Security Unfiltered

Addressing the Risks of AI with Innovative Solutions Encrypting Communication

Joe South Episode 153

Send us a text

Ari Andersen shares his journey from starting a podcast to founding a security startup. He discusses the importance of trust in the digital world and the need for a security layer based on trust. Ari explains how his company leverages trusted relationships to share information securely and prevent attacks like deep fakes and spoofed emails. The solution is built around the concept of pods, which are groups of trusted individuals. Ari highlights the growing risks introduced by AI and the need for innovative solutions to protect against them. Kibu is a secure communication platform that focuses on building trust and consensus among users. The app uses a unique invitation and voting system to ensure that only trusted individuals are part of a user's network. Kibu offers two ways to create a pod (a group of trusted individuals): through a digital invitation process or by physically meeting and using NFC or QR code technology. Once inside a pod, all communication and files are encrypted at the pod level, ensuring privacy and security. Kibu also uses cryptographic attestation to verify the authenticity and integrity of files within a pod. The goal of Kibu is to bring trusted relationships from the real world into the digital world and provide a secure environment for critical actions and decision-making.

https://kibu.io/

#podcast #security #ai #startup 

Support the show

Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today

Speaker 1:

Well, ari, it's great to finally get you on the podcast. You know, I think that we've been planning this since, like last fall.

Speaker 2:

I know.

Speaker 1:

It's insane how having a kid can just like completely alter everything. You know like every day is a different day. It's like pick her up from daycare. It's like, oh, you're really sick today. I guess the next week is now taken up up for me. You know, taking care of you yeah, I, I, uh, I don't.

Speaker 2:

I don't have a kid yet. In fact, my wife and I are actually uh probably soon on the way there, but but I, I certainly have a lot of friends with kids and I know, I know that it it just uh introduces an entirely new set of both challenges and opportunities and new experiences. In fact, my co-founder just had his third kid a couple of months ago, so we're sitting on Zooms all day with a little baby on his lap a lot of times.

Speaker 1:

Yeah, yeah, that's how it works out. It's fascinating, right like. It's almost like you get to experience a new phase of your like. What you were like potentially you know, but from the outside you know because, like, how you remember being a kid is totally different from how you know. Your parents experienced it, right like um, does, does being a parent?

Speaker 2:

do you find it like? Uh, does it give you sort of a new respect or new understanding of your own parents?

Speaker 1:

yeah, I, I would say so for sure, you know I can. Now I understand their struggles a little bit more and I guess the flip side as well. So I never really had a good relationship with my dad and I always assumed I always gave him the benefit of the doubt, like well, maybe things change when you have a kid or whatever, and whatever it might be, and maybe I'm too early on into it, you know, but it kind of it, kind of I guess reinforced it in the wrong way is like hey, like he had no excuse to be this way, right, um, but like it's it awesome, it's my favorite thing in the world.

Speaker 1:

Um it like I enjoy every minute of it. You know, like my wife, my wife she's, uh, she's an early childhood teacher and um, so she's used to kids, right. So I was going into this thing not knowing anything and I was so nervous, you know, and even like even the, the times where you're up, you know, every two, three hours in the middle of the night, and you know you're you're operating on zero sleep, um, like I, I still didn't even complain, I, I didn't even like it wasn't like a miserable, I didn't even like it wasn't like a miserable, like, yeah, it was tough, I had no sleep, but like, overall it was like, oh man, like me waking up at 4am which I'm not a morning person, right, so me waking up at 4am with this little baby, you know, and she falls asleep like on my chest, like that's, that's like it's the dream.

Speaker 1:

I don't need anything else. You know what I'm saying. Like yeah and sure enough, you know. Now she's too big to do that right, like if she tries to sleep on me, like it's, it's uncomfortable for her, you know how old is she now?

Speaker 2:

uh, she is 14 months, oh wow cool, yeah, but I'm like you've, you've been, you've been in it for a little while now. You have kind of the protocol.

Speaker 1:

Yeah, yeah, we're. You know it took a while, but you know we're in a schedule, we're in a routine now. So and she gets it too. You know, like today at daycare, like she did not want to go to daycare, and when I showed up she's, like, you know, like today at daycare, like she did not want to go to daycare and when I showed up, she's, like you know, crying a little bit, complaining, but she knew that she would go. And then there's other days where she's like can't wait to get out of my arms Right, like get out of here, you know, but, um, it's, it's really, it's a fascinating thing, in my opinion.

Speaker 2:

I mean it's, it is our prime directive, right like that's. What we're all here to do is to is to uh, you know, to to to procreate and to make more humans and and you know, I think there's something truly innate and like very deep within all of us of like oh yeah, this feels, this feels right yeah, yeah mean, we're 14 months in and I'm already like pushing my wife like, hey, let's get another one going.

Speaker 1:

You know, let's get all this sleep deprivation out the way immediately. Yeah, you know, like people, you know people tell you about sleep, sleep deprivation with a kid and whatnot, and it was literally two entire months that I do not remember, you know, and I went to dinner with people. I had, you know, conversations that like impacted you know the podcast and everything like months later, and you know I would, I would be talking to my, a friend of mine, and uh, you know he'd be like, oh, don't you remember like we were at this dinner and you know they were gonna sign up for this thing or whatever. Like no, I actually don't remember that taking place at all. You know it's, it's uh, it's crazy how your your mind just like blocks it out and you somehow get through it and humans, if nothing else, are extremely, extremely adaptable.

Speaker 1:

Yeah, yeah, that's a good point. I mean, you know, I'm not a morning person by any stretch, right, like in college, if I was up before 10, it was like a miracle, right, yeah, you know. But after two months of waking up at like 4 am, you know, my body just like immediately switched over to okay, you're getting up at 4 am and you're going to be fully energized, and oh like oh, you got three hours of sleep. Yeah, you feel great.

Speaker 2:

Yeah, you know before yeah.

Speaker 1:

It's like before, like three hours of sleep. It's like, hey, I'm not doing anything today.

Speaker 2:

Yeah, yeah, it's like I feel like I was drugged.

Speaker 1:

Yeah, yeah, exactly. Well, ari, you know I'm really interested in hearing how people kind of get their start, you know, in this industry and I'm wondering where your start is. You know what made you want to go down this IT slash security route and you know the reason want to go down this it security route and you know the reason why I start everyone there is not not just to hear everyone's story, but it's for my listeners to hear everyone's story, because everyone's coming at this thing from a different angle, from a different point of view, a different background. You know, for instance, right like I, I had someone on that was a former opera singer and now she's application security. You know, for instance, right like I had someone on that was a former opera singer and now she's application security. You know, expert and I'm sitting over here like how, like how do those dots, even you know, connect together?

Speaker 2:

right, so you know what's what's your story yeah, I think, um, you know, I I would say perhaps not as not as disparate as an opera singer, but similarly, I think, a fairly non-traditional path to being a founder of a security startup, american University in DC, and studied under a guy named Eric Novotny, who will become relevant later in the story, so just remember that name. He's a cybersecurity guru, one of the advisors to US Cyber Command, darpa, some other places. So, yeah, so I graduated college with a degree. I thought I wanted to be a diplomat. Um, more time I spent with people who worked in the government. I was like you know what I don't think this is for me. Um ended up coming back to los angeles, where I'm from, um, worked as a foreign policy advisor and then actually, uh, I was actually excited to talk to you about this.

Speaker 2:

I, I started a podcast. I started a podcast this is 2015 called millennials don't suck, which it was kind of like that initial wave of podcasting. So, you know, I think competition was definitely less, less intense, and so we we released maybe eight episodes and we were on the top 50 podcasts on itunes and in the new york times and like got a bunch of press, um, and it was really, really fun. Like just it was me and my buddy um, just kind of interviewing millennials who we thought were doing cool stuff and kind of trying to like at the time there's like sort of a narrative about the generation, so we were kind of trying to counter that um, so that that was. You know, that was really fun. It was totally obviously not what I studied or what sort of my focus was in, but I love talking to people, um, so I was doing that, it was going great, we were, we were, you know, our audience was really growing.

Speaker 2:

I co-host, my co-host, matt um, then had a massive hemorrhagic stroke and ended up in the icu who was basically almost killed. Him he was, he was in recovery he still is recovering, as you know, to this day um, so I didn't really feel like I could continue the podcast without him. It just kind of didn't feel like it was. It was the same um, I didn't have kind of the fire for that concept, um, but you know, sort of the I guess the consolation prize and this is, like you know you'll, I'm sure you you hear this a lot like you can only see kind of where the path is in reverse. But like at the time like it was just pinging all around, because I had started a podcast just by myself that had become successful. People started to reach out to me and be like, hey, can you help me do the same thing? And so I I built out a production company called Curious Audio, started that in, I think, 2016, and then built it up. Over the years. We produced, you know, over 100 shows um, sold, sold, sold some shows and some concepts up to, like, you know, stitcher, spotify those types of places. Um really kind of just cut my teeth in the podcasting world, in the media world, um, and grew like a, you know, quite profitable business out of that.

Speaker 2:

One of the sort of the things that got me back into this world of privacy and security was we were hired to basically to produce a mini series on the harvesting of human behavioral data. This was like kind of post Cambridge Analytica scandal at Facebook and there was a lot of concern and talk about sort of what psychometric targeting and some of these things we're going to, we're doing already and would be doing, especially as AI advanced, and so I was also hired to host that show and so I got to basically travel around the country for six months and I did it in person. This was pre-COVID, so I just like traveled around in person interviewing everyone from policymakers to tech founders to, you know, to people in politics, kind of every angle of looking at sort of how the harvesting of human behavioral data and the use of that data was affecting our society, us, how we interact with each other. And one of the really probably the most illuminating and in my for me at least sort of destiny defining conversation was with a woman named judy estrin who, um she was on vent surf's team that sent the first email at stanford and kind of built many of the early internet companies. She like built the first ethernet company. At one point she was the cto of cisco. She was the the first woman on the board of disney, um.

Speaker 2:

So I was sitting in her living room in I guess this was late 2019 and we were talking about like sort of the asymmetry between just your everyday human and these big technology platforms and how that was growing and growing and it felt kind of like a sort of a Sisyphean task to try and sort of overcome that power dynamic. And so I asked you know, judy, what do we do? And she said to me scale down for trust, interconnect for power, and it was like one of those sentences that I you know I had never built a technology company I I had no really idea what she meant at the time, but I just like I remember just getting goosebumps, you know, just like whoa that's that feels important, um, and it really stuck with me. You know, just like scaled down for trust. I've always been somebody who's really um, like close relationships have always been really important to me, like I've had the same best friends in my whole life, um, and really like, main, being uh, in integrity with myself and with the people that I trust is is kind of the most important thing for me and um, and so, yeah, I just kind of started thinking about like, okay, like scale that, like what, what does that mean? And then kovat happened, um, my, my, at the same time as covid happened, my dad was diagnosed with cancer, um, and so I was like taking care of him. You know it was covid. So we were, we were having to be super careful, um, and there was also, like you know, I, I, as somebody who studied geopolitics, um, you know I was always paying very close attention to the news, um, obviously the russia disinformation hacking had been happening and and the twitter hack I don't know if you remember that where, like you know, the sort of a lot of celebrities were hacked, um, with kind of this god mode, uh exploit. I just kind of I I started thinking, like you know, scale down for trust, interconnect for power, like what is, how could that apply to a lot of some of the issues that we're facing? Like how, like what if we could use what, if we could use the trust that we have in the physical, in like the real world, and bring it into the digital world in some way? So I called up an old college buddy of mine. We just started talking, like you know, man, like what if there was a way to know that you were talking to the you know who you thought you were supposed to be talking to? Like what if there was a way to um, you know to, to prevent sort of a god mode level attack from occurring? You know, preventing somebody from to prevent sort of a God mode level attack from occurring. You know, preventing somebody from moving laterally within a system. Um, and really my aha moment happened, uh, probably around, yeah, sometime mid 2020,.

Speaker 2:

I was doing a, I was doing like a two factor password recovery. Um, you know, I don't use password managers because I'm obviously they all get hacked and and I'm, I'm, you know, I'm skeptical. Um, so I had forgotten my password and so I was doing a two-factor. But then, of course, you know, my paranoid brain knows that I could be, you know, I could be sim swapped, I could be email spoof like they're, like I, I uh, there's no way to know that. It's really like passwords have always just really kind of gotten under my skin.

Speaker 2:

And I was at the same time I was in a group chat with my best friends that I mentioned from childhood and I was like man, like I trust these guys more than I trust myself to remember a password. Like what if you could use trust? Like what if you could use trust? What if you could just use trust as a security layer or an authorization layer? And so that was when I called my college buddy up, who's now my co-founder, and together we called up our old professor, who's the civilian advisor of Cyber Command and was an Obama appointee on cyber, and kind of like one of the leading minds that we have, and we started talking and really, at that point, it was just conversations. You know, like I mentioned, I was taking care of my dad. He was getting sicker, so it was like it wasn't really the right time to build a company.

Speaker 2:

Then, at the same time, I think, just like the, I think, you know, in 2020, there was starting to be some conversations more about things being, you know, privacy being more priority, security being more priority. But I think even then, like, um, I think it was a fundamentally, I think I think the world wasn't quite ready. Um, really, the change happened, uh, like end of 2022, beginning of 2023, with the advent of like chat, gpt and sort of the ai explosion. And we saw, and I started to see, like okay, like it is going to become critical to know that you are talking to the person that you think you're talking to and to know that a piece of content can be trusted as coming from a human being and it actually goes back.

Speaker 2:

You know I mentioned Eric before, my own professor. You know he taught us this concept in college of the red internet and the green internet, us this concept in college of of the red internet and the green internet and on the red internet. You know, you know this was back in you know, 2011, 2012. He was like on the red internet. You know it's all going to be bots. You're not going to know who's real. You're not going to know what's real. You're not going to know who's trusted. 99.9 of the content is going to be generated by ai and it's basically just going to be like a forest of misinformation. And on the green internet, you're going to know who's real. You don't know what's real.

Speaker 2:

You know who's trusted, and it kind of came back to like okay, what if we could take sort of trust that exists in small groups, scale down for trust and use that as basically a layer of confirming each other's humanity, of sharing information only to the people who should see it, and then of being able to eventually broadcast information out to the wider, the wider world.

Speaker 2:

Um, that can. That has, you know, human provenance and a chain of custody of of like okay, we know, this is this, this, this information came from human beings, and so we uh, we you know eric being the cyber uh expert that he is uh, spec'd out a you know an architecture and we brought on a uh, you know, we, we, we started building, we brought on a cto and and raised raised our first round of funding last June have been building in stealth for the last I would say, I guess, eight months. I'm actually honestly it's kind of fortuitous that our conversation has been delayed a few times because we actually can now talk more publicly about sort of what we're building. We actually came out of stealth about a month ago and are, are, are in, are in private beta right now. So I can, I would love to send you, send you the beta when we get off this.

Speaker 2:

Call Joe, and yeah, we're, we're, we, we now are have basically built a tool that allows you to leverage your trusted relationships in a kind of a new way and bringing in a lot of sort of cutting edge cryptography, on-device biometrics, public-private key sharing into an ecosystem that essentially relies on trust to share information, know that you're talking to the right people, keep information compartmentalized eventually API consensus across existing systems as a way of, you know, adding additional layers of protection and then broadcasting validated, you know, cryptographically attested information out into the world yeah, it's uh, it's a.

Speaker 1:

it's a fascinating area, right, especially with the explosion of ai recently, because it it's like uh, it introduces like a really it's a really good power and it's a really like high risk as well. You know, like, yeah, I want to use chat, gpt to write, you know, a better paper, a better email, whatever it is. Right, I want to do that. But I'm also giving it more power to emulate me, right, because I'm putting in text, into my own words, and I'm saying write it better. Well, it's able to analyze how I wrote it to begin with, you know Exactly, I mean, yeah, we.

Speaker 2:

I don't know if you saw this story, uh, a couple of weeks ago, but there was a banker in hong kong, um, who got an email from his cfo like, hey, you know, we, we, we need to wire these people 25 million dollars, like we're doing a deal. And you know, just kind of doing his diligence, he was like okay, like sure, like can we get on a call to confirm? So he gets on a call to confirm. On the call it's a video call on the call to CFO. Some other colleagues, you know they chat about it, they talk through the deal flow, everything looks good. So he's like, okay, great wires, the money turns out, email was spoofed. Gets on the call. Everybody on the call was deep faked. Wow, money goes out to criminals.

Speaker 2:

So so that that's like sort of a direct use case that our tool, sort of creating these encrypt, end-to-end encrypted, what we call pods of trusted people is really solving for, of sort of like upping the ante on, you know, with generative AI, whether it's voice cloning, whether it's deepfakes, like a lot of the social engineering stuff that we're seeing already being so effective is just going to explode in its efficacy with AI.

Speaker 2:

And so you know I'm sure you're seeing it in your life like families having sort of like a passphrase or something that they say to each other is a way of like. Okay, this is how you know I'm the real me. But I think we're going to very quickly move beyond some of these just analog solutions, and I think that's kind of where our, our product starts to fit in the, in the equation of like. You know, this is something you know, we're not tied to phone numbers, we're not tied to emails. It's really the trust that you have in the real world. And then, relying on your device, biometrics, um, you know, as, as as as the uh, you know, the decryption of, of the information, um fits into the stack so can.

Speaker 1:

Can we walk through maybe how your solution would have prevented you know that that attack? Right, because you know it's like to me. I can piece it together. Yeah, you know, um, but I think it'll make more sense coming from you.

Speaker 2:

A hundred percent so there's a, there's a couple ways. So let's, let's sort of our system is built around this idea called a pod, right? So, um, you know basically who you know, a group of people that trust each other. So let's say I want to start a pod. I go into the Kibu app, I create a pod. I'm then prompted to send out an invite to whoever I trust. So I send you an invite, you receive an invite. You're then prompted to take a photo or a video of yourself, proving that you are you. I then, within the Kibu app, receive that photo or see that photo or video. So I then, within the Kibu app, receive that photo or see that photo or video, I say, okay, yeah, that's Joe. I then get to vote you in and really the vote there is key, right? It's kind of the entire system is predicated around this idea of consensus and quorum. Let's say, then we want to bring a third person in. You could now invite someone, or I could invite another person. Same invite flow occurs. Then we both have to vote that person in. So that's kind of it's adding a layer of sort of proof of humanity and then consensus into these flows and you know, theoretically, in that circumstance.

Speaker 2:

You know, if you've already created a pod with someone, right, you know you created, let's say, a month ago, and then you're, you know you're, you're on this call and and you're saying, okay, these are the wire instructions. Cool, can you confirm it? In kibu, whoever the person that's deep faking wouldn't have. You know they can't spoof, it's not attached to email, it's not attached to phone. So even if they sim swap somebody doesn't work. They wouldn't be able to do it Point blank.

Speaker 2:

The second way you can create a pod is if you're in person with somebody. You actually can just NFC bump or QR code an invite. So then that's even more secure in that you confirm that they are in fact that person in person. There's no out of band evidence that that pod even exists, so the attack surface is essentially zero and, uh, once you're in there, the entire thing is encrypted, unlike signal. We encrypt at the pod level rather than the message level. So everything inside of the pod um, uh is accessible, no matter when you come in right, so including the history of every action, of every vote taken, every file that's uploaded.

Speaker 2:

You know we have a vault inside of a pod so you can upload files, upload photos, videos, collaborate on documents, and this kind of goes into this concept of cryptographically attesting information. No information, no file can leave the pod without the group voting to allow for it to leave. So it goes back to this idea of consensus and quorum. But if the group does vote to allow for it to leave, we basically put a cryptographic attestation on that file, as these, you know, these, these humans created it and and each, each keyboard user, has a public key. That's that's kind of how you know, each, essentially each device, has a public key, and so then we can have a chain of custody of these public keys.

Speaker 2:

Created this information at this time, then we could. When, when the attestation occurs, you know, a hash file is created of that, of that content, so we can actually see, okay, this, this file is created of that content, so we can actually see, okay, this file was created at this time. These people attested it to be real. This is what it looked like when they attested it to be real has it been altered, has it been changed, yes or no? And so it's kind of really building, you know, cutting edge crypto security protocols and then bringing in kind of real world trust and building it inside of this trusted ecosystem where you have to be trusted and then you can't even get in. There is no like pin code or anything like. You need to be biometrically authenticated into the Kibu app to be able to see anything inside, and so you actually have to be the trusted person.

Speaker 1:

Oh, that is a. I mean that's really fascinating because it sounds like it sounds like that really would have, you know, thwarted a lot of the social engineering attacks and breaches that we've seen. Yes, you know, like with octa and mgm. Right, because you know it's, it's right. Because you know it's fascinating. Right Before, when you would hear about cyber attacks, it would typically be something pretty sophisticated, you know, something that is digital, something based on technology that is getting around, or security control, whatever it might be.

Speaker 2:

SolarWinds being a great example of that, for instance.

Speaker 1:

Right and like everything now is kind of pivoting, you know, because everyone's security is so top-notch right, like all these boards kind of opened up the budget. It was like, okay, get whatever you need, you know, because we're not, we're not doing any better than the people that are attacked and it's only a matter of time. Right. Well, now it's shifting. It's shifting to that people aspect, that human aspect, you know, and exactly how we're having to come up with these, uh, these new, you know, innovative solutions to validate.

Speaker 2:

You know, you are who, you say, you are whatnot well, and not only that, but like know, that's kind of where we really think our API layer becomes interesting. Right, you spoke to, you know, the MGM hack, for instance. So imagine if, basically, we call it consensus-based authorization. So imagine if you know a particular database or a particular pushing code into production or accessing, you know, or making certain authorization decisions required consensus, and it doesn't need to be obviously every decision. That would be organizationally inefficient. But these, these critical decisions that that you know millions of dollars are really. You know that that that really can make or break a lot for an organization.

Speaker 2:

Imagine if you then put just some of those critical decisions behind a layer of consensus of just the people who need to be trusted, that that decision could happen inside of an end-to-end encrypted environment without having to rely on out-of-band comms like email or phone number or whatever, where you're communicating. Okay, does this? Should this person have access to this system? Should this data be shared with these people? Should this wire transfer occur to this person where those types of decisions are happening, just among the people who are trusted, within an end-to-end encrypted environment?

Speaker 2:

We think that to your point, like um, it prevents an attacker from once they get in with a credential stuffing attack or with a social engineering attack from like if you can prevent someone from moving laterally within a system like what we've seen, where it's like, once they're in, they can just do whatever they want, if you, if you kind of gate certain critical actions with consensus, you can actually prevent a lot of the damage that we're seeing being done that's um, it's really fascinating, you, you know, you you kind of started the conversation off with your, your former professor, right, and his role within the government and whatnot or not really within the government but interacting with the government, and whatnot or not really within the government but interacting with the government and whatnot.

Speaker 1:

And you know, with my own experience with doing some consulting and contracting work to different agencies, like you can see, you know his mentality behind how he architected the solution. Right, like you can tell that this is definitely something with that kind of that structure in mind. You know of how it operates and what it can interact with and what it does and whatnot. And you know it's something that's massively needed. Right, and this isn't me right, like, try to try to pump up or promote. You know your solution or anything like that. Right, like you didn't sponsor the podcast or anything like that. This is a, this is a critical area that you know has a high demand and people are kind of just like waiting around, being like man. When is this thing going to be solved?

Speaker 2:

you know, honestly, it's, it's so funny you say that I mean, obviously, you know, I, I like I said like I have a pretty non-traditional background when it comes to, you know, security. I don't, I'm not like a super technical person, so I don't come at this from like a you know, a super technical standpoint, but but I just like sit as truly like somebody who I wake up every day and I all I think about is like I really think the world needs what we're building and it's my job to get to give it to them. Like I, I, I just, I see, I see this actually is like almost like a civilizational level issue of if trust breaks down, if we can't figure out a way to both know what we're seeing is real, know that we're talking to a real person, and also being able to just protect the most critical systems in our society from constant attack. Things are just going to break, attack, things are just going to break. And so I just, I like, truly like this.

Speaker 2:

I see this as like my mission. It's just like how can I give this thing to the world? That it's, I mean, it's honestly really gratifying that you see, that you see it as well, just like, yeah, it seems like this is really needed and there is a ton of solutions like it, um, that are trying to tackle it in this way, and so we're just trying to. You know, we've just been building and now we're just trying to get it to market and give it to people.

Speaker 1:

Yeah, it's like the security of the blockchain, but in the human format. You know it's not code.

Speaker 2:

I call it the human blockchain.

Speaker 1:

Yeah, yeah, I mean that makes a lot of sense. You know it's interesting. You know your path into this as well. Right, you studied international relations and the security aspect of that, and you know I also got my bachelor's degree in criminal justice with international relations as a as a minor, you know. Looking back, do you think the mentality that that program instills into people, do you think it kind of prepared you for the cybersecurity world A hundred percent?

Speaker 2:

Oh yeah, and I mean and and yeah, thinking sort of about, you know, operational security, about the need for compartmentalization, about the even like the need for trust, for for trust and sort of mutual trust and um and understanding. I think, like something that's always really interested in me, especially in the last five or 10 years, is like, obviously, like I'm I'm a huge geopolitics nerd I would imagine you are as well but like sort of the, the nexus of technology and geopolitics is like really geopolitical, like even look at what's happening in taiwan, for instance. Like our geopolitics is is basically technology based at this point, and I think, like it's, it's now in the last even five years, it's becoming more cybersecurity, like everything is cyber now you know.

Speaker 1:

Yeah.

Speaker 2:

And so I think like, yeah, I definitely think that my degree prepared me pretty uniquely to you know, to think about this stuff in a way of understanding both that everything. Everything is probably, you understand, like everything really comes down to relationships in this world at the end of the day. Like we can put a lot of window dressing on stuff, but it really, at the end of the day, it's about relationships and that's kind of the, the underlying function of what our product is based on. Right is like do you trust this person or not? If you trust them, you should be able to transact, to communicate, to safely share, etc. Etc. With that person in a way that you know is real and you should be able to use. Like.

Speaker 2:

I think part of what I'm seeing, or what I've seen, you know, I think a lot of the. We're seeing a lot of the sort of the impact that the internet is having on our society, and I think to your point about all the benefits of AI like amazing benefits. It's going to change the world in so many ways. But I think we're also seeing a ton of negative effects as well, whether it's social media affecting how we are interacting, how we're talking to each other, you know being with each other, whether it's our politics, whether it's we bring the, the sort of the, the trusted relationships that we have left in the in the real world. How can we bring those relationships into the digital world and really use those relationships as a way of kind of carving out a zone of safety that we can then operate in and we can then sort of, you know, move, move around digitally in a way that is a lot safer than what currently exists?

Speaker 1:

oh, so you know, just thinking through, you know the design that you kind of laid out um, would this be vulnerable to like a 51 attack? You know how I mean. I don't know if it would be and I'm just spitballing it right where you know if you're somehow able to compromise you know, 51 percent yeah right, you know 51 of the the people in your pod right I mean.

Speaker 2:

So let's look at a couple of answers there. One is within the pod, security is entirely configurable. So for decision, you know, for whether it's decisions or access to information that is of the highest level of security, we would recommend unanimous approval. So that's kind of the top line there. But let's say yeah, let's say just a simple majority is required to execute an action.

Speaker 2:

If you think about it, uh, you would have to not only know the know all the members in a pod, which even kibu doesn't know all the members in a pod. We just know the public keys. So so you know you, you would have to somehow know that, based on surveillance or some other thing, then you would have to, uh, within sort of a limited amount of time that the other, such that the other pod members wouldn't become aware, essentially coerce at least 51% of the people in a pod to give up their biometrics and provide access to then vote on something. As you, as you know, as we know, in the security world nothing is 100%. But I think like if let's say, you know, your likelihood of compromising one person is 0.1, you know, and there's seven people in a pod, you know it's 0.1 to the fourth likely that that occurs. I think that's a fairly low likelihood. You know that something like that might happen and certainly, I think, a better way of operating than you know, kind of what we're seeing currently, which is just like username password.

Speaker 1:

Oh, yeah, it's really fascinating. It's just fascinating to see how technology is evolving in an area that seemed to be, or was thought to be, solved right. Like you know, we, we used to think like insecurity, like, oh, if you just trained your users better, right like you wouldn't have these issues. But you know, like, even even now, right at my day job, yeah, um, there was someone that you know had had access to send money, large amounts of money, within the organization, and they got, you know, deep faked from the CEO saying, hey, send them this money. And, you know, luckily, the person just had an inkling of a question with it and they waited until Monday, right, until they saw the ceo again and he, sure enough, you know he's like, yeah, I never said that but again, that's a numbers game, right, as as deep fakes become cheaper, let's say you do that five thousand times.

Speaker 2:

You know even even one percent. Like you're, you're, you're, you're hitting right and so if, if you, if basically you're you, you push those communications into a kibu pod, there's, there's, there's a very, very, very low likelihood of that ever, ever working out yeah, yeah, that that makes a lot of sense.

Speaker 1:

So, you know, with the, with the encryption part of it, um, I I find that a little bit fascinating because now I'm starting to dive into, you know, security, securing uh, satellites with homomorphic encryption, and things like that on the side of course, um, talk to me a little bit about the encryption and how it's kind of set up. Is there certain parts of your product that you potentially even open source? Yeah, absolutely. Or pull from the open source community.

Speaker 2:

I would say, in the way that the iPhone was not. There was nothing about the iPhone that was entirely new technology. There was nothing about the iPhone that was entirely new technology. What the iPhone did was take a lot of existing technologies and bring them together in a really easy-to-use, user-friendly ecosystem and experience. I would say that's what we've done here.

Speaker 2:

To answer your question about open source number one, yes, we have pulled from open source cutting edge, open source crypto libraries. We also plan on open sourcing sort of our base level Kiwi protocol as well. We want to build an SDK to be able to have people build consensus off directly into their systems. We think that there's a massive opportunity there. We really see ourselves I think I mentioned at the beginning we see ourselves as kind of building the trust ecosystem. You know, using our Kibu consensus as a way of providing a foundation for bringing trust from the real world into the digital. And so, yeah, we're you know, we're you know.

Speaker 2:

If you want to kind of check out the sort of the more detailed specs on how we do our encryption and sort of the you know everything that we're using, you can go to kibuio. You can check out our white paper on there there's a very detailed white paper on sort of how we're doing everything. I would encourage everyone to look at. But yeah, we're, certainly we are, we believe sort of that. You know the way to be secure is to be open source and to have this thing. You know the way to be secure is to be open source and to have this thing, you know, poked and prodded constantly and make sure that there's nothing that we're missing.

Speaker 1:

Oh, yeah, that's, that's the best way to do it. Yeah, you know, to really get that consensus, you know it builds momentum through that too, because more you too, because more tech people are starting to be like, oh, this project over here can be utilized this way and whatnot. It builds momentum like that. To kind of go all the way back to the very beginning, you mentioned that you had that podcast and you saw that early success and whatnot podcast and you saw that early success and whatnot. And you know, I I can really relate to your experience, right, because you said that your co-host had had to drop out of the podcast and whatnot. And um, you couldn't really keep on going with it.

Speaker 1:

And you know, I started this podcast actually with a co-host, um, and you know, early on he kind of dropped out and I was like, oh man, I don't, I don't know if I can hold a conversation by myself, I don't know if I can do this thing all on my own. And you know, luckily or thankfully, I kept on going with it and I pushed through that uncomfortability, yeah, and now I get to talk to awesome people like you. So, like it's, it's really interesting where life takes you when you don't just give up at the first. You know kind of hiccup or speed bump or whatever, and you just keep on finding a way to keep going.

Speaker 2:

Yeah, man, I appreciate that, and I would also say, like you know, you're, you're a fantastic host and interviewer, so I'm glad that you kept going. Um, but yeah, I, you know, I had this idea almost five years ago and it's it's, it's, it's so funny. This is honestly it's like one of my first public interviews about it, um, but it's something that's, you know, just been in my head for a really long time of like, wow, I like am I dumb? Like this feels really necessary and useful. Like to people like I feel like I need to build this, I have to figure out a way to build this, um, and so, yeah, you know, it's, it's definitely been a very winding road, um, but I'm, I'm really proud of of what we've been able to build thus far.

Speaker 2:

You know, and and, um, you know, get people to believe in us and back us, and and get some amazing technologists to, you know, to help us build it. And, and I'm really excited for where we're going. You know, I think, like we, we, we already are seeing some traction in the enterprise market, you know, with interest in our, in our product, really, like, we're already seeing, yeah, we're already seeing, yeah, we're, we're, we're seeing a lot of positive momentum of like okay, yeah, people, people that are kind of at the top of the security game know that this is a, this is something that will be really useful. And so you know, now it's our job to just continue to build and iterate and deliver, and I'm really excited about what we're doing yeah, it's, uh, it's going to be a fascinating time, you know, also to see how potential attacks like ramp up in different ways.

Speaker 1:

Right, because now we're getting it's.

Speaker 2:

It's constantly like a arms race, a digital arms race it is and, and you know it's, I think it's it's, uh, definitely, you know, I think one of the cool things about our product is that the security holes are humans, and one of the scary things about our product is that the security holes are humans, right, and so I think we'll see both sides of that for sure. We've built it in such a way I think also because quorum is necessary really to do anything make any major decision, like we've kind of built fail-safes into it, right, where even if one person gets pwned like it doesn't compromise the sanctity of the system. And you also can you know if you find out somebody's been compromised, you can, the group can just vote them out of the system, and you also can you know, if you find out somebody's been compromised, the group can just vote them out of the pot, vote them off the island, as it were.

Speaker 1:

Well, I definitely can't wait to get my ads on it. I'm definitely looking forward to that.

Speaker 2:

Awesome man. Yeah, I'll send you an invite to the beta when we get off here.

Speaker 1:

Yeah, that'll be great. Well, Ari, you know, unfortunately we're at the end of our time here, but you know, before I let you go, how about you tell my audience where they can find you if they want to reach out? And you know, connect with you, and where they can find you, know your company and learn more about it dot IO.

Speaker 2:

Um is is where you can check out the website, like I said, our white papers on there. You can also sign up on our website for the private beta. Um, we're starting to send in, send uh invitations out like end of this week. We've we've been testing it, you know, with sort of the first layer of friends and families and team and investors and and advisors and advisors, and we're now just starting to share it out a little bit wider, which has been really exciting. Me personally. I'm on LinkedIn, ari Anderson Anderson with an E, so S-E-N, not S-O-N. I'm on Twitter, ari Anderson. You can follow me there. And, yeah, I'm really grateful, joe, for the opportunity to come on here. I've had the chance to listen to a bunch of episodes, super interesting conversations. I've learned a ton, so I'm just grateful for your time and for whoever's out there listening as well.

Speaker 1:

Awesome, well, thanks. I really appreciate the compliments and I'm glad that you're also enjoying the content that I'm, that I'm putting out and whatnot.

Speaker 2:

Absolutely.

Speaker 1:

Definitely Well. Thanks everyone, I hope you enjoyed this episode.

People on this episode