A hallucination can kind of be thought of as a, as a statement that's statistically probable, but factually incorrect. I, I, I like that. I read that statement somewhere. I was like, that's perfect way to describe it. Statistically probable, factually incorrect, right. And again, this is one of the reasons that people are building grounding systems around AIS like like RAG, because it's a safety mechanism, It's a security mechanism, like you
said, right? To make it more, make the answer more reliable, make it more accurate. It's certainly a concern for us as we were, as we were building the product, building it into our product. And it's also why you see disclaimers like on chatbot systems. It's like, hey, LLMS can make mistakes. Please, please verify your answers because hallucinations are and will continue to be a problem even with grounding systems around around, you know, the, the implementation of these.
So yeah, I think it's, I think it's a great question. Are hallucinations the the biggest threat to the success of an AI right now and trying to put guard reels around it so that you're not giving incorrect information? Or is there something else that keeps you up at night? This is identity at the center if it has anything to do with IAM. This is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity of the Center podcast.
I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? Not so bad yourself. I just living the allergy life man. Even though we've we've gotten to the point of daylight savings time is over and temperatures are getting cooler, my allergies just keep getting worse. So if it sounds like I only breathe through my mouth, that's why. Well, yeah, if you could just not breathe and make sure the audio quality sounds good, that would be fantastic for me. Yeah sure I'll I'll die mid episode.
Well, today's special episode because we've got a sponsored spotlight and we're joined by our friends from Strabacity. His name is Steven Cox, he's a Co founder and CTO. Well, welcome here in a second, but just to make it crystal clear, this entire episode is sponsored thanks to Stromacity. We work with folks like Steven all the time to try and come up with different entertaining shows around.
You know, there are specific viewpoints into the different things that they approach from identity space. So I'm sure people enjoy it. We've had actually Steven on before in the show. Steven, you joined us way back in episode 112. So welcome back to the Identity of the Center podcast. Thanks a lot guys. Yeah, it's great. It's great to be on. Always enjoy talking with you guys and, and I'm proud to have been #112 on your on your podcast. An early supporter, we appreciate it.
You were with Trivacity then, you're still with Trivacity now, and that website is Trivacity dot AI, so make sure you get it out there. STRIVACITY dot AI definitely encourage to be able to go check it out. But why don't we start sort of at the very beginning, you know, tell us about Trivacity and give us a refresher on how you got into the digital identity space. Yeah. So I've been in the digital identity space now for, gosh,
about 10 years. I came from a sort of network and endpoint threat detection background. I worked in that space for a number of years. I've been in cybersecurity for probably about 20 years now. I joined about 10 years ago, I joined a company that your your listeners are probably familiar with secure auth with who is now my Co founder of Trivacity, Keith Graham.
And so I focused on, you know, workforce identity management and customer identity management at at secure auth, which, you know, informed a lot of my, you know, my current beliefs around customer identity platforms. So, yeah, that's kind of how I got my start on, you know, in, in, in this space. And you know, Stervacity is a, is a customer IAM solution. We got started in about 2019. So gosh, we've been going about
5-5 years, 5 1/2 years now. So we're focused on the, the customer identity problem end to end, right. You hear lots of, you know, lots of terms thrown around this space, customer identity, consumer identity, but fundamentally like we're ACCIM solution and that's the problem we're we're interested in solving for our customers. So what is it about your guys's approach to the consumer or customer because we're talking Siam, right?
CIA am here. What makes you guys unique because I think that's the question that I always have for for folks in the space. OK, well, you know, there's lots of solution in the space. How are you guys different and how do your customers measure success with the, you know with
your products? Yeah. So there's a couple things I focus on when we talk about differentiation, You know what, what sort of, you know, brings us out from the pack and and the and the three things I like to really talk about are are architecture, our capabilities and our focus on on customer experience. So in terms of architecture, you know, we spent a lot of our early days focused on building a platform that could scale with the unique needs of customer identity.
You know, as we are building, you know, we kind of set some, some design principles out to, to help guide us, you know, and those principles of have evolved over the years, of course. But you know, I can give you a high level kind of what we were thinking. You know, one of the, one of the big ones was like going after the cloud hesitancy problem, right? They're, they're, you know, this is less of a problem than it was now than it, than it was in
2019, but it is still an issue. And it centres around that hesitancy of organizations to move certain types of data or systems to the cloud for a variety of reasons, right. We learned a lot about this in previous experiences before servacity. So we wanted to really attack that head on. Another thing we sort of observed previous experiences was that CIM projects were sort of excruciatingly long and laborious, you know, kind of often for the wrong reasons. And we wanted to sort of go
after that problem. You know, customer identity has some unique requirements. It requires you to to move quickly, to iterate quickly as sort of customer patterns change and you discover new customer patterns. We wanted to bring the whole customer identity journey under the umbrella of a single platform, right? Something that had not yet been achieved in 2019 and arguably still has not been achieved or only been achieved by us, by us
today. And you know, sort of sort of goes along with that are are things like brand management, which was sort of horribly broken until we came along. So you have these, you know, you have these orgs that are sort of brand of brand organizations, you know, have a sort of a parent company and multiple sub brands. That's a challenge we run into. So yeah, so we developed an architecture that takes these challenge into into account, right? We're built on Kubernetes.
Our platform scales with demand. It can be upgraded using rolling upgrades, which means no downtime. You know, each of our customers, and this is a big point, gets an isolated instance of our product, right? We call this isolation by design and that's really what we're what we're doing to sort of address that cloud hesitancy issue, right. It also helps with sort of data sovereignty requirements. But we believe this is sort of superior to multi tenant architectures.
And then orchestration, we have an intrinsic orchestration capability that's tailored to the customer journey runs in a serverless environment and then everything is protected by a sort of role based access control, right? So, so, so that's sort of the architecture differentiation in
terms of capabilities. You know, as I mentioned, we're sitting here today, we're kind of the only solution that covers the full spectrum of customer identity needs right from a single product, single admin console. So if I put on my marketing hat, you know, I would like I say things like, hey, we can handle customer identity from sort of registration to the right to be forgotten, right?
So the sort of beginning to end. And so you know, our, our capabilities cover things like registration, self-service, adaptive auth, identity verification, consent management, fraud detection, right. And then in terms of customer experience, you have to think about CIM systems as fundamentally workflow or journey systems, right? You, you have to build a whole layer on top of that IM tech around generating flexible flow based UIS for customers to interact with.
So we think we've done a pretty good sort of differentiate job and sort of making it really easy to do this. So how do our customers measure success with the solution? It's a great question. I love, I love that question. There's, there's kind of two areas that I would focus on here. 1 is time to value, right? We, we talked about sort of
deployments being long. This, you know, this is time to value is largely focused on things like deployment, sort of set up of the solution, things like customer journeys and sort of the migrations of of users, right. And the other is sort of ongoing KPIs around things like adoption metrics and customer engagement. And this is something where we really differentiate with our, with our dashboard, right? So, you know, you've got to make that really easy.
You know, we, we can report on a cup on a few dozen different metrics, you know, across things like conversion rate, you know, how many visitors are actually converting into registered users on your platform, engagement rate, like how are your users? Are your user base sort of coming back every month, right? How long are they taking to register from the moment they click sign up to the moment they're redirected back to the customer portal? So these are things that you
have to report on, right? So that so that they can your customers to sort of take those KP is back to their their management team and sort of show that they're, they're doing a good job, right. So let me ask you a real basic question because I feel like sometimes there's just double in the details. Is there a difference between consumer IAM and customer IAM or they really the the same thing?
Yeah, there is a difference. I would say it's like a Venn diagram, right, where there's where there's overlap and there's and there's separate, there's separate capabilities, right. So a lot of the sort of fundamental IAM technology underneath, you know, things like federation, you know, open ID connect SAML, those sort of basic, you know, text are, are certain certainly within the middle of the Venn diagram between customer identity and
and, and and workforce identity. But when you get into things like sort of customer metrics, you know, like how long is a user taking to register? Are you getting people that are sort of registering and walking away those there, there's not a whole lot of overlap there, right? Those are very customer specific metrics and those are things that, you know, you're sort of marketing team wants to know that your users are converting, right?
That your users are making it in, in a, in a, in a workforce environment, you, you kind of have a, a captive audience, right? Like they're, you know, you're not going to have somebody that sort of refuses to register with the workforce, you know, access management system. And so there's a, you know, that there's that sort of where the, the sort of the, you know, on the outside of the, of the Venn diagram, you know what I mean? But yeah, it's a good question.
Yeah, Steven. So I thought it was real interesting that our, our conversation started going down this kind of marketing track because, you know, big thing I wanted to talk about today was AI, of course, but even before that, it's just the topic of identity security. And you know, we had this episode scheduled for several
months in advance. I've been in communication with Keith. And then just recently Gartner kind of identified you guys in the, in the paper, it's called emerging tech, tech landscape for startups and security software. And there is a digital identity column, if you will. And I think it's interesting because I'm I'm still not sure what is the difference between digital identity and identity security. I think that's maybe an episode for the future.
But what do you think? It was about Trivacity that made Gardner sit up and take notice. Yeah. I mean, so Gardner's been talking about us, you know, for, for a while across a couple of different areas, which is kind of interesting. Journey time orchestration is 1 where we've appeared in their research because that's a capability of our product, you know, sort of fraud and risk is one because we, you know, we have some fraud controls.
We have things like identity verification and user experience, right, which is going to something that's going to make us stand out because it's, it hasn't been a focus of a lot of our, a lot of our competition. And also, you know, we're, we're, we're one of, you know, a small number of entrants into this space in the last five years that's taken significant investment, right?
And, and especially 1 that's focused on the, on the customer identity problem and has made sort of, you know, customer traction, made some significant customer traction into, into this space. So I think it's great that they're taking notice. I mean, it's helping us with brand awareness. It's very crucial for our
company, our stage to have that. And it's also kind of a sign that we're, we're probably getting things right, you know, from, from from the analyst point of view, you know, and in terms of sort of other, you know, other analysts activity. You know, we actually debuted as a leader in the Forster wave for CIM in 2022, which is just absolutely unheard of. Like for an, A, a start up to sort of debut as a, as a leader, you know, we were one of the only three leaders #2 after
Fordrock at the time. There's another way of doing soon, I think. I believe. We believe it's going to be sometime in December. So you know, Gardner doesn't have a magic quadrant specifically for CIAM. But you know, like I mentioned, they're talking about us, you know, across other areas of
research, which is great. And if I'm going to be, you know, if I'm going to be self-serving, you know, I'll say that, you know, such a young vendor debuting as a leader, you know, again on Forrester is just, is really a testament to the, to the strategy and just how good our product is. You know, I think you know our architecture, our breadth of capabilities, our focus on customers experience is really what's behind the interest from from the analysts. Yeah. So you talked about the
isolation by design. I think that's just really interesting, but talk to us about why that's important from a identity security standpoint. Yeah, so I, I came from an incident response background. So I, I worked in network and endpoint security for a company called Mandiant, probably heard of, you know, later acquired by Google and you know, I sort of saw the the, the worst of the worst of, of breaches, right.
So when you know you're asking a, a large org, you know a large financial institution, a large healthcare business to sort of move their their data to the cloud, you better be protecting it, right? So one of our sort of fundamental design principles was we're going to, we're going to give an isolated instance of our product to each of our customers, right? That means that means that if one of our customers is breached, the blast radius between one customer to the next is, is null, right?
Like there's no, there's no shared infrastructure, no shared keys, databases, services between any two of our customers, right? And and that's, that's absolutely critical in customer data, customer identity, because you're storing, you know, sensitive customer data, you're storing passwords, you're storing MFA, you know, MFA credentials like this is really, really sensitive data that you're storing. So you have to sort of take a really strong security, you know, posture with how you
design these systems. There was a LinkedIn post that Jim actually made about why I am tech companies aren't really getting into the generative AI space of their products yet. I think it's going to be a little bit dated, Jim, no offense, because I think we're starting to see it more out there. But what? And you responded back to that, like what prompted that response back? Was it just familiar with Jim or you're like, oh, hold on a second buddy, you're way off
base here. Well, I mean one, I, I do like you guys. So I, you know, I, I do. We'll get you everywhere on the show. Yeah. So, so that was certainly one, but I don't know it just it, it was interesting. It was, it was during a time when we were sort of deeply pondering that very question, right. So I sort of struck me as a very relevant question from from Jim, kind of considering where we are in the space, where we are in sort of the development of AI, you know, where we are in the
identity space. You know, every sort of product leader right now is having to make a decision as to whether integrating, you know, generative AI and into their platform makes sense, right? And, and, and IAM products are no, are no different, you know, than that. So that was kind of the reason. Jim, Jim, you wrote this article and I don't want to leave people behind. So you kind of give like a gist of it so you can catch people
who are listening or watching. Yeah, it wasn't really so much an article as much as it was, you know, a a true question. Like it seems like every product is now baking in AI. But in the IM space, at least, what I'm seeing is, you know, versions of AI are more big data analytics, machine learning. They're not generative AI like what you get when you go out to open AI or, you know, Gemini or something like that.
And, you know, I throw this one back to Steven because, you know, is that what you see as well? Like there's a difference between machine learning and big data analytics and AI, right? Yeah, I think, yeah, definitely you need to stick, take a step back and and and sort of think about like what is the intersection between AI and ML,
right. Like the media often gets this wrong, as you, as you've likely noticed, you know, and I think I think the way to position is that, you know, AI is just sort of overarching term of which machine learning is a subset, right? It's, it's correct to say that ML is a form of AI, but ML has been sort of historically focused on finding patterns and data and getting smarter over time so that you can make decisions on what it finds and
protects. So if you think about ML, we've actually like, we specifically Stervastity has had it in our product for a number of years, right? Specifically around the behavior analytics problem. So let's sort of watching behavior, user behavior detecting when there's an anomaly, you know, sort of making access decisions based on that. And to be honest, like this ML based behavior analytics is, is
by no means a new technology. The first, the first UEUEBA vendors were got their start in what 2014? And I mean, that's an eon in, in technology terms. So it's, but it's also means it's very tried and true technology for, for, for what it's designed for right now. If you're talking specifically about generative AI or Gen. AI, that's what we sort of most recently added to our platform.
And what I think a lot of you know, product practitioners are sort of pondering right now as to what makes sense for them. You know, if you talk about Gen. AI as soaring sort of also being a subset of the overall AI space, it also makes use of machine learning. Gen. Gen. AI models are designed to emit or produce data versus simply analyze and, and classify data. But they also have other, other elements that sort of fall into
that bucket. You know, a good example would be like natural language processing, right? The chatbot aspect of of Gen. AI systems is a is a somewhat separate space and it's, you know, it's all about determining user intent. Or what they call grounding in the in the Gen. AI space. So you know, when you sort of couple a prompt that you're sending to an LLM with live data, right?
You, you, you might have heard this referred to as retrieval augmented generation or RAG, which is the way that a lot of products right now are implementing AI into their system. So, you know, we circle back, like I say, we've had ML in our product for some time. Gen. AI was a was a recent addition. I hope that was a pretty clear description of of how I see see them differently. No, it's great.
I mean, I feel like we can, we can really dive into this because we kind of joke all the time that this we should turn this into like AI at the center of the way the this is moving. So my definition of AI changed when I first saw the open AILLM sort of released and I was like, oh wow, OK, That AI before that really was like machine learning and sort of like behind the
curtains. And now all of a sudden we've got a text based interface at the time and now it's even voice that you can, you know, buddy up with and ask questions. Now, do you trust it or not? It's different. It's a different, you know, answer or a question. But did your definition or your thought process around AI change when you saw that or you'd already seen that coming? I mean. Oh, I mean 100%.
I mean, the, I was, you know, I was as I was sort of, you know, thinking about, you know, putting some notes, some thoughts and notes together today for, for the discussion today. I, I realized that chat TBT was only real was only released like in 2022. It was like 2 years ago. I mean, that's crazy that it seems like, it seems like it's been like 20 years, you know
what I mean? And so, yeah, I mean, I think I, I think I was just as shocked as as a lot of the folks in, in, in the technology space where the sort of power of these of these systems of 100%, it completely shook my, my, my understanding of the space 100%. So let's get more into that AI because you know, I mentioned the website Stravacity dot AI. It's literally in the name. What are what are some of the things that we can expect if I if I pull up trivacity?
Give me some examples of like use cases. Yeah. So you know, on the benefits, you know sort of like the benefits of pulling this into our product, there's a couple things that really just line up with how we have built the product from the beginning, right. What one of one of those is sort of lowering the bar, you know, of entry to, to IAM systems, right? We, we always say that you kind of, you don't need to, you shouldn't have to have a PhD in IAM to set up a customer journey, right?
And so, you know, Gen. AI makes a really good companion to work with as you're sort of configuring and maintaining your, your IAM systems. You know, things like context sensitive help where you're asking questions of an assistant on how to, you know, that AI assist on how to do certain tasks within the platform. Like, you know, we can tell where you are in the admin console. We can send along pertinent contacts and our docs to the LLM
to craft a very specific answer. Like, so hey, how do I set up bot detection? Or how do I change my password policy to be more restrictive? You know, like we can really help with context sensitive help, right? That's a, that's a huge, there's one thing we wanted to build for a while is constant context sensitive help. And Eugenia is a great, a great way, you know, to to sort of facilitate that interpretation of data is another one that we
thought was really important. You know, like I am isn't just about like MFA and federation, right? We can also generate a lot of data. It's often hard for less technical people to crock,
right? And you know, specifically in in customer identity, you know, where some of your users of the platform may actually be in fact customer service representatives, CSR's who are deeply technical in IAM areas, but they might actually be actively on the phone with a customer and they're trying to cut, you know, troubleshoot a
customer issue. So roll ups of these types of these log data of this customer journey data can actually be really helpful in getting to an answer quickly when a customer's unhappy, right? We can say like, oh, you're this user is struggling to get through the identity verification process or they're not able to finish their password enrollment, you know, those kind of things, right?
So that's really helping there. And then also like one of the things we wanted to really focus on and I think is really big benefit is, is sort of the guidance towards best practice
or optimization aspects. So, you know, there's a lot of best practice out there, password guidelines, adaptive access policies, you know, how you know, what if you could guide A-Team or a user towards improving their posture based on what they're actually seeing in the product, Specifically on the CIAM side, What if you could got a, you know, got a team towards optimizing customer experience or improving, you know, conversion rates, spice, what you're seeing in the logs, what
you're seeing in the data, what you're seeing in the, in the dashboard. So those are, you know, those are kind of those are kind of the focuses and kind of the things that you can kind of do with with our, our, our current AI assistant in the product. Yeah, I'm kind of I'm interested in in, you know, visualizing in my head.
How does that take place? So that last part that you're talking about where it's like, all right, I want the system can make suggestions to your client in terms of access policies or things. How does that manifest?
So when the user comes along and they're looking at a particular portion of the admin console and they ask a question, we do a form of retrieval augmented generation, which is RAG, which is just a, a, a really complex way to say that we take the prompt, we take the context of what they're looking at in the, in the admin console and we take a relevant section of our docs. And we send all of that to the LLM at the same time. And we say, give me an answer built from this prompt, this
context, and this documentation. Now this is obviously very, very simplified version of a complex thing, but that's what happens. And then the LLM has what it's what it needs to answer the question in a way that's very specific to our product and relevant to the context of what the user is, is, is staring at at that at that point in time, right.
And this is a very, this is a pattern that you will see in the Gen. AI space right now of people doing these, these rag based systems that are marrying a prompt with context, with documentation, with maybe stuff on the web, right? Open AI can do that when you when you ask a question about current events, it's going to go out and search the web, search news articles for relevant stuff and then give you a context relevant answer.
That is another form of rag, right, that that you're seeing Open AI implement in their ChatGPT tool. So it's a common pattern. That seems like a a really clever way to help with the security of the model itself and reduce the chance of a hallucination, right? I think everyone's kind of concerned about will the AI give me a correct answer and can I trust it? And what if it comes up with something to put you off the
wall? But it sounds like if you're able to limit the input into that model and have it just be based on your documentation, you know the chances of it going off the rails are probably a little bit, you know better for it not
happening. 100% and like, and that, and that goes back to the, the, the comment I made about grounding, right, grounding is, is, is a, is a necessary technology and sort of implementing Gen. AI systems, Gen. AI products, because basically what you're doing is you're, you're, you're closing those guard rails in a little bit, right And you're giving, you're giving an LLM more information to give you an accurate answer, right. And if you think about like, I love the hallucination topic.
I, I think it's AI think it's, I think it's great that you brought that up. I mean there's, there's been some really fun stories about that in the, in the media. And I think, I think it's really useful for, for, you know, your, your listeners to understand like what a hallucination is and, and why you, you need to understand why they happen. I, and I think if you, if you look at what an LLM fundamentally is, it's, it's, it's a probability machine,
right? I mean, I'll probably get blowback from your users for that simplification, but maybe it's better to say that they're sort of a, they're sort of fundamentally probabilistic in nature. So what they're trying to do is they're trying to figure out what the next word, character phrase is based on the context that they know about what you, what you've sent it, right? So, you know, a hallucination can kind of be thought of as a, as a statement that's statistically probable, but
factually incorrect. I, I, I like that. I read that statement somewhere. I was like, that's perfect way to describe it. Statistically probable, factually incorrect, right. And again, this is one of the reasons that people are building grounding systems around AIS like like RAG, because it's a safety mechanism, It's a security mechanism, like you said, right? To make it more, make the answer more reliable, make it more
accurate. It's certainly a concern for us as we were, as we were building the product, building it into our product. And it's also why you see disclaimers like on chatbot systems. It's like, hey, LLMS can make mistakes. Please, please verify your answers because hallucinations are and will continue to be a problem even with grounding systems around around, you know, the, the implementation of these. So yeah, I think it's, I think
it's a great question. Is are hallucinations the the biggest threat to the success of an AI right now and trying to put guard rails around it so that you're not giving incorrect information? Or is there something else that keeps you up at night? I mean, there's, you know, there's a hallucinations are definitely a challenge.
I don't, I don't, I think you can kind of especially when you're not, you're not sort of implementing what you know, what I would consider a public API, a public AI system like like ChatGPT. Ours is very specific to our product. So we can really control what sort of goes into it. But you have all kinds of other challenges like, you know, prompt injection is one, right?
Because if you know, it's not all that different than like a sequel injection where you're, you're, you're taking a prompt, you're formulating it into a larger prompt and you're injecting that in the LLM. And a smart user might figure out what the format of your prompt is and sort of break out of it in some way, right? And try to get data out of your system. But you can also put, you know,
a system like ours. You can also put guard rails further down the road so that you're not able to return or you're only talking to certain APIs that are read only. And you're, you're, you know, you're, you're putting some security guidelines past the LLM point within the product. So those kind of things keep me up at night. I honestly, I think the other thing that keeps me up at night is sort of the, the, the cost around these systems, right?
That's, that was a, the first thing, the first one of the sort of the first things that I thought about when, when we said let's, let's put this into our product was like, Oh my gosh, how much is this going to cost? Right? Like it's compute and memory. It's you requires you to sort of have specialized GPU heavy instances in the in the cloud.
And so you know that when you're sort of talking about large scale systems where a user, you know, where you know, you have customers that have, you know, 10s of millions of users, you know, a large portion of which login every month. Like are you are you being careful about how you're leveraging, leveraging the tech right with regards to large
scale deployments? You know, that's that was that was sort of a big worry for me, less of a worry now, but but was a big worry in the at the at the, you know, the the start. Yeah, you're starting to get into where I think the the big value and the big threat are. So I think the big value is being able to, you know, enable say marketing you brought up in the marketing example for business users to query the data so they can start saying, OK, well, how many people logged in
in the last 24 hours? That's one level. Another level might be now let's branch out into information that's on the Internet. How many people logged in in the last 24 hours from somewhere that is was raining, you know, and you know, so the, the concern it brings up is like, OK, how far can it extend? Could I, you know, what do I have to do to create security boundaries to make sure that I don't say, all right, what is my competitor doing on this system?
How many users do they have? And maybe I do that in some kind of like less obvious way, right? Maybe I know that my competitor is using this system. So I, I start asking questions like more at like an industry level, like what do organizations that are in my industry, how many users do they normally have? Things like how many, how much, how many times do people log in the last 24 hours for other organizations that are in my industry?
So, Mike, I think that's the real power would be to be able to ask, you know, reporting style questions that it could really think about and maybe you could even pitch a scenarios like, all right, well, if a hurricane took out power over the, you know, this large portion, Jeff and I certainly know that problem. How would that, how would that impact my logins? I, I knew this as I am, this is, you know, I can't really basically go as far as to say
how would that impact my sales? But maybe, you know, something like that. And then I think the, the big threat is the more powerful that becomes, the more security becomes an issue, which probably goes to like, how did you guys go about deploying this? Is this are you leveraging like the APIs of some big tech platform? Did you develop your own AI or like how did you build AI into
your product? Yeah. So again, we, you know, we we focused on isolation from the get go, right, which actually put us in a pretty good position for implementing this technology into the platform. So we are, we're leveraging an existing LLM, but it's local to our customer environment, our individual customer environment. So they get their own instance of our LLM within, within the customer within their own, you know, product instance. So we're not using a public LLM like open AI, right?
And as soon as you open that door where, you know, these systems are able to sort of go out to the Internet or, you know, go out to a third party system, you're, you know, that opens a lot more, a lot more risk than having a system that's sort of self-contained within, within our admin console within our own customer instance. It only has access to that customer data within within that instance.
So from in terms of like a, an isolation or sort of a, you know, securing a customer perspective, we, we were kind of already in a good position for that right in the way we wanted it to implement that. And there's, there's a lot of local open source models out there that are extremely powerful and well suited to RAG systems. Like what we like, what we built with Instrabassity, Everything else, you know, around it we built is custom, right?
The actual RAG implementation, you know, the user interface, you know, the sort of, you know, AI assist like interface we have in our admin console, things like that. That's all, that's all custom. But yeah. And then to to kind of like agree with the point that I was making where like definitely I think the things that you talked about a lot of power in that and a lot of benefit in having
contextual base help. But I think kind of that next frontier is, you know, just leaving it open to non-technical people to be able to query the the system, query the data. Yeah, yeah. And and that's, that's, that is something that we can do as well.
Like you can, you can pop into our account events interface and sort of ask like, hey, who are the, you know, tell me about the tell me about the users that have logged in today in terms of like where did they come from and, and what were they doing? And is there anything anomalous, right? Like you can do things like that, but it's, you know, it's obviously very secured, it's obviously very controlled to that specific customer data within that customer instance.
And we don't sort of allow, you know, you to sort of go like allow our system to sort of go out and query the Internet or, or sort of other external systems. And the other thing that's interesting too, is that, you know, we, we have role based access control in the product and we treat the LLM like any other subset of functionality within, within the product or any other sort of area that lets you get access to sensitive information.
So if you don't want certain employees or groups to have access to the LLM, then you don't give them that right in the in the admin console and they can't, right. So if you want to control who sort of has access to those, that's that's a that's a great way to do it is with RMAC. That was the question I was going to get into is like how you control access to either the LLM or what the LLM has access to. I think that that second scenario is a lot more difficult, right?
It it is yeah. And so if you think about these sort of rag based AI systems, they're kind of they're kind of chains, right? So you, you might, you might have multiple LLM calls, you might have multiple API calls, right? You might have a, a, a, a first date LLM call that's sort of like, Hey, what is this customer asking for, right? Then you might make a call out to an API, probably one of my, it's probably going to be one of
our internal APIs to pull data. You might get some context back. Then you might make another LLM call with that context to get the final answer, right. So they're, they're implemented as chains, but that when you implement them as chains like that, you also have an opportunity to it, you know, sort of introduce security restrictions at different steps,
right. So it's like, hey, yes, I am not going to allow any API calls that do a write or, you know, only can access this subset of APIs within our product. That that that's kind of the, that's kind of the idea, yeah. So Steven, where do you see, where do you see this being five years down the road? Like you said, two years since Chap GPT kind of hit the mainstream and look where it is already. I mean, five years might be, I might as well say, you know, in an eternity.
But where do you see this five years down the road impacting the identity space? Well, I mean, if I could, if I could send the, the the shrug emoji to your, to your, your users, I would. It's it's really hard to say. I mean, I think I thought you positioned it really well earlier when you asked like was it was it sort of, you know, was it sort of a big change on way, the way you think about things when, when Chad JP take him out because it it, it, it really
was. It's really hard to say because we're, we're constantly being surprised on what these LMS can do. I mean, generating like lifelike video and all kinds of, you know, crazy stuff like this and that, you know, the AI firms sort of keep bringing out their latest and, and greatest models, right? And they just keep out doing themselves. But I'll tell you one thing that. That really piqued my interest recently.
It's that the, the large tech firms like, you know, like Google, Meta, they're, they're, they're seeking out other sources of, of energy beyond the, the energy grid, right? So they're, they're talking about like obtaining access to nuclear energy or building their own nuclear, nuclear energy infrastructure. That's just insane to me. But it, it tells me two things, right? It tells me one, we're taxing the energy grid right now, it's not going to keep up with the demand of this of this
technology, right? And it's also, it's also a hint that the those firms are sort of acknowledging that, right? It means that they're acknowledging that, you know, any efficiencies that they design into these systems or the distribution of the compute of these systems, you know, pushing it down to devices or, or things like that is not going to, it's not going to keep pace with the demand, right? So that points, that points to, for me to the technology
reaching a plateau shortly. Because once you run into issues with resource scarcity, you know, it quickly becomes geopolitical, right? And you, you know, we, we all know, we all know humanity has done a great job at sort of sanely sharing resources and it's in its history, right? So but yeah, I mean, I kind of think we're only scratching the surface of this tech right now. I mean, like I say, ChatGPT came, like you've mentioned, came only out and, you know, two
years ago. Seems like seems like eons. I mean, that's nothing. That's, you know, I I would equate unleashing eon the world as, you know, equivalent to the the advent of the consumer Internet, the invention of the microchip, you know, the, the industrial revolution. I mean, I think it has that level of impact on the world. It's like I I can't imagine where it's going to be in five, 1050 years from now. You know, I mean, it's, it's insane to think. About mind blowing.
I mean, do you think that it's going to evolve so quickly that whatever governance is needed to, you know, keep it from becoming a dangerous weapon, that it's going to outpace that ability to govern it or that we will be able to govern it? And it's kind of a crazy question, but. It's, it's a tough question. I, I, I think it will probably outpace our ability to, to, to, to govern it, especially with the fact that, you know, you have sort of open source
capabilities around this. I think, you know, governments haven't really do done a good job at sort of keeping up with, with technology governments in the governance in the past. So there probably will be a crackdown at some point. But, you know, it just all speaks to more of like keeping, keeping the keeping the inventors of this type of technology involved in the, in the governance of this technology. But it's, it's, it's, it's going
to be a very tough problem. I think it's really going to, I think we're, it's going to outpace our ability to sort of keep a, keep a lid on it. Yeah, to get this through as any guide, it's difficult to keep up with tech. It just moves too quickly. Yep, Yep, yeah.
And I mean, and our elected officials aren't really aren't really sort of equipped to, to understand this technology at any level and, and sort of, you know, the the applications of it and the impacts of it. They'll get there, they'll get there. But it's, it's moving so fast
right now, you know? Going back to the power requirements, sounds like we need a a Tony Stark type person to come up with an arc reactor that we can stick into a data center somewhere and have it just power that thing and just be good. Yeah, I mean, I just, I to me, it was just insane to see the the tech firms sort of going after nuclear power to to keep their data centers running. You know what I mean? It's just crazy.
Microsoft's and, you know, Microsoft AI and you know, Microsoft nuclear like that is a that is a weird thought to say, yeah, all right, why don't we go ahead and wrap it up there? This has been, I mean, we could talk AI all day for sure.
I'm looking at this Trivacity dot AI website and you, you, you almost stole all the kind of the Thunder of the website because on the screen I'm looking at right now, you know, it's, it has like this little picture of access control, you know, settings and you got the AI assistance. I, you know, basically asking, hey, are these settings secure? Which I think is a really cool way to approach securing the
product, right? Especially you mentioned, you know, being able to train it on your documentation. It's like, OK, here's exactly what I'm looking for. And I love that idea of leveraging those AI assistants to help with that because I don't want to pick up the phone and talk to somebody. I want to do it myself, right? I want to be able to look it up and say, OK, click this, do this here. OK, good. Now I kind of get it. So it's a really cool example of how how you guys are approaching it.
You've got it. So let's talk a little bit about astrophotography because I, I did my first astrophotography just a few weeks ago. Oh, yeah. So I'm in the Asheville, NC area and we had Northern Lights basically come down as far down as we were. And that's the first time I've ever experienced anything like that. And it was almost invisible to, you know, the naked eye. But when I pulled out my phone and that's all I had to kind of take pictures.
All of a sudden I've got this picture and it's like Reds and purples are in the sky and it's, you know, 2 in the morning or whatever it is. I'm like, wait a second. I like, that's not what I saw, but that's what the camera picked up. And I'm just fascinated by this idea. So I started looking at it like, well, can I download an app or something to kind of, you know, capture this better than, than just the, you know, the iPhone? And so I'm curious because I think you're into the
astrophotography stuff too. I I want to get into this a little bit more with you. Yeah, yeah. So, you know, it's, it's actually something that I recently got into as well, like as in this year. And it's, you know, it's something I've I've I've wanted to, I've had a I've had a telescope for a while, like a nice one, but I've never gotten into sort of the like post
processing part of it, you know. And so I think one of the things that was sort of holding me up on it was, you know, some of these rigs that you build for sort of capturing deep space objects can be like incredibly expensive, like, you know, five, $10,000 if you really want to build like a really nice rig, But there's actually this really cool and something you might want to look into if you have an interest.
There's really there's these really cool set of like smart telescopes coming out where you can. They're not very big. They, you can sort of put them out, you know, in your yard and, and train them on a, on a, on an object that you want to record. And then they have an app where you sort of control it and, and capture images. And they actually can produce some pretty amazing images.
So they'll take exposures, like they'll take like 10 second exposures and you know, you leave them out there and maybe over the night you take 510,000, you know, 10 second exposures. And then they have stacking tools, right? So you take these, all of these images, you stack them together. You know, it does some crazy calculations on the pixels to decide what is noise and what is, what is image, you know, what is, what is signal And, and you get this beautiful image of
like a deep space object, right? Like, so like of a, you know, of a nebula or you know, of a, of a Galaxy, right.
And I, I just, I was, like I said, I was afraid from the cost requirements and I was afraid that I wouldn't like the post processing angle of it. Just, you know, because it's, it's, it's a whole new sort of technology to learn, but I, I love it. It's, it's actually another place that the AI has made an appearance because you can, they have these sort of AI driven noise algorithms that are that, that people have developed where they try to figure out like what
is signal and what is noise and sort of remove the noise from an image. So you can, you know, you can produce these visually brilliant images from a little telescope sitting out on your backyard because of, because of the way you're stacking the images and the way that you're, you're,
you're denoising them, right. So yeah, it's, I've actually, I, you know, I've spent like it's been a really, we've had a really run good run of the sort of clear nights here in Virginia. And I've been out, I've been out in my backyard like almost every night doing, you know, taking pictures, so. Well, that's the key, right, is light pollution kind of really impacts that.
So if you're in a in a rather remote area where there's less of the light pollution you're, you're more prone to be having to have better quality for the images, right? Yeah. And they they call that the, they call that the Bortle scale. And so it goes from, I think it goes from like 1:00 to 9:00, I think. But I'm in a Bortle 5 area. So I'm right in the middle because I'm right outside of a, of a major airport where I live.
So that you get a lot of light pollution from, but we actually, we go down to the Outer Banks. I'm North Carolina a lot I'm sure you're familiar with. And a lot of people don't realize that is actually one of especially the Ocracoke areas, one of the darkest areas in the United States. And it is one of the darkest areas on the, on the East Coast as well. So you can actually get Bortle 2, which is the second darkest on the Bortle scale.
So I and it having the little smart scope, you can, you can kind of take it down there. It's not, it doesn't require a lot of space. So like when we go down there, I'll, I'll, I'll take it down there and sort of put it out on the back deck and, and get some really good pictures because it's so dark down there. So from what I understand of Ocracoke Island, you take a ferry to get there you have to have a 4 by 4. You drive on the beach and pick your spot and you can camp or whatever.
A lot of people go surf fishing. So you go onto this island and you set up your telescope and your camera. Yeah, Yeah, you can do that, Yeah. I mean, Ocracoke, you have to take a ferry to Yeah, but there actually is a Route 12 goes. It's a, you know, a major road goes all the way down to the city of Ocracoke. But yes, if you go out on the beaches of Ocracoke when it's a clear night, you can see the, the Milky Way without any imaging equipment at all. And it's it's amazing.
Ocracoke's beautiful. If you haven't been there, I highly recommend it. So that's. That's what our ancestors did, right? They just looked up in the sky. There's no light pollution. Yeah. Yeah, We did a episode pretty recently with a guy named Nitin. He's the CTO over at Civil
Security and he rents part. He's in a group of people who rent AA telescope and Jeff made the the statement, which I thought was spot on. Like there's supposed to be an expensive telescope if it takes several people to kind of pull their money. To bring a trailer and everything. Oh my gosh, Yeah, yeah, yeah. Some of some of the, the, the Dobsonian telescopes are really big. Yeah. So they're, and they're actually less, less expensive.
I don't know why that is, but but yeah, they can be pretty big. But yeah, one of the reasons I got into the sort of smart telescope area was because it's they're portable. You know what I mean? You can, it can, it can pack down into a little box and I can just throw it in the back of my truck on my way down, you know, to the Outer Banks. So I had.
To look up the Bortle scale because I hadn't heard of that before, because I know I live in an area that's got less Royce provision and it looks like the Asheville area is around a three or a four. Wow. Yeah, pretty. Good. And I've got a mountain range between where my house is and the rest of Asheville, so it's even darker, so I feel like I'm
in a good spot. So if I, yeah, if I drive a little bit West of where I am, I can get to the Shenandoah Mountains and I can get some really good, really good dark, dark spots out there. But, but again, like even in a, even in a highlight pollution area, you can pull a lot of the light pollution out of the images in the post processing
part of of this. So there's people that take great pictures like out of Tokyo where it's portable 9, you know, So it's, you know, some of the denoising algorithms are, are pretty fascinating. You stack enough images you can you can figure out what's what's noise, what's light pollution and what's what's image you know. Of course you get those cool like motion ones across the sky right where it's. Like yeah, with the starting. Image and here's the only thing that's moved, right?
Yeah. And stuff like that. Yeah. So if someone wanted to get into this, what would be the beginner? And let's say it's me on the on my back deck trying to have maybe just a slightly better set up to do some astrophotography. So, so the, the, there's a company called CWO and they have a, they have a couple of scopes called the sea stars. And so there's like AC * S 30 and AC star S50. And they are the, the, the highest quality, sort of easiest beginner scopes that, that you can find.
They'll actually livestack with, they'll livestack the, they can livestack the, the images that you take while you're using the app. So you don't even really need to do post processing on your own, unless you want to throw something into like Photoshop or something.
They'll do the stacking for you. So you pop the scope out in the, in the, you know, wherever you want to, you want an image, you tell it, you actually can tell it, like what deep space object or what the moon or, or what planet you want to look at. It'll point the scope at that, it'll start taking pictures, it'll stack it for you and you get a nice little image on your phone and your, or your tablet. And so I'm a big fan, big fan of that company. What do you do with the pictures
that you take? I post them on Instagram and and and Facebook and, you know, share them with share them with my buddies. Wallpapers. Print them out. Put them on behind you. Yeah, well, maybe I haven't done that yet, but that that would be a good idea. You know, my kids also enjoy seeing what I'm doing and taking pictures off, so I share it with them too. Well, maybe Sea Star wants to sponsor an episode in the future. There you go. Yeah, stuff like that.
They'll appreciate the mention. It's a tiny little. I'm looking at the one right now and it's definitely a tiny little thing. It's much smaller than I anticipated it being. Yeah. Well, that's super cool. Which I think is probably a good spot to leave it with a product mentioned for another company. So let's get back to stravacity. Stravacity dot AI Steven, you, you've been great again. You know, I hope we can talk again in the near future. I really like what you guys have
done with the the AI assist. And so I'm definitely encourage people to go check it out. And I've been a big fan of what you guys been working on for the last, you know, couple years now. So it's been exciting to see that evolution, you know, happen over and I won't say it real time because, you know, a couple years is is a blink in the eye of a tech spot, but it's been really impressive. Thanks, I and I and I always appreciate talking to you guys.
I hear, I hear that you guys are like celebrities at conferences now and people walk up to you and recognize you and stuff. So I'm, I'm, I'm honored that you, you would have me on your on your show again. So I'm looking forward to the next time. Well, we appreciate that. Yeah, for sure. And definitely appreciate all the wishers to come up and and I try not to be awkward when I can do it. All right, let's go and leave it
there for this week. You can find Strabasi on the web again, Strabasi dot AI. We'll have links in our show notes and people can check that out. And then Steven, I'll put a link to your LinkedIn profile as well in case people have questions or maybe just want to talk about astrophotography. I'm sure, I'm sure you would appreciate either of those things. And as far as we go, we're on the web, idacpodcast.com and we got the YouTube channel going now, idacpodcast.tv.
So feel free to like and subscribe. Jim's shaking his head. Like make sure I get that plug out. But yeah, thanks for everyone for listening and are watching and we'll talk with you all in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.