In our latest episode, we delve into the important aspects of AI security, focusing on how orchestration platforms like Kindo are enhancing the way businesses use artificial intelligence. With the introduction of technologies such as Stable Diffusion and ChatGPT, AI has become more accessible, highlighting the importance of data privacy, compliance, and safeguarding competitive advantages for businesses eager to integrate AI technologies responsibly.
The current digital environment presents numerous challenges, and employing AI services from third-party providers requires careful planning. We discuss Kindo’s role in navigating these challenges, emphasizing its success in offering secure AI solutions that prioritize data protection. The episode explores significant developments in AI technology and the necessity of adopting secure and productive solutions to prevent data breaches and misuse.
We also offer an in-depth look at Kindo’s evolution from an orchestration platform to a leader in security and compliance, highlighting its advanced features. Kendo supports a wide range of AI technologies and enables precise control over data access. This episode is designed for anyone involved in IT, security, or leadership roles in their organization, aiming to deepen their understanding of AI security measures and ensure their business is not only leveraging AI innovations but is also protected against potential risks.
This episode of Customerland is sponsored by
Read the full transcript below
Ron Williams
There’s kind of two philosophies in the, at least in the VC world. One is one model is going to win it all, which is the playbook opening I or Google’s trying to run, and then there are others. The other view is it’s actually maybe lots of models, so you’ll have one particularly for you, one for your particular job, maybe five for your company doing different things, and maybe in a company you get at hundreds of miles and nd in that world Kindo becomes. You know, that’s the vision we see and that’s why we think Kindo has to exist is to address that particular problem.
Mike Giambattista
Let’s let’s enlighten the listeners as to what Kindo is, first of all, and, and then what this, what the value for this platform is in the marketplace, and then that we can unpack this and go in all kinds of different directions. But maybe let’s start there.
Ron Williams
Yeah. So you know, I I think the best way to think about Kindo is it’s an orchestration platform that lets a company bring in any of the various AIs that that are in existence today and any future ones it into their company and Connect the data inside of your company and then manage that securely. So and by manage. There’s several pieces of that, like manage it in a Compliant way. There’s already existing compliance laws around software and data processing that apply to AI, and there’s new ones, of course, you know, coming as well, and then and then you know from a central point, right.
So when you’re a big enough company, you know a small business doesn’t necessarily have this problem, but when you get to a few hundred employees and bigger, centralizing it, you know Ron joins the company, he’s going to have 50 different applications and sass apps or whatever that I need to Connect him to and get him access to, and then when he leaves the company, I’ve got the same problem, just that one simple problem.
As an IT person, I don’t want to have to log into 50 different things, right, when Ron joins and then 50 different things when he leaves. But there’s a whole bunch of other problems that come out of that too, for when Ron joins, like maybe there’s a security issue and I have to go look at 50 different things, or or he does something bad in the company and I’ve got to go look at 50 things, but all these kind of audit kind of problems and related compliance one. So AI now brings all those problems in with it is now it’s spreading everywhere and Kind of was built to allow an organization to properly manage all this influx of AI Connecting to their data and all their employees trying to use it. Does it make sense?
Mike Giambattista
It does. Thank you for that. So, looking over your materials and trying to get a handle on the “why” for Kindo Okay, it’s, it’s an orchestration platform, it it helps to manage a variety of AI sources. One of the things I was Look, I should have been aware of this, because I cover this stuff, but I just I just hadn’t thought about this particular angle is and it’s a, it’s a statement I think I read somewhere Kindo is committed to your security and privacy interests, not training the models of AI providers and that kind of that. And what hit me as a duh moment, like, yeah, it’s, it’s probably something everyone who’s deploying AI On any level should be concerned with. Honestly, it had never occurred to me, to my discredit. So were you finding that that was a kind of understood and felt need in the marketplace, or are you kind of leading with that, saying, hey, please be concerned.
Ron Williams
Yeah, I think the ladder right now, like I think you know the key thing to understand about the AI wave that’s coming through now. It’s going to be a big transformation wave, but it is different software and different capabilities than anything we’ve had to deal with before. I’m a former IT leader security leader, and so it’s not just another piece of SaaS software that I’m going to add. A lot of people are treating it like that right now, and it’s probably a mistake to do that. It’s one thing to use Salesforce and put in a customer record into your CRM system and trust that Salesforce will do the right thing and not lose that data or whatever. That’s what the risks you take with any SaaS app or even an email provider or whatever, and they’re pretty good at protecting those risks.
It’s another thing, though.
The way AI works and the way you work with AI is you’re actually almost hiring this super smart employee into your business and exposing your entire business to it, and it has the capability that not directly today, the AI doesn’t learn in real time, but everything you send to that AI, everything it processes for you and sends back, and everything you do again can be analyzed to make the AI better.
What that means is it can be better at running your business right, which might seem great for you, but if it’s not your AI, it’s just a matter of time before that AI can just compete with you and run your business or run your job or whatever, however you’re using. We’ve never had that risk as a Chief Security Officer or as an IT person, or even as an employee in the company. I had the risk of maybe having to train an outsource worker on my job and then getting replaced, or a younger worker right. That’s the risk. Ai brings that exact same risk in, but now for the entire business, not just for an individual, and people need to think very carefully about how they work with AI and its long-term impact in that regard, and I think a lot of people haven’t got to that realization point yet, and in Kindo’s built to help you through that, along with a lot of other things as well.
Mike Giambattista
So are you suggesting I’m going to try and put a finer point on that but are you suggesting that by, if a company deploys someone else’s AI thing, that that AI thing will take whatever it’s learning at the client level and can then process it back at the you know, call it the AI owner’s level, and then your competitive advantage becomes the LLM’s competitive advantage? Yeah, that’s right.
Ron Williams
And I think that is the business model of most LLM sellers today, even when they say we agreed not to train our AI and your data, I think you’re. You know, maybe you can trust that, but you’re literally only trusting a piece of paper and when that LLM comes after your company, you can sue, but you’re already going to be dead by the time you win that lawsuit. And you know and this is a you know there’s a lot of history around this of how tech companies have moved in and ended up competing with their customers. I mean, amazon hosts Netflix and then runs Amazon Prime, right, right, and so the? You know this isn’t like a conspiracy theory thing. This is just capitalism at its best, like you know, just making things more efficient and so so you need to be very thoughtful.
It’s not like just storing your documents.
You are sharing the understanding of why you have that document and what its purpose is and its benefit to your organization.
When you use someone else’s AI to process, you know the work for that, and so that little clause we’re not going to train on your data. You’re literally betting the future of your business on that clause and you should, you know take the appropriate you know risk mitigation strategies and way through, like, do you really want to take that bet? Because the thing is, you don’t have to like it’s not actually that hard to run AIs yourself or run them in a way that doesn’t expose you to that risk, and that’s why Kindo exists to help you through that particular problem. So, even if you trust the other provider today, maybe their ownership changes or whatever, or they get hacked. So yeah, we’re not going to train your data, but you know they’re still storing data, they’re still doing a lot of things. They get hacked, somebody else’s AI grabs that data and now you still have a problem, and so you know you need to think about the broader risk and then what’s the best way to mitigate all those?
Mike Giambattista
So you come from an IT security background, as you mentioned earlier, because this is, this is, as you’ve acknowledged, this is fairly new thinking for a lot of companies that are deploying AI, pretty excited about the prospects, all the efficiencies it brings. At some point in the recent past, your light bulb and your co-founders light bulbs went off and said, hey, you know, what about security? Or what about orchestrating all this in a in a manageable way? Were there any kind of key moments in your journey, either pre or during the formation of Kindo, that kind of brought you to the realization this might be a necessary thing?
Ron Williams
Yeah, I think you know, like the, you know the.
The Genesis of the company was really, you know, back in August of 2022, this product called stable diffusion comes out, which is pretty famous AI, and a few months before that, open AI themselves had had a preview of Dolly version 2, which was an image generator, but it was closed source and behind a velvet rope. He had to be a cool VC or somebody you know to get access to it, but it was. It was getting a lot of news, at least in the tech sphere, and mid-journey, another very popular image generator Now was also starting to get some of that news. But state. A couple months later, august rolls around, stable diffusion launches by stability AI, and I think this is actually the moment that shifted AI globally. Not chat, you can chat, you tease when everybody kind of became aware, but the, the, the thing that kicked it all off was when stable diffusion launches around August 10th or 12th they think of 2022. So still remember pretty much the week and it was open source they spent five hundred thousand dollars versus millions of dollars that open AI or whatever mid-journey had spent trying to get their models out and to train the model and then just kind of YOLO’d. It made it available to everybody and within a week, engineers who knew nothing about AI. We’re taking that product and turning into the things that that even the creators of it had not seen, probably capabilities Like they had turned it a single image generator into something that can make lightweight movies, right, or something that runs in the cloud on expensive GPUs from a video. One guy had ported it within two weeks to run totally on an iPhone. Right you, that you can disconnect the internet? Right, it ran slowly.
But and I’ve seen that before in in my career when open source hits this inflection point, where, whatever the core technology is operating systems and Linux case, smartphones and Android’s case, all the cloud stuff and fast stuff that we’ve seen that’s built on open source, the world runs out of. This iPad I’m talking to you is actually built on a open source version of Unix. That that you know, apple has modified sense. But the that, that moment when a couple of engineers who know nothing about AI can pick up the super powerful technology and Create something new out of it, was like a bell ring that, oh, ai has hit this point of democratization, commoditization, you know, super low cost and an accessible now to everybody and. In seeing that moment and seeing it before another and other pieces of open source, I was like, oh, I think a big waves coming right and every time I’ve looked at those big ways, whatever role I had in the IT or security space, there was always a couple years before a tool showed up that let the enterprise and big business Manage whatever that way brought in. And I’ve always had to buy those tools. I bought the same tool actually before at multiple companies to solve the same kind of problem for, for, for different kinds of things, and I was like you know, ai is going to need a different tool. It’s just different risk, different thing. We should just build the company that’s going to do that.
And that was kind of the genesis moment for the company and, I think, for this whole generative AI and ad the follow-on kind of impact. Because in September and October If at the end of August, if you looked at Google Trends, you would see Stable diffusion, have five or six X, the search traffic of opening eyes, dolly or mid-journey, wow, and I think that kicked a panic off in the big tech firms to be like, oh, we got to get out there, like open source is going to eat our lunch on this. And so in September, October, Facebook, Google and others started releasing stuff out of their labs to show that, oh, we’re cool too and we have powerful technology. And then that rush, chat GPT getting out the door also at open AI To release it for a year, and then the whole world really starts paying attention, and so so yeah, I say that was that’s the moment.
FinFair Connect drives incrementality to data-driven loyalty platforms, with over 15 million consumers using their services. They’re one of the leading personalized offers platform in the UK, us and Australia, providing a one-stop solution for open banking, card-linked affiliate offers and gift cards. As part of FinFair Inc, which provides modern expense management solutions to SMBs, Finfair Connect is literally transforming the payment-linked offer space by creating full self-service white-labeled portals for advertisers and publishers, thus enabling advertisers to reach hundreds of publishers via one portal, saving time and, of course, money.
Mike Giambattista
I’ll probably save this for another conversation, but I’d be fascinated to hear what that journey was like from that moment, that big hey, there’s a need and an opportunity here to developing what now lives and looks like Kindo. As I said, it’s fascinating that it is. It’s probably a different conversation which I would love to get on your agenda to talk about at some point. Yeah, happy to hear it, but a couple of things have occurred to me as I’ve done the research for this conversation leading up to it and also looking over your materials. Specifically, I think I saw this on your site, but I just don’t recall One in 10, so 10%, of employees have input PII into AI.
Ron Williams
Yeah, I think that’s actually a much higher number now, even with probably there’s probably better sources to even update the website on, Just because we’re out talking to customers and potential customers and they’re all reporting that kind of problem and also seeing other articles from the big consulting firms or whatever.
Mike Giambattista
Even at 10%, that’s still a scary, scary proposition if you’re concerned at all about the legal ramifications of your compliance. And there were two other statistics here that I’m kind of like head scratching, like I’m sure they’re true but their implications are wild. So that was one of them. One in 10 employees have input PII into AI. The second one is 70% of employees are using AI without company knowledge and the implications of that are different, but still wild and scary. And then 79% of C levels are concerned with AI security risks, as they should be. And I guess the surprising thing to me about that statistic is I didn’t think it would be that high. Honestly, my sense is that C levels are more interested at the moment in the possibilities that AI provides and not really looking at the security risks. But your perspective is going to be much more valid on that than mine is.
Ron Williams
Yeah, like you know, it’s a. You know if you’re at the scene although you’ve probably been in business 20 years, probably, at least you know, or whatever and so you’ve had a chance to at least see one or two of these waves come through. Like the iPhone was a great example, a lot of businesses wouldn’t allow it in for the first couple of years because Blackberry was still the secure way. Barack Obama, famously, was fighting to get an iPhone into the White House and couldn’t get it in. But the users eventually, even like Barack Obama, demanded, like this thing, such a big productivity gain. I have to have this to do my job. And so a couple years later, enterprises figured out how to manage these things safely and contain some of the risk, and so most executives were at least an employee somewhere in the company at that time and probably remember it. And then they moved the cloud. I think they’ve seen some too, so they’re more aware that, hey, this has security implications.
There’s also been some high profile stories. You know Samsung had some employees upload sensitive chip designs into ChatGPT and, you know, created a pretty big news story and there’s been a. There’s been a few others like that. There’s also been some misuse of the outputs of AI. You know a lot couple lawyers got in trouble on an airline kind of case where they Submitted a whole thing built by ChatGPT, that was full of fake cases and all kinds of errors and didn’t check, and then, you know, got in trouble by the judge and their employers, and so. So there’s awareness that you know these things are potentially problematic.
It’s getting worse, though. There’s, you know, if you’re in the security industry. There’s already in the trade magazines. There’s already open source AIs that have been built designed to be a powerful tool for hackers. There are new AI is coming online just to hack companies, right? So, you know, automated kind of fashion. So that’s going to get more and more news as well. Actually, I just saw a story of North Korea. The State Department, I think, was saying North Korea is now starting to use AI’s to improve their, their hacking capabilities and so. So the whole security thing is building. But but you know, if you’re, if you’ve been around for a while, you know new tech comes with security problems and they’re starting to think about it.
I think the response, though, if you’re an executive, a lot of companies banned it outright big names, the big banks, all kinds of People just try to ban it.
But again, like the iPhone, the productivity boost is so important that you’re just forcing employees to go to a less secure place like their personal devices and take company data because we’re trying to do their job and You’re losing control of what may happen there.
And you know that when you think about compliance in general even existing if you’re a public company, you have star beans. Actually, you have all kinds of compliance laws affecting you already, and the base of that Law and the ability to comply is to be able to see what’s happening. And so as soon as you get in, as soon as you kick employees out of the company network to go do something, you no longer can see what’s happening and you know. So we encourage like, hey, you need to find a safe way for people to do this so you can at least understand and ad even outside of security, you can understand how they’re using it. Maybe they have figured out a better way to do their job and you should be aware of that as a leader so you can get a thought that across the company.
Mike Giambattista
So I’m thinking, you know, whatever it was seven, eight years ago or something like that, when GDPR first showed up and companies first started to need to take Privacy issues as Important, because GDPR had real teeth in it. But and as important as GDPR and CCPA and all of its you know kind of follow-on variations came along. It seemed to me and there was data at the time to support this that Nobody really took it seriously, that the security and the privacy issues weren’t really a primary concern until the big fines started showing up, until people were like, well, wait, a second. GDPR has teeth and so do these other regulations. Now it’s a need, and so when I’m looking at this last statistic here, 79% of C levels are concerned with AI security risks. Bravo, I think that’s fantastic and I’m surprised the numbers so high, just because you know it took so long for the privacy issues to start to sink in and become, you know that important.
Ron Williams
Yeah, and I think that goes to the point of, like there’s existing compliance stuff that applies to AI already. Like you don’t have to wait for the new laws. GDPR applies to how your employees use AI right, and so the Sarbanes actually applies. You know the many other various laws and so you’ve got to be thinking about this now. But of course, new laws are coming. A GDPR style law is in flight for AI in Europe that’ll have a similar impact, similar fine structures, all those kind of things. It’s in its final stages right now, and then states like California, new York, a few others are also in a verge of passing Different AI compliance laws, and so legislators have learned to move much faster on this stuff than they have in the past as well. But again, there’s a bunch of things that are ready, impact your use of it and it’s you know it’s a good idea to understand what those things are and get appropriate controls in now, and then then have a plan to adjust as new things come out.
Mike Giambattista
Clearly, yeah, I’m nodding my head in agreement, Just can’t tell in the podcast. So, as I read through what was being printed about Kindo, last year, as you mentioned earlier, it was being presented as an AI orchestration slash management platform, but more recently, ideas of security and compliance are being layered on. Of course, both approaches are really valid, but I think it would be helpful for our listeners to hear a little bit about how Kindo manages security issues. Of course, we don’t have to get too deep into the weeds, but the fact that it does it at all is pretty important.
Ron Williams
Yeah. So if you just pop with the website, you may also think we’re kind of like an AI productivity company as well and, to be frank, we are working on messaging. We’re a fast growing startup and we’re also responding to different places where the market is. We’re trying to meet the market where they are today versus kind of where they’re heading. Last year most people were just prototyping AI. They were looking towards productivity stuff. They’ve done a lot of that. Now they are really starting to think harder about okay, how do I deploy this more broadly, how do I secure it more? So our messaging is starting to shift. We’ve always been from the ground up, a way to properly secure, control, essentially manage, ai. We just had to shift our marketing to find the right people to talk to in the place where they are. So how we play in your organization is if you have an AI you want to use it could be OpenAI, ChatGPT or GPT-4,. It could be Google’s Gemini, it could be Anthropic’s cloud, it could be IBM Watson, if you want it to be If there’s an existing AI and it’s sitting in an API, so it’s available to developers to grab, which most of these AIs are on the commercial side.
So people selling those AIs. You can attach those into the Kindo platform. Most of those already are attached into the Kindo platform, but we go further. Any open source AI and there’s literally about 450,000 open source models just at hugging face, the big open source service platform for all open source developers in the AI space. Any of those models you could also attach in, and it’s not just large language models. These could be models that are image models or audio models or speech whatever you need. You attach them in through Kindo. We make it easy to attach them. We attach them for you.
I guess the other key thing to understand about this is we’re a turnkey platform where we don’t sell to developers. We sell to business users, right, and so you just tell us what you need to do and we help you find the right AI and make it available to you. And then, once you have your AI or AI selected it could be many AIs if you want we then get the data that you want to work with connected securely, and then we provide an AI doesn’t ship with user interface, and AI is more like buying a processor for your computer or something. It needs something that you can interact with it. So Kindo ships a user interface that lets you be productive with AI. So when you see our website, it looks like productivity tool.
It’s because we have to build an UI, a user interface, so that you can access these AIs, and so we give you a chat bot that lets you talk to any AI that can chat with the same interface, no matter what the AI is. We give you a workflow builder, no code, that lets you quickly build repeatable workflows so that you’re not just stuck in a chat bot all the time trying to do things. You can share those workflows and then, behind the scenes, we let IT security compliance see everything that’s happening and control it. So they can say, Ron can use this AI with this data, but not with this data, right and so, and they have that full visibility as well, and so we were in the middle letting everything pass through, which lets IT security see everything that’s happening and stop it, control it, get alerts on it, whatever they need.
And we’re AI agnostic. We’re Switzerland of AI I think, really the only provider right now. That’s what’s one of AI, so giving you the most flexibility to adopt the thing that works best for you. Some AIs are better at some things than others. Some AIs are more cost effective. Some AIs are more, are more compliant for your needs, like, maybe you have to run it in a certain country because of compliance laws, or you have to run it in your, on your data center, not in Amazons, and so you’ll need that flexibility to pick which AIs, and then we give you that.
