Open Source AI: Transparency, Sovereignty, and Who Controls the Data

In this episode of Cyber Sentries, host John Richards is joined by JJ Asghar, an Open Source Champion and Developer Advocate at IBM. They explore the importance of open source in the AI world, how transparency can allow for AI sovereignty, and why we should care about who controls the data.

JJ shares his journey into the AI space at IBM and his strong opinions formed from working on open source AI projects. The discussion delves into the differences between mainstream closed-source AI models and the emerging open-source alternatives, highlighting the privacy and trust aspects that are becoming increasingly important, especially outside the United States.

Questions we answer in this episode:

• How does open source fit into the recent surge of AI?
• What are the benefits of open-source AI models compared to closed-source ones?
• Why is AI sovereignty important, and how does it relate to open source?

The conversation covers the challenges of building and running AI models, the compute resources required, and how open-source approaches can provide more transparency and control. JJ explains the concept of AI sovereignty, where countries and organizations want to run AI within their borders and under their own rules and restrictions. This brings up issues of hardware accessibility and the lifecycle of AI models.

Key Takeaways:

• Open-source AI allows for greater transparency and trust compared to closed-source models
• AI sovereignty is becoming increasingly important for countries with strict privacy laws
• The lifecycle of AI involves training, fine-tuning, and inferencing, each with different compute requirements

While open source offers many benefits, the discussion also touches on the challenges, such as the potential for model poisoning and the current lack of genealogy in AI models. Despite these hurdles, open source remains a powerful force in the AI world, with the potential to provide more eyes on the code and faster problem resolution.

This episode offers valuable insights into the complex world of AI, the role of open source, and the importance of data control and transparency. Whether you're a developer, a security professional, or simply interested in the future of AI, this conversation provides a thought-provoking look at the challenges and opportunities ahead.

Links & Notes

• IBM's open source foundational model Granite
• Granite Foundation Models Paper
• Hugging Face
• IBM's coding assistance project
• InstructLab
• Crew AI
• AI Sovereignty Paper
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (00:55) - Meet JJ Asghar
• (03:17) - Working with AI
• (04:29) - AI and Open Source
• (10:31) - Approach
• (14:38) - Sovereignty
• (18:20) - Inferencing
• (20:47) - Black Box Situation
• (30:10) - Weighing the Differences
• (35:09) - Timeline
• (40:39) - Finding JJ
• (42:06) - Communities
• (44:49) - Wrap Up

Decoding Zero Trust Security for Cloud Native Environments

In this episode of Cyber Sentries, John Richards welcomes Zack Butcher, Founding Engineer at Tetrate, to explore the critical components of zero trust security for cloud native and microservice environments. Zack, with deep expertise from his time at Google and work with NIST, shares practical insights on achieving a zero trust posture.

John and Zack dive into the fundamental mindset shift required for zero trust - moving from implicit to explicit trust. They break down the five key policy checks that define runtime zero trust, and how these controls can enable identity-based segmentation. Zack illuminates how this approach allows organizations to boost assurance while strategically relaxing painful network-level constraints.

Questions we answer in this episode:
• What does Zero Trust really mean in practice?
• How can organizations adopt a Zero Trust mindset?
• What role does a service mesh play in Zero Trust?

Key Takeaways:
• Zero Trust requires making all trust explicit
• 5 key runtime policy checks define a Zero Trust posture
• Identity-based policies boost assurance and agility

Whether you're wrestling with Zero Trust definitions, microservice security, or cloud native challenges, this episode delivers a wealth of battle-tested wisdom. Zack's clear explanations and examples, combined with John's knack for extracting practical takeaways, make this a must-listen for anyone navigating the complex world of cloud native security.

Links & Notes

• Zack on LinkedIn
• Security Strategies for Microservices-based Application Systems (Sidebar has the A-D publications)
• A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments
• Tetrate Academy
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:01) - Meet Zack
• (04:55) - Reflecting on the Journey
• (05:46) - Deep on Security Aspect
• (09:52) - Zero Trust and Definitions
• (15:35) - Consensus
• (18:09) - Availability and Assurance
• (22:28) - Driving Growth
• (25:44) - How AI Can Be Used for Security
• (30:07) - Links and Finding Zack
• (30:36) - Wrap Up

Decoding the Language of Machines: AI's Potential to Revolutionize Cloud Security

In this episode of Cyber Sentries, host John Richards is joined by Murali Balcha, founder and CTO at Trilio, to explore how AI could transform cloud security by understanding the unique language of machines. Balcha brings over 20 years of experience in IT, particularly in storage systems, to the conversation.

Harnessing AI for Proactive Security
John and Murali dive into the potential of AI to enhance cloud security by analyzing the vast amounts of data generated by IT systems. By treating system logs as a language that AI can learn, models could be trained to identify threats and anomalies in real-time, even detecting zero-day attacks that traditional rule-based systems might miss. This shift towards proactive, AI-driven security could significantly reduce the time between a threat emerging and its detection.

Questions we answer in this episode:

• How can AI be applied to cloud security?
• What advantages does AI offer over traditional rule-based security systems?
• How can AI models be trained to understand the unique language of machines?

Key Takeaways:

• AI has the potential to revolutionize cloud security by learning the language of machines
• AI models can identify threats and anomalies in real-time, even detecting zero-day attacks
• Shifting towards proactive, AI-driven security could significantly enhance threat detection and response times

This episode offers valuable insights into the cutting-edge applications of AI in cloud security. Listeners will gain a deeper understanding of how machine learning can be harnessed to protect their systems and data, as well as a glimpse into the future of proactive, intelligent security solutions.

Links & Notes

• Check out Murali’s blog
• Find Murali on LinkedIn
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:56) - Meet Murali Balcha
• (03:29) - AI’s Evolution
• (06:06) - Transferring Data
• (14:43) - How Trillio’s Looking at AI
• (23:36) - Wrap Up