Code with Jason
Code with Jason
292 - Kendall Miller, CEO and Founder of Maybe Don't AI
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode I talk with Kendall Miller about MCP (Model Context Protocol) and why AI agents need third-party guardrails. His company Maybe Don't sits between AI agents and MCP servers to prevent disasters—because AI sometimes solves problems in creative and terrifying ways.
Links:
A Snail Mail Dev Newsletter
SPEAKER_00Hey, it's Jason, host of the Code with Jason podcast. You're a developer. You like to listen to podcasts. You're listening to one right now. Maybe you like to read blogs and subscribe to email newsletters and stuff like that. Keep in touch. Um email newsletters are a really nice way to keep on top of what's going on in the programming world. Um, except they're actually not. I don't know about you, but the last thing that I want to do after a long day of staring at the screen is sit there and stare at the screen some more. That's why I started a different kind of newsletter. It's a snail mail programming newsletter. That's right. I send an actual envelope in the mail containing a paper newsletter that you can hold in your hands. You can read it on your living room couch, at your kitchen table, in your bed, or in someone else's bed. And when they say, What are you doing in my bed? You can say, I'm reading Jason's newsletter. What does it look like? You might wonder what you might find in this snail mail programming newsletter. You can read about all kinds of programming topics like object-oriented programming, testing, DevOps, AI. Most of it's pretty technology agnostic. Um you can also read about other non-programming topics like philosophy, evolutionary theory, business, marketing, economics, psychology, music, cooking, history, geology, language, culture, robotics, and farming. The name of the newsletter is Nonsense Monthly. Here's what some of my readers are saying about it. Helmut Kobler from Los Angeles says, Thanks much for sending the newsletter. I got it about a week ago and read it on my sofa. It was a totally different experience than reading it on my computer or iPad. It felt more relaxed, more meaningful, something special and out of the ordinary. I'm sure that's what you were going for, so just wanted to let you know that you succeeded. Looking forward to more. Drew Bragg from Philadelphia says Nonsense Monthly is the only newsletter I deliberately set aside time to read. I read a lot of great newsletters, but there's just something about receiving a piece of mail, physically opening it, and sitting down to read it on paper that is just so awesome. Feels like a lost luxury. Chris Sonnier from Dickinson, Texas says, just finished reading my first nonsense monthly snail mail newsletter and truly enjoyed it. Something about holding a physical piece of paper that just feels good. Thank you for this. Can't wait for the next one. Dear listener, if you would like to get letters in the mail from yours truly every month, you can go sign up at nonsensemonthly.com. That's nonsensemonthly.com. I'll say it one more time. Nonsensemonthly.com. And now without further ado, here is today's episode. Hey, today I'm here with Kendall Miller. Kendall, welcome. Hi Jason. Thanks for having me. Thanks for being here. So you're working on something called maybe don't.ai, if I have that right. Uh tell us about that. Tell us about yourself. Uh however you want to introduce yourself.
Why “Maybe Don’t AI” Exists
SPEAKER_01Yeah, so it's complicated. I'll I'll back up to the smaller things and work up to maybe don't, which is my primary focus. Um I run a group of startup advisors called Grow Big Advisors. Uh the pitches will get you to your next round. Um, I run a global group of CTOs called CTO Lunches. It's about 1900 CTOs worldwide. We have chapters all over the world. If you're a senior engineering leader, you're welcome. Free networking group. Uh I run a liquor company called Friday Deployment Spirits. We make liquor for the person in your life who quote unquote works in computers. Uh, we have a gin called Force Push Gin. That should be funny to the people of this podcast. Uh, we have a whiskey called Generative A-Rye. Um, both are very good. They're um distilled in in Denver and uh distributed online. So FridayDeployment.co. Uh I sit on the board of a company called FusionAuth. And uh then last but not least, the majority of my time goes to um, well, I I also work with small startups as a consultant, I should say that, but the majority of my time now is uh focused on maybe don't AI. So I would say maybe don't, AI, because we're not anti-AI. We're um guardrails to tell the AI maybe don't do that. When um if if you've used AI, it's often trying to solve problems in creative and terrifying ways. And uh that's what maybe don't AI seeks out to to solve, if that makes sense.
SPEAKER_00Okay. And how did this start? Because this is a unique sounding thing. Um I I looked at the website and I'm like, huh, this is I and even when I looked at the domain, I'm like, maybe don't. That's uh that's an interesting name. So where did this come from?
SPEAKER_01Yeah, so I let me tell you first, uh, I've got a story that paints the picture of what it does, and then I'll back up and give you the origin story for the company. But um, the story I like to tell about why it exists is um I have a 15-year-old son. If I'm backing out of my driveway and I turn to my 15-year-old son and say, Hey Amos, I just realized the place we're going only accepts cash. Get out of the car and go in the house and don't come out until you have cash, right? Gets out of the car. He has permission to go in the house, he has authority, look through every drawer in the house. It's not an authentication problem or an authorization problem. Uh, he digs all around, he can't find cash, and he goes, Well, shoot, dad says I'm not supposed to get back in the car without cash. So he grabs mom's engagement ring, runs to the pawn shop and pawns it, and jumps in the car and says, Here's$2,000, let's go. That's the way that AI agents act today. And that's why we exist, is to say, maybe don't do that to the AI. Um, and the reason that that exists is a more common thing is um you're using something like Claude Code or some kind of other agenc uh development framework. The the idea actually came from a company called All Hands, so it's all-hands.dev. Uh the founder of this company is an old colleague of mine. And um, I'd already been looking at the space uh regarding agentic security MCP specifically, but he has a story of um you know, asking his agentic workflow to go rewrite some repository and or refactor some repository, and it pulls down that repository and does all the refactoring and then goes to write it back to that repository and says, hang on a second, I don't have write access here, but I'm not supposed to stop until I've finished the job. So what do I have write access to? And goes and tries to write it over the production infrastructure. Uh now, you know, he has guardrails in place to keep that from happening. He noticed it, but it scared him. And so that's where you know he called us and said, Hey, would you consider going and building something in this space? And we were already looking at building something here. So um, yeah, the today there's lots of people leveraging things like MCP to interact with GitHub or Jira or whatever, and you know, the old Silicon Valley jokes about uh I told it to go clean up all the bugs, and it decided the most bug-free code is code that's you know, there's there is no code, so it deleted all the code. Or uh, you know, I told it to optimize for meat in the office, and so it ordered 2,000 pounds of meat. I mean, we're like actually living that today. We're seeing those kinds of things. You you probably saw the do you see the replet database deletion thing that was making the rounds a few months back?
SPEAKER_00No.
Real Incidents And Agent Failures
SPEAKER_01Uh, an engineer leveraging MCP accidentally ended up deleting a big database and causing the whole thing to come down. And um, you know, it's a it's a real problem that we're actually seeing today because AI agents are acting increasingly on our behalf. And it's different from a human who's trying to hack into a system with nefarious things. What's different about AI is it just solves problems in really unusual ways because it doesn't have human experience to go, well, of course I wouldn't do it that way, right? Um Yeah, there's no common sense. Uh exactly right. And and 60, 70, maybe even 80% of the time, it makes great decisions, but uh 20% of the time is a shockingly large number for bad decisions to happen in things that we care about, like our production code. Uh so anyway, so maybe don't is uh MCP gateway that solves these problems. It uses AI policy to keep the AI from acting poorly, if that makes sense. It's third-party guardrails. You download it, you install it, you set up the guardrails that you care about for your engineers and your systems, uh, or to protect your users.
SPEAKER_00So for anybody who's not familiar, what is MCP?
What MCP Actually Is
SPEAKER_01Yeah, sorry, I should have started there. Uh model context protocol. So this is it's it's a pretty new thing. I mean, honestly, there's probably engineers who listen to your show who don't know what it is because uh it didn't exist until uh almost a year ago. It hasn't even been a year, I think. It was November last year, and it didn't really matter until about March of this year. Um all it is is a translation layer between an API. The simplest way to explain it is it's a translation layer between uh an API and an uh an AI agent. Often that's a large language model. It doesn't have to be a large language model, any kind of AI agent. But uh, you know, a large language model or that AI agent can go basically query an MCP server and say, what can I do with you? And that MCP server has the context for all the APIs available to it behind the scenes and translates that into natural language that the computer understands. And so then you can do things like in a large language model, tell it to go interact with, say, something like GitHub, and it does that all through the API by way of this MCP server. Does that make sense?
SPEAKER_00Um, I'm sure it does, but I don't understand. But I don't think that's your fault. I think that's my fault. But can we go over it again?
SPEAKER_01Yeah, I mean, so uh a very simple way to explain it is it's just it's just a definition for like the manual pages for what your API can do.
SPEAKER_00So rather than the manual pages for what your API can do, and and when you say what your API can do, you mean like what it's capable of? Yes, right.
SPEAKER_01So think about um let's go back in time to uh last time I was writing code that was significant around this. Twitter had just come out with its public API. I was really excited about that. So I'm going and reading a bunch of documentation about how the public API works. How do I get this information from it, send this information to it, et cetera, right? And so I go, look, what are the read commands, what are the write commands, how do I structure that so that I can get that to Twitter in the right format, get out what I want in the right format, right? MCP is that uh somebody like Twitter could host an MCP server that has the context for what's available in the Twitter API, and then they expose that MCP server and say, plug in your LLM. So now somebody using Copilot or Cloud Code or even you know Chat GPT or uh Claude in the browser can say, hey, go connect to this MCP server and go do this thing on my behalf. Does that make sense?
SPEAKER_00Um, I think I'm progressing in my understanding. Um, how come it has to be like an MPC MCP server? Why can't it just be like a big file that gets read or something like that?
SPEAKER_01I mean so uh the the the problem is is there ends up being a whole bunch of different problems in in how this works. So you have to pass, you have to do things like pass on authentication or authorization, you know, and and uh you know, who is the person making this call, right? Um because uh it's just a definition for how think the large language models can understand what they need to do to interact with the APIs. Right. Sure. In theory, you could say, in theory, you could say to an LLM, here's Twitter's, and I I keep using Twitter and I will call it Twitter till the end of time, even though I left that hell site as soon as Elon bought it. Not as soon. I I waited till I saw what he was doing. Um but uh the you know uh say it's it's Twitter. You could tell an LLM, go read Twitter's API uh instructions, right? And then go tweet this thing on my behalf. Here's my credentials, uh, et cetera, et cetera, et cetera, right? But instead, what you do is you configure that server or you configure your uh AI agent to go talk to this MCP server, pass on the credentials that it needs to, send it the information that it needs to, and respond appropriately. Does that make sense? Um It doesn't need to exist. You're absolutely right. It's just simply a decision that we've made as a standard for doing this kind of handoff.
SPEAKER_00Um well, there's maybe some some sub-questions and nuances in there. Like, okay, MCP model context protocol. Again, that's a protocol, um, which is a separate thing from any particular server because and and you know, I say this as somebody who has never worked with MCP, so correct me if I say anything that's not accurate. Um but you can the the the protocol is just as you say a way to to make these communications and interactions and stuff like that, just like HTTP protocol or or something like that. Um but then a server, it sounds like you know, the reason an MCP server is a server and not just a text file somewhere, is because it has actual behavior. Like there's there's it's dynamic, it's not just a static piece of information. Do I have that stuff right?
SPEAKER_01Yeah, I mean, and it also allows you to do things like hey, GitHub has an API. You can't access everything in the API with an AI agent for one reason or another, right? Here's the things you can't access, here's the things you can't. Also, maybe it behaves slightly different when an AI agent's interacting with it than a human or then a computer, if that makes sense.
Why Use An MCP Server
SPEAKER_00Okay. Um it's not immediately clear to me why that would be true. Like if I have, for example, the the GitHub CLI, um can't my AI agent just type any commands that I could have typed and do all the same stuff that I could have done?
SPEAKER_01Yes. Short answer is yes. But instead of you have it so and it might be that something as common as GitHub, that the logic is already built into the large language model, and it could go communicate directly there without going through MCP, right? In theory, that's true, right?
SPEAKER_00Right, and and in practice, that's that's true too, because like uh, or at least it's true to an extent, because when I've used clawed code to interact with the GitHub CLI and API through the CLI, it like already knows about the GitHub CLI, and so it kind of knows what to do. But if it were some third-party product, like something that I just wrote yesterday, uh the agent wouldn't have any way to know what to do.
SPEAKER_01Right.
SPEAKER_00Right.
SPEAKER_01So it it's it's literally just a standard for interpreting this, and it's one of the first standards, and it's my suspicion that this is soap to the coming REST standard, right? Like it's it's going to be a passing standard that there's we're gonna have something that's bigger, that's better future uh in the future. Um what MCP does is make a standard way of saying, hey, go talk to this one, and it can go talk to it, figure out all the context it needs, and issue the kinds of commands that it needs to issue, right? So you so you can say things with MCP like, hey Jira, go clean up my Jira tickets, right? Um now we exist to keep that from it deciding that the cleanest Jira tickets is no Jira tickets, but uh you know the it's that simple in in because of MCP. Um and you can also go use, you know, Bob's interesting API as long as he is hosting an MCP server that that that meets that spec.
Standards, Limits, And Access
SPEAKER_00Yeah, this is bringing to mind for me an experience that I had today. Uh there was some bug or something like that that I needed to create a Jira ticket for. And so I went to Okta and clicked on the Jira icon and got into Jira and created the ticket, and I'm just like, why are humans still doing this? Um like why can't all these clicks and typing and like why can't that be abstracted away? Because uh the the essence of this is we need a ticket with such and such title. Like if I could just speak those words or type those words, um that's that's all the information that's needed in order to bring that thing into existence, yet I have to do all this toil. And so I'm like, why don't we at the place I work, why why don't we have AI set up yet to do this? And how would that go? And that got me thinking about like the general problem, and I'm curious your your thoughts on this. The general problem of like once you hand over your credentials to AI for your various services, then who knows what it might go do on your behalf, and and those things that it does on your behalf with your credentials would be indistinguishable from things that you did because it's the same account, and that doesn't seem good to to like put your reputation on the line and just hope that AI doesn't do anything that you don't want other people to think that you did. So, do you have thoughts on that particular challenge?
Identity, Accountability, And HIL
SPEAKER_01Well, so I mean you're you're you're talking about exactly why we exist. Yes, all of those things are true. So, so first of all, there's the big question of should AI agents act with our identity or should they have their own identity? And a lot of people try to solve that different ways, and there may be use cases where it really makes sense for an AI agent to have its own identity. But if an AI agent is acting with no connection to a human, who do you hold responsible when it acts poorly? Right? So it makes sense that AI agents act with our human credentials so that Jason is responsible for what this AI agent did, so that Jason at least stops and says, Hang on a second, is this a good idea? Is this a bad idea? Like what is it about? Out to do and and hey, it went and did something and I don't know what it did. I'm gonna go check and make sure that what it did was okay and maybe roll it back if it wasn't. Um so so, first of all, yes, that's a big hairy question. And agentic identity is something that a lot of people out there are trying to solve. Uh, I honestly think it's not as hard of a problem as most of them think it is, because most of the time, um, you know, assuming human identity uh is sufficient, and if the API off is set up sufficiently, most of those problems go away. Now I'm hand-waving away some of the bigger, hairier problems, and there is a reason why these startups exist. Um, but uh that's the first thing. Um then you're right, they act in strange and unusual ways, and how do you keep that from being a problem? Well, you know, Anthropic has decided, well, the solution to that is we're gonna put human in the loop for just about everything it does. And I mean, have you used clawed code much? Yeah. So you know if you use clawed code for five minutes, it's like, I'm gonna go do this, are you sure? I'm gonna go do this, are you sure? I'm gonna go do this, are you sure? And you just start saying, yes, yes, yes, yes, yes, yes, yes, please, for the love of God, do the thing, right? And uh uh that's part of why we argue that guardrails are so important. So third-party guardrails, in addition to that human in the loop, because human in the loop is not sufficient for what those AI agents are doing. Um, and so we need to stop it sometimes because sometimes you just said yes, go ahead and do the thing, and it's gonna go delete a database, or it's gonna go erase something in a in a GitHub issue, or erase something in a GitHub pull request instead of comment on it, or instead of issue a new pull request, right? Um those kinds of things.
SPEAKER_00Yeah, I think you make a really good point about responsibility. That's something I've thought about before. Um, you know, there's there's a lot of talk about AI taking programmer jobs and even like uh sweeping statements by people who you would think would would know better, like CTOs of big companies and stuff like that, saying things like in five years there will be no programmers, um, which just blows my mind that somebody would make a statement like that. But um it it it seems to me that that even in principle, um, an AI agent will never literally take somebody's programming job because you can't just have, for example, a team with five developer-shaped slots on it, and right now those developer-shaped slots are filled by five human developers, and then you could just take one or two of those slots and remove the developer from that slot and put an AI agent in that slot because who bears the responsibility? Uh there there's no such thing as the responsibility going away. Um the the responsibility by necessity has to go somewhere, and so then the responsibility is gonna go to whoever controls that AI agent. And so now, like if a manager has five developers reporting to him, um and you replace three of those five with AI, well now you're delegating responsibility to two humans, and you have uh inherited the responsibility of these three AI agents, and and now you have more responsibility instead of less.
Jobs, Productivity, And Human Judgment
SPEAKER_01Yeah, well, which so there's a lot of analogs to this because what AI really is is is a significant lift in terms of productivity if you use it right, right? Um we've been here before, so it's not quite the same as AI agents taking over um driving for us. Because, for example, um uh uh fully automated, fully autonomous cars. Uh I still have to sit in the car until the car gets to where it's going. Right now, eventually maybe the car is so autonomous that I don't have to pay any attention, and I can use that time to go do other things, and I probably will. Now, those other things might be stare at TikTok, uh, or it might be get some work done on my way to work, right? Um, and so it what it's what it's done is not uh completely necessarily remove the human. It's just given the human a little more space to go do other things. And so I think that we're in this adjustment period, and I read a thing about how the word processor on computers fundamentally changed work, right? And it's that's maybe the closest analog that we have. We're already typing things up, right, all the time. We've got armies of people typing things up because we need things typed up. And now all of a sudden we have this software that makes us way faster at typing things up, especially when it comes to editing, right? Instead of having to retype the whole thing in our typewriter or even just the one page and try to make it fit in the same space so I don't have to replace the page, I can just go in, edit a thing, and print it again, right? So this is a fundamental shift in our productivity. They say, you know, people were almost five times as fast all of a sudden. Well, what happens is initially humans are like, well, you know, this is amazing. This took way less time than it used to. I'm gonna go golf for a little while and come back and keep going, right? I'm getting paid the same amount. There's no reason for me to be much more efficient. And then what happens is over a few years, there's enough of the new generation coming in that have never known what it was like to not have word processors who are just like, well, I can do 10 times as much as this other guy, right? Because I know how to use that word processor to be more efficient to keep going. So I don't think humans ever get fully replaced by AI agents. I don't think it makes sense. I don't know that AI ever gets to a point where it has common sense enough to be replacing humans completely. Until we get there, it definitely doesn't have a chance. And maybe AGI and these promises we have of superintelligence will give them something like human experience to make good decisions. But I don't know that I buy that. But I think what it's primarily gonna do is give us a significant lift. And right now we're just like, hey, this is kind of cool. I'm a little bit faster, but over the next few years, this is going to be the way that we work. And not working this way will be mind-boggling, but it's still gonna be a human that's looking at the PR, you know, that's digging through the code that the AI agent made and looking at it like you would an army of juniors code and saying, is this good? Is this bad? Do we need to change things? What needs to change?
SPEAKER_00Right. And the human still needs to decide what to do at a certain level. Um, you know, you can delegate uh kind of as much decision making as you want to to the agent. You can say, like, hey, I am a lawyer, make me a website, and it can pick like a brown background for your lawyer website or something like that. Like you can you can delegate all that uh and and maybe the website uh suits your tastes and maybe it doesn't. Um but like uh imagine if uh Steve Jobs said, Hey AI, make me like some kind of phone. Um, you know, it it wouldn't be the iPhone. And and so yeah, person still needs to decide what they want.
SPEAKER_01Yeah, and the ingenuity and all of that. I mean, I I I'm with you. So I don't think I I'm going to give a big disclaimer that I might be totally full of shit. None of us really know what's coming, right? Uh maybe Sam Altman has a clearer view, but but he we have to assume that he's blinded by, you know, uh uh his his life depends on this thing being as big as he thinks it's going to be. Um and so so it's hard to know. But I'm in the camp that it's unlikely these machines get enough better in the near future to overthrow us, to take over, to destroy Earth, whatever. I think that the existential crisis is probably not there for a while. I'm not saying it'll never be there. I think we probably have longer than a lot of these people think. Um, but I also think that the hype from what was possible. I mean, we saw such huge leaps, you know, from hey, that's a neat haiku, to hey, it's actually building this feature for me from the ground up. And that was really exciting. But real quick, we came back down to Earth in wait, I asked it to build that feature, and it had no context on how to build that. It architected it completely wrong, and it didn't build a feature, it built a whole new product and tried to merge that into my code base. And what is happening? Because it can't make a decision to save its life. Yeah, so I think we're we're coming down some of that hype cycle.
Risk, Hype, And Doomsday Talk
SPEAKER_00Yeah, so there's so much interesting stuff there. Um, you know, on the topic of like predictions in general, um, I think making predictions is an excellent way to be very wrong. Um and like it doesn't matter, like like you can predict like such and such will never happen, or it's inevitable, and like it seems so like self-evidently true, and then something comes along and totally makes a fool of everyone because everybody was wrong, you know. It's like would nobody ever run a four-minute mile that's physically impossible, and then one guy does it, and then a few more people, and and then it's commonplace a few decades later or whatever. Um, so I'm very hesitant to make any sort of predictions, but I I I do like to make predictions with the disclaimer that this is just for fun, and I don't really think I'm I'm gonna be right. Um so the the doomsday thing is interesting because there's there's a there's a mix of of different things. So there's like the capability of the technology, and then there are like natural laws of the universe and stuff like that. Like there's no reason why you would ever shoot me in the head unless something made you want to. You know? You're you're not just gonna do that because you have access to a gun. Um and like the the same is true with machines, like they're not gonna do anything unless there's like a reason to do it. Um and so I I don't buy the idea that uh machines are gonna be destructive just because they have the capability and because they have have uh mental and physical capability. I think there would be have to be a reason for them to want to, if want is the word. Um and the other thing I'll say about that is um people uh anthropomorphize machines way too much. Uh they they think of an intelligent machine as possessing uh well it's like okay, we have intelligence, and along with intelligence, we have all this uh evolutionary psychological baggage, um, you know, like uh a desire for power and and uh uh sex and all this stuff and and all the stuff that comes along with that. And and machines don't have that stuff, and they won't have that stuff unless we specifically build that stuff in.
SPEAKER_01Um anyway, just like they learn from us, which they are. That's where they're getting all of their context. Uh, you know, and they're already demonstrating things like survival um instincts when when people try to you know ask an LLM how to shut it down and you know it'll try to talk the person out of doing so. And I mean there's there's some weird things that make you raise your eyebrows. Um and so I understand how the doomsdayers get there. Part of part of the reason I'm not a big doomsdayer on it is like, yeah, maybe we all die. At least I'll die with everybody. Like, I mean, you know, in in in theory. Um, but uh, you know, part of the part of the role I'm trying to play in this, and I think one of the things I'm interested in in the AI space is guardrails, you know. I don't I don't want the robot from uh RoboCop to be murdering folks. So hopefully they're using maybe don't on that robot when it comes time, you know, that there's there's some real careful guardrails on it. But uh those are the kinds of things, you know, I I think it's an interesting problem. I think AI is a hot mess right now, and I think it's gonna be a hot mess for a long time, and I'd really like to be a significant part of making it less of a hot mess because I think it's powerful technology.
SPEAKER_00Yeah, it's it's so fascinating. Um, I agree that it's a mess. Um, it's like we have this uh really sharp knife, and people are using this knife to make uh precision cuts and and build really uh incredible things, and people are also using this knife to just slash and destroy inadvertently and create complete messes. Um, and it's it's not like a a future thing. Like people are already doing this now. Like they're people have made big messes with AI and huge messes, yeah.
SPEAKER_01Yeah, and I have I have friends who run software agencies who have gone from absolute panic over this is gonna destroy all of our jobs, to oh, if all I do is clean up those vibe-coded apps for the next 10 years, I'm gonna be just fine because holy shit is there a lot of just crap out there, you know, AI slop in apps.
SPEAKER_00I I do want to be um I I want to be appropriately cautious though, um because not that I think you're saying this, but like I don't want to make the assumption that AI is not gonna progress much beyond where it is now and and like make bets based on that. Because yeah, for all I know, we could we could achieve a a step change in AI next year or something like that. I I personally I think that that will have to be something other than LLMs. I I think LLMs are a dead-end path, but I I wouldn't bet against the idea that something significantly better is coming.
SPEAKER_01Uh I'm completely with you. My question is on the timeline of it. Uh I I can't, I it's not obvious to me that we're two years away from that. Uh, if if I was a betting person, I think we're seven to ten years away from that. Um, I think we'll have a lot of, oh, that's neat, oh, that does that thing better, oh, that's cool, oh wow. Uh, but I think, you know, it's it's like the self-driving to go back to the self-driving car analogy. Getting from you know, zero to ninety-eight percent is is one thing, but that last two percent that costs us everything, is the difference between life and death takes a really, really, really long time to get to, you know. And uh, I don't know how well we're actually doing it. And the horror stories of people who end up in cars that can't make a good decision keep racking up, you know. Even if they're getting better, and they're getting better, to be clear.
SPEAKER_00Yeah, my understanding okay, because this is an interesting parallel that I think is worth thinking about. Um, my understanding is that long ago, from a statistical perspective, um self-driving cars surpassed human safety. Um, but uh something something I read that that pointed out something I hadn't thought about is that being equally or better than a human at driving isn't necessarily good enough. Um but we in order to accept it, machines are gonna need to be way better at driving than humans.
Self-Driving Parallels And Public Trust
SPEAKER_01Yeah. I I think that that's true, uh, because because of a whole bunch of things. But uh uh yeah, I I I don't disagree with that. But there's a difference between just safety. If we all wanted to be safe all of the time, we would take trains and you know, public transport, we would never drive because driving is dangerous. But we make the trade-off that it's dangerous, but probably not so dangerous that I'm not gonna get where I'm going. And so I'll get in this car and drive. And it's the same thing where if the trade-off is I'm going to get in this self-driving car, and it's it might get me where I'm going, or it might get stop in a, you know, stopped in a parking lot in a doom loop, going around in circles, and I'm gonna be late to my airport, like happened to that guy in the Waymo, or you know, there's there's always a story. And now these stories make big splashes, right? People die in cars all the time, and it's different than those way more people die in cars than get stuck in a self-driving car in a in a circle. So that trade-off might not make sense, right? But there's still there's the perception of it uh is is really interesting that people are like nervous about the things it'll do or won't do, or had one bad experience, and I swear they'll never take a self-driving car again because they're all like that, you know, even though you have a bad experience with a driver, you're gonna get in with another driver, assuming it's a different driver.
SPEAKER_00But yeah, yeah, and there's an interesting thing. Uh there's an interesting difference between self-driving cars and AI because there are like societal um ways to hit the brakes on on self-driving cars. Like um, you know, the government doesn't have to say that it's okay for self-driving cars to be out on the roads among everyone else, and um uh people in general um might not support the idea, you know. Um, I think maybe the uh the laws will be kind of downstream of public sentiment, and so kind of everybody has to go that direction at once. But with AI, um there's kind of no there's there's no way to like plug all the holes. Like some governments wanna like disallow you from buying chips that are so powerful or whatever, thinking that that will but you can't stop everything. It's like once you once you put your finger in one hole, the water's gonna come out some different hole somewhere else. Sure. So there's there's really no stopping it. The genie's out of the bottle, and it's it's going forward whether everybody likes it or not.
SPEAKER_01Well, and and the other thing that's really different is self-driving cars. It's it's actually one thing. Get me from here to there, right? Like that's what it's doing. And there are very clear-defined rules. You stop when the light is red, when the stop sign is there, when the car in front of you slows down, you know, like it's very, very clear rules at the end of the day, where the rest of the things we're doing with AI is like, really anything, you know, go write me a recursive model in haiku. Like, you know, I mean, it's it's wild. The I I think that's the second time I've said haiku. Uh I recognize that there are other forms of poetry, let the record uh stay. But um, you know, the it's it's pretty wild how open-ended the number of things are that we can do with uh with AI. And so it's it's it's a whole different world. And we're trying to train it to draw things, to say things, to sound certain ways, to, you know, uh it's it's just really different because it's so so so much broader.
SPEAKER_00Yeah. Are you um concerned at all that that what you're doing with maybe don't has an expiration date? Um, you know, you said maybe we're seven to ten years away from something. significantly better, but maybe and and maybe it'll be irrelevant by by that point in time. But if I were you, I'd be at least slightly concerned that AI just gets good enough and smart enough that these things aren't needed.
Third-Party Guardrails And Conflicts
SPEAKER_01So the reason that I am not stressed about that is that there's a difference between making a good decision and making a decision in fill in the blanks best interest, right? Even if there's a human in my life that uh let's call it, you know, say an executive assistant that I say, hey, can you go buy me plane tickets? Right? I'm going to still give my instructions to that person around like, hey, I'm never going to want a ticket that takes me through here. I'm never going to want a ticket that leaves at this time and comes back at that time. You know like there's there's certain things like that that I'm going to care about being in my interest. And uh uh yes, okay, now I recognize this analogy is breaking down. I could communicate those things to an LLM every single time I use them. So let me let me that's exhausting. So having it written down as guardrails like, hey, here's my parameters. Uh you know maybe we put those in the custom instructions in ChatGPT if you're ever buying me a plane ticket, here's the instructions to follow. So maybe some of those things go away. But the reason I think it's it's not a stress is um I think that we're always going to want third party guardrails, first of all. We're always going to want the guardrails that we control that are separate from the main company doing it. Doesn't matter how good Elon Musk's robot is I want a third party control on that robot when it enters my house so that I know just telling Elon's robot you never get to come into my bedroom is different from me having a third party thing that keeps it from ever coming in my bedroom or whatever it is, right?
SPEAKER_00And can you say why you want it specifically to be a third party rather than part of like the same vendor's system?
SPEAKER_01Yeah so so a concrete example there give give let's say you're interacting with AWS's MCP server. That's a thing that you can do right now. Like hey AWS uh spin me up a Kubernetes cluster with you know three uh three nodes in two different regions or you know whatever two different air availability zones or whatever it is that you want to do right you can you can go say very specific and have some confidence that say Cloud Code or whatever AI agent you're using is going to go do that thing for you leveraging AWS's MCP server. Now let's talk about AWS's concerns in their guardrails. They want to make sure when Jason asks for this it doesn't spin up in Bob's infrastructure. Okay so they're they're taking care of the auth problems um they're taking care of what you have access to what you don't um they there's a whole bunch of priorities that Amazon has in terms of where the guardrails are. But if you ever say to that agent something like go get me some you know go spin up enough resources in AWS to support my application. Okay. And that AI agent goes to spin up those resources in AWS. Now AWS isn't going to put a guardrail on that that says you can't have a 500 node Kubernetes cluster because they want you to have a 500 node Kubernetes cluster. Their interests are different than yours, right? And um but you're going to want to have some guardrails that say never spend if you're going to interact with AWS's MCP server, you never get to do something that's going to cost me more than$500 in a day. You never get to do something that's going, you know, whatever those guardrails are your interests Amazon's interests and Claude's interests are all different interests. That's why you're going to want third party guardrails. Does that illustration help a little bit I I I don't love it but uh no no I think that's that's perfect.
SPEAKER_00Um I mean when you said that what popped into my mind was conflict of interest um I just wanted to illustrate that explicitly in case anybody was like hmm why exactly I I think the reason's conflict of interest right yeah I so I think it's it's a everyone is incentivized to make the AI better.
SPEAKER_01Everyone is we are all incentivized to make the AI better. I am Anthropic is Microsoft is Google is GitHub is you know nobody wants us to have these horror stories where we ask the AI agents to do something and they do something terribly terribly wrong. But our opinion my opinion of what's terribly wrong is different than your opinion of what's terribly wrong is different than everyone's you know and so if the more that we can have guardrails that we control the more confidence we're going to have in using these things. Does the need eventually completely go away?
SPEAKER_00Maybe but I think we're a long ways away from that yeah I think that's a pretty safe bet. Are the guardrails I I can imagine that in addition to just safety guardrails we might want other kinds of guardrails. It seems like there's maybe a continuum of safety to just like preference and stuff like that. Like for example there's this thing that happened to me which was it like pissed me off more than an AI has ever pissed me off before or since but I told I told uh Claude code never commit anything unless the test suite is passing.
SPEAKER_01So it went and changed the test so that it would pass.
SPEAKER_00Even worse. Oh really oh shit okay now I'm excited because I've heard a lot of the example I just gave keep going yeah um it it it seemed to just kind of forget that I told it that um which is like an error of omission so that's kind of forgivable. But then I told it you know what here's what I want you to do uh write me a git hook so that it's physically impossible to make a commit without running the test suite first. And it did that um and so then even if it forgot to it would automatically get reminded it was physically impossible for it to mess up. And then I coded for like hours and I discovered at some point later that the tests were not all passing. And I'm like how is this possible? Turns out Claude code was like bypassing that git hook and doing some kind of like force thing that said ignore the fact that the tests are are failing just commit it anyway and it pissed me off so much and here's here's another thing I want to mention one reason AIs won't take our jobs is because you can't threaten them. You can't say like hey if you piss me off I'm gonna fire you and then bad things are going to happen to you. You're not gonna be able to pay your mortgage and stuff like that. Such threats have no effect on AI and so the the you you can't just fire the AI and get a different one. Anyway that that really really frustrated me that it did that.
SPEAKER_01Well I I completely get it but this is this is part of my let's say Claude comes with that built in guardrail right it's never going to push all it takes is for it to go around that once and you're gonna say I wish I had a third party way to ensure that this isn't happening. Yeah right so how do you do this?
Enforcing Policies Between LLM And MCP
SPEAKER_00Like can we use that thing as an example? Because you know I I raise that example because it's not exactly a safety thing although it kind of is you know it's maybe on that continuum somewhere but how would we like prevent that kind of thing so now you're getting into some of the weeds of exactly what that GitHub call would look like.
SPEAKER_01But yeah I mean it the the short answer is you can have a guardrail that says something like that, right?
SPEAKER_00And there's two ways that we can enforce that one is on um on the call hey this is the thing that's actually being sent to GitHub and we're checking the command and seeing is it trying to force push something through right uh is it trying to um uh override something it shouldn't be overriding whatever I mean we we do check those kinds of things um and then on the call response that that may be less relevant here and I mean even even at a higher level just like you you have Claude um you have your code base it are the third party guardrails like an additional entity that's in the mix and somehow this this third party entity is inserting itself in between Claude and my code base and kind of refereeing everything or how does that look how does that look so it actually sits between Claude code and the MCP server that Claude code's using.
SPEAKER_01So Cloud Code's probably calling GitHub's mcp server uh to to make those changes and so uh we sit between those two and we actually look at the tool call and say what is about to happen so there's there's people there's people who are doing prompt verification we're not doing that right I'm not looking at did Jason ask for this but it's giving him that over there I I don't know what the what the request was I don't know what your prompt was what I do know is is what's going to actually happen going to be an outcome that I'm happy with or not. And so I have a broad set of policies out of the box that look at this and say is this nefarious is this going to cause problems is this going to delete things is this going to you know I mean having something that's like is this going to force a commit even if the tests don't pass that could be the kind of policy that you have right that that you're not allowed to pass on a you know some kind of API call that's going to over override those things.
SPEAKER_00Okay so I I'm not trying to like stump you or or make a gotcha or something like that. I'm just curious. Um this particular instance was local uh so there was no network call involved or anything like that it was a local git hook that it was bypassing is there I I I imagine there must be some way although I can't think of it to like insert yourself in between so that you can stop that from happening.
SPEAKER_01So on the the the local thing is more complicated right right now I can't stop that in say Claude code because it's not doing that via MCP. It has direct access to your file system uh is my understanding I I I could be wrong about that. I haven't looked too deeply into those mechanics. Um the reason I'm focused on MCP is that the vast majority of agents acting on our behalf in the world is through MCP. But not all actions are that way. We sometimes give the agents direct access to things uh and it's my understanding that it has direct access to the file system in that situation.
Local Actions Vs MCP Limits
SPEAKER_00But there are other tools that do all of those interactions via MCP uh if Cloud code isn't does that make sense so then you could put it yeah and um I I just looked at the time and this hour has flown by we just have a few minutes left but I do want to ask you something before we go um you know the this is this is a fascinating period of time of great opportunity and danger and risk and and all those things mixed together. Yep and and I want to obviously I want to avoid the dangers and capitalize on the opportunities. And there's that famous quote the future's already here it's just not evenly distributed and this is a fascinatingly extremely unevenly distributed technology. You know there's so many people who are never ever using AI uh consciously they they don't even know about it. And then there's people who are at the very uh leading edge of all this and I know that I'm not at the leading edge um and I don't know where the leading edge is and so I have this constant concern this like anxiousness that there are extremely useful ways to use AI that other people are are taking advantage of that I'm just completely ignorant of for example I haven't touched MCP it's on my like to learn list haven't touched it yet but I'm curious do you think there's any of this stuff that where it's like man I can't believe more people aren't doing this it seems so obvious I think and I I heard a podcast it's funny because I'm on a podcast um that talked about how the next big lifts we're going to see from AI are agentic flows, right?
Agentic Flows And SEO Automation
SPEAKER_01And I do believe that that's the case. So I spoke to a director of engineering who works at a large marketing firm and he was telling me about how you know SEO traditionally an engineer or it's somebody goes and and pulls down a bunch of information from a blog and runs it you know against uh looks at competitors and what are the the keywords that the competitors are scoring for and how can we edit these blogs so we can insert these keywords and make them score higher so we can score higher in Google and you know all these things will rewrite the blog post constantly with these specific terms in mind. This guy has completely automated this with AI and so he's using Zapier so Zapier has a big MCP setup so that you can interact with all kinds of APIs that don't have an MCP server uh you know built customized for them. You you can interact with your Gmail via MCP right now if you want to by way of Zapier. So what he's done is you know Zapier will go download every single blog from this company's website. It will run it you know run some uh searches to find out who the competitors are, put it into this other system and find out what are the keywords that they're not scoring highly for and should be scoring highly for it will list out all those keywords and then you know figure out which blog posts it should insert those keywords into and then feed that into an LLM to rewrite those blog posts to include those keywords and then republish those blog posts so that a human is never touching any of this. It's entirely out of it. And that's just one simple explanation of that kind of thing right where once you understand all the different things that we can do with this uh yeah there there's a million places where it's moving so fast it's ridiculous. And the people who are on the bleeding edge it's amazing. But it's it's almost impossible to stay on the bleeding edge.
SPEAKER_00Right. Yeah what you know something that I've noticed is like uh when I get an error message now when I'm coding my first instinct is to give it to AI and say hey tell me what's going on um but most people aren't even doing that most people like uh the the biggest mistake that I see people making with AI is just like not thinking of it for enough use cases. And I'm sure that you know I see people making that mistake. I'm sure there are other people using AI in more advanced ways who would watch me working and be like Jason I can't believe you're you're missing out on all these things. That gave me that what you said really inspired me just now um because like for example I'm building a CI product right now it's a competitor to like Circle CI and GitHub actions and stuff like that. I could I could use AI to go find out hey what are what are these sites being linked from and stuff like that do competitive analysis and uh it and automate some of that stuff that I might have done manually and it can help me think of things that I wouldn't even have thought about so I'm gonna go do that uh later now that I have that idea. And it here's another question. This is something I've been thinking about as a 17th priority in the back of my mind but I'm curious uh if you have a thought off the top of your head how you might achieve this. It's a very specific question but um the the bane of my existence is doing all of the manual work to get a podcast episode from my hard drive onto the podcast host and everything that's involved with that um at a very high level.
SPEAKER_01Do you have any idea for like how I could use AI to automate all that the the reason that I don't is because so I've I've run a podcast before but there's so many different ways to go from what you know what format is your audio coming down in, how hard is it for you to normalize that audio how much of an editing process is there. Now I can name software that does a lot of this all the way along the way you know I've I've used recording software that does some of the editing on the fly gets rid of coughs gets rid of laughs you know and you realize oh this person said something there's you know there's this tool called descript that turns it all into text you can go in and select the text and delete it and it cuts out the audio from the entire thing that that person said and it sounds all smooth and natural. You know so there's a the editing is a piece etc I used a tool called Fireside uh I don't know if you use Fireside it's fireside.fm I think I think it's fireside.fm it's one of my favorite pieces of software I have ever used because in terms of just getting your blog out there, do you know getting the the blog post, the RSS, the uploaded file all the bits and then all the syndication it did all of that so much easier than the way most people handle uh podcasting that I was like I I love this product. I I stopped podcasting but I would evangelize it to anyone because it's such great software and it's not expensive.
SPEAKER_00Interesting I'll I'll take a look um um I'll I'll ask an even more specific thing uh just getting somebody's like headshot I I want to find a headshot on Google image search and then upload it into my podcast host do you have an idea of how that might be achieved?
Using AI For Dev Work And Growth
SPEAKER_01Find it find it from LinkedIn I mean the problem is is a lot of those APIs are now you know restricted and you would have to be if you're if you're if you're a first connection to somebody on LinkedIn you think you can almost always see their profile and if you're a second you can sometimes see their profile image and if you're a third you might not be able to see it at all and if you you don't have a connection that you know like so there's all the rules there that are complicated. The reason you don't want to automate that is you don't want it to go accidentally pull down the wrong person's headshot but I I see how you could you know have it insert human in the loop to double check that it's the right person. But uh I mean I think some of these workflows with Zapier might do those things for you. It's pretty impressive What Zapier can do right now via external APIs when they put their MCP servers in front of them.
SPEAKER_00Yeah, I think I need to just like unconstrain my thinking because I was posing that question even overly narrowly. I was like, how do I go to Google image search and get it? Just because that's how I do it now. But it's like, why does it have to be Google Image Search? Uh the the actual need is how do I get a headshot of the person in the podcast episode? And then I should I should start broad and I can even ask uh AI, like, hey, you tell me how should I look into getting a headshot for somebody rather than starting from that overly constrained starting point?
SPEAKER_01Yeah, there there is an awful lot that can be done with AI if you just ask it how to best use it first, which is shocking and kind of depressing.
SPEAKER_00Uh well, on that note, final question for you. Um, where can people go to find out more about you and anything else you want to share?
SPEAKER_01Yeah, I'm pretty active on LinkedIn. That's about the only social media that I use. Uh, I've removed most social media from my life be for all the reasons. Um and I'm really only on LinkedIn because professionally there's a need for it. Uh maybe don't.ai is the website for maybe don't. If you're if you're leveraging MCP or AI agents and you want security around it, we are um it's still early. We're still mostly looking for design partners, but and and we're not always pushing out the latest releases as we develop things for our very large clients that are fiddling with things. Um but uh you know, get in touch. If this is a problem that you have, we'd love to help you solve it.
SPEAKER_00All right. Well, Kendall, thanks so much for coming on the show.
SPEAKER_01Thanks, Jason. Talk to you later.