Apple Vision Pro Meets AI: Why Your Company Needs Both

Show Notes

What happens when Apple Vision Pro meets enterprise AI? In this episode of The Audit, Alex Bratton—applied technologist and AI implementation expert—joins hosts Joshua Schmidt and Nick Mellem to reveal how spatial computing and artificial intelligence are colliding to reshape how we work. From conducting million-dollar sales meetings in virtual reality to building AI governance frameworks that actually work, Alex breaks down the cutting-edge tech that's moving faster than most organizations can keep up. 

This isn't theoretical innovation—it's practical implementation. Alex shares real-world examples of pharmaceutical reps training with AI-powered virtual doctors, airlines redesigning airport gates in spatial environments, and manufacturing teams using Vision Pro for secure work on confidential documents at 30,000 feet. If you've been skeptical about AR/VR or overwhelmed by AI adoption, this conversation delivers the clarity you need to make informed decisions for your organization. 

Key Topics: 

• Why Apple Vision Pro is the "iPhone 1 moment" for spatial computing and what that means for enterprise security 
• The three categories of AI tools: reactive assistants, task-based agents, and goal-oriented digital employees 
• How to build AI governance frameworks without crushing innovation or falling behind competitors 
• Real security concerns with AI tools and which vendors are actually protecting your data 
• Why mid-market companies are outpacing Fortune 500s in AI adoption—and what that means for your industry 
• Practical strategies for baking AI into company culture without triggering employee resistance 
• The critical difference between free AI tools that steal your data and paid platforms that protect it 

Whether you're a CISO evaluating AI tools, an IT director building governance policies, or a security professional trying to stay ahead of threats, this episode delivers actionable intelligence you can implement today. The AI revolution isn't coming—it's already here. The question is whether your organization will lead or get left behind. 

#cybersecurity #infosec #AI #VR #AppleVisionPro

Chapters

• 0:00: Welcome & Guest Setup
• 1:55: Alex’s Background & Apple Partnership
• 5:10: Vision Pro: Spatial Workflows
• 9:50: Secure Work on Planes
• 13:15: Spatial Experiences & Use Cases
• 16:40: AI + Spatial: Training & Design
• 21:40: Timelines: Adoption & Impact
• 26:20: From Prompts to Agents
• 31:00: Tools, Integration & Flexibility
• 34:10: AI Security, Governance & Culture

Transcript

SPEAKER_02: 0:04

You're listening to the audit presented by IT Audit Labs. I'm your co-host and producer, Joshua Schmidt. We have the usual suspect, Nick Mellum from IT Audit Labs. And today our guest is Alex Bratton. Alex is an applied technologist and AI implementation expert. He's here to share some AI advancements that are cutting edge and then stick around to the end. We're going to have some tips on how to implement AI into your organization in a secure fashion. So without further ado, Alex, thanks for joining us today.

SPEAKER_01: 0:30

Thanks. It is awesome to be here and uh love having any opportunity to geek out with folks, but make it applied geekery of how does this actually drive real business results. So thanks.

SPEAKER_02: 0:40

I love your chotch keys in the back. We're chotch keys here. Yeah, you can you can tell a lot about a guy by his by his collection. Uh as you can see, I'm a music guy and producer. So what do you what do you do in your spare time when you're not when you're not geeking out?

SPEAKER_01: 0:54

Uh well, of course, as you can tell, equal opportunity, sci-fi, and superhero. So all things that are lots of fun. Um gaming, and at the same time, uh, sure I run a company, but at the same time, I'm hands-on testing the latest AI, diving in, writing code, playing some interesting dungeon delve board games, you know, any of that fun stuff.

SPEAKER_02: 1:12

Uh it's too bad you're not in the Midwest here. We have a we have a really sweet uh game night every Wednesday or first Wednesday of every month. So very cool. We'll have to talk more.

SPEAKER_03: 1:21

I have to touch back on the Totchkis, though, because my wife makes fun of me all the time. Because if we go anywhere, I'm always looking for Totchkies, little things, you know what I mean? Yeah, exactly. My wife always makes fun of me for it. So I'm to have another Tchotchke enthusiast with Josh and I here tonight.

SPEAKER_01: 1:40

And we're kind of already there. I'm trying to figure out where the Galactus popcorn cup has to go. Because I I don't have it yet, but it's gotta go up there. It's gotta go up.

SPEAKER_02: 1:51

Um so um we got into your hobbies there for a minute, but I'd love to hear professionally what you've been up to. You have quite an impressive list of credentials on your LinkedIn. I'd love to have uh you explain what you've been working on and tell us what's top of mind.

SPEAKER_01: 2:04

Uh sure. My my personal why is all about technology as supposed to help people thrive at work. So all of the many companies that I founded have all been about that. Uh 25 years ago, I launched LexTech. It really focused on, hey, how do we help build the tools people use to do their jobs to drive great business results? Um and in the starting days, I'll say the the early days, so before 2008, that was embedded tech, web stuff, um, you know, controlling government systems, all kinds of fun stuff. But in 2008, the magic of the iPhone hit, and that was suddenly, you know what? Wherever people are going to touch technology, that's where we needed to be. So we pivoted the whole company to be mobile. And that was actually also the launch of our partnership with Apple. And we've been working with Apple's enterprise team for 15 years, um, especially now in the uh the the age of the Vision Pro, to help these big companies figure out what do we do with this stuff? How do we empower people? And that and that is the key for me. It's all about how do we give people superpowers? And that's something that we the geeks get to do now, and I love that.

SPEAKER_03: 3:05

We know the right guys. So if we need some test Apple Vision Pros, we're just gonna call Alex to get a couple sets.

SPEAKER_02: 3:12

Send them on over.

SPEAKER_03: 3:12

Alex, I have to just tell you because when Josh said you were gonna come on with the Apple Vision Pro, I brought up whenever these came out a year or two ago, I was telling Eric that we need to get three sets of these and we need to do a podcast in Apple Vision Pro. Obviously, it didn't happen, uh, so I'm very jealous that you're doing it.

SPEAKER_01: 3:31

Well, you'll still need to push that because that is exactly what I have something that is spatial conversations. It is a first spatial podcast where, you know, yes, you have virtual me here, but when we can connect via FaceTime uh Vision Pro to Vision Pro and bring up to five people into a virtual space and capture it where, you know, here we're still in Flatland, but when we can actually be sitting next to each other and fist bump from a thousand miles away, that changes everything. And it changes everything for business, but for podcasts, it's just incredible.

SPEAKER_03: 4:01

Yeah. I gotta stay on the Apple Vision Pro for one more second because I am a fellow geek and loving this stuff. Have you been on an airplane with those on?

SPEAKER_01: 4:10

Oh yeah. Oh yeah, really? Oh yeah, because I and definitely it definitely starts conversations. Now, one of the interesting things, and I don't know that you can see it on the real world camera here, but uh you if you're in real person, you can actually see my eyes here so that it you know it feels like I'm here. So if a uh you know flight attendant is walking by, I can look up and they can see that I'm looking at them, and it's a little less freaky. Uh but lots of great conversations. But as a as a business traveler, you know, back to the security side of things, this is the most secure way in existence for me to work on high confidentiality documents on an aircraft. I can have my laptop up here, and the screen is black, and I'm looking at a virtual Mac screen in front of me, working on agreements, presentations, whatever it is. It's awesome.

SPEAKER_03: 4:55

Yeah, that is very cool. I when I had a pair when they first came out, I wanted to get on an airplane. It just was too weird for me at that time. But now I think I'd be ready to do it, so I think I need to give it another shot.

SPEAKER_01: 5:08

It it's much more common now. And uh and I've never had anybody be weird about it. Lots of curiosity, and that's cool. You get to have great conversations with folks. And I've been on multiple flights where I wasn't the only person.

SPEAKER_03: 5:21

I think too, the curiosity is awesome because I think, especially in our space, most of us are very passionate about cybersecurity. And if somebody asks you about it, generally you we want to have the conversation with you about it. That's just part of the trade, right? We want to educate people. So this is kind of the same thing, right? If you think it's cool, I already think it's cool. It's you know, we obviously align, let's let's have a chat about it.

SPEAKER_01: 5:43

Yeah, and there's there's so much we can talk about. And again, this is this is the iPhone 1 moment for the world. That came out, and you know, 5% of us were all over ourselves and waited in line for 12 hours to get them. And the rest of the world was like, who are these crazy people? Fast forward to the iPhone 5, and it really changed everything of how we work. Sure. But the that's the part that I really give Apple a lot of credit on with this, is that this is the first time ever that they have telegraphed this is what the future is going to be in five to ten years. And they started in the enterprise because of some just great enterprise and work use cases for it, but it's the kind of thing where if folk, if you haven't done it, get to an Apple store and get the demo. This is so different than the VR headsets out there. Spatial computing is very different. It's it's bringing everything that might normally be on my computer, and I've I've got windows floating around me here where I can see what I need to see. It changes everything. So in five years, you know, what it's not gonna look like this. Is it glasses? Is it something else? But this is the future the same way the mouse was when Apple brought it out.

SPEAKER_02: 6:44

You mentioned that uh you're you're kind of testing some of these things out. Have you seen any new workflows come about or have you found any specific tools that will blow people's mind that that you've been using in their spatial uh work life?

SPEAKER_01: 6:56

Uh definitely. Uh and it I'll say for us, it really comes down to just the collaboration and being able to bring a small team together and uh put content together. So pair programming in this is insane. You know, doing that in person, you're kind of stumbling who's got the keyboard, who's on top of each other. Virtually two of us sitting next to each other looking at that 10-foot screen of one person typing while I've still got my computer doing it. So collaborative engineering, collaborative design, awesome. Uh, from a business perspective, um, we had actually put together some originally it started as demoware of hey, what if we could bring some people in and there's a lot of companies out there where for a high value proposition sale, it's a million-dollar sale or a ten million dollar sale, I'm selling you an aircraft, I'm selling you a piece of construction equipment. You have to travel to go see it. And what if instead if we're apart, we can actually be sitting next to each other and I can put the bulldozer right there and we can get a feel for it. Or we can actually be out on your manufacturing floor and take the piece of equipment you're thinking about buying and put it where it would go and talk about that. So uh essentially I see today the Vision Pro is the only thing possible for million-dollar conversations. If something matters that much to a sales process or we're collaboratively designing a new cruise ship room, it matters. That then I don't have to put people on planes. It's amazing.

SPEAKER_02: 8:24

That's amazing. There's a video online that my daughter has gotten really into the Titanic lately and all of the history about the Titanic. And it's a video where you virtually walk through the entire recreation of the Titanic. I I feel like that would be something that would be really cool to experience, you know, or or being alive in Jurassic Park or um doing a Dungeons and Dragons type game where you're actually dungeon fellow.

SPEAKER_01: 8:46

And there you're speaking to me. Yeah, absolutely. Yeah.

SPEAKER_02: 8:49

Game night just got a lot more interesting.

SPEAKER_03: 8:51

Yeah, I think it was re or when I had the headset, they'd they were doing the music on Apple Music. You could like sit in the recording room when you know one of the artists, or I think it was like Metallica has one where you can like be on stage with them. Oh, cool, or something of that nature. And that to me, again, I'm going back to the solo experience, but I think that is probably the first thing that most people are gonna have be mind blown by the kind of the tips, like like the party, the party trick, right? Oh, yeah, like you get in a Tesla, right? And it's just so fast, right? That's the party trick. Like the party trick for this to me, for the average user, is the they're on stage with their favorite artist or they're watching a basketball game courtside, right? Exactly. Right. So that's that's very cool to see that coming up.

SPEAKER_02: 9:35

I was wondering where's the crossroads between VR, augmented reality, and and AI. Uh you've worked a lot with AI. I think you even have a book um that you just wrote uh about internalizing AI into your company culture. I'd love to hear about that. And then where the crossroad is between AR, VR, and and AI, AI.

SPEAKER_01: 9:55

Uh so the the book is uh practical AI for leaders. And it it really is um it's about our journey of how do you bake it into your culture? How do you start getting everybody? And I'm not gonna say AI first because that's not what it is. It's just AI leaning. Every time we're touching something, we should be asking, hey, could AI help me do this better? Um and it's it's telling our story of how we did that, which was um last year uh we really put together some simple programs around expectations everybody in the company needed to experiment and then share with everybody else in the company how that went, and then the the fast forward on that of how do you start building up teams to figure out which tools we can use and how do we put the right processes in place and those things. So the the book was all about that. Um and the uh AI side of things gets really interesting when we link it to spatial. And I won't say VR, I'll say spatial. Um, because I mean again, the the avatar of me that you're seeing here, my persona, there's a lot of processing power going into that. That's you know, scanned once and used forever. But being able to allow me to then interact with something else at that level of fidelity that isn't real, that's powered by AI, becomes an incredible training tool as an example. Um, we've talked to a number of folks that have uh sales forces, and maybe they're a pharmaceutical sales rep that has to get good at talking to doctors. Well, I can practice this with another salesperson, but they're not an oncologist. If I can actually practice talking to a virtual oncologist in their office that feels real, the skills retention there is so much deeper. So that that kind of thing just goes is huge. Uh, we were actually talking with someone else at one of the airlines. They're using the Vision Pros to first prototype out um what new gates at an airport might look like and then to go through that because they do that today physically. It takes them 30 days to build physically this gate and then bring a bunch of people in to review it. Their thought is, well, they can build it digitally, and then they could talk to an AI and say, hey, you know, give me a chair that looks like this. Put 10 of these over there and essentially use that to help them do the design work in the moment and just accelerate the heck out of it.

SPEAKER_03: 12:11

Yeah, it's all happening real time. You can test, tweak right then and there.

SPEAKER_01: 12:15

Exactly. Exactly. And that that conversational partner piece, I think that's one of the huge powerful elements of AI.

SPEAKER_03: 12:20

Yeah. There was when the, you know, we're seeing the training aspect, kind of what exactly what you're saying, but they were showing like a doctor practicing surgery. They're showing, I think it was Formula One or NASCAR, they were practicing changing the tires, right? Like the getting some muscle memory down by, you know, going quick and like through a repetitive nature. Not you don't have to actually do the physical tasks. You can you can practice on your own, you could practice with with the whole group, but you can do it in a controlled environment. Love that. Um speeding it up, cutting a lot of cost out for organizations that could be for medical industry, it could be for racing industry, it could be for cybersecurity industry. There's a lot of use cases for these testing, this testing range that we're looking for.

SPEAKER_01: 13:02

Definitely. And AI becoming critical because it's observing how you're doing and providing feedback. Hey, you missed step three. You left the screwdriver over there. Um, or fast forward, that's some of the things that again, um we're seeing Apple really lean into is the uh I'll call it more the the frontline worker use case of all right, I'm wearing this and I'm in a high-tech manufacturing job and I'm cleaning and manipulating a big piece of equipment, and it's watching me do the process. And the AI is actually recognizing, okay, did I put the parts in the right places in the right order? That gets really interesting. We're still super early in that, but it's all technically doable now.

SPEAKER_03: 13:45

Do you think, you know, when we're having the conversation about it, we're early on. When do you think we're gonna be far enough down the pipeline where this is gonna be more of a reality every day? Is this like 15 years away? Are we talking three to five years? What what's your thought on that? Is it soon?

SPEAKER_01: 14:00

It's this is coming so fast. Uh and again, iPhone 1, what I'm wearing here. Yeah. Um, but the iPhone 1 took, I'll say, five or six years to start changing everything. I think this is gonna take maybe two or three before Spatial is having the impact. Um, AI coupled with that, I mean, next year. It's moving so fast. The technology is um the rate of adoption of AI is probably ten times faster than it was for uh mobile.

SPEAKER_03: 14:31

As Josh mentioned, we're doing an AI class, or actually rather just uh completed a couple weeks ago. And I don't know if we're just so much more immersed in it now. I mean, we were before, but we wanted to really strengthen our ability. So we sought out this or look for this class. And I don't know if we're so much more immersed in the world that we're seeing it, or if I think AI is even picking up more speed over the past, let's say one year, it's everybody's using it now. My mom is asking about Chat GPT, right? Or you know, everybody's asking about everybody's using it, it's writing our emails now, right? It's helping everything, unfortunately. Unfortunately, but we're seeing it more and more and more. So that's what prompted me the question of kind of where you're getting at what's what's next, what the next two or three years, like you're saying, it's gonna be more mainstream. People are gonna start adopting it. Because I think that is a part of the problem we're seeing in not only in our industry, but across almost all industries is the adoption rate and how they're adopting AI. Are they need to be doing it probably a little bit more quickly, but doing it correctly, right? Policies, procedures, setting up that governance within the organization. And you know, and I brought this up before on the show, that one of the biggest problems is people needed to get on board quicker because it's a you know, the discussion of Netflix versus Blockbuster, or way back before the the iPhone came out, Nokia, right? They had the whole market space. They're virtually gone. Kodak with cameras, they're not making film, right? They're they're out of business because they didn't follow trends in the in the industries.

SPEAKER_01: 16:07

Agreed. And that's that's part of which what's exciting me again. I I first touched AI touched AI, I'll date myself a little bit, uh, almost 40 years ago.

SPEAKER_03: 16:16

Okay.

SPEAKER_01: 16:17

It was not ready for prime time. It was very different. Fast forward, um, what I loved about mobile technology was it empowered people. It let folks who weren't geeks really lean in, and AI is that exponentially. Anybody can use it. If you can talk, if you can communicate effectively, you're suddenly in charge of a technology assistant. And that that's just amazing. Uh and to the Netflix point, I'm having conversation after conversation with I'll just say peers, you know, folks who are leading mid-market companies that are looking at this of, you know what? If we adopt AI, we can reinvent how we're doing things. And these aren't tech companies. Absolutely. Um, I've uh someone in particular um in the um the kitchen remodeling world, he has taken what was historically not a lot of tech and turned it into, well, we can map out what we're talking about while we're sitting here, show you a picture, what it could look like, hit a button, and the team knows what to go build.

SPEAKER_03: 17:18

We're accustomed to thinking or judging somebody on what they know, but not what they can learn. That's it. Right? So if we can reverse that thinking, so so let's say Josh isn't a cybersecurity professional, but we give him AI, he he can fill in, he can do a lot of things. He can be a lot more than just scary, he can be very dangerous in the space and doing a lot of things, great work that maybe somebody with a four-year degree that's right, that's just out of the gates. We can get speed things up and and really supercharge somebody's abilities uh if they're used it the correct way and you teach them how to do that. It's all about exposure to AI right now.

SPEAKER_01: 17:55

It it is, and you nailed it, it's the it's the speed and inclination to learning. That that's the key, being open to those things and using it as a tool, learning those new things. And and again, today it's AI. In ten years it will be something else. The same way that you know mobile was the key word back in 2008 through 12 of I need a mobile app. The word mobile mobile is gone. Fast forward five or ten years, we're not gonna say AI anymore. It's just gonna be a part of everything that we do.

SPEAKER_02: 18:26

And I still have family members that can't even sign into their iPad or download an app. So I wonder what kind of yeah, what kind of tech support's gonna be needed there? Most people are getting used to AI through writing prompts, right? Or or just maybe replacing their their search engine with ChatGPT or Claude. But what would you recommend for people that have gotten to the next level? Like we're we went from writing prompts and asking questions to creating Chat GPT projects or custom projects or cloud projects. What would be the next step after that to further immerse yourself or your organization?

SPEAKER_01: 19:00

Good good questions in terms of what that continuum looks like. Um so looking at AI, there it really breaks into kind of three categories. So the first I would call really a reactive assistant, and that's exactly what ChatGPT is, or custom GPTs. It's I ask it a question or I ask it to do something, and it does it. Um and there are thousands and thousands of tools that are doing that. The next category is a bigger step just because it requires a little bit of learning, but that's where we start getting into task-based agents. So we use that magic word agent, and we have to be careful because it means 50 different things to everybody. But it's tasks step-by-step automation, where if I do this, so for example, I post a non-disclosure agreement into this Slack channel or this team's channel, that the agent would grab it, review it, and put comments back in the channel. That that's a task agent. The next step is what I'll call um more actually digital employees, or we call them digital staff, where they're goal-based, where that digital staff is focused on, you know what, you're a business development rep. Go find prospects for our business, research them, reach out to them via email, and schedule the salesperson appointments. It has a goal and a bunch of tools, and it figures out what to do when and how. So let's put that totally aside. The automation piece in the middle, that's where tools like uh a Zapier or an N8N get to be interesting, of just to start, okay, if I could plug these three things together and add a brain in between them, what could I do?

SPEAKER_02: 20:31

How much time and stock should we put into learning Zap and N8N when AI is just around the corner? Because they're pretty intense programs, right? Um they do require a little bit of attention, a little bit of a learning curve. But then I'm also thinking like, well, if this is agentic AI is just around the corner, should I really be spending, you know, a thousand hours or even a hundred hours learning N8N?

SPEAKER_01: 20:53

Uh interesting question. And uh I don't think Agentic AI is going to replace any of that. Um the so for example, the MCP protocol that's coming out that allows you to essentially it's a generic API for an AI to talk to a system. That's really interesting because it would allow an agent to talk to the CRM or the email system or whatever it is without having to care what that API is. Many of the tools, like N8N, there's an MCP server that you can put in front of that. So you could describe the automation that you're looking to have built, and it could actually craft that and put it together for you. But to the question, um I think this is a good example where understanding, hey, what does it look like to integrate things together? What is a tool? So that when that agent is doing a thing that we know, oh, okay, it's a tool, it's talking to a system. Um, I think that's actually really important for most folks to uh if you're technical, you have to. If you're inclined, you should.

SPEAKER_03: 21:53

Yeah, how you are actually interacting with the tool. Yeah. It's interesting. Random question, then, Alex. Do you have a favorite right now? If you had to pop open one of the tools, what are you reaching for?

SPEAKER_01: 22:05

Um, so my my defaults, um, because I've done a ton with it and it does a great job. Uh so chat GPT is my that's my general go-to. Um been experimenting with the the 5-0 model or the five models that just came out to see, okay, what's that really add to the mix? Um, love doing deep research with it. That is absolutely my go-to. Anytime I have a brain spark about a topic of I wonder, a research request goes off. So map it out. And whether it's a go-to-market question of, hey, who's doing things in this industry, or how would I do technical topic X? I love that.

SPEAKER_02: 22:40

I'm gonna defer to Nick on some of this stuff, but I wanted to generally ask the question you know, what kind of blind spots are you seeing with AI security? We're we're basically rushing to giving AI a lot of power and a lot of insight into our personal life, into our schedule, into our emails, um, so that it makes things easier. What do you see that balance of, you know, making tasks easier, taking the workload off, and then kind of preserving some personal security or informational security? And how do you weigh the cost-benefit uh uh ratio on that?

SPEAKER_01: 23:15

So that was about 50 questions. I gotta get them in while I can, Alex. But no, that it that and that is the challenge that we've got right now because people are blazing straight ahead and and rewinding a little bit, and I'll use the iPad as the example uh when it came into the business world. It was brought into the business world by business leaders who are like, I need this, I want this, and whether that was a doctor or a CEO, it didn't matter. And the technology teams were so far behind that it was it made it difficult for everybody. They couldn't figure out, okay, how does this connect to the network? How do I secure it? How do I do anything with it? And many IT teams today, any company size, are doing the exact same thing. They're struggling. There are so many ways that we can empower teams, but is this tool secure? Did somebody just sign up for a tool that's free that's stealing all of our information? Which so that step number one is this the stepping back and communicating with the team around, hey, what are our expectations? What is responsible use of AI? It doesn't mean here's the five tools you're allowed to use, or something we see very frequently in big companies is the answer to AI use is no. Well, that's not real. Come on. What are we gonna do with it? What does responsible mean? Number one, you have to understand what are the licensing terms of this thing we're using? What does it do with our information? And for non-geeks looking at legal agreements, that does that's not awesome. Um, internally, we wrote a custom GPT to analyze that. So we could give it a tool name, it would go out and grab all the documents, bring it down and say, yes, they're gonna train on your data. And that that's the magic question. Um but the simple statement being if it's free, you're giving them your data. Forget it. Don't ever do that. If it's paid, okay, well then get somebody involved if you're gonna use it officially. But while you're tinkering, don't give it state secrets. That doesn't work. Um but taking those to the point where we know what's going on. Um now for me personally, again, I'm coming in on the Vision Pro. Um, one of the things I love about Apple is their privacy stance. I think one of the huge challenges, and I don't know that folks see it coming, is that when we couple AI with the company that hosts all of our emails and our documents and that makes money by selling advertising, that's a bad combo. And we have two megacorps that sit there at the center of that, that's dangerous.

SPEAKER_03: 25:41

You you lob it up perfectly, Alex. I'm was thinking about these things along the same lines. We're in a we need to, if organizations haven't gotten or stood up a governing body for AI, get it get a board of people, four or five people, whatever you decide on, and start deliberating on what direction you're taking with AI. Because it's coming, you gotta do it. You have to do it now because we run the risk of if we don't do that, your employees are gonna do it on their own anyway.

SPEAKER_01: 26:09

Shadow IT is real, it's gonna happen. Of course, yeah.

SPEAKER_03: 26:11

We've seen it all the time through plugging proof point. You know, we see it at one of our clients that they're emailing each other back the their work and their personal, they're emailing back and forth. So, what do you think they're doing, right? They're taking their information that they're working on at work and they're sending it to their LLM and their personal machine, and they're sending it back with their output, right? So they're using it already. Uh sometimes they might be using it uh you know on their machine. But so first off, it's you know, figure out the direction you want to go. Let's peel the hood back and figure out where you want to go, what we want to use it for, if you're gonna run it, uh, if you're gonna let if you're gonna use cloud, if you're gonna run on cloud or if you're gonna run on-prem, right? How are you gonna do this? Um, and and then you have to get policies and procedures out. You have to uh educate your staff, and then you have to train your staff on how to actually use it, right? It's one thing for us to say, oh, don't use state secrets. Right, that's just a given. That's things that the three of us we just know that is a no-no, we're not gonna do that.

SPEAKER_01: 27:10

But what does it really mean?

SPEAKER_03: 27:11

Yeah. What does it really mean? Exactly, right?

SPEAKER_01: 27:14

Yeah, totally agree. And it's helping them be comfortable with it. And again, for me, that's about how are we baking this into our culture? This is the new norm. This isn't as simple as, hey, we're just gonna hand everybody Excel who doesn't have it. It's it we're not giving you a tool. We have to change how we're thinking about work. Every time I'm about to do a task, how could AI maybe help me with this? And just giving simple guidance, not IT scary stuff of no, no, no tools. Like, no, we have we have to embrace the whole company and surfacing this stuff. IT can't own all of it.

SPEAKER_03: 27:46

Totally agree. Totally, totally agree. I I I actually think organizations could run a risk of overprotecting this. You can tighten the bolts too hard. Um, and that and we run that balance in cybersecurity all the time, right? We people need to be function, they need to be able to function, right? I mean, if we're in a perfect world, we would just disconnect from the internet, right? And then we're gonna write in the cybersecurity world. That's not an option for us, right? So we gotta ride that razor thin line of tightening the bolts too hard. And we're having the same problem, I think, with AI. I think a lot of organizations are gonna come in and they're gonna put too many policies, procedures around it. We should be deleting enough or we realize we need to add things back.

SPEAKER_01: 28:26

It's interesting when you hit on the potentially clamping down too hard. Um, that's something that we see very, very frequently in the big businesses in the Fortune 500 because they have very sophisticated IT security and data teams. So, especially over the past year or two, many of those teams have raised their hands saying, we own everything. Nobody touch it, nobody do anything. And unfortunately, many of them have been successful in wrapping their arms around it and kind of shutting everybody out, and which again has totally missed why does this technology exist? It doesn't exist for that group of people, it actually exists for the people who aren't the experts, aren't the geeks? Wait, I can just talk to something, I can chat with something. And so where we're seeing people be successful is actually focusing on the employees. Maybe it's an airline pilot or a flight attendant, maybe it's a salesperson. What would help this person do their job? What would empower them? What would take friction out of the way? And the part that, again, the groups that are locking it down are missing is if we can identify the couple things we want to help people with, we can just trace a thin line through the back end systems, the data, the policies. We can figure out that part first. And then we can do the next line and figure out that part. Instead, we're boiling two oceans. We're boiling the ocean of what's all of our data? Make it accessible. Well, you know, to power something for this person over here, you might not even have the right data yet. But most folks, hey, let's we have this, so let's take our ocean and figure that out. And then let's look at the systems. How do we AI enable all of these systems and make them all accessible? I appreciate the thinking, but spending three years on that means you are going to be so far behind. When I look at mid-market and smaller businesses, I love the passion of business leaders saying, we have to do this. Hey team, let's figure this out. And they are moving so much faster, which is actually hinting to me that I think we're going to see a lot of leadership positions in a bunch of different industries change. The internet drove that, mobile drove that. This is driving it even faster. And I think we're going to see some small to mid-sized companies that become really big because of what they're doing with AI.

SPEAKER_02: 30:33

Interesting. Is that a sea change in thinking of employees not just as another cog in the wheel to accomplish a task, but treating each individual like their own entrepreneur within the company? Is that kind of where you're coming from with that AI enablement?

SPEAKER_01: 30:48

And that's an interesting way to put it. And that that is my core belief is that things like AI should be giving people superpowers. We should be helping that one person be 10 or 100 times more effective, not how do I implement AI so I can fire my whole team? I think anybody doing that, number one, you're focused on cost cutting and that's not good for growth. That's not where you grow. Number two, the great ideas of where AI is going to transform the business come from those people. And they're the ones that have the idea. So once they get comfortable and they can lean in and have that entrepreneurial always learning, hey, what if? When they start to ask the what if at times 10 or 100 or 1,000 employees, that changes everything.

SPEAKER_02: 31:33

Seems like it started with an ultra kind of an altruistic stance. I mean, baked into the name, right? Open AI, it started out open source, I believe. But now we have this kind of AI arms race going on with nation states. Um, how do you see that squaring off with kind of it seems like things should be moving more to open source? Um, if everybody's enabled to kind of be their own entrepreneur and um everyone has Leonardo da Vinci and Albert Einstein in their pocket. Um, how do we get from where we are in this kind of like keeping things close, but allowing people certain liberties? And how are we going to balance all that moving forward?

SPEAKER_01: 32:12

Uh that's an interesting one. Um, I don't know that it necessarily needs to go open source. And I think again, back to what we the humans control, we control being great communicators. We control coming up with the ideas and framing what it is that we want the AI to do. Um, and then even, hey, here's the process. When we're building things, for example, even in the agentic world, I mentioned ChatGPT earlier. You know, it's a simple go-to. But you know what? If I'm writing code on my Mac and I want to be having it generate different types of code, I might be pointing at different systems. So the the simple statement of not ever being locked into a single vendor is more important now than ever in technology. We've got to be able to take that prompt that I created and say, you know what? Since this vendor is not better at this thing, I'll just move it over here. Maybe there's a little bit of rewiring, but we have to be crafting things in such a way that there's flexibility there.

SPEAKER_02: 33:06

I'm gonna hand it over to Alex, but I just want to say, you know, you're using the paid version, which it's saying we're not training off your model, but uh is there any promise there that they're not gonna be selling data or you know, packaging it up and for marketing um usage or essentially.

SPEAKER_01: 33:20

And that's where those license agreements come in and are so critical of yeah, what can they do? And I'll I'll use Midjourney as the example. There's the free version, you know, you publish stuff and it goes out in the world. There's the paid version tier one where you can do it and you can commercially license it, but they retain the rights to use anything you created in their marketing. That's not cool. So then you have to buy that the next tier up to be have shadow so that anything that you create is yours only. So you have to pay attention to that if it's it's commercially important. Um Nick, back to the writing email since it's come up a couple of times. Uh to me, that's actually another example where I think Apple is um as they continue to evolve the on-device models, that's our future. Being able to run the model on the iPhone, I'm running the iOS 26 beta. I built my own version of an app that is a mini chat GPT that runs on the phone so I can chat with it, chat with the model, but that's 100% private. Anything that's going through the Apple ecosystem, let's forget all the comments of who's the leader on what right now. They're gonna surprise the heck out of the world because there's so much AI baked into those devices already. And with those models running on device, they could become the largest AI company overnight.

SPEAKER_03: 34:38

I do appreciate on the on-device because as security engineers, that's the biggest thing, right? We want to hold our data and hold the keys to that.

SPEAKER_01: 34:45

Exactly. And I think that's where, again, over the next 12 to 24 months, um, and I don't know that most folks have really acknowledged, and having worked very closely with Apple for 15 years, I've seen their privacy stance, I've seen their security stance, and there's no other company that's their peers, and I will conclude the AI companies now, especially in that, that is paying any attention to the kind of stuff that Apple is. That we the user own our data. Even for a corporate enterprise device, the okay, I'm what does the employee own and what does the company own? They they have put so much around that to allow you to separate those things and do interesting things with that. I'm really expecting that as we have 26 going live and 27, um, the secure AI, that's gonna be a big part of the marketing and what we all have to pay attention to going forward. And I think Apple's gonna drive it.

SPEAKER_02: 35:35

We gotta get our Apple Visions. It was probably, you know, we got to get Eric on. It was probably good that he wasn't, because then we could have got all of our questions out and we weren't stepping on him because I'm sure he could go all day with you too, Alex. So um I want to thank you for your time and uh we really appreciate you coming on the show. You've been listening to the audit presented by IT Audit Labs. My name is Joshua Schmidt, your co host and producer. Nick Mellum riding Shotgun today. And our guest is Alec Bratton. And you can check him out on LinkedIn and see some of the things he's got going on and then check out his book as well. Um, you can find the audit anywhere where you source your podcasts. We now have a video on Spotify and YouTube. Please like, share, and subscribe. And we'll see you in the next one.

SPEAKER_00: 36:15

You have been listening to the audit presented by IT Audit Labs. We are experts at assessing risk and compliance while providing administrative and technical controls to improve our clients' data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, where all our security control assessments rank the level of maturity relative to the size of your organization. Thanks to our devoted listeners and followers, as well as our producer, Joshua J. Schmidt, and our audio video editor, Cameron Hill. You can stay up to date on the latest cybersecurity topics by giving us a like and a follow on our socials, and subscribing to this podcast on Apple, Spotify, or wherever you source your security content.