This is identity at the center. Welcome to the Identical Center podcast. I'm Jeff and I am falling solo today. So today we've got a sponsored episode for you. We have these conversations from time to time with some of our partners in the industry to get some more insights into how they approach the market, maybe some of the technologies and tools and capabilities and thoughts and ideas that they bring to the table. So without further ado, let me introduce today's sponsor.
We've got Natoma, It's Natoma dot IDNATOMA and I want to welcome to the show for the first time, Paresh Bhaiya. He's the Co founder of Natoma. So welcome to the show, Paresh. Thank you, Jeff. Thank you. Really an honor to be here. Been listening to IDAC for a really long time. Really, really a big fan and I'm glad to be joining you guys today. Yeah. Well, we appreciate you taking the time. I know that you're currently in India, so it's like two or three AM is the time we're recording
this. So we're kind of joking before we hit record here. That's like, all right, it's the middle of your day. And so it's either uphill or downhill from here, depending on which way you want to look at it. I have no idea which way is going to go, but it all depends on how how the next 30 minutes go. All right, fair enough. Well, why don't we start with your background?
So one of the things we'd like to ask our guests the first time they've been on the show with us is how they got into identity. So I'd love to hear your identity origin story. Is it something that you chose or did it choose you? I would have to definitely say the the field chose me. It it's sort of both, but it definitely the field chose me. I mean by background, just as a quick background, I'm engineered by education was a software developer.
I was in secure networking, network security, wireless security, and I was working at Salesforce under the Seesaw organization. And that's where like, you know, cloud was the transition from like network security to cloud security and identity was like, you know, that's the next big thing and identity security is becoming big and somehow just
got into identity. And the next step from sales was was at Octa. Of course, Octa is identity company was PMM leading PMM product strategy for the new age products in a way. Having said that, I definitely agree the field kind of picked me as much as it was very concentrated effort on my end to go into identity. I definitely have to give a shout out to Identity at the Center. I've been listening to you guys for a really long time during my Twitter days, if you may.
When I used to run, I used to put on IDAC and go for a quick run, and that was some always. As I was thinking of Identity and Identity becoming the center of the security world listening to you guys, I felt like maybe I should really somehow try to get into Identity. But here I am. Well, I appreciate that flattery will get you everywhere on this show, so definitely off to it. It's a. It's a true story. Trust me.
I do remember even I had actually even at sales force I took and taken identity role or I was working under Ian's leisure. Of course everybody knows Ian and the identity ward was working with him and I was trying to get into the identity side and I used to listen to you guys and I actually leverage stuff that heard I heard on this podcast over number of sessions, so over the period of time, so.
That's super cool. I, I mean, that's very flattering for me. So I, I definitely appreciate that you're kind of coming on at a momentous time for us. So when this airs will have been around for about 6 years now, which is pretty crazy if you think about it. And I would have thought we'd have run out of stuff to talk about that like 50 episodes, but here we are. This should be, I think, episode 363.
You're kind of around there. I do want to talk a little bit about Natoma itself because I've seen some of the things you guys have working on. I met up with Mira and some others in Idanoverse recently and you've got a great team there that you're kind of working on this. But I want to give you an opportunity to kind of tell us about Natoma itself. So tell me, you know, give me the the elevator pitch for what it is that Natoma does in the market, especially for the identity stuff.
No, actually, Natoma, we basically help enterprises accelerate their AI adoption without really compromising security. And we really think of it as I was been saying, identity is at the center of security. So how do we really kind of think about all of that identity pieces as you accelerate AI agent adoption? How do you really make sure security is not compromised? And that means authentication, authorization, the access.
And we are going into a world of where these agents will start acting on behalf of humans, doing stuff on its own. And if you get into that part, you really want the right level of authentication authorization and that's what Natoma does really help exploit AI agent adoption, but security being that that amount there. I mean, it seems like it's a pretty good time to be getting into that considering the the way that a Jetta guy has really exploded recently here.
Yeah, I definitely agree to that. I mean, I don't know if it's the right time to get into it, but we are definitely at at that inflection point where you really need to make sure you have right security guardrails as you're thinking about. I mean, Gen. AI definitely changes the game in many, many ways.
And especially if you think about it, we've just been using from a consumer standpoint as enterprises start really adopting Gen. AI, be it for Productivity Tools, be it for like, you know, simplifying all the work flows that you have, it really, really elevates the game.
And if it if you're really thinking about, as I was saying, the world where these agents start operating and executing and planning for you, security, authentication, authorization, all of that becomes super critical tell. Me about the name Natoma. I almost always curious about the names of products in this space. What does natoma mean? Does it mean anything? Like, how'd you come up with that? It's a great name, right? What do you think of the name?
I don't even know what to think about. It's so unique that I don't have like a a definition or even associated with in my brain. That's why I'm like, where did this come from? So I'll tell you the actual meaning of the name. So Natoma actually means Clearwater in Native American language. There's a lake called Lake Natoma near Sacramento and that's very unique name. One of the criterias was to make sure the name that we pick for the company, it's very easy to
pronounce. And coming from India, English as a second language, the world is flat. You're working with lot of different parts of the world. It should be no matter where you are from, what accent you have, it should be very very easy to pronounce. But the real story if you want to know. Of course, yeah. Yeah, it there is the bar called Natoma Cabana right behind of Octa.
As I mentioned, I was at Octa and right behind Octa, my Co founders are also from Octa and we used to go to the bar and that's where we used to go. Think about this talk about this. There's a street called Natoma right behind Octa, which leads to that bar called Natoma Cabana. And we used to walk there and walk to the bar. Lot of different, lot of long chats, lot of long meetings, lot of different meetings meeting different people around the AI space on how to do it, of course
with a glass of beer in hand. And as you were kind of starting off, you were thinking of a name for the company. And we said, why not Potomac? It's all the criterias that I put in place like a, it should be very easy to pronounce it short. It should be unique. And we said this is the name, we love it and we go there. That's super cool. I love hearing like these stories behind the scenes. So I got to ask this bar. The bar is named Natoma as well. The bar is called Natoma Cabana.
All right, so do you use the Natoma like company name to like try to get free drinks or something Like, hey, we're going to name our company if you know you'll give us a little something at the bar every once in a while. You know, I've met so many people at the bar. The actually literally couple of weekends back I met someone, I was at a wedding and the person was like, you remember, Yeah, we met at that bar. We were talking about it. What was the bar name? I'm like, yeah, Natoma.
That was the bar we used to everybody meet. We haven't told the bar yet that we called ourselves behind them on inspired by the name. Hopefully they don't come back and sue us, you know, or come back for some check saying hey you guys, we were the inspiration, so pay us back. OK. Well, I'll get off that subject just to not draw any more light to that, just to kind of protect
that. Let me put my Jaden CSO hat on though here because I feel like there's so many different security tools out there, it is impossible to keep up with everything and especially in the identity space that seems like there's something new all the time. I'm going to ask you a hard question here.
If you maybe use some of those flattery points is so tell me what is it that makes Natoma different or special or unique on how you approach the problems you're solving versus the others in the market that that you would consider? I have to say, I would say these things that really makes us puts us apart, right? It's uniquely blending that efficiency with security, right. Our platform is we really believe in that one click deployment model, right.
You know, Amazon kind of started that and everybody wants to do it. So have that one click deployment model, but also with like flexible deployment, like you know, it's not just a hosting platform, you're not a infrastructure, but then you blend that with like the right level of security, right level of authorization, right level of access controls in place, right? So that's number one. Number two is we are really, really focused on end to end,
right? Like the end to end user experience, not only just from like an admin experience, but even from like end user employees of an enterprise trying to use that making sure that end to end user experience is really good. I hate to use this analogy, but we've taken the the iPhone approach right. You don't need a manual to use an iPhone. In fact, my being in India, my grandma also uses an iPhone, right? Anybody can use an iPhone. That's the approach you've really taken.
And the biggest and the best part is policy enforcement, right? Like you really need, as this AI agents get bigger and bigger and as the proliferation happens, you really need like that dynamic access controls. You want to ensure like every agent has the right level of access and the humans interacting with that agent have the right level of authorization on the actions they are taking.
And as the world gets into like, you know, agentic AI where the agents are acting on behalf of humans, they have the right level of authorization. So it's that policy enforcement point. We that is where we kind of bring in the the unique selling point differentiation for us in a way. They talk about that sort of explosion of the number of AI agents that are out there. And I guess as we get into this world of agentic AI that is being thrust upon us, really there are so many different
things. Is that is that the main problem? Is it, is it the scale, Is it the volume that these things are happening? Are there other parts of the broader landscape of agentic AI that we also need to solve? Like what are your thoughts on just what are the problems to solve for agentic AI from an identity perspective? I mean, it's the, if I were to think about it a little bit more, right, even before the scale and all of that piece, it's it's the discovery, right?
Like you have your shadow AI that's happening these days. What do I mean by a shadow AI? It's like you're AE going and connecting something to your zoom and going and connecting something to your sales force. And you think that, hey, that's what's the big B that, but it's, it has access to what Jeff has access to, right? And what is it? Where is the data? What data is pulling?
What kind of things you put? So that that shadow AI, the shadow MCP discovery, that becomes really, really important first and foremost. And then once you kind of go beyond that, once you start getting, you know, a little bit control around it, the the second piece that really comes in is like, how do you make sure it's super easy to use?
And it's, it's actually delivering value from like an enterprise perspective, not just that, Oh, it's, it's so cool and it can look what it can do, but can it really actually go solve some of these problems in a way? And the the last piece that is definitely top of mind is like, you know, with with new technologies, with new protocols, new threats coming. And how do we really before this becomes like such a big problem
and such proliferation happens. How do you really make sure that you have the right level of guard rails and right level of security in place for the new threats that are emerging? And new threats. Some of them we know. Some of them we don't even know about, you know? Yes, yeah, it's, it's very hard to protect against the unknown right now. But there are certainly things that we know. You mentioned things like MCP model, contacts protocol and there's new, that's a new
standard that's coming around. There's A to a you also mentioned the time to value. And before I get to MCP and A to AII, do want to understand like, how is it, how does Natoma, you know, the customers you've got, how do they measure success when it comes to getting that value out of a deployment of Natoma? Like what are some of the, you know, key performance indicators or key metrics that are like, Oh yeah, this is worth the investment that we've made in it.
Do you have some things you want to share with the audience on? That no, yeah, definitely they're, they're two folds, right. I mean, I keep going back to that ease of use cases. If you look at what our mission, our mission even on our website, it's how do we accelerate AI adoption without compromising security. So it's that acceleration piece, right?
That ease of use and that acceleration is what we double click on every single time we talk to a customer and every single time we go and do a pilot and go and convert a customer. It's that is the value they get. It's like, hey, OK, how easy was it and how did we really help you increase the productivity, right? If you think about like the journey that enterprises are today in terms of like adopting agentic AIRAI agents is everything is around the productivity and improving productivity.
So a simple use case would be leveraging these AI coding assistance, right? You did, you can leverage those AI coding assistants as a developer. It does improve productivity, everybody agrees to it, but it can really enhance it if you're connecting this to enterprise
tools and data, right? So if you have like, let's say a GitHub Copilot or if you're looking at a cursor and how are you connecting back to your GitHub and to your JIRA and your linear tickets and Atlassian world, How easy do we make it for admins to give the right level of controls to make sure that how easily does these tools are getting connected?
But then from the other side, also, how easy it is for end users to make sure they're like, you know, developers tools are connected to these enterprise things. So if you tie those two back together, so that becomes like, you know, what is the value it's really delivering how quickly they were able to accelerate and how much did the productivity input, right? So that that exploration piece of hard and also depends. I mean, that's one specific use case. If you think about like AI
agents, right? What kind of what is the end user enterprises goal? What are the use cases they want to solve? So it could be anything from like, you know, IT operations or security operations and like trying to simplify some of those things. So what is the number of tickets that they have reduced and how much like you know, security operations, how much did it really help you, how quickly you were able to go solve a new alert and get into the bottom of the new alert.
So depending on basically we always, always, always die back the success of our platform back to what the customer wants to do it wants to do with it. And that means understanding customers use cases and understanding what are their goals. If their goals is that IT operations and reducing the number of IT tickets, did we help them deliver that? And if we measure the the success there boom, we are successful. If it is employee productivity, did we really quantifiably
improve that productivity? Boom, we are successful. So you mentioned MCP and sort of tying things together. I, I think this is still a new terminology for a lot of people out there with MCP and model context protocol and then A to a or agent to agent and the West. I guess the way I can't describe it is this is sort of like the connective tissue or the glue of how different AIS supposed to talk to each other and resources again to you. But you're probably more of an
expert than I am on that. So I'd love to hear like your definition of what MCP and A to A is and then how does that relate to the kind of stuff that you work on? Well, I'm not an expert by any means, you know, I'm like definitely not an expert, but I'll take a I'll I'll try my best. If I were to take you, you want to understand why we need MCP and what is MCP like? I always like to start with the why, right? Like like as Mr. Simon Sinek always says, start with the why.
I truly believe in that. Why do we need MCP? So we have to take like a step back. Let's go back like couple of years, right? I mean, or maybe even few years back. This whole thing basically started with Google coming out with, you know, Google Brain team coming out with the the Transformer models and chat GPD come openly and comes out with Chat GPD in 2022. Was it 22 in December or whenever? And that completely changed the game, right? And but it changed the game from
a consumer use case. It was like AQ and a it was like, Oh my God, look, it can do this. Oh, Oh my God, I can go actually search and get better search results and it's you know what, it was a game changer, but it was very consumer driven. Even if you look at like the worldwide. Conference from Apple recently, right, They were talking about Apple intelligence and what is
Apple intelligence? It's talking about like hey, tell me when is my what's the status of my mom's flight That was the example they use and what were they doing behind the scenes Apple intelligence was going and talking to your e-mail figuring out what was the schedule your mom was supposed to come in goes online figure out like what your what's the status of the flight and it's kind of giving responses back.
So point being all of these were great for end user consumer use cases where MCP comes in or where AIO Jennya was lacking was around around enterprise use cases. And what do I mean by that? You get real actual benefit. Like, you know, I mentioned like these use cases, number of tickets and like, you know, some of these automated stuff you could really reduce. You can really do that when you connect Gen. AI we enterprise rules and datas and applications. This is where the brains of the
enterprises. This is where everything is posted. So if you're really connecting your, if you really want to connect your AI agents, your LLMS, your models to enterprise tools and data, that is the biggest challenge. That is when you really unlock the power of a Gen. AI. That is also the biggest. And that's where MCP comes. That's where it kind of changes the game. So let's talk about it. How was it done before MCP connect your LLM models to your enterprise tools and data.
You were leveraging API calls, right? You were just doing like bespoke API integrations and connecting to that. So if you have want to build like 10 agents, right, or 10 clients and you have 10 data sources or 10 applications on this side, every single time you you may build A use case with one agent and you're connecting to this ten data sources and boom, this is powerful. It's like a very bespoke manual integration. You try to go build another one, you have to redo all of those 10
again. So it was that M cross N problem. You have 10 on this side, 10 on this side. So you're looking at 100 different integrations and API proliferation and won't even get me started. The challenge is there right where MCP comes in. It's an RPC protocol. So it is still a client server protocol, but what it does is actually is a wrapper on APIs and it actually leverages that
line to server integration. So for all your like the ten data sources or applications or services that you had, you can create servers for that, MCP servers for that. And now you can have all these agents just talking to these servers. So if you have this one use case, one agent that you build for these, once you start, you do a build another agent, you don't need to restart and
recreate all of those things. So you go from the 10 cross 10 to 10 + 10. So it's a model need a way to provide context to all of your LLMS in a way. So these LLMS, they become powerful when you provide your data context to them, right? So that's that's the magic of MCP. The other big, Big Magic, in my opinion is what they call as dynamic self discovery. I think this is like a very underlying unknown power. If you say, what do I mean by that?
It's like when these agents, they start, they boot up without changing any code. You can just tell them that, hey, this there is this MCP server. So it boots up and it goes and say, OK, I see there's some MCP server. Let me go and figure out what that server can give. And overnight without doing any changes, you can add actions, you can connect different data sources or data tools, applications, but you can also provide different actions to it, right?
So it can actually add boot up time, do that dynamic self discovery and automatically become more powerful. And that's why I've really believe this MCP is like a massive game changer in terms of like how you can provide that context to your LLMS and things like that. And that's where, where the world is going. If you think about it from A to a perspective, that's when the agents to agents start interacting with that, right? MCP was started, developed like it's such a young protocol to
begin with. It was started and it was announced in November 25 by Entropic. And here we are six months in. Like it has been like adopted by the community. There's been so much it's an open source protocol, so much community development has happened on to it and build on top. Google came out with A to a protocol and what's the theory there? Awesome. MCP is great when you want to collect or connect your LLMS and your agents to your enterprise data sources.
But the world is going where these, as I was saying, these agents will kind of interact and talk with each other and they'll like plan, strategize, execute on its own. So you really want domain specific smaller agents, right? So think about like agents which are small agent that's connected to your sales force and doing some sales stuff. And then you have a different agent which is going and doing
its marketing stuff. And when these agents need to talk to each other, they end up leveraging the agent to agent protocol in a way. But I'm sure as you're thinking through all of this and like agent identity and like human identity, like it opens up a massive identity access authorization can of bombs. But it's not only just that with newer protocols, it opens up newer security challenges, newer
vulnerabilities as well. I mean, the explosion of this has been crazy and I think we've used the word explosion like 5 times so far. It's conversation, but it's probably the most accurate way to describe it because it's accelerated so quickly. And to see and yeah, and to see the technical, you know, groups get behind this.
I mean, I've seen standard developments in the past that takes years, but this is moving very quickly to all of a sudden say, OK, well there's a bunch of big names supporting MCPN and A to A and all that good stuff. I, I'm just curious, like how do you navigate, you know, developing product at the same time these things are still being developed and you know, maybe they're not even on solid ground yet, or maybe I'm wrong. I'm, I'm not as closer to it probably as you are.
But, you know, is there a common set of rules that have been established that you can effectively start building capabilities and services on top of those things while they're still building sort of the rest of the boat? Yes and no. I mean, it has it does like, you know, we as technologies when we start building new stuff, we always just want to move 1000 mph, right. So is the protocol like solid and it's like being like taught through and there are no holes to it?
Absolutely not. Having said that, is the protocol well adopted and here to stay 100%. Will it keep evolving? Will will it keep changing 100%? But that's the, I mean, that's that's the magic of like a start up, right? Like you are really at the bleeding edge and you are really thinking through like where this can go, right? Nobody knows. Everybody is trying to figure the puzzle out. And here we are also trying to figure the puzzle out.
So does it make you nervous? It does, but it also makes you think harder and it actually makes you like, I feel that passion and that excitement. It's like we need to go figure this out. Like nobody has figured it out, like, you know, So we'll be probably the first one to figure it out in a way. Well, if you wait for a perfection, it'll never happen, right? Like we waited for Olaf to be done? Like the problem would have been insurmountable, yes. Absolutely, absolutely you. So true.
And even for MCP though, there are certain RFCS for award that needs to be adopted and could potentially change, you know? Let's talk a little bit about that facilitating of the connections between LMS and agents. I feel like this is an area that is sort of now coming to light because everyone like you know, says like Chachi BT comes out and you got Gemini and Claude and you know you name it, it's out there. What is the powerful part is, is
connecting to that data. Now me as an enterprise user or owner of enterprise data, I got to make sure that I am really secure and really sure that whatever is access, my data is correct and they are authorized to access that particular data. I think this is where those connections between a, you know, let's say a generative LLM versus a resource or a company specific data repository, you know, you may you, you've got to make sure that connection is secure.
And then you've also got to make sure the connection to the agents that might be interacting with either of those things is secure as well. Can you talk a little bit about how Natoma approaches that, that connectivity and that facilitation? No, absolutely. Yeah. So that's where that's where we
really play, right. That's really ensuring that as these LLMS, these agents are kind of interacting those enterprise data, as you said for enterprises, that is your IP and that is what like is, is your secret sauce in a way, right. And as you're trying to connect these models, NLMS, these AI agents for your use cases to the data, we kind of play in that middleware. And what we provide that Natoma agent access provides is basically 3 layers of authentication and authorization control.
So Step 1 is basically, of course, we leverage more author on the way. But Step 1 is like, but you will, is this agent even allowed to talk to a certain data? So let's take GitHub as an example, right? You have like agent 1 is agent one allowed to talk to GitHub. So you can configure that Tunatoma that a only agent one in your enterprise is allowed to talk to GitHub. But it's not only that we don't stop that.
Then we provide the next layer of it, like OK, Agent 1 can talk to GitHub, but agent 1 can only do such and such actions. So you can control what rules have been passed back as NLMS, recorded tools, what agent this agents LMS, what actions can you take in your downstream applications. And the third pieces is what you were talking about. When users interact with these agents or when users are like when these agents are acting behalf of users, what can they
do, right? So like, let's say we take continuing on that GitHub example, let's say only agent 1 is allowed to talk to GitHub. You say, hey, you can actually do list commit with this agent, but you can't do batch commits,
for example. And then when Jeff is interacting with this particular agent, you can actually go and do Jeff can do this summits, but it should be able to do this summits of only the repos Jeff has access to versus when separation is going and doing list summit, it should do only for the, you know, repos that paration is access to. So really tying back that authorization, fine grain authorization of the end users indoor and that is where we
really play. It's at 3 levels of access and fine grain authorization because you are sitting into a yeah. No, please go ahead. No, I was just going to say that, you know, you are getting into a world where eventually these agents are going to act on behalf of Jeff and they are going to become smarter. They are going to start executing the, you know, when to like we're moving away from like, you know, the enterprises work in that workflow
environment, right? Like there is like, hey, new employee comes in so that triggers like, OK, somebody needs to create a user and work day and then that's going to push down into Octa and new laptop needs to be shipped out and new to provide like medical insurance and water. So there's some chain of events. We are going getting into a point where enterprises are going away from that workflow strategy into like doing some works and that will become
conversation, right? Like LLMS are doing this. You don't need to have like, oh, somebody's going to join it. It can completely change that workflow model in my opinion, and that's when having that right level of controls is very important. That opens up a question of, OK, so if I have a bunch of agents that are acting on my behalf, how to, how to, how to me as the user, you know, direct those agents on to what they can and can't do. And, you know, how ephemeral does that access even live?
Because maybe these agents are, you know, they only live for maybe a few milliseconds to perform a specific task and they are shut down or decommission or whatever you want to call it. I mean, that's, that's part of the challenge. You're right. It's not only the, the scale, right, the number of them, but it's the speed with which these things can be created, destroyed, recycled, whatever you want to call it. Is that right? Yep, absolutely true, absolutely true.
And this is where we really come in and play as well. It's like if you need to have those identities associated with those agents, so you really need to keep a list of that. But also like when, when these these become ephemeral, we really need to make sure that like, you know, we provide you controls, we provide enterprises controls that if the agent is going to act on behalf of Jeff, it can only take certain
actions. And if it really wants to take certain other actions, you need step up off like basically everything that we've learned in our identity practice over the years. How do we deploy that in a way, right? So bringing that wearing that Octa hat back on or like wearing those things.
Hey, if the agent needs to do a certain action, we need human in the loop still, Jeff needs to come in and like, you know, provide that biometric so you can control what actions the agent can take on behalf of as an impersonation versus when it's it can't take on acting on behalf of it and or human in the loop is there. I'm glad to hear that. Like we're getting smarter on how we approach some of these
things. It's not like you can give a, you know, a, a token to, you know, an agent AI and had to pull out this little key ring and say, OK, give me the 6 digits in there. You know, I'm talking physically and I'm sure digitally that's probably the way to do it. But I, I'm glad to hear they're getting smarter. And so now I'm like, OK, so this sounds pretty cool. How do I actually set this up? Like what's it like to deploy a product like this into my environment?
Is it? Does it sit there and I I give it a bunch of access and kind of reads the environment and gets a discovery And then how do I manage policies and and things like that? It's super easy. Customers have been able to do this in less than two hours with us. It definitely discovery of course takes a little longer like you go to platform goes and actually does all the discovery of like shadow MCP servers or like shadow AI and really bring that in.
But then also that's where we kind of started, right? Like the first part of our company's history was really focused on doing that shadow AI discovery in a way. But where we've been really better can really make it easy is like, again, remember everything I was staying at the beginning, ease of use and one click deployments and things like that. Admins can come in there. They've been we've had customers able to do this in less than two hours, control this out in in their organizations.
Of course, controlled environments, not like like, you know, how can gold it's done in wild, Wild West. There's obviously this world is changing so fast and but we've made it absolutely easy and giving you the right set of controls to rule it out. Literally, we've had customers successfully launch it in less than two hours and to a point where in certain cases we've they've just given them a here it is. You can just go create this
tenant and go play with. I literally last week, I wish I could have shared some of those slacks that I got. The person was able to use it connected and he said, oh, everything was quite intuitive. This is awesome. And the reason we actually enforced him to do that because of that, the iPhone analogy I was trying to make, you do not need a manual for it. We don't.
We want to build a product that nobody needs a man at the end, at the end of it. We had in the age of here and we are trying to build a product we solve for here. If we need a manual for that product, we've failed somewhere miserably, you know. That's a pretty quick, you know, time to value to deploy, be able to deploy so quickly.
Once I've got it deployed, I'm curious, like what are some of the things that I can do maybe from like a policy standpoint as administrator, do I define and say, you know, here's a list of my resources or am IA different AIAI agents? Or like what does this look like for me as a, let's just call it a security administrator? I don't even know what the great role would be, but to say, OK, I've got Natoma installed, now what? You get it, you get it up and
running. You can control like you can create these MCP servers, whatever you want to connect your, let's say your, let's pick cursor as an example. You want to connect cursor to whatever tools you can do that one click deployment of your MCP servers and roll it out to your
end users. And like, you know, just the end users see these servers that are available to them that they can go and connect back to connect their courses of the world back to those tools like linear or Atlassian or GitHub or whichever 1 you want. Or on the flip and whatever IT operation tickets you're trying to connect, like, hey, you want, you want your chat GPD or like enterprises have these wrappers
around chat GPD. You want to go connect to Octa and sale point and like, you know, cyber Ark and service. Now we solve some of those common use cases and like, you know, like a lot of these use cases that can automatically be reduced having like an AI coding assistant. So you can create these spin off these MCP servers. They are kind of managed by like the IT admins and they can go connect back to your GPTS and users can connect to their
coding assistant tools. And boom, now all the data is kind of going through it. But not only that, we can, as we go and connect to it, we can discover any shadow MCP servers or shadow AI that's out there. Any of those that have some people might have already ruled out. So from security profession, they start getting some of these controls there. And the other benefit, you know, as I was kind of mentioning, there are a lot more other
Security benefits, right? Like if you think about it like what are the new age vulnerabilities that are coming into like shadow MCP? So I'm sorry, malicious MCP servers, tool poisoning, tool hijacking, rug pull attacks. So having like a platform that has actually verified MCP stores, we've actually built like MCP scanner, security scanner and contributed back to the community.
So we scan, make sure that all of those vulnerability exists, making sure that all of these are doing vulnerability management, version management, all of that you get out-of-the-box straight away. Yeah. It sounds very interesting. I was going to ask you about the sort of what happens if I have my own MCP servers, but you pull those in. I think this is probably something that might be getting overlooked is what happens if a rogue MCP ends up getting out there.
You're able to detect that and then, you know, surface that for somebody to do something about it, either block it or. Whatever even before, yeah, we even before we on board like an host and MCP. So we will make sure that we have a scanner and check and make sure they kind of fit in that there are no vulnerabilities. We find those vulnerabilities, we make sure that hey, these are fixed again, depends on like it's community developed who's contributed to it. So we look at those MCP like
those vulnerabilities. Lot of times we've actually, because it's such an early in the game, we've actually taken back those and we said, hey, we need to fix all of these things. Let's go ahead and fix it. And then we have them the right hosted 1 and we have like version controls on top of that as well. Enterprises have actually also build their own MCP servers for their own custom applications. We've been able to bring those as well.
We are also building MCP servers for different agents as well. So I have to ask, I'm kind of curious and kind of my last question for you here is this idea of Shadow AI and Shadow MCP. I'm curious if you're customers and I don't want you to name and shame or anything like that. But this is more of a, are they discovering like shadow MCP servers out there where developers have something?
Because I'm, I'm not finding a lot of regulation and governance yet within organizations on how to even tackle the governance of, you know, how do we set up AI within our own organization? You know, those sort of things. I'm so glad you cannot ask this question. That was a super smart and they will try out these new protocols and they'll download random MCP servers without thinking about security, without thinking about
access. So when we go connect week, we go and find so many of these shadow MCP servers. So you're climbing this giant mountain of AI. And so that's my perfect segue into sort of ending the conversation here. And I'll let her know we were talking as we're getting into each other, you know, before we hit record here. And you mentioned that you like the outdoors and hiking and sort of things like that.
And I'm curious, like what is your most memorable hike or climb or whatever way you want to describe it? My most memorable definitely would be the Mount Whitney hike. That's that's the the highest peak in Lower 48 country continuous United State. It is. It took us, believe it or not, like we were, we were slow. We were hiking with the group, We made sure we did it with the group. The entire group made it up, came back down. It took us more than 24 hours.
We were hiking for 26 hours non-stop. Generally people take like 18 to 20 hours is the norm, but we were a bit slow. But it was one of those hikes that really challenges you and very, very vivid memories of the entire fight. But though the funny story to a point where like it, it became so painful that coming down not be somebody else, they were so tired, they were actually hiking backwards. So if you've been hiking down for too long, it does get hard on your knees.
Of course, I think backwards it is actually a little bit easier. So of course, not on the rocky parts and not on the switchbacks that are like some 120 switchbacks on the top near the top. But eventually when we were hiking down the car, we just started hiking backwards. OK, so this is new to me. I've never heard of hiking backwards. So you're you're you're essentially walking backwards down the mountain. Is that it might describe that. I mean, it seems almost like a
comic book. It doesn't sound funny, but you actually see it is quite funny. We still give, but it's better to give more. Harder, I guess it's where you're more comfortable or something like that. I guess it's just better for your knees because you are constantly hiking down. It just keeps hurting. Knee keeps hurting and 26 hours, it was a long, long day for sure. And like 26 hours. All of those 26 hours we would be at least hiking for maybe 23.
We spent like good 3045 minutes on the top at the summit. It was, but it was truly worth it. We did. We did light up a cigar. We did take some alcohol. Did not did not have the energy to drink it, but we did definitely light up the cigar. So you must have some really good pictures kind of being, Oh my God. There, of course. Of course. How about animals? Did you come across any bears, Mountain lions? Yeti. Fortunately, no, fortunately,
no, I don't. Nothing actually that's it's very close to. I don't know if you know, but Mount Whitney is close to it's like Central California. So it's. Like east of, it's like east of San Francisco, kind of like in between San Francisco and Las Vegas and like that area. Exactly, exactly. It's southeast of San Francisco and it's near Death Valley. Basically it's very close to Death Valley. So it does get kind of doesn't get hot or anything, but it's,
it's a very barren land as such. So you don't really get any of those, or at least fortunately we did not see any of those. That sounds pretty fascinating. If you're hiking Half Dome, you might end up with bears and stuff, which also I've done. Half Dome was also good. But yeah. Well, see, I don't need to hike anywhere because I have bears in my yard here in in Ashland, North Carolina. So, you know, I have I have black bears. So they're not typically, you know, looking for trouble mostly
for food and things like that. OK, So I think I guess, you know, that's it for today as we exit the conversation here. What is something that you want the audience out there to know about Natoma and the way you guys are thinking about approaching this agentic AI explosion again, there's the word again that we've been seeing here. We are definitely at an explosion inflection point.
No, I mean, I, you know, generally there has been this apprehension about like, oh, what will AI do and how it's going to kill jobs and like, it's going to like have massive problems. Don't, I would say do not be afraid of it. Like this. We went through as a like as a society, We did the same thing back in 70s, eighties when like, you know, computers were kind of coming up. There was this fear that Oh my
God, what's going to change? And then in 90s when Internet was coming up and it's like, Oh my God, it's going to take away all these jobs and things like that. We are at a similar inflection point, so adopted. But hey, as you are adopting and accelerating, Natoma can truly help you accelerate without actually compromising security. Well, I love that message because I think this is something we can't stick our heads on the sands.
We have to understand it. It is a tool and we'll figure out how to use it. Like you said, we've been through this cycle before with computers, electricity, indoor plumbing, right? These things go on the Internet, right? All these things come. Along and. We just have to figure out how to adapt to it. So Paresh, I really appreciate you taking the time with us today and definitely want to encourage people to go out to your website, Natoma dot
IDNATOMA. We'll have links in our show notes for be able to find that website as well as connect with you Paresh on LinkedIn so people can share hiking stories or you know, what the heck are you talking about with MCP servers help, you know, things like that. So again, really appreciate Paresh and for everyone watching, listening, you can find us on the web idacpodcast.com. Don't forget that like and subscribe button and we'll go ahead and leave it there.
Thanks everyone for watching and or listening and we'll talk with you all in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.