AI Productivity vs AI Security: The Human Risk Behind AI with Fable Security

There's a cost associated with every prompt or every question.

“One thing open AI, I believe I said, is there are people I'm one of those people.”

I'll be like, "Can you please do this thing for me? Thank you." And they said, "If you add please and thank you, it takes up more." "Pokens, just be derived, just remove all the pleasentary." That's crazy for me. I'm Canadian. I say, "Sorry, I say thank you, I say please." All the time, turn out that's not good for AI. Turn out it's costly.

This is right about now, with Ryan Alford, a rad-cast network production. We are the number one business show on the planet with over one million downloads a month. Taking the BS out of business for over six years and over 400 episodes, you ready to start snapping necks and cash and checks? Well, it starts right about now. Companies are adopting generative AI tools faster than almost any technology we've seen.

The productivity upside is real, but so are the risks. Today's guest is working at the intersection of AI adoption and cybersecurity.

Helping companies understand why the biggest threats aren't always hackers.

They're human behavior. The cold gang is the co-founder of Fable Security. And today, talking about how organizations can embrace AI without accidentally exposing their most valuable data. Nicole, welcome. Right about now. Thanks for having me. Great to meet you. I know you're in Boston today. We're in South Carolina. We got the East Coast covered.

And we're going to talk all things AI security. It's funny Nicole. This is something that's been on my mind. I was having flashbacks when the internet started getting going and we started googling everything. And we started putting all our stuff on social media. It dawned on me. This was probably like a 2004 or five.

We sure openly giving up a lot of information.

What is happening all this stuff at now? It's sort of had the same epiphany a few weeks ago. It's just why I love having the opportunity to have you on the show. It's like, yeah, they would need to think about this a little more than we are. Not slow it down, but just be aware. I'm sure we love looking at things we've posted 10, 15, 20 years ago. It's a good throwback, but also just like, oh wow.

There's a lot of things on the internet that we shared. Yeah, exactly. It's an hour till a day. Our deepest secret so it can help us solve puzzles.

“Right contracts. All that stuff. It was like, well, where is that data going?”

I haven't feeling you might tell us. But Nicole, I make just on this topic because it's like so real for me, our own businesses and use it. So that's at the table. Give everyone a little bit of your background. We'll got you into fable security and cyber security and all that good stuff. My name is Nicole Jank, co-founder, CEO, fable security. We've built a human risk platform that shapes secure employee behavior. Behind the scenes

we leverage a mix of AI, add tech approaches to understanding employee behavior in an enterprise. We deploy just in time personalized interventions. When we see employees doing some things that might expose more risks than necessary for organization. We do this better than typical annual security compliance training, which is what the industry status quo looks like. Our approach is relevance personalized. It really drives at the risky behavior at time when things

are happening, almost like that just in time coach. The reason why this business had a lot to do with my previous background with me and my co-founder. Sandy came from a add tech background. So making adds super relevance, super clickable, convert people from buying things. Not even another day once. Our sheer background also came from abnormal security. It's another start-up before that we were founding members of. We leverage AI to look for phishing attacks.

Fishing became super prevalent in today's age. AI unfortunately super charges attackers. They literally have a tool to send you really targeted phishing threats. And saying I both realized that we really want to focus on a human layer to teach people to better defend themselves. From not just bad phishing, but also all sorts of social engineering attacks, all sorts of things that people may do. That introduces risk. Not just to enterprises, but also for themselves.

And so that's the reason why I became super interested in not just cybersecurity, but ways to protect people. And make sure that we can all be more productive and more effective as we work. I've got people like you. Some people get annoyed about tech security, back channels. Oh, they're putting the guardrails on everything. I'm tend to be a rule-breaker, but I actually really appreciate the people that actually put the guardrails up that need to be there

to help us from ourselves. And especially from the bad guys. Thank you for the service to our

“cyber community. This stuff is I think about the like the curve of internet and then social”

media and then the speed with which we could do these things with bandwidth increases. AI is on all that on steroids. It's like moving so fast. Our companies moving faster than their security frameworks. When I look at customers that we serve today, we're seeing interesting divergence companies that have been in this industry for the past 10 years looking at cyber. I see a lot of companies going through digital transformation. So if you ask 10 years ago, it's like moving from on-prem setup to cloud.

Right? So that was a big shift. We're seeing companies that are forward thinking their

And then we're also seeing companies that might be generation. They've been around over 100 years.

They have a solid business. They're maybe not as tech enabled or digital transformed. They're this slower. So we're seeing adoption curves in various ways. And so that's the shape of the companies. And then from a security perspective, it's also around how companies view security. Everyone is security. There are compliance requirements. There's a baseline. There's a lot of now common languages on when used to be done from a security level. But I do see that companies who

are really thinking about investing in digital AI technology transformation. They really double triple down in their security investments. And as some may still be checking the box, I really see the divergence of companies based on their tech-sabiness. They're belief in modernizing.

“Now from a particular company, they're really adopting AI. I think it really depends on the people.”

People in the company, for example, if you're a very developer-centric company,

you just see like a ton of crazy things that we're looking through with AI. They're tingering, they're trying. And the organization allows some to do that, right? They take on the risk for innovation. And the trade-offs might be risk. For some other ones, they're worried about, for example, their healthcare companies, you're worried about HIPAA, financial, you care about PCR, API. They're real like financial business consequences. If you

tinger too much, we also see other companies who create playground or sandbox for people to play. And then it's a balance of letting people try things out in a way, but also like not break the bottom line for the business. We're seeing all of those, but we are seeing more and more companies just a bit of time is spent on trying AI, being more productive. And if you're in this like

“marathon pace, some are the beginning at one end and some are kind of trailing, and I think that”

space will become larger as we go. Some people have to go slower due to risk, risk tolerance, data, and then some are staggy and need to be moving faster. They're going to be irrelevant. And then there's the ones that are moving really quick. They're really nimble. I can speak small business, but I talk to Cisco. I mean, some of the largest corporations in the world, so I'll speak from kind of both ends of it. As small business, I had 18 to 20 employees in 2021. I really grew

faster than I wanted to. I worked in Manhattan. I had a team of 100 people, directly or indirectly reporting to me. I didn't want to. I didn't start my business. I'm going to show where I just did not want to manage that many people. Part of it was intentional kind of scale back, but what the last few couple three years has done is not replaced those people because I kind of scaled the business away from them. So it wasn't, oh, I just replaced all these people with AI. No,

it allowed me to do some things to maybe accelerate the de-scaling because I could take on more. I now have a gentig AI throughout my business is is a small business. And I know I'm probably ahead on the small business curve because I've worked nationally and have this background, but I also have started to pause and go, okay, where's all this data going? And I know OpenAI, our chat, GPT, OpenAI, okay, they're got security measures. I've read as much as I can stand with the

legal jargon. It's in all this stuff. It's funny because I own a publishing company on the podcast network side. And then I own an agency. And so I'm developing tools, thinking about that data. And then I've got the podcast network side with publishing. And I'm going, what about all this content? How's that being digested and then used? And we're not getting paid for it. That's a whole other topic. There's a lot of people asking these types of questions right now like myself at all levels,

which is this is great. I'm comfortable moving fast, but sometimes you don't know what you don't know. But I know I don't know something that I might should know about where all this data is going

“and what I need to be thinking about. That's what we got here in a call. What do we need to be thinking”

about? And what kind of sense of information are people accidentally sharing with AI tools? Hey guys, if you've ever built a website before, you know how quickly you can turn into a time suck. Recently, I've been playing around with Wix's new hybrid editor called Wix Harmony.

You basically start by telling it what you're trying to build. You prompt it to generate a

professional grade site just like you want. And here's the part I like. You can easily go back and force between AI and hands-on editing whenever you want. The AI agent area is an expert in website design and business. You can answer questions or perform direct actions throughout the process, which has been huge for me when I'm trying to perfect the look of my website. You've also got built-in tools for selling, bookings, and marketing. Pretty much all the stuff you actually need once

decides live. You're building anything right now, a side project brand, business, whatever, Wix Harmony honestly makes it easier to get out of your own way and start making stuff happen. Go to Wix.com. Backslash Harmony. That's Wix.com. Backslash Harmony. Start your website today. I have a couple of thoughts on this and I've been thinking quite a bit about it. If you think about AI in its like purest purest form, not even a technical jargon, what does AI do for you?

20 block posts, surface insight. You can now say, read all of them, give me the insight, ask me questions, paint palm, be my reasoning partner. AI can automate certain things for you.

“Before you have to do step 1 through 20 to get to a task. Now you can automate those things”

running the background. These things are human instructed the way you want some things to be done. Requires hyperclarity on the outcome you're looking for. And AI is just extracting data, content, information that you have in your system today. So when I think about the two risks, if you don't know what you're looking for and you ask a super question, that exposes risk in ways that you may not get an employee does this, you go, why are they asking this question? Candace,

should they be asking this question? Damn, if they ask this question, they might get the answers now

and the answer is so easy. So this is like a new set of things that folks are worried about.

The other piece is, I think AI also makes it, if you think about it right, every AI service won't faster adoption. So they say, integrate with all your tool stack. We can do all of these stains. People don't think, no one thinks about permissioning, no one thinks about data. But they think about adoption easy-click one click. If your house is not clean, like if your database is not clean, if your systems are not clean, a lot of companies don't think about that.

You can ask a question and you get the answers because the underlying data is chaotic on its home. When I see our customers and maybe for you Ryan, getting your drops done, getting your test on its awesome. But then who did the data clean up in the first place? There's also just this fundamental regardless of AI, regardless of how we use. There is still fundamental data hygiene, security hygiene thing that we've got to figure out. All these advancements, it's putting the

security foundation into a massive test. And attackers knows that and so they really try to

“exploit now with additional vectors in a faster way. Through AI through prompting, that's why”

when I think about security practitioners, it might feel a little stressed knowing that their house needs to be in order to support all of these evolution of found technology. Superhero movies, it's like, well, who has the superpowers? Who are the mutants? The good guys, the other bad guys have the same superpowers. Who's using them best? The bad guys are using these tools to take all of these other stuff, to advance their criminal behavior

or they're sneaking around or whatever they're doing, no matter how far as or non-defarious it is. As the good guys, we got to use these same superpowers to both protect it and to use it for what

we're ultimately using it for. It's like anything else. The bad guys seem to always be at least

even and sometimes one step ahead of us and not the world perfect. I'm 100% sure I'm not a criminal. I'd be called a cheater in a few board games every now and then, but as I mean, it was true, Nicole, I just liked to win. It's like I feel like we're playing chess, right? The attackers can be offensive, we're defensive, and it's just the mindset is kind of different,

“and so that's why inside we also see offensive teams who's trying to break systems ahead of time.”

We can think like attackers too, and actually AI unlocks that, really. I think it's a huge value ad for security teams, but also, unfortunately, attack surface expands. We also just have to work really hard and be very creative when it comes to how to better protect. You mentioned something about how direct what outcomes we want, and usually it's my own lack of clarity that causes the AI's bad behavior or bad outcome that I didn't want. But anyway,

I digress. I just wanted to come on here. On this episode, it made sense. I admit, it's sometimes I mean to my AI person trying to get it to be more efficient. When AI process, when you give a prompt, if you give a clear prompt, you have to process tokens. There's a cost associated with every prompt or every question. One thing open AI, I believe I said, is there are people I'm one of those people. I'll be like, can you please do this thing for me? Thank you. And they said,

if you add please and thank you, it takes up more tokens. Just be derived. Just remove all the pleasenture. That's crazy for me. I'm Canadian. I say sorry. I say thank you. I say please all the time. Turn out that's not good for AI. Turn out it's costly. And after the south, so I kind of do the same thing. I do. I had the pleasenture on the front end, but then when I mad at it, I'm like, you know, this is really costing me more time and hours today. Your whole purpose in life is to save

me time and energy. And all you've done is call it anyway. What I'm hearing from you is that's great. Maybe you felt better. It's just costing you more money because you're just using tokens. It's costing you money, but hey, if it works, it works for you. Like ultimately, it's about you. It's less about the AI. But yeah, just say too many prompts, make a short, be efficient, walk me through what you're going to do differently. I love it. Hey, good tip for anyone out there.

I'm not the only one. I'm the only one that myths things. As we close out here in the cold,

I always like quick tips, action will stuff for anyone that's listening small, medium. We got

executives for big companies. We got entrepreneurs running startups. Maybe a handful of things. Easy things people could do to maybe have a little more AI hygiene in their cybersecurity. We're all going to be superior prompters as we acquire skills in the AI world. My recommendation is number one's totally fine to be curious. But number two is also just ask a question. If should I be concerned about the data AI can you please sanitize my data, sanitize my queries,

and make sure that the AI can do the security mine at work for someone? I think the second thing

give out your blood to hide behind. Let's just do the same thing in the AI world and make

“sure that the information you care about just ask for it to omit and AI would do the job for you.”

Regularly goes through, hey, our thing shared that a ready shouldn't be. AI can probably

find out about that really quickly for you too, and they can take action. Those are good hygiene

to just ask and prompt almost like part of your regular workflow. Those are good. It's so funny.

“Everything's meta with this because AI can assist in whatever thing we're trying to solve that”

might be related to AI. It's sort of how to know this meta circle. I always find myself and I'm like,

I'm trying to worry about this with AI, but can AI help me and it seems like it can. AI is like your reasoning partner and just does so much. I'm really excited about the outcome,

“the future of where this technology can go. Nicole, tell everyone where they can learn more about”

fable security yourself and stay in touch or learn any of the sharing you might be having universally. You can learn about us. I've fable security.com. Our website shows a lot about what we do when it comes to protecting human risk, understanding, employee behavior, and figuring out ways to share target interventions. I can elevate your overall security hygiene, whether it's AI, adoption, whether it's sure in sensitive data, whether it's also just defending against external threat

actors. We are based in San Francisco, California, our office is running the heart of downtown. We working person would love being there to collaborate. So if you're ever in town, our door is open. I really appreciate you for coming on. Let's do it again soon. Absolutely. Let's stay in touch to Cole. I'd love to have you on every now and then. This is a very topical thing. Real thing is things evolve. Yeah. Have a fabulous rest of the day.

Thank you. Great to meet you. Thank you for having me on the show. Yeah. You're a good time. Take care. Thanks. See you.