Name: The Biggest AI Risks of 2026
Uploaded: 2026-03-19T16:16:12.611Z
Duration: 55 min 12 s
Description: The Biggest AI Risks of 2026

Transcript for "The Biggest AI Risks of 2026": I think we're live. We're live. Alright. Sounds good. It's right at the top of the hour. So we're gonna get started. Today, we're talking about everything AI and the risks around AI for this year of 2026. So, just a quick introduction. I'll do myself. And, Steven, you can go next. And, for everybody's knowledge, this isn't gonna be a lot of slides. Just kinda keeping that out there. We're having a real conversation just about what we're seeing in the field and how all that's coming together. I'm Chris Hoseley, field CTO for BigID. Been with the organization for about four years, but I've been in security for well over a decade now, which makes me understand why I'm starting to gather gray in my beard and my hair. And I'll pass it over to Steven. Thanks, Chris. Good to see you once again as always, and, appreciate the invite today to talk about something that's really near and dear to my heart because we're seeing, security around AI all over the place. I'm a partner and the head of AI strategy, for a company called Orteka. We're a consulting firm and a partner of BigID. And we just cut across data, AI, as well as technology. So great to join you today, Chris. Great. And it's great to see you again because Steven's lineage we're not gonna talk too much about lineage today. Well, actually, we probably will. He actually is a former BigID here. So we've got a lot of, commonalities. We spend a lot of time together in front of a lot of different customers, but, I'm really interested to hear what he's seeing with Orteka and, what we're seeing with BigID and how we're gonna kinda pair that up together. So, I guess, maybe, Steven, I'll toss it over to you right away. You you went to Orteka. You've been talking to everybody. You got an AI strategy methodology that's sitting out there. AI risk, what's going on? What kind of conversations are you actually having? Okay. I'm gonna share customer stories. I won't name the customers, and hopefully, they they're not on this call today. But so I'll tell you the first thing. And and I know agent and agentic AI keeps coming up these days because that's the hottest topic. And what I'm seeing in the marketplace from a security perspective is some very boring conversations that we should be having that should have been done twenty years ago or thirty years ago. Right? It's it's around what are we trying to do from an AI perspective? Number one, what's the outcome we're expecting? Two, what are we gonna utilize in order to go execute that thing? Three, who owns the output and the pieces of of the agents themselves? And then four, like, do we have the appropriate infrastructure to go help and manage these things so that we know exactly who's doing what, when, and how? So I know that's not the sexy topic today, but it's it's foundational capabilities. And these are some of the challenges that'll most of the customers that I'm talking to do not have in place from a data perspective, from an AI perspective. Sure. Yeah. I mean, I hate saying it, but it's the it's the foundation, right, of what's going on right now. It's literally every conversation I'm having with every executive across the board. It's that idea of what how do we get the data under control? What are we gonna do about these agents? How do we make sure that, like, there is no sprawl as it comes together? I guess when you're thinking about that, like, at the the agentic sprawl, like, that's always the one for me. Like, Mhmm. it feels like companies are springing up all over the place As as weirdly as this is gonna sound, like, this is very, growing in popularity. I'm going to RSA next week, and I can only imagine that there's gonna be about four dozen companies talking about agentic sprawl. I guess, when you're thinking about that, like, what are you what are you saying with with customers when it comes to that that concept of, hey. We have a hold of these agents. Like, is there anything that comes to mind, like, as you bring that up? Yeah. So so a couple of things come to mind. One is, do they actually know how many agents that they actually have across the sprawl? Number one. Number two, are they actually allowing from a security perspective who can create those agents and what access do they have to the back end systems or cloud systems in general? That's a that's a huge challenge because it's it's way too easy. Right? I don't care what tool you're using from an AI perspective. They all have agents now. And then when you get into agentic AI and you start connecting them to your back end system so that they have now have access to all your PowerPoints, your emails, your calendars, your HR systems, And then you give them things like, hey, if you can't get access to something, just go ahead and figure it out on your own and see if you can actually get access to a system that you're not supposed to have access to nowadays. And so one is it's really around the inventory of how many agents are there, what are the systems that they're connecting to, other people have been properly trained on what an agent actually is and what it's actually going to do. And then how do you understand, like, did it actually go off and do stuff that we don't really want it to do? And then one one quick thing is we we gotta talk about NCP servers. Right? Because now we're talking about agentic AI and connecting agents to other agents, and it could be internal agents and external agents. So it's a very complex environment that get gets away very quickly because it's really easy, to be honest with you, to spin up an agent these days. And that's that's the major challenge. Yeah. I mean, in fact, that's actually probably the the most unnerving part of every conversation that we're having, right, is that customers are coming to us and and saying the exact same thing. They're like, I know I need to get the data under control. Right? That's what BigID has been focused on forever. But I'm really not quite sure what everybody's been accessing or what they're actually working on right now. Not sure exactly how that agent was created. We didn't any put any parameters in place to get that under control. How much is already sitting out there? What did this agent possibly do? Who who granted it that access? Did they does the person even know that they granted it that access? Are they even here at the company anymore? We're starting to run into all those kinds of questions all the time because it's just this idea that with AI, it has be made everything so much more accessible. It has made it so easy to look at everything. And then to your point, the MCP server, it turns it into just natural language. Like, you're taking highly technical things, and you're turning them into a natural language capability that's available for anyone to use. Like, I jokingly say this just because I work with salespeople all the time, but MCP servers actually make everything easy enough for a salesperson to do it. Like, it's that's the the fun part. No offense to anybody that's in sales on here or anybody that's gonna be watching our recording. We are recording, so you'll be able to watch this and then play this back if you want to. But that's the truth. Like, it's just one of those things that break this thing down as easy as possible without having to be technical. That's the whole point of what AI is doing out there. And, I mean, what we can't not talk about some of the things that are just hitting the actual news. Right? I mean, OpenClaw. I mean, anybody wanna talk about that one? Like, Motebook. Like, even though we figured out that that was actually all humans behind the scenes. But either way, it made it even easier. And then people had no idea that they were just basically expressing everything that they hold in their personal lives and just dropping it into a system and had no clue what to do with it. So it it's happening all the time. Like, we know that. that's just a horrible thing, and that's looking at it from a couple of different angles there. One thing I did fail to mention when we got started here, please, I I know, Shalonda, it was super nice to put a a message in the in the chat. If you do have questions, we wanna make sure that we do address it. We're planning on talking about them at the end. So as they come up, we'll make sure that we do bring them forward. So, like, we know there's a lot of you out there. Don't hesitate. Ask us questions about how we're thinking about data and AI and the risks that are associated with it. Steven, I'm gonna I'm gonna pivot just a little bit. I I wanna. take a look at it from a from an angle now, that you and I have spent a lot of time back in the day. I'm gonna say back in the day even though it was, like, five months ago. months ago. Right. Yeah. Like, right, the regulations behind the scenes as it relates to this, they're beginning to adapt, and they're adapting actually fairly fast. I mean, are are you seeing anything as it relates to things like, you know, the NIST AI solutions. There's the new EU AI act. Right? There's I mean, GDPR technically is adapting to this. I mean, is anybody actually thinking about it from that angle as you're having conversations? Yeah. A 100% for a couple of reasons. I think that the really the really it's more advanced people have already been thinking about it regardless of the regulations, to be honest. Right? Because they're trying to understand you mentioned lineage as an example before. A lot of regulatory requirements wanna understand the lineage of of agent AI, whatever form of AI you're using, of where the data is coming from, have transparency into it, and be able to have traceability into it. Now if you need a regulator to tell you that, then I think there's some challenge there. Right? I think as a company, you need to know that anyway. And this conversation around responsible AI comes up constantly now where how do we do this stuff responsibly, safely, all those keywords. Right? So I I I think it's really good that the regulators are catching up somewhat. They're still behind, to be fully transparent, but they are catching up. But I think if you're more advanced than mature company, you wanna think about it from the perspective of, if I do a, what is b going to do and impact my business? Right? So when we talk about things like security and regulations and and responsible AI, as you're developing, what is your business outcome expected to be? And then what form of AI, whether that's a a GTP or a Rag or an agent or agentic AI, What are the expected outcomes and how do I do that to make sure that I understand the lineage, if you will, of the executable across that outcome so that I can go back and check it and have a life cycle management around this? So I I know I covered multiple things there, but I think from a regulatory standpoint, my message takeaway is you should always be ahead of the regulations anyway to do what's right for your company, for your business, for your employees, for your customers. Yeah. Absolutely. And, I mean, I I I can't agree more, honestly. Like, we our a lot of our conversations, I would say in the probably in the last three to five months, someplace in that range, have shifted over to not necessarily aiming at AI, but definitely answering the questions around, hey. We know this is already being adapted. Like, what have you guys thought about from a NIST perspective? Like, we have federal contracts. How are you gonna use this data? Where does that actually go? Because we we could lose a a contract if we don't actually have this data under control or really understand where the data is going or or better yet, create a risk assessment as an attestation of, hey. I know where my data's at as it relates to AI solutions. So there has been this, it's never the foundation of why somebody's having a conversation with us, but it is always the a lingering piece behind the scenes when it comes just mainly to the governance and just overall to I mean, privacy never leaves. Like, it's always there. It's always lingering for us. Right? It's just the question now is not just in relation to what data do you have of mine, but also what data of mine are you actually using in places that even you don't have controls wrapped around right now? And that's the really, like, deep questions. My whole team tends to be having lots of conversations, as we kinda divide ourselves among security, privacy, and governance. It's just it all converges on the AI approach, especially the compliance and regulation. So, it it definitely creates an issue, for a lot of people as they're going into these. Can I touch upon the privacy perspective for. a second? Because because you did mention privacy. Right? I I I think if if you go back I won't say the number of years. A few years ago, there was this concept about a single source of of of truth, critical data elements, all this lovely stuff where you had this contained scope of what you want to protect from a privacy and a and a security perspective. Right? So it was much easier because it was structured data that was sitting in a certain repository, and you're like, okay. These are the critical data elements, and we've got a 150 of them that we're gonna really protect and and focus in on. In the advent of AI and with the with the acceleration of unstructured data as well as the structured data, there is no such thing as a single system of truth. So anytime I hear a CDO tell me, we we wanna have a single system of truth across all of our systems, I'm like, that ship has sailed. It's gone. You can't have that anymore. And when you talk about critical data elements, super important. I still think you should define what those are so you know what you wanna protect and focus in on from a privacy and security. But those critical data elements aren't gonna be in one repository. They're gonna be in 15,000 repositories across millions of of unstructured objects as well. And so I think the conversation changes a little bit from how do we do this process, right, and utilize tools like a BigID to go scan and classify and really identify what do we need to focus in on and and combine that with, like, a structured approach. You mentioned this, for instance. But most companies are not only using this, they're looking at ISO and they're trying to comply the GDPR. So they're combining policies and and and standards together. And when you do that, you really need a way to automatically read those business rules, translate those into machine readable objects, if you will, so that they you can then run those machine readable objects against the actual data so that you can identify things like was a critical data element because who's using what or where the lineage is of how that information's going back and forth or what AI model has a life cycle issue that you need to go execute because you don't have enough transparency and it's violating a regulation. Right? It gets extremely complex. So this concept around automated data management is something that's really taking off in the marketplace, I think, right now. It's something that Oteka, that's what we work with our customers on as well. And when you start getting into that, you start talking about things like semantic layers, contextualization of data, all the things that, Chris, you and I were talking about at BigID for many, many years now. Right? So sorry. Went off on a little tangent on the privacy aspect, but I think that concept of, like, single sees shows the truth and the privacy of just this specific data and protect it, it's it's no longer true. It's everywhere. You have to figure it out across all your landscape. Well and I'm glad you actually went down that line because, I mean, that that really is almost how we begin to have every one of our conversations. Right now, it's it's really where are you at in the AI journey for a lot of companies. And most of the time, like, they don't understand, like, what we mean when we say that. And they're like, well, could have taken a very conservative approach, just said lock everything down, and you're just now starting that journey of discovery, classification. Keep it clean. We should have been doing this for the last thirty years. We get it. Right? Or you you've had some stuff slip through. You understand it. You've accepted that as risk, and that's just something that you wanna do. But today is a demarcation point. We're gonna stop that, and we're gonna classify everything that's old and everything moving forward is gonna get controlled. Or you understand it is the Wild West. You you you can't put the, you know, Pandora's box. It does not shut. Right? And it's it's open there. And, frankly, probably the vast majority of companies already fit into that one without even knowing it sometimes. And as soon as you accept that as soon as you accept that that that's okay and then that that everybody's in that boat, the conversation then evolves and basically says, okay. That's fine. It doesn't have to be that way moving forward. Right? To your point, yeah, you can't have a single source of truth anymore because that's idyllic in every way. It it's actually more so, hey. What can I do now? How can I start this journey better moving forward? Right? How can I get the data under control? How can I see what's actually already sitting out there? How can I actually stop anything that we want to control from containing anything that's it's not supposed to have at all, regardless of regulation, regardless of compliance? Right? Just you know you need to protect the data of, like, minors, for example, right, or patient. information if you're a health care organization or member information for anybody that's in manufacturing or financial services or insurance. You don't want that information ever to make its way into something that people could inadvertently use. So, well, guess what? We we need to protect all of that. So the biggest thing is making that decision and understanding, okay. This is just where we're at, and here's how we're going to shift. And I'll I'll use a customer example. We have a very large customer sitting in financial services, And, like, I go through and I talk about everything that BigID is doing from the AI perspective, like, even how we're internally using it. And the funny thing is is, like, most time you go, okay. So what sounds interesting? And at the end of, like, a forty five minute conversation, they just go, yeah, that. And we're like, no. Like, what what do you mean? They're like, the whole presentation. All of it. Right. The whole whole thing. It's like, you just sit there, and it's like, okay. Like, which one makes sense? And, like, you know, you don't get it. There's 35 business units, and they're all in different states of where you just described. And we frankly need to get all of them under control based on where they're at in that journey. So, yes, forty five minute presentation, 20 slides. I need all of it, and I need to figure out how I'm gonna do it with you. So lots of strategic conversations exactly like what you just described where it's like, wanna sit there and have this for four and a half hours with you, and you and I would have done it together. Now it's like, okay. I'll do it for two hours, but I'm gonna probably pass you to Steven to have even more conversations about this thing because, yeah, this problem is big. So, I mean, I'm guessing you're those decisions? Right? So so, like, yeah. that's the other part about this. So, again, I I I think custom store stories are very pertinent here because it gives you real life examples of what people are struggling with. Right? So there's a a specific customer I have in mind that I'm working with now, and they bring in a new CDO, okay, that that sits under a COO. And there's so there's a CIO and a CDO. And, of course, the CDO wants to go at lightning speed and just start executing AI all over the place. And you've got the CIO that's trying to protect the environment and understanding from a security perspective of, okay. I know we wanna go fast, but sometimes we have to slow down and speed up. And quite honestly, this has nothing to do with technology, the next thing I'm gonna say. So it's it's around what is the change management structure? What is the communication plan? What is the roles and responsibility and accountability, which to me is always start with accountability of each individual, and who's gonna accept the risk tolerance? Who is even gonna define what the risk tolerance is around security? So anytime we talk about security or privacy or any of these types of conversations, my first question to them is, what's your risk tolerance level? Usually, you get the blank stare like, we haven't talked about that yet. Then my second question is, who's accountable if something goes haywire on this thing? Right? And it's at different levels. So somebody owns the AI program and then maybe there's a chief AI officer. They own AI. What does that actually mean? Does that mean they own all of the data? Does that mean they own all of the security that goes into those models? Do they just own the model? Do they own the outcome of the model? And so, like, all these different conversations are super complex so that as you go through this process, if you don't have clearly defined roles, if you don't have clearly defined risk tolerance levels, if you don't have know what data you have to go execute these models and and have a good transparency plan of moving from dev to test to prod, And if you don't have good security structure around all of those to meet with whatever the regulatory requirements you have, you're going to then hit a wall at some point, and it's either gonna be a breach that you're in the news for, or in some countries, you hold personal responsibility as an officer of the company, so you could actually be personally held responsible, or your customers are gonna walk because you expose something that should not have been exposed. And this is why people wanna jump into AI, and I agree. But you have to have those core foundational conversations first and then move with caution. Right? Yeah. Yeah. Well and, I mean, everything that you just described is, like, the ultimate penalty. I mean, I was having those conversations a decade ago. Literally the same conversation. Right? But it. wasn't and then we thought it was uncontrolled. Right? Then we thought it was in this world of, like, oh, I do even understand what's going on. Now we're actually literally making a tangible information with actually no guardrails in a lot of situations. Right? There are back controls, a back controls, things like that. It really doesn't exist in a lot of situations. So the data is just there. Use it as you as you please. Yeah. The penalties still exist. I like that you bring up RBAC and AVAC and all this stuff. Right? Because what what happens in the security environment? Somebody somebody joins a company, and what do they say? Give give the same permissions to Chris as as Steven has. Right? Yep. And so they just copy it over regardless of the position of the role that they have. Well, guess what agents are gonna do? They're gonna do the same thing. Exactly. Right? So when you start getting into this to this prospect of agentic AI, you've got multiple agents and each one is a very specific agent that's doing a very specific thing, but they come together to solve an end to end business problem. If you give that permission to that agent to say, oh, solve that problem where you hit a roadblock where you don't have access to the data, and they have permission to actually give the permission to another agent. What if that agent is is outward facing versus the other agent is inward facing? So you have all these gaps in in new security landscape attack services that we have. I mean, GPTs, we talked about the the prompt. Right? That was a new attack services is the prompt. Now we've got agents as a new attack service. Yeah. And they and by the way, it may not even be an attack service. It might be an internal threat because, right, an inside threat is just as important as external threat these days, to be quite quite honest with you. Yeah. Well and because those agents can replicate from themselves, to your point, one, again, external facing, one, internal facing, it does become another vector that you're just not thinking. about from a security perspective. It's just well, I already connected to this one. We already we we have a bond, I'm gonna say bond, between us. So while this outward facing one, if that gets compromised in any way, right, now I can make a map right into my inward facing one, and that one was granted the access that it needed to have. It was controlled, and now it's not. And so there we go. Right? You're just sprawling. Again, we're back to the sprawl in the concept that it nothing was actually put in place. So a lot of it does come back to things like identity and and and how are you building the agent to build off of an identity versus off of what should be a controlled environment that sits out there. So it doesn't seem like it ever was. can I can I I wanna give you a quick good news, bad news story too because I think this. is kind of well, it's amusing to me? Maybe it's not so amusing. In in the past, right, you would have a human entity. So you give permissions to somebody for a human entity, and they have permissions to this data. Now that if they're overprivileged, it might not have been as bad as it sounds because they they don't actually understand the data. Right? So even though they have access to it, they don't know how to really use it or exploit it or or whatever the case may be. The challenge that we're having with AI right now here's the good news. We're starting to talk about semantic layers and contextualization of data because we want our LLMs and we want our AI and our agents to actually do less hallucinations, execute things more accurately, be more focused. Right? So we we we build all this business and technical metadata around it. We have this beautiful semantic layer. In some cases, more mature organizations are building these knowledge graphs that actually connect your logical to your physical to your conceptual. Right? So you got conceptual to logical to physical. And all that means is what what what is the meaning of a specific business term all the way down to what data actually leads to that business term. Right? You So have this great contextualization, which is exactly what we need to do in order to increase the accuracy of our AI in general. Well, the bad news is if you have agents that are rogue and they start now giving access to this, they have that contextualization so they know where to go to do the most harm. Mhmm. Right? So I always use the word exponential when people say to me, what is your major concern of AI? Say, risk goes up exponentially. And the reason for that is we're giving more autonomy to these things. We're giving more access than ever. We're generating more data that is more critical to the business environment, and it's going to more places. So, therefore, in the past, if you had one rogue inside a threat issue, okay, it might cause some damage. But what if you have a thousand internal agents that now go rogue? You have a thousand exponential upon the the risk that you just had. Yeah. See, Yeah. told you there was good and bad news there. Right? Well, yeah, exactly. Because you just went from mathematical to an exponential, which is not exactly what anybody ever wants to think about. It's like mouth it's like doing basic algebra versus multivariable calculus. Let's be honest. Like, none of us really wanted to sit down and do multivariable calculus ever. Right? So now you now you're do it for you. well, exactly. Now I don't even have to, and my kids love it, which is great. Yeah. We're, I mean, we're almost halfway into what we have as allotted time. Obviously, we do not have to go the entire hour in here. Reminder, definitely put some questions in there if you do have them. We're all out, out there to answer anything that does come up or as you're seeing it in your business. So please don't hesitate. Nothing's too far off the wall. I guess maybe one thing that I guess, to take another place. Right? We did just get a question in, but I wanna ask ask this one question, then we're gonna jump over to, to the question that we have in the in the chat there. The ShadowAI conversation, what are you thinking about when it comes to that one? Because when I keep hearing it, it's just like, there's just another layer in the shadow that I just like, I think I have it wrapped my head wrapped around it, and then the next thing you know, I'm like, oh, man. I didn't really thought about it from that angle. Like, are you seeing the same thing? Yeah. Oh my god. And so, again, I'll use that exponential word again because we're accelerating the ShadowAI across many different applications. So fortunately or unfortunately, I get to write the AI policy for Orteka. Okay? We're consultants. We use AI every day. Right? Or if if we if we have a consultant that's not, then then maybe that's not the right consult. But anyway, so we use we use AI every day. But every tool is different. Right? They have different capabilities. Tool is better than the other at coding versus summarization versus whatever. So, of course, everybody wants access to 15,000 different tools. So you set an AI policy, and you say, these are the two tools that are sponsored by the company, and we have locked them down, and you can go ahead and utilize those for internal work. Right? Then what happens, Chris? Somebody hears about a new tool, DeepSeek. You could pick one. Right? I don't care what. it is. And they're like, well, you know, I didn't get out of ChatGPT or something else that I want to get out of it. So I I downloaded this tool. I created an LM notebook, and I I started using Grogg or or some other tool. And so that's the challenge with with ShadowAI. It's it's it's at the tool level, number one, because people can slap their credit card down for $20 a month and you have access to a new tool. Problem number one. Second problem, the access to the amount of of data that people have today. We typically want to democratize data because we went through decades of democratizing data. So now it's democratized without the right security parameters in place. And so they are able to take that data, and they are able to copy it all over the place. So that gives you not only your AI shadow, but it gives you your your data shadow stuff as well and your technology shadow as well. So there's all kinds of shadowing going on here. I think, finally, because of the ease of use of these tools I used to code early on in my career. I have not coded in decades. But guess what? I I've played around with coding again because I can because I have access to these AI tools. So the amount of technology people, they may not have the right amount of literacy, so they may be doing things from an AI sprawl or shadow AI that's actually impactful to the business and they should not be doing, but they don't have enough understanding of what they're doing. So it's ease of use of the tools. It's the cost and access to the tools that because some of these are pretty low cost. And then it's the accessibility that we have democratized over the years without the proper infrastructure that accelerates the the ShadowAI. Yeah. No. I mean, I mean, you've nailed all the angles that I that I've been hearing, right, from a from a shadow perspective. Right? I mean, even all the way down, just the idea of, like, just slap your own credit card down and and connect it right to whatever it is. Right? Whatever it is that you're hoping to to see it. Right? I mean, everybody's, like, talking about how Shaq created his own app using, you know, whatever it was. I think it was Replit. Like, great. Oh, I. I missed that one. I'm have to Google. that. You're like you're like, that. well, I mean, this guy's a brilliant business guy, and he also wrote his own app. So it's awesome. So, the biggest thing to remember, right, I think with that shadow AI concept, right, is that it is becoming so easy just to do this. And we always wanna make sure that as we're looking at everything, we can see more of it as it comes to light. But sometimes it's just outside of our our range of control, with what's happening there. So there are definitely ways to handle this one. But if it it's just like any other thing. If somebody really wants to do it, they're gonna find a way to do it, no matter what it is. I I I hate saying that, but it's one of those things that as a as a data security guy, I've kinda come to to accept it. Like, somebody wants to find a way to do something on the exact same way, I'm going to find a way to do it. And I always relate it back to my kids. If they are told not to do something, they will find a way to do it and then try not to have me know about it, which is really hard as a security. At first, they they have help. Right? They have help now. So, like, again, if if you're not a coder and you wanna do something malicious, you could go and find the malicious code to go do what you wanna do. Right? So increases the accessibility, and and that's on the on the on the bad side. On the good side, it does enable a lot more users to go and be more productive and understand your technology and actually use the technology. Right? So. you got two sides of the coin there. Exactly. So Malcolm put a question out here, for us to take a look at, and I thought it was actually a really good one, mainly because it actually it it does it does tie into the AI conversation of what we're seeing mainly because of just some of the headlines that have been coming out if you haven't read them. But I'll tie it to that, but I I want you to put your input in there, Steven. So, the question is really, you know, what is our thoughts on the scalability limits of the semantic modeling, of what's sitting out there? Right? And so the conversations that I've been having in that space, it it kinda goes one of two ways. One is just make the domain smaller that you want to build the semantic modeling off of. So, like, put it the data, get it under control. Right? Take it to where it needs to be, and then basically put that into a smaller section and then group it up so that the modeling can actually process effectively, get through the information as it goes. But the other side of the house is actually kinda tying into the headline that we're talking about is let the AI actually pick how semantic modeling could actually work from a scalability perspective, which I think it was Anthropic that literally just said Anthropic or OpenAI. I can't remember which one it was. Literally just said that their latest release, most of it was actually done by its former self. Like, Mhmm. it's using its own learning capabilities to actually go out and say, I'll function better if I make adjustments in these areas and then build from there. How does that sound? So it's like you're now getting into whatever is afraid of. It's just the idea that the AI solution may actually end up writing itself to become better to the point that we're not even aware of some of the things that it's doing, that are sitting out there. So I'm gonna bring it back a little bit. Again, it kinda went down terminator lens of how often that gets, and it's kinda hard not to do that. What do you think about the scalability limits on that semantic layer? I know you're having or the semantic semantic modeling. What do you think, Steven? Yeah. So, look, I I equate to to semantic modeling a little bit to to kind of the the the lineage story. Right? So in the past, lineage and understanding the relationships of data, which is kind of how I look at semantic modeling, right, and how they relate to each other, it was very complex from you have all these different coding and transformations and ETLs and so forth. And so there's tools in the marketplace, obviously, that try and do to to do lineage, it's very complex. And it's really cool stuff when it's on a smaller scale, Chris, to your exact point. Right? I can understand the model, and I can understand, you know, five or six different applications and the data flows between those five or six data applications, and I can even do that maybe from from column to column level. So when you talk about semantic modeling, I think it's very similar, but we're in a new age of of having new tool sets, see a point, to help with that. So I don't get concerned anymore around the scalability of the semantic modeling for a couple of reasons. We don't hear Steven. Chris, can you hear me? I can hear you. Okay. I will yep. I've got good connectivity and everything. So, Priscilla, can you hear me still? Or oh, Alright. Malcolm? So So maybe. okay. I'm gonna keep going. Sorry. So on the semantic modeling capability, I think it it it was very similar because, you know, we've been doing semantic modeling forever. Right? It's just become popular because of the contextualization of AI. When you when in the past, when you had semantic models, you got to a certain scope and scale where it became too complex and you couldn't just understand it. Right? But you had to you had to understand it because you had to visually look at it in some cases. And, yes, there were tools back then and so forth. But now with the applications that we have, if I can just go into a prompt and be able to understand this humongous semantic modeling that's sitting in the back that has 15,000 nodes of semantic modeling across all these different applications, and I can natural language query this to understand a business problem and say, hone in on the specific areas to solve this outcome. I I think we don't have that scalability problem as much. Now that said, we haven't perfected all this stuff yet. Right? And I think just having a tool doesn't do it either. You have to have a framework and a process to go along with that tool so that you actually understand what is the semantic modeling, what are the benefits out of it, why do you wanna create a semantic model and and align those to your AI projects, and then go and execute it at a specific use case, and then can build the next use case and call it a factory, if you will. And as you build multiple use cases, you have this foundational semantic model that you now build these external nodes or these exception nodes for every use case that you that you come into play. So that's my long winded answer to say that I don't have as much concern about scalability of the semantic model that I did maybe five years ago before we had all these tools that that humans can actually go and query these very complex environments and get answers out of them. Yeah. Yep. And, I mean and that's the that I guess that's probably the piece of it. Right? Some of the, quote, unquote, magic, I'm gonna say that, of AI is beginning to kinda wear away to understand that there actually is more exposure into how some of this is actually working, what is actually happening behind the scenes. For the longest time, it was kind of a a black box, and we're starting to see where it's actually there is logic that's being used. Now how all of it's being used and what should be there, totally different things. I mean, there's all kinds of different caveats for this. Right? So people are saying, oh, I'm gonna standardize how the information gets put in, or I'm actually gonna take a look at it from, the back end performance and think about things like, you know, incremental refreshes on the data and and really be controlled in all of those things. We're going back to some of our standard practices when it comes to getting that scalability concept out there. That's just kind of the whole hard truth. And there is new ways. Right? And then we're taking those things and actually pushing them forward for the back end infrastructure for how things can work. Like, what have we learned here to now take backwards to the old school, which sounds super funny because it's actually just the foundation. So, you know, Well, that's it. Yeah. let let's take let's take a quick example. Right? So so there's a project that's going on that we're working on that has about 200,000, I did say 200,000, different terms that a customer has because they have many acquisitions and many divisions that they brought in. K. And they're trying to make an understanding of of the relationships of those business terms. And I'll I'll relate this back to security since this is a security conversation in a second. And and having those 200 thousands and be being able to build a knowledge graph of relationships between those different terms, if you will, and deduping and doing all the stuff that we do with data. Right? Because I think metadata is just as important as the actual data now, and and and more mature customers are building metadata hubs around this stuff. So as you go through and you build a knowledge graph and a relationship of all these different business terms and how they work together, just think about a customer, b to b versus b to c, all these complex definitions of a customer, which we could spend an entire day talking about that, but I won't, And building a knowledge graph, and then take that knowledge graph and now look at the business rules. We talked about regulatory issues before. We talked about security business rules before and overprivilege and stuff like that. And you turn those into a knowledge graph, and you relate those to the business terms that are critical to your business. And then you take the actual physical data that BigID can go and discover and link that up to that knowledge graph. Now you have this basic mind map that goes across what is the meaning of the data, the actual data itself, and then how you can use it with the regulatory. And you slap on a front end of a GPT. Right? You build an a RAD, for instance, internally on that knowledge graph. It does two important things. One, it gives the accessibility for anybody to query that natural language understand, hey. I wanna build this AI use case, and I wanna use these datasets. Am I in compliance of my regulatory issues? And, oh, by the way, is my security team cool if I do this because of my current permissions sets? Right? So that that's the that's the one key. I think just as important to me is as you build these semantic layers and you build these knowledge graphs and the relationships across your conceptual and your your logical and your physical layers, if you ask it a question that it can't answer, it will not give you an answer. Right? Because it's going off the knowledge graph in the back end and the relationship of those entities and those nodes. And so I think that's just as important. So as we go through kind of these security challenges and issues of people going and using AI and and agents and so forth, you want those agents not to do things that they don't know the answer to. Right? And so building this foundation of of semantic layer of automated data management, utilizing LLMs and knowledge graph and rags in the back end with a front end GPT is is is, again, why I'm just reinforcing. I don't I don't have a a concern around the semantic scalability of this. But I also if it's done in the right way, can reduce your security risk dramatically. And and security risk, I'll define as both accessibility, but also from security risk of people taking that information and actually executing on that information incorrectly because it's it's actually a hallucination that they're taking action on. Which I don't think has ever worked out for anybody in the real world, let alone in AI land. Right? So why would we ever wanna ask on a hallucination? I mean, not saying that from any kind of practice or anything. I'm just simply saying that out loud. Like, it's we all think that whenever we hear the words hallucination, you're like, oh, this is this doesn't make any sense. Why am I acting on this? But we never stopped to ask ask that question, which is, is this even logical? Like, does this even make any amount of sense at all? Nope. Never. So we're we're forty minutes in. Right? We've we've kinda covered a lot of, a lot of topics. Nothing like having a minor technical glitch to get people to to start chatting inside of the the the bot the bot land that we do have sitting out there. Any questions that you guys do have, definitely put them in there because we're gonna be wrapping things up here. Steven, the whole thing was all about AI risk, especially in 2026. Is there anything that we left off out there? Right? I mean, a quick rehash is agent sprawl, regulations and compliance, generally understanding the idea that data itself is is massively growing and then everybody's in a different spot in the how that actually works, sometimes in the exact same part of their business, but in different business units. We covered a lot. That sits there. Is well and, let's not forget, shadow AI because that's the the topic point in the in the deep dark recesses of our brains. Anything else that. you wanna make sure that we do hit on? Yeah. I I wanna talk about human capital for a second. Okay. Because when we talk about AI, I think human capital comes into conversation a lot with customers around, can I reduce my cost perspective by utilizing AI and replacing headcounts and all that fun stuff? I I think from a security perspective, I think human capital is one that needs to be really looked at with a with a with a microscope. What I what I do see is that people will say, well, we can just build our security rules now through an AI agent. So why do we need, you know, five different, you know, security analysts that's gonna lock down and field concepts of having a SOC and and and having all these different processes and so forth. I think what I see works really well in the marketplace is as you go through your AI strategy, not only from a risk perspective, but from a privacy and an execution perspective, Have conversations with your HR team. If you have a change management team, have conversations with them. If you have internal training or somebody that maybe HR is in charge of the training aspects in in in AI literacy and so forth. We have security training every year in most companies. Right? You go through an hour and you watch these people interact and do all this fun stuff on security. Why don't we have that for AI literacy so that people can understand it better? Because if they understand it better, you're gonna actually have more security officers, if you will, which is all your employees that are using AI. If you're talking to HR, you're talk to them about what are the training programs that we need to have, how do we redefine the scope of our job description so that as we go and we rehire people into positions that already exist, do we need AI skill sets, and do we need people that are more secure focused or security focused or privacy focused? Right? And and that may not be their core job, but it would be good to know during the interview processes, like, what do they think about this stuff? What personal training have they done? What past training have they done? So I think that's that's an important aspect. When you talk about change management, we had a customer that moved the the customer the CDP, right, the customer data environment from IT into the the AI environment. But there was no conversation around, well, how does that exactly change roles and responsibilities and accountabilities? Do we have the right skill sets into the new group to actually run a platform environment like that? Right? So I know I've said a lot of different things there on the human aspect, but sometimes we talk about the technology, and we don't talk about the change management perspective. We don't talk about the HR perspective, and we don't talk about the human capital that's required, that still needs to be in the loop, on the loop, or over the loop, because it's not just human in the loop anymore, to to execute these things securely and and safely. Yeah. For sure. And, that play kinda plays off of the the question that we do have in the chat, right, which is about the the echo chamber of AI and the concept that, you know, it can only train what it knows. Right? So does our ingenuity will it ever be replaced in that situation? And, you know, the concept is always to your point, Steven, is is the same, right, which is, you know, we never we never wanna talk in absolutes. Right? No one ever should be talking in absolutes because there's only absolute zero, and that's about it in science. And, otherwise, everything is a theory. So how do we work with the the concepts there? And and to your point, like, is is how are we adapting? How are we adopting the new technology, utilizing it, embracing it? I mean, there is a lot of conversations around that is that every part of every business can embrace what it looks like. And the kind of the working theory, feel like and and you can tell me I'm a 100% wrong with this, but the working theory is is that the more you embrace it, the probably the better off you're going to be in terms of security, in terms of general, you know, employability, in terms of where your career could actually go and and how your business is going to flourish, right, is is sitting out there, using it responsibly, understanding what it's designed to do, understanding how it can help you, understanding what it could do to technically hurt you. Their key components for general AI risk as a whole is don't leave this thing off in the dark and let it hopefully, it goes away. That that is the worst possible thing that you could do. But the human ingenuity, if you don't want to train AI on something, you always got pen and paper. Right? And as long as you don't take a picture of it and scan it in, you you know, you can keep some of those ideas to yourself for sure. So there's always that aspect of things because we do still need to make sure that there's some aspect of things that are creatively thought about, but not necessarily put into the world. So how do we do that? Yeah. Yeah. So so, look, I I don't think human identity is ever gonna be replaced a 100%. No. I think it'll be enriched by AI a 100%. I mean, I I mean, I think it's already enriched. Right? We we all have subject matter expertise that we've trained in for years, and yet you go to you you put something in a GPT, and it gives you a different perspective sometimes, right, that you might not have thought about just because of your own background. But think about let let's take I don't wanna end this conversation on Donna, but let's take cancer as an example. If AI someday solves cancer, it's not gonna be because AI solved cancer. It's gonna be because of the input from the humans that thought about what data, what different tests, what different approaches to then feed into the AI. I think AI will accelerate that, quite frankly, already has in certain healthcare and in many other places as well. So, no, I think human ingenuity will always need to be there. I think what we do need to do from a human perspective is just understand exactly where the human gets into the AI. Right? So we talk about human in the loop all the time now, but there's different concepts. There's human over the loop. So maybe we're not actually engaged, but we're sitting on top monitoring it. Right? There could be human over the loop, in the loop, on the loop, on the loop, which which means that you work in conjunction with AI so that it it goes through, and you actually have to click the button to go to the next step. Right? That would be kind of a human example. So bottom line, no. I don't think humans ingenuity will ever be replaced. I think it'll be enriched by AI, but not taken over for it. Yeah. The best the best way that I've been able to describe it and then I always think about this in the angles of, can I explain it to my my kids? Can I explain it to my grandparents, any of those things? It's not designed necessarily to replace, but it is designed to look at things in a new angle that you never even thought was possible so that you can then enhance yourself to think about it from that angle now too. Right? Continue to expand and grow, evolve how you think about things, and then understand it behind the scenes. That's always a big deal. So, anything else? Because otherwise, we're not gonna end it on a downer. I'm gonna end it on a little bit of a fun note because today is the beginning of March Madness. So any other things around risk at all? So so so speaking of March Madness, sorry. Now you've got me distracted. I I I have not had time to fill up my bracket. So, of course, I I want to use AI to do that. And and here's where human in the loop has to come in. So I asked her a question, like, fill up the bracket, and here's my parameters. Like, I wanna understand, like, the coacher coaches, like, who are the most winning coaches? Who's the most winning programs? So don't take just, like, the records into play or the or the seedings. Also take injuries into play because some of the major teams have had some injuries. Right? And so it spits out, and it's like, okay. Here's the four top teams. Of course, it was the force four number one teams with I think Arizona was was the one winning it all. And then I asked them a different parameter, slightly different. And so all the upsets that it had in the original prompt, it then changed its mind. And it's not because of the prompt I put in because I didn't really change the parameters per se. I just asked it for additional clarification, and I actually switched it switched them. So, like, which one am I supposed to pay attention to? So why you need. him in the loop. Exactly. I mean, I was just gonna say that just committed the exact human sin for anybody that has ever filled out a bracket and done all one thing on one bracket and then filled out another one and did the exact opposite kind of a deal, they literally just committed that exact same sin that you're literally told as you grow up filling out brackets, don't ever do that because all you're gonna do, flip, flop. is just be 50% wrong every single time. So congratulations. You're just guessing, which is what we're doing anyways. So that's, always good. very disappointing. I know. So so that was in Arizona. So that we're gonna end it on a fun note. Like, do you have a favorite? Like, you have somebody that's gonna win if you gotta put you gotta put the money down? Not that anybody's betting. But if you gotta put. money down, who's it gonna be? So so you can hold this against me, but I I I'm a Michigan fan through and through. Not not not because I went there, but because it was a school that I wanted to go to and never had the opportunity. And then my my father-in-law went there and just really got into the sports scene of Michigan. So I apologize to any Michigan State fans or others that are on this call. See. I mean, Steve, I think we're gonna get to go Dana I know why Dana is saying, come on, Steven, because we've had this Ohio State conversation many times. yep. Dana, I do own an Ohio State T shirt, long story, but it does burn my skin every time I put it on. Just saying. Yeah. I have the same story because I got stuck in Columbus because Steven knows that that's, like, the only place that I ever get stuck for the Ohio State. So, yes. As a Badger fan, like, I wanna say that that's the case. Definitely not gonna be the case. I think they're gonna upset a bunch of people, but I went Houston. I literally put Houston in, like, two different brackets. I don't like it. It's the I know you. call, man. I horrible. the human in the loop, dude. I know. I know. not they just they choke. Know. If they win, everybody's got it on recording. And if not, you guys can all message me, when it comes out that they got beat in the first round or the second round, whatever that is. Just definitely put that out there. As one final thing, feel free. Put in your pick in there, Dana. You don't get to put anything because we already know it's Ohio State. Like, that's, it. I. think Bill's Bill's sharing his whole bracket, I think. Alright, Bill. Oh, no. No. No. No. He's got it in there of of, like, how it's gonna pick at AI picks. There's, actually. an order out. Good. there. I didn't even know that, Bill. Thank you for sharing that one. I we all should go and read that for sure. As one final thing, feel free. Put in your favorite pick for today's madness, tomorrow's madness, everything that's gonna be going on here for the next couple of weeks. We all know everybody's got at least somebody, even if it's just your favorite color, because sometimes that's just how it works to be out there. Just remember, it's really hard to get in there below a specific seed, so kinda think about that one. Feel free to put that out there in the chat with it anywhere you want to. Steven, any final words? Otherwise, we'll wrap it up. No. So so I just thought of something. We should have an AI bracket of who's gonna win the AI race across all the different tools. That. would be fun. Or who's gonna buy who. Right? I mean, that probably wouldn't probably be a better thing. Mhmm. Yeah. I, mean. I I just I do wanna sincerely thank BigID for having me today. Chris, it's always great to catch up with you and and have a fun conversation like security and AI. I know some people don't think this is a fun conversation, but I do. Yeah. Me too. But I I don't mean that that makes us winners, losers. How about this? People that you can ask questions about and we'll come up with, hopefully, an educated answer for you along the way. Steven, thank you, obviously, for joining us. It's always a pleasure. You and I you and I have had some incredible conversations over the years, it's always good to do it here with a with an audience. For everybody that's out there, thank you all for attending. Please, we'll just wait a few hours. We'll have the recording. We'll have it posted. We'll go at BigID on that LinkedIn page on our website. I believe Ortega is probably gonna do the exact same thing on theirs. Be sure to follow both companies. Definitely come out here. Ask questions. We'll be out there. Find us. Connect with us on LinkedIn. Do all that fun stuff that sits there. Again, thanks, everybody, and, hopefully, your team will take it all the way.