Exploring Business Performance Management and AI Integration with Craig Schiff
Craig Schiff, founder, president, and CEO of BPM Partners, Inc., joins John Furrier, co-founder and co-CEO of SiliconANGLE Media, Inc., in theCUBE studio at the New York Stock Exchange. Together, they explore the Mixture of Experts series concerning business performance management, emphasizing the importance of a solid data foundation for AI integration in finance.
Schiff shares their expertise on the evolving landscape of business performance management, highlighting how AI transforms budgeting, planning, and forecasting processes. The discussion, hosted by Furrier and theCUBE Research analysts, delves into the role of AI-driven solutions in streamlining financial operations, enhancing productivity, and facilitating efficient decision-making.
Key takeaways from the discussion include the integration of natural language processing for data retrieval, machine learning for predictive forecasting, and the onset of agentic AI, which promises significant productivity improvements. According to Schiff, companies can now automate routine financial processes using AI, leading to enhanced efficiency and potential cost savings.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Mixture of Experts Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Mixture of Experts Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Mixture of Experts Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Mixture of Experts Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Mixture of Experts Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Mixture of Experts Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Mixture of Experts Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Mixture of Experts Series. Signing in with LinkedIn ensures a professional environment.
play_circle_outlineTransforming AI Investments: Emphasizing Inference, ROI, and Enterprise Security through Granular Cryptography and Enhanced Data Protection
replyShare Clip
play_circle_outlineImportance of moving beyond perimeter-based security to data-first architectural principles.
replyShare Clip
play_circle_outlineCollaboration with NVIDIA to enhance security and performance in AI applications.
replyShare Clip
play_circle_outlineAiming to educate the market on the risks associated with unencrypted embeddings.
replyShare Clip
play_circle_outlineRevolutionizing Data Security: How CyborgDB Enables Secure Operations on Encrypted Data with Innovative Vector Storage Technology
In this episode of theCUBE’s Mixture of Experts series, broadcast from the New York Stock Exchange, Nicolas Dupont, chief executive officer of Cyborg, joins theCUBE’s John Furrier to discuss the critical intersection of enterprise AI adoption and data sovereignty. As the industry shifts focus from massive model training to inference-driven ROI, Dupont highlights a glaring security gap in Retrieval-Augmented Generation (RAG) architectures: the vulnerability of vector embeddings. Dupont explains why traditional perimeter security fails in the age of AI and how ...Read more
exploreKeep Exploring
What is the shift in focus regarding AI security and the importance of inference compared to training in the context of enterprise AI investments?add
What is the importance of rethinking security in the context of data architecture and the current technological landscape?add
What was the approach taken to develop encrypted search technology for AI applications?add
What are the risks and considerations associated with vector embeddings in enterprise AI security?add
What are the security implications of using vector databases in enterprise data management?add
>> Welcome back everyone. I'm John Furrier, host of theCUBE here at the New York Stock Exchange CUBE Studios. Of course, we have our Palo Alto Studio connecting Silicon Valley and Wall Street, tech and money creating a Wired network as part of the NYSE Wired program and community. This is our mixture of expert series where we bring experts in that are really pioneering and solving real problems with state-of-the-art technology. Nico Dupont is here, CEO of Cyborg, officially Nicolas, but we call each other, I call you Nico because we hung out at Maui together. Great to see you.
Nicolas Dupont
>> Good to see you too, John, as always.>> People might not know, but you were on the kite surfing trip with Brian Baumann, myself, Bill Tai for Actai Global. You and I were both learning together, so we bonded on the beach.
Nicolas Dupont
>> We got waterboarded together.>> It was fun. I'm intrigued by your company and what you're doing because we had a long, we had multiple chats. You're going after a really interesting market. Obviously I wouldn't say there's a Magic Quadrant yet for it, maybe there is, but it's really in this emerging space of AI, security, encryption, neural networks. It's in this new era where you have a lot of challenges and opportunities around AI-native applications, AI-native infrastructure, or large-scale infrastructure. There's a lot going on and you're taking a, I won't say confidential computing, that's not the right word, but that whole generation being redefined in a new way. Talk about Cyborg, the company. When you started it, what does it do, what are you going after?
Nicolas Dupont
>> Yeah, I mean, you hit it right on the head, John, that there is no magic quadrant for this. It's a very rapidly emerging space that we're operating in. Six months ago, we had no competitors. We've got some coming now, which is->> Validation....
Nicolas Dupont
>> we're breathing a sigh of relief, 100%. But really fundamentally, if you look over the past, call it three years, the center of gravity of AI was all around training. Who had the biggest GPU clusters, who could build the biggest models, frontier capabilities, et cetera. And as a result, the security landscape around AI was focused around training as well. How do you secure model weights? How do you ensure that the model behavior is aligned with the intended goals and purposes, and how do you instill guard rails in the model at training time? But today, we're in a bit of an inflection point where customers and investors are asking to see ROI from their massive AI investments. And the way that you see that is through inference, so we're seeing this shift towards inference everywhere, including in security, fundamentally in enterprise, enterprise AI, whatever brand of AI you're running in order to be able to drive value and get ROI, you need proprietary data. That creates a huge security risk because you're injecting your proprietary data into this non-deterministic box, centralizing it in one place and exposing it to all kinds of attack vulnerabilities that are not accounted for with traditional security systems. We started Cyborg to be able to fundamentally change that through granular cryptography to secure the stack from the ground up.>> All right, so first of all, that was great. I just pulled the string and you go, but I have to ask a weird question. Where did Cyborg come from? I love the name, by the way. The name is phenomenal. I mean surprised that that name hasn't been used all over the place. Where'd the name come from? And that's an awesome name.
Nicolas Dupont
>> I'm a geek and a nerd at heart, so comic books were my best friends as a kid. And yeah, it's a cool name. It's a bit of a misnomer because people think that we're in robotics or something like that. Maybe one day, but for now->> It's definitely a tech name. I mean, cyborg people think Terminator, they've got robotics, Cyborg.
Nicolas Dupont
>> 100%.>> Microsoft was called The Borg at one time, like a cyborg. What's the vision? I mean, when you started, what was the origination seed? I mean, did you wake up one day and say, "Hey," or did you roll into this? Were you doing something else? What was the core kernel of why you going after this? I mean, you're a young gun, you're like, and you're got full all these opportunities. Why this?
Nicolas Dupont
>> Yeah, I mean, I'd started the company Cyborg really in 2017 working on data compression and we pivoted away from that because it's a very difficult market to make any money in. Great optimization problem from a technology perspective, but in terms of->> Fun, in perms of solving problems and geeking out big time.
Nicolas Dupont
>> Exactly. And that was my main motivation for starting a company. But I was very lucky to have incredible backers that were behind me, a set of angel investors that believed in me when I was an 18-year-old kid in 2017 starting this. We took our time to pivot and figure out what was a problem worth solving that was both going to gratify the edge from a technical perspective, but be something that was genuinely transformative for the markets. In late 2019, I started to have a bit of a frustration with a notion of security at the perimeter. It felt like a cop out generally that was failing time and time again.>> I mean, classic perimeter based security.
Nicolas Dupont
>> Exactly.>> Endpoints, or just endpoints is zero trust.
Nicolas Dupont
>> I mean, yes, and there's a number of ways, but when you're defining where it's running as opposed to defining it from a data first architectural principle, you're always going to have blind spots that will evolve and bite you in the behind one day.>> Yeah.
Nicolas Dupont
>> I believe that you needed a fundamental restructuring of how we looked at security away from perimeter and endpoints and defining what the edges to granular data security through cryptography to where each piece of data has an encryption key, is encrypted at all times, including in use to where you're able to evolve it over time of where it's running, how it's running. And today, in the age of AI, there is no more perimeter. Your data is everywhere, all at once and also nowhere, and you need a way to be able to assert sovereignty and control over that data regardless of where it is. And the only way to do that in a reliable manner is through cryptography. With that said, cryptography is great, but it comes with a whole host of constraints. You can't do a lot of operations on data, you can't query it. You can't run inference on encrypted data so that's where we came in to be able to solve a->> Hard problem. That checks the intellectual curiosity, definitely intoxication some call it buzz, which is motivating for you obviously in many. But how do you make that work? Because cryptography always had an old-school overhead notion and you mentioned some of the limitations. What are you guys doing? How do you get around that? What's the secret sauce? What's the approach?
Nicolas Dupont
>> Yeah, 100%. You hit it around the head and it was the challenge, but it was also the opportunity for us because nobody was working on this outside of academia. What we started working on was a scheme for encrypted search specifically because search is the medium through which most applications operate in the first place. And if you're able to search through encrypted data specifically in AI through encrypted vectors and be able to reduce down to a scope that you need to operate on, then you can use plain text for that and just reduce the exposure window. We spent the ensuing five years after this pivot working on the technology filing. We got 16 issued US patents today, we've got several more pending. We built essentially a vector security layer for AI applications for enterprise AI. And that is a drop in proxy that is transparent from an API perspective and largely transparent from a performance perspective thanks to lots of optimizations we did within our team and with our close technical partnership we have with NVIDIA, which we've got a nice big announcement next month about that.>> Well, ironically, we're having our AI Factory series kick off this week. NVIDIA's a big supporter of that. Dell Technologies and AI factories, essentially. NVIDIA has such large scale, and so the horsepower is there.
Nicolas Dupont
>> Yeah.>> So again, this is a dream scenario for you.
Nicolas Dupont
>> Yeah.>> Can you tease a little bit about the NVIDIA relationship or no?
Nicolas Dupont
>> Sure.>> Tease that a little.
Nicolas Dupont
>> They've been doing blueprints on their website that essentially allows enterprises to be able to deploy in a one-click manner, an NVIDIA certified software and hardware stack on their cloud of choice that will be able to scale to the performance needs of enterprise AI. They were focusing on performance for a while because it's NVIDIA obviously, and security's becoming a key requirement there.>> The NIMS are also opening up the ecosystem.
Nicolas Dupont
>> Exactly. So that's where we're in that vein. You're very close to it. I'll leave the rest up to the imagination.>> I'll connect the dots, don't worry, I'll get it out of you. And then my next series of questions. It's like an interrogation here, Nico.
Nicolas Dupont
>> Yeah.>> But no, I don't want to reveal because I'll let you save the announcement. But this is a major force because as I commented at GTC, NVIDIA's, actually I love the KV cache announcement. I was enamored by that layer, but they have a two-sided business model. They got the supply chain nailed down, very transparent with the roadmap, Jensen's always talking about that, but the other side of their marketplace is the ecosystem. They are for the first time really intentionally building an ecosystem. The NVIDIA of old was like they didn't really need to talk to anyone else. They did. I mean, when I say, I mean other, they talked to their suppliers and whatnot, but they were in gaming, they were in hardware, they had their OEMs, they had their partners, but we're talking about the software ecosystem. ISVs, value-added resellers, entrepreneurs. And now at GTC, this ecosystem is lighting up because they know the next wave is enterprise AI. They've got to run the table on the hyperscales and neoclouds, and then come into the enterprise, but the game's not locked and loaded yet because they got to get the NIMS and that these blueprints nailed down.
Nicolas Dupont
>> But I've got to say, we are a very small company. We're 10 people, and NVIDIA has been a fantastic partner to us. Despite being the 800 pound gorilla in the room, they're extremely nimble, and from a software perspective, they're living five years in the future and they're able to make bets and see the writing on the wall where other companies can't. And so whether it be their developer relations team, their different product teams, the teams we've been working on the blueprint, they've been absolutely fantastic partner and transformative for an organization.>> And they're technical too, so they had the chops.
Nicolas Dupont
>> 100%.>> All right, so I want to talk about one of the best use cases in the enterprise. And I love it because we built our own system, RAG, retrieval augmented generation. It is the best use case because it's gettable and attainable. People are doing it because the system's now with NIMS, now with NVIDIA and just other vector embed databases, vector embeddings and vector databases, you can actually index all your content with mass, which is a beautiful thing that changes the search paradigm. Okay, great. That's obviously scaling up, Glean's out there. Mongo's got a new one, S3's got vectors on.
Nicolas Dupont
>> Yeah, for cold storage.>> For cold storage.
Nicolas Dupont
>> Exactly.>> It is the standard, everyone loves it. It's neural network format basically is what I call it. Maybe a little bit of a stretch there, but that is neural network in my mind. Everyone loves it. You told me at a dinner a couple of weeks ago that stuff's not encrypted, that is exposed and people think, I want you to explain this. Talk about, and by the way, this is a massively growing area. Glean's blowing their numbers out of the water and that's all they do basically. That's not all they do, but you know what I'm saying. That's a killer company.
Nicolas Dupont
>> Yeah, no->> What about vector embeds? It's going to grow. What do you do differently? What's your cautionary tale? What's the ideal solution?
Nicolas Dupont
>> I love this question. You should ask this question every day, John, because this is super important. This is the most underrated risk in enterprise AI security as a whole. I'm sure you're familiar with OWASP. They came out with their top 10 LLM risks, and for the first time this year, number eight on there was vector embedding vulnerabilities. So like you mentioned, vector embeddings are this neural network language. They are essentially the lingua franca of transformer models, and they enable these really intelligent semantic retrieval applications that are to quote Jensen Huang, the killer app of the enterprise RAG. That is, and it's fantastic. But like I mentioned I alluded to earlier, for enterprise RAG to be able to be valuable for an organization, it needs to operate on your organization's private data. So you take this private data that was previously siloed across finance, HR->> Call centers, sales data, all.
Nicolas Dupont
>> Engineering. You centralize it into a vector databases, into a vector database or a set of vector databases. You create vector embeddings from them and you store it there. And now you're able to let the agent or the RAG framework intelligently route user queries to be able to find the relevant data and feed it as context intelligently to the LLM to be able to answer the query or to be able to take an action in the case of an agentic workflow. It's fantastic. It's a great paradigm. The big problem there is that it's really twofold. Firstly, you've got a big mischaracterization or a common fallacy that vector embeddings are like one-way hashes or they are transformations or they're encryption of the data. They are not vector embedding.>> It's just math.
Nicolas Dupont
>> It's just math, exactly. And because it's math, it is invertible. So you can take a vector embedding, you can take a text, you can take audio, you can take a picture of somebody's face, create a vector embedding, and you can invert it with pretty high accuracy pretty trivially. We did a demo of this at a conference last month. I'm going to open a cell conference in two weeks and presenting another one on another vector database so it's the first risk. These things are as sensitive as the original data they represent.>> It's like clean text.
Nicolas Dupont
>> Exactly. It is like plain text. And the second problem is that vector databases are comically under-equipped to be able to deal with a security vulnerability, this posing->> Explain that.
Nicolas Dupont
>> Because most vector databases don't roll their own encryption in the first place. They delegate it to the OS layer or whatever. So if you have any access to the vector database, you're toast. Secondly, the ones that do it's encrypted at rest and in transit, but it's not encrypted in use. And thirdly, if you have an API key exposure, which everybody does, from Microsoft to Google all the way to all the startups, they commit an API key to their Git repo and boom, it's made public, you're able to extract the vector embeddings from the database like that. And then now you have the vector embeddings, you have the original data. And now as an attacker who's even slightly motivated, who wants to get a cross-section of an enterprise's entire data? I go for the vector database and that's the huge problem. That's what we're working to solve so we've built a drop in proxy that sits between your agent or your AI application, drop in from an API perspective, it integrates with your key management service if you have one, or we can help you roll one out if you don't. And it sits in front of a standard backing store like Postgres, like Redis, like object stores like S3. It transforms that into an encrypted vector store where all the vector embeddings are encrypted at all times, including in use until you're ready to feed it as context, the LLM. We have two real points that we're trying to make. Number one, you need security for your vector database. Number two, you don't need a vector database. You go on r/rag on Reddit, everybody's saying use pgvector for Postgres. We're saying the same thing, but instead of using pgvector, use CyborgDB, put it in front of Postgres. You get the same performance, you get better security.>> So that sounds like that product market fit there. So are you leaning in? Is this your lead product right now?
Nicolas Dupont
>> 100%. I mean, the writing is on the wall in terms of the security vulnerability. We're going to see breaches, and we're trying to spread the word before we do because we're in a weird place where we obviously don't want anybody to get breached, but it's going to accelerate our->> Yeah, I mean as a company, it's got 10 people in it. You want to get a beachhead.
Nicolas Dupont
>> Exactly.>> This is a layup.
Nicolas Dupont
>> Yeah, exactly->> Not a layup. But for you guys, you're ready to take it down.
Nicolas Dupont
>> And we're grateful to have people like you helping us spread the word.>> Well, I'm just curious. That's why. And we have our own vector embedders, vector database, so maybe we'll do a little trade, maybe help us. They're going to suck all our data out.
Nicolas Dupont
>> We'll talk right after this.>> And thank God no one's using it so it's good, except us. All right, so you have a really viable market with RAG right now in the enterprise?
Nicolas Dupont
>> Yeah, RAG, agentic RAG, whatever you want to call it. There's a certain, in the adoption curve of Gartner, we're in the trough disillusionment with RAG right now. Everybody's saying->> Really?
Nicolas Dupont
>> Yeah, if you go anywhere inside of the technical circles, people are saying like, "Oh, RAG is dead, context windows are bigger now, you don't need RAG," or now it's GraphRAG or whatever. At the end of the day, it's all the same. You are trying to feed the model with data that it did not have at training time. Whether you're feeding it with a vector database or a graph database or with something else, the paradigm is the same, the technical details are changed, but the security risk is always the same.>> I don't get why they're shitting on RAG like that because why would they do that? I mean, is it just because it's been overhyped in their mind or is it more security? I can see the security thing that's worth calling out, but I don't see RAG slowing down. I think it's going to get bigger.
Nicolas Dupont
>> I agree. That's in that adoption curve. It's more of the level of excitement because people think that RAG is just vectorize your data.>> They think it's trivial.
Nicolas Dupont
>> It's trivial. But actually, try to make a performant RAG application at scale, it's very difficult.>> That's 3D word.
Nicolas Dupont
>> Great companies that can do that. But also making it secure is next to impossible. That's what we're here to solve. We don't want to make a more performant RAG because there are a million engineers working on this, very talented people that have the capability to do it, and there's companies like NVIDIA that are creating reference architectures for it. We want to make all of them.>> Well, you got a white space in a massively growing market so a nice shim layer between, so explain how this proxy drops in. You mentioned you drop in a proxy. Explain that. Is it a piece of code?
Nicolas Dupont
>> Yeah.>> Is it a hardware box? I'm just trying to understand or is it just calling a managed service? What is that proxy?
Nicolas Dupont
>> Yeah, so great question. It's a process initially built in C++. It's C++ and CUDA. C++ and some CUDA driver code for GPU acceleration. They can run on CPU U or CPU plus GPU for acceleration, and it's essentially a Docker image or a Python module that you install. You launch it, you can put in Kubernetes and you point your application that is, let's say you're doing, you have a RAG application that's using a vector database, Qdrant, Chroma, Pinecone, et cetera. Instead of pointing it to those with your orchestration layer directly, you point it to CyborgDB. The API is largely the same with the exception, now, you also inject an encryption key because it's explicit cryptography on this, and then store your data up certain into it and then query it the same way and it's entirely transparent to you from a code level. All of the cryptography is behind the scenes. And when it's time to be able to do a query and to be able to feed context to the LLM, we can just decrypt the top K. You might have a billion items in your collection. You want the top 10. We find the top 10 without decryption and then decrypt the last 10 to be able to feed them to the LLM.>> And so from a developer standpoint, there's no disruption?
Nicolas Dupont
>> No, exactly. And then from an infrastructure you are dropping in an additional Docker image. There is that additional container. But we are not a vector database in the sense that we don't store directly. We plug into whatever backend you want, Postgres, Redis.>> And Docker image is trivial.
Nicolas Dupont
>> Exactly.>> It's not a major disruption.
Nicolas Dupont
>> Exactly.>> It is something to be configured though, that thing.
Nicolas Dupont
>> Yeah. And so it means that you don't have additional infrastructure to maintain. The proxy is entirely stateless because it's running on Docker and it's not storing anything directly. You can have one, you can have a hundred of them running for load balancing and availability, but we delegate all of the resiliency and strong consistency, data backup and recovery to your database's choice. So you're a Postgres shop, great, you can be happy. You're an RDS shop, likewise.>> All right, so you got a great eye on the prize on beachhead with this great use case. What's the strategy? You have enough cash, are you raising money? You hiring? If so, what kind of talent you looking for? I'm going to plug-in for what you're working on, give us some updates.
Nicolas Dupont
>> Customers is first and foremost, and so we are selling to both AI developers as well as security teams, oftentimes both. And we're very lucky to be working with a number of AI native startups that have been fantastic partners. And we're doing a push to mid-market enterprise because the security risks there and the targets are much bigger and therefore the opportunity is larger.>> So if you're talking about business deals, let's take NetApp for instance, or VMware, Broadcom, they've got private cloud at VMware, they're going all in on this direction that you're doing. NetApp makes storage, if you've got VAST, DDN, there's network fabrics. Who's your ideal partner to partner with and why?
Nicolas Dupont
>> I mean, there's a couple answers there. I mean in terms of partners, definitely storage OEMs. The NVIDIA has got their AI data platform play that with the announcement next month we're going to start trying to do some work around that. So some of the ones you mentioned, the storage OEMs are definitely, would be great partners. And then in terms of end users for this type of application, it's really enterprises and regulated sectors are prime candidates. You think banks, insurance, healthcare, health insurance, information exchanges, as well as a typical Fortune 500 type companies that have a big security play. Retail is not a regulated industry in a traditional sense, but Walmart has a huge security team. We'll take all those conversations and we're working towards that, and we're also raising a, plan to raise our series A in Q1. So John, we'll have a little friends and family before->> Yeah, I'll write a check. We'll get some seed money in there. Actually, Series A, we missed the seed round. Nico, great to see you, congratulations. I love what you're working on. I think everyone's been launching their vector databases. It's been like I can see how people can throw it into the, well, everyone's Johnny-come-lately, but it is going to be a key part. Vector embedding is the language of AI.
Nicolas Dupont
>> That's right. You don't need a vector database and you need to secure your embeddings. You need CyborgDB with whatever database you're using.>> All right, last word there. I'm John Furrier, doing our part. We're embedding all the content on the internet with theCUBE, doing our part. Thanks for watching.
