Ave Gatton

then that's all well and good.

But the true utility of an agent typically comes from automating actions that may interface with other agents in the company or other people in the company.

For instance, sending an email, right?

And if my agent can send an email, then now you have this lethal combination, which is it's got access to the data I can see,

And it can send it to whoever.

It can talk to the outside world or whoever wants to talk to it.

So if I send it off to do some task and somehow a document it reads in doing that instructs it to send information to this unknown email, then yeah, it can do that if it is an email summarizing or email sending task.

So once again, you run into the problem of utility.

This is the big sticking point.

This is what we see over and over again when we talk to large companies is that they want to be compliant.

They want to be HIPAA compliant.

They want to respect law 25, GDPR, et cetera, et cetera, et cetera.

And it is really hard to ensure that an agent system, an agentic system,

will be compliant when you can't say with certainty that it's not going to send out, say, PHI or PII to an external endpoint.

And so you have to rely on things like guardrails or things like secure design in order to ensure that.

And we can get into guardrails and how they're not that great and they don't actually...

work for a lot of things they work in principle but they're really easy to break and so one thing i think about a lot in terms of compliance is if you're using guardrails how many nines do you have to have in terms of your certainty that it will find all of or guard against all of the

PHI leaks or PII leaks, how many nines of accuracy do you have to have or of false positives or false negatives do you have to have in order to satisfy a regulator to say, yes, this system is secure?

And I don't think we have that from the regulatory side, and I'm sure we don't have that on the industry side.

So it's an open question as people roll these systems up.