AI is growing in use within information security, but are we ready to trust it to do all the things we hope it can, and do so automatically without doing harm? Context is king, and training to that level is only possible when you give all your experience to the AI. What are the tradeoffs to doing so? What happens when we depend on AI and forget (or worse, never learn) the underpinnings of what makes the AI system work (remember the calculator debates of the 1980s?). And does the end justify the means when it comes to AI use? And what is that “ends” anyway? Efficiency, automation, knowledge? Erik, Dan, and Brian discuss it all in this week’s Great Security Debate!

Show Notes

1. Report on reasons Israel didn’t catch oct 7 attacks - https://www.npr.org/2025/03/05/nx-s1-5318591/israel-shin-bet-security-failure-october-7-attack
2. Shin Bet Report - Source Doc (Hebrew) - https://www.documentcloud.org/documents/25551448-yqry-tkhqyr-shyrvt-hbytkhvn-hklly-710/#document/p1
3. Waymo hits student on bicycle - https://www.theverge.com/2024/2/7/24065063/waymo-driverless-car-strikes-bicyclist-san-francisco-injuries
4. Waymo violates school bus rules - https://www.cbsnews.com/news/waymo-recall-3000-vehicles-software-school-bus/
5. Podcast Recommendation - Agentic Dan - https://distillingsecurity.com/episode-64-agentic-dan/
6. TV Recommendation - Pluribus - https://tv.apple.com/us/show/pluribus/umc.cmc.37axgovs2yozlyh3c2cmwzlza
7. Trust Issues in AI -
8. “I bought this Tesla before Elon went crazy” magnet - https://geni.us/DXQYk
9. OpenAI adds ads - https://apnews.com/article/chatgpt-ads-openai-advertising-83812a066375a805fa2e29b28fc77da1
10. Satya Nadella AI Internal Memo - https://africa.businessinsider.com/news/nadellas-message-to-microsoft-execs-get-on-board-with-the-ai-grind-or-get-out/sq0fe52
11. FDA AI Rules - https://www.fda.gov/regulatory-information/search-fda-guidance-documents/considerations-use-artificial-intelligence-support-regulatory-decision-making-drug-and-biological
12. Utah AI Prescriptions - https://www.politico.com/news/2026/01/06/artificial-intelligence-prescribing-medications-utah-00709122
13. Movie Recommendation: Terminator - https://geni.us/59025
14. Book Recommendation: The Cuckoos Egg - https://geni.us/hYE9
15. Book Recommendation: AI 2041 - https://geni.us/5dtV54h
16. Anthropic Super Bowl Ad - Scott Galloway on why Anthropic's Super Bowl ad got to Sam ... - Fortune
17. China facial recognition payments - https://www.chowhound.com/2073279/grocery-store-facial-recognition-china-smile-to-pay/
18. Movie Recommendation: Sneakers - https://geni.us/P7SB
19. The Dawn of the Post Literate Society - https://jmarriott.substack.com/p/the-dawn-of-the-post-literate-society-aa1
20. Leading Causes of Death in the US, 2023 - https://www.cdc.gov/nchs/fastats/leading-causes-of-death.htm
21. Automated car sex in backseat - https://dailydot.com/driverless-car-sex-autonomous
22. Podcast Recommendation: The Final Act - https://distillingsecurity.com/new-podcast-coming-soon-the-final-act/
23. Calculators and Children - https://www.linkedin.com/pulse/crunching-numbers-debate-over-calculator-use-math-education-church-sg6te/
24. Podcast Recommendation: Mentorcore - https://distillingsecurity.com/tag/mentorcore/

Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

Welcome to the great Security Debate.

This show has experts taking sides to help broaden understanding of a topic.

Therefore, it's safe to say that the views expressed are not necessarily those of the people we work with or for.

Heck, they may not even represent our own views as we take a position for the sake of the debate.

Our website is greatsecuritydebate.net and you can contact us via email at feedbackreatsecuritydebate.net or on Twitter.

Twitter at Security Debate.

Now let's join the debate already in progress.

You sure you're not in product sales?

It now has AI.

It all has AI.

Think about that.

Go back, go back to.

You were just walking us through like the change in acronyms and a waf, because now it can do something else.

Isn't that just indicative of our field and the haves and have nots.

Like it's still a waf.

It's just you've got companies that refuse to evolve and become something more to address evolving technology.

So, oh well, you're just a waf.

Now I need WAFF plus plus.

Yeah, yeah, yeah.

Does your WAF do clippy too?

Because I'm getting so sick of all the acronyms.

That's.

Yeah, because a lot of it is like the idea of well, we're using AI, so it does this.

So now it's automated this.

So we can't just call it next gen waf, we have to call it X.

But it's interesting because like you say, shift left security as code, but now you have AI writing code and now you have a solution that's looking at the code that's also AI, that's an agent and it's like the human in the loop part.

So I don't want to get down this path, but I was reading like a 15 page article on what happened in the failure of Israel to detect the Hamas October attack.

And it basically a good portion of it was the fact that the human in the loop part had been removed, that they had so many automated systems that when they detected multiple times these large gathering of.

Of troops or people in the area and then they left, that it didn't consider it a threat or a probe.

Right.

And that they had disbanded this team that they had that was responsible for more of that human in the loop and that as they analyze chatter and, and you take all these things into account, video documentation, GPS tracking, that the human asset where they would depend on also people in the neighborhoods, right.

That can give them real time information of hey, there's a Lot of people gathering at this mosque at this time of the day, which is not a time of prayer.

Right.

So this is a direct indication of a meeting.

Right.

And the lead up like as they went through all the indicators that they had after the fact, they were like, had we had a human in the loop, yes, we would have seen this coming.

But we had removed so many of those processes because we became so good at using technology for tracking people, for movements, for going through audio of conversations and all of this, that the human in the loop missed this because we removed so much of that.

This is, but this is, this is the horrible conditioning that we've seen in the marketplace.

Right.

That if you think about anytime we have a technical advancement, what do we do right away?

Well, how many people can it remove?

Because we right away go to.

Oh, it's got to automate the whole process.

And every time we do that, what do we do?

We lull ourselves into this sense of complacency and comfortability that it's handling everything.

Context matters, especially in our world.

Context really matters.

But none of this is new.

I come back, I'm looking at 25, 25 years ago when we started putting sim in and looking at, you know, you start take signals in and.

But you knew that all the signals included.

I was in banking at the time.

You knew that the signals included all of the pre existing fraud or all the preexisting bad behavior.

So those, those behaviors were baked into the norm.

So now when we start to get into heuristic, this is also a move from signatures to heuristics.

So you start looking at, at trends.

The, the, the, the normal includes bad things.

So now how do you discern from the, from the baked in bad things to the new bad things to the real bad things to the actual.

To be able to discern the noise from the signal.

And so this is, this is not a new problem.

It's just a different, A different scale or re stamped with a different title.

Yeah.

And you could take the same thing for that.

Oh, what's the car company Autonomous cars out California paired with General Motors at one point.

Waymo.

Come on, Brian, why do I draw blanks?

Waymo.

Waymo.

So you know, Waymo operated in a very.

In San Francisco has always been a test bed because that 0 to 25 miles an hour is very important versus highway driving and the ability for all the different factors that come into play that are kind of outside the realm.

But it's very much city driving.

Right.

And then last week you had the the student hit on a bicycle, right.

Which was in a residential.

And this is new territory to Waymo, where they had started operating in this resident in more residential areas.

And yes, you have, you know, like it didn't recognize the idea to stop for the school bus, right?

Like it drove right around the school bus and the school buses stopped so the kids can walk in front of it right.

As they're dropping it off.

And this is outside its realm.

They don't have that right.

Or those scenarios.

Right.

For it to learn from.

But even more so was what they referred to again as the human in the loop.

Like from learned experiences.

What do people know when they're in a school zone?

That there's probably kids around here, right?

Like, you know, there's kids somewhere that could bat out from behind a tree, right.

Or just ride their bike across the street.

Or when you're coming around a corner, think about the fact there might be a kid because that's the school right there, right.

The car wasn't conditioned for that.

It was conditioned for city driving, right.

Like make your way around the bike or.

Right.

Because there's.

They're everywhere.

And lo and behold, a small child got hit.

And that's what some of the parents were saying.

Like the.

The vehicles weren't conditioned for this environment, they were conditioned for a city environment.

And how could Waymo miss that, right?

And where was the human in the loop part to say, hey.

And again, it comes back to.

You can automate it as much as you want, but data matters, right?

Conditions matter, scenarios matter totally.

And in environments matter.

And if you became very comfortable in one environment and you go from city to.

To urban life, it's a completely different environment.

We know all of this time, you know, tying this back into security, this is.

We're unfortunately retreading the.

The episode on.

On AI Agentic Dan.

He has the title of which I am Dan F. But no, baby.

The idea that, that, that context.

The context.

Unless you can train on the brain experiences, none of it's going to be able to unless you can get a true hive mind, which in theory makes good sense, is very interesting.

But the, the downsides I think are quite monumental.

By the way, watch the series show Pluribus if you haven't.

I highly recommend it.

But.

But the, the implications of.

The implications of having that.

That I guess expecting that something can operate without all the inputs or with only a subset of inputs.

So it's good enough.

It's like a high school senior.

I know enough to be dangerous, but I Don't know enough to like really do the job.

This is so fascinating to me though I go back to your comment, Dan, that we've had this conversation before, right.

That this isn't anything new.

So if you pull, pull granted.

It's only been three episodes.

It's only been three episodes though, Eric.

So it's not that long ago.

AI out of the mix.

And how much does this conversation look like when we're all debating insource versus outsourced Sock and those that wanted to insource everything made the argument that we can't outsource it to some company that doesn't have any context, doesn't understand our organization because they're not going to know what's going on.

We're having the exact same conversation.

We're just inserting a technology instead of people that work for a different company.

Right.

I still have that argu.

I still have that conversation.

I still, I'm still a build it Inside kind of guy, but.

Yeah.

Yeah.

Proponent of hybrid declaring how we.

Our view on this.

Thanks, fence sitter.

You gotta give me the Mr. Miyagi now.

Left side good.

Right side good.

Also good.

Yeah.

I mean, at the, at the end of the day, at the end of the day, you know, there is a.

There's danger in rushing into everything.

And I. Oh, I'm.

I want to be clear because I've actually had this epiphany lately.

My concerns with evolution of technology in this way are not about the technology.

My.

It's funny and I'm a cynic.

You all know my.

I'm a cynic beyond cynic.

But my concerns here are not about what the technology itself will do or turn into.

It's what the humans that build the technology, the other things they will use the information for is a way.

That is not what they claim this is.

My issues are trust based.

They are not about the technology itself.

Why do you drive a Doge car?

You have to read the, you have to read the, the.

The magnet on the back says I bought.

I bought it before I knew.

Before he was this big of a crazy nut.

I digress.

But the, I mean the, the.

It's not about the technology.

I, I like the technology.

I just do fear what's going to be.

You know, what the other ways that it can be used, you know, we get a hive mind together.

We get all this collection of data.

Now how does it get used against you?

How does it get used for other purposes?

How does it become more ads?

You know, all of these kinds of things and so, so I, you know I've been really leaning into isolated versions of, of, of some of this stuff and really quite enjoy the capabilities.

I think that the, I think that the tech is, it was really coming along great but it's also moving like it's blazingly fast and blazingly fast.

It worked, it was great, great features, but it was not, it was beta.

It was even like alpha beta.

And I think we're seeing that a lot here.

This stuff is great but you gotta take it with a grain of sal.

Assault.

The fact that we're even debating humans not needing to be in the loop at this moment, at this, this maturity.

I think that's the idiocy, not the tech itself because the tech is, is got some great forward looking capabilities.

But to put this much trust and you have to take the satya Nadella and the what's his nuts and the, the other what's his nuts and all the people who are doing that, who are.

Who their motivations are financial.

Yeah.

Lot of nuts.

That, that one guy who said no, that's, that's 67.

No, no.

There's Zucker, there's the Zuckerberg of AI and then there's the other one and then there's Sachin Nadella who seems to think that AI is the only answer because he's so far into it that if he backs out he'll look bad.

But I mean these, the.

You take them out of the equation because they have other motivations.

Why are we all moving so fast?

Why we we should be looking at it.

Why are we al.

Why do we really believe that it's ready?

I think it helps us.

I think we use it to inform but I don't think we're ready especially in an industry like security.

I'm glad that the health industry is moving forward with it cautiously but has put barriers on using it for full automation.

I maybe we talked about this in the other episode but the fact that Utah is letting AI do automated prescriptions I think is a bridge too far.

I'm not familiar with the guide rails on it but, but like at its surface maybe that's starting to border on, on, you know, on, on.

On dangerous ground.

But like I, I think use it.

We should use it.

We should use it in isolated to break the deal with the trust issue and we should deal with it.

We should use it in a controlled and don't let it just Start taking over the world.

Not in the.

Not in the Terminator way, but I mean, you know, just doing its own thing and being, you know, trusting it to no end until we have a better sense or it's a little bit, quite a bit more mature.

You know, it's funny you talk about, because we were talking about like API security, WAF security, etc.

You go back and look at open source technologies, the word dependencies, right?

Like, where are these dependencies built in?

And we have used the statement before, like your parents luxuries become your necessities, right?

Like that timeline is even shortened even more.

It's like, well, that luxury I had five months ago has now become my necessity, right?

Like, like the time span of like, yes, we had one little TV in the house now, and that was a black and white with six channels.

And by the way, the channels were free back then, right?

Where now it's like, I have five subscriptions.

I paid 200amonth for this, plus I had to add this.

And by the way, Disney plus just increased another 100 bucks.

But my kids love it, so I added that.

Like, whoa.

Like, where I'm going with this is why does even cyber security exist, right?

Like, there was this really cool thing called the Internet that was created as a way to communicate and share information from university to university.

And it was going to help research and change the world and fight disease.

And before you know it, like, that's why the book the Cuckoo's Egg was so great, because it was written about something so long ago that was literally just using that telco connection to say, hey, how far can I reach and how far can I go and how deep can I get in?

Then what can I learn?

And it was kind of that creativity, right?

But this connected sense.

And then, yes, I'm.

I'm going very wide and broad back there to where I'm going with this.

But now how far is the technology going?

And you talk about human in the loop.

It was always humans in the loop and curiosity of using the technology to do things, sometimes not great things, which is why security existed.

But then you talk about that data, right?

But it was written about two years ago and they chose AI 41 because 41 kind of looks like AI.

So it's like, AI, AI, but these are practitioners.

And I, I don't want to refer to everyone as Experts, but people that have spent a long time working on large language models, data analytics, et cetera, that then worked with somebody in kind of the creative space to say, here's four or five examples of where we see it going, and here's how that technology would work today and how it would work then.

Right?

But they're like the ability to do some of this video creation, to pretend to be.

To create a video of yourself and someone else.

And it was a fake, but it was really good.

Right.

And at that time, all you need is someone to watch it one time, right?

And if they know nothing about technology or how that could have been done, they believe it and they share it a thousand times over.

And before you could even say in 24 hours that, oh, that wasn't him, the damage is already done.

Right?

Right.

And you can't take that back once the image is put into somebody's head, Right?

So it really gave people a snapshot.

And the book talks specifically about that, but then takes it to a whole other level where people are now wearing around fake masks, right?

Because they're trying to hide their identity.

But there's all these camera systems that can detect a fake mask, and it's illegal to wear the fake mask, Right?

So you get these companies that are creating really, really good ones, and then you got to have alternate IDs for everywhere you go, because how you go through a train station and all of this.

So you look into the vehicle technology, because I started with that simple waymo example of human in the loop and not knowing their environment.

Right.

And the automotive companies very much want to get into that data gauge because that's why the cell phone's so valuable, because of the metadata and the tracking.

Right.

Why is Palantir worth what they are?

Right.

What do they have their hands into all over, right.

Is all of that metadata, and if you're that vehicle.

So, like, we talk about wanting to just get away and get out into the woods, Dan.

Like, I just want to go up north where there's no cameras or anything.

But I drove my car there, right?

And my car is this new Tesla.

It's tracked everywhere I went, and it's got six cameras on the thing, videotaping everything around it.

That data, that's.

That's the.

When people say the data, you know, the new gold is the new gold or the new oil or the new silver based on silver pricing, insert comment.

That value, like.

Well, they say, I don't know what the value of it is.

Yeah, you do.

Because if you have a lot of it and a lot of it on people, where they go, what they do like, and then you're saying, going to add these agentic AI agents that just make decisions and we'll take over this task for this human and this task for this human.

All of that was us like, like we empowered it by teaching it everything we do to say could it do it better, but can it do it better?

And people will argue this.

Like we jokingly, Dan said that, you know, AI was just a really creative

search, really big search engine.

Yeah, yeah.

Which it can be, right?

But then you just had open AI decide to start dropping ads into it.

Which then was it Anthropic or Claude that came out with that great ad?

I mean, it is.

I don't think, I don't think it actually comes out until Sunday.

But.

Yeah, but when, but when this episode airs.

Yes.

If you watched it during the Super Bowl, I believe there will be an anthropic ad that caused a whiny.

By the way, what's his nuts.

One was Sam Altman, that's the name I was looking for.

Which resulted in a very whiny post on Twitter about, about ads, etc.

So, so where my ask here is like, you have compliance requirements, right?

HIPAA, etc.

Like, you have this medical data, but all this other data which we've called metadata for a long time.

But it's my data, right?

And like if in order to have my car get updates, right, for all the software you put in it now, I have to say I, I agree with you.

Tracking everything I do just in order to get this update that I might need.

Like, it kind of feels like you got my arm twisted behind my back, right?

It's like, I know you ordered the pizza.

I need all this data or else we don't put the pepperonis on it.

It's just how it's going to go this time, right?

That's an old pepperoni that you ordered.

We don't have it anymore.

You want the new one?

I need to know everything first, child.

Give me all the info, right?

It's like I just wanted the pepper.

I just wanted tires on the car to work.

But you have an ECU in it in the braking system that needs an update.

I just didn't want to die.

So you really need to know everything about me.

Where I go, how fast I go, right?

How I took this corner at 35 and where I was at this time of the day when I drove by this person who might have committed a crime but had nothing to do with me.

Believe me, I do contemplate the idea of re.

The computer in it was barely enough to power the power the screen that showed the.

The radio station.

But.

And this is why security in cyber.

Because now the idea that, oh, well, now I can use my vehicle for making transactions, right?

And I remember thinking that this was a really cool idea at CES, like 10 years ago when I worked in ADAS systems.

Like, oh, that'd be cool.

I just pull up and it already knows and I just fill up with,

oh, like the Taco.

The Taco Bell app has it.

Yeah, I remember some mentions of that.

That never really took off, did it?

No.

And a really bad idea, right?

Like, why are you telling me?

Like, like, but, but to the consumer, it's like, oh, man, that'd be so great, right?

If I didn't have to get my wallet out and touch that and the handle of the gas thing, right?

I just pull up and I'm filling it up, right?

And it charges, right?

And you know, maybe plays an add or two and I'm like, yeah, cool, I'll buy that song.

I like it, right?

Like consumerism.

Wherever money's transacted, right?

Crime exist, right?

So I always say, if you can eradicate crime 100%, then great, cool.

Let's connect all these systems and pay for everything everywhere we go just by walking by, right?

Well, to be fair, to be fair, that's exactly what happens in China.

I mean, China's got a facial recognition payment system that is.

It's amazing.

It is an amazing.

You literally walk in any.

Any store, you put your face on the screen, you're up to the screen and you're paid.

It goes against Alipay or we pay or one of the.

One of the services.

But like, this is.

This is this.

It's it.

You.

It.

It embodies the idea of, you know, you are.

Your identity is, you know, my what?

My voice is my passport.

Verify me from sneakers.

You know, my face is my passport and I.

It can get me to anything.

It already is your passport in many countries.

But to me, though, that's just.

That's the hallmark of consumerism, right, though it's exactly consumerism.

Well, it's consumerism and it's.

It's capitalism.

I think then the Two are distinct or they're nuancedly distinct.

But yes, it is the, the consumer,

the consumer component trumps.

Right.

Because ideas that don't meet the constructs of what a consumer is looking for should in essence fail.

Right, Right.

But you, you create something out there where a consumer is willing to trade off privacy and control for efficiency that I can just, it can just scan my face and it'll just process the payment.

Sure.

I'll give you whatever you want.

Right.

And that's, I don't know, that's a, that's a tough one because now, now you also get into the argument that what's the, the place of legislation and government in this?

Is it to protect the unknowing consumer on the trade offs that they're actually making or should the consumer be more verse to understand the risks that they're taking and what they're giving away?

I wish I could, I wish I could say that the latter has any chance of success.

Like I'd have to plug it in because I'm not familiar with Chinese law.

Right.

But you know, just doing a quick, you know, glance over certain crimes.

Right.

I, I probably would be a little afraid of breaking the law in China for fear of what some of the severe swift penalties are versus in North America because you got greater access to legal counsel where you don't there.

So I, where am I going with that statement?

Like if, if I commit this financial crime in the U.S. it's kind of like prove it, I'm innocent till proven guilty.

Right.

Like I am not saying that's why it's targeted over here.

But you look at like I shared that article about the, the gentleman that Andy Greenberg did the write up on and Wired, which was a great, I mean I talk about like an in depth look at somebody that was being held against their will in doing the pig butchering scam.

Right.

And going after, you know, people that spoke as they were.

Actually he was in charge of going after Indians, he was of India descent and buddy, there was whole groups on different floors like this one's targeted for North America etc.

But you look at, you know, wherever money's transacted, right.

And the idea of crime in the way we're connected over here and going after people, right.

Or people committing crime.

I'm not saying that having all those things connected in China works because they have, you know, a different type of legal system.

Right.

And people are afraid to break the law so they just abide by it and no one's going to do bad stuff.

With it.

But you know, you have that much data, you also have that much power.

Right.

Because you know that much more about everybody.

Yeah.

And with good intentions.

Sorry, everyone starts out good.

I guess I wish good intentions as defined by whom?

Well, the.

Right.

I'm saying if, if the good intentions persisted and stayed as good outcomes and didn't wander from.

Well, you, you know, you make a very valid point as to who defines what good intentions are.

Because you know, I said Zuckerberg has a very different definition of good intentions.

So you know those.

Yeah.

But then you, but then you have to ask the question, is it worth even.

Is it worth starting something that you know is going to end up in a train wreck or is going to end up in a place that is bad for society?

I come back to a recent study on.

On.

It actually was a.

It was a. Yeah, it was a recent study, but a good write up and I'll post it on.

On the downfall of language of communication or the ability for people to communicate directly tied to the, to the timing of the, of the release of the, of the, of the first full screen smartphones.

And if you knew at the time that this was going to be the outcome, would you have not developed it?

Should you not have developed it?

Yeah.

Did AI41 like the first use case there?

Really unique that it's called the Golden Elephant.

Right.

So like take the cost of insurance and say it's going to be this.

As long as you give it access to all your applications and everything you do.

And the more you do, the better the rates are.

And then it will also give you ads.

And if you buy through those.

Right.

You get better insurance rates.

Right.

And it shows insurance being a big deal.

But it's already, that's already in place, Brian.

Right.

But you gotta agree, it goes even way further.

But what was interesting was the daughter was like, mom, how could you give it access to mine?

You.

You can't get.

I, I didn't say you could do that.

And she's like, I'm the mother and I make those decisions.

Right.

But then she's like, you know, I noticed my brother quit eating sweets because, you know, the golden elephant was there as a reminder.

And the parents started keeping less sweets around.

My dad started driving way more careful and his insurance went down.

And because the golden elephant would remind him with this little symbol that he's going too fast.

She goes, so he went from this crazy driver to safer.

And then this person quit smoking, right?

She's like, so I saw all these good things happening.

But what happened in the end?

The person she loved the most or really liked, she kept noticing that the app would push her away from trying to communicate with that person.

And what she ended up discovering when they finally got together to talk was his background.

Even though they changed the names and the government got rid of abolishing the idea that there's people of lower hierarchy, the data was always there, and it knew his family was of lower descent, so it didn't want her getting close to him.

Interesting.

That is interesting.

We got to be so careful on this, though, because we're almost getting into the ends justify the means type of argument.

Of course, we look at the end of the story and then go, well, we shouldn't have even started the story to begin with.

But there's, you know, correlation versus causation.

There's so many different inflection points along the way.

Like your example, Dan, on the phone.

Was it the phone that really created what we're doing with communication today, or was it the introduction and the ability and the evolution of social media that then could exist on the phone that really changed a lot of that, that there's so many different pieces.

And it's because you could make same argument about the.

The car, right?

That if we agree that, you know, because what is it?

Vehicles kill?

Gosh, I forget where it sits on the.

The hierarchy of.

Of most desks, but it's.

It's pretty far up there, if I recall correctly.

So you can make the argument, should the car never have never been created?

Of course, it's that.

That's the perfect example of, you know.

Yes.

Now there are other things, you know, there are other things that should be that could be changed along the way to decrease those, but they're bad for certain audiences or certain populations or certain things with money, etc, and therefore it's, you know, they're not done.

But no, you should.

The initiative, especially because you didn't know at the time, you didn't know when you created the car, that in a hundred years people would be driving 70 miles an hour having sex in the back because there's an automated driver in the front.

I mean, all of these kinds of things, Brian, not.

Yes, I'm looking at you, Brian.

We have the six for all the

listeners that aren't watching.

I was stunned.

We have a six and the camera car apparently had six cameras of video recording the whole thing.

The we didn't.

We did.

It's where we take it as society that is the, you know, at each inflection point, should there be an ethical review?

Should there be a review of the implications?

Slippery slope argument, of course.

Of course.

So bringing it all back around.

Oh, go ahead.

Oh, no, no, no.

I, I, I, I would agree, Eric.

Like, the thing is, you don't know what you don't know, so you go down the path and you learn.

But I think, like, yes, we don't know where this end game is, but what we've learned in the last 10 years, five years and last year and a half, we're going really, really fast now.

Not.

I'm not talking.

Oh, yes.

I'm talking to the idea of how we use AI.

Agentic AI.

I'm talking.

We still haven't even gotten education there on security.

Like people, Dan and I.

And I'm still in the learning phases of setting up my network and all my security protocols in the house, but people come in and see this, and they're like, oh, my God, what is this giant that you got your own server rack and all this stuff like, oh, come on.

Like, this is overboard.

I'm like, well, no, here's what I can do, and here's security.

And they're like, oh, man, you're just over the top.

And it's like, if you're not thinking about this, didn't you just tell me, like, your dad and somebody in your family just had their bank accounts hit and that you just clicked on something, like, just in a small basis.

We haven't even got past the education piece.

Right.

Of really allowing people to understand how they engage with tech and what to look out for.

And now we're already to the fact of get ready.

It's really hard to look out for it because now that person that's being held captive, sending you this message.

That message is really good.

And that video is great, but the loudman on TV says that if I buy the Xfinity thing, it will do.

It will be security for me.

I mean, taking, Taking your argument.

I'm just kind of thinking about this, Dan, and what you made about the reference to the phone and being the de.

Evolution of communication.

We changed that lens and we put it on security.

Security.

If we think about some of the evolutions that we've made in recent history that start to obfuscate some of the elements that we grew up with.

Right.

That we had to understand protocols, we had to understand looking at the raw data to figure some of this out, younger generations that are coming to the field, is there a huge disservice that's now going to be done because they didn't have to go through that learning to understand how things actually work.

I just have a chatbot or a tool now that gives me the answer.

Eric, your hair is not gray enough to be able to make that kind of old fart comment.

But I told, I mean, I don't disagree.

You know, this is, it's.

If you, if you translated it into, in, into the last round of this, which is that you didn't pay your dues argument insecurity.

And this applies.

So I don't want to say that.

No, no, but, but, no, but think about it.

It's not far.

It's just another iteration of you didn't pay your dues, so you don't understand and you can't trouble.

I think as much as I love to go into old man shaking fist at cloud mode and say that the kids don't understand, society has not disappeared.

And every generation makes this same kind of comment about the kids that come.

Oh, totally.

Every generation.

So they'll figure generation behind them is

going to be the, the death of us.

Exactly.

I mean, I do think that it's a society that, you know, the shelf life of, the shelf life of, of a democracy is, you know, is near.

And we do see a lot of trends systemically toward, you know, the end of the Roman Empire, hint, let's try and not do that.

But I think from a.

It's different inputs, different.

We have different catalysts, different things.

And this is what I want to explore on the new show, on the, on the, the final act show is a lot of the how we got here and why we do some of the things we do with a vision toward not necessarily foisting the things that we had to do on the ones that come next.

Maybe they do find a way to do it better.

Maybe they don't need, you know.

And I grew up in an era, I'll take it really far back.

I grew up in an area where calculators were absolutely the devil.

You had to do the arithmetic.

I got my first calculator.

I can't get at it quickly, where's my calculator?

But I got my first calculator when

I graduated high school, stuck in the pocket protector.

Yeah, it was a great calculator.

It is one of my favorite calculators in the world.

I still use it today, 35 years later.

I do have a stapler because I do use paper.

But I guess my point is that the calculator, it meant you didn't need to know how to do the arithmetic, how to do the underpinnings.

And with each generation they go a little bit higher in terms of what they automate.

Now we can do the arithmetic in the calculator and to use the, use the standardized testing as your benchmark.

And the, the people who know me know how laughable it is that I use standardized testing as any benchmark for anything because I think it's one of the most messed up industries in terms of actual academics.

But the, but you know, they've now raised that you can do these things and then they raised it one more time.

You can now bring in smart, you can only bring in dumb calculators now you can bring in smart calculators of a certain kind that can't run their own programs.

Because we can manage this.

And what it is, is you change the parameters, you, you build in for that level of automation and you grow beyond that.

What.

So here, here's where I agree and disagree.

All right.

The show is called the debate.

So let's go.

So in like if you were to take an exam right.

In calc 2 cal 3 transport phenomena in the question basis they gave you to solve, if you didn't have the calculator to do some of what I'll look as the low end computation quickly and had to write everything out by hand just to get into the differential equation piece of it.

That would be like, that would be a four or five hour exam versus a two hour exam.

Yep.

But to get that's what they were.

Right.

But that basis though of understanding.

And this goes back to before you can get here though, you have to understand problem solving at its root to understand quantitative problem solving.

You do have to learn why 2 +2 equals 4 to understand why in diffy Q2, 2 may not equal 4.

Right.

Given these parameters.

But without that you're just like, oh, just putting it in the computer.

But don't understand the logic of why you're solving.

Right.

The quantitative piece of it.

So that learning and progression to getting there is I, I still view as very important.

It's why I love doing that little, what I'll call simple arithmetic with the kids and I straight up said in front of Kelly that, hey, I am totally fine with printing, you know, a few pages of just a hundred different, you know, equations like requests like two plus two, two plus three, two plus five all the way across.

And just having the kids memorize, right?

Like, they get that this plus this equals four.

Like, they can move the pieces.

They're logical enough there.

Let's, let's hurry this along, memorize that, and let's get into the multiplication where I was able to show them, like some of this is patterns.

Like let's take 9, for example, and go 2 all the way to 9 times 9, 2 times 9, 3 times 9.

And then show them the pattern that's created on this side right?

Now let's do the same thing with this.

Why does that pattern exist and then show that, right?

Because that's what exists in nature.

But that is curiosity.

That assumes curiosity.

And I think before.

And by the way, it's, it's infrequent in any of our debates that I have to disclaim or I feel the need to disclaim when the position I'm taking is not my own.

But when it comes to arithmetic and calculators, I need to.

My position is that calculators are the devil and if you don't understand how it works, you will never do math correctly.

So, I mean, so the position I put out before isn't my own personal one.

My own personal one is do it by hand, damn it, do it by hand.

Because otherwise you won't understand how it works.

And all of that said, the.

I think part of the reason we've had to move on is we've lost curiosity.

The we've stopped being curious about why two plus two doesn't necessarily equal four.

We've lost curiosity of why we have to make, why we have to make area assessments in small incrementals and not being able to get a perfect answer of the area under curve.

Like all of these things.

The thing you described, Brian, requires curiosity.

And I think we've lost curiosity for fundamentals because people think it's passe and want to move on to the big things.

I fear that over time this leads to incomplete solutions and not being able to troubleshoot.

So bringing it all the way back around to where Eric started, you know, the fact that you don't understand the fundamentals on a network mean that you're going to be dependent on the tool to tell you and won't necessarily know when it's full of.

Yeah, and I, I, that is that I, I will die on that hill.

I have been lucky enough to have enough representative curious people coming up through the organizations I hire for that curiosity in order to overcome a more systemic focus on automation and laziness.

We'll call it Crutch needing in order to live in the world of security.

Whoa, what does the system tell me?

So I say be curious.

Go find out how it all really works.

Tear apart the computer to the extent you still can and you will be instantly hirable.

And on that note, we are at the end of our time.

Thank you Brian.

Thank you Eric.

And thanks to you, the listener.

We love having these debates and we love hearing from you.

If you have topic ideas, if you have a dispute, if you think I am full of it and that calculators are the only answer and that who needs to know what a PCAP says in order to be able to troubleshoot or secure a network?

Send it to us.

Security debate distillingsecurity.com you can find us on our website, www.distillingsecurity.com all the episodes from the Great Security Debate from our Mentor Core program and all of our new shows will be available on distillingsecurity.com and on our YouTube page, YouTube.com@the sign A Great Security Debate.

Thanks and we'll see you again on the next Great Security Debate.