HID logo and microphone

HID Connects Podcast S2E6 — Artificial Intelligence in Security: Rise of the Machines or “Meh”?

Unless you've been living under a rock, the world of AI, or artificial intelligence, is ablaze with buzz and intrigue. From ChatGPT to predictive analytics and everything in between, almost every industry in the world is grappling with what AI means for them and their future. So in today's episode, we're going to hone in on what AI means to the security industry. 

Joining us to help navigate this new frontier are Ramesh Songukrishnasamy, HID's CTO and SVP of Engineering, and Rob Rowe, VP of the AI and Machine Learning Lab at HID. Together, we’ll answer the question, “AI in security: rise of the machines or just meh?”.

Take a minute to listen below. And while you’re at it, be sure to subscribe to receive future episodes. 

 

Here is a transcript if you’d like to read along:

Matt Winn 
Hello, everyone. Good morning, good afternoon, good evening. Whatever time it is and wherever in the world you may be, my name is Matt Winn, your podcast host and resident secure identities nerd. Welcome to HID Connects.

Unless you've been sleeping under a rock, which doesn't sound like a very comfortable place to sleep, the world of AI or artificial intelligence is ablaze with buzz and intrigue, from ChatGPT to predictive analytics and everything in between. Almost every industry in the world is grappling with what AI means for them and their future. So, in today's episode, we're going to hone in on what AI means to the security industry, including its practical applications and its potential for growth. We'll also talk AI trends and discuss what it means for the people. Yep, the you and me of our industry.

Joining me live in the studio to help navigate this new frontier is Ramesh Songukrishnasamy, HID's CTO and SVP of engineering and joining us virtually is Rob Rowe, vice president of the AI/ML Lab at HID. Very official, both of you. Gentlemen, thank you for taking time out of your very busy schedules to share your brain power. Let's start with introductions, Ramesh. Thanks for joining us. Mind introducing yourself? And tell us a little bit about your important job at HID.

Ramesh Songukrishnasamy
Sure, Matt. I'm the CTO and senior vice president for engineering IT and product management at HID. So my primary responsibilities revolve around, as far as engineering is concerned, mostly driving innovation and that puts me on top of things like new technology developments and yeah, machine learning is one such thing that we identified a couple of years ago as a key technology for HID and we now have the technology lab led by Rob that focuses specifically on ML and it's application.

Matt Winn
Very cool man with the plan. Thanks for joining and Rob, your name dropped. Thanks to you as well for joining us for the discussion. First of all, tell us where you are and tell us a little bit more about yourself as well please.

Rob Rowe
Sure. Well, I'm in my home office up in Washington state. As Ramesh said, I head up the AI/ML laboratory, central lab and in that role I have the opportunity to work with the business areas and the functions throughout HID and throughout ASSA ABLOY, there's a lot of interest and excitement and initiatives underway throughout HID and the broader company. And I have the good fortune that my team and I can get involved with many of them.

Matt Winn
Very cool. And we have the good fortune of having you on the podcast. So again, thank you both for joining us. Alright my friends, now that you know a little bit about our guests, let's dive into today's burning question, which is: "AI in security — rise of the machines or meh?".

First question, let's just put basic definitions on the table. You know, AI means a lot of different things to people, so let's standardize what we're talking about here. Ramesh, I'll start with you. What does AI mean to you? How do you define it and maybe share some basic examples of AI at work?

Ramesh Songukrishnasamy
OK. To me AI is about using advanced computing in data science methods to create a much more natural user interaction with machines and systems and solutions that we offer to our customers. For me the application of AI is what we are more interested in, rather than the science behind creating those large language models, we like to use those large language models to deliver better user experience, better products that help solve customer problems better than anything else available. So that's really what we are focused on.

Matt Winn
Nice. And Rob as the head of the AI/ML lab. Same question to you, and if I might offer a bonus question, can you describe the difference between artificial intelligence and machine learning?

Rob Rowe
Yeah, glad you asked for that. So, I come at it with well over 30 years of working in artificial intelligence, maybe even pushing 40 years. I've seen a lot of different approaches to artificial intelligence. I've been involved in applying it in variety of different capacities.

Starting with the definition makes sense. Artificial intelligence is the broad description of having computers emulate functions and abilities that typically would be prescribed to humans. It's a very, very broad category, you can trace AI back to the 1950s, when it started. Machine learning is a subset of artificial intelligence where you really are training the algorithms or developing the algorithms based on a set of representative data. We collect a large amount of data of whatever kind, whatever the application is, and then we go through a so-called training process to tune and develop the algorithms to give us the kinds of answers we want from the kinds of data that we have.

And coming back to your question, what AI means for me? It really is that it's taking an amorphous, often very large data set where you know an answer lies in there somewhere. But you don't know exactly how to get the answer, and AI or ML specifically is a family of methodologies to pull the goodie out of it, to pull the information out of this amorphous data set. That's what AI and ML means to me.

Matt Winn 
That's probably the best definition I've ever heard, so thank you for simplifying that for my peanut brain. I'm a comms guy, so that's helpful for me. Ramesh, back to you. Let's take that a little bit further internally. At HID from your purview, how is the organization leveraging this type of technology to drive value or anything cool that you want to discuss? How is HID looking at and leveraging AI currently?

Ramesh Songukrishnasamy
Sure. We are looking in two major directions I can say, one is really embedding these advanced AI machine learning capabilities into our products and offerings and that goes to our customer and the 2nd stream is where we apply these techniques in our internal business processes, whether understanding some of our internal business process performance or and some applications like customer service, technical support and those types of processes where we have a huge knowledge base that exists in so many different sources.

So, using these large language models we are able to bring them all together and then make the data easily available for our customer support or technical support staff to respond to customers and eventually make these things readily available to the customer so that they can consume it directly. Those are the two dimensions that we are looking at.

Matt Winn 
Excellent. Thank you for sharing that. And Rob, let's go a little bit deeper. Tell me, what do you see? What are you working on in the lab or anything you can share with us?

Rob Rowe
Sure.

Ramesh Songukrishnasamy
Not those secrets ones, but yes.

Matt Winn
All the secrets.

Rob Rowe
One area that is very, very active, of course, is the application of large language models, which is one type of AI, one type of ML; many people have heard of ChatGPT that Google has just released. What is now known as Gemini, used to be known as Bard, and there are many other large language models that are able to communicate in ways that are very, very similar to humans. We're taking those large language models and applying them across a variety of different applications.

As Ramesh said, one area that's very interesting is developing new user interfaces, where using a device or setting up a device becomes greatly simplified. Being able to just talk to it and tell it what it is you want without going through some complex menu structure.

Another area that's very, very active are chatbots or copilots, so that both internally and externally people can find information much quicker, whether it's a customer who wants to get an answer to a technical question or whether it's a technical support person who wants to give an answer to a customer more efficiently, more effectively.

Chat bots are really, really useful and that's another area of focus.

Matt Winn 
Very nice and Rob I want to stick with you. I'd like to kind of expand out from the walls of HID out into the larger industry. What are you seeing as some of the core ways that the security industry is currently using AI? And I say that because sometimes the security industry is a little bit slower than other industries to adopt this type of technology. So, maybe somewhat biased question.

Rob Rowe
Yeah. I think I would take the opportunity to dispel the bias as you said, umm, you know within the security industry. Biometrics has been an aspect of technology that's been used for many years, decades, and that is perhaps one of the most visible applications of AI. It's a numeric AI or machine learning, but doing facial recognition, doing fingerprint sensing, being able to tell the difference between genuine samples and spoofs.

That is all driven by very, very sophisticated machine learning algorithms. Another area that I think is quite common in the security industry is anomaly detection of various kinds. Being able to detect threats or changes in behavior or in transaction characteristics. That is another manifestation of machine learning. I think those are pillars that we as a security industry can build on and build around. And I see the application of AI and the new types of AI. Again, like language models. Just furthering that, making the user interface more convenient, easier to use, being able to deal with say initial use cases.

If somebody doesn't know how to interact with the security system, being able to have a convenient interface to be able to give them guidance in these kinds of areas. I think the security industry will further adopt and use AI.

Matt Winn 
Very interesting, Ramesh. Same question to you.

Ramesh Songukrishnasamy
Yeah, I would like to expand on what Rob mentioned. So, when it comes to AI people these days particularly jump into large language models thanks to chat. You know, OpenAI, ChatGPT — they became so popular with those use cases. But I think the point that Rob was mentioning, the AI where we create a lot of models based on numerical data and use that to infer what's going on, whether it is inferring certain patterns like facial recognition or fingerprint and that type of stuff and also inferring certain anomalies.

So, like threat detections and behavioral modeling and those types of things which I think would change the way we look at the security landscape, right, instead of constantly looking for all the normal things, now all of a sudden if the edge device has these AI capability, machine learning capability built into it, you would start looking for anomalies, not the regular ones. So, it can change. It's a different paradigm altogether, so that's what I think will happen to the overall adoption of these type of technologies.

And then the second one, the user experience part of the user interface part, there is also another dimension to it, which is localization. So we design products with certain customers language in mind, but then when you translate that into a different language, different region, we simply do language-to-language translation, whereas these large language models are capable of much more than just simple translation. So it would enable you to interact with the product that fits in the in the local custom if you will. So how do you address the product? How do you ask certain things to happen, right. You don't need to think in English and then say it in whatever the local language is. You can simply say whatever you want to say in local language, and then the systems will start responding and that's what I'm really hoping to see happen out of this.

Matt Winn
I mean that just really encapsulates the idea of intelligence as the AI piece, which is very cool. Speaking of cool, and I say this because I'm a giant nerd geek. We recently finished our state of identity trends, reports of which we surveyed over 2,600 end users and partners, and for the first time this year, we talked about artificial intelligence just to kind of get a lay of the land of what the industry might be thinking. What do you think about this statistic? And Rob, I'll start with you, but the survey results from this report showed us that 22% of end users are currently using AI to optimize the accuracy of threat detection and prediction in security programs. So, I guess the initial reaction to the number of 22% as of 2024, the year, and kind of to your previous point, do you see that using AI and threat detection really is that most natural use case for the industry at least at this point in time?

Rob Rowe
Well, I think the 22% sounds reasonable to me and it is a great use case. Absolutely, it's a great use case. AI and security industries are an interesting topic area because it's necessarily a cat and mouse game. You know, as the good guys adopt AI and bring more power to bear on whatever the security infrastructure is that they're focused on, the bad guys invariably have access to similar AI tools. They up their game and then the security folks need to up their game. So, it's a back and forth iterative process, but AI certainly fits extremely well within the security confines for sure.

Matt Winn
And Ramesh, I've got a bonus question for you. I saw you nodding whenever Rob mentioned the cat and mouse game. Anything you want to add on that? Because we have this conversation almost every episode. The attackers do this and then it's just again the cat and mouse game. So, I want to get your perspective on that topic.

Ramesh Songukrishnasamy
That's true with almost any new technology, right? I mean, any new technology brings a lot of opportunities. At the same time, a lot of challenges. So one is, you know, as Rob said, this technology is available to everybody, all the players. The bad actors. The good actors, everybody right? That's the that's the reality of any technology adoption. We need to always keep in mind what are the shortcomings and challenges and build solutions around that. And then it's also an area where the technology is changing quite rapidly. So, it's not that you just develop like a traditional product and then forget it, right? You need to constantly stay on top of it. Keep it updated because security is an evolving thing, I mean, when you launch a product, you test and make sure it's as secure as possible, but tomorrow you're a new threat model, a new threat comes in and then you respond to it. So, this type of thing I expect to happen a lot more when you adapt newer technologies, which is in its early stage of development.

Matt Winn 
Absolutely never a dull moment in our industry, to say the least. But Ramesh, that's a really great segue because anyone who has kind of followed AI even at its highest level has probably heard findings or some disturbing news around potential ethical challenges as it relates to AI. Ramesh, I'll stick with you. How do you see these ethical challenges impacting the security industry specifically and any systems you think that people should be using to prevent everyone's acting in good nature? Ethical AI issues in the security industry, what's your thought here?

Ramesh Songukrishnasamy
I think use of data in a broad sense is an area everyone needs to pay attention to that because at the end of it, AI is built based on large number of data. And that data comes from certain sources and depending on how wide that source, the data can have certain inherent biases towards certain characteristics or certain attributes of what you are looking for. We need to keep that in mind when we use this. I enabled systems for decision-making because, while it's a good tool, we also need to keep in mind that it is built based on data that may not represent the universe, right? That's the thing that we need to really, really stay on top of it. Use it as a guide and then make your own judgment.

Matt Winn 
Very good. Data generated by humans and then interpreted by machines will then reflect the biases of the humans who generated the data. So loud and clear on that, Rob, I think this is a super important topic. So exact same question to you, Rob, ethical challenges in AI as it relates to our industry that we know and love so much.

Rob Rowe
Well, I think building on what Ramesh said, certainly you know ethical use of data. So that data is used for the purpose that people who generate the data intended is very, very important and the biases is where Ramesh mentioned very, very important aspect that relates to all of this is the regulatory environment that recognizes these things and that's very dynamic. It's variable from region to region to region, so I would I would say that regulatory environment complexity is another challenge that we in the security industry have to be able to meet now and in the anticipated future. There's a lot of forecasting in trying to figure out where the regulations are going in different regions that we're interested in for business purposes. It's an added complexity.

Matt Winn 
And Rob, I'm going to carry that on. And this is 100% Rob's opinion. Do you feel as if the AI technology is driving legislation, or do you think legislation would be driving AI technology? Who's in front here?

Rob Rowe
Well, typically and again it's my own opinion, but typically legislation lags technology and as Ramesh said in this space in particular, technology is moving so fast, the regulators across different parts of the world are trying to keep up. It's really, really difficult to anticipate next year's technology.

Ramesh Songukrishnasamy
I want to add one other piece related to that. I mean, not just for the regulatory aspect of it, which is often lagging, but also to our earlier point about ethical aspect of it calls for a very robust data governance in the organization. Because at the end of the day, the source from where we collect the data is important, but also collecting it for certain specific purposes and making that source aware that we are collecting it. With regard to data, we are going to use it, but at the same time you do not know what the possible future use cases are. So you tend to collect more data than what you need for a particular use case in front of you.

But the thing is, how do you ensure that that data is not misused? That's where you're robust governance needs to be put in place. How do we collect the data? How do we maintain the data? How do we discard the data and when things we find some anomalies later, how do we go back and adjust the model so that the model continues to evolve, our ability to go back into our install base and update the models as the new better data sources are available is very, very critical in this case. That's the only way to stay relevant.

Matt Winn
Always be optimizing. Cat and mouse game in that regard too ... speaking of cool, let's branch out a little bit. Let's look at AI in general. And again, I say this as a nerd, but what have you all seen that's cool in AI lately. Rob, have there been any new stories or developments that kind of perked your interest as of late in this world?

Rob Rowe
In two broad areas, yes. I'm very interested in the intersection between AI and business and where large language models can increase productivity and I think it's very, very clear that productivity in many different industries, many different business environments can be enhanced through the use of large language models. The number of or the fraction of the working population that'll be affected by large language models can be debated, but I don't think anyone would debate that's going to affect many people in one way or another. So, I think that's a very interesting area.

The other one that I find fascinating is so-called multi-agent large language models where typically people today interacting with ChatGPT or some other language model would have one-on-one communication with the model. A question & answer back and forth perhaps, but it's basically 2 entities communicating with each other. The language model and the person with multi-agent formulations; you now have a language model that assumes a certain persona, a certain characteristic of another. Directive to a language model to assume a different persona, another one to assume a different persona, and they can each do different aspects of a task. They can interact with each other; they can interact with humans. So now for example, you can have large language models, carry out very complex interactions like negotiations or be able to deal with sales where you know sales move through different stages where you're introducing the particular product and then you know there's a negotiation stage and a closing stage and so on. I think multi-agent systems can be fascinating for what they can do as the technology evolves.

Matt Winn
Fascinating as the operative word. So, Ramesh, what's fascinating you right now? 

Ramesh Songukrishnasamy 
Rob is saying we can all have, like you can have your agent, I can have my agent and then Rob can have his agent … those three agents can have a podcast.

Matt Winn
Yes, they don't need me … kidding. I need to keep a job. I have a mortgage, but what is fascinating you right now in AI?

Ramesh Songukrishnasamy
Recently, I had an opportunity to visit CES and one thing that caught my attention was AI, either before or after something, for example a word, or rigt after that word. AI-based driving, AI-based sleeping solution, AI-based that or AI-based this, it was so fascinating to see that AI got into everything. Maybe in some cases it is overused as you might see with the newer technologies, it's used to hype a little bit, but it was amazing to see that you know there are so many areas people are exploring constantly which is the right thing to happen for a new technology like this.

One of the specific things that got my attention was couple of weeks back when open AI launched the large language model based marketplace. I think that's a very interesting development because what that would enable is people creating domain specific models when using the same large language model, then they train using certain domain-specific information and then create that and then make it available for anybody to build applications. I think that if you think of the traditional app-based marketplace, you know how we kind of take it for granted. If you need something, go to the App Store, so hopefully a couple of years down the line there will be a marketplace that will have large language model for anything you want to solve in the world.

Matt Winn
AI for everyone! Very nice, very nice bright future there. So, half joke minus AI, potentially getting rid of this podcast host, we really do, in the spirit of the name of this podcast, which is HID Connects, we like to also focus on the people who are making up the industry and there may be some concern or maybe a sense of worry in the industry, including your humble podcast host around machines overtaking the people who make up this industry. Rob, you had brought this up briefly in your previous response, but I want to talk to you about that. The general question is as it relates to the security industry, what do you see as the impact of AI on the people in the industry and can you interpret that however you want to interpret it?

Rob Rowe
You know, in terms of the people in the security industry, I don't see a lot that is unique necessarily about the security industry as we talked about, I think everyone will be affected hopefully in many positive ways by AI becoming even more ubiquitous. But you know the only aspect that I can think of, perhaps in the security industry is, the melding of robotics with AI. And now, you have maybe robotic centuries and you have that mobility that you don’t have today. So, that can certainly have security-specific ramifications, but otherwise I think people in our industry are going to be affected in similar ways as many other industries.

Matt Winn
Fair enough, Ramesh more pointed question. Do you believe that with the rise of AI, potential jobs could be lost in the industry? Do you foresee any machines taking over the roles of people? What do you see as the balance in the future? 

Ramesh Songukrishnasamy 
As far as the security industry is concerned?

Matt Winn 
Correct.

Ramesh Songukrishnasamy
I think the security industry is a people intensive industry and it has a lot of interaction with people because after all, you're trying to secure a place, people, or a thing, right? So, there is a lot of dimension where you need to have a constant interaction with people. I don't think it will eliminate people, but it will certainly help people to be more productive and present less chance of errors. And identifying risks upfront before it occurs, right? That's really what I see as a benefit rather than being always reactive after an event has happened. I can help our customer customers to recognize certain patterns that might lead to a crisis down the line. That's really what I say.

Matt Winn
Very good. So, less rise of the machines and more helping from the machines.

Ramesh Songukrishnasamy
Exactly.

Matt Winn 
Very good. I like that. Let's shift gears a little bit and continue on the focus on the future. Again, pulling out my nerd hat with some additional research from our latest trends report, 35% of surveyed end users said that they will be testing or implementing some sort of AI capability in the next three to five years. So, Rob, what do you see for AI in the security industry and in the next three to five years? Look into your crystal ball for us.

Rob Rowe
35% in the next three to five years strikes me as low. I suspect it'll be a greater percentage when all is said and done. Again, I think the security industry, like many industries will have AI permeating internal functions. I think that's clear that that will happen, increasing productivity, increasing throughput and output. I do think what we talked about earlier will also come about, much more natural user interfaces. I think if we look at products throughout the security industry changing parameters and setting up those products sometimes can be challenging. And I think that becomes much less challenging and maybe even enjoyable sometime in that time frame.

Matt Winn 
Very good, Ramesh. Same question to you … three to five years. What's your prediction?

Ramesh Songukrishnasamy
I think it'll be much more than 35% because people are explicitly looking at it. They may not even realize that some of the products that we have today already has those capabilities. So, they may not even notice it. That may be the reason, but I think it'll be much more than 35 percent because it's going to be an integral part of so many things that we interact with in the world, not just in the security perspective, but even otherwise. When it is so pervasive, it'll be if you're not part of it, you will feel left out. For that reason, I really expect that percentage will be very high.

Unless you've been living under a rock, the world of AI, or artificial intelligence, is ablaze with buzz and intrigue. From ChatGPT to predictive analytics and everything in between, almost every industry in the world is grappling with what AI means for them and their future. So in today's episode, we're going to hone in on what AI means to the security industry.

Matt Winn 
Yeah, AI will become ubiquitous, noted. Noted. All right, gentlemen, so we end each episode by asking the question which is the title of the episode and the question for today's episode. Rob we’ll start with you, when it comes to AI and security is the rise of the machines a big deal or just meh?

Rob Rowe
I think it's a big deal. I think things will look different five years from now than they do today. Again, though, I come back to cat and mouse. You know, if we didn't have a situation where the bad guys had access to similar tools, then bringing AI into security systems would both increase convenience and security. But because of the cat and mouse game, it's mitigated by what the bad guys do with it. But however that plays out, I think it will be a different landscape in five years for sure.

Matt Winn 
Alright, Ramesh, Rob said it's a big deal. What camp are you in?

Ramesh Songukrishnasamy
I think it is going to be a big deal, but at the same time, you need to recognize that not everything needs to be super high sensitive applications, right? While this will transform the security industry in a big way and overall context, there will still be things that will continue the way it is because the return on investment may not be that much, right? So until the economic factors scale up to that point, there will always be applications that may not fully leverage this. But overall, it's going to be a big deal that will transform the security industry.

Matt Winn 
Very good, very good. Well, gentlemen, thank you both very much for your insights here. I may chat GPT my next round of podcast episode questions and we'll see how those turn out. But three humans did pretty good for today.

Ramesh Songukrishnasamy
You can use some agents, right?

Matt Winn 
Yeah, exactly 1 to 1 agent. New me. Thank you both. Really appreciate your insights here. Alright, well folks, that brings us to the end of today's podcast. Thank you to our experts again for joining us. Sharing your insights, your expertise. I've been really looking forward to this episode for quite some time now and y'all did not disappoint, so lots of good stuff and listeners. I hope that you understood and appreciated the insights as well.

So as always, of course, an even bigger thanks to you, our listeners, for joining us for today's episode. We really do enjoy creating this podcast and hope that you equally enjoy listening. Of course, we'll be back very soon, with yet another episode covering yet another topic shaping the security and identity industry as we know it.

On that note, to be the first to know when new episodes are published, just subscribe to HID Connects. All you have to do is subscribe wherever you get your podcasts. Spotify, Apple wherever else we are everywhere that you can find this. And while you're subscribing, be sure to rate and review this podcast. You can also subscribe on YouTube. Watch the videos and make sure you follow HID on our social media pages. Of course, in the spirit of connection, this is HID Connects after all. Please do send me your questions and topic ideas for future episodes. All you have to do is drop me a line at [email protected].

So, my friends, until next time, thanks again for listening. May your identities forever be secure.