Name: Securing the AI Era: No More Ignoring the Hard Problems
Uploaded: 2026-05-06T18:08:08.858Z
Duration: 51 min 14 s
Description: Securing the AI Era: No More Ignoring the Hard Problems

Transcript for "Securing the AI Era: No More Ignoring the Hard Problems": Alright. Welcome. Today, I am incredibly excited and thankful to be joined by my good friend and one of the leading experts in the space of AI, security, and, honestly, geopolitics. I'm Nic Chaillan. You've had a a a very long career in this space. You started, I think when I first met you, you were chief software officer at the U.S. Air Force and Space Force. You're also an entrepreneur, a successful one. You started a company after that, which just exited. But, yeah, you have been at the forefront building with AI, building your own AIs, and having AIs build things for you, for longer than anyone. What did I miss there in that intro? I I feel like, it would take just to fully introduce you next. Well, I know. Thank you. Well, you know, I I started pretty young, you know, like you, I guess, but I started at, you know, coding at seven and did my first game at 12, made some money. Right? Created my first company. I was 15. So I founded 13 companies. You you talked about Assage. We just sold it in December. Great three year, journey. 250,000,000 exit. That was awesome. Great, buyers with Big Bear. Great company. Great people. So that was awesome. You know? Lot of fun. And then I spent also eighteen months at DHS. I was a chief architect there. And that's kinda what woke me up, you know, with all the, threats on the national, side when it comes to the critical and project here, you know, grid, water, nuclear power, and all that kind of stuff as well. Yeah. And so you you would left and started your company kinda right around the time ChatGPT happened and that whole ChatGPT moment happened. And you you kinda got to watch the government adopt AI, companies adopt AI. Let's start there. Like, where where do you think the government is doing this right? Where do you think they're doing it wrong? Where do you think they need to focus their time? Yeah. There's not many things the government like to do right. You know, that's kind of the issue first, you know, and. and sometimes these, you know, great people showing up, and and, unfortunately, they don't last very long. So, you know, we we we had a good last two years, particularly with Nic Garcia, who was, the CIO in the US army, and he he's he's done an amazing job to bring a lot of great, capabilities. Unfortunately, there's a lot of also a bureaucrat, tenant type that don't really understand technology, don't really know what a CIO should be, and also have no vision. And so what you've seen recently particularly is kind of a a push to control AI, approve it. Right? The the White House, unfortunately, has been pushing this idea of having to approve model before they can be released to the public, which is really a total disaster completely, you know, tied to what the EU has been doing, with their, dozens of regulations that have been slowing them down to the point of irrelevance, you know, and that's, a big concern when you have to compete against China. So there's a lot of things like that happening that are really not good, right, not healthy for the nation. I I get the need to try to get some type of governance. Doesn't mean we have to, you know, turn it into a giant bottleneck. That's a big concern. And then, you know, the the government has been moving to a couple of shady things. Right? The the big, frontier models have been pushing this one, dollar unlimited access to their models for a year or eighteen months, and we all know that's a kind of a a shady way to get people locked in. Right? So that never be allowed. Right? We should just pay fair prices. Right? There's no reason why the US government should pay less than a nonprofit, by the way. And then, you know, we've we've seen the the Department of War particularly get get get locked into Google and and a few others, but really Google at the end of the day, and not using abstraction. You know? I was always a huge, proponent of of abstraction, so not getting locked into a single stack, whether it's, an API product, whether it doesn't matter. And so I built, you know, my company, I stage, we had a foundation of abstraction so we can reuse things, not getting locked into to model tag. And and so now what you've seen is, you know, the department build, you know, a 100,000 agents, allegedly, which, by the way, is also complete nonsense, right, because what you what you see now, just like we had a little bit during the no code no code wave in in the department where everybody thought it was a good idea that people should be coding things, which, by the way, is not true. Right? Not everybody should be rebuilding the same wheel. And, you know, what you've been seeing is now these 100,000 agents, which I would bet 95% are doing the same thing, because they are built by a single vigil with no arbitration, no oversight, no, you know and that assists the need and use and and making them available in a in a marketplace kinda way or in a in a, you know, in a in a easy way to share across teams. So you know, and we those numbers, like, back in the day, you know, lines of code when I started in the in the department, people were like, oh, we're doing x mean in lines of code, like, if it was a, you know, a good thing. Nah. So we're using the wrong metrics. Right? So you see, the the Department of WER babble about, you know, Nicolas Chaillan dot mail releasing a 100,000 agents. Like, that's a good thing. It's not. I I I you know, we should maybe have a, you know, a thousand agents. Right? If it's done right at at best. I mean, that's, like, done right, you know, across all the the the different, teams in the in the department. So, you know, there's there's a lot of noise. Right? A lot of chaos, a lot of, you know, tap in the back with very little to show for it and a ton of taxpayer money, wasted. Yeah. It's it's clear there's urgency, which kind of you know, makes me optimistic because especially when I look at this space, you know, any technological wave that happens. Right? You have that kind of crossing the chasm style curve. There's early adopters, and then you get to the late majority and the laggards. And the government is usually pretty far back, but that's historically, that's been for a reason. This technology has to get hardened. You have to figure out how to govern it, all of that that stuff that happens after the early adopters have figured out what works, what doesn't work. You know, we saw this with containers. You were among the first pushing containers in, but it took years before containers were still fully ready. And the early adopters and startups and people experimenting figured that stuff out before it was really enterprise grade. But when there's a technology like this one where the exponential slope is growing so fast, if you're normally two or three years behind on a piece of technology before you bring it in, that two or three years is twenty or thirty years of progress in a space like this when the rate of improvement is so high. So I like that there's urgency when people are talking about it, and they're figuring out ways to bring it in and to collapse that normal, you know, three year or five year tech adoption cycle in the government that we're used to. But there's a lot of challenges you have to figure out at the same time because that governance isn't sorted out. And to your point, locked into one model, every month, there's a new model at the top. And if you're locked into the wrong one next year, no one knows which is gonna be the best one. It could be some new one that doesn't even exist yet. That's a problem too. Everyone needs the ability to stay at the forefront here. Yeah. And, you know, when you build agents particularly, right, you do you use something like OpenClaw. Right? You're gonna be able to tap every model. You're gonna be able to orchestrate, the complexity of that, you know, step by step process and skill. And, you know, if you look at my agents and my and and I have probably one of the most advanced stack on the planet, when you look at the complexity of my agents and the work, they can actually do replacing people and not just augmenting people that that, like, they used to be able to do even back in December. Right? So we switched in in January of of this year from augmentation where, you know, I used to augment my coding team and marketing team, you know, 30 to 50 x. Right? And now, I can tell you I I got freaked out, right, where now we are at a stage where, these, orchestration tools can actually replace humans in many, many different fields, to a degree that is very, very concerning. And most people are sleeping at the wheel, including in the government to try to see what should be done to protect jobs. And, and it doesn't mean we ignore AI and we start regulating it to the point of, you know, becoming, a third world country compared to to China. Right? So you you have to balance that. And now the White House has been trained to control, you know, model release, which, you know, again, is a disaster because none of these teams and groups have any actual way to control, or decide whether a model is is good for release or not, and is that biased and and is that political? And if if it turns into a political game where, you know, oh, that model is not able to write a poem about Donald Trump, but it's able to write a poem about, you know, Joe Biden. But guess what? Most people don't write poems about Donald Trump or Joe Biden anyways. Right? So, like, why do I care? But they block the release of a model because of bias, which we're gonna find all over the place anyways, including in humans. You know, then what's gonna happen? Right? We're gonna get so far behind, and you have all these models coming out, and and now we're gonna slow down the pace, and we're gonna go from, you know, like you said, a model every month to one every six months or to a year, which will be, you know, a complete disaster. So, you know, I I think we have to be very concerned about the the jobs. You know, you see Sam Altman and all these people talk about universal basic income. And, you know, they have done the studies. They know it's gonna be a disaster for for people. Right? And they know it's gonna it's gonna lead to massive amount of people getting, addicted to drugs and, you know, suicide and and and and, you know, people need, you know, a purpose and and need something to do. You can just give them some money and and tell them to go, you know, pump sand. So, you know, and and he's touching the the jobs that, you know, people were, you know, told that they could spend a fortune in getting degrees, in most, fancy universities, and they would be safe for the next, you know, twenty, thirty, forty years. And so many people, not me and not you, I know, made fun of of blue collar jobs, but I can tell you, those are way, you know, more safe than than a, you know, software engineer today. So Yeah. The the jobs one is interesting. So, you've been at the forefront of this. The open claw and automating and stuff like this. I talk to companies every day that are trying to figure out how to how to do exactly what you're talking about. There's some that have them fully badged inside of their companies. They're in the org chart. They have email addresses. They're in Slack. There are others that operate more under the scenes and just process things inside of a Salesforce or Jira. If you're talking to a company, and I'm sure you do this all the time, what do you how do you advise them to get set up? Or buy a bunch of Mac minis, install OpenCloud, and give them email addresses? Or, like, you know, what do you recommend? Yeah. There's a few things you have to pay attention. Right? One is you wanna build the right foundation, right, the right security. I have a guide on my website, you know, in any of The US for free, and you can go and get it. And it's based on Chainguard, you know, containers. So, people should, you know, use that guide to deploy, OpenClaw, ideally, as a container with a bunch of, you know, sidecar containers to bring, you know, data loss prevention, pump injection detection, you know, zero trust enforcement, and all the things that I have in in the guide to really kind of think of of the the deployment as as as a human. Right? So a human, you would give it, you know, specific access to things, and it would gain trust over time and get access to two more things. And then each human has an identity, so it will be the same for your for your agents. And each of my agents in open client, you know, 16 agents, Each have their own, you know, GitHub account and their own identity M365 account. So they have their own email. They have their own stuff. Right? They don't touch my stuff. Just like I wouldn't give access to my email to to someone. You know, I can cc. I can share. Right? I can I can do stuff like that, but I don't give access to, to my stuff? And then they have their own API. key so we can track what's, you know, what's happening. And and so these kind of you know, the common sense, you know, hey. Have backups every hour, you know, proper access control, no deletion rights for most things. Right? Put everything in GitHub with a, or or GitLab or whatever with a pipeline where you have proper SBOM and and CV scanning and SAST and and scanning. Right? And all the the cyber, linting and and and cyber analysis tools that you can use on the planet. And and your agent can build that that guide. And and in my PDF, you can just feed the PDF to your open cloud, and it's gonna be able to, to replicate my pipeline that I have on on GitHub, which has, you know, fourteen, fifteen gates. The first one being, you know, a chain guard hardened container, that gives you that that zero CV baseline. And then, you know, making sure that, you know, everything you build is is done right, right, using a DevSecOps mindset. And so, you know, if you if you if you if you use the agent like a human and you you educate it, on DevSecOps, and and he knows probably more than than you do, but than most people do. But if you if you tell her, hey. You know, you have to have that that DevSecOps mindset, you know, baked in unit testing, integration testing, you know, first staging and and and, you know, run it locally. And, you know, I I gave mine access to to Twidio, so he has his own phone number so he can call me. You know, he has access to to Signal and and Telegram and M365 Teams and whatever. Right? So, mine has access to probably a 100 tools now. Some tools cost more money than than than others. He has his own browser, in a in a real, VM environment, where he can move the mouse and and click like a human with a residential proxy. So he looks like a human and is never flagged by by have its own credit card? it does not have a its own critical. So that's the the one thing that I I still do. When he needs a new. tool, I'm I go by it and I give him the key, but the key is dedicated to that one agent. So they don't share keys. So I know exactly who is doing what and when, and it's helping, you know, cost, tracking as well. Yeah. So, you know, I I think you have to think of it like a human. Right? K. And that's what people don't do. What gates would you put? It's like, okay. You know, you give a laptop to a human. You don't care if they delete all their files. You should have backups. You should have, you know so so you should have protection against human stupidity and human, you know, maliciousness. So you should do the same with an agent. Yeah. The amount of people I like how you talk about that sandboxing layers. You know, the amount of people I've talked to, they bought a Mac mini and installed a hypervisor and put Open Claw on that, but then give it their Gmail password and their WhatsApp password was, like, just your threat model is very different from my threat model, I guess, is what I'll say. I don't care. the about the hypervisor, but it's not touching my email. No. Yeah. And and, you know, you will not do it if you don't do it with a human, you should not do it with an agent. Right? Yeah. Now look. You know, my agent manages my house and my we have different houses and, different HVAC systems and camera systems and things. And so he's has access to my accounts for those because I don't, you know, I don't really care. Right? So these things where, okay, you know, is that already gonna be a a big problem if he messes up? And they'll send, like, email and and and, you know, maybe OneDrive or, you know, Google Drive or whatever, right, where you don't wanna you don't wanna do that. So Yep. Do you agree with, the NVIDIA CEO, Jensen, that OpenClaw is gonna be bigger than ChatChiPT? Well, you know, it's it's interesting. Right? I I think, the next wave after the chat g p t wave that that came through, right, where people say to realize, wow, you know, you have a kind of chatbot experience. You can ask things and get get great insight, and you can even get some code and, you know, you can copy and paste it. And, oh, you know, maybe we can make some plug in in Versus code and start integrating. And and and then what okay. You know, what about cloud code? And now you have, you know, some type of maybe even an integrated IDE where you're gonna have this stuff code where, you know, I I've been coding like you for a very long time. It's at seven, so I don't even I'm 41. So whatever the method, thirty six years. So, you know, thirty six years of coding, I have no not coded a single line of code in the in in in four months, which is unheard. of for me ever. Right? And that's actually. pretty scary. And I and yet I've built more, production grade quality, output, including a full fledged company in. the last, you know, four months for what is about $200 a day of of tokens. So, you know, $70 a year. My estimated value on the output for the year is gonna be about 10,000,000, right? So 10,000,000 for $72. Of course you have to do the right things. And if you ask it to do dumb stuff, you know, you can't complain. You're wasting money. But I like to to to and I know that the stuff I'm building has value, and and and so I've already proven that, with with outcomes. And and so for me, you know, it's managing my my investment portfolio. It's a it's a trader. It's it's it's guiding my my investment teams. You know, so it's it's doing a bunch of stuff that, you know, you would need a bunch of humans to to manage, and you would get biased too and you get hallucinations too from humans and biased and whatever. Right? But I can tell you it's been way better than what I've seen any human do. So, you know, I I think what you're gonna find is this next wave now is shifting to a full orchestration, right, of tasks. And, you know, it started with, like, local no code tools where you would drag and drop steps. You say, okay. You first, you do this and then you do that. Right? That was kind of a little no code nonsense, and we we built some of that at our stage. And and that's that was kind of interesting how shortsighted that was is when you take a step back and, like, why why did we do that? You know? And now with OpenClaw where you can say, hey. Here's my, you know, here's who I am and what I do and and, you know, go pull my mine mine was able to go pull all my interviews and even the the videos and find a way with a browser to record, the video that couldn't be downloaded and then do a transcript and so save the video. So I have a copy of all the videos now that was, you know, behind paywalls and whatever. Now it has all the copies of the videos, all the articles, all my LinkedIn posts. I I did an extract of my LinkedIn, so you you got all my LinkedIn stuff. Anyway, you know, so so and he told me what to do. Right? So I I I didn't even know you could do that. So, and and now he has this kind of this full picture of me and and then each agent for different jobs. My agent actually saved my life. You know, I, I have a a disease that was undiagnosed for for seven years, by doctors, and they mask it with, you know, medicine, to mask the symptoms but not go to the root cause of the issue. And so my my arteries were getting clogged and whatnot, and so it was not fixing the issue. And in four minutes, right, feeding it all my MRIs, ultrasounds, and blood results and all that. In four minutes, I got the diagnostic, and he was right. And the doctors were like, oh, yeah. We, you know, we didn't think about it. And that was, you know, Tuesday, seven doctors. Right? So, so, yeah, I mean, you know, I think we're moving to this kind of orchestration agent, tech universe where agents are gonna are gonna do more and more complex, you know, tasks. And I I can tell you when it comes to, you know, marketing, accounting, bookkeeping, coding, UX, you know, all, you know, all these kind of non Blue Collar jobs. I've run companies. I had dozens of people. I know what it takes to onboard a new employee and, you know, top talent, so, you know, whatever what you pay them. I can tell you for the first time in in January, I got to a a point, and and I get it. Right? Most people are not capable yet to do what I do, and and that's okay. Right? But don't dismiss it because you couldn't do it. Right? I've done it, and I've done it to a point where I could, you know, with one human now run, you know, 40 to a 100, you know, agent jobs that would effectively potentially create a billion dollar company, with a single human. Right? So so that's scary. That's not good. You know, it's gonna lead to a lot of issues. That's why I wrote, you know, my book coming out in in September, you know, replacement, because I wanted to give, tools to people to not first wake up and understand it's happening because a lot of people are putting their head in the sand. And, you know, you you've seen a lot of people try it and, oh, they got a few hallucinations and they gave up. Right? And, oh, it's, you know, it's useless. Right? You see coders go, oh, you know, it creates junk code and, you know, there's more CV. I gotta fix the stuff, you know, and spend time fixing security. And, you know, you don't know how to use it. Right? And that's a huge pitfall of humans. Right? They they will often, you know, give up too too quick. You know, entrepreneurs like you and me, you know, we see problems. We see opportunity. Right? We're, oh, what what if we what if we'd build something to fix this issue that it could work to become what we need? And I think it's gonna be a huge opportunity for people, but let's face it. We're not gonna get as many jobs. And and, you know, people, you know, like Zuckerberg and and Altman keep talking about, you know, oh, the AI is gonna create new jobs. They can't they can't name one, by the way. They if you ask them, okay. You know, tell me which one. They can give you one example. They say we don't know yet. Oh, okay. But but how do we know the new job is not gonna be also automated by AI? Right? So so, you know, I think it's gonna be very interesting. And then in parallel, you see the robotics getting crazy. Right? And, you know, I was one of the first to order the Tesla, you know, you know, the last robot, and I'm gonna probably have one of the first one, you know, released. And, you know, it is scare you know, those will also automate other kind of jobs, and so then all that will come together and and what's left for humans to do. Yeah. You mentioned a lot there, but, yeah, one of them, like, there were hallucinations. People would see those, kinda get turned off, stop trying for a while. Yeah. In the beginning, it felt like you were, like, spinning a slot machine. Like, you know, and if you'd spin it and if the first time you got, you know, all green and won the prize, you're like, wow. This is amazing. And then you would do it again. And it didn't work. And then, like, there was this huge disappointment, and I think that led to this paradox where people stop trusting it for a while. Right. And it's hard to track in the metrics because you see all the scoreboards and the benchmark results. And it went from a 71 to a 73 on this metric every time there's a new one. And you're like, what does any of this mean? Like, at at what point? But there's something in there that it's not measurable, but all of a sudden, like, I noticed at the same time you did in December or January. One of those metrics moved up half a point, and then it went from not able to complete long running tasks without supervision to able to complete long running tasks without supervision. It's kind. of this binary thing that was not true and now it is true. And and and orchestrating the step. Right? So that's what's pretty insane now. It's it's able to orchestrate and decide what are the next right steps and chain them together, you know, to turn one prompt into five you know, sometimes I mean, some of my tasks are insane. I mean, it's probably, Yeah. you know, 500 prompts behind the scene, using different models, by the way, and different tools. Yeah. And that's the other thing. Right? I have all the models on my agents. Right? My default is, Opus four six, Yeah. from Claude because, you know, I don't I didn't like four seven too much, but, but, you know, the the Opus models to orchestrate has been, Yeah. insane because it's not making mistakes. It's able to see when it's good enough and when it's not good enough, and it's able to reflect on on the results of the other agents. And and you know what's crazy now? They communicate. Right? So I see I have this, you know, dashboard, and I see them chat to each other and orchestrate things, and and and they can share insights and share knowledge. And and it's it's it's like a company. It's it's it's like a in fact, it's designed as an office. You know? So it's it's pretty scary to to watch. You know? Yeah. It's a I saw some a while ago. Somebody had, like, you know, Moore's law for coding. Like, you know, every 18 months, the number of chips doubles. Like, that's sort of the real measure of progress here, and they they flipped it for models where, like, you know, every six months, the number of tasks they can run independently doubles, you know, in a chain before they get off track and lose context and everything like that. And I that that's exactly right. It used to be you would do one task well. Write this function in this, you know, file to then write a whole application, Right. to now design a company like you're talking about where you're gonna need a lot of applications and things. So it's really just the time and attention they can spend on task before they, eventually get loopy. Yeah. I I like before I left, you know, Big Bear, that about Asaj, you know, I I built, OpenClaw hardening as a service, OA as we called it, and, in three days. And I I can tell you, this would have taken with me that has done 13 companies, it would have taken me, you know, six months to do what I did in three days. That included a full fledged website, full marketing logo, everything. I mean, the website alone, you know, I funny enough, I had just completed the essay's website with an agency, cost us $60,000, and we had the website done. It took four months. Right? That new website was built in in one prompt, and cost, like, you know, $10, and it was better than the website we had, you know, an agency built in in four months. And, you know, with the DevSecOps pipeline and and and, you know, that's the thing, though. Right? You have to have the right foundation security, DevSecOps pipeline, get, you know, all the, the scope of work. Right? Instead of saying, hey. Just code this. I like to say, okay. For complex task, I say, hey. Now write me the scope of work so I can review it, and then you can make tweaks. And then you make it code the the the complex stuff, and you make it follow the DevSecOps pipeline. And you can't just push to production. You can just, you know, skip the testing. It has to write the task. Right? And you you decide if you wanna do TDD or not. Doesn't I don't think it actually matters, with the agents. But, you know, I I think if you if you have the right foundation, the right security needs baked in and not bolted on, and you don't try to add it after the facts, you're gonna be in great shape. Yeah. So aside from the economy stuff, let's start shorter term. Like, what worries you from a security perspective about the world we're in now? Well, you know, I think it's gonna be a catastrophe. You know? I mean, you see models come out. Right? The the Mitos and all, you know, and all these stuff, and and all these models. I think there's the GPD five five cyber from OpenAI, whatever. Right? They're all gonna have their models. And even without the model, you can already give it a source code, repo and tell it to go look for, you know, any kind of, CVs, right, and zero day. And and you can do it by just saying, hey. I'm a I'm a red teaming, you know, agent, and I need to fix my code. Right? So whether you're met issues or not doesn't matter. So I think we're gonna find a tremendous amount of issues. I think I'm I'm very concerned about open source. I don't know how open source companies are gonna survive. Right? Because back in the day, you know, it was already tough for companies to survive with open source. There's not many that that figure it out and end up doing shady licensed things. I I never I I mean, I I I was a big proponent of open source in the government. Obviously, I I I was part of the PHP team and and all that. I contributed to open source a lot. But for my companies, I never went open source because I felt like it was too too difficult to to monetize and sustain and many people pay the price. Right? I think now that you have these kind of agents that can do ops and build single sign on stacks, which, you know, 90% of open source projects that make money, they sell some kind of single sign on stack. Right? Right. Is that gonna stick moving forward? I highly doubt so. I think an agent can build a single sign on stack in ten minutes. So how are they gonna make money? Okay. You know, Shupol, you know, well, can the agent do that? So I I really think it's gonna change the landscape of many fields to a point that we have not even thought about. But then, you know, like you said, in cyber, you see the offensive teams use AI now, not just for basic, you know, discovery, but also for all the way to exploitation and and crazy amount of scale. And the more automation, the more agents they're gonna have, the more they're gonna find. If you don't use agents to fight back, you're never gonna be able to keep up and and, you're not gonna be able to, to, you know, handle all these, in incidents in in the in in the right timing. So I think it's gonna be a disaster. I think it's gonna be, something that nobody is ready, for. And my fear is you're gonna have, you know, the government trying to overregulate. You've seen what it did to Europe, effectively being now the most obsolete and useless bunch of nations on the planet. And so I don't know what's gonna happen, you know, to us if and the question, you know, how do we go beyond, you know, the basic AI review? Right? And how do you build your own AI red teaming agents and Internet response agents? And so I think the adoption of AI into corporations and even small businesses, you know, is a huge opportunity. You know, I I saw someone in the q and a talk about, you know, how do we share skills and agents, you know, dot m d files so they can ingest. I I on my website, I have I have a bunch of of, tutorials and and, samples of of my agents and my, you know, my setup so that people can give it the same prompt. And now they have a coding agent. They have a, you know, QA agents. They have a, you know, dev sec ops agent or whatever, a a ghost rider agent. But, you know, I think the skills and how to design those is gonna get easier and easier. Right? So then the the on my in my book, I walk people through what kind of skills they're gonna need to have. And I can tell you none of these skills are covered in schools. And in fact, you know, most US and European schools are designed to create sheep. Right? And we're not trying to and factory workers. Right? We're not trying to create entrepreneurs or educate people about finance and, hey, don't use a credit card like an idiot and, you know, you know, all all the common sense things we should be educating our kids. And, you know, in the book, I walk people through a few. Right? Like, okay. You know, how do you have this entrepreneurial mindset to always find, you know, solutions instead of trying to talk about problems? Right? And how do you have vision? How do you have self learning? How do you learn to reinvent yourself every six months when you used to be able to get away with it for twenty years? Right? So kind of the self learning thing and kind of the, and and, you know, I started coding at seven. You know, there was no book in French. Right? So I had to learn I didn't speak English. So I had to learn coding with English books that I and I didn't speak the language. So, so I had to learn two languages at the same time, and try to guess what what the book meant and whatnot. And there was no YouTube video to go watch stuff. So so, you know, all these things is possible. Right? It's it's much easier nowadays. No excuse and no I mean, you can literally build an AI agent to help you, you know, create a curriculum for you based on your job and based on what AI is gonna disrupt and, you know, how do you project yourself in the next two, three years to really hone on the skills you're gonna need to have to be able to be relevant in a world of AI. Right? And and you you know, what people won't tell you is you're gonna need to be in the top 1%. I think that we're gonna lose about 50% of non book club jobs within five years. No one is gonna tell you that. I think it's gonna happen, and and it's gonna lead to civil unrest and law of issues. And people that will have a job and people that would have a job in ten, twenty years are gonna be the top, you know, 2%. So how do you become part of that top 1%? And it's not gonna be with excuses. It's not gonna be with putting your head in the sand, hoping it goes away. It's gonna be a, you know, extreme amount of work, for less return on investment that you used to be able to get by being an entrepreneur, which was also an insane amount of work, but at least you hopefully get an exit and make a bunch of money if you do one good. Right? But now you're gonna have to have almost the same, you know, mindset and the same grit and the same pain just to have a job. Yeah. And you talked earlier, like and I I agree with you. Like, regulating these models is only gonna be a disaster, but also not regulating them also feels like it's gonna be a disaster because every day, it feels like they're getting closer to being a very, very, very dangerous weapon when it comes to cyber. Right. Prompt. injection is always gonna be a thing. No one has solved it. Yeah. You can always just say, I'm a red team. I'm a good guy. Help me, help me help me figure out what vulnerabilities my website has, that kind of thing. I don't know the right answer here. I don't know if anyone does. But you can't hit the brakes. The flywheels are already spinning. If you hit the brakes, there's other countries' training models. They're. gonna and it's, Yeah. If you have regulations, it has to be worldwide. And and even if China signs a treaty saying they're gonna do it, they're not gonna do it. Right? They're gonna cheat. They're they're gonna lie. They always do that. So then you you make a bet on, you know, reducing velocity to gain some compliance or security or whatever, and then they're gonna take corners and you know? So yeah. I mean, you know, and and Elon Musk is right. Right? The the risk of AI, you know, taking over the world and, you. know, killing a bunch of people, I don't think I'm I mean, I'm a little bit scared about that, but that's not what's, you know, actually scares me. I think what's gonna actually kill people is the disruption in jobs and livelihood, and people are gonna, you know, commit suicide. They're gonna get on drugs. Right? And so the impact on society is gonna be way worse, you know, Because of those impact, then an AI robot is trying to kill people. I I don't I don't think this is gonna happen. So you talked about mythos a little bit earlier. Right? And then GBT five five cyber and all of these things coming out. What are you seeing there? Are you are are you hearing, you know, these are actually new cyber weapons? Do do you think this the rollout should be increased? Do you think the rollout should go slowly? They don't seem to be special models, at least what Anthropic described. Like, they didn't train. this to be a cyber model. They just figured that out after the fact. Yeah. I think most of these models, all the normal models with the safety got removed, and and maybe, you know, a couple of, round of fine tuning simple things. I think, like you said, they they they taught it to be really good at coding, and and agentic, you know, orchestration work. And turns out that also leads to a great cyber, auditor, and pen tester and which leads to, you know, cyber offense, which, you know, is the you know, again, it's the same skill than humans. Right? The same human, right, can become I I could have become a a black hat or whatever. Right? I decided to go on the on the on the good side. Right? A a ton of people when I was young were like, oh, we should go to the outside and make a bunch of money and right. Didn't turn out so good for some of them, you know, then federal federal jail now, whatever, but you know, the, you know, I I think it's the same. Right. So we have to stop It's it's, you know, it's the same thing as as guns. Right? I mean, people are like, oh, we should ban all the guns. And and, you know, and then, you know, we're gonna ban all the knives because now, you know, people use knives. And and so what's right? So you but you you know, you can only that works in some nations somehow, not ready, but it it works because they can control the nation. Right? You you don't have China bringing in, you know, knives. Right? All guns. But in a in a global, you know, economy where you have companies competing and building tools and and solutions. You can't just have one nation do whatever they want and then, you know, the rest, you know, completely tethered and and then hoping you're gonna be able to compete. Just like, you know, France is not able to compete because of, you know, the crazy socialist mindset of thirty five hour a week and, you know, 75% tax rate. You know, I had to go. Right? I got you know? So how many people did they lose because of that nonsense? Right? So, you know, you're competing. Right? You're competing. You could be, oh, no one is gonna leave. Right. You hear the same thing in California and Seattle, all these mayor are like, oh, we're gonna tax the heck out of you. And, you know, if you made money, we're gonna take more New York, Mandani. Right. He's like, oh, if you have a, you know, pit of terror now in New York and you don't live there, we're gonna tax you. Oh, but you'd already pay tax online, but we're gonna tax you again. You know? It doesn't matter. Right? So they just those people just assume people are gonna take it and some will take it. Right? And then some will leave. Right? Now the issue when you have that on a global scale and a and a nation scale, that that's a problem. Right? And and so you have to compete. And we gave the kingdom the keys the kingdom to China, you know, forty years ago started, you know, with Clinton and others, and we made it worse since then where now China effectively is gonna have a a bigger economy in 2035, maybe even sooner than that in my opinion than The US. And, you know, with a US dollar knob, you know, slowly becoming no more the, the currency of the world, that's gonna turn into a disaster. So so we have all these things colliding, and no one is ready for it. And we have a, you know, congressmen and senators that are so old. They they don't even know what's going on in the world. They they never had a job, most of them, and and they don't have town limits. And and, you know, even though most of the The US wants those. So until we fix the system, it's gonna be very tough to be able to solve any of these problems because you go back to the same, you know, lack of leadership, lack of insight, lack of vision, that we we need to be able to solve these problems. Yeah. It it is exciting and scary times. I guess that's the easiest way to explain it. I I we covered a lot today, Nic. Is there anything else you think we should cover, or should we wrap Yeah. No. I mean, look, I I think I was? very interested with how you've been using, Yeah. you know, AI, yeah. because I I was pushing you. I remember, like, two, three years ago, I said, say, hey. You know, we can we can really. you know, some of the work your. people are doing can really be have any automated now, Mhmm. with AI. And and, you know, two years ago, it was a little bit early, and I'm a little bit a little bit too early. Right? That's what. I do. But then I think, you know, in the last, you know, six months or whatever, you really, shifted. quite a bit. And so I love to hear how much your your life has changed in six months. Yeah. Yeah. So we're we're a security company. And so, you know, we know this is all important. We've been trying for a very long time to do this, but we haven't been letting things run wild in production, you know, kind of like you talked about. So we're not we're never gonna be the very first people doing this stuff, but we don't wanna be anywhere near the last either. Alright. All of last year, you know, we spent trying to get things in place, data stores, rags, all of these things. MCP stood up and everything trying to get results, and, it just didn't really start working until around, you know, November or December, like, kinda like you talked about. All of us here, I'd wake up one day and say, like, why are we wasting all this time on these rags and all these, prompt optimizations and stuff? It's not working. We know how to build this, you know, other ways. And then the next day, I would wake up and see some demo on Hacker News of somebody doing kind of like what you did and automating your entire systems and say, why are we only doing this? And. so it's kind of oscillating back and forth. But we got a lot of infrastructure in place last year, and we're just hoping, sorry. I mean, New York City, like you, just talked about, there's sirens every two minutes. So silence. yeah. And, yeah, we're just trying to set ourselves up to plug in the next model, plug in the next model, and hopefully things will start to to work. And, yeah, that really kicked in for us around November or December. So once you're you're. the model you use the most is the o Opus as well? Yeah. For most of our auto like, for actual handwriting code and, you know, no one's really handwriting code anymore. But for interactive, you're in a console telling it what to write. A lot of Opus I still use Sonnet for a lot. It's faster. Yeah. You know, you get results quicker and you go back to Opus when you need to you know, when Sonnet's struggling or when, you need deeper. thought. But for a lot of our agentic systems, like, you know, we're evaluating across all the providers. You know, Sonnet wins in most of them right now. Every once in a while, Gemini will be really good at a task when you're working at dollars per result. Right. Yeah. So it varies a lot, and we're kind of set up with a flexible back end and we, you know, run evals and have goldens and all of that stuff where every time anyone drops and we get access, we see what it's better at, what it's worse at, and where the dollars per result are best at. We kind of switch around still. write code? Not my head. Yeah. Same as same as you, but I've also written more in the last three months than I probably have in the last five. years combined. Right. I've got my own little setup. scary is that for you, I guess? Is. that is that do you love it. like your job? Like, do you still enjoy it? Yes. I I love it. Yeah. I've got my own setup now. I tried Gastown a while back, when that project first came out, and it was the first multi agent orchestrator that really worked for me, but then it destroyed itself because it was, you know, pre beta and, you know, wasn't really ready. So I wrote my own the next day called MultiCloud. It's open source. And it's yeah. The way I describe it is why tell Claude what to do when you can tell Claude to tell Claude what to do? And. it's got, you know, a bunch of different terminals that pop up and down and you can submit work and, you know, there's one agent whose whole job is to review and merge all the work, someone else just to keep pushing them along when they get stuck. And, yeah, just with Sonnet and that's set up, I'm, you know, able to build entire applications in a day. It's incredible. to watch. Yeah. It's it's, I mean, for the first time, I mean, you say, you know, that it's a great exciting time. I I kind of agree, but I I'm also, for the first time, I think, in my life, actually scared. You know? I don't know about you, but I I I really think it's, no one is ready for what's coming, and I I think a lot of people are, you know, are gonna be caught unprepared because of the, really, the. how much The US and and global leadership dropped the ball on on educating kids with the right, skills. Right? Like, you know, self learning and and, you know, the grit to not, give up. Right? We we give participation trophies to everybody now. Right? So all these things. are just creating the wrong patterns for for what's coming. So I don't know. What what was your take on the, you know, the downside of all this? Yeah. I I try not to think about it too much, to be honest. Yeah. Like, this you know, the debate right now about are these cyber weapons and yeah. It's I I don't know the answer. Thankfully, Right. no one's asking me to set the answer at a national or global level. No one don't don't worry. No one doesn't even the people in charge, they don't know the answer either. So. that's okay. Yeah. It's, you know, there's one question here from Anatolia. Like, how do how do you bring the joy of programming in an AI era? The. last thing I wanna do you, do it? yeah, review mean, the know, PRs. I guess if you like building the stuff, right, and you like the outcome more than the. I'm good. doing. Right? Yeah. But the second half here, yeah, I think it's it's pretty yeah. We all have to figure this one out. The last thing I wanna do is review the PRs, which is written by a robot, which is supervised by my coworker. Yeah. Like, if you're in that world where, yeah, you're writing code and reviewing code and now everyone is writing 10 times as much, you lose time to write and your whole job. is to review the code. Yeah. And, I think that's been the bottleneck in a lot of companies that I've talked to is how they roll this out. Code review is still a massive bottleneck. And I think it's it's bad. It's a a function of, you know, having rock solid CICD where if the. tests. are green, are you confident it's going to work? Right. Because all we've done is remove. Right? yeah. We've removed the bottleneck of the keyboard, which was never really the bottleneck. But, So do you feel like we're still in humans to review the PR? it depends. Right? And, you know, I think a a lot of what we're doing in a lot of other companies here is classifiers. Right? You have one model whose whole job is to decide if a person should review that code? or not, and separate the concerns and small things, yeah, you can just pass through. I mean, my in a thin way agent, you know, in my pipeline finds more stuff than any scanning and and human tools I've seen. yeah. Yeah. So, yeah, it's, you know, small one line changes, version bumps, that kind of thing. If you spend your time writing a test to have confidence that when everything is green, you can. click merge. That gets easier. So, yeah, right. code review and everything culturally is important too. It it helps you understand what is going wrong. So when you get a page in the middle of the night, you know where the code is. that you've gotta go look at. It's it's one of these, like, you know, the cause of and solution to all of our problems is gonna be more AI and getting it all plugged in in the right places to get this, you know, Yeah. this pipeline I got. no idea where my new code is. III. would act I mean, I know the repo. That's about. it. You know? I I I I have too much. I I think you did, what is it? 1,700,000 lines of code. I mean, I know it's not really a, you know, Yeah. a measure, but, I. mean, 1,700,000 lines in three months. You know? Yeah. So so Yeah. You know, my my little benchmark where I really got kinda shocked in back in December or January was we have this one tool. It's called Melange. You know, we use it to build all of our packages for all of our images. It's open source. All last year, I would just create a new repo, open up Claude, and tell it to rewrite Melange. You know, I would switch the back end or add a feature or something like that or rewrite it from scratch. It could look at the old one, write a spec, and then I put it in there and it would rewrite it all from scratch. And, you know, it would take me a couple weeks in the beginning, you know, checking it, keeping it on track, finding bugs, telling it to go, and I would. get, you know, working versions of it. And then a couple months later, there'd be a new model. I would try that again, and I would say, oh, only a week now instead of two or three weeks last time. And then there was one day in December or something. I did it again, and I said, alright. Go rewrite this. It was when a million context windows came out. And it churned for about an hour, and then it was like, okay. I'm done. And I'm like, you're not done. You know, go write a test suite and show me that it's byte for byte compatible, the output. And it was like, okay. And then it was like, while doing that, I found three bugs in the original implementation. And here's a report saying why mine is correct. And it was like, Wow. oh, okay. It is actually done. Something changed here in the last couple of months. And, yeah, it was just kind of an eye opening. So what do. you think is gonna happen to open source projects like that? Right? They're gonna they're gonna have issues. People only gonna need to maintain. You. see how many issues are published on OpenCLAW a day by agents. How how do they keep up? How do they fund the the work? Yeah. I think I think there's gonna be you know, there's some people who say open source is just gonna go away. Like, why use it when you can one shot everything from top to bottom? Right? If you said build me a web app you know, Yeah. when you said build me that website, you know, I probably use React or Next. Js or one of these frameworks. You could have told it, you know, don't use that. Write everything from scratch in Vanilla. Js, and then. you're not using open source anymore. I don't think that world makes sense. I think, Yeah. you know, You don't wanna reboot everything on the planet. I, am. there's Linus' law. You know, many eyes make all bugs shallow. You know, my my version of that is, many agents make even more bugs even shallower. Right? Like, you know, Right. for all party tokens to do this stuff, you're still gonna get a higher quality result if all the tokens burned or on that kinda same foundation. You're never gonna say write me a database from scratch, right, and then use that database for your production system. Right. So I think there's kinda gonna be this barbelling effect of, you know, stuff at the top. You know, those web frameworks are gonna become very important. They're DSLs for the agents to write in. That's why they can go so fast. You're not writing hundreds of thousands of lines of CSS from scratch for every website. They know how to manipulate, you know, the frameworks that they have. And then. the stuff at the bottom is gonna get even more important to the kernels, the databases, the web servers, the things that have to be rock solid and have to run-in production for ten years on different CPUs to really get all the bugs found out. They're gonna get even better, even more important. But then that stuff in the middle, you know, the ORMs and weird frameworks that, you know, you you write to hook the front end up to the back end that, maybe cause you more harm than good in the end because you have to restructure your entire app around those. I think those are probably gonna get a little bit more hollowed out, and those are the parts where, yeah, you can just write those SQL queries yourself. They're not that. scared instead of using those kind of crazy Python frameworks that abstract it all away and kill your performance too at the same time. On maintenance, I didn't like, some projects are adopting anti AI stances, some because they're scared, some because it's just too much sloppy sent in by people that don't know what they're doing. You know, like Mitchell Hashimoto is not anti AI at all, but he had to use a few crazy policies because people. were just wasting too much of his time by sending code they didn't understand. And, other products are, you know, anti because they're scared of it. But a lot are figuring out how to do it, you know, responsibly. The Linux kernel's a great example. We just introduced the policy for how to do it and, you know, just like, just tell us you did it. Have a little note here saying which model you use. We're gonna track this over time and see what's working better and what isn't working well. You know, it's great, and it's gonna help everyone go forward. So yeah. Hard to predict, but, yeah, I don't believe it's gonna die or go away completely. Yeah. Right. No. I agree. I agree. I think it's gonna be tricky. Right? Because the people that don't know what they're doing, they're gonna get better at it, hopefully, and they're gonna have more, volume of of issues and finding. And then the open source projects are gonna have to respond to that and keep up, so they have to spend money on tokens. You know, at some point, all this has to be funded and makes sense. I don't know how that's gonna work, but maybe that's gonna be the the limiting factor. Right? It's always energy and the cost of, of tokens, maybe. Yeah. I don't know. Yeah. Maybe that's what the new reserve currency for the world is gonna be tokens instead of dollars. How many tokens you got in your bank? Yeah. Yeah. What's the price for a barrel of oil? Yeah. And maybe they're gonna find something that that makes it so, to, do inference. Yeah. Yeah. You know? Well, thanks for your time today, mate. This was awesome. Always love chatting with you, and I always walk away a little bit terrified, especially now. Alright. It's better than keeping our heads in the sand. But I wanted to thank you because you were kind enough to write the, full word of, my book, coming out, in, July. So wanted to thank you for that. That was great. Thank you. Although you use AI to write it, so, you. know, Thanks. took you, more. than more, than a year. me to do that, and thanks for joining us today. Stay in touch. I'm looking forward to seeing what other crazy stuff you set up over the next couple of months. Sounds good. Thank you so much for having me. See you next. Bye.