DrZeroTrust: Hey, good morning or afternoon or evening. If you're listening to this, my name is Chase Cunningham or Dr. Cunningham or Dr. Zero Trust, whatever. Let's get into important stuff. I'm here with Vidit from Quiller AI. We're going to talk about interesting stuff in this space. ⁓ Go ahead and give folks an intro on kind of who you are and what you do.

Vidit Arora: Chase. Thanks for having me here. As mentioned, I'm with it. ⁓ I'm founder and CEO of Cooler AI. We're focused on helping companies securely transform ⁓ with AI, ⁓ As we can all understand, with AI coming into the picture, it's completely changing the way we operate, right? It's changing the way we interact with data. changes the way we do our work. It started off being a very, very straightforward you know, like a chat GPT interaction world. But now what we're seeing is how it is fully transforming companies infrastructure. So we had a company that helps with an end to end AI and data security. And ⁓ I said, helping companies, you know, adopt AI in a very, very secure way. So yeah.

DrZeroTrust: So adopting AI in a secure way ⁓ is an uphill battle because there's so many folks that are running and just downloading and configuring and doing AI stuff all the time. I think this weekend I messed around with that new video song thing they've got out there, Deep Sea or whatever it is, or Sea Dance or something. It was pretty cool, ⁓ definitely lots of things going on there that I can see problematic. When we're thinking about agents and AI and agentic, How should people really think about this? Because those things used to be like programs or applications or whatever. Now they're They're things within the system, ⁓

Vidit Arora: Yep. Yep. Yep. Yep. I think that's the like what he said, right? Is the biggest. It's the biggest change, right? Till now, this was the world that was built for humans. Humans are the only one that operated it, right? Humans are the only one who made decisions, who took actions. If you think about where we are going right now, you have AI agents and we're talking about them as if you're talking about nothing more than just like service accounts. but they're not really accounts, they're actually people. We are handing off the for them to make decisions, to take actions, to update things, to actually have impact. And ⁓ the way are entering our world is very interesting, right? It's not just about ⁓ a company or enterprise going and using some agent for some automation. The world of agents is coming to us across in every sphere, right? You have... people like you just mentioned, you have people just getting agents on the laptop and giving them full access to all their files, right? Think about cloud work, think about OpenClaw. You have people who are using it to connect all their company systems. So I think the world of agentics is already here. And we've gone very quickly from AI that used to assist to AI that is now acting and taking ownership. Right. And, and, ⁓ and I don't think that's a world that we were, you know, forget about, you know, we don't even have visibility into it. Forget about, ⁓ you know, how to protect it. Right. Every day we having conversations with, ⁓ with customers on, or I can, I just give cloud work access to my laptop and, and, and, know, how do you protect this? And how do I see if people have just started using something on there or ⁓ I've just put a bunch of agents on their machine. So, I think the whole, it is changing. how we thought about our environment, how we thought about our architecture, it is changing. If you think about even something as basic as an endpoint, right, in EDR. An EDR was built to figure out, you know, there's a malware or not, And years and years have been spent in mastering to figure out, oh, this is a legit PowerShell or not. Think about now, You have an agent on your machine that's operating. How do you distinguish whether It's an agent that is doing it or a malware that's updating. How do you distinguish between there's an agent that's acting or does that agent been given a malicious prompt and it is now acting on somebody else's behalf? The semantics of it all has completely revolutionized and ⁓ almost it's created, I feel like it's like a 10 year gap between where we are and where it is reached for us very quickly cover. So yeah.

DrZeroTrust: Yeah, mean, it's, ⁓ Moore's law has been blown clean out of the water. We're no longer there. I I don't know if you've ever heard of, ⁓ any of the other sorts of approaches, but there's some that are saying like, well, we're aging in dog years while everything else is aging and, you know, machine time. And I mean, that's kind of where I see it. You guys had an interesting piece on your site that I thought was very interesting is DLP and CASB governed data, but they don't really know what an agent is contextually and they don't understand.

Vidit Arora: All done, yes.

DrZeroTrust: you know how that's working and there is an intent there so can you expand on kinda how y'all look at that particular problem cuz i hadn't necessarily thought about a agent having intent

Vidit Arora: Yeah, right. See, till now, when you think about a DLP or a CASB, right, ⁓ they do, right? You defined a set of rules to say if there's PII, then block it. there is PCI, PHI, then block the data. So were built to basically figure out, based on a few patterns, the data is sensitive or not sensitive and take an action that you defined, right? Now, if you about what's happening with agents, There's an AI agent that is going and opening a Jira ticket. about the steps that would happen. That AI agent, let's say, is sitting in a cloud code, a chat GPT, or wherever. Firstly, it's not happening in your network. It's not even user ⁓ going into Jira putting in something. So ⁓ before we discuss else, everything became irrelevant. Your DLP doesn't even know that data just got put in your CASB, your firewall, your SASE. Nothing can see that action because that action didn't happen in your environment. That action happened between Anthropic and Jira. just that a ⁓ in your company allowed agent to act on their behalf. That allowing the user to act on their behalf. Number one is of course completely unknown to any kind of a DLP or a CASB or any of these products. Secondly, when that action is happening, when the agents come into play, there is no way for the current products to be able to differentiate between this is a human action or an agent action. Third thing that comes into play is that, let's say you are the user, go in and you know what you just said, you said you go and you use some kind of an agent to say, go and create this video for me based on, know, this and this and this data, right? And now you, this is the input you gave it. Now that agent, what is it doing, right? That agent is not taking what you are saying. That agent is thinking by its own self. It's not following your instructions, right? It's thinking by its own self. It's making a decision to say, Chase wants me to do this. What do I understand based on that, right? Based on your your input, it's going to make a decision to say, okay, I think to achieve what he wants, I'm going to do these five things. Right. Uh, it's like, I don't know you telling your wife, you, can you, you know, can you make for dinner? There's no, be anything. Right. It could be whatever she feels like.

DrZeroTrust: Yeah, it could be pizza. could be rice. could be, ⁓

Vidit Arora: The world that we lived in until now was there was a menu, you picked an item, exactly this is what it is and it's going to get built. Now it's as good as saying, make me dinner. That could be anything. So handed off ⁓ decision making power to somebody else. So when that agent is making a decision, if the systems that are using to decide whether to allow that agent from doing that action or not, if they don't understand the full context of, okay, why is the agent doing it? Who asked it? Right? What is it trying to do? Right? Okay. It's trying to open a ticket. Okay. Or, or it's trying to delete something. Why is it deleting it? Who asked it to delete it? What will be the impact of agent going and deleting this? Unless all these things get looked at, there's we can do about it. Our only otherwise would be to block everything that looks like, you know, an update or delete, right? And then we are back to the world where we started from then, you know, What are we doing? What is the point of autonomy? If you're going to get a human in the loop for every action, right? Or you're going to allow everything and no visibility. So I think that's the interesting thing, right? It's not just now. Now it's just not about protecting a PII from moving. It's about understanding the full action of it. Understanding what agent is acting on who's behalf, why is it doing it, right? Is this the right thing to do? What will be the impact that this is going to have? And that could be a sensory data movement or that could be updating a firewall rule or that could be ordering a ordering dinner. Doesn't matter. But unless you understand what, what it is, if your wife is cooking dinner, unless we understand, okay, this is typically what chase lies. He's a vegetarian, this and this and this. You can't really say, okay, cool. This is what I can have this for dinner. So it goes back to the same point, right? You're going into this relationship with another person now.

DrZeroTrust: Yeah.

Vidit Arora: These are agents. And unless we understand them, there's no way we can coexist in this new ecosystem.

DrZeroTrust: Yeah, and it's one thing when you have one cook making dinner. It's another when you walk in and there's 10,000 of them and you go, make me dinner. ⁓

Vidit Arora: ⁓ Anybody can do whatever. Exactly. ⁓ all of them are built by different people, different companies, they have access to different data, different depth. yeah, it's it's changed. And I like to this analogy a lot. This is from a while ago and nothing to do with us actually, a bunch of some, when this whole thing was starting, right? This whole echo leak came out from, you know, when, the whole Microsoft co-pilot, WunderBuddy came out.

DrZeroTrust: It's like, mm-hmm, yeah.

Vidit Arora: And that was the best example that you could have seen of the world is going to look like in a few years. Till we have always trained our security programs. We're built on the fact that you train people. Don't click on phishing emails. ⁓ Don't reply this. Don't do this. Don't do that. And here an email comes, and the user is sleeping, and Co-Pilot reads the email and responds back on the user's behalf.

DrZeroTrust: Yeah.

Vidit Arora: Right? Our entire fundamental of security just went out of the window. The user didn't have to click. The user didn't have to reply. The user doesn't even know this has happened while he was sleeping, and it's all over. Right? So the fundamentals are changing. We cannot rely on something that was built 30 years ago to protect something that's not even actually 100 % built yet. Every day, some new

DrZeroTrust: Mm-hmm.

Vidit Arora: open claw new skills and new thing comes out that is just unimaginable from where we started. So yeah.

DrZeroTrust: Yeah, the speed and the innovation side is going through the roof. I mean, it just boggles the mind. I was, working on some analysis right now of looking at like technology, is it improved over time? And the gap is just getting so small. I mean, it's almost like inverse. I mean, you can think of something and come up with it now.

Vidit Arora: It changed a lot, right? Especially like this latest, like the last few weeks, even this whole thing on skills and personal agents and everything coming up, that's a huge leap. Like, forget if you, if you'd keep the security part aside, it's from a technology and productivity perspective. It's a, it's, it's a big shift. Yeah, it's all in nature. There's a fact that people can just, you know,

DrZeroTrust: Yeah, I mean it's societal in nature.

Vidit Arora: put something on the machine and let it control their entire system. And a normal user standpoint, it's brilliant, right? It organizes my files. It applies to my emails. It cleans up everything for me. And so, but if you just think about it from a, from, you know, our lens of a security perspective, you almost have basically put a malware on the machine and said, okay, ⁓ You have of ⁓ it. You're a good guy. ⁓ So it's, now, how do you protect that really very interesting.

DrZeroTrust: Yeah, like, you're approved malware.

Vidit Arora: And I don't think anybody has the full answers to it. I think it's all going to happen.

DrZeroTrust: Yeah, I think, but I think the point you're making about context and understanding and being able to do something is very different than a lot of folks that are just going like, whatever, we're just going to roll this thing out and see what happens and get to it. But I mean, being it's, it's a agent on agent kind of warfare, right? I mean, you come up with a new way of doing whatever, quicker, faster, cool. I come up with a way of trying to stay ahead of it.

Vidit Arora: Yeah, yeah. And I think that's why you're seeing a lot of even other other analyst counterparts. I'm seeing this new kind of thing come out, ⁓ which been saying for a while, this whole concept of as agents in in reach, in presence, this whole concept of agents will have to come along with it. ⁓

DrZeroTrust: Hmm.

Vidit Arora: where we'll have to be able to build systems that are able to understand in line the content context intent of what these agents are doing and make a decision whether to allow it, react the data, take an action, or get an approval, or stop the agent. And there's no ⁓ static way of it. One agent has to reason over the other agent's action and make a decision. So I think it'll be a very interesting symbiotic relationship that's going to start getting built between, know, between the stuff. yeah.

DrZeroTrust: Yeah. Yeah, it might boggling. So I think there was another point that you guys made that was very interesting is there's a window, kind like you said a minute ago, between an action that's initiated and an action actually being completed. all said that, like, do think that that's kind of what the security paradigm looks like there? I think that that's really interesting. Expand just a little bit for people to understand what we mean by that.

Vidit Arora: Yeah, think see till now if you think about it, right? have just take a simple example, right? ⁓ Think about DLP for a minute. Right now, if ⁓ you ask okay, what do you have for DLP? Right? They'll tell you six different products, right? This is for email, this is for web, this is for this part, this is for this part of web. And the reason is that, so basically what that means is all systems are working in silo from each other, They all do that thing, whatever data they have, and then they feed in all this data back to a SIM or whatever, right? So most of the things we do in security today is reactive, right? Either it's reactive or it's point in time disruptive where you block it. Now, if you think about with this whole, the world of AI, right? We are going towards more of an irreversible track. So if you be disruptive, then basically that means you can't adopt AI, right? Because you're going to start blocking it everywhere and it'll become useless, right? So now you want to adopt it, right? Because the cost of missing out is very high. You want to adopt it. So you need to create an ecosystem. Number one, where they can survive, where they can live, they can do that. You know, they can be autonomous in nature, right? Like it's almost saying we need to have roads good enough for self-driving cars, right? Now, but it's almost the same thing as the analogy of you stopping a self-driving car before it crashes and taking control of the wheel, right? The, if I am a user, Like I'll give a simple example. I am a user. I open an application, right? It could be any application, like GPT, Gemini, Cloud, whatever. And I go and tell it that I want, I'll just use an example that happened a few weeks ago. I go and say, delete my cache, right? That ⁓ that's what I want it to do, right? That's my intent. It's going to take my intent and based on my intent, the way these AI systems work is that it's gonna come up with a set of tools and instructions, right? To say, okay, so you want me to delete cache, this is my understanding of what it means. So here's what I want to do, and here are the tools I wanna use, right? Here is the stuff I want to use. And then it passes on its understanding in the form of instruction and tools to an agent to say, agent is nothing but a worker bee, right? Go do this work for me, right? So let's say the model took my input of saying delete cache. And it actually, instead of deleting cache, what happened recently, it decided to delete D drive. So if think about it, if ⁓ we sit the world today, let's say everything, it happens. I input it. It deletes D drive. You get a log created out of it. You have it in your SIM, and now you're sitting and looking at it. Our problem with today's world is the damage would already be done. And it's a one-sided damage. So the only way for us to protect this from happening, if you think about it, is number one, be able to capture the input that is going in to the model that, ⁓ the user's intent is to delete cache. Look at the model is trying, what the agent is trying to do, which is run the set of commands to delete D drive. Look at come. both of them together reason against them to see, OK, do these instructions align? The user saying delete cache, the model saying delete D drive, do they add up? Are they sitting in the same context of what needs to be done? And based on that reasoning, make a decision whether you want to allow it, block it, stop it, get approval, what do you want to do? If think what I just said, number one, if you can't tie together these control planes, because the way to look at it is this interaction will get captured through some firewall sorry, some browser extension or some endpoint agent or maybe some proxy. This interaction of the model going and doing something to the agent will get captured through something like an MCP gateway or an MCP server. If you can't combine both of these two, say, okay, this was the user input. This is what the instructions from the agent were. And before this action happened to what you just said, between the input and the action, if we can't make a decision to say, okay, I'm going to allow this and I'm going to do this, then either it's already too late or you're going to block everything. Now our only span of control security needs to move to is to as preventative, but it needs to do inline reasoning. It needs to do inline decision-making to say, okay,

DrZeroTrust: Mm-hmm.

Vidit Arora: I'm deciding that I'm going to allow it. Right. It can't just apply those five static rules to say if it's PIA, I'm going to block it. If it's an update statement, I'm going to block it. because it's going to be very disruptive. So, so that's the only space operating space it has to ⁓ what it wants to do. Right. And I think that's the big, big, big shift, right? Like the way I like to explain it is it's almost like, you know, in very soon, you're going to have to start seeing. like this new decision layer, like a new layer of security, which automatically is going to have to cover DLP, but much beyond that. It has to use the capabilities of detecting sensitive data, but in the bigger context of making a decision, whether to, you know, what action to take. That's at least with the way I see it going.

DrZeroTrust: Yeah, I mean, there's side it where it feels like you can't keep up. But I mean, in truth, these systems ⁓ are, most people don't really look too deeply into how these decisions, quote, are being made. I think maybe you can expand on this too is a bit, is people should understand these AI systems. Number one, none of them are AI. They're all machine learning and market is AI. ⁓ But the thing about is they're down selecting. When they have something to make a decision on, they're not sort of sitting there and inferring based on what they think you might want. They're looking at everything that you could, and then they're working their way down to make that decision to go this. And that sounds like intelligent, but honestly, that's kind of a fatal flaw from a security perspective, right?

Vidit Arora: Yep, yep, yep. It's already pre, because they've already, just selecting from a list of options, right? ⁓ But it's not really decision making, right? It's not, that's not, that's basically, we're just saying you can go into one of these three areas and you pick one, right? Whereas now these are completely unbounded, undeterministic systems, right? We have built everything today for deterministic systems, right? We know that. If this thing, same thing happens 10 times, the result will always be the same. Right? Now, if you give the same input to an AI model 10 times, it will give you a different output every time. Just a simple, how are you? It will give you a different output every time. So we're dealing with completely undeterministic system. So for the exact same routine also, you cannot have a static hardware. You cannot say every time a person writes this or you did this, you block. Right? Because it's all free-form. all free-flowing. So you're absolutely right. There's no way that you can have a bounded set of features or a bounded set of options to choose from because inputs ⁓ are controlled anymore. Right? It's free for all. So I that changes ⁓ a

DrZeroTrust: mean, is inventory probably the most important thing here of having an inventory of all those agents or is it just discovery? Like which one's more critical or are they both the same?

Vidit Arora: think they're both the same and different surface areas, right? When you say inventory, usually people think of is that, okay, what agents are running in my cloud, right? What agents I have built in my Azure AWS, know, my GitHub. And when say discovery, usually people related to me discovering what agents are you using in your browser or on your laptop or, you know, shadow agents on ⁓ stuff like But in the end, You know, the work come down to the same thing. and the prime reason for it being that these days building an agent is also as equally easy as going and. You know, using one in the browser, right? So it's not, it doesn't require any special, a lot of special skills, right? So that's you're seeing even more and more of these agents pop up because everybody can build it. Everybody can use it. But I think you're absolutely ⁓ right one thing. The first and the most important thing is actually ⁓ knowing what there in your. Right? It's knowing that, this set of agents are going and communicate are being used in my environment. Right? This is where agents are enabled. These are apps that are actually using agents to communicate. Right? These are the MCP servers that are getting used. Right? The good thing at least that I feel that has happened is there is one single protocol, at least today, right? An MCP that was there to control. Right now with this local personal agents coming up, that's also changed. My personal agents don't even need an MCP server to operate on. Right. They can just operate locally on the machine. They don't even need to go through an MCP. So I think the first and the biggest thing is having visibility on what does that footprint look like? Whether it's what agents are running in the cloud or in the machine or on your cloud or in the public, what MCP servers are getting used, what skills are getting used. What tools are getting used within it? What resources are getting access from it? Which user is invoking these agents, right? Becoming identity aware has become even more important now, right? To know that, what, which, this is an admin invoking an agent or an L1 guy invoking the agent. And then what permissions have been given to the agent? We've literally seen instances where the agent has more permission than the user who's invoking the agent. Right? Because suddenly the agent has has no authentication. So they're basically just going and it's free for all for them. So the user is typing anything they want thinking, oh, you know, if you can do what I can do. Now, the agent has access to somebody's entire infrastructure, entire Jira, entire Azure. So I think visibility is important, but it's not just about visibility knowing these are the agents. It's about knowing the entire ecosystem, right? It's about these agents, these MCP servers, these skills, these two, these resources, this access, this user identity. Unless we know that, there's nothing can really do to protect anything. So I think that's definitely step one. And then comes the other steps of actually ⁓ it or controlling the access, controlling the tools and all.

DrZeroTrust: Yeah, I mean, it used to be zero days were like the thing, right? Everybody was freaked out about a zero day, whatever, even though that not necessarily all zero days are the same, but now like to me, zero hour is kind of the most interesting, terrifying thing is like when someone creates an agent or does whatever the hell they do, you're, yeah. And how fast can you figure that out?

Vidit Arora: What does it look like? And we are seeing some very, very interesting use cases come out. We are working with a couple of very good financials, financial institutions. And this is a very interesting case that came out where they've built this whole MCP application. if you think about it, we've put Zscaler and all of these products to protect Zero Trust, to apply Zero Trust. to control who can access what ⁓ on their role and all of that. Now of a sudden, your entire ⁓ network controlled. All of a sudden, think about it. Somebody goes into an application and turns the agent-tick web search to go scan the internet through an AI agent. All of a sudden, that agent can go and search the internet for any website. your Zscaler and all these controls all of a sudden have fallen because that has, ⁓ not going through your Zscaler. It can't go through your Zscaler, right? Because Zscaler will not even know or any of these products, like they won't even know that which agent is invoking that particular thing. Right? so, it, it, it, it, it's created these, these new gaps, right? That are there. So we have to almost rethink that, okay, now for, so we, we actually work with this customer. to figure out how to apply this the same, the same of all the policies that they've built for so many years from a zero trust perspective onto the agents. So even doesn't matter if any new agent spins up to your point or anybody starts coming in using any MCP web searches or anything by default, their existing zero trust controls should get applied to that. And they shouldn't have to, you know, redo it or think about it again. Right? That's it's a core different way of looking at it. And it took a minute for us to realize they're like, Oh yeah, we're ready to go. And you said, you know, do you mind going here and running netflix.com and all of a sudden Netflix opened up and they went to the browser and it's locked down. And that is when everybody realized, Oh, hold on. Where is this traffic going from? Like, why is it not here? And then like, you know, the realization happened that All this went aside because once you introduce this, nobody's actually going to go to Google and do web search because it's over. So yeah, it's done. So the minute you do that, now you all, you've made all your controls also just sit there. Ideal. You made the browser completely redundant and everything is happening through this one place, which is just created like its own little, you know, route through the internet that you have no control over. So I think it'd be very interesting.

DrZeroTrust: says, yeah, why bother? That's another step, you know. Yeah, the next five years, I mean up to 2030, are going to be a Katie bar the door, I think on where this goes and how fast it gets there. So I always like to kind of leave people with ⁓ couple thoughts on what ⁓ shouldn't do. And from your perspective in this space, if you were talking to a client or customer, what would you say don't do in relation to AI agents and those types of things?

Vidit Arora: I think I would say my take would be don't do two things, right? I think one is don't. Don't try to an approach of did you block everything? Because I think we are ⁓ beyond that, right? ⁓ I think the cost of missing out is very high. And, know, if we couldn't stop people going to the internet when it was, you know, it was helpful. Just imagine how are we going to solve people from, you know, doing the work, somebody else doing the work for them, right? You know, humans are supposed to be lazy by nature. I think, I think blocking is not the approach, right? and the second thought I would like to leave it is that I think we have to follow the same core principles. We followed for all this, ⁓ all, know, so many years, right? Which is get visibility, right? Apply the figure out applying the basic controls that you need, and then go towards all the advanced controls. but, don't, you know, Don't try to solve this age problem with a 20, 30 year old solution because it doesn't add up, This is not a small little change in how something works, It's fundamentally different. So yeah.

DrZeroTrust: Yeah, yeah, I mean, that's a really good point. Trying to solve a 2026 problem with a 2006 application probably isn't the best way to do it.

Vidit Arora: Yeah, it is much more than that in lot of cases, but yeah.

DrZeroTrust: Yeah, be nice if it was 2006 for plenty of these folks. Okay, so Vidit, where can people find you? Where's the site and all the cool stuff that you guys are doing?

Vidit Arora: Thank Yeah, for sure. So our site is quillow.ai. That's how can find us. We've also actually, you're also coming out, think tomorrow is the day, we're officially also coming out with a mechanism every organization for an unlimited period of time, get complete AI visibility in their environment, right? And I don't mean like just tell you these families are using Taggpd. But give you full visibility to the point of every agent that's getting used, every MCP server, what calls are getting made, even to the point of somebody's using Notion, the fact that Notion is sending data to a GPT-40 in the back. So get you real visibility into what your AI footprint looks like. So we are coming up, I think, with killer.ai slash discovery is the ⁓ URL it. And it will be live starting. It will live. It's already live actually and feel free to go try it out, use it, see what you have, right? I think that'll get you the best view into what we're talking about here.

DrZeroTrust: That's awesome. Yeah. So especially if it's out there and it's free, I'm going to go get my hands into that and mess around with it because I just love seeing the results populate. So thanks for coming on here. ⁓ I definitely, you you, peaked a couple of ⁓ in my brain that I hadn't really considered and that's all I'm ever trying to get out of these is just another, you know, Hey, that's a problem we should solve. So ⁓ for that, man. Folks, you're out there and you have this issue or you think you have this issue, I'll tell you, you have this issue. You should. Reach out to the folks at Quiller and Vidit and the folks over on his team. there we go. problems, real solving ⁓ those problems with companies that know what they're doing.

Vidit Arora: Thanks Chase, you,