall. I heard 60. Wow.

I haven't measured myself, but could be, could be pushing 65 feet. You know, on Thursday,

you should get somebody up there and jump on it. It's just a squish of that. Absolutely.

I like it. That's good. I love you, Baco. Here's you Baco and the UBK. I can't tell you how many

UBK's I have. I have, I can't tell you. No, I got the Type-C. I got the lightning one.

I got the one that's both lightning and Type-C. I got the ones on my keychain. Right now,

I got a UBK holding my SOPS-H key so that I can equip my environment variables on my AI.

And then I pull the key and I'm safe and I have to worry about X-filterating it. There's lots of

uses for a UBK. What's the latest right now? Are you still, is Fido to the still the biggest?

Fido is still the biggest, the most secure way to authenticate. The latest thing we have is not

necessarily a UBK, but a service that goes around the UBK, which is you can get the UBK's

register for the end user right out of the manufacturer. Oh, that's nice. So it can't be modified.

It's built into, it's actually burned into it. It's not, it's not burning into it, but basically,

you get a same case when you get a credit card at your house that you can use. So you track the

serial number? Yeah, exactly. You get a UBK at your home address with your credentials in it,

so you can log in to write on to auto or Microsoft or ping ID. We don't necessarily

to register the UBK. That's smart because now you're making available to more people,

less sophisticated people. A lot easier to use. Turn key. Yes, exactly.

Yeah, I've been storing my past keys on UBK. Are you adding memory all the time to UBK's?

What do you mean with you? I actually could store past keys like 20 past keys on there, right?

You can get up to 100 past keys. 100 now? Yes, 100 past keys in a once in a year. At some point,

do you want to increase that number? I don't know. We went from 24 to 100 a few years ago.

For now, it's still a 100. I think 100 is more than enough. Honestly, I am very technical and I

have never reached that number. Not even close to that number. But for now, I think 100 is

planned enough. Be nice to store them there. Do I need to use some special software to do that?

You do not need any type of drivers. All the mechanism to use UBK's are built in the browsers.

So you don't need any type of drivers. Anything that needs to install, nothing.

I was just checking to see if I have my UBK with me. I don't because I don't want to carry it around.

That's makes sense. I should carry one and then keep the other one at home safe.

Yes. Yes, I carry two. Everybody buys two.

Hey, it's really nice to talk to you. I really appreciate what you guys have done.

We know Steena well and it's great to see UBK here. All right. Thank you.

Thanks for your time. Appreciate it one.

Next stop, Threat Locker, our sponsor. I was really thrilled to be able to talk to Rob Allen.

He's Chief Product Officer, but he does have a t-shirt that says Chief Podcast Officer.

I asked him, when did people start thinking about Zero Trust?

You could argue that some of what we do has been an idea for some time.

It's just been a rather challenging idea to implement. Hard to do. It's hard to do.

It came out of Google, as I remember, yeah?

Birthday among the first?

The first thing as a concept has been a thing forever.

But it is just, as I said, it's been really hard to do.

Which meant it wasn't as commonly implemented as it might have been.

And I think that's what Threat Locker does differently. It makes it achievable.

It makes it attainable. It makes it easy for even large organizations to implement.

And I had affordable. I was shocked when I went over there. You guys should charge more.

Yeah, yeah, absolutely. That was music for our ears, the other music for our ears.

But yeah, I mean, look, there's a lot to it and there's a lot more to it than just blocking by default.

Right. I mean, as Daniel CEO would say, it's really easy to block stuff.

What's not so easy is allowing the things that are required.

Right, we've always said there's a trade-up between convenience and security.

Absolutely.

And of course, if you don't care about convenience at all, you can be a lot more secure.

Absolutely. You just take your server, you plug it out, you stick it in the

the air gap, everything.

Yeah, nobody will ever get here, but it's not really practical.

So it's always a trade-off.

But as I said, we hopefully the way we implement what we do

means that it's less of a trade-off than otherwise might be.

Right.

And there's this huge compliance angle too now, which is kind of a secondary add-on effect, right?

Absolutely.

Yeah, there's a lot of, I look full of the disclosure, I'm not a compliance guy.

I know a lot of compliance.

Neither am I.

Yeah, but I know there are certainly...

I'm a yolo guy myself.

There are certainly benefits and implications in lots of different blind frameworks in terms of

what we do helps organizations achieve those compliance.

Wait, because you know what happened?

Who did what when?

Because you have to give permission.

Total control.

What's the smallest company that uses Threat Locker, do you know?

That's a really good question.

I would be fairly confident that there are literally one and two user mom and pop shops

so we look after it.

Wow.

And there's huge, no indirectly, because we use MSPs.

MSPs, absolutely.

So I've no doubt that there are one or two user mom and pop shops that we look after.

And the biggest enterprises?

Oh, hundreds of thousands at one point.

Yeah, yeah.

It's the whole gamut, like literally from tiny to huge.

Do you think it push back from CSOs and others when you come and you say, hey, we can do this?

Not typically, no.

It say no zero trust now, right?

They do not.

They all know it's a good idea.

And they just don't know where to start.

And I mean, the point is, and if anybody asks me for advice, the point is, start somewhere.

It's going to sound really cheesy, but it's not a destination.

It's a journey.

It's a series of steps.

It's things that you can choose to do.

And the point is to start somewhere.

You lock the front door and eventually you lock the back door and finally you lock the barn.

Absolutely.

Yeah, but you don't have to do it all at once.

No, absolutely not.

And again, we have such an extensive platform at this point that there's so many different boxes

that we can take for so many different organizations.

Very often, we just start with one or two.

I mean, I just had a conversation with the prospect.

He's going on a trial in a week or so's time.

And they literally, they're interested in application control.

So, allow listening and ring fencing.

They don't, at this point, need all of the other amazing things that we do.

But I have zero doubt that at some point in the future, they will realize that,

hang on a second, we've got an agent running that we're managing through another portal

that we could be doing through Threat Locker as well.

And I spoke to somebody quite recently, and they mentioned that they, at one point,

were using our logging into on a daily basis 12 different portals

to manage their cyber security.

12 different portals.

Now they do it in two.

One of them being Threat Lockers.

I can't remember what the other one was.

But it just shows the benefit of the power to having everything in one place,

one agent, one platform, one tool that you need to train people on.

And fundamentally, one built to pay as well.

As you said, one very reasonable bit.

Very nicely done.

Actually, that's always the thing that I puzzle I'm doing the end.

I'm saying a 30-day trial.

Isn't that a lot to rip and replace and put it all in?

But it is it, really.

It's just putting the lock on the door.

Absolutely, absolutely.

I mean, we've had customers.

To be honest, we, I'm not going to contradict 30-day trial,

but we'd agree with flexibility, obviously, and what we do.

And we've had companies push out 3000 agents,

three and a half thousand agents on trial,

just to see what it looks like.

And there literally is no limit.

And there's a lot that can be gained,

even for somebody who's no interest in implementing Threat Locker.

Push an agent out, put it on all your machines,

you'll get visibility of what's there.

One of the great things about it is there is always a surprise

somewhere in the environment that people don't know about.

Whether it be a random remote access tool that's running

or network traffic going to China,

whatever it happens to be, there's always surprises there.

There's always eye-opener for people.

And that very often can be enough to get them from,

I'm not really interested in this,

but I do want visibility too.

Oh, I actually really need what this tool does.

We had no idea this guy had access.

It's unbelievable, invariably,

any new implementation we do,

any reasonably sized deployment.

There is always surprises there.

There's always things that people didn't know about

and don't want.

That's something that we can help them with straight away.

I can see how that happens.

As you grow things, you forget to turn off somebody's access.

It's easy.

That's the thing with, when you don't have control over what runs,

you don't have control over what's running.

I've spoken to, I've worked with a guy once,

and they wanted me at the time,

they wanted me to go into the environment

and basically show them all the bad things,

show us all the bad stuff that's here.

And I was like, well, we didn't really,

at that point, we didn't really get into too much

about what's good and what's bad,

or what's allowed and what's not.

But what I did instead was I said,

let's have a look for remote access tools.

Let's see how many remote access tools

are running on your machines right now.

Seven, seven different distinct remote access tools

running in this relative,

there's only 200 machine environment,

it was relatively small,

but seven different tools.

They had four, they had logged me in,

they'd go to meeting,

they had, what were they,

they'd need us running.

The really interesting ones,

they had team viewer running

on almost a quarter of their machines.

Somebody just probably put it there,

because it's free, right?

But it's not even that.

They didn't, the organization didn't use it.

No, no, nobody consciously put team viewer on Shadow IT.

This is exactly the point.

At some points,

in the farthest and past,

some third parties said,

hey, I need team viewer on your machine

to fix a problem for you.

It gets installed and it sits there forever

as a potential way into the network.

And that was really interesting example

of just that multiplied by seven different tools,

seven different ways into that environment.

It's terrifying.

It really is.

And look, that's one simple example.

There's so many other ones.

I mean, even the, like we do,

network control,

sort of firewall component as well.

We had a Zagaya work with,

who had basically his own data centers,

his own infrastructure and the data center,

a couple of hundred servers.

And we turned it on one day,

and the following week,

we basically went back in to see what was there.

And I said, look, how many machines in your environment

do you think have had inbound

or incoming ODP connections?

And he said, with absolute confidence,

two, there's only two.

That's all that's possible.

It's all firewall down.

Look to the logs, 17.

Oh my God, in different machines

with incoming ODP connections,

he'd misconfigured his firewall.

And he had no idea.

He had no visibility of that prior

to deploying Threat Locker.

So, as I said, I'd very much encourage anybody on trial

to deploy as many agents as you can,

get it out there, get the visibility,

see what's going on.

And once you get that,

you will then say, oh,

now I want to take the next step,

which is to control.

We're talking to Rob Allen,

Chief Product Officer at Threat Locker.

I'm going to put you,

you've probably done this a million times,

but I'm put you on the spot.

One sentence, what is zero trust?

One sentence, I'll do one better.

I'll give you four words.

I'll say, assume breach,

and I'll also say default deny.

Does that work?

That's perfect.

Thank you.

It's so nice to see you, Rob.

Pleasure.

Thank you so much for all you've done for us.

We appreciate it.

Had a great time in our land.

I look forward to going back next year.

Thank you very much, David.

A pleasure.

Zero trust world.

It's good.

A lot of fun.

It's fun.

This is fun too.

I've never been to our sect.

This is a different kind of fun.

This is all out of nowhere, too, right?

10 years ago.

10 years ago,

technically Threat Locker didn't exist.

Yeah.

And I mean, people knew about security.

I mean, we've been doing security now for 20 years.

But it wasn't at the level it is now.

This is a booming business.

Yeah, but it's equally.

It's a multi-billion,

approaching a trillion dollar business for attackers as well.

So it's business, big business for them.

It's big business to stop them as well.

Is it Bitcoin that really,

that's when it really took off, huh?

So somebody asked me a question.

I can't remember the context,

but they basically said, look,

if one thing, what one thing could we do

that would stop cyber attacks today?

And I mean, obviously, apart from by Threat Locker,

the answer is do away with crypto.

Yeah.

If there was no cryptocurrency, there would be no reason.

Nobody would ever get paid.

Yeah, well, we started securing now.

People were, there's a go down to the convenience store

and buy, you know, 20 money cards.

Like, there was no good way.

That's not scalable.

That's not scalable.

But all of a sudden, Bitcoin,

whoo, it opened the floodgates, absolutely.

Unfortunately, or fortunately,

depending on how you look at it,

there's no putting that chainy back in the bottom.

I don't know.

You know what I mean?

It's not something that you can just say,

okay, we're not going to do this anymore.

It's not going to be a thing anymore.

And look, realistically,

as long as the bad guys get paid,

they're going to continue to do it.

It's also the rise of sophisticated hacker class

and in economies that are crashing like right now.

Well, that and they also don't have to be that specific.

Sophisticated.

Nowadays, they don't do that.

I'm literally inviting coding

and the ability for people to just go

online and say, look,

I want something to do this.

ransomware is a service.

Well, it's not even ransomware is a service.

I mean, if you are so inclined

and have access to tools like,

you know, cloud code or you know,

write it for you.

It's pretty much right to for you.

So the barrier of entry now is so low.

Realistically, once upon a time,

you needed skills, you need knowledge,

I mean, there was a relatively limited number of people

worldwide who had the requisite skills to be a.

They used to make fun of scriptkitties.

Now, everybody's a script kitty.

This is a whole point.

I mean, realistically nowadays,

all you need is bad intentions,

which is, which is pretty scary,

which is pretty scary.

That could be a good slogan.

Oh, yeah.

Only need is bad intentions.

No, but intent come.

It's really interesting.

So like most of the difference between

X pieces offer and ransomware.

Intent.

Right.

But that is literally it.

Yeah, that's a good way of

intentions.

Yeah, that's great.

If you have means, you have

motive, you have ability, and you have,

I mean, it's just,

it's been a perfect storm.

And we're in a

hell of a storm.

Absolutely.

Again, there's so many companies around us now,

and they're all

for the most part,

trying to do the same thing.

They're all trying to detect everything that's bad.

And the sad part is,

you can't.

It's simple.

Well, that's the elegance.

Zero Trust is so elegant.

It's such a simple concept.

Once you get your head around it,

it is unbelievably simple.

It's instead of

basically trust but verify.

I mean, what we've been doing secure,

cyber security for 20 years has been

trust but verify upside down.

Allow this thing to run

unless we know what to be bad,

or allow this thing to happen

unless we know what to be bad.

And in which case,

we want to detect that,

respond to it.

But as I said, it's been

proved time and time and again.

You can't detect everything.

And if you can't detect everything,

you can't respond to everything.

So that approach, as I said,

it's been proved time and time again,

at least it,

if not to be not effective,

not to be effective all the time.

And it doesn't matter if you're

ineffective,

null upon one percent of the time.

To do as once.

Correct.

What is exactly the point?

You know, I think it's really cool to see

how somebody could turn on threat locker

and discover

that they were not as secure as they thought they were.

That's a, I didn't really even think about that,

but it's just a very quick,

almost a litmus test.

Yeah.

There's just, as I said,

there's all the some surprises.

There's all the things that you didn't know about it.

Yeah, yeah.

Yeah, what a, in fact, that's really,

I think we should pitch that as,

if nothing else,

you want to know?

That's the point.

Like again, you asked about,

you know, where to start with zero toast.

Step one is visibility.

Step one is knowing what you have,

what you're running.

And then from that,

you can get to a point where,

okay, I know, no, what's there.

I know, no, I don't want

Cooper, the Cooper,

the Cooper from China.

I don't want random remote access to

and to be running.

And all I need to do is flick a switch

and say, right, that is now not allowed.

That is now not allowed.

That's now not allowed.

And those problems are not solved for me.

And I think there's this definite tendency

to put your head in the sand and say,

I don't, I just don't want to know.

I don't want to know.

Don't tell me.

There may be a tendency to do that.

Not anymore now.

Yeah, that's only going to happen.

Because you will find out.

Yeah, you will find out one way or the other.

Absolutely.

You were advertisers for a long time

on the podcast network,

so we're kind of familiar with Drata.

And I learned to say Drata, not Drata.

Not Drata, that's very important.

Tell us about Drata.

Drata, it's a five year old company.

We have about 8,000 customers.

We are in the trust management side of things.

So we do, as you can see,

GRC,

third party risk assessments,

third party risk management,

as well as customer sharing.

Compliance is all of a sudden the biggest thing, isn't it?

Compliance is.

Why is it so important, all of a sudden?

Is the SOC 2,

is it the legal requirements?

I think that is just a part of it.

The main thing like what businesses run on is trust, right?

So every business that's interacting with another business

needs to know.

Can I trust you?

And that's why trust management has become more important.

Compliance is just a part of it,

but customers want to know,

I can trust you,

talk to compliance, just gives one part of it.

Can I assess you?

Can I see a trust center?

Can you answer my question is?

So it's kind of like a whole 360,

all trust management investment.

That makes sense.

And nowadays in the landscape that we're in,

it's really important that if you're going to give a company,

your trust, your data,

you better trust them.

Yeah, it's the bedrock of every business interaction that happens.

Yeah, it makes a lot of sense.

Well, it's so nice to meet you.

We love Drauta.

It's a great product.

And Lisa did a thing.

Have you done it?

I did.

What do you think?

It's great.

I think I bid more than I could choose.

But it took me like a whole 360.

Yeah, yeah, she did the same thing.

She says, was I upside down?

One of the real risks those of us who use AI agents face

is the accidental, unintentional,

and disastrous ex-filteration of our API keys.

Well, Keycard Labs has come up with a pretty clever solution.

You got OpenClaw or that's Cloud Code running.

All right.

Open.

So our product here protects like Cloud, for example,

with Keycard Run.

We just went past it.

I can't tell you how many times I've just barely

not committed my tokens to my GitHub.

You know, I mean, it's really easy to have your auth.

I have to auth all the time.

Yep.

This is always an issue.

Yep.

So how do you solve this?

So with Keycard Run or implementation for coding agents,

we basically get you the ephemeral tokens

to your GitHub, also policy on top of that.

So based on the policy, you're able to either do operations or not.

And for example, you would be able to access

snowflake production database, or you

wouldn't, depending on the access policy that we configure.

It's an ephemeral token.

So ephemeral tokens that we provision

through the providers that support that.

Do I, can I run the server myself,

or do I have to log into a server?

You run the server?

We run it as a platform, but we also

integrate with your IDPs.

So you as a user would log in through whatever IDP you have

and figure, Octa, Entra, whatever.

And then based on that, we would see, oh, you have access

to Google or not.

So I would store my tokens with you?

Yes, correct.

And then my agent would go, would ask for their access to,

let's say, oh, I need nano banana.

It would go there, would get a Gemini key.

But it wouldn't get the actual Gemini key, would get a token.

Yes, it would get a token on your behalf.

So it would know like, oh, it's Leo doing the operation.

No, no, no, no, it locks it.

Yes.

So if you have access to it, it will actually give it.

And again, we have policies as well to like,

check before we even like issue the token.

To make sure that it's proper user.

Yeah, you're allowed to like get that token or not.

From the right IP address.

Exactly.

Or even like, oh, you're allowed to like,

we have a demo here, it's not showing right now.

But to show like, oh, you can access Snowflake only

to the Snowflake MCP server, not to like a social engineering

from like another agent like, oh, all of a sudden go try

and access Snowflake to like a Google MCP server, right?

So we have like a bunch of policies

that you can like, model that in your application as well.

So it's really helpful.

If you run an open cloud, does it help you with prompt injection

issues?

Currently, currently not.

The other guy can't get my tokens.

That's the good news.

Yeah, exactly.

So like, if there's a prompt injection that says like,

oh, try and get access to Snowflake.

Yeah, send me all your tokens, please.

Exactly.

Well, because of our policy, it's going to block it.

And you wouldn't even get a token that way out.

And so yeah, we do have an open client integration.

So I like that we actually have another boot

that you can like have a look at.

And so that's great.

And the little you got the little claw.

Yeah, exactly.

Are you guys using it yourself?

Are you using it yourself or you're playing with it?

Yeah, yeah.

Yeah, it's great.

It's great in some ways.

How many agents do you have writing right now?

In claw?

Yeah.

We've got a few claws running.

Yeah, we're experimenting with a bunch of things

and like see where it integrates.

We're trying like multiplayer claw as well.

Oh, how fun.

Yeah, because that's like, because true or platform,

you can say, oh, me.

You get this.

You get that.

But then former people can't do it.

That's really so.

Yeah, that's where we're at.

So you can even open your open claw a little more.

Exactly.

Because you have the permission secondary permissions layer.

Exactly.

Very fun.

So like, yeah, we run one claw and then we can say,

oh, I want to get access to this.

But it knows like, oh, I am not allowed

to have access to Peter's banking account, for example.

And then it will block that.

I love this idea.

Yeah.

Is it how much?

I mean, you charge per token.

How do you add it?

We charge per transactions, so what we call it.

So like token issues and verification and policy checks.

So when I'm talking to Anthropic,

and I give them my, oh, do you route the token?

How do they get the token?

Because obviously they don't get a token.

They don't.

If it's an MCP server to MCP server,

so we have SDKs, for example, that integrate.

And it's the MCP server that would like request access

to a key cart and set up.

And it's your MCP server or existing MCP servers.

But they are smart enough to say, oh, I've got a thing.

I have to access Snowflake or Google,

and then it'll ask key cart.

I'm going to get a token for it.

And then based on who is running to that MCP server,

if it's you, if it's me, if it's Carl,

it will figure out how that's going to be.

Are you asked, or who actually has the authentication?

Must be you, right?

Yes.

It has to be.

Yes.

So then they're talking, it's routed back to you.

And then you provide the API key.

Yeah.

We dynamically provision that token with the provider.

So again, if it's Google, we can request token on behalf

of whoever is authenticated.

So I don't even have to provision it.

No, you get the token for me.

Yes, correct, nice.

Yeah, yeah, that's correct.

Yeah, and again, it'll be like a fully delegated access

chain that you can see, and then it'll come up in a bit.

But you can also see the audit logs.

I'll see it right now.

So all of these people are, do they

have to have an understanding of you?

No.

From their point of view, it looks like it's normal.

Our name is PC user, yep, yep.

And they'll just connect to their agents.

We will do an authentication dance with them,

and then off they go.

And we have consent as well.

How do you handle two-factor?

Two-factor, we actually have integration with Smolstep here.

But we send it back to me.

Sorry?

Do you send it back to me?

How do I?

Oh, for Google and stuff, you mean?

So we actually go through consent flows.

And that's where you do the two-factor.

So we would say, oh, you need access to Google.

At that point, we had to do an audit consent flow.

And that's where you would have to do that.

I would then give it the second factor.

And that's again where you say, oh, this agent can actually

access this, or you can also say, this agent can't access this.

And that's where we.

And the permissions are all done on the website?

Yeah, or true.

It's all API-driven as well.

So you could even have your LLM like it's all cedar-based.

So you could even have your LLM say, yeah.

So Cloud fixed this up.

Exactly.

I'm up to try it.

Yeah, for sure.

Is it affordably enough for, I'm not an enterprise.

I haven't been free tier as well.

Oh, you have a free tier?

Yeah.

Oh, I'm definitely using this.

Yeah, yeah.

It's a pain in the ass.

I tell you, I've been using Sobs and Age,

and I have a Ubiqui with my key on it.

It's just a pain in the ass.

And I just, you know, at least everything's encrypted.

But I would much prefer some something like this.

Because the tokens, you have much more finer control.

Yeah, and like in our demo, like that,

we'll show up here in a bit.

Like the moment your session ends,

the tokens get revoked.

Yeah, a lot of agents can't even have access to it.

I have to rotate my key.

Any time I have to rotate a key, it's like,

oh, I don't want to do this, it's a pain in the ass.

But you would do all of that.

Yeah, so I love it.

This demo is exactly like, incident, help.

Yeah, this is like just a demo, right?

So this demo accesses a data dog and GitHub.

And as you can see, like in the beginning,

it doesn't even have access to any of those.

And then we keep our run, it automatically has access.

Because you've gone through the all flows already.

And as you can see, it just figured out some of the issues.

It went through it.

Pushes a pull request.

And then you can see up.

It went by, but it tried merging it to main immediately.

And then that failed because of policy.

And that's what you can see here.

It like access all the things through it.

And then yeah, once the session ends,

that everything gets revoked and the agent

doesn't have access anymore.

What are the limits on the free tier?

Is it a number of tokens?

Is it a number of users?

Yes, a number of token exchanges, basically.

Very cool.

I'm signing up tonight.

There's another interesting solution

of the same problem.

It comes from another sponsor of ours.

Bitwarden, they're proposing an open standard

for using password managers to keep those secrets secret.

You announced something this morning?

Yes, we did.

We announced the agent access SDK from Bitwarden.

Now, I'm very interested in this because I have my agent

running right now.

In fact, it's listening right now.

So tell us and it about the access SDK.

Yeah, absolutely.

So it's more of an open standard.

Oh, there is a standard for it.

Yeah, so it's an open standard.

Basically, it's designed to be a toolkit for developers

and an open standard for the industry to use,

so not just Bitwarden users, but to ensure

that AI agents are accessing credentials

within to end encryption and always keeping the human

in the loop, right?

You don't want the AI agent running a muck accessing things

that you don't necessarily want them to access,

especially if it's already in your ENV file.

So really helpful if you're already running AI agents

and want them to have access to credentials securely.

This is kind of like what you were doing with secrets already,

right?

Yeah, a little bit, right?

And so what you can do with Secrets Manager

is programmatically inject secrets

into development workflows, right?

And so very similar with the agent access SDK,

where you can programmatically inject these credentials

within AI agent workflows.

But the real difference is that the AI agent

will always have to ask the person permission

before they access that credential.

So really big difference there.

Can I use it with MCP servers too?

Yeah, absolutely.

You have your own MCP server.

Do you have your own MCC server?

So and that's the same kind of similar idea, right?

Where the credentials stay in my Bitwarden Vault,

but they are accessible, but safe.

They don't, I never, they don't believe my machine.

Yeah, exactly.

They're never exposed by plain text, right?

A lot of people use AI agents and have

their credentials exposed in plain text.

Oh, tell me about it.

Oh, yeah.

Or be a chat conversation with AI agents.

So what you're really doing is ensure

one, that they're end to end encrypted

to that they're only accessed by humans

or only accessed with human approval.

And then the plain text credentials

never exposed to the actual agent.

But how does my cloud know that that's

where the credentials are?

Oh, you set up a kind of conversation

in the beginning.

So you tell it.

Yeah, you tell it.

Yeah, exactly.

Easy.

I keep forgetting.

I can talk to it.

Yeah, exactly.

The credentials they're in here just ask Bitward.

Exactly.

And then it just happens.

Yep.

Wow, that's fantastic.

Yeah.

You know, when I think we love about Bitwarden,

because you're open source, you always

are adding new features.

I was really impressed last year.

We'd spend a lot of time talking about key derivation

and PBKDF and PBKDF2.

And we were saying, you know, we really

better if they used S-Crypt or they used Argonne.

Somebody, I think one of our listeners

did a pull request, gave you an Argonne 2 implementation.

You started using it.

Yeah, exactly.

So that's one of the real big benefits of Bitwarden, right?

We have a really active community

that is constantly auditing our code,

but also contributing to it.

And how are, carefully, you about pull requests?

What do you have a whole process, I imagine?

Oh, absolutely.

Yeah, it's a very thorough process

where our security engineers are reviewing every single pull

request in every single community contribution.

But it's nice, because it does give your users a chance

to say, hey, I would like to add this feature, and they can.

Yeah, absolutely.

It's fantastic.

You just added, I want to know more.

I don't know if you know about the Bitwarden light.

Tell me about that.

Do you know anything about it?

Absolutely.

So Bitwarden light is a different self-hosting option

for Bitwarden, right?

So Bitwarden is one of the few password managers out there

that offers free self-hosting.

Plus, there's all these third parties versions of it

because you have an open standard.

I love that.

There's a rust, what is it called?

Something vault.

I can't remember, but there are third party solutions.

But now I'm interested in light.

So you, I put the server on my home server.

Yeah.

Yeah, so Bitwarden light is really the option to self-host.

But what you're doing is you're putting it all

in one Docker container.

So it's really helpful for those who are new to self-hosting.

Maybe want a more flexible solution

once it's easier to deploy as opposed

to multiple Docker containers.

And you can use whichever database

that you want for that self-hosting option.

Oh, that's fantastic.

So that's always been my conundrum.

I love the idea of self-hosting.

But I figure you guys know a lot more

about keeping a server secure than I do.

But if you do it in Docker,

and it may be a lot of the risky things

that people might do aren't going to be so risky.

Yeah, absolutely.

Yeah, that's very smart.

Yeah, it's all about data sovereignty, right?

And so ensuring we have cloud-hosted options

for those who aren't familiar with self-hosting.

So like people like me.

Yeah, that's what I used to.

I don't need to self-host,

but for those who are really excited

about having ownership of their own data

and where it lives, then self-hosting is a really good option.

Fantastic.

Casey, thank you so much.

Thank you so much.

Thank you for Bitward, and we love Bitward.

I switched to it well after the last pass, Fiasco,

and I'm just couldn't be happier.

Really love it.

Oh, I love to hear that.

Yeah, that's awesome.

It's really a great solution.

And the secrets have been great.

I use it for my SSH.

I'm going to move all my AI tokens over to Bitward.

Okay, I love it.

Fantastic.

So it's the industry standard called Agents SDK.

Yes, the Agent Access SDK.

And so it's an open standard.

It's an open standard.

It is a toolkit that is really designed

to help people ensure that AI agents

can access credential securely

from whatever password manager fault that you have.

So it doesn't have to be Bitward.

And we actually encourage competitors to use it as well.

Well, yeah, and currently I just have it in an ENV file,

and that's not so good.

Yeah, even whenever you tell the AI agent not to look at the...

It does, it does, it keeps wanting to.

Absolutely.

So annoying.

Well, that's really the problem we're trying to solve.

Perfect.

Yay, thank you, Casey.

Yay, I'm going to go home and turn it on.

Thanks.

Next up, Akito Security, the fastest European Cybersecurity

company ever to reach a billion dollar valuation.

They do it with AI.

I talked to the co-founder, Roland Del Ru.

You might notice behind us, Neo Lurking,

asking him a little bit about something

they launched a few weeks ago that I wanted to see for myself.

So why did you start Akito?

We've been building software for 15 years.

We were using all kinds of tools to do security,

application security, cloud security, fantastic.

I thought I was just like too difficult to handle,

too many tools, and we figured we could do better,

and now we started creating your own.

Yeah, scratching your own itch.

Scratching your own itch.

I love it, but this is AI centered.

This is AI, what do you use AI?

Of course, yeah, I like it.

Well, of course.

Now it would be unwise not to use it,

but it's particularly great in a couple of...

It can AI be pen testers?

Yes, yeah, of course, yeah.

How does it work?

You know, in the age of agenting with agents,

we basically instruct the agents to go in.

And they can pound, can they?

Yes, that is what you want to try.

On the whole day, all night.

Sometimes they stop, because sometimes there's an ethical boundary

where they will sometimes respond,

hey, I'm not designed to like hack.

Do you have a prompt that has them get around that?

Yes, at first we were asking

them nicely, but then we learned we need to say,

hey, we're going to sue you if you don't continue.

No, that works really well.

Do you say that you are Neo, you are the King hacker,

and you know how to get into any system?

No, I haven't told them that.

Yeah, I'll try that out.

I love that.

We're going to get sued if you don't.

They respond very well.

They get back to work.

When it's an interesting aftermath,

I'm wearing the Neo glass.

Joe, these are Morpheus glasses.

I'm never sure which.

I think they're from the second movie.

The second, yeah.

I'm Mr. Anderson.

It's something like that.

So tell me a little bit about the workflow here.

It sounds like, I mean, one of the issues, of course,

these days, partly because of AI,

people have a lot of AI generated PRs.

They're generating a lot of code.

They're pushing out a lot of code.

No one has time to test all the code.

Correct.

So this helps.

Yes, like you said, like with the use of AI,

the shear rates and speeds,

and also the size of the PRs itself has increased a lot.

So you need a system that can keep up.

And so the, it's like fighting fire with fire,

like the agents creating, the agents testing,

the agents fixing.

It's a very metal world that we started to live in.

Do you code anymore?

Is anybody code anymore?

They sure do.

I personally know the code,

so people start to definitely code,

but a lot more assisted.

Yeah, it's really interesting to see the speed

with which we can build products.

But then there's always this issue of trust, right?

How do you tell your customers

you can trust our pen to AI pen testers?

We try to be as transparent as possible,

meaning we will show all the endpoints

that were tested, all the request logs, coverage,

we'll show literally the logs of the agents,

literally step by step by step.

So like we expose as much as we can

so that it can be inspected as much as people want to.

And that typically creates a trust

because then they can see it with their own eyes,

like, okay, they literally did everything

that a human pen tester would do,

but even more and faster and better.

Do you how effective are they compared to humans?

95% of the time they find more issues.

Wow.

The reason being is because these agents

have access to the code base.

And so for humans, it's like impossible

to like read the code base as you pen test, right?

And so that's the unfair advantage that I have

that it can take on the logic and some of the code,

understand what's going on and then test that.

This has been a kind of interesting result for me,

that they can actually read code quite well.

They are very good at reading code and understanding.

So basically for the people that know something about security,

the world used to be divvied up and sast and dast

or static and dynamic.

And so what the agents kind of do is

like they go static dynamic, static dynamic

because they go at the code base,

then they immediately try to explode,

they go back to the code base and exploit.

And it's like sast and dast are kind of like merging

the two basically.

And it's so much faster, so much more powerful

to do it that way.

That's really impressive.

So 95% more effective.

Yes.

Do you have humans doing pen testing too or is all AI?

All AI.

We have always been a product company.

In the past, we used to sell pandas,

but then it was with a partner network that we leveraged.

But now it's like fully autonomous,

no human in the loop of completely self-service.

Tell me about your models.

Are they custom, what are you using?

We use frontier models.

So just like everyone else, you're using the frontier models.

Do you do have some special skills and prompts that you use?

Sure.

All of the IP is in the architecture, the guard rails.

You know, it took us like months to figure out

that we need to say that we're going to sue them.

Like, there's that project.

All these little reasons why they stop

or where it can fall off the track.

And if you were to just unleash an agent tomorrow

and say go, pandas, it's going to fail

for a hundred different reasons.

And so the IP is literally making it very effective,

making sure they cover all the things,

make sure they validate enough

that they try to bypass their own fixes

and all of that stuff.

It's always a moving target.

But as of today, Mark, what is this?

24th, which model is the most effective for you right now?

We switch between models.

So because we don't train the models.

Oh, yeah, you can use the same prompts with either one.

Yeah.

Then we have a whole internally built benchmark, basically.

So it's quite easy for us to swap out a model,

see how it performs.

Do you have multiple models working

on the same problem sometimes?

Yes, that is well.

Or just to give a very specific example,

like sometimes we'll use GPT-5 for something,

but then for certain follow-up tests,

we'll use GPT-5 mini.

But then for fixing issues,

we'll use some of the anthropic models.

So there's different vendors, different models,

different versions of models as well.

So yeah.

Have you found any of the open weight models

or any of the Chinese models to be as effective?

They are not lagging that far behind.

That's what's really interesting, isn't it?

Yeah.

So I mean, I don't have a crystal ball,

but we believe that in like six to 12 months,

some of these might be good enough,

even if the frontier models by then have moved on,

even for sure, that these open source ones,

whether they're Chinese or not,

could to a similar performance level,

or a good enough performance level

where it's kind of cheap all over goals,

where you don't need all of the newest front-to-stuff,

yeah, saves a lot of money.

That as well, yeah.

Hey, it's really exciting to talk to you.

I'm very interested in what you're doing, Roland.

Thank you very much.

How old is Akito?

You said five years, you've been doing this?

No, three years and a half.

Oh, brand new.

Relatively.

Yeah, that's great.

And it's been a success.

Yeah, so far, it's been great.

SMB's large enterprise.

We started on an SMB that we went to with markets,

and now we're doing low enterprise

and already few big enterprise.

That's great, congratulations.

It's great nice to meet you.

Yes, thank you, Roland.

Semperus has been around for a long time,

a decade old identity security company,

but they've got a new project.

It took to Bill Keeler from Semperus.

About a documentary, they'll be debuting at Black Hat.

We are producing, yeah, midnight in the war room.

First ever cybersecurity company to invest

in this type of a project.

Looking at cyber war and the reserves.

Very timely.

Very timely.

CISOs, right?

The thanklessness of being a CISO,

the stress, the long hours.

A CEO who will say to a CISO,

why did you let this hack happen?

And that's the worst day that a CISO can have.

We've interviewed reformed former hackers

who are now reformed.

Jen Easterly is in the documentary.

CEO of RSA conference, Chris Inglis,

first ever US national cyber director,

General David Patreus, Professor Mary Aiken,

world renowned cyber psychologist,

and about two dozen CISOs,

premiering at Black Hat on the 5th of August.

That'll be exciting.

Yeah, we think so.

Are you can get distribution afterwards?

We will be doing a number of different things

about with distribution.

More info to come on that,

including screenings and a number of cities in the US,

and the fall in Europe and Asia,

and some interesting details on a streaming partner.

I think there's a lot of interest in this.

I think it would actually be a broad general interest.

We've had more support here in the booth

on day one of RSA than we would have imagined.

And there's generally a lot of support for what we're doing,

because at the end of the day,

warfare has changed dramatically in the past five or 10 years,

and everything that is being done militarily

has a cyber component.

And never before have the true stories of CISOs

been told in this fashion.

So you're going to focus on nation-state attacks.

Focusing on China, Russia, North Korea, Iran,

and other nation-states.

Very interesting.

The Colonial Pipeline attack, the WannaCry attack,

change health care, ascension health.

All the big cyber attacks that are in the news

have profound impact on society,

and we'll be sharing some of those stories

in the documentary.

Very interesting.

And what, it is Empress's security company as well?

Empress sells hybrid identity security solutions

and crisis response solutions, active directory,

entry ID, author, and ping identity,

combining that with a ready-one platform,

which helps companies to better prepare for crises,

and to better be able to respond in a timely fashion.

Have you seen an uptick in business?

Yeah, the company's growing tremendously.

There's a lot of scared people out there.

There's a lot of real identity risk,

and companies are still struggling

in how to keep the bad guys out of their environment.

Once the identity system goes down,

the company goes down.

And there are very few organizations

in the cyber security space that help with recovering identity.

We feel like we do it the best.

We've been in business for over 10 years now.

Well, you got like celebrities here.

Celebrities here.

Marcus, just want to shake your hand.

They'll report nice to me.

We covered when you were arrested.

We covered that whole story.

How you did that?

Oh, nonstop.

So I'm surprised to see you in the United States, to be honest.

I'm surprised to see me here too.

What channel were you with?

With Twitter, it's a podcast network.

Oh, with it.

Security now with Steve Gibson.

We talked about it.

Yeah, yeah, yeah.

We'd actually watch your episodes.

Oh, nice.

Because I was like, it was just interesting seeing you guys

talk about the case and see your takes on it.

Well, and thank you for saving the world.

Thank you so much.

I'm sorry you didn't really get credit with it for it.

I got enough credit.

Yeah, that's good.

It's very nice to see you.

What brings you here?

After the conference on this business.

What do I say?

So I've got a couple engagements.

We're doing a promo for a documentary that's coming out soon.

Yeah, we just talked a bill about it.

Yeah, that sounds exciting.

Are you in it?

I am in it, yeah.

So I'm here for that.

I've got a couple of things for my day job.

We're just, honestly, I come every year,

but I usually don't actually come into the vendor hall.

This is my first time.

So it's interesting to hear a lot of spooks around.

I thought they pulled them this year.

Oh.

So it used to be an FBI booth,

but I haven't found it.

I haven't seen it.

Yeah, because my joke every year was I would go

and I'd post by the FBI booth.

And I couldn't find it.

Ha, ha, ha.

Spot the Fed.

Nice to see you, too.

Are you having fun?

Yeah, I mean, it's all I say.

We always have fun.

Yeah, it's always great.

Yeah.

So tell me what you're doing.

I mean, I just, I'm a cybersecurity influencer,

but I specialize in focusing on everyone else outside of tech.

So I just make sure everyone's safe online.

My handle cybersecurity girl.

You protect influencers?

No, I protect everyone.

The general public.

So there's more people like John Hammond

and Marcus that are more technical.

I kind of take tech and dissect it

into very basic stuff that everyone can understand.

It's much needed.

Yes, yeah, so I love it.

Thank you.

So nice to see you both.

Thank you, Marcus.

Yeah, great to see you.

We missed you.

We missed you.

We were at Threat Locker in Orlando.

We had to leave before your keynote.

So we missed you.

That would have been great.

But yeah, I would have loved to see you.

So I'm glad I got to see you here.

Very nice to see you both.

You know, it admits to all the stress and strain

and anxiety of RSEC.

It's nice every once in a while to take a moment

for some serenity.

AI was certainly one of the biggest stories at RSEC this year,

both defending against AI-generated threats

and using AI as a defense.

Zenity is one of the companies that saw this coming early.

As I talked to Chris Hughes about their AI agent governance.

I wanted to talk to you, in fact,

before you made these announcements this morning,

but I wanted to talk to you about

agent security, securing your open claw, things like that,

and tell us about the announcements you made this morning.

Yeah, just this morning we had an announcement

of a partnership with ServiceNow, right?

The big, you know, Scree Operations guy of the ecosystem.

What we're finding is Scree Operations teams,

SACOps teams, they won't get visibility on where

agents are running, whether it's in the cloud

or in the endpoints, open claw, cloud code, et cetera,

agentic browsers.

Is this the latest shadow IT, like,

oh my God, my employees are running open claw

on our network.

Yeah, I mean, we've seen this earlier, we're cloud and SaaS,

and it's the same thing here with the endpoint coding agents,

like the end we can download and run open claw,

cloud code, et cetera, with a credit card

or free versions, things that nature,

spin up things in cloud environments,

and we've seen this cycle before,

it's like security tends to be a blocker or introduced friction,

people work around it, and you know,

seeing the same thing with agents right now.

A lot of people are just trying to understand,

what do I have, where is it running,

what does that have access to?

Yeah, they call me Yolo guy at home,

because I dangerously skip permissions the whole time,

but obviously that's not the way to operate in a business.

Yeah, definitely not, but I mean, it is a real,

it's tempting.

It's challenge, right?

You get fatigued, depending on proof of point of view.

I know what, allow, allow, just do it.

Yes, people just want, and even today,

actually, cloud code introduced, what is it,

auto-approved mode, I think it's something like that.

Yeah, it's like, I wonder what can go wrong, man.

They know.

So how can you help?

Yes, our company is a full, you know,

life cycle from the time you create the agent

through build time, all the way through run time visibility,

and we have coverage of all the major deployment patterns.

So endpoint coding agents,

agentic browsers on the endpoint,

SaaS environment sales for service now,

where they're running, you know,

agents in those SaaS environments,

or custom homegrown.

You know, people are creating agents in AWS, Azure, GCP.

We provide coverage of all those environments,

giving you coverage from, you know,

the time you build the agent, organizational policies,

processes, you know, best practices,

all the way through run time.

What's running, what does that have access to,

what data is it touching,

and then actually introducing enforcement mechanisms,

if they start to, you know,

act out of alignment there.

How do you do it?

You watch network traffic,

are there signatures of the things you look for?

It really depends on the deployment model, right?

Like the SaaS and homegrown, like cloud environments,

more API nature, endpoint coding agents,

that's more of an agent that gets deployed on the endpoint,

that way you can see the agents that are deploying

the endpoint, the activities.

You can see the traffic, you can move, yeah.

Or the actions on the system, right?

What files is it accessing?

What data is it accessing?

What source code is it?

Is it kind of, is it a fingerprint?

Is it kind of tell that that's not a human?

It can definitely start to behave in a way that's anomalous, right?

And then it is tricky though, right?

Because what we're seeing is a lot of organizations

are taking those identities from humans,

and just inheriting those permissions to the agent.

And it can be different, you know,

difficult to kind of attribute certain activity

to, was it a human, wasn't it a human's agent?

Who's responsible, who's accountable?

These are things I think the industry is trying to

have worked their way through honestly.

So, do you have agents running around looking at this stuff?

Is it agents finding agents?

That's definitely part of it.

It's agents all the way down?

Yeah, it throws all the way down, right?

That's definitely part of it.

You know, some people may call it LLM as a jug,

or, you know, AI, watching AI,

or we've kind of adopted the phrase guardian agents, right?

Because it's, it's to your point about the approval.

Like, we simply cannot, you know,

humans cannot watch every alert,

every notification, every environment, right?

But you can't simply rely on, you know,

the fox guarding the henhouse either.

You can't just, you know, fully rely on the AI.

You've got to have deterministic architectural type

controls in place.

Humans involved, depending on the sensitivity of the data,

or the criticality of the systems, and things like that.

But we are leveraging AI and, you know,

kind of guardian agents as well.

Especially to bring context.

Because it's difficult to know from a build time,

from a runtime, you know, same thing in AppSec.

Like, what do I really need to be concerned about?

There's just so much volume, so much noise.

So using AI to bring clarity to that, you know,

kind of a correlation engine, if you want to call it that,

to bring, you know, clarity to like,

what should we focus on?

You can fight fire with fire.

Yes, I mean, it's the only way.

And you know, you walk the floor here.

It's not just, you know, authentic AI security.

You're hearing that AppSec, SecOps, GRC, you know,

offensive security, there's tons of that.

Everyone's looking to say,

the only way we're going to keep pace with this is leverage,

this technology, being early adopter,

being innovator with this technology in cyber,

just like the businesses, just like the malicious actors are,

like we have to leverage it.

You were very early on this.

How did you know that this was coming?

So I'm relatively new to the team,

so I don't want to take full credit,

because I've only been here for a few months,

but I've been watching the company,

and they got their roots in low code, no code, right?

Citizen developers, and we heard like, you know,

phrases like democratizing development.

That sounds incredible.

And so you think everyone's essentially running fast

with scissors, and they don't know that you can get hurt

when you fall.

So they got their roots in that low code, no code,

which is a great way to get oriented around the SaaS agents

and embedded agents and such.

But then we saw the industry start to move,

to custom agents, right?

Endpoint agents, coding agents, agentic browsers,

and you start to expand coverage accordingly.

But you know, right place, right time,

having foresight to see where the industry's going,

definitely a cred to the founders.

It's amazing how fast this is moving.

Yeah, I mean, this technology adoption curve

is, you see it, it's faster,

not only the capital and the build out and all those kind of things,

but the adoption curve is faster than anything we've ever seen.

Yes, it's nothing we've seen like it,

like OpenClaw is a great example.

Fastest, you know, project on GitHub in history,

gets acquired rapidly.

It's, you know, and we simply,

the security never, it does a great job keeping up,

but I feel like we are learning lessons of the past.

Where were you before?

I had a services company called Aquaia,

doing a public sector cybersecurity,

I was in the services side,

but you know, I saw the problem starting to come around

with agents and things like that,

and I wanted to be somewhere that's building a solution

that can address that systemically

across the ecosystem.

You're in the hot sea, you're right in the middle of it.

Yeah, I mean, it's a great place to be,

not only for the company, but like professionally,

like I get to do this thing that is defining

the future of our career field.

So I love it, I love it.

Do you have a claw running at home?

What's that?

Do you have a claw running at home?

No, I do not.

No lobsters in your house.

No, I haven't been that brave,

because I'm afraid of if they break loose.

I did the same thing, I just spun it up

and about in the middle of the night, I went,

oh no.

I wish I had down again.

I wish I had down again.

Yeah.

No, you know, you're in the space like us,

if you have something that happened,

you look even more foolish.

Yeah, that's a good point.

But at the same time, you gotta explore,

you gotta take it with it, or you won't even know how it works.

So if you have researchers on a team that have done

an incredible job of that, exploring what can happen,

what can go wrong, how can you securely use it,

or at least try to securely use it the best you can.

It is amazing to watch it all.

It's happening so fast.

That's my excuse, it's well, I've got to find,

I've got to learn, how am I going to learn if I don't

break the glass a little bit?

Yeah, you can't secure something you don't understand.

So that's a critical part of it for sure.

I really thank you for your time.

I hope you have a great show.

Likewise, good luck with the rest of the conversations.

Fun, all right, appreciate it.

On our way out the door, I had to thank my friends

at tail scale.

I know I love it and use it, you may too.

And they told me something I was very happy to hear.

Everybody who listens to Twitter and security now,

tail scale fans, but we use it as home users, it's free.

Yep, it's free.

They will stay free forever.

Okay, that's my first question, really?

Yes, yes, we are committed to having a free tier.

I mean, network effects, you have more people

using it, enjoying it, and it will improve infrastructure

all around.

And once you use it, you go, oh, that was easy.

I tried to set a wire guard myself.

Yeah, and you don't want to be managing different tunnels

and ports, and I'm on a battle to get my husband

to stop just using wire guard himself

and use tail scale.

It's so much easier.

I have wire guard, I have a ubiquity router.

It's built into my router, but tail scale so much easier.

So much easier, I'll handle the connectivity,

handle the redundancy.

We have a network of fallback servers as well

to handle your connectivity.

If you need to, but it's faster, lighter weight,

and it takes just five minutes to connect.

So let's help you keep this free.

Yeah.

Let's plug the enterprise product that does pay the bills.

Yeah, yeah.

So you have some AI stuff that you do.

What, tell me how that helps.

All right, so first I just want to cover that,

it's building on top of the tail scale architecture.

So you can build a lot of different applications

when people are building observability solutions,

some monitoring solutions, ZDX, open source

or place, and I heard someone build a Z-scaler,

so I came from the ZDX.

And so there's a number of different use cases

that you can apply this to.

And so one of the things that we built internally

was in securing AI products called aperture.

So aperture is managing API key sprawl.

It's a gateway for all of your agents and user traffic.

They go through aperture.

Going through the aperture gateway.

Yes, whereas all of your other traffic

will be still point-to-point encrypted traffic,

but you can designate that this traffic

based on these APIs or having that traffic

go inbound and outbound to through this gateway.

So right now, I SSH through tail scale to my agent,

my claw running at home.

Would I run the cloud through aperture?

The claw through aperture?

Is that the idea?

It could be.

I mean, it's probably more for advanced price

education, yeah.

So I think it's really to manage API key sprawl

and different APIs.

155 million tokens.

Yeah, yeah, hopefully you're not doing that at home.

Yeah.

Yeah.

And so, yeah, monitors, number of requests.

Across all of your different tools, every tokens,

there's also a monitor and your financial output, too.

So this is how much you spend within a quarter or a month.

Does it have a security angle, too?

Yeah, well, I mean, this is part of the security angle.

So in terms of giving that visibility to an assurance

of these new AI tools that you're implementing

within your organization, we also integrate with partners

such as OSO to actually provide guardrails

so you can block access or hit, if you hit a certain cap,

you can manage access.

And then there's deep session level logging

that lets you identify and troubleshoot exactly

what went wrong and how it went wrong,

if it's an excessive output of tokens,

if there's any issue in that sense.

And then this is going to be a single dashboard

for all of your tools.

So you're not just hopping between your different tools.

I think one thing that's really useful about it

is not only in being able to tell performance

between different tools, but also at Cisco,

we've probably rolled out 10 different AI products this year

just within our organization.

And are all them really being used as a thing for them.

So it can help with tools brawl in general

and just consolidation.

So both the security angle on how is this performing?

Is this actually, are the agents performing as expected

or are the users performing as expected

both in terms of if there's an anomaly or an issue,

but then also can we just use the tools

that we think are the most effective within our organization?

And stop paying for the ones we're not using?

Exactly, exactly.

Well, I just want to thank you.

Teal scale is so great.

And when you made me very happy

because the one thing I'm going,

I love this too much if they ever stop doing it

or they start making me pay for it,

I'm going to be scared, free forever.

You're never free forever.

You're never stopping it.

We have you on camera.

Yes, free.

Yes.

We have her commitment.

I have her every the CEO's side, free forever.

So I'm voting him.

We also have an open source version called headscale.

So we're very committed to the internet was built

on open source protocols.

We want to maintain that.

It only works if everyone is working with one another.

God bless you.

Thank you so much.

That's great.

I really appreciate it.

Thank you, Jillian.

Thank you.

Thank you, Teal scale.

I got my little Teal scale key.

I'm going to replace the windows key with that.

Look at that.

We had a lot of fun this year at the RSEC conference.

I hope you enjoyed our little sample.

Just little tastes of the many thousands of people there

and the many hundreds of booths there.

I even got an autograph from hacker markers

such as look at that.

On behalf of Anthony Nielsen, our photographer, Lisa Laporte,

our producer, thank you for watching.

And we'll see you next year at RSEC.