Cybernomics Radio!
This is Cybernomics Radio, where we pick the brains of today's leaders to learn how their decisions are reshaping business and tech.
Through in-depth conversations with founders, executives, cybersecurity leaders, economists, researchers, and innovators, Cybernomics examines what happens when intelligent systems begin influencing how companies operate, how economies function, and how humans make decisions.
From AI deployment and automation to cyber warfare, digital power, labor disruption, governance, and the psychology of technological change, each episode cuts through the hype to uncover the real economic and human impact of emerging technology.
Cybernomics isn’t just about where technology is going, it’s about who wins, who adapts, and what the future costs.
Cybernomics Radio!
Word on the Street: Is SaaS Dead? Mythos and The AI Security Vendor Race
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Richard Stiennon is back with the Word on the Street! AI isn’t just a chatbot tab anymore. It’s quietly becoming the interface inside the software we already rely on, and that shift changes how fast we can build, operate, and secure modern systems.
We talk about what it feels like when AI is embedded directly into tools like AWS Route 53, guiding you through confusing workflows step by step instead of forcing you to bounce between docs and prompts. From there we zoom out to the “SaaS is dead” noise and what’s actually happening: products racing toward AI-native experiences that help you onboard, connect data, and get value fast. We share a concrete CRM example, why traditional CRMs feel painful, and how newer tools make setup and integrations like website form-to-CRM routing take minutes instead of hours.
Then we get into the limbo stage a lot of teams are in with advanced AI engines like Mythos and the buzz around Fable 5. We break down a real cybersecurity use case: mapping an entire security stack to frameworks like MITRE ATT&CK, MITRE D3FEND, and the NIST Cybersecurity Framework, producing structured outputs that used to take consultants months. That leads to the hard question every software company asks next: how do you build fast with AI without touching customer data and putting HIPAA compliance or SOC 2 controls at risk? We walk through practical guardrails, including using synthetic data and keeping development environments separate.
Finally, we sort out where “AI security vendors” actually fit, from governance and model protection to AI-powered email security, DLP, and SOC automation, and why this category may soon just be called security again. If you’re deciding how to adopt AI safely while still moving fast, this is for you. Subscribe, share this with a teammate, and leave a review with the biggest AI adoption blocker you’re facing.
Catching Up And What’s New
SPEAKER_01Richard Stephen. Last time we did this, it turned out to be a hit. And so we're doing it again, word on the street. What have you been up to lately?
SPEAKER_00I I haven't heard from you in a long time. Yeah, I am super super
Building Faster With Embedded AI
SPEAKER_00busy. We are building IT obviously. And uh I offloaded our uh CTO by using a new AI tool to build our websites, and those took about 72 hours of back and forth and I 45 minutes of my time. So start to see personally the benefits of using AI tools, blown away by the fact that now when you go to certain sites, they've embedded AI logic and capability into the actual app. So for instance, Route 53 from AWS, right, which is where I do all my my DNS stuff. Oh, super confusing, right? And the interface is just horrible. And now all of a sudden you're talking to an AI and you say, I want to do this. It says, good. Click here, open up the panel, make the changes, save it, you know, just watch you through the whole process. And that's the future, right? No longer going to Chat GPT and say, hey, I'm using Route 53. How do I do this? It's like just embedded using Amazon's AI.
SPEAKER_01Oh, yeah. I I heard something about that, that a lot of SaaS companies are sort of moving towards that model. First, we're hearing that SaaS is dead, and then we're hearing that everybody's trying to redesign to be AI native. And so, yeah, it sounds like this is kind of the in-between, between like being truly AI native and not having to sacrifice all on your traditional tools.
AI Native SaaS And Better CRMs
SPEAKER_01And I've never really done it personally.
SPEAKER_00What's that like? I've tried half a dozen CRMs over the years, and they all are horrible, right? And they they all just like, okay, you signed up, here you go, and you go, well, where do I start? What do I do? How do I get my spreadsheet in there? And so I'm using one now called Attio, and it just tells you what to do. And it's easy to connect to. When I built the website, I said put the form, you know, that people fill out, put all the contact information into the CRM. And it's like minutes devoted to doing that instead of hours.
SPEAKER_01I can go on all day about SAS and what I think is going to happen there, but that's an interesting
Mythos Fable 5 And Real Output
SPEAKER_01development. What I really want to talk about and where uh I think a lot of people are sort of in the limbo stage is obviously with mythos. Fable 5 came out and then it was gone.
SPEAKER_00It was up for three days. They had amazing things in three days. Somebody created an entire game for his little handheld uh game player in one shot and loaded it up and it works.
SPEAKER_01Did you get to play with it at all?
SPEAKER_00Yeah, yeah. I was using it right away. We've got uh clients now that need mappings of their entire security stack to uh miter attack, miter defend, nist, etc. And we don't have all the data yet in the platform, so I just went out and with a single shot gathered all the data on all the products and pulled it into a massive JSON file. Maximilian handed that off to the engine he's built for doing the mapping, and it spits out a spreadsheet showing the heat map and explanation of why every single product you know meets a requirement for you know a NIST um cybersecurity framework subcategory, all the way down to that. And it just like months and months of work for consultants to produce something like that, and we did it in minutes.
HIPAA Safe AI With Synthetic Data
SPEAKER_01Well, maybe you can answer this question for me. I was talking to a software company today, and we're gonna help them adopt AI, basically get their their, get all of their technology and their security and build out their plan for onboarding. And one of the things that they were really concerned about was being able to develop code or develop their software without having to touch customer data. They're worried about being HIPAA compliant, SockTune compliant, and they're afraid that if they were to start building with Claude or one of these tools, that it would interfere with their environment or they sit in their environment and touch customer data, therefore putting them and their customers at risk. Being at IT Harvest and doing some of that building yourself, what do you think the best approach is to building fast but sick?
SPEAKER_00Yeah, so you you obviously have to keep your data separate from your development environment. Um if you need any sort of data uh for the development, like you would say, hey, here's you know, a massive data set of all the stuff our clients uh work with, build an app that uses that and turns it into something else, uh just use uh artificial data, synth synthetic data. So you just you know, and you write a little, you say, hey, write me a Python script to go in and replace every customer name with a random and unique other name, and it gives you the Python script. You don't give it the data, and then you run the Python script against your data set, and now you've got clean synthetic data.
Where AI Security Vendors Fit
SPEAKER_01Word on the street is that there are more and more AI security vendors, right? And I'm wondering where the security vendors even really fit. Um back in the day, and by back in the day I mean like two months ago, you have like these consultants that go on and do a risk assessment or a security assessment, and um, you know, give you a risk register and and all that fun security stuff. But where do these AI security vendors fit in? Like what is their angle?
SPEAKER_00Yeah, two major categories. One is um securing the use of AI. And there are plenty of ways to do that, including uh various model protection solutions that prevent poisoning of the data and uh jailbreaking, all that good stuff. Um, and then guardrails, you know, so you can allow your users to use it without exposing critical data. Um, and that's all on the governance side. And there are some you know bigger picture governance solutions as well. And then it's easy to categorize the rest because they are just taking AI and applying it as a normal security tool. So there's email security, there's DLP, um, there's SOC automation. Um, all these things are AI applied to security, and it's just an opportunity to look around and go, hey, this this company's successful doing email security. Let's see if we can do it better. And sure enough, you know, it's that's one of the first uses for AI that I had was to um just cut and paste the full headers from a phishing email, pass it off to Chat GPT usually, and it comes back and tells you if it's phishing or not, and why it's phishing and or why it's not, and you're okay.
Why AI Security Becomes Just Security
SPEAKER_01Well, I'm a little bit skeptical because I'm wondering if a lot of these companies are just regular security companies. And to be fair, there's no such thing as AI security, there's just security, right? It just so happens that AI is the new thing on the block. Um, are these security companies, for example, you know, like know before, they're doing fishing um pen testing or fishing new simulations, rather. Would you count that as AI security? Or would you just count that as a regular security company that now has AI capabilities?
SPEAKER_00Yeah, so what you're seeing is we're going through a transition period over the next 10 months, I'm thinking, where every legacy vendor, like NOLBA floor, goes, hey, this is a great idea. Let's apply AI, because obviously it'll help them, uh, you know, because they have to generate scenarios for new uh phishing attacks all the time. Now they can do it instantly with AI. So I I lump all those in legacy. And when I published uh Guardians of the Machine Age in March, we had about 180 companies, legacy companies that had come out with AI security products, and they basically applied AI to what they already did. Um, by this time next year, they'll all have done that. So you look, then you'll be completely right. There won't be a separate category for AI security.
SPEAKER_01Ride that wave while you can and keep on rocking.
IT Harvest Focus And Closing
SPEAKER_01Any last words? What's going on over at uh IT Harvest?
SPEAKER_00Oh, exciting times. Last October, we started to make the shift to an ICP that is uh large enterprise security teams. And we've just got our fourth large enterprise customer, which is not bad because it's you know it takes a very, very long time to close a large enterprise. And every one of those is an opportunity to expand into 10, 12, 20 seats. So we're excited about the future.
SPEAKER_01Awesome. IT Harvest ever expanding. Richard Steen, appreciate you stopping by and giving us the word on street. My pleasure. All right.