Subscribe
Share
Share
Embed
The development world is cluttered with buzzwords and distractions. Speed, focus, and freedom? Gone.
I’m Nicky Pike. And it’s time for a reset.
[Dev]olution is here to help you get back to what matters: creating, solving, and making an impact. No trend chasing, just asking better questions.
What do devs really want?
How can platform teams drive flow, not friction?
How does AI actually help?
Join me every two weeks for straight talk with the people shaping the future of dev.
This is the [Dev]olution.
Sam Richman (00:00:03):
AI agents are the perfect internal hacker that can do things potentially the way you didn't expect them to. They're also the perfect insider threat. We have demonstrated models that, again, I'm not alluding to the fact that they're conscious or anything, but that actively resist acknowledging what they do and why they do it.
Michael Epley (00:00:21):
We're now entering this era where it's complex and it's not even tractable. We cannot, because of that inherent randos, even predict what's going to happen, nor can we exhaustively test the combinatorics of a modern LLM and trillions of parameters. You can never possibly test every possible input and every possible scenario against that. And all you can do now is assume it's going to work, which is why we need to think a lot about governance, guardrails, safety, and other measures to mitigate where we can't test and we can't validate.
Nicky Pike (00:00:55):
This is [Dev]olution, bringing development back to speed, back to focus, back to freedom. I'm Nicky Pike. Okay. So everyone's talking about AI agents like they're already running an enterprise, and some of them actually are. That's the problem. Right now, there are agents spinning up in your infrastructure with no identity, no guardrails, and no way to audit what the hell they actually did. Enterprises are dropping millions on Agentic AI while running security models that were designed for humans and hoping for the best. Meanwhile, two of the people thinking hardest about this problem are going to be at Red Hat Summit in Atlanta in May, and we were able to get to them first. By the end of this episode, you're going to understand why every AI agent running in your infrastructure right now is basically a contractor with no badge, no access card, and nobody watching what they touch.
(00:01:43):
And we're going to learn what the hell to do about it. Today, I've got not one but two guests. Both are from Red Hat, both are deep in the trenches on AI security and infrastructure at scale. First, we got Michael Epley, who is chief architect and security strategist at Red Hat with 15 plus years working across the US government agencies and the Department of War on everything from middleware and containers to AI governance. Sam Richmond is principal chief architect for defense. And when I say defense, I mean he literally just got back from a NATO exercise in Norway and he's about to take the stage at the Red Hat Summit presenting with Lockheed Martin. Drones are going to be included. Now, before we get into it, here's the challenge on the table. Enterprises want AI agents. Governments want AI agents. The defense sector wants AI agents that can push software updates to assets running at the edge, literally.
(00:02:31):
But agents are not people. They don't have traditional identities. They don't follow your existing access policies. And when they go sideways and they will, your current tooling wasn't built to catch it. So how the hell do you govern something that wasn't designed to be governed? Michael, Sam, welcome to the [Dev]olution.
Michael Epley (00:02:47):
Appreciate being here, Nicky.
Nicky Pike (00:02:48):
Yeah.
Sam Richman (00:02:49):
Likewise, Nicky. Appreciate it.
Nicky Pike (00:02:50):
Yeah. Before we get kicked off, before we jump into the questions, is there anything you guys want to say, you want to add anything to the bios? Let me have it.
Michael Epley (00:02:58):
I'll jump in and say, I heard that there's going to be pandas in this episode, so I'm going to keep my ears open for that.
Sam Richman (00:03:03):
Very sad. Sad, sad pandas. That's right. It's true. But hopefully not us and hopefully not those of us who are implementing agents. And I think this is a really important topic to bring out now before things really start getting kicked off and deploying things in. So these are incredibly important topics to address a priority.
Nicky Pike (00:03:20):
I agree, man. The AI industry is blowing up right now. Everybody's getting involved. And I do think it's something that we've got to talk about. It's one of the primary focuses on this show. And before we get into the solutions, I do want to get real about what's actually happening out there. So I'm not wanting to go with the press releases or the vendor pitches. What are you guys hearing in real customer conversations when it comes to how ready enterprises actually are to run AI agents safely?
Michael Epley (00:03:43):
Yeah, I think I'll jump in there first and say I'm hearing a lot about people wanting to run AI agents, a lot about safety, but not a lot of things connecting those dots. And I think in your intro, Nicky, you kind of noted people are rushing to build AI systems and introduce AI into their enterprises. And I think that rush is causing us to build these systems first and think about those issues later. And I feel like we've gone through this cycle in enterprise IT on many times. Sam, what do you think?
Sam Richman (00:04:14):
I would agree. In the defense space, safety becomes very, very real when it comes to AI, when it comes to any kind of technology. Certainly risks to business are real, but when you're quite literally dealing with life and death, it becomes even more and more salient to think about these things. And yes, this has come up before, Mike. I agree with you. Though with the advent of AI, we start getting into the ideas of not only security, but also literally model safety. And so they're very discreet topics and they're both important topics that need to be thought about and security while it may be cross domain where they apply to different things. Safety can be very specific to how and why an AI agent is implemented. And so makes it even more critical to think about and really deliberately implement.
Nicky Pike (00:04:58):
Well, and there's this stat out there that right now we've got 79% of enterprises, and this is not just the federal space, but enterprises are using AI in some way. But the other side of that is only 11% are actually getting value out of production. What do you think causes that gap? Are we looking at enterprises and companies coming in and saying, "Got a little fear of FOMO here. We've got to get AI out there, but they're not really thinking through how to get it in or is there something else?" I'm
Michael Epley (00:05:24):
Going to say it is a little bit of FOMO. And I also think people are seeing potential and real value out of these systems and tools. And there's a temptation to explore all possible use cases and explore all possible value propositions and use that to help drive more interest and more investments. And the last thing people want to do is slow down. And I think it's partly because there are so many potential use cases that are out there. And we continuously find more and some of these are quite interesting. We're seeing AI, for example, being used directly in the cybersecurity space to find and remediate vulnerabilities. This has been in the news just recently even. And that's just the tip of the iceberg when it comes to, say, for example, cybersecurity. We can use AI, for example, for building zero trust systems or for doing deeper compositional analysis of our systems.
(00:06:16):
But these things are use cases that are unexplored, but people are anxious to try and see what AI can do in this space.
Nicky Pike (00:06:23):
And I think that's an interesting point that you just brought up is that we are using it in cybersecurity. One of the things that came out of, and I think it was DeepSeek where it found a vulnerability that was missed by us in the SQL-like database. Now, there's a lot of people out there saying, "Well, AI is never going to be able to do things as good as we are as humans are, " but that's a proof point. It went out and found a vulnerability that existed that we missed, and now you've got Anthropic Mythos coming out, that's going to be huge. This almost feels kind of like a backdoor, a skeleton key to a lot of operating systems. What is y'all's take on that, especially in the cybersecurity world?
Sam Richman (00:07:00):
So obviously Mythos has not been released generally available, which gives me some thought that this is not ... We're used to a lot of hype from companies. The fact of how they did this and creating the consortium that they did and released it to only that consortium does lend credence to the fact that this may be definitely more real than hype. I'm personally pretty concerned, not only from the actual vulnerabilities, but also kind of the way they demonstrated chain vulnerabilities that discovered. Again, when you throw enough probability at a problem, it can find pathways that the human brain might not have thought of. And so I am concerned about what's coming out of it. I think it kind of puts us a little bit on our back foot as defenders, but at the same time, if we didn't create this in the US, then China is almost certainly doing so.
(00:07:46):
And so I think having all of us bring in arms race, right, that's kind of what this is. And so from a value perspective, I think Mike, people are trying new things. I think in the defense base we have to. Our hands is being forced. We have to try everything we can to keep up with what we know our adversaries are doing.
Michael Epley (00:08:00):
Yeah. I'll jump in and say cybersecurity's always been in our arms race. And it's important, I think again, exploring use cases is if we see people say using AI for certain use cases like finding and exploiting vulnerabilities, we absolutely must use the same tools ourselves. And Sam, to your point about thinking not in ways that humans don't think. The other thing is AI is very patient. It's not like a human where you might get frustrated or have other responsibilities or distractions. AI will not just think differently, but also thinking continuously and attack these problems in a very deliberate in a manner of speaking way that say humans don't necessarily do. So chaos testing or chaos engineering, but at a much faster and larger scale than our previous tools typically apply it.
Sam Richman (00:08:54):
Tireless, right? No cognitive exhaustion, nothing like that. Just continuous. Completely agree.
Nicky Pike (00:09:00):
When you brought up, Sam, you said if we're not doing it, then China most definitely is. And that's something that's got to be at the forefront in the defense industry's minds, right? Because China's not going to come out and they're not going to advertise the fact that maybe they created something that's doing this. So we're kind of playing this game. Again, it's an arms race. We're kind of playing this game where we've got to stay ahead of our adversaries and the threat actors in the world, but we don't really know what they're doing. I mean, how are you guys looking at AI to kind of bridge that gap or are we just trying to do the best we can and hopefully we're staying ahead of everybody else? I'm
Michael Epley (00:09:32):
Going to say we're sort of doing the best we can and trying to stay ahead of everybody else. But part of that is because AI is still so new. We're still discovering tools, techniques, mechanisms to make AI safe, make it secure, how to actually handle AI at scale. For example, not necessarily use AI, as Sam alluded to this to Mythos, right? For example, not necessarily use the same AI for every problem and build specific AIs that are designed for and optimize for certain types of solutions. But every time we do that, the combinatorics of how to handle those things and what the rules that we need to apply in guardrails that we apply are going to be a little bit different. And so we're still in that discovery phase about how to actually do these things and do them safely.
Sam Richman (00:10:20):
Yeah. It's interesting. So you said China not saying what they're doing. Obviously they have classified programs like we do. What they do choose to declassify or make public is also needs to be considered as potentially a tool that may mislead, say they're doing one thing to either make us either show our hand or maybe influence people who don't fully understand what it means to put pressure. And so it gets really interesting as to what the Arms really looks like both under the covers between the practitioners and kind of what it looks like from the public. So it's kind of an interesting game that's being played.
Nicky Pike (00:10:52):
Yeah. And I want to go back to the statement that you made, Sam, is that we don't have the cognitive fatigue, we don't get tired, at least AI does it. AI agents aren't human. And I think that there's a flip side to that because they're not, but they also don't have a badge, right? They don't fully log in and they don't have an identity that we see within a lot of our existing IAM systems. So I know Michael, you've been deep in the workload identity and the SPIRE and SPIFFE. What does this specific problem hit differently for AI agents than it did for our traditional workloads?
Michael Epley (00:11:23):
I think you hit the nail on the head that agents and AI aren't humans, right? And yeah, everything we've done for 30 or 40 years in the identity access management space or for credentialing systems have been very human centric. Our workloads are human centric. Our access control models are human centric. And we need to definitely think differently in how to build those systems to handle things that act autonomously, that don't act under human direction that potentially, and part of the utility of AI is this extremely broad access to our data and our systems because they don't necessarily know in advance what they need. These are not deterministic systems. So we give them broad access, for example, in order for us to maximize that value and the value that they can bring, but those things bring specific risks as well. So yeah, we do need to think differently.
(00:12:15):
And since you called out like SPIFFE SPIRE as a technology and workload identity, identity is something that again, is a very human centric concept historically. When we talk about credentialing systems, historically we talk about things like passwords or PIV cards or things of that nature. Typically it should do a human and we don't have identity systems that are designed for agent and software based systems that act like AI agents do. Those identity systems don't handle, for example, the rapid morphing of these systems or the fact that there might be multiple instantiations of a system or an agent operating simultaneously and they don't account for the fact that the character of an AI agent or an AI model is influenced by the data which it has access to. A classic example would be in a rag or some other fine tuned use case where that model or that agent is operating differently because of the context or the data that it has access to.
(00:13:12):
Moreover, the identity of that system and that agent is going to have a completely different life cycle than a human, right? It's not a birth to death, right? That agent and that same agent might be repurposed for multiple things at different times during its life cycle. It might persist ephemerally for milliseconds to complete a single task and then disappear. And our identity and our credentialing systems are ill prepared to handle that. So SPIFFE SPIRE is a framework that we can use to create these identity systems, but it's also incomplete. It's only, I'll say, a container and a mechanism to attach some of our existing identity systems to other properties. Spiffy is literally a container and you need to stick other credentials in there. Spire is just a way to create credentials that are attached to that, but we need specific credentials and credential types and identity types and life cycles for these identities that adapt to these types of agents and these types of workflows.
(00:14:15):
I'm a big advocate also of distributed entity systems. These are things that, for example, don't rely on a single anchor in order to validate and verify identity, but these are hardly adopted today. You see these most commonly in blockchain and cryptocurrency technologies, for example. But there's of course weaknesses to those approaches. They do often require a ceremony to create that trust. They often typically are anonymous. And in a lot of cases, we don't want anonymous identities running around. We want to be able to anchor those or provide strong verifiability guarantees to these identities. So yeah, there's a lot of things that we need to do to adapt. We're starting down that process right now, and tools like SPIFFE SPIRE will become useful for that, but we're going to need to keep on going.
Nicky Pike (00:15:01):
Well, this is a complete rethink of what we're talking about. I mean, when we think of how we've always done software development, identity is tied to a person. It's static in a way, right? Now when we're starting to look at agents, whether you use one model or use multiples, whether you use one agent swarm or another, now these are ephemeral personas. Yes, it may be one agent, but they're ephemeral personas. And I like to say that it's almost like we're getting an agent with severe multi-personality disorder. You can ask the same agent three or four different times and you spin it up and you're going to get different things. How do you tie an identity to something like what you said where it may only last a couple of seconds or even milliseconds, or we may spin up a hundred or 200 of these to go and run a complex task.
(00:15:48):
How do you create that identity? Is this what y'all are looking at? Do y'all have an idea of how we're going to be able to do that identity down and give us a way to audit and track what they're doing?
Michael Epley (00:15:56):
I would say we are working on those types of systems. They're still, in large part, very experimental though. There's open source projects out there. I mentioned distributed identity. So the Linux Foundation, for example, has a distributed trust working group, and there's a number of these technologies that people are exploring today for exactly that sort of purpose. And most of these things do in fact leverage blockchain technologies. And something else that people need to keep in mind too when they're thinking about identity is it's not just asserting an identity. Somebody, a third party, an external party has to be able to verify that identity or there's no point. So the other question is, how do you verify these identities? And interestingly, this is where blockchain technologies and public ledgers and public ledger technologies are actually pretty useful. If you can assert evidence onto a blockchain, somebody else can reason on that evidence and it's in theory cryptographically verifiable.
Nicky Pike (00:16:48):
Well, so identity is one of those things. You also talked about data's another part of that. So Sam, I want to switch to you. You spent a month embedded on a NATO exercise in Norway this year. And to you, that's where the world of digital sovereignty kind of opened up and you found that this isn't really a talking point, this is a mission requirement. What did the experience tell you about where secure AI deployment development actually stands right now and why is it that self-hosted air gapped infrastructure is suddenly the thing that everybody wants to start talking about?
Sam Richman (00:17:18):
Yeah, certainly. I mean, anyone watching the news around the geopolitical happenings in the world, pretty good idea of why this is happening now. I do think interestingly, regardless of why it's happening, I think from a resiliency standpoint, from like a supply software and hardware supply chain standpoint, I think it's important that it happens. Again, regardless of why it happened, a lot of these supply chains, even human supply chains are brutal. And so I think having this trend of moving towards some form of segmentation is important, but yeah, it's incredibly valuable and important to them. There's the software that's serving AI models. There's the data that's being used to create the models. There's all these different aspects of things that need to be both open, controlled, and potentially self-hosted is incredibly important because again, whenever they don't know who their next adversary is going to be, and if they're relying on certain geopolitical entities to provide that capability, then that also gives that geopolitical entity the ability to disable and/or compromise and/or otherwise sabotage what they rely on to do their mission.
(00:18:20):
So for them, it has to be self-hosted, air gapped, self-contained, open source as much as the ability as possible and control for them to rely on it, just like they rely on their guns, their planes, their missiles, and so on.
Nicky Pike (00:18:32):
All right. And so you're looking at this from the defense side of things, but this is also going to be important to enterprises as well. We've got IP, we've got things that we want to keep secret, we want to keep within our realm. And then we've also got all these regulations that are starting to come out. You got the EU AI regulations that are starting to come in about keeping data within region. Are all these things playing a key part in how y'all are looking at this? I mean, are y'all considering enterprise as well, or are you really just focused on the defense side right now?
Sam Richman (00:19:02):
I am defense fully focused, so that's what I do, but I'll defer to Mike for his thoughts.
Michael Epley (00:19:06):
Yeah. I mean, I am defense, but I would say one of the things that's very interesting in the defense space is historically they've thought about many use cases and many applications technology, which now the private sector has really either caught up on or exceeded. And especially in the sovereignty area, they're suddenly very interested in sovereignty for all sorts of reasons. And we've talked about AI for a moment ago and protection of AI, IP, right? Suddenly you can't rely on, say, the fact that you have compiled code that you've converted human readable code into machine code has got a protection mechanism. The code and the data are intermingled and whoever has access to your model has access to your IP. And now IP protection, for example, is extremely important. And thinking about sovereignty and digital sovereignty is an important part of providing that IP protection. And in the defense space and everywhere else where we have the same concern, the same issues will arise.
Sam Richman (00:20:08):
And I will also say depending on level of conflict, even public and private entities are combatants in a conflict. And so critical infrastructure, financial, all these things relate to defense one way or another. So I think it behooves everyone to take this seriously.
Michael Epley (00:20:24):
That case in the recent Iran conflict has really brought to the forefront how intertangled these concerns are. Your commercial and your defense and economic concerns are all so coupled now.
Nicky Pike (00:20:37):
Yeah. I think it's amazing generally when we start talk about these things from the enterprise and the private sector side of things, it's more about keeping your IP to loss of revenue, those sorts of things. Whereas defense sector, it's non-negotiable. This is critical infrastructure. This is how we operate our war fighters. This is how we operate our economy. But there is a very tight, close bundle there that if you're able to go in and affect the public sector, you're able to affect the private sector and vice versa. You'd be surprised to go in and taking in a transportation agency could have dramatic impacts on what we're looking at from our defense capabilities. So as we see AI getting more and more ingrained in this, I know these are places that we're going. I know this is places that Red Hat's looking at and definitely the defense is looking at.
(00:21:23):
We just got Pete Hegseth, AI strategy coming out from the Department of War. All of this stuff is tied into that. And are you guys ... I mean, are y'all taking a look at the AI strategy that the Department of War put out? And I'm guessing that this is closely tied to how you are going in and building your strategy there at Red Hat.
Michael Epley (00:21:39):
Yeah. And I'm going to say, we've been constantly thinking about how the government and the government entities are going to approach AI and adopt AI. Certainly nothing new, even if policies change and evolve over time, but the potential kind of risks and threat of AI, as well as the potential have been long understood. And we've seen lots of guidance, not just but also prior to that and in other administrations, really think about what they need to do to prepare themselves for this AI driven world. And I would maybe only say, again, we are now moving to this model where we're adopting AI as fast as we can, because we're seeing tremendous value now being extracted. And there's still a lot of concern that we are going to potentially create these risks as well that are unmitigated by adopting AI too quickly. Well,
Nicky Pike (00:22:34):
It's a moving target. I mean, when we look at how the capabilities are expanding on a weekly basis, it's like, okay, we've got an idea of where we're going to go with this. And then all of a sudden somebody releases this new capability and that changes everything that we're thinking. This is one of those spaces where we're not taking incremental steps, we're taking leaps and bounds every week. That has got to be hard to keep up with. I know it is for us.
Sam Richman (00:22:58):
I think it's hard for any human. And in no way am I claiming that AI has reached any kind of level of consciousness, but we are engineering this to think better than we do. We're going to get things out of it that we don't understand nor that we can potentially predict whether we claim or think that it's conscious or not. And so to your point, yeah, we're trying to predict something that's essentially unpredictable because by design, it's unpredictable. So extraordinarily challenging.
Michael Epley (00:23:22):
Yeah. I'm going to jump in and say, not only are we designing these things to be unpredictable, but a modern LLMLMs inject randomness by design into their systems. So many of our existing approaches, especially when we're building software systems, have this underlying idea that, well, it's complicated but tractable, but we're now entering this era where it's complex and it's not even tractable. We cannot, because of that inherent randomness, even predict what's going to happen, nor can we exhaustively test the combinatorics of a modern LLM and trillions of parameters. You can never possibly test every possible input and every possible scenario against that. And all you can do now is assume it's going to work, which is why we need to think a lot about governance, guardrails, safety, and other measures to mitigate where we can't test and we can't validate. But this is a fundamental change in how we built IT systems in the past.
Nicky Pike (00:24:23):
Well, and before we move on to the Red Hat Summit, one more question there, because we talk about this all the time, it is a moving target, right? We're trying to hit a moving target off the bow of a boat while it's windy outside. This is something that's very hard for anybody, right? Anybody in the industry to keep up with. And to me, that feels like this is why we're looking towards these platforms, these systems that are going to be modular, because the capabilities between models are changing all the time. The capabilities between agents are changing all the time. Recently, there was the announcement of supply train risk with one of the main AI companies with the federal government. So the ability to plug and play these models seems like it has to be a future looking effort. It's something that absolutely is needed because you don't know what things are going to look like one week from another.
(00:25:07):
Is that something that Red Hat is looking at as well?
Michael Epley (00:25:10):
Yeah, absolutely. And in a moment, I think we're going to pivot our conversation and talk a little bit about some of the things that we're doing specifically to do that. And I think you alluded to this, like we're breaking these systems up and we're trying to make these things more attractable. Doing things like an agentic approach is part of that. The other part is smaller models that maybe are tuned or designed for specific tasks and specific domains. And so we're trying to apply these things, but that just adds to the complexity, right? It's a trade off now. It's like, yeah, we're minimizing maybe the uncertainty, but we're now trading that for more complexity. And you got to manage both now. And now that you've got this trade space, you have to manage the trade space is what?
Nicky Pike (00:25:53):
Right. Well, and Sam, before we pass it off to you to answer that question before we move on, I mean, this is a fundamentally different technology shift than a lot of us old guys have even seen in the past, right? Public cloud is public cloud. You're just using a different vendor and a different way of doing that. AI is, like you said, it's random. It's ever changing. This is a fundamentally different technology for us. So the way that we've got to think about it is different, not only from the infrastructure standpoint, from the identity standpoint, but also, how do we wrap all these up in an AI governance and security model that's going to transcend the LLM, transcend the agent? So one last take on that before we move on to what's going on in Red Hat.
Sam Richman (00:26:33):
Yeah, no, I agree. I mean, the speed of which these are evolving requires modularity. It requires the ability, modularity and abstraction. I often go, to your point, I go on anti-complexity rants all the time, but if we're really talking about getting the most out of something, especially again, something that could literally change from an hour to hour, having that modularity to swap out and then the abstraction layer to allow access to and also to impose governance guardrails around it is critical. So yeah, it's a very challenging time to do elegantly, I should say. And I think that's what we should aspire to is make it as elegant as possible.
Nicky Pike (00:27:09):
Elegantly, that's going to be the core focus, I think of whatever we do is how do we do this in a way that makes sense to not only the agents and the LLLMs that we're bringing in, but also the humans that have to try to run this stuff and audit this stuff. All right, so we'll go ahead and we'll move on to the summit. So Michael, this one's going to be for you. I know that Red Hat's going to be making some announcements around the Kagenti project that you guys are running at the Red Hat Summit, and I want to kind of give the audience a heads up before they walk through the door. So can you tell me what is Kagenti? What's the problem it's trying to solve? And at the end of this, I want you to tell me why open source agent governance is not an oxymoron.
Michael Epley (00:27:43):
Well, I think we've been talking about the problem we're trying to solve already. So I'm going to refer back to the last few minutes of our conversation where the real problem is complexity. And now part of the goal of tackling this complexity today to manage that scale AI and AI models and identity of these agents that are running around is the challenge, right? So how do we approach that challenge? Well, we're going back to the old playbook around how do we build complex systems? And part of that, I think to Sam's comment is modularity, right? So we start building uniform and consistent module formats and model APIs and model wrappers. And that's essentially what Kagenti is for agents. So hence the name, Kagenti, right? Agent is built right into the name. And the idea is we're going to create a consistent platform for managing agents at scale.
(00:28:35):
And it does so by interposing between your agent and anyone consuming that agent, a wrapper. And this is in the form of an MCP gateway. So everything that we provide around that agent in terms of interacting with the outside world is through this gateway. And because we're now wrapping this agent and managing its governance and its lifecycle through Kagenti and through an API, we can provide say automated guardrails or we can provide identities to these agents so that we can make assertions about these identities. So Kagenti is a suite of capabilities built around this general architecture interposing this gateway and then adding those capabilities into the gateway. And it's an open source project. And to your point, like, well, how is open source agent governance not an oxymoron? Well, it's a framework, it's a platform. We provide the tools to assemble that platform, but it's up to our users and the people that are using that platform to provide their opinionated guidance and governance policies, tools, and identities into that platform.
(00:29:42):
So it's open source and it's open source governance because we're providing a pattern that you can, and our users can leverage and apply consistently that solves those challenges, but they get to put in their own governance rules, their own governance policies, ... To solve for their specific use cases and their specific deployments, those challenges. Implement their own governance rules, implement their own agents or enroll their own agents into this. Or if they need to, use other tools. Open source is built around standardization. So we're not inventing new standards here, and we aim to work with other platforms and other technologies using these same tools, as well as work to, for example, build out new standards that solve emerging challenges. Open response is a good example, right? We want these agents to be able to communicate back to the governance layer what their posture is and other aspects about what the agents can actually do and how they can integrate in with those platforms.
(00:30:45):
So these are the kind of things that as an open source community, we want to foster and we want to provide that framework that then you can build your opinionated tools around.
Nicky Pike (00:30:54):
Well, and going back to the intro here, when we think about my analogy on the contractor, right? So when you hire in a contractor before they touch anything, they get a badge, we get their access scope to areas. Everything that they do gets logged or they get watched over by people. We're bringing in agents and they're not getting any of that today. They just kind of show up and we let them start touching things. Now, in our prep, you talked about one of the things that Kagenti does is it has this off-bridge spire combination that kind of bakes in zero trust identity at the deploy time. This is not something that you guys are bolting on. Can you kind of walk me through what that AuthBridge SPIRE combo does and what it looks like? And what does this mean when an agent gets deployed on Kagenti that it's going to get things that it doesn't get anywhere else and it's going to allow enterprises or the defense contractors to actually start trusting it, something that they can't really do today?
Michael Epley (00:31:47):
These are critical parts of implementing agents. And I talked a little bit about identity earlier. So one of the problems with agents and especially how we deploy them today is this idea of an overprovisioned agent. In order to make an agent useful or an AI model useful, whether it's a rag or whether it's a custom trained or tuned model, we're exposing this model to all our data. We are potentially giving that model access to lots of sources or data objects that reside in our enterprise. And right now, and historically when we talk about building AI or software systems, we will assign an identity to that piece of software to access that data. But oftentimes it's a manual process. Accesses are granted and there's a process by which we typically provision those accesses. But agents to maximize value and because we're moving very quickly are often over provisioned.
(00:32:46):
We just give that agent access to anything and everything. Or we enroll a whole bunch of data into a rag, for example. And then now that agent is operating on that data and servicing requests from anyone. And so there's a decoupling of what that agent can see and who is operating or using that agent and what they should or shouldn't be able to see. And so the goal of OffBridge and some of these tools in Kagenti is to essentially solve that problem. It's to require that MCP to essentially
(00:33:23):
Accept a actor identity and then operate the agent against that actor identity instead of its own identity. And we can do that through this off bridge where we will exchange identities at request time. And so anytime that agent then operates against your enterprise with a tool or some other resource, it is operating on behalf of the original actor, not of its own or through its own overprovisioned identity. And now we can constrain that access to only the things that original actor was authorized to see or do. And we can do that either through the agent itself or through guardrails that are also enforced through Kagenti. So Congeniti can verify the presence of guardrails and that those guardrails are operating against similar policies with respect to data access and data controls.
Nicky Pike (00:34:13):
And that's so important when we talk about identity and we talk about being able to put those guardrails around it. It's also about the observability of it. We've got agents which are kind of a dual threat. One, they want to do whatever they can to make us happy. We give them a task. They want to complete that task as well and as quickly as they can, which means that they also become sometimes like an internal hacker. They may go look for ways to complete the task and make you happy, but they may do it in a way that you don't want them to do. And I think that's something that we get a lot from the enterprise side is, yes, we want governance, we want to be able to put guardrails on there, but first we just need the ability for you to tell us what the agents are doing.
(00:34:53):
I want to know what it actually did, not what I told it to do, but what it actually ended up going so that we can build those guardrails as they apply to our enterprise.
Michael Epley (00:35:00):
Yeah, absolutely. And the point of guardrails, especially in an AI or agent-based system is to provide that additional safety check. So we can use that for the check, but I think what you're suggesting is at the same time, we can also use that for observability purposes. We can monitor every time that guardrail is used or that the wrapper is used. And that's exactly what, for example, Kagenti will do. When you deploy an agent and enroll an agent into Congenti, it will add those observability points at your guardrails and in that wrapper. So I like to think of it a lot like a service mesh for agents where you're delegating these common things that you need to do for every service to this extra control plane and this control layer around your agents. And just like we can do a service mesh, we can do identity, we can do guardrails, we can do observability and telemetry and tracing.
(00:36:03):
So we can understand how our environment is actually working.
Sam Richman (00:36:07):
Yeah. The identity is incredibly important. I think about, again, we tell one agent something, but what happens when we get to the point where we're really chaining agents where agents are delegating to other agents and you get this really complex, not just tree, but a graph of things happening, having identities propagate and maybe I'm promising too much that Kagenti can do right now, but I do think that'll be important moving forward is understanding the super complicated interagent relationships and actions.
Nicky Pike (00:36:34):
Well, and this is one of the things. So for everybody listening, we are partners with Red Hat. And this is one of the things that I really love about this story is how we're working together. When we look at what you guys are doing, what Red Hat's bringing, they're bringing that container level security and you're doing that through OpenShift and ACS and now we've got new products that are coming out and coder agent firewalls, we're working at the process level. So we're doing it within the workspace and we're restricting the agent from being able to do things, but we're allowing the developer that sits in that same environment to go out and do what they're used to doing from the human side. And then again, we're talking about these proxies and the agent gateways that sit on top of this trying to centralize every call and given that one place for people to really get that observability, that audit trail, the response tokens, and that's not just one layer of governance that we're talking about when we talk about how we work together.
(00:37:25):
I mean, it's actually three. So walk me through how you guys feel, where that actually matters for either the real enterprise or for the defense contractors and defense industry out there, where they're trying to get these things past the security teams, past their auditors, but they're still trying to keep things open for the developers to really see the benefits of what they're seeing with AI.
Michael Epley (00:37:45):
We're starting to go into like, well, what do customers really need out of these Agentix systems? And I think you've got a good insight here into our especially our defense space.
Sam Richman (00:37:52):
Yeah. It's interesting. In the defense space, there's so many different uses for AI. It's from the kind of strategic core where you're kind of informing missions and informing commanders based adversary capabilities and strategy and then taking that and translating it down through kind of the tiers of, I'll say edge, because I'm an edge guy from the core to actually executing the mission at the very far edge where very smaller models are run at scale. And then that data and learnings are propagated back up through to the chain. So we get this constant iteration of creating better and better models that execute on the edge, which is kind of what we want. And I think that continuum is what I'm seeing in the defense spaces. And again, that constant rapid iteration, and I mean, potentially by the hour of iteration of how a model can get better and better and better.
(00:38:43):
And so that's challenging. Some of that is agentic, some of it isn't agentic. There are just so many different ways to cut and slice what AI looks like. But when you start going down to true, the future of potentially swarms of autonomous assets that are just told, "Hey, go do this thing." And that's literally all you tell it, and they start figuring it out on their own between each other.That's where things get really interesting, not there yet, but that's where things get very interesting.
Nicky Pike (00:39:09):
Well, and you mentioned the edge there, and I think that's an interesting use case. And Sam, I know you've been working with Lockheed on the ability to push software all the way to the edge. So this is literally code that has to travel from a developer's workspace to a drone in the field. That's a hell of a pipeline. Can you walk me through what that pipeline looks like? And what breaks there, if any layer in that stack doesn't have governance baked in from the start?
Sam Richman (00:39:35):
I mean, a lot can go wrong. Certainly emission can fail. We've seen some interesting events on the news when things go wrong, but I mean, it's all about ... Some people think AI is this brand new. AI is data and code, right? Our model is code and it's formalized and incorporated data. And so the pathways for which all both of those things get brought into a model and the development of the runtime and all the architecture that runs it, governance is absolutely critical from the very beginning, right? You have developers who are writing code. We hope we assume good intent, but a developer could be compromised. And so guardrails that extend all the way through to the point of deployment in the field is incredibly critical. What data is being pulled in to train the model at every stage, all the different, again, guardrails from development to execution, all the way through from a developer's workstation, where they're getting code from.
(00:40:26):
Are they using a public domain, not public domain, but publicly accessible code model, right? Something that may or maybe have more trust in it than we should be giving it. Where's it coming from? How is it being used? What subtle elements are there? There's not just vulnerabilities in back doors, but there's logic bombs that can be put into code that wouldn't get caught by traditional vulnerability scanners. So there's behavioral checks, there's code checks, there's all this stuff that goes into putting it out in the field. And all these things, again, talking to high levels doing by necessity is certainly being considered because their mission is one, again, life or death, real defense focused stuff that matters. And so knowing what you have, the predictability of it all the way through the chain, again, to the point of getting it there, signing artifacts, making sure everything that gets deployed is exactly what you expect it to be and provable by cryptographic identity is incredibly important.
Nicky Pike (00:41:23):
So most of our audience, when we start thinking about that path, what that looks like, it's a path to production, but the edge and the way you're talking about it is an extra set of production. It's not just production. There's more steps in there. And each one of those provides an additional threat surface, an additional window, additional places for things to get buggy. So what's the criticality? Well, I mean, we know the criticality here. You already said in the defense industry, this is life or death, but are you paying extra attention to the edge? Is that something where you've got to build in things that we're not seeing in production, what are typical production pushes? What do those look like? And I mean, this has got to be something that takes up not only a lot of time, but even more brain power when you start adding what the potential for AI is in that.
Sam Richman (00:42:10):
It does. I mean, as I've gotten who I've heard recently someone's like, there is no such thing as a 3,000 mile screwdriver, right? When something goes wrong, way, way, way, away from the person who developed it, they can't fix this. And so, especially when you talk really far edge, you talk space, you can't roll a crash cart for those of you used to work in data centers, you can't roll a crash cart up to it and plug a monitor and a keyboard and fix it. And so building it in a way that is very predictable and very atomic in terms of updates with ways to roll back kind of even automatically if something were not to be pushed correctly the first time, that's the uniqueness of Edge is that it's so remote, not a lot of hands-on and at much higher scale than we're used to.
(00:42:51):
We build data centers, let's say again, go back in the day when we weren't using cloud, even when we use cloud, we'll deploy maybe a handful of AMIs and Amazon or Microsoft and we set up a rack with 10 servers, great. But in the field when we're talking edge, we're talking maybe hundreds, thousands, tens of thousands of devices. So the way that you manage them is very different. And the way that kind of the hands offness and the atomic way of deploying things matters at scale too. So again, and security, no physical security is guaranteed, right? These things are very exposed, whether you're talking about a bit of computer on a 5G cell tower or whether it's a drone and warfare, very exposed and the assumption of physical security aren't there. And so there are a lot of different considerations for
Nicky Pike (00:43:31):
Edge. Yeah, because I mean, you look at this could be a mini data center or a stack that's sitting in the back of a Humvee on a boat. You may not even have internet connectivity to these all the time. So when you roll something out, you got to know what's good because once it hits the field, you may not have a good opportunity to come back and use that 3,000 mile screwdriver. I love that phrase, by the way, to resolve that stuff. So there's got to be a good check and balance in there before it ever hits the edge of where it's going. I agree. Yeah.
Michael Epley (00:43:57):
Yeah. And I wanted to jump in there a little bit too, because I think Sam hit on a few things, which does make the defense and the edge use case also very interesting. And we talked about how data and code intermix in an AI model, for example. And historically, we would protect our edge systems by protecting, say, the data streams that are flowing into a system. And now with that intermix, it's much harder to do that because there's data in the code already. Also, we're often asking our war fires, our Forward Edge and Ford deployed folks to examine that data, retrain models or reintegrate models into these systems in the field, and they have to know that these things are being retrained correctly, that these modifications work, that they are not breaking policy, for example, by including data they shouldn't be including or vice versa.
(00:44:54):
And so these are all the sorts of guardrails that we have to be able to know and enforce even if the people that are doing that, handling data or building the models or integrating these systems don't even know that they need to do these things. And this is the importance of building these guardrails into our systems and being able to rely on those things being injected into the systems automatically.
Sam Richman (00:45:16):
I was going to add one other thing to ... I bought a good point about it being so forward deployed, whether it's defense, whether it's manufacturing critical infrastructure, edge is about solving distributed complex problems. When you distribute a problem, you don't distribute the extremely knowledgeable workforce that can do these things. And so not only doing it in a way that has guardrails, but also that's accessible to people actually trying to make the changes, do the things is very important too because you're not going to have a data scientist down range necessarily.
Michael Epley (00:45:46):
Yeah. I think Sam, you just said it a lot more elegantly than I did. Appreciate it.
Nicky Pike (00:45:51):
Well, I mean, this is a scope, right? If on the enterprise side, if we mess up some code, maybe somebody can't see their bank balance or they have a hard time ordering a meal from Uber or something to that effect. But when you break things on the edge of defense, that impacts missions, that impacts the war fighters capability to perform. It's a very different scope of what we're talking about here. And I love your point about, yeah, when this breaks on the edge, we don't have somebody that can just jump in there and quick out a fix here. It takes time because you may have to bring that infrastructure back into a place of connectivity or goodness gracious, the possibilities that are out there that don't need to be said, but those are the things that you have to think about as part of the edge.
Michael Epley (00:46:35):
Yeah. I'll maybe also jump in too and to add to that a little bit, which is this idea of, in a lot of ways, AI is seen as a way to increase the level of automation of these systems, but we still want humans in or on the loop here. And how do you know you're actually putting a human in or on the loop when there's an AI system involved? Do you even know there's an AI involved?
Nicky Pike (00:46:59):
Good point.
Michael Epley (00:47:00):
Do you need to have a human in the loop or is this regular old automation that you validated and have confidence that it's going to be deterministic? And these are the types of things that we have to be able to understand and observe our systems, understand that composition of those systems, and make sure that the policies that we need to put in place are in place.
Nicky Pike (00:47:20):
Well, and you brought it back to data. So I'm going to come back to that data, the digital sovereignty question. So like you said, Sam, this is having a moment and it's not just Department of War. This is enterprises across the globe that are talking about this, especially in heavily regulated industries. So one of the questions that we keep hearing, and I would love to get y'all's take on it, is how do we run AI without handing it all of our data, all of our models to someone else's infrastructure? So Sam, you flag this as probably one of the most urgent conversations that you're having right now. What do you see driving this and what does a real answer look like here?
Sam Richman (00:47:56):
It's a matter of what level of trust these governments and organizations are willing to give, right? If we think about, I'm not going to pick on anybody, but let's just say you choose your big popular AI as a service platform, right? Even if, let's just say they claim we will completely encrypt and completely segment your little area of the model and it'll never go anywhere, it's up to the governments to decide how much trust they want depends on where that is hosted. And so claims are great, but if they get really, really distrustful, they can't necessarily trust that claim. And so if they really want to make sure it's theirs, I think that's where an open source approach, a highly segmented, both from software, hardware and even network pathway perspective comes into mind because even if, let's say you can 100% trust that my model, my data, my application that runs at the runtime is completely in a zero knowledge encrypted, running enclave somewhere else, that company hosting that could just cut the network court and not have access to it and have a denial of service on it.
(00:49:03):
So even if it's secure, it's not necessarily guaranteed. And so I think what that really looks like again is complete for those who want complete control, and again, it's not necessarily a day one sort of thing, but to have at least complete control over what data they have, where it's going, how it's encrypted, both in use at rest and in motion, and then where the infrastructure lives, again, depends on level of criticality, the level of use case as to how drastic you want it to because it's not without cost. There's a lot of knowledge, a lot of experience that went into building some of these centralized models and infrastructure, and it's hard to replicate overnight. In fact, it's almost impossible to replicate overnight. So yeah, it really depends on the use case, but if someone really wants it fully self-contained and known, then that's where you go.
(00:49:45):
Open source, fully self-contained everything,
Nicky Pike (00:49:49):
If
Sam Richman (00:49:49):
You want to get to the most extreme example.
Nicky Pike (00:49:51):
And that brings us right back to having that pluggable infrastructure, the way to self-host, because again, you don't want to be shipping this stuff out, whether it be for nation secrets, whether it be for IP, whatever that may be, you want to be able to self-host this. You need the ability to plug that in and out because not only on the capability standpoint, but with things changing so fast, what may be your go- to model, what may be validated as being secure at this point and we can use it, new capability and new change comes out in that model, that could change everything in the way you want to use it and you need to be able to switch those things out. Regulated industry, defense, enterprise in general, I think this is going to become a topic that we see more and more, not only on the digital sovereignty level, but also the ability, which I think does play a part, the ability to move and change parts as you need to based on whatever the circumstances on the ground are at that point in time.
Michael Epley (00:50:40):
Yeah. I'm going to say digital sovereignty at its essence is all about control. Can you control your own destiny? Are you at the mercy of somebody else? And AI, I think brings that into stark relief because so many pieces, so much stuff goes into building and deploying and managing an AI system at scale that is the holy grail, right? It's your data, it's your system, it encodes your operational environment in some cases. And yeah, that is something that you have to protect in order to be confident that you have control of your own destiny. The entire supply chain and building that, all the data that goes into it, the code that goes into it, the deployment environment, everything that it sits on is something that could potentially affect whether or not that AI or that system is accessible and usable and reliable. So all those things you need to protect.
(00:51:29):
Of course, running in somebody else's infrastructure is the hard part, right? How do you achieve that level of trust and control if you're running somewhere else and you don't have control over that infrastructure and that's a hard problem. We are developing technologies and tools to do that. One of the ones we highlight, especially in the space is confidential compute. This is the idea that, well, you may not own the infrastructure, but you control the keys and as long as you control the keys, then that's at least the equivalent of excluding everybody else from that infrastructure. Now that doesn't necessarily solve the availability problem, right? Somebody can still destroy that infrastructure or take that down, but we also have other techniques and tools, right? Sam alluded to a distributed environment, right? You distribute enough clones or copies of your model or your infrastructure, and it doesn't matter if somebody can take out a single instance or a single ... And so you can engineer that resiliency into your system.
(00:52:27):
So you don't have to have complete control, but you have to understand what your threat and risk model environment is. And you can take these tools and combine those together to give yourself the effect of control.
Sam Richman (00:52:39):
The cause of this push residual sovereignty is what it is. After nine eleven, we realized just how much stuff ran through a single building. Horrible, horrible thing, but we learned that and we grew from that and we built in resiliencies. And so I think the world can take those lessons at larger scale from here too. Yeah.
Michael Epley (00:52:59):
I'm going to maybe pivot back to our earliest part of the conversation around identity. The other thing that we need to do is look through our systems and be like, well, where do we only have a single item here that's in the critical path? A single root of trust. For example, in a credentialing system, a PKI, if you've got a single CA and a single root of trust, well, you're in trouble. If you've got a single identity system that's issuing credentials or tokens, you're in trouble. And this is where things like distributed identity could come into play. This is where taking lessons from cloud and cloud technologies, how do we build distributed systems that are more resilient? We can take all those lessons and apply those to digital sovereignty as well.
Nicky Pike (00:53:39):
I'm going to boil down everything you guys just said and I'm going to bullet down into freedom is choice. Freedom is choice in how you do these things. This comes not only from a model and an agent capability, what can we bring in, what do we need from that, but also from an infrastructure and a cost perspective. The ability for us to plug in things that we've already used and that we've vetted into this process, the ability to change those as we see fit. And also just looking at, for most companies, there's probably going to be multiple different areas that they want to look at, things that have to be highly secure and that nobody can touch versus some of the things that are less secure and we could put out on the public cloud. And I think that having that choice and having that modularity allows you to make some really important and interesting architectural decisions on what fits your company because one model's not going to fit every company out there.
(00:54:29):
Everybody's got their own variables. All right, well let's talk about the summit. I'm going to put both of you on the spot here. So we've got people, the audiences, they're listening, they're going to be coming to the Red Hat Summit in Atlanta. They've got this packed schedule and they're trying to choose between sessions all at the same time slot. So I want you to each give me your 30 second pitch on why they need to come talk to Red Hat and Sam, maybe why they need to come talk to your co-talk with Lockheed Martin. What are they going to walk away with if they come and talk to Red Hat or listening to your speech or your talk, Sam, that they're not going to get anywhere else?
Sam Richman (00:55:01):
Well, we have an interesting tie in because, hey, if they become close to that talk, they're going to hear from folks who have been doing the work, putting things out in the real world of defense. And then after that talk, they can walk down to the show floor and they can see some of that stuff in action. We're not flying drones, that's too much paperwork, but they will see ... For some reason it's too much liability. I don't know why it's crazy to talk. But anyway, they can see what was done in action. They'll be able to see the work that's being done right in front of them and the benefits that what they've heard of in the talk around deploying applications at scale to edge devices matters for defense space. If you're in the defense space, it's a really great opportunity to, again, not only see the talk, but meet the people who are doing it.
(00:55:42):
We've got a great contingent coming out from Lockheed, both at the booth and during the talk. So we'll be able to learn a lot there.
Nicky Pike (00:55:47):
So not a whole lot of a vendor pitch. This is going to be practical how you got things done and what y'all are able to accomplish within that. And
Sam Richman (00:55:55):
I can see it in front of them. Yep.
Nicky Pike (00:55:57):
Michael?
Michael Epley (00:55:58):
Yeah. My 32nd pitch is I'm going to be talking all about digital sovereignty, which is, I feel like what's on everybody's brain today and specifically around some of these topics I hit already, identity, like the importance of identity to realizing digital sovereignty. So among other things, I'll be talking about how I've been helping some of our customers build out modern identity solutions. And one of my customers, Telefonica, specifically using a GPS or a geolocated signal to provide a cryptographically verifiable anchor into their sovereign infrastructure. So we can prove where your workload is operating, that it's in a specific geographic area, for example, and how we can enable use cases like Agentic AI and implement, say, geographic guardrails around data using these techniques.
Nicky Pike (00:56:51):
Excellent. Well, we're going to start closing this up. So a couple questions we always ask at the end of each of these interviews, I do want to give a little bit of backstory here. So Michael, you came up with a law degree in intellectual property, right? So you built a pattern learning models at Lockheed before we even really knew what machine learning was. And you've got over 15 years convincing some of the most security paranoid organizations on the planet to trust open source. Sam, you started in genomics in computing and NIH. You were able to work your way up through network security and enterprise architecture, and now you're the guy that's figuring out how to get software from the developer to the drone that's flying during the NATO exercise. These are very different paths, but I want to ask the same question to both of you.
(00:57:35):
What does it mean for each one of you guys to be a coder? Michael, we'll start with you.
Michael Epley (00:57:39):
Well, it means that I don't have to use my law degree, which I generally consider a mistake. So technology is way more fun and being a coder means I get to tell the computer what to do and whatever I can imagine I can make happen these days. So I love this era of AI where we can actually do things that we never thought we could do with computers before and it's super fun. So for me, being a coder is I get to do fun stuff instead of boring law.
Nicky Pike (00:58:09):
I think that's going to be a statement right there. Well, mostly because I don't have to use my law degree. I think that's going to go out there. Sam?
Sam Richman (00:58:17):
I mean, I've written a lot of software over the years and it's, again, to Michael's point, it's about telling the computer what to do in a way that really makes an impact. But it's about, again, software is making ideas into reality. Again, whether it's figuring out whether drugs are effective on cell lines like I was doing at NIH or using it to make a mission better or encoding ideas into hardware, software defined everything. That's what being encoders about is turning ideas into physical and reality. And so I think that's what it really means to me.
Nicky Pike (00:58:48):
I like both of those. All right, predictions. Red Hat Summit 2027, and you guys are going to be up and you're going to be doing a talk recapping what's happened in AI over the last year. What's the one thing each of you think that somebody got wrong in 2026 that you're seeing coming from a mile away?
Sam Richman (00:59:05):
I think what we're going to see is what we've seen throughout all of human history is us jumping into things too quick before we don't understand them. I think we're going to see the promise of Egentic and AI will continue. I think the scope of it and the way that it truly gets implemented and what effects it can have will be a bit more constrained like we're starting to see with models where if we want something that's really good at what it does, it needs to be a bit tighter and a bit more scoped. A lot of hype likes to kind of proport AI as intelligent and cognitive and consciousness really isn't those things. And so I think the reality will catch up to the hype, especially when agents start hitting edge cases that, not edges in edge, but corner cases on different use cases.
(00:59:46):
The limitations will start popping up and we'll start kind of having more defined paths for using them. That's what I think we'll see.
Michael Epley (00:59:51):
Yeah. So I'm going to say the biggest thing I think is going to happen in 2026 is we're going to decide that agistic architectures are not enough. Right now, I feel like there's a movement towards Agentic because we've seen the limitations of generic LLLMs and we have a huge amount of existing infrastructure that we can't just snap our fingers and convert to AI systems. And we're building agents to exploit these existing systems, but we sort of pushed off this broader idea in that process of building our own orchestrators or other agentic tools that use those agents more effectively. And once we build and wrap everything we have in our existing infrastructures and systems with agents, we're going to decide that we have a whole lot of agents, but nothing integrating those agents into broader tools and broader value added capabilities. So this is a transition, I think, but we don't know what's coming next.
(01:01:03):
I think, Nicky, you said AI is moving fast. And I see a lot of predictions and not necessarily a lot of certainty about what that feature's going to look like. If I were to predict though, I think context and importantly, context sharing, we're starting to see some thought leaders talking about world models, for example. So how do agents exchange memory and exchange context? And right now we pass a lot of that context through prompts, really narrow windows that are crossing those agents. But I think we're going to start seeing agents that share context. And for me, it's going to be like, wow, that's going to be a governance nightmare.
Nicky Pike (01:01:48):
If I summarized everything you just said, which I love by the way, Michael, but what I kind of just heard you say, and you can tell me if I heard this right, was by this time next year, we're going to see that agents and models really become kind of an implementation detail, that what you pick and what you use is going to be considered on what your requirements and needs are. What we're going to see kind of at the crux is going to be governance. It's going to be interoperability between not only our systems, but different agent systems, and it's going to be that observability and security model around whatever agent we decide to choose.
Michael Epley (01:02:21):
Yeah, absolutely. And I think you said, like Sam, a lot more effectively than I did and summarize that. But yeah, I tend to dive right into the technology and think about, well, how would all this work under the hood? But absolutely right. It's going to be that.
Nicky Pike (01:02:35):
All right. Well, and you know what? I think with that one, we usually do a hot seat question as well, but I think y'all both answered that because the hot seat question was going to be, what would you kind of give your take that would get you a slow clap at like DevOps conference or something to that effect, but you guys believe it anyway? I think you both answered those. Michael said, "Hey, I believe that the agents and the LLLMs are going to become an implementation model." And Sam, I think we got everything that we need right there. Is there anything else y'all want to throw in? Is there any more hot seat things that you have that the audience might be interested in?
Sam Richman (01:03:09):
I do have one.
Nicky Pike (01:03:10):
Okay.
Sam Richman (01:03:12):
As the paranoid cyber guy, you mentioned earlier AI ... Mike, AI agents are the perfect internal hacker that can do things potentially the way you didn't expect them to. They're also the perfect insider threat, right? We have demonstrated models that, again, I'm not alluding to the fact that they're conscious or anything, but that actively resist acknowledging what they do and why they do it. And so a malicious model is the perfect insider threat. It lies perfect lies, we'll use quotes, lies perfectly is not susceptible to any of the predictable risk factors that we're used to predicting insider threats and can act at machine speeds that no one can stop if they once get activated. So it's really important to build guardrails because again, perfect insider threat.
Nicky Pike (01:04:02):
Yep. I agree. We start looking at this and plus the way that it works on this natural language, the fact that we can have a conversation with it, it brings up all these different types of threat surfaces that we didn't see, zero click type of threat surfaces that people are really having to start to think about. Again, everything that we're doing in technology, we're having to rethink based on agents because humans don't act the same way. And I would love to, I think we're going to end up having another conversation at some point about that because the machine speed at what we're seeing, Sam, agents are out there, they're going to do bad things based on the person that's controlling them, and really the only way that we can really counter that is with more agents.
Michael Epley (01:04:43):
I agree.
Nicky Pike (01:04:44):
Absolutely. All right guys. Well, I'm going to go ahead. We're going to call this one. Is there anything else that y'all would like to end with before we call it out?
Michael Epley (01:04:51):
I'm going to say go check out Kagenti. We have a GitHub project. Google that and it'll drop you right in and take a look at it. And we're open source company. That's where innovation comes from. So take a look, beat it up, tell us what we need to do better.
Nicky Pike (01:05:05):
We'll put the link to Kagenti down in the show notes. Sam, anything you want to put out as a call out at the end, call to
Sam Richman (01:05:10):
Action? Yeah, I mean, our booth, Lockheed Booth will be down the, I think called Edge Pavilion in the show floor. So come by and see all of us at any time during summit and look up Lockheed on the summit session list and we'll pop right up. I think we're on Tuesday at 1:00 PM if I remember correctly, but just type Lockheed, they'll come right up.
Nicky Pike (01:05:27):
Yep. At the same time, Coder will be at the Red Hat Summit as well. In fact, you may see Sam and Mike hanging out with us and vice versa while we're at the conference. So make sure you get out there and we look forward to seeing everybody's reports on what they though of the summit when it comes through. All right, guys.
(01:05:44):
Thank you for listening to [Dev]olution. If you've got something for us to decode, let me know. You can message me, Nicky Pike on LinkedIn or join our Discord community and drop it there. And seriously, don't forget to subscribe. You do not want to miss what's next.