1 00:00:04,720 --> 00:00:11,080 This is identity at the center. Welcome to the Identity at the 2 00:00:11,080 --> 00:00:12,840 Center podcast. I'm Jeff, and that's Jim. 3 00:00:12,840 --> 00:00:14,960 Hey, Jim. OK, Jeff, how are you? 4 00:00:15,640 --> 00:00:17,680 Oh, not so bad yourself. Good. 5 00:00:17,680 --> 00:00:19,880 Guess what? I did something today that you 6 00:00:19,880 --> 00:00:23,320 could never do. I mean, there's so many things I 7 00:00:23,320 --> 00:00:25,880 can't do. Yeah, the first one is. 8 00:00:26,520 --> 00:00:30,480 It should be within your power. So I received my iPad today. 9 00:00:31,080 --> 00:00:33,440 OK. Couple hours ago and I have not 10 00:00:33,440 --> 00:00:36,000 opened the box yet. Well. 11 00:00:36,200 --> 00:00:38,040 I, I question all your priorities. 12 00:00:38,040 --> 00:00:40,480 If you get a box, you open it. That's like, it doesn't matter 13 00:00:40,480 --> 00:00:43,080 what it is. Could be an iPad, it could be, 14 00:00:43,120 --> 00:00:46,120 you know, I think a Chapstick. You open the box when it comes 15 00:00:46,120 --> 00:00:47,280 in. I don't know how you just let it 16 00:00:47,280 --> 00:00:48,640 sit there. You're an animal, dude. 17 00:00:49,280 --> 00:00:53,280 Yeah, especially brand new technology so but I'm excited 18 00:00:53,360 --> 00:00:59,160 after the call I'm planning on cutting into it and playing for 19 00:00:59,160 --> 00:01:00,720 hours have. You ever had an iPad before? 20 00:01:00,800 --> 00:01:03,160 Is this your first iPad? This is my first iPad. 21 00:01:03,640 --> 00:01:09,760 Wow. 2025 Congratulations. Yeah, and it's the latest and 22 00:01:09,760 --> 00:01:12,120 greatness, which is even more unlike me. 23 00:01:13,480 --> 00:01:16,680 Well, like, oh great, the iPhone 17 came out, it's time to get 24 00:01:16,680 --> 00:01:20,600 the 16. Well, yeah, I'm expecting to get 25 00:01:20,600 --> 00:01:22,920 text from you later, like, OK, how do I do this? 26 00:01:22,920 --> 00:01:27,640 How do I set this up? You know, 5:00, It's a cool 27 00:01:27,640 --> 00:01:30,040 little device. You know, with the exception of 28 00:01:30,040 --> 00:01:33,080 that stupid, stupid, stupid Apple commercial of that little 29 00:01:33,080 --> 00:01:34,800 girl saying, what's a computer like? 30 00:01:35,960 --> 00:01:38,760 Very a very punchable face on that girl, unfortunately. 31 00:01:38,840 --> 00:01:41,560 Wow. Cut. 32 00:01:41,560 --> 00:01:45,760 Cut that out of the broadcast. Just so annoying. 33 00:01:45,760 --> 00:01:49,880 Maybe that's just me being old and decrepit, but you know this 34 00:01:49,880 --> 00:01:52,760 little, I don't know what she must have been like, what 1314 35 00:01:52,760 --> 00:01:55,200 and she kind of has this hottie. What's a computer? 36 00:01:55,240 --> 00:01:59,520 You you know what a computer is. Boomer. 37 00:02:00,160 --> 00:02:02,320 Yeah, right. OK. 38 00:02:02,560 --> 00:02:04,440 What else we got? Yeah, hit me. 39 00:02:05,440 --> 00:02:08,759 No, I'm excited for conferences, but I did want to throw in one 40 00:02:08,759 --> 00:02:12,000 of the thing which is kind of talked about what the later note 41 00:02:12,000 --> 00:02:14,720 question is. I'm really excited to jump in on 42 00:02:14,720 --> 00:02:16,200 that. That is like now we're getting 43 00:02:16,200 --> 00:02:20,320 to gym territory, something where I can actually add value. 44 00:02:21,080 --> 00:02:25,640 So I'm excited about that. And so for those who don't know, 45 00:02:25,640 --> 00:02:28,960 who never stuck around till the end, we always end every show 46 00:02:28,960 --> 00:02:32,160 with a later note. And it's just the idea that kind 47 00:02:32,160 --> 00:02:34,720 of humanizes Jeff and I and our guests. 48 00:02:34,720 --> 00:02:39,720 And we picked topic that's not identity related and we talked 49 00:02:39,720 --> 00:02:41,280 about it for a couple of minutes. 50 00:02:41,600 --> 00:02:44,760 I think if you're not interested in that, go ahead and drop off. 51 00:02:45,040 --> 00:02:47,520 Can't wait to hear it. Feel free to Fast forward toward 52 00:02:47,520 --> 00:02:50,200 the end. Well, I mean, don't drop off 53 00:02:50,280 --> 00:02:52,280 hit, you know, just turn the volume down and go somewhere 54 00:02:52,280 --> 00:02:54,840 else, do something. But I call that like and. 55 00:02:54,880 --> 00:02:57,320 Subscribe right? Yeah, that's like, you know, 56 00:02:57,480 --> 00:02:59,240 that's a perfect opportunity to hit the like and subscribe 57 00:02:59,240 --> 00:03:00,440 button. That's like meantime, like I 58 00:03:00,440 --> 00:03:02,360 like to have conversations about a whole bunch of different 59 00:03:02,360 --> 00:03:04,440 things and we usually try to pick something that's kind of 60 00:03:04,440 --> 00:03:06,720 fun and, you know, kind of joke around a little bit and maybe 61 00:03:06,720 --> 00:03:09,400 tease each other or find out something new, whatever. 62 00:03:09,400 --> 00:03:12,120 Maybe I could say right now I'm not going to be able to add any 63 00:03:12,120 --> 00:03:14,320 value to this later note. So I'm going to be relying on 64 00:03:14,360 --> 00:03:17,320 both you and our guests. Exactly, exactly. 65 00:03:17,320 --> 00:03:20,040 I know it's not your in your wheelhouse, but I was going to 66 00:03:20,040 --> 00:03:23,880 bring up also, you know, by the time this episode drops, it'll 67 00:03:23,880 --> 00:03:28,360 be probably the week of Gardner. So we're already starting to 68 00:03:28,360 --> 00:03:34,040 think about the 2026 calendar. You know, in the US we've got 69 00:03:34,040 --> 00:03:36,920 like Denniverse, in Europe, we've got EIC. 70 00:03:37,160 --> 00:03:40,040 Now by saying in US and in Europe doesn't mean you have to 71 00:03:40,040 --> 00:03:42,200 live there to only go to those conferences. 72 00:03:42,480 --> 00:03:45,800 I actually highly recommend folks from Europe go to 73 00:03:45,800 --> 00:03:50,240 Identiverse and vice versa. These folks from North America, 74 00:03:50,240 --> 00:03:55,240 US go to EIC usually learn so much, get so much new 75 00:03:55,240 --> 00:03:58,240 perspective. Yeah, We had a real good time. 76 00:03:58,240 --> 00:04:01,560 It was our first time going to Berlin earlier this year, 2025 77 00:04:01,560 --> 00:04:05,320 as we record this and we know we're so excited to do it again. 78 00:04:05,320 --> 00:04:08,200 So we've kind of partnered up with Cooper, Dracole and Ian, 79 00:04:08,200 --> 00:04:10,240 the EIC folks. So we've got discount code. 80 00:04:10,240 --> 00:04:12,800 So look, I get it. Going across the pond, you know, 81 00:04:12,800 --> 00:04:14,920 at least for the US is sometimes pretty expensive. 82 00:04:14,920 --> 00:04:16,839 So we've got codes on our website. 83 00:04:16,839 --> 00:04:19,880 So if you go to the IDAC podcast.com, just Scroll down, 84 00:04:19,880 --> 00:04:22,840 all of our active discounts are there, but you'll see one for 85 00:04:22,960 --> 00:04:26,120 EIC. So we've got 25% off ID, AC25, 86 00:04:26,160 --> 00:04:28,160 MKO. It's been a while since we read 87 00:04:28,160 --> 00:04:29,440 like a discount code for a while there. 88 00:04:29,440 --> 00:04:31,800 We had like 8 or 9 of them going once it was like, all right, 89 00:04:32,200 --> 00:04:34,280 we'll do an entire episode just reading codes. 90 00:04:34,280 --> 00:04:37,320 So now we just direct people, go to the website, codes are there. 91 00:04:37,480 --> 00:04:39,240 We're looking forward to it. You and I are going to be there, 92 00:04:39,240 --> 00:04:42,440 Jim. And yeah, trying to, you know, 93 00:04:43,320 --> 00:04:45,840 recreate the magic of 2025 there. 94 00:04:46,440 --> 00:04:50,400 Yeah, it was fantastic. I mean, even if like obviously 95 00:04:50,400 --> 00:04:53,600 it was a great conference, but it was also great being in 96 00:04:53,600 --> 00:04:57,280 Berlin and going on like we went on that river dinner cruise the 97 00:04:57,280 --> 00:05:01,320 one night and got to kind of have the canal ride. 98 00:05:01,320 --> 00:05:05,600 I thought it was just so cool. It's like a memories for a 99 00:05:05,600 --> 00:05:07,920 lifetime. It was fun. 100 00:05:08,640 --> 00:05:10,400 I think I sat there with Henrique and a couple other 101 00:05:10,400 --> 00:05:13,400 folks just kind of chatting. I, I didn't actually go outside 102 00:05:13,400 --> 00:05:16,120 the entire course. We were just sitting at a table 103 00:05:16,120 --> 00:05:18,160 just chatting about, you know, just that the other thing. 104 00:05:18,160 --> 00:05:19,480 So it was a fun time. It was good times. 105 00:05:20,280 --> 00:05:22,240 Looking forward to it. And I'm sure you'll, you'll 106 00:05:22,240 --> 00:05:24,520 weave in some, you know, some travel, you know, to other 107 00:05:24,520 --> 00:05:26,160 places. I have not yet figured out what 108 00:05:26,160 --> 00:05:28,760 I'm going to do yet, you know, outside of the trip to Berlin. 109 00:05:28,760 --> 00:05:30,720 So. Well, you mentioned how it can 110 00:05:30,720 --> 00:05:33,920 be expensive for people from North America to go over to 111 00:05:33,920 --> 00:05:37,960 Europe and vice versa. I'm sure the biggest key I can 112 00:05:37,960 --> 00:05:42,360 say is book way ahead of time. I mean, you know, I got my round 113 00:05:42,360 --> 00:05:47,360 trip to Europe last year for about the price of a last minute 114 00:05:47,360 --> 00:05:51,360 booking domestic flight. So it can be done. 115 00:05:51,360 --> 00:05:55,120 Just book, you know, six to four months in advance if you can. 116 00:05:55,840 --> 00:05:57,640 Yeah, or try to get your company to pay for it. 117 00:05:57,640 --> 00:06:00,400 That's the way to do it. Well, yeah, or both. 118 00:06:01,760 --> 00:06:03,400 Sure, Yeah, whatever you can get away with. 119 00:06:05,440 --> 00:06:07,560 All right, so let's get to our topic today. 120 00:06:07,840 --> 00:06:09,560 You've probably read the title already. 121 00:06:09,560 --> 00:06:12,440 It's identity management for agentic AI. 122 00:06:12,880 --> 00:06:16,440 We've got with us today Tobin S He's the Co chair of Open ID 123 00:06:16,440 --> 00:06:19,800 Foundation's AI Identity Management community group. 124 00:06:19,880 --> 00:06:23,600 So welcome to the show, Tobin. It is great to be here, thanks 125 00:06:23,600 --> 00:06:25,640 for having me. Thanks so much for taking the 126 00:06:25,640 --> 00:06:27,360 time. I feel like it's kind of like a 127 00:06:27,360 --> 00:06:31,680 mouthful identity management for agentic AI, you know, dot, dot, 128 00:06:31,680 --> 00:06:33,240 dot, and there's so much probably more behind it. 129 00:06:33,880 --> 00:06:35,640 Let's start a little bit though, with kind of your background. 130 00:06:35,640 --> 00:06:40,240 So how did you get into this space of AI and identity? 131 00:06:40,240 --> 00:06:41,360 Take us through your origin story. 132 00:06:42,360 --> 00:06:45,240 Yeah, I, I do find myself nowadays swimming in a sea of 133 00:06:45,240 --> 00:06:48,640 acronyms and jargon that is kind of terrifying to confront. 134 00:06:49,000 --> 00:06:51,000 I I didn't intend to end up here. 135 00:06:52,200 --> 00:06:56,240 I have always been someone who's really interested in in AI and 136 00:06:56,440 --> 00:06:59,480 that was the scope of what I was really interested to work on 137 00:06:59,480 --> 00:07:04,000 when I joined MIT for my PhD. And kind of the broad question 138 00:07:04,000 --> 00:07:08,880 was how do we build more robust security and safeguards on AI? 139 00:07:08,880 --> 00:07:12,120 And this is before ChatGPT, before it kind of aid the world. 140 00:07:12,920 --> 00:07:18,040 And over the course of my PHDAI got better and better chat bots 141 00:07:18,040 --> 00:07:21,680 became a thing. And this idea of AI agents 142 00:07:21,680 --> 00:07:26,520 started popping up where these crazy, wacky ChatGPT language 143 00:07:26,520 --> 00:07:29,120 models were going to go and do things that interact with 144 00:07:29,120 --> 00:07:32,800 services. And it just become became 145 00:07:33,040 --> 00:07:36,800 remarkably apparent that access controls and identity was going 146 00:07:36,800 --> 00:07:38,680 to matter more and more as part of that. 147 00:07:39,200 --> 00:07:42,480 And so I, I started shifting my research towards that direction. 148 00:07:42,640 --> 00:07:46,400 And ever since then, that has been everything that has 149 00:07:46,400 --> 00:07:50,320 consumed my mind for the last year or so is identity access 150 00:07:50,320 --> 00:07:53,960 management for agents, the future of robust consumer 151 00:07:53,960 --> 00:07:56,800 marketplaces for agents, as well as the kind of enterprise 152 00:07:56,800 --> 00:07:59,000 questions around how we deploy agents. 153 00:08:00,280 --> 00:08:04,160 Did your definition of AI change the first time you kind of 154 00:08:04,160 --> 00:08:07,920 became cognizant of things like a large language model and you 155 00:08:07,920 --> 00:08:10,120 know, specifically like the generative AI component? 156 00:08:10,120 --> 00:08:13,480 Because I feel like it was AI before it was really like 157 00:08:13,480 --> 00:08:15,240 machine learning and sort of pattern matching, right, and 158 00:08:15,240 --> 00:08:17,880 things like that. And then I saw what opened up 159 00:08:17,880 --> 00:08:20,800 and I was like, Oh my gosh, that's AII want that. 160 00:08:21,840 --> 00:08:23,640 I'm curious if you felt the same or felt differently. 161 00:08:24,600 --> 00:08:28,200 Even for folks who had seen language models before, small 162 00:08:28,200 --> 00:08:31,240 language models that would, you know, generate a couple tokens, 163 00:08:31,240 --> 00:08:32,880 generate a couple words, give you a poem. 164 00:08:33,400 --> 00:08:36,919 I do think the ChatGPT moment still changed a lot of minds. 165 00:08:37,559 --> 00:08:41,559 And even beyond there once tool calling anything when when 166 00:08:41,760 --> 00:08:45,200 language models could go and and write a Jason that could then 167 00:08:45,520 --> 00:08:48,400 query an API. I think that really changed the 168 00:08:48,400 --> 00:08:51,120 minds of a lot of people very quickly in space. 169 00:08:52,120 --> 00:08:53,120 Yeah. Now we've got, you know, things 170 00:08:53,120 --> 00:08:55,560 like vibe coding and all kinds of different things that people 171 00:08:55,560 --> 00:08:57,880 are doing. Tell me what about your role 172 00:08:57,880 --> 00:09:01,240 with Open ID? So tell me about the AI Identity 173 00:09:01,240 --> 00:09:04,040 Management Community group, which is not a working group. 174 00:09:04,040 --> 00:09:06,560 I know there's a very clear, you know, differentiation, but tell 175 00:09:06,560 --> 00:09:07,920 us about that role that you're serving on there. 176 00:09:08,720 --> 00:09:11,160 Yeah. So in, in January or February, 177 00:09:11,160 --> 00:09:15,000 we put out this paper on authenticated delegation and 178 00:09:15,000 --> 00:09:20,360 authorization and delegated authority is this topic that 179 00:09:20,440 --> 00:09:23,320 people have often cared about where, you know, maybe I want to 180 00:09:23,320 --> 00:09:26,680 delegate authority to, to an agent to, to like a human, human 181 00:09:26,680 --> 00:09:29,680 agent to a sub process that's constrained. 182 00:09:30,080 --> 00:09:32,360 But with AI agents, this kind of blows up. 183 00:09:32,480 --> 00:09:36,080 We're going to have these chat bots that are non deterministic 184 00:09:36,480 --> 00:09:38,200 that can go out and do things for us. 185 00:09:38,200 --> 00:09:42,120 So we hosted a series of workshop at workshops at 186 00:09:42,120 --> 00:09:45,760 Stanford to get people talking about this and figure out what 187 00:09:45,760 --> 00:09:47,920 the future is. And it was clear there was just 188 00:09:47,920 --> 00:09:51,040 a a need for space for a community to talk more and more 189 00:09:51,040 --> 00:09:53,640 about this. And so the Open ID Foundation 190 00:09:53,680 --> 00:09:56,640 put together a community group which I now Co chair, to host 191 00:09:56,640 --> 00:10:00,320 these discussions and figure out what we need to build to make a 192 00:10:00,400 --> 00:10:04,600 safe future with agents. So, Tobin, I wanted to ask you 193 00:10:04,600 --> 00:10:05,760 early. I wanted to go back out. 194 00:10:07,040 --> 00:10:09,640 It's happening too quickly for me to get my follow up question. 195 00:10:09,640 --> 00:10:13,400 But like you talked about that ChatGPT moment and I felt like 196 00:10:13,400 --> 00:10:17,800 it was when GPT 4 kind of came out. 197 00:10:17,800 --> 00:10:21,040 Like that seemed to be where everybody's like eyes started to 198 00:10:21,040 --> 00:10:23,800 really open and you'd hear about it and you're like, oh, I've got 199 00:10:23,800 --> 00:10:27,200 to go out and check this out. It's like, whoa, can't believe a 200 00:10:27,200 --> 00:10:30,280 computer's actually doing this. I thought like it took an 201 00:10:30,280 --> 00:10:33,160 instruction and it kind of like figured out how to spit out an 202 00:10:33,160 --> 00:10:36,400 answer. But this thing is much more so, 203 00:10:36,800 --> 00:10:41,600 Is that the moment for you? I think it was there's this idea 204 00:10:41,600 --> 00:10:45,920 in AI of instruction training. So language models were just 205 00:10:45,920 --> 00:10:50,360 trained on spitting out text, not doing what you want them to 206 00:10:50,360 --> 00:10:52,520 do. You know, anyone who was a 207 00:10:52,520 --> 00:10:55,040 machine learning practitioner was constantly fighting against 208 00:10:55,040 --> 00:10:58,480 the idea that AI does what the data tells it, not what you want 209 00:10:58,480 --> 00:11:00,840 it to do. That was the whole art form of 210 00:11:00,840 --> 00:11:02,280 being a machine learning engineer. 211 00:11:02,280 --> 00:11:04,520 And instruction following changed that on its head. 212 00:11:05,120 --> 00:11:10,200 It created AIS that could, you could give it a natural language 213 00:11:10,200 --> 00:11:11,800 instruction and it would go and do a thing. 214 00:11:12,360 --> 00:11:15,840 And kind of from that moment onwards, we've seen this slow 215 00:11:15,840 --> 00:11:18,800 trend towards it being better and better at doing what you 216 00:11:18,800 --> 00:11:24,280 want it to do, to the point where today you can tell it to 217 00:11:24,560 --> 00:11:27,360 do a thing and it might do it wrong, it might not use the 218 00:11:27,360 --> 00:11:29,920 right tools. It gets confused along the way. 219 00:11:30,200 --> 00:11:32,520 And that's why a lot of people kind of have this skepticism 220 00:11:32,520 --> 00:11:35,960 about AI agents and they haven't had their ChatGPT moment yet 221 00:11:35,960 --> 00:11:38,640 maybe. But to me, it seems like a 222 00:11:38,640 --> 00:11:41,200 really smooth trend where we're just getting better and better 223 00:11:41,400 --> 00:11:44,560 at having an AI do what you want it to do, no matter what that 224 00:11:44,560 --> 00:11:48,440 magically entails. Yeah, I'm actually working on a 225 00:11:48,440 --> 00:11:52,560 project that I guess I'm getting into all the details, right? 226 00:11:52,560 --> 00:11:58,320 It's like a chat agent or I feel like the term assistant is 227 00:11:58,320 --> 00:12:01,800 better, but let's say it's an agent that can have a 228 00:12:01,800 --> 00:12:05,160 conversation with a person to figure out what training makes 229 00:12:05,160 --> 00:12:07,240 sense for them. And it understands all the rules 230 00:12:07,240 --> 00:12:09,640 of like, hey, you got to do these things, these are some 231 00:12:09,680 --> 00:12:11,880 required trainings, things like that. 232 00:12:13,200 --> 00:12:16,760 And it kind of where I really want to take it is it can get to 233 00:12:16,760 --> 00:12:19,800 the point where it says, OK, Tobin, these are some courses 234 00:12:19,800 --> 00:12:22,400 that you should take. Would you like me to go onto 235 00:12:22,400 --> 00:12:26,120 your calendar and set a reminder or would you like me to go and 236 00:12:26,120 --> 00:12:32,280 register you for this course? And I, I think that's where the 237 00:12:32,280 --> 00:12:38,080 difference between a user and an agent identity really it goes. 238 00:12:38,080 --> 00:12:40,800 So it might let me ask the question of simply is like, 239 00:12:40,800 --> 00:12:43,080 what's the difference between a user and an agent? 240 00:12:43,320 --> 00:12:45,760 But kind of understanding that I already realized what the 241 00:12:45,760 --> 00:12:49,120 difference is, I guess I'm wondering from an identity 242 00:12:49,120 --> 00:12:51,680 perspective. Yeah. 243 00:12:51,680 --> 00:12:55,960 So I, I think to start off with the term agent is terrible and 244 00:12:55,960 --> 00:12:58,640 has made all of our lives, you know, much harder. 245 00:12:58,840 --> 00:13:01,040 At least it found this podcast interesting. 246 00:13:01,040 --> 00:13:04,120 You know, it's, it's, it does well on search engine 247 00:13:04,120 --> 00:13:07,000 optimization and it makes for good podcast titles. 248 00:13:07,320 --> 00:13:09,760 But in practice, when you're building systems, it's kind of 249 00:13:09,760 --> 00:13:13,560 confusing. And so AI can mean many 250 00:13:13,560 --> 00:13:17,720 different things. Sometimes it is a human being 251 00:13:17,760 --> 00:13:21,520 talking to an AI, more of an assistant context and that AI is 252 00:13:21,520 --> 00:13:25,080 just helping them do something. And this is not that much 253 00:13:25,080 --> 00:13:28,040 different from a a user interacting with the surface, 254 00:13:28,200 --> 00:13:30,080 subtly different but but not massively. 255 00:13:30,600 --> 00:13:37,200 Then there is I use an AI and ask it to go and do stuff and I 256 00:13:37,200 --> 00:13:40,360 gesture towards what that stuff looks like, but I don't really 257 00:13:40,360 --> 00:13:41,840 tell it. This is more like vibe coding. 258 00:13:42,360 --> 00:13:46,760 You know, my my clawed code has access to MCP servers for GitHub 259 00:13:46,960 --> 00:13:50,680 and to Super Bass, and it can spin up databases and use them 260 00:13:50,680 --> 00:13:53,440 as required. This is no longer me really 261 00:13:53,440 --> 00:13:55,360 being in the loop. It's more of a delegated 262 00:13:55,360 --> 00:13:59,480 authority use case. And then there is AI, which kind 263 00:13:59,480 --> 00:14:03,080 of acts like a service account. It's a theme that runs in the 264 00:14:03,080 --> 00:14:05,280 background. I never touch it and it goes and 265 00:14:05,280 --> 00:14:09,840 it just runs AII use a a workflow that drafts replies to 266 00:14:09,840 --> 00:14:12,920 emails on my behalf based on a bunch of custom system prompts 267 00:14:12,920 --> 00:14:16,840 and access to services. And this is nothing like ChatGPT 268 00:14:16,840 --> 00:14:19,760 right in, in an from an identity management perspective, this is 269 00:14:19,760 --> 00:14:21,400 just a a service account workload. 270 00:14:22,360 --> 00:14:26,040 And yet we kind of throw these all under the heading of agent, 271 00:14:26,360 --> 00:14:27,680 even if it doesn't make any sense. 272 00:14:29,000 --> 00:14:32,560 Yeah, I feel like I've been hearing this comment a couple of 273 00:14:32,560 --> 00:14:38,080 Times Now recently where like you think of Agent as a bot. 274 00:14:38,680 --> 00:14:42,920 We spent our career keeping the bots out and now we have to 275 00:14:42,920 --> 00:14:46,440 figure out how to let the bots in or the right bots in and 276 00:14:46,440 --> 00:14:49,360 let's do the right things. Just what do you think when you 277 00:14:49,360 --> 00:14:52,640 hear that? Yeah, I mean, I think the 278 00:14:52,640 --> 00:14:57,520 concept of a bot is a is a terrifying word to use nowadays. 279 00:14:57,920 --> 00:15:02,360 So one of the ways AI can interact with services is 280 00:15:02,360 --> 00:15:04,360 through the web. And like we've been trying to 281 00:15:04,360 --> 00:15:07,000 fight bots on the web for years and years and years. 282 00:15:07,240 --> 00:15:11,000 And now one of the things people want is like, oh, we, we want 283 00:15:11,000 --> 00:15:13,760 those bots. Because if, if I'm going to use 284 00:15:13,760 --> 00:15:17,760 Chat GPTS agent mode, which, you know, opens a browser and clicks 285 00:15:17,760 --> 00:15:22,640 buttons very slowly to buy stuff, if I block that bot, 286 00:15:23,120 --> 00:15:25,840 well, then people stop buying stuff on my website. 287 00:15:26,760 --> 00:15:29,480 And so then you go to whoever is building the bot blocking 288 00:15:29,480 --> 00:15:32,280 software and says, well, we, we don't want the bots, but we do 289 00:15:32,280 --> 00:15:36,320 want those bots. And this has led to this kind of 290 00:15:36,320 --> 00:15:38,680 blossoming of questions and solutions. 291 00:15:38,760 --> 00:15:40,760 Web Bot Auth, which is a standard supported by 292 00:15:40,760 --> 00:15:43,640 Cloudflare, a browser based to identify bots on the web. 293 00:15:44,400 --> 00:15:48,760 Payment questions, people doing X4O2 where you know, four O 1 294 00:15:48,760 --> 00:15:52,920 being the the authorization needed error code, four O 2 295 00:15:52,920 --> 00:15:55,720 being payment needed. And so there's all these wacky 296 00:15:55,720 --> 00:16:00,000 questions that you know people had written off over the last 297 00:16:00,000 --> 00:16:02,120 decade or two that now are coming back into question. 298 00:16:02,200 --> 00:16:03,800 It's a fun time to be in the Internet. 299 00:16:04,480 --> 00:16:07,440 I find it so fun that we are, you know, we've spent the last 300 00:16:07,440 --> 00:16:09,520 decade trying to prove that we are not bots. 301 00:16:09,880 --> 00:16:12,440 You know, pick all the pictures of a hot dog, pick all the 302 00:16:12,440 --> 00:16:15,480 pictures of a motorcycle. And what are we doing now? 303 00:16:15,480 --> 00:16:17,840 We're training our bots to do those things, you know, on our 304 00:16:17,840 --> 00:16:19,400 behalf. That's just where we are. 305 00:16:20,920 --> 00:16:23,560 If anything, I think AI is getting better at doing captures 306 00:16:23,560 --> 00:16:25,120 than I am. Yeah. 307 00:16:25,120 --> 00:16:27,560 Well, I, I'm not very good at it. 308 00:16:27,560 --> 00:16:30,680 A lot of times it's like pick the, pick all of the pictures 309 00:16:30,680 --> 00:16:34,040 with the bus. I'm like that one with traffic 310 00:16:34,040 --> 00:16:35,000 there. Is that a bus? 311 00:16:35,000 --> 00:16:38,040 I don't know. I don't know. 312 00:16:38,040 --> 00:16:41,920 I usually get through those, so I figure I must not be answering 313 00:16:41,920 --> 00:16:46,200 that poorly for now, you know? We might remove your human 314 00:16:46,200 --> 00:16:51,760 status soon. You know, so in my mind, there's 315 00:16:51,760 --> 00:16:54,480 different kinds of agents. And I like I said, I like the 316 00:16:54,480 --> 00:16:59,120 term assistant because I can see a scenario where people are 317 00:16:59,320 --> 00:17:04,480 creating their own assistance. And so wondering from like an 318 00:17:04,480 --> 00:17:07,880 identity standpoint when you're talking about AI agents and the 319 00:17:07,880 --> 00:17:12,839 ability for them to impersonate a person, right? 320 00:17:13,240 --> 00:17:15,800 And I think that's a big topic that's in the paper that you 321 00:17:15,800 --> 00:17:17,800 wrote. It's like, ultimately that's 322 00:17:17,800 --> 00:17:19,160 what we're driving toward, right? 323 00:17:19,160 --> 00:17:25,200 Is the ability to set up an identity for this assistant 324 00:17:25,200 --> 00:17:27,400 agent bot, you call it what you want. 325 00:17:28,200 --> 00:17:31,640 Who's setting that up? Is that kind of coming with the 326 00:17:31,640 --> 00:17:34,720 package or is the end user setting that up? 327 00:17:34,720 --> 00:17:38,480 Or does it make sense for an administrator to set that up? 328 00:17:38,680 --> 00:17:43,120 And please tell me that we don't end up just put your username, 329 00:17:43,120 --> 00:17:46,800 password into this agent and we're just going to log in as 330 00:17:46,800 --> 00:17:48,800 you. I mean, isn't that like the the 331 00:17:48,800 --> 00:17:53,040 worst case scenario? That that that use case scenario 332 00:17:53,040 --> 00:17:57,040 keeps me up at night. The so think of this back when, 333 00:17:57,120 --> 00:17:59,600 when we had human assistance. I like the term assistance. 334 00:17:59,600 --> 00:18:01,400 We've had human assistance for many years. 335 00:18:02,120 --> 00:18:09,920 And how would you give someone access to your services? 336 00:18:12,360 --> 00:18:14,440 You could just give them or your password, give them your one 337 00:18:14,440 --> 00:18:21,200 password admin login. Not a great idea, but people do 338 00:18:21,200 --> 00:18:23,160 do it. There's a version of that you 339 00:18:23,160 --> 00:18:26,360 can do with AI, But the question is, how much do you trust that 340 00:18:26,360 --> 00:18:30,120 human being? And so if you want to, you know, 341 00:18:30,400 --> 00:18:34,560 have some modicum of security involved, you probably want to 342 00:18:34,560 --> 00:18:38,080 give them selective access to some services. 343 00:18:38,240 --> 00:18:40,760 And you probably want to know what actions are taken by them 344 00:18:40,760 --> 00:18:43,080 versus taken by you. Was the e-mail sent by an 345 00:18:43,080 --> 00:18:48,600 assistant or was it sent by you? And the reason AI is interesting 346 00:18:48,600 --> 00:18:52,240 here is because this is just expanded in, you know, the the 347 00:18:52,240 --> 00:18:54,000 scope of what can be done is expanded. 348 00:18:54,080 --> 00:18:56,800 More people are going to have these assistants helping them 349 00:18:57,960 --> 00:19:00,840 and there's going to be, you know, exponentially greater 350 00:19:00,840 --> 00:19:05,480 risks as these AIS do things faster than you can oversee. 351 00:19:06,240 --> 00:19:09,200 And that is why I think we really need to rethink identity 352 00:19:09,200 --> 00:19:11,440 for this. I think to kind of answer the 353 00:19:11,440 --> 00:19:14,600 question you actually asked of who is setting up this identity, 354 00:19:15,040 --> 00:19:18,040 I think a lot of the owners in a consumer application is on the 355 00:19:18,040 --> 00:19:22,120 consumer chat box, people who are building these assistants. 356 00:19:22,960 --> 00:19:28,200 It's also on the web and standard setters to build robust 357 00:19:28,200 --> 00:19:31,440 notions of identity into that. And then in the enterprise use 358 00:19:31,440 --> 00:19:34,440 case, we, I think a lot of the really robust identity 359 00:19:34,440 --> 00:19:38,480 infrastructure comes to play. It's on enterprises to have 360 00:19:38,480 --> 00:19:42,760 sensible policies and procedures around identity access 361 00:19:42,760 --> 00:19:46,560 management of ages. So when we talk about this, I 362 00:19:46,640 --> 00:19:50,400 mean, there's essentially there's major topic that you 363 00:19:50,400 --> 00:19:53,960 brought on, it took on in the paper impersonation versus 364 00:19:53,960 --> 00:19:55,520 delegation. I haven't. 365 00:19:55,880 --> 00:20:00,200 It's interesting because it brought me back to what I see 366 00:20:00,200 --> 00:20:05,280 like in my early days in IT where an executive would have an 367 00:20:05,280 --> 00:20:08,000 executive assistant. The executive didn't even know 368 00:20:08,000 --> 00:20:12,680 how to go in and do an access review, if you even had that at 369 00:20:12,680 --> 00:20:14,680 that point. But they didn't know they would 370 00:20:14,680 --> 00:20:16,920 go in and like, approve access and. 371 00:20:17,640 --> 00:20:21,200 I actually work for people where their assistant would print out 372 00:20:21,200 --> 00:20:24,440 their emails and put a stack of paper on their desk so they 373 00:20:24,440 --> 00:20:29,320 could go through their emails. Yeah, such situation. 374 00:20:29,320 --> 00:20:34,120 But it kind of, it's kind of the human version of this process 375 00:20:34,120 --> 00:20:36,880 Now. I guess the question is like, 376 00:20:36,880 --> 00:20:40,360 what is the right way? Is that what you guys are 377 00:20:40,360 --> 00:20:43,200 driving toward? And is it to set up some kind of 378 00:20:43,200 --> 00:20:46,360 standard for like what is acceptable, what is best 379 00:20:46,360 --> 00:20:48,120 practice? Because I think from a 380 00:20:48,120 --> 00:20:50,960 practitioner standpoint, there's one of those areas where it's 381 00:20:50,960 --> 00:20:56,720 like, just tell us what to do. Well, Jim, I can build you an AI 382 00:20:56,720 --> 00:20:59,520 agent that will print out all your emails so you can go back 383 00:20:59,520 --> 00:21:01,560 to handwriting them. I think that maybe that's a 384 00:21:01,560 --> 00:21:03,320 better world. We do need to stop using all 385 00:21:03,320 --> 00:21:07,200 these phones all the time, so. Maybe that I'll just say please 386 00:21:07,200 --> 00:21:08,920 don't like. Yeah, I just got an iPad. 387 00:21:09,080 --> 00:21:13,360 It's still in the box but I'm going to just doing my emails 388 00:21:13,360 --> 00:21:16,280 there. You know, I, I think a lot of 389 00:21:16,280 --> 00:21:19,240 people believe that AI agents are going to solve all of our 390 00:21:19,240 --> 00:21:21,800 problems. And I think much in the same way 391 00:21:21,800 --> 00:21:24,400 you think an iPad is going to make you better at replying to 392 00:21:24,400 --> 00:21:27,360 emails quickly. It's not you're the problem. 393 00:21:28,240 --> 00:21:31,600 And it doesn't matter how good I have an AI that writes emails 394 00:21:31,600 --> 00:21:35,880 for you, drafts emails, and yet this limiting reagent is still 395 00:21:35,880 --> 00:21:39,840 me clicking set because I'm not going to let AI send the emails 396 00:21:39,840 --> 00:21:43,480 on my behalf. Draft, OK, but send would get 397 00:21:43,560 --> 00:21:47,880 hairy very quickly. So your question, what is the 398 00:21:47,880 --> 00:21:51,840 right solution? I really wish I could come on 399 00:21:51,840 --> 00:21:56,400 this podcast and say to you that like here is a magic fix that 400 00:21:56,400 --> 00:21:59,280 will solve all your problems that doesn't exist. 401 00:21:59,480 --> 00:22:02,320 It's not ever going to exist and anyone trying to tell you it 402 00:22:02,360 --> 00:22:05,880 will is selling you a product instead. 403 00:22:06,520 --> 00:22:10,480 There's a bunch of steps we can do with current web identity 404 00:22:10,480 --> 00:22:13,720 infrastructure, delegated authority tooling and enterprise 405 00:22:13,720 --> 00:22:18,240 identity infrastructure to make things ready for AI agents or or 406 00:22:18,320 --> 00:22:23,640 you know, be using them already and you see this already in kind 407 00:22:23,640 --> 00:22:25,760 of the enterprise use case. You want to have an enterprise 408 00:22:25,760 --> 00:22:28,600 assistant, human assistant. We have some tools for that in 409 00:22:28,600 --> 00:22:30,560 whatever identity provider you use. 410 00:22:31,120 --> 00:22:33,760 Well, most of these identity providers are also setting up 411 00:22:33,760 --> 00:22:36,960 tooling around agents so that you can declare that something 412 00:22:36,960 --> 00:22:39,840 is an AI agent, that it is delegated on behalf of a human 413 00:22:39,840 --> 00:22:41,840 being. You can provision it, de 414 00:22:41,840 --> 00:22:44,560 provision it in enterprise identity management tooling. 415 00:22:45,800 --> 00:22:49,560 And essentially everyone in this ecosystem is very aware that 416 00:22:49,560 --> 00:22:51,680 this is a problem and working towards it. 417 00:22:52,120 --> 00:22:55,280 And so I may not have one solution, but I'm promising you 418 00:22:55,280 --> 00:22:58,120 will get a lot of emails over the next year of people selling 419 00:22:58,120 --> 00:23:01,160 you solutions to fix them. So we've got that to look 420 00:23:01,160 --> 00:23:03,200 forward to it every conference. You know, it's already starting 421 00:23:03,200 --> 00:23:05,320 to show up as like manage your agentic AI. 422 00:23:06,000 --> 00:23:08,960 You talked about that delegation and you know, that's going to be 423 00:23:09,400 --> 00:23:13,840 a big part of it because the whole point of agentic AI is 424 00:23:14,080 --> 00:23:16,240 autonomy, right? It's doing things on your 425 00:23:16,240 --> 00:23:17,840 behalf. And so of course, it has to have 426 00:23:18,280 --> 00:23:19,680 some level of delegated authority. 427 00:23:19,680 --> 00:23:23,040 But that delegation does not absolve, you know, the 428 00:23:23,040 --> 00:23:26,280 governance, the consent, right, that needs to take place. 429 00:23:26,280 --> 00:23:30,000 Say, yes, I do authorize Jeff Bot to go do these things. 430 00:23:30,720 --> 00:23:33,840 How do I keep track of that? Because that human oversight 431 00:23:33,840 --> 00:23:37,120 that is supposed to be there, typically over like a human 432 00:23:37,120 --> 00:23:40,840 level ID operating at human time scale is going to be very 433 00:23:40,840 --> 00:23:43,280 different when you're talking about agentic, meaning 434 00:23:43,280 --> 00:23:47,080 millisecond time scale and hundreds, thousands maybe of 435 00:23:47,080 --> 00:23:49,440 these bots, maybe millions of these bots kind of all doing 436 00:23:49,440 --> 00:23:52,640 their own thing. Like how do you manage that that 437 00:23:52,640 --> 00:23:55,320 automation and make sure that's governed and that the right 438 00:23:55,320 --> 00:23:58,120 consent is in place to for it to for it to do those things? 439 00:23:59,520 --> 00:24:03,720 Yeah, I mean, I really like that comment that AI is about 440 00:24:03,720 --> 00:24:07,760 autonomy and I think the better AI is the more autonomy you give 441 00:24:07,760 --> 00:24:10,280 it. The dream of everyone building 442 00:24:10,280 --> 00:24:14,160 these highly effective long running AI agents is to give 443 00:24:14,160 --> 00:24:17,000 them one instruction or maybe an amorphous goal and they 444 00:24:17,000 --> 00:24:19,160 continuously run and solve problems for you. 445 00:24:20,000 --> 00:24:22,840 That is the exciting part. That is what all the evaluations 446 00:24:22,840 --> 00:24:27,000 for AI Labs is built upon, and I think they're going to solve 447 00:24:27,000 --> 00:24:28,440 that. I think all of the AI models 448 00:24:28,440 --> 00:24:31,000 will get better at long time horizon tasks. 449 00:24:31,240 --> 00:24:33,680 The expression that has been going around Stanford recently 450 00:24:33,680 --> 00:24:36,880 is that AI is the worst it's ever going to be. 451 00:24:38,240 --> 00:24:41,200 And so if you don't believe that an agent is capable of 452 00:24:41,480 --> 00:24:45,600 continuously running a task effectively using tools right 453 00:24:45,600 --> 00:24:48,360 now, at some point in the future, whenever that is, you 454 00:24:48,360 --> 00:24:50,480 can believe whatever timeline you want, it will get better. 455 00:24:51,840 --> 00:24:55,360 But I think the block on that, the thing that's going to stop 456 00:24:55,360 --> 00:25:00,720 it being able to do stuff is access is commissions, human 457 00:25:00,720 --> 00:25:04,480 oversight, management of the access to services for AI agents 458 00:25:04,720 --> 00:25:08,640 is going to be the limiter on really cool agents. 459 00:25:09,760 --> 00:25:11,720 So I find interesting that you mentioned that because we've 460 00:25:11,720 --> 00:25:14,000 been saying that for a while, like this is the worst it will 461 00:25:14,000 --> 00:25:16,880 ever be. I've had to change that saying 462 00:25:16,880 --> 00:25:20,800 though, because worst implies to some people good and bad. 463 00:25:21,080 --> 00:25:24,400 And So what I've said is like, this is the least capable AI 464 00:25:24,400 --> 00:25:25,960 will ever be is right this second. 465 00:25:26,040 --> 00:25:29,280 You know, as we're recording this, it will be better or it'll 466 00:25:29,360 --> 00:25:32,880 say it'll be more capable. 5 minutes, 10 minutes, right and 467 00:25:32,880 --> 00:25:35,160 so forth and so forth. So I do find interesting that, 468 00:25:35,160 --> 00:25:37,800 you know, hey, Jim, we're, I can, we're, I can good circles 469 00:25:37,800 --> 00:25:39,400 here. We're we're thinking like 470 00:25:39,400 --> 00:25:43,800 Stanford folks. I know it's really, it's really 471 00:25:43,800 --> 00:25:46,840 eye opening. You know, one thing that I kind 472 00:25:46,840 --> 00:25:52,880 of feel like I've found is some of the call centers that we dial 473 00:25:52,880 --> 00:25:56,800 into like the AI is getting really, really good. 474 00:25:57,000 --> 00:26:01,880 We can, I mean, some companies are under invested and you know, 475 00:26:01,880 --> 00:26:04,560 there should be a wall of shame for that because you get on and 476 00:26:04,560 --> 00:26:08,600 it's like your AI is garbage and you just say I need to speak to 477 00:26:08,600 --> 00:26:10,240 a human, I need to speak to a human. 478 00:26:10,240 --> 00:26:12,480 But there are others where they're actually good. 479 00:26:13,040 --> 00:26:17,520 But I feel like no matter how good they are, eventually they 480 00:26:17,800 --> 00:26:23,560 hit some kind of guardrail where it's like the AI agent just 481 00:26:23,560 --> 00:26:25,040 isn't going to solve that problem for you. 482 00:26:25,040 --> 00:26:29,600 It's like, hey, I got billed twice last month and I need you 483 00:26:29,600 --> 00:26:33,160 to refund me the money. I was like, OK, well, this could 484 00:26:33,160 --> 00:26:35,960 be a fraud scenario, so we're actually going to forward you to 485 00:26:35,960 --> 00:26:39,800 a person. And why do I bring all that up? 486 00:26:40,000 --> 00:26:45,640 Because I kind of feel like if you, you know, you can say, OK, 487 00:26:45,680 --> 00:26:47,880 here's Tobin. He's a human being and he's got 488 00:26:47,880 --> 00:26:53,760 these five agent identities and those agents go off and do 489 00:26:53,760 --> 00:26:57,160 something. You almost potentially could 490 00:26:57,160 --> 00:27:00,560 say, well, I didn't know what that agent was going off to do, 491 00:27:00,560 --> 00:27:02,360 right? Like if there's not enough 492 00:27:02,800 --> 00:27:05,600 logging and accountability behind those agents. 493 00:27:05,600 --> 00:27:11,400 So you almost have to in addition to just logging it, but 494 00:27:11,400 --> 00:27:12,960 you have to have the right guardrails. 495 00:27:12,960 --> 00:27:15,560 And maybe it's maybe it's a matter of having the right 496 00:27:15,560 --> 00:27:18,680 authorization so that it can't do things that you wouldn't 497 00:27:18,680 --> 00:27:21,760 expect it to do. But I also think there's process 498 00:27:21,760 --> 00:27:25,240 guardrails. And so identity management and 499 00:27:25,240 --> 00:27:29,960 identity security bump up to you know, we've got some of this has 500 00:27:29,960 --> 00:27:32,320 got to fall back to the business process. 501 00:27:33,160 --> 00:27:37,120 Yeah, I, I think the element that you're describing with 502 00:27:37,120 --> 00:27:40,520 respect to liability is a huge, huge issue here. 503 00:27:40,840 --> 00:27:43,240 We, we have a bunch of work on going at Stanford in 504 00:27:43,240 --> 00:27:47,120 collaboration with part of the Stanford Law School on what 505 00:27:47,120 --> 00:27:52,600 liability looks like in AI. The law has a concept of agency 506 00:27:52,840 --> 00:27:55,960 with not to be confused with AI agents, but the idea that an 507 00:27:55,960 --> 00:27:59,280 individual can take actions. And if you have the agency to 508 00:27:59,320 --> 00:28:01,880 take an action, you may have the liability as part of that. 509 00:28:02,640 --> 00:28:08,240 And it's very unclear when you tell ChatGPT or Claude to go and 510 00:28:08,240 --> 00:28:12,560 do a thing and then it does that thing kind of wrong, right? 511 00:28:12,720 --> 00:28:17,800 You go and say, buy me a new couch and it doesn't have enough 512 00:28:17,800 --> 00:28:21,840 money to buy a couch. So it remortgages your house in 513 00:28:21,840 --> 00:28:25,000 order to pay for it. Who's responsible for that loan, 514 00:28:25,520 --> 00:28:26,360 right? Like that's a, that's a 515 00:28:26,360 --> 00:28:31,480 consequential action. And so I, I deeply believe that 516 00:28:31,480 --> 00:28:33,920 the way organizations and business processes are 517 00:28:33,920 --> 00:28:37,400 structured is someone needs to be fireable for anything to 518 00:28:37,400 --> 00:28:40,120 work. And if you just have AI doing a 519 00:28:40,120 --> 00:28:43,160 bunch of things and something goes wrong, who do you yell at? 520 00:28:43,240 --> 00:28:44,880 You can't really yell at ChatGPT. 521 00:28:45,240 --> 00:28:46,480 Yeah, I mean, you can. It will. 522 00:28:46,480 --> 00:28:48,400 It will accept it, it will apologize. 523 00:28:48,400 --> 00:28:50,080 It doesn't. It doesn't feel the same. 524 00:28:50,640 --> 00:28:52,160 You're right, I did make a mistake. 525 00:28:53,480 --> 00:28:55,680 You don't want that. It, it, it doesn't fight back 526 00:28:55,680 --> 00:28:56,800 enough, right? Yeah. 527 00:28:58,960 --> 00:29:02,120 So I, I think guardrails matter there. 528 00:29:02,280 --> 00:29:04,960 Part of guardrails is, is you know, this alignment problem, 529 00:29:04,960 --> 00:29:06,680 making sure that AI stays on task. 530 00:29:06,880 --> 00:29:10,560 Part of it is just limiting its access so it can't remortgage 531 00:29:10,560 --> 00:29:15,480 your house and then part of it is understanding when you design 532 00:29:15,600 --> 00:29:19,600 AI system that assistance where the risks and the liabilities 533 00:29:19,600 --> 00:29:21,720 are in that business process automation. 534 00:29:22,760 --> 00:29:25,120 Well, this is sort of like the, you know, trillion dollar 535 00:29:25,120 --> 00:29:27,760 question is who is responsible for the actions of the agent, 536 00:29:28,480 --> 00:29:30,840 right? Ultimately probably a human 537 00:29:30,840 --> 00:29:33,200 somewhere, but they're not going to be able to keep up with their 538 00:29:33,200 --> 00:29:35,560 own agents, let alone all the agents within an organization. 539 00:29:35,560 --> 00:29:39,560 So let me try to spin this into a way that we can make this 540 00:29:39,560 --> 00:29:41,760 helpful, helpful for people listening. 541 00:29:42,640 --> 00:29:45,480 Yeah, I'm going to sit down and I'm going to vibe code, you 542 00:29:45,480 --> 00:29:49,600 know, an app that prints out all of Jim's emails and sends, you 543 00:29:49,600 --> 00:29:52,000 know, the post surface, you know, Postal Service to him. 544 00:29:52,640 --> 00:29:56,400 So to do that, I'm going to have to do some things around agentic 545 00:29:56,400 --> 00:29:58,480 AI and maybe some other things, right, to tap into. 546 00:29:58,960 --> 00:30:01,600 I, I want to talk about MCP in a little bit, but I'm, I'm doing 547 00:30:01,600 --> 00:30:05,960 this type of thing. So what do I do as a developer 548 00:30:06,000 --> 00:30:11,640 or an enterprise Oregon, even a consumer to say how do I get 549 00:30:11,640 --> 00:30:15,160 ready for this from an identity management perspective? 550 00:30:16,560 --> 00:30:21,640 Yes. So every tool that lets you plug 551 00:30:21,640 --> 00:30:25,760 in a tool such as using the model context protocol and 552 00:30:25,760 --> 00:30:29,800 something like clod or if you're using clod code accessing 553 00:30:29,800 --> 00:30:34,560 different tools, there are usually interfaces designed for 554 00:30:34,560 --> 00:30:37,440 humans and then there are interfaces designed for AI 555 00:30:37,440 --> 00:30:40,720 agents. And to give a concrete example, 556 00:30:40,720 --> 00:30:43,800 if you're vibe coding, you like clod code and you want to use 557 00:30:43,800 --> 00:30:47,760 GitHub, there are two different ways you can use GitHub to make 558 00:30:47,760 --> 00:30:53,040 PRS, you know, make a, you know, merge them, manage your commits, 559 00:30:53,560 --> 00:30:54,960 manage your, your, your branches. 560 00:30:55,880 --> 00:30:58,680 And one of them is the command line. 561 00:30:59,160 --> 00:31:02,960 You can just Claude knows how to write a, a GitHub command and 562 00:31:02,960 --> 00:31:07,320 the other one is an MCP server. Now this is like lesser known 563 00:31:07,320 --> 00:31:10,280 about that MCP server, but if you use the GitHub MCP server, 564 00:31:10,840 --> 00:31:14,360 it has explicit restrictions on what can and cannot be done. 565 00:31:14,960 --> 00:31:20,720 And it will make sure that when PRS are made, it's tied to an 566 00:31:20,720 --> 00:31:22,960 agent identity. GitHub is tracking when 567 00:31:22,960 --> 00:31:25,360 something comes through MCP, when it comes through an AI 568 00:31:25,360 --> 00:31:28,480 agent, as opposed to coming through your command line, which 569 00:31:28,480 --> 00:31:32,120 looks like you. That is one of those benefits of 570 00:31:32,120 --> 00:31:34,160 using the right interface for AI. 571 00:31:35,560 --> 00:31:40,640 And I think this analogy can apply a bunch about across a 572 00:31:40,640 --> 00:31:45,080 bunch of different tools. There's a bank that has an MCP 573 00:31:45,080 --> 00:31:48,760 server that will let you read banking information and automate 574 00:31:48,760 --> 00:31:51,240 your finances. Now it's read only. 575 00:31:51,480 --> 00:31:54,280 Everyone can remain calm. We're not vibe coding our banks 576 00:31:54,280 --> 00:31:59,040 yet, I hope. But having that interface and 577 00:31:59,040 --> 00:32:02,720 declaring an upfront, especially if you're building AI tools, I 578 00:32:02,720 --> 00:32:04,720 think it's super helpful, not just for you and your own 579 00:32:04,720 --> 00:32:09,200 management, but to offer to your consumers to, you know, other 580 00:32:09,200 --> 00:32:12,800 folks using the tools you build. That something is AI and work 581 00:32:12,800 --> 00:32:14,440 towards this better identity infrastructure. 582 00:32:15,720 --> 00:32:19,840 So talk to us a little bit about MCP, just if you just kind of 583 00:32:19,840 --> 00:32:25,320 like start with the level set of what MCP is and then talk about 584 00:32:25,320 --> 00:32:29,240 identity and authorization and how that plays in how that works 585 00:32:29,240 --> 00:32:32,600 through MCP. Brilliant. 586 00:32:32,760 --> 00:32:35,240 We enter the three letter acronym territory. 587 00:32:35,920 --> 00:32:41,320 OK, so the model context protocol MCP is a protocol that 588 00:32:41,320 --> 00:32:45,160 came out in November, December last year, has rapidly taken 589 00:32:45,160 --> 00:32:47,520 over the world. Every company I know is thinking 590 00:32:47,520 --> 00:32:54,480 about the MCP strategy. And I think the best, worst way 591 00:32:54,840 --> 00:32:57,640 to think about it is as a wrap around APIs. 592 00:32:58,160 --> 00:33:00,120 People are used to the concept of an API. 593 00:33:00,160 --> 00:33:05,520 You have some resource, you have some SAS app or Gmail, whatever 594 00:33:05,640 --> 00:33:11,480 that you want to expose to someone building sub link to 595 00:33:11,560 --> 00:33:15,720 allow them to perform actions. This is always had notions of 596 00:33:15,720 --> 00:33:19,200 scopes. Often they involve API keys or 597 00:33:19,200 --> 00:33:24,840 an overflow where users consent to give access to services to 598 00:33:24,840 --> 00:33:31,920 resources and MCP behaves as a kind of first approximation as a 599 00:33:31,920 --> 00:33:35,480 wrapper in front of that. That makes it really easy to 600 00:33:35,480 --> 00:33:40,200 connect to an AIA agent. So it kind of operates in 601 00:33:40,200 --> 00:33:42,840 natural language. It's this translational barrier 602 00:33:42,840 --> 00:33:45,720 between a natural language interface that's happening in 603 00:33:45,720 --> 00:33:50,640 Claude dot ChatGPT and the API which is in more of a machine 604 00:33:50,640 --> 00:33:55,480 readable format now, so. Basically, if you're so let's 605 00:33:55,480 --> 00:33:58,440 just make sure I understand, but if you're of course trying to 606 00:33:58,440 --> 00:34:04,680 develop an AI agent to do something like create that 607 00:34:04,680 --> 00:34:13,760 calendar reminder, the MCP gives you a simple or should I say a 608 00:34:13,760 --> 00:34:19,159 common way to interface with the e-mail system. 609 00:34:19,239 --> 00:34:23,520 Is that right? Yeah, so in this instance, you 610 00:34:23,520 --> 00:34:28,280 already have a Google Calendar API, but that's super painful to 611 00:34:28,280 --> 00:34:31,040 plug into Clot. Like if you go to the ChatGPT 612 00:34:31,040 --> 00:34:35,040 website right now, there's no way to give it access to that 613 00:34:35,159 --> 00:34:38,239 something you've custom built in terms of, you know, sending 614 00:34:38,239 --> 00:34:40,120 emails. But if you make it an MCP 615 00:34:40,120 --> 00:34:42,840 server, now you can add that to ChatGPT. 616 00:34:43,199 --> 00:34:45,679 And now, you know, each morning when you wake up and you want 617 00:34:45,679 --> 00:34:48,320 to, you know, have your like friendly morning conversation 618 00:34:48,320 --> 00:34:52,199 with your friend, ChatGPT, you can go and, and send some emails 619 00:34:52,199 --> 00:34:57,160 while you're at it. And so it's just this connective 620 00:34:57,160 --> 00:35:02,520 tissue that lets you write instructions in natural 621 00:35:02,520 --> 00:35:03,720 language. You literally, when you build an 622 00:35:03,720 --> 00:35:08,320 MCP server, write text that explains how to use different 623 00:35:08,320 --> 00:35:12,040 APIs, how to use different tools to connect to resources. 624 00:35:13,120 --> 00:35:17,680 So practically speaking, if I'm creating enterprise 625 00:35:17,680 --> 00:35:21,960 applications, am I getting my MCP server? 626 00:35:22,280 --> 00:35:25,600 I guess I probably have options, but what is going to be the 627 00:35:25,600 --> 00:35:30,520 typical enterprise you see? So are they going to have a SAS 628 00:35:30,800 --> 00:35:34,560 MCP server that has all the plugins that you could possibly 629 00:35:34,560 --> 00:35:36,800 want? Or is this something that I'm 630 00:35:36,800 --> 00:35:42,040 going to stand up or am I going to get it from my AI large 631 00:35:42,040 --> 00:35:47,960 language model provider? So I really like the internal 632 00:35:47,960 --> 00:35:50,680 enterprise example use case. We're going to talk about 633 00:35:50,680 --> 00:35:52,760 external use cases later if we want. 634 00:35:53,160 --> 00:35:57,560 But you as an employee have a bunch of extremely boring tasks 635 00:35:57,560 --> 00:36:00,360 you perform on a day-to-day basis that involve opening a 636 00:36:00,360 --> 00:36:04,280 website and clicking a series of buttons in the same manner every 637 00:36:04,280 --> 00:36:05,320 single day. We all do. 638 00:36:06,440 --> 00:36:12,320 And there are in many cases APIs that could do that for you, but 639 00:36:12,320 --> 00:36:15,920 you are not going to build button clicking automations 640 00:36:16,080 --> 00:36:18,600 because you're busy clicking buttons and you know you've only 641 00:36:18,600 --> 00:36:22,960 got so much time in the day. What MCP lets you do within a 642 00:36:22,960 --> 00:36:25,880 company is take those operations, which can be done 643 00:36:25,880 --> 00:36:29,800 programmatically and put them in a natural language interface. 644 00:36:29,800 --> 00:36:33,080 So wrap them in an MCP, plug that into your company 645 00:36:33,080 --> 00:36:36,760 employees, chat bots of choice, whether it's ChatGPT, clawed 646 00:36:36,760 --> 00:36:42,800 goose cursor and then the human being, it can go and say, you 647 00:36:43,080 --> 00:36:46,440 know, make you know, check my compliance report can pull 648 00:36:46,440 --> 00:36:49,000 relevant information. It can, you know, write relevant 649 00:36:49,000 --> 00:36:52,680 things, change state externally and do those workflows that you 650 00:36:52,680 --> 00:36:55,280 always had to do by hand, but now do them with a chat bot. 651 00:36:56,480 --> 00:37:00,240 And as you know, you find yourself doing these repeated 652 00:37:00,240 --> 00:37:02,880 chat bot operations. I always do the same thing. 653 00:37:03,080 --> 00:37:07,040 Check the versal deployment for any logs, pull it in, suggest a 654 00:37:07,360 --> 00:37:12,400 fix, write that code, make a new PR, and if you keep seeing this 655 00:37:12,400 --> 00:37:15,800 happen repeatedly, now you can build a semi autonomous agent 656 00:37:15,800 --> 00:37:18,120 that goes and just does this workflow repeatedly. 657 00:37:18,480 --> 00:37:22,120 And I like that mental model of of automating you as a human 658 00:37:22,120 --> 00:37:23,880 being by replacing you with an AII. 659 00:37:25,200 --> 00:37:29,720 Kind of think of like the Matrix and the key master. 660 00:37:29,920 --> 00:37:33,600 So, and this is just my feeble brain trying to wrap my head 661 00:37:33,600 --> 00:37:36,840 around this, and I think of each door that the key master has a, 662 00:37:36,920 --> 00:37:41,720 you know, key to is a portal into another world in the MCP 663 00:37:41,720 --> 00:37:46,280 context of MCP, maybe somewhat redundant right there at the 664 00:37:46,280 --> 00:37:51,680 word context, but it's how, you know, a individual, a thing, an 665 00:37:51,680 --> 00:37:55,400 agent, a bot or whatever it may be can traverse boundaries in a 666 00:37:55,400 --> 00:37:57,400 controlled method. That's the way I kind of look at 667 00:37:57,400 --> 00:37:59,480 it. It's like, OK, yeah, you got Neo 668 00:37:59,480 --> 00:38:02,320 and the agents going through, you know, a bunch of portal 669 00:38:02,320 --> 00:38:05,720 doors kind of in the Matrix, and they shut them behind them. 670 00:38:05,920 --> 00:38:07,880 And when they're shut behind, no one else can kind of flow 671 00:38:07,880 --> 00:38:09,880 through it or, you know, go back into it, those sorts of things. 672 00:38:10,040 --> 00:38:13,920 Am I crazy or you know, did the Matrix invent MCP? 673 00:38:14,960 --> 00:38:17,960 I, you know, I'm not sure I'm willing to go on record to say 674 00:38:17,960 --> 00:38:21,600 the Matrix invented MCPI. Think David from Anthropic might 675 00:38:21,600 --> 00:38:25,320 be a bit annoyed at that claim. But I do think that mental model 676 00:38:25,320 --> 00:38:27,880 makes sense. It is giving you this portal, 677 00:38:28,320 --> 00:38:31,720 two things that have already existed, these these resources, 678 00:38:31,720 --> 00:38:35,760 these APIs or always existed, but now making them accessible 679 00:38:36,520 --> 00:38:41,600 to both AI and through AI humans in a really interesting way. 680 00:38:42,080 --> 00:38:45,080 I want you to put your Nostradamus hat on a little bit 681 00:38:45,080 --> 00:38:46,800 here, right? And talk about MCP. 682 00:38:47,080 --> 00:38:51,120 Is this like the next SAML or is that not a good analogy? 683 00:38:51,120 --> 00:38:54,360 Like I'm just thinking you were SAML, you got this humongous 684 00:38:54,360 --> 00:39:00,360 adoption and like there's all these like ID PS that are SAML 685 00:39:00,360 --> 00:39:03,600 enabled and you can plug in and you can have single sign on to 686 00:39:04,000 --> 00:39:07,480 hundreds or thousands of applications overnight. 687 00:39:07,760 --> 00:39:11,400 And I'm wondering if MCP is going to be that. 688 00:39:11,400 --> 00:39:14,160 Because I think with SAML, it got to the point where I was 689 00:39:14,160 --> 00:39:18,320 like, if you're going to provide a web application online, you 690 00:39:18,320 --> 00:39:22,000 pretty much need to support SAML if you're going to sell to 691 00:39:22,000 --> 00:39:25,200 enterprises. Because unless you're like the 692 00:39:25,200 --> 00:39:27,600 only one in the market, you're going to need that. 693 00:39:28,440 --> 00:39:34,160 And I'm wondering if like MCP becomes that standard, do they 694 00:39:34,160 --> 00:39:37,800 just publish APIs and let somebody else worry about doing 695 00:39:37,800 --> 00:39:42,160 the MCP layer? Yeah, I, I, I, I'm not sure SAML 696 00:39:42,160 --> 00:39:45,080 is the protocol I'd pick, but I totally agree with that analogy 697 00:39:45,080 --> 00:39:46,560 of I think that's what it's going to become. 698 00:39:46,840 --> 00:39:50,800 Maybe it's closer to to to REST in that it's a thing that 699 00:39:50,800 --> 00:39:53,760 everyone decides we should start doing and then everyone does, 700 00:39:54,200 --> 00:39:57,600 and then we all get annoyed at the limitations of it and it 701 00:39:57,600 --> 00:40:00,840 causes a constant pain for developers. 702 00:40:02,000 --> 00:40:02,920 Speaking of that, they're coming. 703 00:40:02,920 --> 00:40:05,800 Behind you if it gets you. Yeah, I, I, I, I've said 704 00:40:05,800 --> 00:40:08,480 something wrong. I, I'm in San Francisco on 705 00:40:08,480 --> 00:40:12,640 Market Street, which is not the calmest place on planet Earth, 706 00:40:12,680 --> 00:40:14,800 but it is where all the MCPS are being built. 707 00:40:17,160 --> 00:40:21,080 So I, I, I really think employees and organizations are 708 00:40:21,080 --> 00:40:24,000 going to expect if you're selling them a SAS app, that 709 00:40:24,280 --> 00:40:27,760 that SAS app is accessible to people who want to just operate 710 00:40:27,760 --> 00:40:29,800 out of a chat bot. We work a lot with folks at 711 00:40:29,800 --> 00:40:34,440 Cursor who build cool apps and they love MCP at Cursor and one 712 00:40:34,440 --> 00:40:36,800 of many coding agents. All the coding agent folks do, 713 00:40:37,000 --> 00:40:39,080 and they want to vibe code their whole lives. 714 00:40:39,640 --> 00:40:42,320 They just want to sit and have AI do all the things. 715 00:40:42,440 --> 00:40:45,280 And so they really want all of their services to have MCP 716 00:40:45,280 --> 00:40:48,440 servers so that they can, you know, stay inside of cursor for 717 00:40:48,440 --> 00:40:50,600 the rest of their lives and never have to go and open a 718 00:40:50,600 --> 00:40:53,440 website. Well, that's a, you know, that's 719 00:40:53,440 --> 00:40:56,040 a monetary driver too, right? Because that MCP is a two way 720 00:40:56,040 --> 00:40:57,480 door. You know, if we're doing 721 00:40:57,480 --> 00:41:00,480 consumption based from a product perspective, that's how you 722 00:41:00,480 --> 00:41:04,120 adequately control and secure those things to make sure that, 723 00:41:04,800 --> 00:41:07,400 you know, obviously the data they're getting is is what it 724 00:41:07,400 --> 00:41:10,120 should be and and so forth. So to me, that makes a lot of 725 00:41:10,120 --> 00:41:11,160 sense. Like, yeah, of course you want 726 00:41:11,160 --> 00:41:13,320 to build that. It's almost like like that 727 00:41:13,320 --> 00:41:16,680 should be a function that is just standard at this point. 728 00:41:17,120 --> 00:41:19,200 Or is it too soon to call it standard? 729 00:41:20,720 --> 00:41:25,200 I think we are now at a point or or let me give you this in like 730 00:41:25,520 --> 00:41:31,520 December 20th of 2026, the standard there are working 731 00:41:31,520 --> 00:41:37,000 groups, essentially every company that I know has someone 732 00:41:37,000 --> 00:41:41,360 working on IMCP. And I like deeply believe that 733 00:41:41,600 --> 00:41:44,480 there will be a product push over the next year for everyone 734 00:41:44,480 --> 00:41:47,120 who wants to be AI forward to support something. 735 00:41:48,120 --> 00:41:51,480 And so we'll see if this collapses. 736 00:41:51,480 --> 00:41:54,760 I mean, look, AI may be one big bubble, but I think this 737 00:41:54,760 --> 00:41:59,840 protocol is here to stay at least as a really clean, robust 738 00:41:59,840 --> 00:42:05,480 way to communicate that tooling is designed for AI and optimize 739 00:42:05,520 --> 00:42:09,280 the agent experience, right? API is a design for a developer 740 00:42:09,280 --> 00:42:10,960 experience. Your website is designed for 741 00:42:10,960 --> 00:42:13,080 humans. We need an interface that's 742 00:42:13,120 --> 00:42:16,440 optimized for agents. So talk to me a little bit about 743 00:42:16,600 --> 00:42:19,240 the concept of recursive delegation and scope 744 00:42:19,240 --> 00:42:22,640 attenuation, because these are things that I picked up from the 745 00:42:22,640 --> 00:42:24,080 white paper. And I should say we're going to 746 00:42:24,080 --> 00:42:26,160 have the white paper LinkedIn, our show notes, so people can 747 00:42:26,160 --> 00:42:28,200 kind of go and read that. It's like 30 pages. 748 00:42:28,200 --> 00:42:30,040 It's, it's, it's very in depth, right? 749 00:42:30,040 --> 00:42:32,800 That sort of thing. But talk to me about what those 750 00:42:32,800 --> 00:42:37,440 things are and why should I care about them as an identity 751 00:42:37,440 --> 00:42:40,040 person? Those are a lot of big words. 752 00:42:40,080 --> 00:42:44,200 Frankly, very scary. Let's unpack them. 753 00:42:44,200 --> 00:42:46,240 OK, delegation. You. 754 00:42:46,520 --> 00:42:49,920 When you want a task dub, you delegate it to something or 755 00:42:49,920 --> 00:42:53,680 someone or some agent. I ask Claude, my favorite AI 756 00:42:53,680 --> 00:43:00,880 assistant, go read all of my emails and find what needs to be 757 00:43:00,880 --> 00:43:02,000 addressed. Great. 758 00:43:02,000 --> 00:43:04,920 That's one step of delegation. Claude's now handling 759 00:43:04,920 --> 00:43:07,000 everything. Now for one of those emails, I 760 00:43:07,000 --> 00:43:10,160 need to go retrieve information, which maybe requires me to ping 761 00:43:10,160 --> 00:43:14,040 someone or go do other stuff. And so Cord has this idea of sub 762 00:43:14,040 --> 00:43:18,360 agents where it can spin up a new AI agent. 763 00:43:18,360 --> 00:43:21,160 Now really all that's happening is a sub process is being 764 00:43:21,160 --> 00:43:25,200 spawned in a system with a clean system prompt, right? 765 00:43:25,400 --> 00:43:27,520 So a lot of AI is about context management. 766 00:43:27,760 --> 00:43:30,600 If you have a lot of nonsense in your context window, AI gets 767 00:43:30,600 --> 00:43:32,920 confused. And so it makes a lot of sense 768 00:43:32,920 --> 00:43:36,680 to spin up a sub agent with a reduced context. 769 00:43:36,680 --> 00:43:39,400 It's focused on exactly what it needs to do, and it can go out 770 00:43:39,400 --> 00:43:40,960 and do that and retrieve relevant information. 771 00:43:41,600 --> 00:43:46,440 So now I have delegated to an AI, which is delegated to an AI. 772 00:43:47,760 --> 00:43:52,920 Now let's take a enterprise use case that now this second agent 773 00:43:53,400 --> 00:43:56,440 needs to orchestrate something in Salesforce, needs to pull 774 00:43:56,440 --> 00:43:59,760 from ACRM. Well, Salesforce has Agentforce, 775 00:43:59,760 --> 00:44:04,320 the whole big agent strategy. And so it's now going to send a 776 00:44:04,320 --> 00:44:08,520 natural language request to an external system that we don't 777 00:44:08,520 --> 00:44:12,400 control and which, you know, agent force will go and it'll 778 00:44:12,400 --> 00:44:14,960 pull the CRM and find someone that might be relevant. 779 00:44:15,200 --> 00:44:18,160 And then it can send it back to the sub agent, sub agent, which 780 00:44:18,160 --> 00:44:20,320 can send it back to the sub agent, which can send it back to 781 00:44:20,320 --> 00:44:23,240 me. Now this is cool. 782 00:44:23,240 --> 00:44:27,760 It helps with context management, but this recursive 783 00:44:27,760 --> 00:44:30,240 delegation is multiple steps of delegation. 784 00:44:30,880 --> 00:44:36,240 Each one abstracts you, the original person, further and 785 00:44:36,240 --> 00:44:38,800 further away from what's going on and means you have less 786 00:44:38,800 --> 00:44:40,720 control over what's actually happened. 787 00:44:41,800 --> 00:44:46,720 And so I might give my main court access to all my tools, 788 00:44:47,440 --> 00:44:51,720 but I don't necessarily want everything that Claude creates 789 00:44:52,160 --> 00:44:55,800 to go do a task to have access to all my banks, all my text 790 00:44:55,800 --> 00:44:59,800 messages, all my emails. And so we really need robust 791 00:45:00,200 --> 00:45:05,640 attenuation of scope so that when AIS go and use other AIS, 792 00:45:05,760 --> 00:45:09,560 they don't just give all the permissions to the next AI. 793 00:45:10,040 --> 00:45:13,320 And that's what we mean about scope attenuation for a cursive 794 00:45:13,320 --> 00:45:15,480 delegation. A terrifying sentence. 795 00:45:16,560 --> 00:45:20,960 That is like a a $25 word. If you're playing Scrabble, you 796 00:45:20,960 --> 00:45:22,480 know, you probably just won right there. 797 00:45:22,480 --> 00:45:24,720 Or words of friends, or whatever your word choice is for. 798 00:45:24,720 --> 00:45:27,800 Their If anyone ever plays Scrabble and gets attenuation, 799 00:45:28,680 --> 00:45:30,480 please e-mail me. Immediately. 800 00:45:31,080 --> 00:45:33,080 There you go, open invite. I'll put your LinkedIn and our 801 00:45:33,080 --> 00:45:35,440 show notes. You know, you heard it here 802 00:45:35,440 --> 00:45:37,320 first. The the gauntlet has been thrown 803 00:45:37,320 --> 00:45:40,720 down for a challenge. All right, so we're like 45 804 00:45:40,720 --> 00:45:43,080 minutes here and I want to start to wrap things up. 805 00:45:43,600 --> 00:45:48,960 But what I want to do is offer the people listening some nugget 806 00:45:48,960 --> 00:45:52,280 that they can take away. So if I'm listening to this and 807 00:45:52,280 --> 00:45:55,560 I remember one thing that came out of this entire conversation 808 00:45:55,560 --> 00:46:01,080 around agentic AI identity management, what is it that I 809 00:46:01,080 --> 00:46:02,520 should be taking away from this conversation? 810 00:46:02,520 --> 00:46:08,040 Just remember this one thing. We don't need to reinvent the 811 00:46:08,040 --> 00:46:12,600 entire identity stack of the Internet to solve agents, and 812 00:46:12,600 --> 00:46:17,080 we're not going to. But each step of the existing 813 00:46:17,080 --> 00:46:22,360 identity stack, whether it's web identities logging in, whether 814 00:46:22,360 --> 00:46:27,040 it's SAML, whether it's Skim and identity management agents with 815 00:46:27,040 --> 00:46:30,720 your identity provider, each one of those steps is going to 816 00:46:30,720 --> 00:46:34,920 require some incremental improvements to support agents. 817 00:46:35,560 --> 00:46:38,760 And we're not going to change the world entirely, but everyone 818 00:46:38,760 --> 00:46:41,480 is going to have a responsibility to upgrade their 819 00:46:41,480 --> 00:46:44,480 systems to support agents. And then I think we're all going 820 00:46:44,480 --> 00:46:45,960 to be OK. There we go. 821 00:46:45,960 --> 00:46:48,560 You make it sound so simple, like this is this is it? 822 00:46:48,560 --> 00:46:50,720 This is just how we solve it. So you said originally you, you 823 00:46:50,720 --> 00:46:52,280 didn't have, you know, a way to solve it. 824 00:46:52,480 --> 00:46:56,760 It sounds like you just did. I think we have so many fun 825 00:46:56,760 --> 00:47:00,120 incremental problems to solve that whether we have AGI or not, 826 00:47:00,120 --> 00:47:03,120 we're all going to stay employed for a while as identity 827 00:47:03,120 --> 00:47:05,680 management professionals. Yeah, judge it by some of the 828 00:47:05,680 --> 00:47:07,680 outputs that I get out of the tools that I use. 829 00:47:07,680 --> 00:47:09,840 Like, OK, yeah, we're not quite there yet. 830 00:47:09,840 --> 00:47:14,200 But you know, this is the least capable it will ever be right 831 00:47:14,200 --> 00:47:15,840 this second. It's just going to get more and 832 00:47:15,840 --> 00:47:17,800 more capable. Now it's on us to figure out how 833 00:47:17,800 --> 00:47:20,080 do we make it secure? You know, how we use it 834 00:47:20,080 --> 00:47:21,600 appropriately, right? All that good stuff. 835 00:47:21,600 --> 00:47:25,040 So as long as I can, you know, use, you know, things like Sora 836 00:47:25,040 --> 00:47:27,440 and Gemini to like make stupid videos, you know, I'm. 837 00:47:27,800 --> 00:47:30,080 I'm cool. Yeah, I like you. 838 00:47:30,080 --> 00:47:32,360 It's neither good nor bad, but it will get more capable. 839 00:47:32,480 --> 00:47:35,480 Those Sora videos might become increasingly unhinged, but 840 00:47:35,480 --> 00:47:37,600 they'll be credible. Definition of quality. 841 00:47:38,280 --> 00:47:41,400 Yeah, if you have not checked out the Sora app from Open AI, 842 00:47:41,400 --> 00:47:44,480 it is definitely very, very weird. 843 00:47:45,680 --> 00:47:47,360 If you would have sent it out, don't. 844 00:47:47,800 --> 00:47:53,400 Straight away it is 100% AI slop and if you're into that, it's 845 00:47:53,400 --> 00:47:54,760 great. If you're not, you're going to 846 00:47:54,760 --> 00:47:56,320 be like, what the heck? Is this? 847 00:47:58,640 --> 00:48:00,680 So Tobin, you've been super generous with your time. 848 00:48:00,680 --> 00:48:02,760 I want to take us out on a lighter note. 849 00:48:02,920 --> 00:48:05,280 And so I have a couple options. I was going to kind of ask you 850 00:48:05,280 --> 00:48:09,080 about Australia and you know, something about Adelaide maybe 851 00:48:09,080 --> 00:48:11,400 like the people who generally don't know about, but I want to 852 00:48:11,400 --> 00:48:13,720 go more the coffee route. This is what Jim was alluding to 853 00:48:13,720 --> 00:48:17,200 earlier on of, you know, providing value. 854 00:48:17,320 --> 00:48:19,080 I personally do not drink coffee. 855 00:48:19,160 --> 00:48:22,200 I love the aroma, can't stand the flavour. 856 00:48:22,800 --> 00:48:26,800 And I will try coffee maybe like once every year, a couple years 857 00:48:26,800 --> 00:48:29,920 and it's just a quick check in. Yep, still don't like it. 858 00:48:30,200 --> 00:48:33,360 So my caffeine of choice is generally a cola of some sort. 859 00:48:33,360 --> 00:48:36,120 But I want to ask you because as I was doing some, you know, 860 00:48:36,120 --> 00:48:38,640 cyber stalking of you to like get some background, you know, 861 00:48:38,640 --> 00:48:41,280 before the interview, you mentioned somewhere that you're 862 00:48:41,280 --> 00:48:43,640 kind of like a coffee guy. And so I want to know in all 863 00:48:43,640 --> 00:48:50,160 your travels around the world, what is or where is or who is, 864 00:48:50,240 --> 00:48:52,560 has the best coffee that you've ever had. 865 00:48:53,760 --> 00:48:57,440 I have such a strong affinity for coffee. 866 00:48:57,440 --> 00:49:00,800 I think my PhD is was fully powered by coffee. 867 00:49:01,280 --> 00:49:04,560 I continue in order to get my job done, consume inordinate 868 00:49:04,560 --> 00:49:08,680 amounts of caffeine. I've I've a a strong belief that 869 00:49:08,680 --> 00:49:11,040 as well the derivative matters, you've got to keep drinking just 870 00:49:11,040 --> 00:49:14,760 a little bit more every day, which doesn't work at the macro 871 00:49:14,760 --> 00:49:19,480 scale of 1's life. But being Australian and growing 872 00:49:19,480 --> 00:49:23,160 up in one of the coffee havens of the world, I'm always in 873 00:49:23,160 --> 00:49:25,840 search of good coffee and always disappointed. 874 00:49:26,400 --> 00:49:29,240 San Francisco, where I live, has many great cafes. 875 00:49:29,240 --> 00:49:31,880 I can't, I can't knock them, but it's it's unreliable. 876 00:49:32,360 --> 00:49:36,080 When you travel to Europe they make coffee but it's not the 877 00:49:36,080 --> 00:49:38,440 same as the flat whites I care about back home. 878 00:49:39,160 --> 00:49:43,040 And when you fly back in to Australia, usually via Sydney, 879 00:49:43,040 --> 00:49:47,920 because there is no direct flight to my hometown, you land 880 00:49:47,920 --> 00:49:51,200 in Sydney Airport and you're immediately faced with five 881 00:49:51,200 --> 00:49:54,600 different cafes in the terminal, each of which has award-winning 882 00:49:54,600 --> 00:49:59,200 coffee. And so Australia will always 883 00:49:59,200 --> 00:50:03,120 have the best cafe culture in in my heart. 884 00:50:03,560 --> 00:50:08,360 But if you are in San Francisco, Third Wheel Coffee is my local 885 00:50:08,360 --> 00:50:12,960 cafe and there's a 5050 chance you might see me there at 8:00 886 00:50:12,960 --> 00:50:16,600 AM every single morning. So there's there's my offer to 887 00:50:16,600 --> 00:50:19,120 folks. All right, so go to Australia, 888 00:50:19,120 --> 00:50:22,240 go to Sydney for the Opera House and stay for the coffee in the 889 00:50:22,240 --> 00:50:24,760 airport. They're like, that's a Jim, I 890 00:50:24,760 --> 00:50:27,520 know you're a coffee person. You seem like you're itching, 891 00:50:27,600 --> 00:50:28,720 you know, to get into the conversation. 892 00:50:28,720 --> 00:50:30,720 I don't think that's just the caffeine or you're just excited, 893 00:50:30,720 --> 00:50:32,800 but what is your favorite coffee? 894 00:50:33,080 --> 00:50:35,480 Maybe a little bit of both, because I do drink coffee 895 00:50:35,480 --> 00:50:40,000 throughout the day. I'm more prepared to say what I 896 00:50:40,000 --> 00:50:42,360 don't like. You know, me chef. 897 00:50:42,360 --> 00:50:44,560 I mean, is that any surprise at all? 898 00:50:44,880 --> 00:50:46,040 So I. Mean, I already bashed on the 899 00:50:46,040 --> 00:50:48,320 poor Apple girl from the commercial, so go ahead, you 900 00:50:48,320 --> 00:50:49,680 know, bash coffee, that's fine too. 901 00:50:50,080 --> 00:50:52,560 Yeah, I don't like flavored coffee. 902 00:50:53,320 --> 00:50:57,200 Like if you say oh, like this is a caramel coffee or something 903 00:50:57,200 --> 00:51:00,520 like that, I'm like, no, that is horrible. 904 00:51:00,520 --> 00:51:04,920 It's ruined. I think the weird thing is like 905 00:51:04,920 --> 00:51:07,640 I've spent my whole life drinking different coffees, 906 00:51:07,960 --> 00:51:12,760 African coffee or different, different places around the 907 00:51:12,760 --> 00:51:17,360 world trying to find like, OK, what is my favorite roast of 908 00:51:17,360 --> 00:51:21,160 coffee or favorite beans? Favorite roast, The order to 909 00:51:21,160 --> 00:51:26,240 come back to in my old age is the good old Arabica bean, 100% 910 00:51:26,240 --> 00:51:31,080 Arabica coffee. And whether you make it into an 911 00:51:31,080 --> 00:51:36,440 espresso or you make it into a drip coffee, I just really think 912 00:51:36,440 --> 00:51:39,840 there's a reason that became the most popular bean in the world. 913 00:51:40,120 --> 00:51:43,680 That's because it's the best. It's got like the right, it's a 914 00:51:43,720 --> 00:51:48,320 medium flavor. And I think that's me, like I, I 915 00:51:48,320 --> 00:51:52,600 tried both extremes and I ended up back where I started as a 916 00:51:52,600 --> 00:51:56,960 teenager drinking, you know, arabica, Colombian coffee. 917 00:51:57,280 --> 00:52:01,200 So I'll go with Colombian coffee for 200 please. 918 00:52:02,160 --> 00:52:03,600 All right, coffee crossed by Tobin. 919 00:52:03,800 --> 00:52:07,400 Your thoughts? I actually, I, I, I think if I 920 00:52:07,400 --> 00:52:09,800 ain't broke, don't fix it. It's a great coffee. 921 00:52:09,800 --> 00:52:13,760 It's so good to the point where I lived with a machine learning 922 00:52:13,760 --> 00:52:19,760 engineer who had quit caffeine entirely and yet still imported 923 00:52:19,760 --> 00:52:23,360 really high quality arabica beans just to make decaf coffee 924 00:52:23,400 --> 00:52:28,200 on what must have been 5 or so $1000 of espresso machine 925 00:52:28,200 --> 00:52:30,720 equipment for no caffeine at all. 926 00:52:31,400 --> 00:52:34,360 Which is a little insane, but it's tasty. 927 00:52:34,480 --> 00:52:37,800 It works. OK, so Jim, you, you mentioned 928 00:52:37,800 --> 00:52:40,040 the bean, but like where is the best coffee? 929 00:52:40,040 --> 00:52:41,840 Like what's the best coffee ever had? 930 00:52:41,840 --> 00:52:46,560 Give me a location. So I don't know, like I don't 931 00:52:46,560 --> 00:52:50,760 have like that one experience. I'd say my house like I keep 932 00:52:50,760 --> 00:52:51,960 coming I'm. Coming to this. 933 00:52:52,560 --> 00:52:55,000 Yeah, I keep coming here and having coffee all the time. 934 00:52:55,200 --> 00:52:58,480 Actually, I don't have my really good espresso machine anymore. 935 00:52:58,480 --> 00:53:02,440 I've got like a Nespresso machine, which, you know, people 936 00:53:02,440 --> 00:53:04,000 probably out there like grumbling. 937 00:53:04,000 --> 00:53:05,840 I know. It's like it's a little bit of 938 00:53:05,840 --> 00:53:09,680 weak sauce, except convenience is very important when you have 939 00:53:09,680 --> 00:53:13,280 a job where you're like, you've got calls like stacked up 940 00:53:13,280 --> 00:53:17,360 back-to-back and it's like, oh, this call ended 3 minutes early, 941 00:53:17,560 --> 00:53:19,920 I have time to go make myself a coffee. 942 00:53:21,600 --> 00:53:26,960 So yeah, that's what I have. But I I tend toward more local 943 00:53:26,960 --> 00:53:31,320 places than the big chains. And some big chains are really 944 00:53:31,320 --> 00:53:33,880 good, but a lot of times they're very disappointing. 945 00:53:34,240 --> 00:53:38,920 So there's a couple local places around me here in Sturgis, SD 946 00:53:39,840 --> 00:53:42,120 You know, you don't think of it as the coffee capital of the 947 00:53:42,120 --> 00:53:47,000 world, and it's not. You know, I could tell you I've 948 00:53:47,000 --> 00:53:51,280 had Turkish coffee, I've had coffee in all over Europe. 949 00:53:51,600 --> 00:53:55,480 They've all been wonderful. Nothing stood out to me is like, 950 00:53:55,720 --> 00:53:58,600 oh, that's the best place to go for coffee. 951 00:53:59,160 --> 00:54:01,960 But. Yeah, there's a lot of them. 952 00:54:03,360 --> 00:54:06,840 OK, so send your angry emails to Jim on LinkedIn. 953 00:54:07,440 --> 00:54:09,560 Defend your coffee, people. That's the challenge right 954 00:54:09,560 --> 00:54:11,920 there. You've everyone's got to have a 955 00:54:11,920 --> 00:54:14,600 hill to die and I think it's a great, it's a great hill. 956 00:54:15,040 --> 00:54:16,920 That's, you know, look, we all have opinions. 957 00:54:16,920 --> 00:54:19,560 It's like change my mind. The opinions can change, change 958 00:54:19,560 --> 00:54:20,880 the facts. I'll think about it. 959 00:54:20,880 --> 00:54:24,440 There's nothing wrong with that. Maybe someday I'll like coffee, 960 00:54:24,440 --> 00:54:26,120 but for now, it's still just the aroma. 961 00:54:26,200 --> 00:54:30,160 And, you know, that's it for me. So all right, let's go ahead and 962 00:54:30,160 --> 00:54:32,920 leave it there for this week. Tobin, thank you so much for 963 00:54:32,920 --> 00:54:34,720 spending some time with us. I hope you'll come back, 964 00:54:34,720 --> 00:54:39,280 especially if things kind of develop in this agentic AII AM 965 00:54:39,280 --> 00:54:41,880 world and like what should be you'll be thinking about as I go 966 00:54:41,880 --> 00:54:43,160 along. And I hope to see you at an 967 00:54:43,160 --> 00:54:45,880 identity conference coming up, maybe a Gartner Identiverse or 968 00:54:45,880 --> 00:54:47,560 EIC or something along those lines. 969 00:54:48,160 --> 00:54:49,320 But thank you so much for being with us. 970 00:54:49,320 --> 00:54:53,200 I will have in our show notes a link to the paper that is out 971 00:54:53,200 --> 00:54:56,920 there as well as your LinkedIn profile so people can either 972 00:54:56,920 --> 00:54:59,480 defend or attack coffee preferences or whatever it may 973 00:54:59,480 --> 00:55:00,280 be. Please be polite. 974 00:55:00,280 --> 00:55:02,880 Please to yeah. And yeah, we'll go ahead and 975 00:55:02,880 --> 00:55:05,160 leave it there for this week. So you can find us on the web, 976 00:55:05,160 --> 00:55:08,320 IDC, podcast.com, like and subscribe, hit the YouTube 977 00:55:08,320 --> 00:55:10,160 channel. We recently crossed over 1000 978 00:55:10,160 --> 00:55:11,520 subscribers on our YouTube channel. 979 00:55:11,520 --> 00:55:14,240 So thank you for that. Again, you know, we don't do any 980 00:55:14,240 --> 00:55:15,760 advertising. It's all word of mouth and so we 981 00:55:15,760 --> 00:55:16,840 appreciate everyone supporting us. 982 00:55:16,840 --> 00:55:19,240 So with that, we'll go ahead and leave for this week. 983 00:55:19,400 --> 00:55:22,400 Thanks everyone for watching and or listening and we'll talk with 984 00:55:22,400 --> 00:55:26,560 you all in the next one. You've been listening to 985 00:55:26,560 --> 00:55:30,480 Identity at the Center. We hope you've enjoyed the show. 986 00:55:30,680 --> 00:55:34,760 Make sure to like, rate and review, and we'll be back soon. 987 00:55:35,040 --> 00:55:37,320 But in the meantime, hit the website at 988 00:55:37,320 --> 00:55:43,680 identity@thecenter.com. See you next time on Identity at 989 00:55:43,680 --> 00:55:44,600 the Center.