What’s Holding Back Enterprise AI — With Shiv Ramji

Channel: Alex Kantrowitz

Published at: 2025-09-25

YouTube video id: PjKCzIeCzCo

Source: https://www.youtube.com/watch?v=PjKCzIeCzCo

Let's talk about why businesses are
still struggling to get AI right and
what they can do to fix it. We're joined
today by Shiv Ramji, the president of
Ozero at Octa in a conversation today
brought to you by Octa. Shiv, great to
see you. Welcome to the show.
>> Thank you so much for having me.
>> Thanks for being here in studio with us.
Uh we talk all the time about businesses
seeing the potential of generative AI
but struggling to bring it to market.
There was an MIT study that 95% of
businesses that are trying to implement
AI aren't doing so uh profitable with
profitability and you recently spoke to
a room about this. Uh what did you find?
>> Yeah. So we just we talk to customers
all all the time and we I pulled uh
everybody in the room and said you know
how many of you are uh experimenting
with AI or prototyping and you could see
like 80% of the room lit up and hands
were up and I said keep your hands up if
these experiments or prototypes are in
production and you could see only a few
hands uh remained and so uh when digging
into kind of well why is that and it
turns out it's a lot of security
concerns and so you know with AI what
happens is because these AI chat bots or
uh agents that you create are
non-deterministic
and can really go access any system I
think a lot of CIOS CTOs are kind of
nervous because there is so much of
their internal infrastructure that may
not be protected
remember in a traditional application
like if you're using an app today
whether it's at work or if it's a
consumer app what you can do in the
application is very deterministic like
you know you can search for something
maybe you can update uh your own
information or you can order something
but you can't instruct their application
to just go out there and do you know
reasoning and research and maybe come
back to you and go out there again and
do more. So it's it's a very
non-deterministic
access pattern and so I think this
creates a whole host of risks for uh a
lot of the customers and companies that
we talk to who are really nervous in
implementing these agents uh in
production without a lot of guard rails.
So, can I ask you is it the businesses
that are that are playing with this
technology? It's not just that they're
using AI to go navigate current systems.
It's that the potential they see with AI
is effectively to rewrite the entire
basis of software that they're working
with. Because if you just had AI
navigating current apps, then the these
problems wouldn't be a major issue. But
if you're trying to rewrite something to
make it useful for artificial
intelligence, that's where you run into
these problems.
>> Exactly. And I think actually that's the
power of AI which is because these
agents are non-deterministic and can do
reasoning on our behalf and practically
and talk to any uh machine interface.
And what I mean by machine interface is
it can be an API. It could be a document
that's on your on your Google Drive or
Microsoft Drive if that's the product
that you're using. uh or it could be
internal wiki and can can also access
the open web, right? So, so now um and
that's really really powerful and so
everybody recognized like wow you can do
a lot of amazing things with these
agents or chat bots but there is also a
risk that now the chatbot can access in
sensitive information you know I always
think of like imagine if we're all
working in a company and I have a
chatbot that's doing some HR tasks and
imagine if somebody could ask the HR
task can say, "Hey, can you go see uh
Shiv's salary information?" Well, that
is very private sensitive information.
But imagine
if that was exposed to somebody who was
not supposed to have access to that
information. That could be catastrophic.
And there are already examples of this
by the way. I mean, I you know, one
recent one that comes to mind uh is um
sometime in the summer, you know,
McDonald's had a breach with their with
their with their chatbot. So the chatbot
kind of processing uh applications for
people who want to work at at McDonald's
and there were several issues you know
everything from an internal API was
exposed internally uh the admin account
password was 1 2 3 4 which is you know
>> high security password
>> exactly you know so not secure at all
right
>> um and and so and so you see these are
the types of things that I think uh
companies have to be really careful out
careful and so I think that's kind of
one example of like you know sensitive
and so millions of applicant information
was just leaked uh from this from this
chatbot catastrophic yeah
>> yeah it is interesting there was another
example I think of uh people in one of
these chatbot applications asking um
some questions about their company and
then the chatbot because it had access
then sharing uh answers from the CEO's
emails. Yes.
>> Um, so this is something that's
happening all the time. So I want to
make sure that I nail this because I
think this is important.
>> So your what you're saying to us today
is that um we talk about this stat all
the time that there's so many only I
think only 20% of uh AI builds make it
into production. That might be generous.
>> Um so what you're saying is it's not the
technology holding uh holding back these
companies from rolling it out. it is the
security and access issues that come uh
that come into play when you're starting
to roll out this you know uh
probabilistic ter uh technology.
>> Yeah. Yeah. The way I think I like to
frame this very simply because it's very
easy to understand. So
um the first thing you want to
understand whether it's a chatbot or an
agent um is that you know who who should
have access to this information and this
is the classic um uh identity and access
management problem. So if if you have an
agent working on your behalf, we want to
make sure well that the agent is
authenticated but the agent is valid. We
also want to authenticate you with the
agent that the and you are authorizing
the agent to do stuff on your behalf. So
this is like the who part of the
equation and then comes like well what
can the agent do? Hopefully if the agent
is working on your behalf the only thing
an agent can access are things that you
have access to right? Uh but if the
agent goes and access to information
that you were not supposed to have
access to that's a problem. So like what
can they access and do is um is really
really uh important. So all of this
basically is the classic identity and
access management problem. But I think
with agents things go a little bit
further which is now you need much much
finer grain authorization. Right? So
today we have systems that will do coar
grain uh authorization and what I mean
by that is Alex is part of a certain
group and that group can read these
documents or Alex is part of this group
that group can write
but we all know today like just think
about what you do in at work every day
and kind of the the myriad of
applications you're accessing. Well, in
some apps you can read, maybe you can
write, maybe you can view, maybe you can
comment and in some cases you're the
owner so you can do everything. So the
the whole web of permissions get very
very complicated and by the way they get
updated in real time. So, so you know
identity is kind of the uh the core the
first problem that we need to solve and
then the second problem is kind of
authorization or kind of what do you
have access and what can you do with
that information?
>> It sounds like it's a real issue because
you tell me if I'm wrong here. My
understanding about the way that AI is
being implemented today in organizations
often times it's coming bottom up. Um,
yes, the CEOs are saying, "Can we have a
course an AI strategy?" And they're
pushing it down on leadership, but
oftentimes it's somebody that really
knows AI uh quite well, has been
listening to this show, has been
following the news, has been
experimenting on their own, and sees a
use within their organization and wants
to do, let's say, a contract uh with an
open AI or an anthropic to use the API
and and implement it. Um the problem is
when they start to get these projects
underway, they start running into some
of these issues uh that you're talking
about and that's when you really need
it's who do you need buy in from to be
able to get this get this underway? I I
think right now in most companies uh you
know I think uh the chief uh information
security officers or chief security
officers are the ones who are who are
tasked with figuring all this out
>> and um and usually they don't even have
the inventory of all the internal APIs
that can be exposed right
>> it's like total new territory it's new
territory this is not what they sort of
if you've been working for 10 years
>> this is brand new for you
>> this is brand new and and By the way,
it's it's not their fault candidly
because
>> remember applications up until today,
you know, the application was a front
door. You really controlled what once
Alex logged in, you really the app
controlled what you can access, what
data, what database,
but in the world of AI agents and
chatbots, I mean, they can go query if a
database is open, it will go query that
database if if it's relevant for the
type of task you have asked. So I think
the this is really burdensome for uh
CISOs and CIOS and and CSOS because
they're like wait a minute we don't even
have an inventory of all the systems
that we have let alone which ones are
secure or not. And so this becomes a
pretty tricky problem for them to
navigate and figure out. And so they're
the ones who are essentially now tasked
with locking the systems down or
essentially ensuring that there are
enough guard rails in place so that
these these projects can go into uh into
production.
>> Right. And uh we were speaking
previously you told me that only 10% of
companies overall have an AI governance
process set into place.
>> Correct. So I mean talk a little bit
about how what is an AI governance uh
process or or document and and how does
that how does not having one sort of
hold a company back.
>> Yeah. So I think I think different
companies approach this differently.
There is no one way to solve this.
Obviously the a few frameworks uh
companies are deploying but essentially
you want to have it's it's not even AI
governance. It's really data governance.
So you want to make sure that all of
your systems that are housing you know
like sensitive data or or critical data
that there is a system to make sure that
only people who should have access to it
have access to it. Now there are
different levels of sensitivity right
like if somebody just accessed some
meeting notes uh for a team that may not
be as consequential but imagine
uh if I was in a meeting and I was
talking about a customer and the
customer information was accessed by
somebody that could be problematic. My
other example was, you know, my salary
information was disclo disclosed. That
could be problematic.
Or if a team is working on a
confidential M&A, right? They're trying
to buy a company and that project name
or the company name got kind of exposed
internally. That would be problematic.
And so I think a lot of companies, you
know, a good practice has been
classifying the different types of
sensitive information you have in the
company and then really making sure that
all access to that information is really
locked down and you have this
centralized way of uh managing
permissions so that whether it's an app
you create or an agent or a chatbot that
it is essentially going through your
centralized um framework for policies of
who can access what information. So in
and a lot of companies today you know
they may have classification for
customer data for example that's pretty
common right
um but they don't have a classification
for all the internal stuff and
internally in companies we all know we
have act we have documents that we write
we post to we have wiki pages internally
we have some internal databases we may
even have APIs that are just internal
only they're not meant for external
exposure
um and in a in the traditional in
previous world we'd have thought well I
don't need to worry about this and I
think now you actually have to worry
about all of those endpoints that I just
talked about because those those are all
things that a chatbot can access and
>> information can leak through any one of
those uh avenues.
>> Yeah. So we've been talking a lot of uh
maybe gloom and doom or like all the
problems with AI. So I'm actually kind
of curious to go a little bit more on
the constructive side. When you get this
right, what does it enable you to do?
So far the the examples that we've seen
uh in uh you know the the easiest one I
can think of that the the benefit is so
obvious is just in uh in software
engineering. You've you've probably
already heard a lot of stats from from a
lot of the large tech companies where
they're claiming anywhere between 10 to
30% of their code is now written by
agents.
>> Yeah. Some are saying 90% and people are
like well that shows. So 10 and 30 seems
realistic.
>> Yeah. You know, and and so and and and
well, I'm sure there are companies that
are probably early in on the cutting
edge that maybe it's higher, but um you
see the benefits there, right? Agents
can go uh learn on your codebase, can
make recommendations, can write code,
can analyze your systems. So I think
their agents are uh pretty useful and
they are making the lives of engineers
uh much much better. Engineers are
happier because they get these agents
that are assisting them uh either in a
co-pilot or um companion way which is
which is pretty amazing and so they are
more productive and um they're able to
produce um you know ship things much
much faster.
>> And what about outside of the coding
realm? Are is there potential for this
in use cases outside of coding?
>> Yeah, so there there are other
categories. I know in healthcare
healthcare has a lot of uh well it's
highly regular but has a lot of manual
processes and entry manual entry. So so
I've seen I can't mention uh customer
names but we have customers who are
using agents to essentially process
medical information y
>> for their for their patients and
customers. So uh lot of benefits there
and you can imagine other scenarios. I
think uh retail uh and pretty soon you
retail and e-commerce is another area
where you will see uh these agents play
a pretty big role. Um I I can see travel
being another category. You know I I
want to travel uh to Japan in November.
I can easily uh instruct an agent to
say, you know, go find me the right
airfare, build me an itinerary, if the
agent knows kind of my preference of
what what kind of um me, you know, if I
have any meal preferences, any hotel
preferences. So, those things are really
valuable because I'm really busy. I
don't have the time to figure this out
and an agent can go do all this work um
for me and I think it's extremely
helpful uh to me as a consumer. Now, of
course, hopefully it's done with all the
security controls and you know, it's not
signing me up and buying airfare that I
haven't approved. But but so there are
many scenarios where I think agents will
make our lives easier and and today
you're seeing this in either uh
categories where uh there are languages
and instruction so software engineering
or categories where there's a lot of
manu manual work
>> and automation can help and you're
seeing uh those those those categories
are the ones that are benefiting the
most.
>> Yeah. Just to talk a little bit about
the stakes in healthcare. Um, my
father's a podiatrist and he's retired
now, but
>> spent so much of his career just taking
notes and putting them into EMRs,
filling out forms for insurance. I think
that with the, you know, assuming that
you have the right systems that could
protect patient data, uh, and, um, and,
you know, make sure that it's not being
exposed in the wrong areas,
>> that could have saved, you know, not
just hours, not just days, weeks,
months, uh, maybe even years of of his
life from doing this stuff. Um, and and
actually could have spent more time
taking care of patients.
>> Yeah. Yeah. That's a very good example
of what you just said which is just just
simple things just data entry about you
know I saw a patient
>> people underestimate how much time we
spend in our economy just doing data
>> entry
>> yeah we we do a lot of data entry so I I
think I think that's where you already
see AI is having a pretty big uh impact
uh already
>> and we're still early I think we're
going to see lots of interesting use
cases and the other thing that I think
that hasn't fully played out is you know
the interfaces is for chat bots or
agents are also evolving really fast
>> right
>> so we haven't seen uh I mean outside of
like the experience of talking to a
chatbot which is chat GPT kind of when
chat GPT came out that became a way to
interact with a with AI but I think
there are a lot more scenarios that are
and experiences that are still being
built that we haven't fully experienced
and an example of that would be you
you're seeing companies now launching
their own browsers
And these browsers can do all kinds of
stuff for you, right? They can read your
email and they can act on your email and
it will go do tasks on your behalf. Uh
there are other agents that actually
mimic that that will um mimic how you
browse uh uh the internet and then it
will essentially mimic that and to make
sure that it's doing it the way you do.
So we're still early on these like there
are new ways to interact with AI that we
we still haven't fully experienced. And
I think that will probably bring all
kinds of amazing benefits and
productivity gains that we haven't even
we haven't even kind of fully understood
the impact of.
>> Yeah. So let's drill down on that a bit
because uh we talk often on the show
about how there are different uses of
AI. Uh to me it really breaks down into
three categories. One is agent. Uh the
other is thought partner. The other is
companion. Um maybe sometimes thought
partner and companion are the same thing
depending on how much you trust your AI
companion to handle your thoughts.
>> Uh why do you believe in the the agent
use case? Because uh it it has become
we've talked about this on the show. It
has become a bit of a buzzword uh in the
business world right now. Um so so why
is it worth the hype?
>> I think there are three characteristics
about agents that are super interesting.
One, they're asynchronous. So it can it
can go do you don't have to be in front
of uh your laptop or or phone and you
know the input is not limited to like
your mouse and how fast you can type. So
it's asynchronous. Second is I think now
especially now with agents they can do
long running tasks. Now, most of the
experience we have today when we ask
questions, we're doing research, I think
you'll see agents responding fairly
quickly, but you will but there are
tasks that require quite a bit of
research that may take a long while. And
so I think agents are perfect for these
longunning tasks. So whether it's
minutes, hours, I think there'll be some
tasks that will run for days or weeks.
>> Yeah. M so we're just going to we'll
come to that kind of use case soon and
it'll be super interesting because you
know all these models are getting large
their context windows are getting bigger
u so we we you will see scenarios where
agents will be working on something for
days and they'll come back to you and I
think the last part is uh it's
non-deterministic and I think that's
really powerful and what I mean by that
is
let's say you had a you know you had
certain prompts or you asked the agent
to do a few tasks
and it comes back with a result or an
output. And you're like, "Oh, you know
what? I don't this is not quite what I
had asked for.
Take what I had given you before, but
here are the modifications. Now go do
something different or enhance what you
just did." Right? Now, it may go access
other sources of information or may go
do additional research on your behalf,
which so I think that's incredibly
powerful. And so I think agents bring
these three cate um characteristics
that you know have have the potential of
kind of really improving our lives in
pretty profound ways.
>> All right. So for those who are building
uh these things practically I want to
get a little bit of um insight from you
in terms of how this is happening uh
obviously you work um at Octa. Octa is
helping companies set up agents. Um, so
how exactly is this process taking place
of you working with companies to be able
to handle some of these tricky things we
talked about in the beginning and and
actually set up agents?
>> Yeah. So we we do four things uh
currently that really help um our
customers and the developers that are
that are building these agent
experiences, right? So the first one is
pretty simple which is we verify both
the agent uh and the user. So making
sure that
you are who you say you are, you're
Alex, and that the agent that you that
you have essentially uh consent at this
agent to go do stuff um on your behalf.
The second thing that we do is we
provide capabilities for um our
customers to essentially um uh secure
APIs. to have this capability called
token vault because in this world you
know agents are going to be talking to
lots of systems and it's really
cumbersome to go system by system or API
by API and figure out how to handle
their security. So we do this in a
scalable way and make it super easy for
a developer to use our product to
essentially make sure that all of the
API and agent communication is secure.
Then the third one is agents will always
need humans in the loop at least at the
moment right and like just this example
I shared about um the travel example
right I want to go to Japan in in
November I give a bunch of criteria to
the agent to go find me the best
itinerary but before the agent purchase
the attorney I probably want to review
it right so there are always tasks that
you will want to review and so we call
this having human in the loop right so
we do this it's Async authorization is
kind of the third thing and the last one
is agents will need information um such
as retrieval augmented generation which
is commonly known as rag. So you may re
have we want to feed your own custom
data into these agents. Well, how do you
do that? Uh you need fine grain
permissions and fine grain authorization
for that. So that's the fourth
capability that we're we're offering. So
this whole kind of suite or package of
products is called Ozero for AI agents
and uh this is kind of what customers
are using today to um make sure that
their agents are out um they can deploy
the agents securely in production.
>> So are these agents being set up as
human workers within companies or like
like do they have seats in like
different software systems or is it just
being set up outside?
>> Very good question. So I I think agents
now are going to be treated I I call
these like principles and the idea is
like you know humans are they are a
principle.
>> So I think that agents are going to be
treated as kind of its own entity or or
a principle and um and uh we will be
obviously verifying humans but we also
have to verify agents and so the same
principles will apply to agents. So in a
software system um will you have like
let's say 400 employees and then a
thousand agents sitting like just the
same type of
>> authorization this is happening today in
fact yeah so
>> uh again one name name any customers but
this is happening today I have seen our
customers you know you probably use some
HR or uh HR system where you have a
directory of everybody in your
happening.
>> Well, I've seen our customers where, you
know, you see employees and then you see
agents in the same directory.
>> Yeah.
>> So, this is already happening.
>> They're side by side.
>> Uh talk a little bit about verification
because you you said earlier, you know,
we have to make sure that you know this
is really Alex or um but what maybe I'm
having an AI do something on my behalf.
Can you distinguish when something is
robot and when something is human?
That is going to be I think that's
incredibly hard right now. I mean, uh,
so let let's let's kind of zoom out. You
know, how do you do verification today?
For example, if you're opening a bank
account, Alex, today, you're going to
you'll be taking selfies and photos of
your your your driver,
>> taking every crosswalk in the picture,
>> right? you're doing all of that
>> and um but but AI is getting really
really good at this that it's incredibly
hard for humans to detect what is
generated by a human or or what is AI
generated but I'd argue even machines
are having a hard time
>> right so machines also have fourth
positive rates and they are pretty high
so I think verification is going to be a
real problem uh and there are two things
here one how Do you verify Alex is
human? And I think the second one is,
you know, the content that Alex
generated, was it actually generated by
Alex? So these are like two different uh
areas of verification
and um I think we'll see a rise in kind
of uh verifiable digital credentials
more and more and uh that will be kind
of one way to make sure that I can
verify Alex is who he says he is. And so
so so this area is developing fairly
quickly and um and standards are being
developed and we support some of them
already but I you you will see a lot
more um uh with with with digital
credentials and increasingly you you'll
essentially take all your offline
credentials your passport your ID maybe
even your school certificate and they
will all become digital credentials that
you verify every so often. And so then
when you're interacting with systems
that require sensitive information or
verification, they will interact with
credentials that you have essentially uh
verified. So that will be the way
that'll be be one of the ways that I
think we can ensure that you know we
reduce fraud and and and and prevent
fraud basically so that uh you know
somebody can't steal your identity. Did
you see this thing where Ethan Mollik,
the Wharton professor, uh I think he
asked one of the latest bots or latest
models to generate a capture and
>> pass it.
>> And these are like pretty complicated
captas that they're tackling.
>> So if they can get those I mean what do
you think about if they get those? Can
they get others?
>> Yeah. Yeah. I think it's possible. I
mean I think this is why this is going
to be interesting like it's this is like
a race, right? which is like how do you
prevent bad or malicious actors from
gaining access to systems or causing a
lot of damage to a company because
because of the the you know different
fraud and mechanisms they come up with.
So I mean you know all those these
checks like I was reading something
recently about you know how every
company was has been interviewing
candidates um uh on Zoom and online.
Well, there are so many tools now you
can install on your computer that that
will do a real-time translate, you know,
analysis of the question the interview
is asking and we'll give you an answer
that you can replay back. So, so you're
seeing some companies are actually
moving to saying, well, all interviews
are going to be in person now. So,
that's like a big reversal from the last
few years. And so I think I think you
will see maybe some of these
verification methods and mechanisms are
going to be maybe annoying but more in
person. I always think of like you know
you use clear when you go to the
airport.
>> I I use it for sports games because you
don't have to pay a subscription to get
into like
>> uh sports games. But yeah exactly.
>> But that's like an interesting example,
right? Because you did your initial
verification in person. somebody had to
really check your ID or your password
and say, "Are you really who you say you
are?"
>> Right.
>> And and then now it allows you to go
through the the airport lines or get you
to a game. So, right, that's like an
in-person high assurance verification.
Like I literally checked your passport
and verified you are who you are. So I
think I think I I do see some of those
mechanisms kind of becoming more
important and I like this interview
example is like the easiest one where
companies are saying well we we're not
going to do Zoom interviews anymore. You
have to come in person.
>> Yeah. And look at us today. I mean here
we're in person and it's funny cuz like
I've interviewed the uh CEO of Clara
Sebastian Simowski. U
>> he now has his AI avatar going out and
doing uh earnings calls. Yes. and the
Zoom CEO also has his AI avatar doing
earnings calls. I mean, it's going to
get to the point where it's going to be
really tricky to tell. So, this
verification piece becomes super
important.
>> Yeah, verification. I think verification
of humans then I think it's also
content,
>> right?
>> Uh although
>> content as well.
>> Yeah. I I think content on the content
side though there are standards already
being
>> do we have to like wink and be like this
this is real people? Uh no, but you know
digital watermarking has kind of been
around for a while and you know there
are standards around uh content
verification that are also being
developed and so I think you will see
prolification of more watermarking
technologies to kind of determine what's
original versus um AI generated. I'm not
saying by the all AI generated stuff is
bad, right? Like I mean people are
generating images and videos and and if
you go to Instagram you'll see all these
funny um you know yetis and and whatever
Jesus
>> yeah they just they have you know they
have all these dad jokes or whatever
jokes they're coming up with or content.
I mean there are people who love that
content and view that content and enjoy
it. So I think there's a place for both
but but but there will be scenarios
where I think you do want to verify that
this was content generated by Alex and
so how do you do that and so I think
maybe some of these watermarking
technologies
um will will kind of be adopted a lot
more.
>> Well sh this was fascinating. Can you
tell folks where they can go if they
want to learn more about what octa
provides? Yeah. So you can go to
ozero.com
uh and you'll see odds.com and you'll
see all the capabilities we have with
regards to how we help secure
>> uh AI. If you are building agents and if
you're a company that's essentially you
already have agents and you want to
secure them then obviously you want to
go visit octa.com. So we have two
products and we're serving two different
use cases and both are uh available um
today for you to for you to deploy.
>> Well Shv, great to see you. Thank you
again for coming in. I think maybe we'll
see, you know, as companies get this
stuff figured out that that number of
20% moving into production or 95%
unprofitable, uh, that will go up.
>> I hope so. Yeah.
>> Yeah. Well, the unprofitability will go
down will go up.
>> Great to see you, Sh. Thanks for coming
in.
>> Thank you so much.
>> All right, everybody. Thank you for
watching. We'll be back on the feed with
another video soon.