#332 - Sponsor Spotlight - IAMONES

We want to kill roles, and we could want actually to kill any in between layer who's trying to translate the word of entitlement into a business language because we think it's no longer needed. It's a good transition topic to move from administering the system to ask anything from a user perspective. So kind of I'd say, what is this capability and who would get access to it?

So our platform is designed to give access with visibility controls and then I'll talk about that how we ensure visibility or proper access restriction. It can be anything, can be the business users, they are typically lost and they always call an out desk and say I need permission to do something. And by the way, I would love to get everything that my friend has because that is actually what I have to do. They express their problem without talking about entitlement and application

name. They don't say I need SAPI, need Salesforce. They say I need to do what Johnny's doing. Well, minus that stuff that he's doing because, you know, I don't have the permission. That's the way it expressed it. So the primary persona that is benefit from that simplification are the thousands of business users that today are complaining that these systems are complex, that the entitlement doesn't speak the language.

And then you know what they do? They just call the app best they call the application owners or in the case of access recyclification, they say they just say, OK, click, click, click. Who cares? I don't understand it. Get get it off my back. So business user are the primary benefit of that. This is identity at the center if it has anything to do with IAM. This is the go to podcast now your hosts Jim McDonald and Jeff Steadman.

Welcome to the Identity at the Center podcast. I'm Jim. I'm without Jeff today, but I have a fantastic guest, Andrea Rossi from Yamonez.

And that's right, it's time for another Sponsor Spotlight episode. These special episodes are created in collaboration with our sponsor to delve more deeply into their viewpoints and specific solutions in the identity and access management market. To make this crystal clear, this is a fully sponsored episode. This allows us to provide you in depth insights and expert perspectives straight from the source.

And so like I said, we have Andrea Rossi from Yamonez, a conversational identity governance platform that we're going to learn more about today. Their website is Yamonez dot AI and they have a special landing page for you, which I'll mention several times during the episode. Yamonez dot AI/ID A/C Andrea, welcome to the Identity at the Center podcast. We're very happy to have you. Thank you. My pleasure. So our mutual friend Marco Venuti taught me the

pronunciation. How close did I get it? Yamonez. You're perfect. And yeah, say it. Yamones or Yamones you can. That's a right pronunciation. OK, So what are all the other pronunciations that you hear? Because I mean, honestly, when you look at the name, it looks like I am ones, right? But that's that's not correct. Yeah.

You know, there is a reason for the name we picked, but it's, you know, basically all you want the customers and clients and partners and the ecosystem to remember is that your name is not easy to pronounce, so it becomes stickier. So sometimes they say I am once, which is the typical reading point from an English standpoint or otherwise the Spanish say come honest like the prosciutto or the hen.

So it's just the name that you can pronounce it actually the way you want as long as you remember there is a company that does interesting things. Yeah, absolutely. So again, Yamonez dot AI/ID A/C spelled like IAM ones ONES. And so if you go to that direct link, it's a there's a special offer that Andre and his company have put together $5000 off a

subscription. So if it's something that you're going to explore after this podcast is over and after you've heard about all the great things they do, make sure you go to that link and get your discount. A little bit more about the name

because I don't want to freeze by this, but Andrea, how did you come up with the name Yamones? So when we created the company, you know, I have the basic rule, which is even before establishing the company, you have to find a good name and the name has to mean something to you. So I decided to put together MY2 passions in that name. The first one is Identity Access Management, because I've been in this domain for 20 years. I founded a company called Cross

ADS and then sold to IBM. So I've seen all the original sense that I'm trying to fix today. And the other part of the name is, you know, I was born in 67 and I was born and raised with punk and punk and rock'n'roll. So the other part of the name comes from the Ramones and that's why the pronunciation is Yamounse. And why that name? Not just because I love that band that created punk rock, but because the Ramones took a boring genre sort of rock'n'roll.

Songs lasting 7 minutes, complex lyrics and made it fun. Songs were one minute and a half and quite melodic. So what we're trying to do into the IGA experience is a lot like what the Ramones brought to rock'n'roll. Fast, fun and simple. Yeah. And I'll tell you the this space, the IAM or Digital Identity space is kind of famous for having unique names of companies. I remember the first IAM product

that I worked with was OBLIX. And we had to go and get business approval to spend a lot of money to get OBLIX and implement it with a equally funny name system integrator at the time that no longer exists called Entology. But getting all of that money proved when you don't know the name, it can be interesting interplay. But that's what you've got in this space. I mean, some of the the most famous names that exist out there today, if you if they weren't famous already, they

sound kind of funny. So, but I'm thinking about the Ramones. What was their most famous song? Well, the most famous song was Blitzkrieg Pop, which most of the people don't know by that name, but the Hey ho, Let's go slogan inside it. So that was for sure the quintessential famous Ramones song. And and that's basically the song that everybody knows not even knowing. That's it by Red de Ramones. So I, I have to admit I cheated a little bit.

So I, I was expecting you to give that answer, but I also saw another song, which I remember called I want to be sedated. And I also saw another song called Gabba Gabba Hey, and I wanted to, I mean, it seems like that would be a perfect fit. Gabba Gabba kind of sounds like yadda, yadda.

It's, you know, language. I think what you're doing is bringing the large language model to a traditional space like identity, governance and administration. So what do you have to say about that? Well, yes, Gabba, Gabba A, it's actually the first presentation that we had. So when we got out of stealth, we went out the Koopinger and Pole EIC event to believe it was June last year. The company's very young. We basically exist since April last year.

And my first speech was Gabba, Gabba, I am. And it was an attempt to say we're disrupting something with conversation and with simplicity. And yeah, we say that we use large language model and we'll get into that. But essentially we are allowing to conversate with the system rather than programming, coding a system to do what you want to do. And that's the, you know, this type of simplicity and ease of use that we're trying to bring into this very complex domain of

IGA. Yeah, so that's starting to get us to the elevator pitch, but why don't we get right to it? What does your monies do? What makes the product unique? So we essentially are unique on two aspects. First of all, every interaction that a business user and auditor and I am an administrator, a third party is the only way to access the system is just by asking question, any question in your mother tongue. As we say, it doesn't have to be in English, can be in any language, even dialect.

So for the first time, the UI adapts to you, rather than you having to adapt to UI where you don't know exactly where to navigate, where to click, what label is right. That's the first thing that sets us apart. The second part is we went a little further because I think that this conversational UI will become the standard in software industry 12 months from now. So we made another thing.

We said we also want the system to be configurable or to operate according to natural language instructions. So you tell the system as we speak this operational duty policy, it's that permission, if it's with that permission for that department, then there is a risk which is made this and that. So it's like explaining what to do to a human and same applies for anything in the platform. And that's a configuration of how the system, the amounts identity brain resonates on your data.

And what I mean by your data, I mean the data that are represented by user account permission roles, a bunch of data which is sitting on Prem and legacy application that we are able to augment and you know give Life, OK. See, you say you augment that legacy IM application, you don't replace it. No, no. I think that clients have gone through blood, sweat and tears of implementing provisioning. OK, you could call it IGA

identity. But they, you know, I've seen plenty of clients they've gone through very painful implementation of connectors with unders of application. And maybe when it comes to security controls or workflow they do very little, but they spend a fortune integrating. So it would be stupid to say don't reuse that stuff. So we tap into the existing traditional platforms, I don't want to call them legacy, be the same .1 identity, save it.

And, you know, we take that data out, we enrich that data, and we make it available for, you know, inquiring and reasoning with the natural language that I just told you.

Yeah, you're taking all these AI tools and making them available to these, whether you want to use the term or not. I'll say the legacy identity infrastructure that's in place today. So obviously I think that you're the ideal client for you is a company that already has a identity system in place, an IGA system in place. Talk to me a little bit more about what is the ideal client for your moans. So the ideal client is a large enterprise that has implemented some sort of identity

management. Maybe you know they implemented Oracle IDM years ago, maybe they have gone through save point, IAQ 1, identity of savings or maybe they are going to more SAS version. But they have gone through a program of implementing IGA to some extent. So they have a platform where integration are set and we cannot meant what they already have. So for the time being, our target clients are large and

mature enterprises. And it's on your website that it, it's right at the very top says enter the age of conversational identity. And they feel like that's a pretty bold statement. It's what I think we all we all want to do, right? We're all excited about that possibility. I put a post on LinkedIn. It was actually a poll and I said, why isn't this there? And I got a lot of, oh, you know, yes, our product does that XY and Z. And here go to this.

I said every time someone would say this, they send me a video and then I go, and I mean, I, I felt like for the most part of seeing a lot of vaporware. So are we really there at this age of conversational identity? Well, first of all, conversational identity is a nickname we came up with because it's a we need to call the way we do, which is essentially a new softer stack with new ingredient and the new

ingredient is larger was model. We just we need to give it a name and initially we call it the generative identity. But then a partner here in Europe said, well, it's all about conversation. So call it conversational identity. And so we, we created that nickname because for us it's, it's our DNA. We had a very distinct luxury. We could build the platform

ground up with that ingredients. Most of the established players, it's hard for them because they have an engine which is built on traditional software, free AI and they probably are patching some use cases with a bit of AI. So we wanted to have our self qualified with the new branding because I think it's going to be there's going to be a refreshing industry, not just identity.

The software industry will be disrupted by a new way of building software application specifically in B to B. And there is a nice interview by the Microsoft CEO in chairman that basically says that where today a lot of business logic is are coded into code and it's a bunch of CRUD, read delayed updates into a database. All that logic which is now softer with rule based configuration where rules are sitting, maybe the database is going to be replaced by agents.

And I introduced essentially a mini larger language model that does a business function. But where are you used to have 20 developers to code that logic, Now you have one LLM engineer to does it in a week. You have other problems to fix, but you know the productivity it's phenomenal. I think I read this article also from Sam Altman that, you know, within their club there is the bet of who's going to be the first one man company at the billion dollar valuation.

Of course that a bit extreme, but but that's the that's the, you know, my my take on the on on. I went a bit too long into the conversation, but that's the nuance behind it. No, it's, it's, it's

revolutionary thinking and it's something that I think we're all wondering how's this all going to play out? Is this going to be one day we walk into work and we don't need 20 people, we just need one? Or is it going to happen over time and they're going to be an evolution into this? I think it's going to be more evolutionary.

I think that one person running a billion dollar company will come sooner than we think because a lot of roles within the company can be done using AI or large parts of our job could be done using AI. So why not be able to create a company that you know, makes those roles available to others. So I don't think it's that crazy. And then plus inflation of billion dollars will all be

billionaires here pretty soon. Yeah, and there and there is one of just just one side comment I think I heard one time that you know AI will replace all the boring tasks and honestly what is most boring than approving certifying entitlements from managers that don't like that to be done. So they would love to delegate to something that says, you know, follow my guidelines right in natural language and approve it for me. So we are exactly on a spot where AI can replace boring tasks too.

And that's why we think that IGA is well spot on to be simplified and rejuvenated. But what what we do or what is happening in the market? My, my son is a second year college cybersecurity major and I asked him, you know, are you learning AI? And he's very little, very, very

little. And I kind of feel like that is, has been the university model where it's kind of lagging behind where things are going by a couple of years and then they do catch up. But I said to him, I'm like, this is the area you need to focus on because your career will be using AI to get things done. And that is how you are going to differentiate yourself in this crowded marketplace. Even though we say, hey, there's a a lack of talent in this cybersecurity space.

There's a lack of knowledgeable talent, talent, right? People have experience. If somebody's coming right out of college, there are plenty of people who don't know what they do, don't know how to do it, looking for cybersecurity jobs. I think that for him and for other people who are in college, like that's the that's the area to focus on is AI. But we're throwing around this term AI and that's what I think it's happens in the industry so much as.

You know, now with 50% more AI, we joke around that it's kind of just become marketing buzz and creating like business intelligence reports. It's called AI. And what I think people, the general public think of with AI is what you're seeing starting to see more with like, you know, even Google searches and you think of with open AI, it's gone up to ChatGPT is this large language model, It's generative AI. You talk about the large language model. You don't talk about AI in that

generic sense as much. I'm like, is that right? I mean, are you looking to make sure that people understand this isn't just, you know, just like a veneer? Yeah, if you read to our presentation marketing material, we don't use the word AI because they were AI is over abuse. So we say we use large anguish Mara so which is a sub domain of AI. But it's the most interesting one because that's the that's that's the part that we really replace boring tasks that now Humana made and that we also

replace a lot of jobs. I know it's not nice to say, but that will happen. A lot of the interaction we have with clients, they are asking questions reflecting the way they are using that stuff today through Gemini or GPT, which is not the way we do. We use the ingredient to rebuild AB to B software stack and that's a new part that clients still have to to be adapted with understanding that they are B to B products will be rebuilt with a new ingredient and they will

become easier. So we are in the transitioning moment and will it happen overnight be moving to AUI where you just had things or system that can be configured the natural language? No, for a simple reason. The software market, we know with the UI done in a certain way, with coding done in a certain way as 50 years, but it won't take five years, it will take two years. So the revolution will be dramatically faster because you see and they are taken by surprise.

So university and colleges are taken by surprise, companies are taken by surprise. And so they try to stop the flood with one figure, say don't do that, don't do that. But in reality, it's so bloody convenient that it's impossible to stop. And I think that convenience wins, and what we do is just convenient. Right, I couldn't agree more. OK, I wouldn't really drill into

the solution. So we're talking about large language model for your existing IGA implementation. So as an administrator of an IGA system, I've got to do back end work. I've got to configure the system, create policies, excetera, create roles. As a user of the system, I need to interact and get things done. I might need to request access for somebody that works for me. I may or may not know the access. So those are the two areas, IGA configuration using large

language model and IGA user. And I think you call this Ask me anything, be a large language model. So first, I'd love to dig into the IGA configuration with large language models. So let's stick there for a minute. If we could, you know what is this and why is it helpful for the company that has an existing IGA infrastructure? So say that you have implemented your traditional IGA and you spent blood with blood, sweat

and tears. It's connected to 200 applications and you have a wealth of data, user permission request the roles that you have created in your legacy. Now out of the issue. It's really reasoning or doing stuff on those data and say I need to implement a very complex

separation of duty policy. I need to implement a very sophisticated security policy that tells me every permission which has been granted for less than two minutes and belong to a list of privileged permission and then the guy might also have another permission. These type of complex correlation policies are basically impossible to implement in traditional identity platform.

This is just the example of security policies which is again typically one of the things you would like to do with traditional software, but you can't. So in our case, you take everything which I said and you say, all right, so the security policy that I want to apply is if a user has this list of permissions out of this application and you name the permission and you name the application as you call them as they are stored in the database

as their name. And if you say if this permission has been granted and revoked and lasted less than two minutes, then it's suspicious. So these type of what I just described, it's a complex instruction in natural language that you give to us and we are able to reason on your data that we take and extract out of your legacy platform. That's a complex use case of configuration, a very simple one. It's enriching descriptions of

your permissions. So your permission out of SAP says was whatever are stored in save point, there's the permission name and then there is no description. Why? Because the application owners hate to contribute to description.

So imagine that in our platform you allow the application manager to upload their spreadsheet, their manual, the document where already have sent 10s of time, what that entitlement does and our system takes it and populate the data and that enriches semantically the description without you to wait a month and probably spend the under €50,000 of process

consulting and upload of data. So this is the simplest instruction, one of the simplest example of instructing the system to do something in natural language. Just upload a file name, description and the system crunches and Prisma like a human. You give that and say, all right, got it, we're going to do it. The other example of a security policy is probably on the more complex side of distracting it.

All these instructions in natural language are basically something that we funnel into our identity brain and it does the reasoning, combining these instructions with your data and your data coming from your legacy data. OK, there's no magic here. It's reasoning on data. Data is oil. And that's why we take your existing data and we are able to amend them with reasoning. And the two examples I I gave are just a very, you know, 2 simple examples of what we mean by configuring the system.

Yeah, the benefits are. Sorry, I think that's that second simple example. I mean, you can make a business case just on that. We need to do a data cleanup because you know, our our roles are meaningless. I'm just going to go and look at all of our roles that we have all of our entitlements and I'm going to have AI help me put together descriptions. And rather than asking you for a six month project to go through each one and go back to the business owner and ask him what is this?

And he says he doesn't know. And we go back and forth. I'm going to have AI tried to figure it out and give me some sample text I'm going to send to the business center and say this yes or no, you know, or. You, you, you might not want even to as the business owner. Business owner says, listen, I have this 50 pages PDF which I wrote three years ago. Nobody reads to it, but this has the magic of everything.

Now what we do through the digestion technique of LLM is to say, all right, we are able to read the manual, distill a description that fits into an entitlement readable on screen, and maybe do other magic, something like I'm an auditor, explain me that permission with my language. No, I, I'm the IM administrator. Explain me with a broader description and give me more technical background. You're right, honestly, today sometimes we start with, you know, we can do magic here and there.

There's a lot of value in augmenting cementing description of permission job titles roles because once they are described properly, LLM can reason on it. And that's the very simple and you're right, there are clients that are just mesmerized by the idea that you can generate description, summarize description out of manuals that have been sitting there for ages. And then they will start thinking the magic they can do on policy and securities.

We do it today. Sometimes you're limiting our capability because they say do nice to be true. Go one step at a time. Yeah. I mean, you know, the thing that comes to my mind is that all the things that excited me, that I talked about, the way you just talked about there with the manual, those things should all be done manually. Hurry, we can go through them

and figure it out. But why spend hours on these things when you could potentially do them in minutes and offloaded to the large language model to figure out? I mean, you go onto the web and you're thinking I'm going to research something the old way to do it. You start clicking through links and try to find what you where you can find good information. Now the first thing you get back is the summary answer right in Google that kind of like lays it

out for you. So why wouldn't you want to bring that kind of horsepower to your IGA system as well? I kind of feel like it's inevitable, right? It is going to happen and and I think what you're here to say today is that you can have you can have it now.

I think this is a lot of this about outcomes, right? You need to be able to make your system do certain things that you you want to achieve least privilege, for example, you want to achieve putting people in, giving people the entitlements that they need, nothing more, nothing less. And I think the industry's approach for a long time was role based access control. I you see it's shifting more

towards policy based access control. But again, to me, where the rubber hits the road is like how long does it take to get your system to do that and who can do it? Who has the technical know how to take the business outcomes that you want to drive and turn them into policies that this system can apply to the data to

get the to drive those outcomes? So talking about roles or Arbach or key back, I mean these are all the attempts to translate a very simple problem that we have in our identity governance domain. There are a lot of technical entitlements out of the different applications and they have all their cryptic names, no descriptions. And then there is a plethora of business users that are speaking

just a different language. So ICP transaction XYZ means placing orders for raw material on the user side. For ages raw was an attempt to bridge the translation gap and the principle of saying I'm going to aggregate permission and give it the meaningful business name was the only way available up until large language model.

The only issue out of that, and I think you know it well, we got the paradox that now there are companies with more roles than people and you say, OK, I don't get it. Roles were supposed to be a fraction of people. And now you, you you're sort of there's a role explosion that cost me millions a year to consultants who are maintaining reviewing that we want to kill that. That's an old practice. If we say if you have a proper

description in every business object attaching to your database in our, we call it temporary identity whereof and there is description for entitlement for roles, proper description. Now we can reason on that. And do you need policy? I'll be honest with you less and less because the system can say this is a guy from the IT department. No, let's do the other way

around. This is a guy from the marketing department and he has three permissions with a description that means marketing, and then one description that means privileged data administrator. It doesn't make any sense. You know, it's like if you read it, it says, you know, it can't be, it was a violation in principle. Is there a policy for that? No, that's one of the example of something that we get out of our platform and we call it a

coherence check. If a description doesn't match with your job function, I mean alert now that's not even a policy. It's the coherence check without any configuration in the old days. Well, policy click rules here and there. So we want to kill roles and we could want actually to kill any in between layer who's trying to translate the word of entitlement into a business language because we think it's longer needed. It's a good transition topic to

move from administering the system to ask anything from a user perspective. So kind of I'd say, what is this capability and who would get access to it? So our platform is designed to give access with visibility controls and then I'll talk about that how we ensure visibility or proper access restriction. It can be anything, can be the business users, they are typically lost and they always call an out desk and say I need

permission to do something. And by the way, I would love to get everything that my friend has because that is actually what I have to do. They express their problem without talking about entitlement and application name. They don't say I need SAPI, need Salesforce. They say I need to do what Johnny's doing. Well, mine is that stuff that he's doing because, you know, I don't have the permission.

That's the way it expressed it. So the primary persona that is benefit from that simplification are the thousands of business users that today are complaining that these systems are complex, that the entitlement doesn't speak the language. And then you know what they do? They just call the app best they call the application owners or in the case of access recertification, they say they just say, OK, click, click, click. Who cares? I don't understand it. Get get it off my back.

So business user are the primary benefit of that auditors. If you think about how much time auditors are asking, tell me about this, tell me about that. I want a report and you have these poor IM administrator folds that they need every day to strike data to create a new report, new columns, new stuff. This stuff is gone. You say, dear auditor, that's my system. Ask any question and also they might the auditor must say let me check if this violation took

place in the past. So auditor risk manager, security people having to control the posture are the, I would say the secondary benefit beneficiaries of this. But the reality also traditional administrator, once they see how to create a security policy, they will say, wow, I'm going to jump on it because instead of waiting a month and spending, you know, and avalanche of money, I can do it myself. It's my PDF, it's written properly.

And in fact, we say the PDF, the natural language is the new code. And I think that clients and consultants will have to pay more attention to what they write in the documents because they will write get it to the reasoning, you know, cycle. So, so that's the beneficial again, business user auditors for sure.

These are the two audiences that are screaming for just asking things in their language and the system to adapt and understand their language instead of adding the other way around where you need to make sure that you ask things in the way that the

system understand. So. So is your moon going to be smart enough to say, OK, here comes Jim and he is a business user and he can do XY and Z, but here's Andrea, he's the System Administrator and he can do everything A through Z. How will it know to you know to restrict that? Does it leverage the permissions that were set up in the legacy or is this something you train the system on? No, there is no training, and that's an important remark to make. There is no training learning period.

With our software, you plug into your data and in two minutes you're able to inquire them in nature or language and give natural language instruction. So how do we ensure that the

right people are seeing the right data and asking the right question? And I'll tell you more, we also need to make sure that tricky questions are blocked. So what are the attributes that we use to segment the visibility on data? And what I mean by data, I mean your IGA data that might be sitting on save point. And also how do you ensure that some questions like risk checking, security check type of questions, a business user can't

test them? We had to develop what we call an LLN firewall, which is essentially is an Ln model that does just the tasks of, you know, saying you can't, you can't ask this question or yes, you can ask this question, but just on the data, you're the finance department, you go there, you go here. So we call it LM firewall. And it's a crucial component for ensuring again, not just visibility of data, but now we're asking questions. So we need to make sure that we block some type of question.

And what I mean by some type is that the model can understand that you're asking a question about is John violating the least privileged policy? He understand that the part the question is about risk violation and the system can be configured again in natural language to say if the guy's a business user, then he can't test that question. Where do we take these attributes out of the IGA data?

Because there, there is always the job function, the department we can augment, you know, the tagging, but essentially the LLM firewall resonates on the attributes that we take out of this Eastern legacy. Yeah, that's important. I'd love to see kind of how that works in action. And I want to remind people that if they are interested in everything we've been talking about, they want to see a demo,

go to Yamones dot AI/ID A/C. It's IAMONES dot AI/IDC and got a code on there to get a discount, but I'm sure they'd be more than happy to spend some one-on-one time with you and set up a demo. I think this is all really great. One thing that I I kind of felt all along because when I look at large language model technology, I kind of feel like the back end is a big piece of that. It's a graph database. Am I under something or is that just not as important as I'm making out to be?

So the word graph in the word of AI comes out very often. So in the way we what we mean by graph. So where we store the data coming out of legacy system, we call it temporal identity graph. Why graph and why temporal graph? Because it's a design. The entities are users, account permissions are notes, and then there are relationships. OK, like a user has been assigned a permission. No, it's been revoked.

So all these are connections pretty much like a LinkedIn network or an X type of you know, I follow that person that has disinterest and stuff. One of the reason why graph is important, it's not much today on the LLM space because actually the data could be sitting in any database. You query them, you'll treat the data as a text and the LLM reasons on the output of the query to a database.

The value of why we have designed the data model to be a graph model, it's not for now, it's for the next AI ingredient we will be adding, which is not even on the website because we didn't want to sound too foolish. But you know, that's a bit of a road map. We're going to use another deep learning neural network model, which is not LLM. It's called temporal graph network and it does good prediction on an on a, on a time evolving graph. What is prediction for?

Well, this permission might be useful for that person. This permission it's likely to be added and that could be a risk as it happened for the other guy. So in order to make prediction on a on a time evolving graph

model, LLMS are not good. You need another AI ingredients, another sub domain or model out of this complicated word that too often people just refer to it as AIAI is an archipelagos of models and you need to pick what suits best to your needs and that's why you don't find much AI buzz worthy into our communication. You saved me from asking a question about the future, so we can put that off the side. It sounds like the temporal. What did you call again?

Temporal. It's temporal identity Roth a time of. It's basically because we store a timeline of information. OK. So that's where you're going. I did want to talk a little bit about, you know you talked earlier about the Yamon's sits as a enhancer to the existing identity infrastructure. So I think that's kind of key from a infrastructure standpoint or from a starting off standpoint.

So if I say, all right, this is something I'm interested in, they go to the website, your moans dot AI slash IDAC to get the demo, decide to buy it, then what? They start the one year project to implement it.

Now it starts 5 to 35 minutes project and it works this way. We have a piece of software which is non AI. It's called the identity Gateway and it connects to your data source. If it's a standard one like say .1 identity and so forth, we have prefined integrations. What that does, it takes the data out of your system and also start tracking, change events and store them into our temporal

identity graph. What I mean by our doesn't mean that it has to be on our cloud can be even hosted on your premises or your AWS Azure region that normalizing the data takes 30 minutes. As long as you plug into your system. Then the only other thing you have to do is go on our, you know, actual platform that you're going to get through the IDIDAC page and you activate your tenant 30 seconds and then get tenant will point to your

temporal density graph. So All in all, if you want to add conversational capabilities of inquiring your data, it takes 30 minutes, one hour depending on how much time you take to to connect to your environment. And then if you want to start adding instructions, maybe takes another one hour just to practice depending on the type of instruction you want to build. Data enrichment, super simple. You might already have APDF somewhere that you know as that

description. You upload it in the system and we do the magic of understanding and extending your data. For large enterprise, I'm assuming they they normally start with a pre production environment, test things out there, make sure that they feel like OK, we're safe and then move it into production and or then implement it into their production environment. Yeah, technically we start the pilot, call it whatever you want.

We basically tap into non production data that might be also anonymized or a subset over there, you know, large chain of identities. They subscribe to the tenant and we point the our SAS platform to that database that contains the data taken from the non production. And the day they switch it there, we basically point the reasoning to the database that has the copy, so to say, out of their production. Data.

So you have existing customers, yes. What are you hearing back from them? What are the benefits? And then how do they gauge their success? Well, you know at the moment what the clients are looking, especially the IM administrator people, they're just trying to get their business users off

their back. So now the measurement of success is given to you, the business user AUI where they just ask questions and they just get an answer without having to call the IM administrator that has to waste time or the application owners to try to translate those questions they have into into the right permission that might look into the catalog. So today it's all about convenience. And if you think about the reporting issue, so imagine today you have your business

user and they want a report. Well, if it's not there, you have to create it. And then they say, well, I want that extra column and you have to add that extra column with us. You say give me the list of permission belong to the finance department, Boom. Well, add me the department column, boom. Please reply in German because I have subsidiary in Germany. Oh period. So we the business user benefits from that because it's just just ask.

But the IM administrator get all the bird and following all the requests out of business user for stupid things like an extra report, an extra column, an extra language that's all gone. There's no longer the multi language UI is gone with large average model in our system. We also make fun, we ask questions in local dialects in Italy and Germany and the system replies in the local dialect, which makes the demo very funny.

But think about the company that has, you know, you know, our client in US, the first one who was on board. I think they have well Spanish, English and few European countries languages. How do you maintain a multi UI into Saypoint? That's what they have. Well, it costs for us, it's gone. So that's the biggest benefit today that clients are looking OK, get the business users out that they are back giving them something easy that they can play with.

Yeah, that's a benefit I didn't even think about. Like I, I guess I intuitively knew when you're talking about like language support for all these different languages, like, Oh yeah, well, AI has already taken care of that for you of like the open AI model. And so if you're taking that model and you're applying it, then you get it.

But now business benefit, if you have been having to maintain UIS the old way and multiple languages, I mean, that's no longer just have a problem, figures out who the person is, sends them, you know, and they start asking questions in the language that they know and it understands the questions. I mean, that feels like a revolutionary impact. I'm going to ask you a little bit of a fun question now because this, this, I mean, I'm feeling the benefit, but I'm

also used to using like AI for trying to research things and then getting answers that you'd later find out are made-up hallucinations, if you will. Do you suffer from hallucinations with your moans? The beginning, 12 months ago, the company started the technology well before we founded the company. That was April last year. Yeah, a lot. At the beginning we said, well,

LLM will do magic. So we take data out of the IGA legacy data, and we'll give a bunch of instructions, throw everything there, and the system will get it. No way, no way. Maybe we get there one day, but not in the coming years. So in order to prevent hallucinations because we were giving too much information, we said, well, let's make like the humans do just tell everybody to you have a bunch of people and you say I pick you because you're very good in reasoning on sets of the evaluation.

You're very good in relating natural language to data retrieval query from the database. And each one is a specific task. And with that street guard, guard rail, a lot of context and task specific. We have avoided evolutionation. Yeah, not avoided. I mean it's like bugs. You always have a minority of illucinations, but you know, at the beginning it was the problem now or it's happens, you know, one time every six months.

OK. And then it's easy to fix because it's like adding extra context and eventually making the guard rail narrower. So this practice of taking the big elephant and eating it bite by bite is going to become the standard when you develop business software application.

And it's essentially if you look at legacy or pre AI software stacks, components of code that does components of business logic, the new AI stack, it's those business components of business logic are nothing more than instructions or prompts,

guardrails given to an LLM. And what I mean by LLM, you know as we work across LLM, so we're not tied to a specific one, although today we use a combination of Open AI and Anthropic Sony. But you know, we are going to replace some tasks with some other LLM. Why we do that? Because these horizontal LMS, they improve and they become cheaper and faster.

So, but Long story short, the way to prevent hallucination is you give very guided restriction to Mini LLM, each performing a single task within what we call the identity brain. And the funny note is the guy who has developed that is my fellow shareholder head of AI. He's 24. He has no experience whatsoever to suffer. And actually that's what I wanted. Otherwise they just go back complaining about the good old days where you can programmatically do everything.

Yeah, but it takes six months. Interesting stuff. Well Andrea, this has been a really interesting episode. I want to remind people again Yamones, I AM ones dot AI/ID A/C For more information to take the next step in exploration on this journey. There's also going to be a lot of links in the show notes, including the link to that PCU that you talked about with Satya Nadella, the AI agents.

I think that's absolutely fascinating, and I think people can easily go down a rabbit hole with the whole AI agents and how things are going to be in the future.

Our tradition on the show is to end things with a later note. Andrea, you're in Italy, You're an Italian. Where? What city are you in now, or what are you closest to that we made know? Close to Bologna, which is the city of Ducati, Ferrari, Lamborghini. So I live in the mechanical valley. So as a softer guy, I'm in a beautiful place, but not the right one typically. Actually I live nearby, so I live in a town called Imola. It's spelled IMOLA, which is famous for the F1 racetrack.

There are two in Italy, one is Monza near Milan and the other one is here in my hometown Imola, so north of Italy, close to Bologna. Simple. OK, so here's my question for our later note is I I love travel talking with you, you love travel. It'll trip to Italy is on my bucket list. I probably would go somewhere between one week and two weeks long. How would how should I spend that time? I want to tell you, of course I

want to eat good food. I mean, that's going to be a mainstay and drink good wine and but I also want to not just go to one place and sit there for the whole time. I want to bounce around and really have the Italian experience. So what do you recommend? Well, first, I wouldn't recommend you to visit the big city because that's where you get the the crappy food. So if you're looking for good food and good wine, don't go to Milan, you know, maybe come to Bologna, the main city.

Don't go to Florence, go to don't go to Venice, don't go to Rome, go in the countryside. Then you might decide whether to experience more of a northern experience of Italy, which means just in the upwards Venetopia Monta, I mean the upper part where the cuisine is different. Or go to the South like Sicily, Pulia or around Naples. But definitely if you want to enjoy good food, don't go to the picturial cities because you know, you get average or well below average.

So there are a lot of places. Italy, it's food experience everywhere. And you know when you plan to come get you a ring and you might come and visit here. I mean, there are nice places here where I live and good food, good wine. Actually, the region, the part of the country where I live, Emilia, Romania, it's known for, you know, the prosciutto, and it's good everywhere. But here we are sort of well known for balsamic vinegar, for example. So I'd be your guide here, no

worries. That sounds great. What time of year should I come? Well, it's generally very hot in the summer. So I would tell you skip July and August. October is phenomenal. April, March is phenomenal as well. But you know, I tell you what this year has been specifically, we'll say harsh winter, not as harsh as upstate New York, but you know, not the mild one we used to know. But typically if you want to come to Italy over January, February, that's phenomenal. Most of the tourists are not

here. So again, really off the beaten track, January, February, right after Christmas or otherwise you come October, late September and that's phenomenal. That sounds like great advice. I'm very excited for when I make that trip. And you will be you and my friend. Our mutual friend Marco will be the first people I tap for sharpening the pencil on the itinerary. We love very close. Yeah, I I very much appreciate the advice and very much

appreciate your time today. Just want to go over a couple of things, which is again, yamones.com or, I'm sorry, yamones dot AI slash idac. You can also visit our website, idacpodcast.com and you can watch all of our episodes on idacpodcast.tv. Thank you everyone for listening or watching and we'll catch you all on the next one. Bye, bye. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like rate and review and we'll be back soon.

But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.