Cybernomics Radio!

Humans vs. AI, Who is The Bigger Business Risk?

Bruyning Media

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 33:31

AI feels like a shortcut until it becomes a liability. We sit down with Nikki Robinson, STSM of AI and Platform at IBM and co author of Human Factors and Cybersecurity, plus security and risk executive Jennifer Baca, to get brutally practical about responsible AI use, data privacy, and what “secure” even means when the tooling changes weekly.

We start with the basics that too many teams skip: due diligence, responsible disclosure, and why you should learn prompt engineering by experimenting in safe sandboxes. Then we dig into the real world problem of families and coworkers pasting sensitive data into chatbots. Nikki explains why LLMs are company owned systems, why terms of service matter, and why you cannot treat AI outputs as truth. Hallucinations, made up citations, and overconfidence are not edge cases, they are daily hazards that demand critical thinking and verification.

From there, the conversation turns to work and careers. We talk about LLMs as interactive partners that can accelerate cloud learning, generate Terraform, and turn developers into “10x” builders when used thoughtfully. The employment takeaway is clear: you may not be replaced by AI, but you can be replaced by someone who knows how to use AI to improve workflows and communicate outcomes to leadership.

Finally, we connect human factors, psychology, and cybersecurity culture. Instead of blaming people, we explore secure by default design, psychological safety, broken metrics in SOC environments, and how emerging frameworks like the NIST AI Risk Management Framework point toward future AI compliance. If you lead a small or mid sized business, we close with concrete steps using AI features already inside tools like Copilot and Slack AI without creating dangerous tool sprawl.

Subscribe, share this with a teammate, and leave a review if it helps. What is one AI rule you want your organization to adopt this month?

To get ready for the AI economy, visit Cybernomics.io

Josh's LinkedIn

Start Small And Test Safely

What's the due diligence, you know, to use that and to continue on and and push forward with the forward thinking with it? Because it I think it's gonna be scary when once the security models come out and then like I said, the consequences after what we're doing now, those won't come out right away. It's to me uh it's a lot about, especially if we're talking about like vulnerabilities, is responsible disclosure. I think it's super important. We we should as a community continue to help each other and not like yeah, blast each other with you know what I mean, out there. But I think what it to knowing what's right or what to use, I that's why I say like start small. Start with something like business productivity-wise, because chances are you're probably protected with your business data anyway, depending like again, depending on your terms and service. You should be protected enough to use that. The other recommendation I give is to use open source, use open source on your personal computer without business proprietary data. Get comfortable with prompt engineering because the better you get at prompt engineering, the better it's gonna work anyway. Um, so I always recommend people mess around. It can be Chat GPT, it can be Claude, it can be Gemini. Mess around with whichever one you have access to or you'd like to use. For developers, I recommend Claude. You can use perplexity, perplexity is great. So it there's a bunch of them out there that you can just sort of play around with and get comfortable with prompt engineering and the types of responses that you get. And I always recommend people try to break it. Try to break it, try to ask ridiculous questions and see what happens because the it's just like we do hypothesis-based testing in with the scientific method, right? Sometimes we just want to see what happens. So um yeah. Yeah. I just like for my kids and then my parents, I just want them to be careful too, because they're just want to throw their social security numbers into it. Yeah. So what can we, what's what would be a key takeaway for them to just make them more aware and and not targeted?

Teach Families Data And Trust

I have probably a really doom and gloom perspective on this because I am in cybersecurity. So what I will say is for the most part, social security numbers and stuff, they're probably already out there. There have been so many data breaches and stuff like that. That like I'm not saying you should put your social security number in any um AI model, you shouldn't do that. But I guess what I'm saying is education is more about helping them to understand that these are big models that are owned by a company. So anything you put in there, they own technically, right? Like they own the data. The other side of it is you cannot just trust the results as is, especially right now, right? Like you can't just be like, I'm not gonna go to the doctor, like what's wrong with my foot? Right. Uh, chat GPT, and then just take whatever results you get. Because so for me, educating parents, grandparents, and children is helping them understand that just like you would on any other website, you cannot just trust the results. You have to do additional research. Take the time to understand the results, go look at the news articles that it's mentioning or any of the relevant research before you make a decision about what type of data you're gonna take from it. It's great at aggregating data, but yeah, you still have to you, you know, you still have to use some decision making ourselves because it's not uh always right. Yeah. And I think that's where the critical thinking would come back in on that side of things, as opposed because I feel like we're kind of dumb now being so dependent on these LLMs. And and where does the critical thinking like the the next generation? Like, I don't even know. There is actually, there was a scientist recently, uh, I can't remember the name of the paper, but there's a research paper that came out recently just about how people are using AI and how dependent they're already getting on it. So it it is happening, right? It is a a phenomenon that we're seeing. So I to me it's uh uh it's gonna happen, unfortunately, which is why that education piece you were talking about, talking to people about how to use AI responsibly, what it means when you get results, how to interact, I would say h in a healthy way with AI doesn't replace human interaction. It's it's meant for productivity, not for replacing the human experience, I guess. Yeah, yeah. Yeah. The folks who are using it just surface level and not doing critical thinking with the AI, they're they're not gonna do any better than they did before. Yeah. Sad to say. Yeah, AI is not a search bar, right? Like it's not, it's meant for interaction. You communicate with it and you you ask it really complex questions looking on a t-shirt. Yeah. Yeah. Yeah. So it's it's different. Yeah, it's just it is different. But the

AI As A Work Partner

more you interact with it, like like Josh was saying, um, so for example, if you were, I don't know, hypothetically setting up an AWS environment for the first time, uh, and you were like, hey, walk me through how how would I do this? What considerations do I need to make? Uh, consider me an a junior AWS engineer, how would I do this? It can not only walk you through how to do it, it can build you Terraform to do it for you. So that is a huge game changer for people meet needing to develop like cloud skills. You still need to have some, but to be able to build Terraform for you, to build your environment for you, total game changer. Yeah. It'll help you, help it help you. Yeah. Exactly. Yeah, it's a it is, it's a it's communication, it's a relationship because with AI, because you do, you have it's a back and forth uh between the models. Yeah. Are you deep into the the LLMs? Are you doing stuff on the coding side or are you more like big picture strategy? Where do you fit in? Yes. All three. All three. Okay. Yeah. So like today I was doing development work. Um, I was also doing some more like high-level results type, you know, work with, I would say, like working more closely with teams, right? To talk about results and things. Then it also comes down to okay, we're doing this today. How are we going to do this in two months, three months? You you can only plan so far ahead with AI, but trying to figure out, okay, we're doing this this way today, what's working, what's not. And when you're dealing with bleeding edge technology, the best thing you can do is just iterate fast. Like just keep keep trying new things and see what works and what doesn't. Are you leading a big old team or I have a team of 30 developers? I work with some of the coolest people on the planet, like truthfully. Uh, so it's it's pretty cool. It's nice to be able to stay hands-on while getting to work with developers and especially with junior developers, like getting to to mentor and grow and teach skills uh while I still get to be hands-on is pretty cool. Are you gonna automate or are you gonna AI away any of those jobs? Do you think that any of those developers would be basically developing their own uh replacements? Not as far as my team. The way that I've seen us use AI has really made people more like 10 times developers. So, really, all I've done is enable my team to work faster and build more capability faster. Like my whole job is really how can we build capability faster? And the more efficient that I get that my team gets, the more capability we build, the faster other teams get. So to me, we're just working a lot smarter and harder, really. Okay. People ask me this question like it's the number one question I get. Will AI take my job? Will AI replace me? Right. And so I ask everybody this question and I get a million different responses. What is the definitive future of AI and employment? I think if you're not using AI now to enable the work streams that the different work streams that you do, if you're not using AI today, then you could be at risk. You really have to be using it, whether it's for development, whether it's for business process and workflow. If you're not leveraging it to try to improve whatever workflows or products or systems that you're working on, then I think you will be super behind. My best advice for people is embrace it, use it, learn it as quickly as possible, and start solving problems with it. So what I'm hearing is that it's both. It's not that you're gonna be replaced by AI, but you will definitely be replaced by people who are good at using AI. I think that's probably more the scenario. If you're not leveraging AI today to improve your whatever work that you're doing, to make yourself work faster, to build things quicker, you know, like to build dashboards and things. It used to take days or weeks or whatever, you can do it in 20 seconds with leveraging an LLM. So why not? So let's take it out of the, you know, the chat bot or like somebody who is sitting there doing tasks. Do you see that folks that have more managerial or executive thinking and those kinds of skills, will they outpace the folks who are, let's say, more junior? I I'm gonna speak uh pretty candidly about this because I I feel pretty strongly about this. We used to be at a place where you could be an engineer and work by yourself in a silo and do a thing and you didn't have to talk to people, right? You could if you were responsible for an application or some sort of product and you could do it by yourself, then that was great, right? Like you it was great, you do the thing, you go home, you're done. What we're seeing now is you have to be able to communicate and use technology in a really, I would say, effective way. If you cannot communicate the way that you're using technology to executives or leadership, I think that you you're not gonna probably get as far. It's harder to get farther without those communication skills. I think we are seeing sort of that shift, especially as management and executives get more hands-on with AI tooling themselves. The more that they use it, the faster that they can work, the more that they can do, the more they increase their productivity. I think if you can't communicate both upwards and laterally, then you will be missing some of those skills that you need to move up. I want a chart that just tells me every week who's getting replaced and whose job is in danger. But, anyways, I've got a boatload more questions for you, Nikki, and we can go down the AI rabbit hole. But

Human Factors Meet Cybersecurity

Jen Baca is in the house. And welcome, Jen. Hello, hi. Jen is helping me co-host today, and so I thought having a security and risk executive in the same room as an STSM of AI and platform at IBM in the same space talking about security and AI. Your book, Nikki, tell us a little bit about the book. What is it called? Just give us a brief overview and we'll dig into a point of contention, I feel. Like there's a little bit of tension here. There's some people who think that the human is not the biggest risk, and there's some people who think that the human is the biggest risk. Jennifer, you're on the side of the humans are the biggest risk. Nikki, you make a compelling argument for why the human is not the biggest risk, but not in the way you think. So if you can just give us a little bit of a summary of your book and then we'll get into it. Yeah, perfect. So the book is called Human Factors and Cybersecurity. I wrote it with my wonderful co-author, uh Calvin Nobles, Dr. Calvin Nobles. Uh, he's been a longtime friend, and he basically got one of the first PhDs in human factors related to cybersecurity. And I feel like I just sort of followed in his footsteps, uh, kind of right behind him. So essentially the the idea behind the book is taking the field, the area of study, human factors and ergonomics, which is, you know, a very well-established field. It's used in aviation, it's used in a number of different uh fields and areas, applying those uh scientific methods and hypothesis-based testing to cybersecurity. So bringing a real, I would say, scientific grounding to what we do in cybersecurity, which doesn't always exist. Human factors is really the combination of engineering, design, and psychology. When you bring those principles together, you really understand how humans use tools. My favorite example of what human factors and ergonomics is, is how we use different hammers for different uses. Uh, you use a, you know, you would use a ball peen hammer for something that you would use one of those rubber mallets for something else. And we use them because we're humans and we need to use tools effectively. So we're taking that type of method and applying it to cybersecurity. Awesome. So for the uninitiated and uh the tourists in risk and cybersecurity, Jen, what is the reigning uh opinion about human factors or the human factor in cybersecurity? And most organizations that I've been in, a lot of times, most of the vulnerabilities are through our people, our employees. They're not educated enough, they don't have enough knowledge. And at this point, technology is moving so fast, it's really hard to keep up with, as you were saying. And so, how do we get them in a place to be more secure on behalf of the organization? Well, and ourselves, essentially. Mm-hmm. And so far it's been basically just security and awareness trading. Right. And to what depths? Yeah. Right, right. So, Nikki, how's your work changing that? Yeah. So I think we we kind of flip the picture just a little bit, right? Knowing that humans have limitations. Our attention spans, I believe, over the last few years especially, have dipped down to like 12 seconds, I think, is what the human attention span is. So when you're dealing with technology, you're dealing with lots of different tasks where you're changing um applications all the time, you're communicating with uh, you know, email and then some sort of comm channel, and then you add another task and you're going to this and that. We can only process so much information at a time. And so I sort of make the argument that maybe we don't make tools and technology for humans that help humans be really effective and secure. Uh I'll give you an example. You know, years ago they started talking about shifting left, about building security into products because products were having default credentials on them, like admin, admin that you could log into. And a human would have to understand that that was a default configuration and go in and change it, versus a product already having a more complex username and password enabled uh by default. So that way it would be secure out of the box, not assuming that a human is going to go ahead and make that change. That shifts it's a very difficult time. Taking their decision away, taking taking their choices away. Yes. Is that you, you, you, you would you remove that from being an option as a security gap or a security misconfiguration, allowing someone to focus on other security measures and not potentially missing something that that could be you know potentially really dangerous or have very serious impact. Jen? Yeah. Feel free, by the way, too. I feel like you're the moderator. Yeah, I'm just processing all of that. Yeah, I'm I'm I I I don't want to just I have a because I will bombard you with questions. I will never run out of questions. So, you know, there's so many, and there's so many good ones. Because I mean, how do we even where do we start and how do we get to that point when we're so I I don't know, is it like traditional? You know what I mean? Yeah, yeah. Yeah, Nikki, how do you deal with culture? Yes.

Psychological Safety Beats Blame

I love this question because psychological safety is a huge, is a huge theme throughout the book. We talk about psychological safety on a lot of levels because when we don't feel safe enough to communicate what's going well and what's not, things will never change in an organization. If I can't go to my leadership and say, hey, this is not working for me. The this tool, this configuration, this workflow, this does not work, and here's why. Let's figure out a way to solve it. If I feel like I'm gonna be punished, if I feel like I'm gonna lose respect or whatever, I'm never gonna speak up, meaning that those things that continue to go wrong will continue to go wrong. Um, I'll give an even more specific security example. So let's say I'm working in a SOC and my job is to clear 100 tickets a day. Maybe I have to hit some quantifiable measure or else I have failed, right? So let's say I'm clearing 100 tickets, uh, or let's say I've got 80 and I've only got five minutes left of work, right? Before I'm logging off and I'm going home. Well, I'm gonna clear those last 20 tickets because I have to, because that's a quantifiable measure. But what if I miss something? What if I'm not looking hard enough because I want to go home, right? I'm a human being. I want to go have dinner, I want to go see my family. And what if I close those last 20 tickets just because I have to versus, hey, I didn't get to those last 20 today because of X, Y, and Z? Can somebody pick them up right when I leave for the shift? So there's a difference of how we actually look at how humans behave and the things that they do, and versus like necessarily blaming them for the way that they behave and that versus understanding maybe I'm not creating a psychologically safe culture for them to be able to tell me what's going wrong so that we can try to fix this, enable them to review the alerts uh a little bit better, give them better tooling so that they have more time. Uh, or maybe not say a hundred tickets is the thing. Maybe that's not a metric that that works for us, right? And we can evaluate that. So I think there's a lot of ways that you can kind of say culture is super important, but I think psychological safety is at the core of that. I don't know for a fact that everything you said is true because I'm not smart enough. I just have to take your word for it, but it feels true because everything you just said, I feel like could apply to like regular relationships. So why wouldn't it apply to you know job-related things? Because mainly what you said is just having psychological guardrails, and I'm gonna have to listen to this several times again because I want to use that exact same talk track the next time I get yelled at by my wife. I'm gonna say, look, yeah, you I need a psychologically safe space. You do not create the psychological environment where I could not. That should be a thing, actually. I I would not mind hearing that in an office environment. Right. Well, what you're talking about is giving people grace. I think with the human factors discussion over time, it's been humans are the problem, humans are the problem, humans. I know I'm the problem. Humans screw things up. We're not that great. You know, we're great, but like we're not that great. You know what I mean? But you're offering a different angle, which I think for the AI crowd, and I think this is a good segue into AI, the AI crowd wants to think that technology is the solution.

When AI Helps And When It Hurts

So does AI give us a leg up when it comes to the human risk factor? So yes and no. Yes and no. That's all it which is my favorite way to answer a question, which is basically it depends. Yeah, it depends. Yeah. It's my favorite way to answer a question. The reason I say that, the the yes part of the question, yes, it does because it augments a lot of the processing time that it takes us to make really thoughtful, effective decisions, quick decisions with a lot of data. We can only parse so much data at a time. AI does a wonderful job of parsing massive amounts of data. And especially in a security context, when I need to understand a lot of data really quickly to make a decision on whether this is a true positive or a false positive, that part of it helps us make faster decisions. So, yes, absolutely. And and there's lots more examples of that. That's just sort of one example of where that helps us. From the no perspective, anyone who's been hands-on with any AI model, I'm not calling any of them out, any AI model, regardless of whatever context you're using it, you have to work with it. You have to be a really good prompt engineer, you have to understand contextual engineering, you have to be able to really work with it to get the results that you're looking for. There's still a lot of hallucination. There's still a lot of making things up uh that aren't real. If if you have any, I can say this because I'm also a professor. So students using, you know, different models to kind of pull in research, and then you go look up the research and it doesn't exist. It's made up some research that a scientist never actually created. So those things are still happening. So I would the we reason I say no is if you just use AI and believe everything that it says, you're gonna be in just as much trouble if if you weren't using it at all, right? So I I think there's balance between using it for the right scenarios, helping us to make really good decisions, but you have to really work with it to get uh to those good results. How do agenc workflows change that? And here's why I'm asking a lot of the hallucinations and the issues that we've had with AI seem to come from discrete models or discrete chat bots. But if you've got agents sort of validating each other's work and your prompt engineering is on point and you're able to create and orchestrate really good agents, does that reduce the risk of the AI reducing the risk of humans? It's a lot of risk. Yes. I would say in that context, yes. I would also say that it takes a certain level of skill to be able to do that. Like most I the reason I say this, uh a lot of engineers who haven't been super hands-on with really digging deep into how the LLMs work and how different LLMs uh work better than others in in certain scenarios, right? Some uh some models are really great for uh coding. Some are really, really good at it. Other models, not so much. They they they kind of give you spaghetti code. Um Chat GPT. I didn't say anything. So but there are some models that are better than others, right? So again, if you've been super hands-on with it, if you understand the way that different models interact, how to interact with them, yes, 100% it can help reduce that. And partially because what you're essentially doing is giving it enough information, helping it to build enough tasks that work together and operate together. And for the most part, a lot of times if you're working. With your agents and saying, hey, you didn't do that right. I want you to take another pass at this. Look at this. You know, fix this error, do this thing. You can get it to a place where it does operate really well for sure. So yes, I would say we're still a little ways away from that just because it does take quite a bit of work. But the short answer is yes. I want to stick here a little bit on the agentic orchestration piece. And Jen, I think you are the perfect person to ask about executive thinking. You've been in that seat and you've had to manage a program and manage a team and manage people and manage technology as a security professional. What executive skills do you think people need to bring to the agentic economy? Having the communication for sure. So understanding what you're trying to get out of those, the AI tooling, right? And then being able to understand what Nikki's pointing out, the human behavior of it. But I don't think there's like a model for that yet. Like it's still so new. Like I went to a conference a couple of weeks ago. And because things are so intertwined right now, we're also getting to a point of like if AI messes up and it destroys something within the company, like who's going to be responsible? They're starting to put developers in those seats just as they are with a CISO. And so there's all these like different factors coming into play. And I just I don't know. I'm so like overwhelmed by it by that thought alone. Okay. I think you hit the nail on the head. So it's a business problem. Yeah. Right. So who's responsible if the AI messes up? You know, what would you do? If this was a normal employee, what would you do if the employee messed up? Like, let's say they just did something really bad. The downtime was like half a day. The company lost, you know, millions of dollars. Customers are leaving because their reputation is bad. What would you do with that employee? Oh my gosh. I don't know. I haven't been in a I haven't been in a place of that like extent before. Have you, Nikki? Have you never fantasized about firing someone? No, never. Well, good. Never. I mean, I think there's definitely a learning lesson that comes out of it. And I don't think as humans, we're doing these things intentionally. It's because we don't, we don't know any better. So how do we get better? Like, is there a class on how to use AI? Can we start implementing that? Is there a training on AI and what to do and what not to do? Yeah. Yeah. Nikki. As you can imagine, being, you know, studying a bit more psychology and being on the human factor side, I understand that we as humans make mistakes. That's a thing that we do, right? Especially in technology when you're learning and growing. Maybe five years ago, I think he was my first manager at IBM. What he used to say was, fail and fail fast. If you're going to mess up, do it quickly. So we figure out what's going on and we fix it and we move on. So to me, messing things up isn't necessarily a bad thing because to me, you're trying, you're working on it. There's a difference between I tried something, it didn't work, I'm going to try something else, versus I make the same mistake over and over and over again because I'm I'm not learning or I'm not integrating the things that I've learned into, you know, what I'm doing. Like there's a difference there. But for the most part, when I work with people, when they're making a mistake, it's they're trying something, we're trying to figure it out, and then we'll just keep working and making it better and better. And that's where I think that those candid conversations come from, cycling back to psychological safety. When you have a safe space that you can communicate that with someone and that someone feels okay with making mistakes, I can tell you working, there's one developer that comes to mind that him and I work very closely. And giving him the space and the empowerment to make mistakes, to try new things, to see what's going to happen, you know, that makes him a better developer. And he feels like it's okay if he makes mistakes, right? Because he's got support. So to me, it's like a lot of, especially now in the AI space, we're dealing with a lot of bleeding edge technology. So we're all kind of figuring it out together. So to me, if we're making mistakes, we're trying something new. To me, it's all the people that are coming behind us are gonna learn from all the mistakes that we make. So it works out. What I'm hearing from both of you, there's a theme, and I wrote I wrote down and I circled it right here: learning and communication. So it seems like the feedback loop is the common thread that runs you know between both of your responses here. So from the executive side, you may not fire someone right away. You'd want to learn some lessons, figure out why it was the way it was. And maybe they did deserve to get fired. But with AI, you can't just fire your AI, but you can make the system better. So I'll leave you with this last question, Nikki. What is IBM doing to make the system better? I can't answer that question. I can't answer that one. I'll get you next time. Uh you almost have me. Almost. Well, I'll okay. Yeah, let's put it this way, then. What can small, medium businesses, because I know I think a lot of the enterprise companies, the Fortune 500s, the Fortune 1000s, they've kind of figured this out. If not, they've got KPMG and the big four and the you know the big consulting consulting firms helping them. But the SB market, I think, is struggling to onboard with AI. What would you say to them, to a CEO of a 200 person shop that has no clue where to start?

SMB AI Steps Contracts Compliance

Yeah, I would my my best advice for small to medium-sized businesses is a lot of products are coming with AI built-in already. So you look at, you know, Outlook with Copilot, look at Slack with Slack AI. A lot of the business productivity tools that you're already using already have AI integrated, or you can enable them. So my recommendation is use the tools you already have, use the AI integration to improve business process workflow first. Do those things first. Anywhere that you and it's not about saying, I want to automate a workflow anymore. That's that's not really like what we're doing with AI, right? What we're saying is outdated business processes, manual interactions, things like that, we should no longer be doing. We shouldn't be wasting time on that. So I encourage people like something as simple as using um, I'm just gonna call it out because it's just just as an example, but using Copilot to create a PowerPoint presentation for you. I don't make PowerPoint presentations anymore. I don't write documents from scratch anymore, right? I use really good prompts to help me build them and I will edit them and make them, you know, the way that they need to be, right? As a final edit. But spending, you know, day, hours and days on presentations and documents anymore shouldn't be a thing. And that's an easy thing to integrate uh AI into business processes to reduce time for manual inputs, presentations, word documents, things like that. And then in your um, like let's say you have your Messenger app, uh team, Slack, whatever, right? Most of them have AI built into them that help you either with transcription or can help you summarize a meeting really quickly. If you couldn't attend a meeting, you can summarize it really quickly, get a, you know, kind of a debrief. Start using it in that way. That way you don't have to buy new tools or integrate new tools. You can start with kind of what you got in-house before you start saying, oh, we have a gap here. We need to fill that. But I'm I'm a big proponent of using the tools you already have if you can, versus like integrating 50 new tools because they have AI in them. Uh, because tool sprawl is a thing and that creates risk footprint, all those things. So that's sort of my recommendation to at least get going and then figure out your gaps at AI where you need it. Is AI tool sprawl really a thing already? Yes. Yes. Yes. We just started rolling this out. Anyways, Jen, you get the last word. The last word? Well, I have a question. Oh, go for it. You get the last question. Can I ask a question? I think there's part of me that is I I love AI. I love what it's doing for us as a society and a community, but also like the security aspect of it. Like, how do you know what you're putting into AI is going to be secure? All your stuff that you're putting, all the information you're putting in to help your business or whatever it may be, is not going to be pushed out later on and found. And what like what's happening with that? I think that's what I'm kind of wondering is how much can we actually depend on it? I love this question because I can give you a very executive answer, which is there's terms and services. Terms and services agreements are super, super critical right now because that should be like the upfront clause is you cannot use our data to train your models, right? Like point, you know, keep keep it simple. But it all of those things should be in the agreements with any of the technology providers or any of the models that you're integrating with or using. Like even if you're using AI that's built into a product that that you already have, check those terms of services, see if you need to update a contract, like any any of those things where AI is integrated, chances are, you know, you can kind of get that updated to make sure your data isn't being used to train models. That's sort of the easiest one to make sure that. But there's a lot more in those uh legal documents that I've glossed through. Um so it's super important to check those out, make sure that your your data is protected. So just having legal involved a little bit more. And is there a compliance aspect yet? There it's coming. It's coming. There is and there isn't. There is like the NIST AI framework, the risk management framework. There's there's there are some things that are coming. I suspect, like most laws and regulations, they take time. So we will see more coming out, but slowly we're seeing in the market more compliance frameworks for AI. A lot of them are around transparency, robustness, things like that. So you can actually see what the model is doing. Um, but that's mostly what I'm seeing when it comes to AI uh compliance. It just seems like it's a free-for-all right now, and we just haven't seen the repercussions of it yet. And it'll catch up with us, and then by that time, okay, implement all these controls and all these things because we figured it out, but we're like behind.

Where To Find The Guests

Nikki, Jen, it was a pleasure having you guys on Cybernomics. Nikki, where can people find you and where can they find your book? Uh, you can find me on LinkedIn, Nikki Robinson. Uh, you can find human factors and cybersecurity on Amazon, Barnes Noble, pretty much anywhere books are sold. Yeah. Jen, how can people find you and uh track you down? You guys can find me on LinkedIn as well, Jennifer Baca. And um, I should be one of the first ones to pop up. I think I jumped from like the tenth one to the second. Oh, why is that? What do you think? I don't know. Algorithm. Yeah, the LinkedIn algorithm. All right, and thank you for listening to this episode of Cybernomics. I'm Josh Bruni. You can check me out on LinkedIn as well. I think it's LinkedIn.com slash Josh Bruning. And feel free to shoot me an email, josh at bruning.com. And if you have any uh questions, comments, concerns, constructive criticisms, uh just shoot me a message. Thanks for listening to this episode of Cybernomics. All right, did we get it all in?