Inside the Dark Web, AI and Cybersecurity with Christopher Ahlberg CEO of Recorded Future

You're listening to Gradient Dissent, a show about making machine learning work in the real world, and I'm your host, Lucas B. Wald. Christopher Allberg is an old friend and the CEO and founder of Recorded Future, an AI cybersecurity startup that was founded in 2009 and sold recently to MasterCard for $2.65 billion. dollars. Previously, he was the founder of Spotfire, an information visualization startup. And we talk about AI applied to cyber threats, war in Ukraine, and compare notes on being two-time founders. I hope you enjoy this one. All right. So, Christopher, welcome to Grady Descent. Great to see you, Lucas. Thank you for having me. So you're like my favorite kind of guest, which is someone who's taking AI and applying it to an important domain that I don't understand super well. So I think for our audience, you're going to have to tell us about your company recorded future and the problems that you solve. So maybe we could start with that. Yeah, no, for sure. You know, you could sort of, I wouldn't use this description widely, but in this context, maybe you could say that we're doing, you know, AI for intelligence or intelligence for AI, if you want. We're an intelligence company, Threat Intelligence. We try to get our hands on everything bad that's going on in the world, but maybe more importantly in the sort of the Internet world. I like to say that there is sort of this opportunity that came along to think about the Internet as an incredible intelligence sensor. That happened at the same time as the world have sort of slowly migrated onto the Internet. and as that migration is happening, it's sort of going to the point where actually the world is actually becoming a reflection of the internet, crazily enough. And so in that, we've done hard work over the last 10, 15 years to try to organize this data, collect it. You can imagine all kinds of crazy data. We've had to use a lot of, you know, call it machine learning, big data, analytics, now AI, pick your favorite words to sort of make sense out of a lot of data. A lot of that stuff got started in natural language and processing, these sort of things, but then all kinds of other data. And in the endgame, it's all about producing great insights. These could be insights about geopolitics. They could be insights about cyber threats. That's sort of where our main stuff is. It could be insights that support a warfighter. It could be insights of all kinds, but all in this sort of bad news domain and the threat intel domain. And we built a good business there. Sometimes I summarize it by saying it's sort of the Bloomberg for intelligence. And so I'm sure that, like a lot of our guests, maybe the most interesting things that you've done, you can't say. But is there any particular insight that you pulled out that you're proud of that you can talk about? Yeah, you know, through the years, there's been wild things. You know, going back to in 2016, when the election stuff sort of was the first time around sort of thing. And we found some Russian dude who was selling access to the Electoral Access Commission or electrical, yeah, whatever it's called. You know, incredible stuff. That was probably the first sort of that moment where you're just like, wow. And can you talk about how did you figure that out? That's amazing. Like, how does that work? In that case, it's this sort of wonderful dark web world where that back then was in these forums that still exist. A lot of that has now moved on to Telegram, if you want. That's sort of where a lot of the bad news of the world now happens. But some guy there had broken into this thing called Electoral Assistance Commission, EAC, and he had hacked it in good ways using a SQL inject, extracted a whole bunch of information, but maybe more importantly, he went back out and said, I'm selling access to this. Who wants to get the access? And we found it before somebody else and actually bought the access, crazily enough. Really? Yeah. Wow. And took custody of it and then went back to the government and said, you may want to make this thing go away. And, yeah, it was a little bit of a wild thing. I remember when this guy, a colleague, fantastic colleague, Andre, calls me in the middle of the night and just says, you know, something not so great is going on. What should we do? And a long time ago, but good story. Okay. You're like instantly pulling me off my script, which I've been trying to stay a little more on script, but I can't help myself. Like, what is the dark web? Like, is this like forums that people log into? Is this like on tour? Like, what actually is that? It is, you know, like, and it's a portion just to be clear about. And it's changed recently. We can come back to this and talk about Telegram. But no, this stuff is still there. There are these forums. And it turns out that if you're in the business of buying and selling information, you need a place to buy and sell it. You can't just sit on it. Then you're not going to make much money. And these guys have the only interest really is in making money, different from spies and government spies. But these guys, they want to make money, so they need places to buy and sell. And some of these forums were put up in the early 2000s. Mazda and Explore.in, they have these wonderful names. Some of them still exist 20 years later, 25 years later, crazy enough. So they are, most of them are on tour. Some of them are not. And they're sort of essentially marketplaces, and we keep a close eye on them, if we put it that way. So today, right now, somebody, as of an hour ago or a couple hours ago, was selling access to a particular, I'll just call it big software company, servers. And it's crazy, creating havoc right now, right this moment. And we got our hands on all this data. We're trying to upload it into our system, generating alerts to all the clients. This stuff is never ending. So literally right now, someone's selling access to a company's servers? Many of them, yeah. It's software that is installed. Because something is going on in real time, I'll leave it sort of a little bit fuzzy. But it's a big prominent software company, and they're selling access to this, yeah. And who would typically buy it? Do you pretend to be someone that wants to buy it to learn more? Like, who even would want that access? It can be. You know, so typically these guys will sell access. That's one thing. And, you know, if you think about the guys who want to buy access, it could obviously be somebody who wants to get after something very special. But what happens in this world is that it's very specialized. You have people who go get access. You have people who sell access. You have people who will then, for example, sell ransomware software or rent access to ransomware software. You have people who help you execute the ransomware. You have people who then handle the actual Bitcoin flows all the way to MoneyMule. It's a highly specialized world of criminals there because they are criminals. A large portion of them are in Russia, not all of them. And in this case, it's probably somebody who has realized that he can sell access to all these different places that opens up all kinds of opportunities for ransomware. I'm sort of guessing in this case since it's happening in real time, but it's a pretty interesting world. It's an interesting world, I guess, but I'm totally not aware of this. So, like, who would want to buy this data? Is that other criminals or is that, like, states? Other criminals. I see. Other criminals. Probably the ransomware actors. So, there is a whole slew of these ransomware actors. There's guys who write and operate ransomware software. They then franchise out the use of this ransomware software to other actors, and they'll use it, execute, And in return for holding on to, say, 80% of whatever money they get on the ransomware transaction, the operator gets the other 20%. And it becomes one of the best business models ever operated on planet Earth. And presumably, if someone's selling something illegal, they want to make sure they're selling it to a criminal and not you. And presumably, they're worried about selling it to you. So how do you convince them that you're not going to turn them in or something like that? So, you know, that's our job. Okay. I love it. All right. Is there any AI involved in that? Or is that, that seems like it's a different. There's AI in, because it turns out that these, I wouldn't call it big data, big forums, but they're tricky. You had, they might be locked down in all kinds of different ways. So you need a lot of tradecraft to get in. And it's a combination of human social engineering and smart scraping, if you want, that has, you know, there could be six layers of access to some of these places. So, like, pretty complicated sort of thing. So, it's a combination. I wouldn't necessarily call it AI. But then at the same time, these scrapers need to operate in human-like behaviors. So, I like to joke that they sort of might actually pass a very limited Turing test because they need to sort of operate as if I'm a cybercriminal. I don't know. Is that a Turing test? I guess it's one kind of Turing test. But so is it AI? Yeah, you know, it's all by whose definition you go with. But yeah, I guess it is. Yeah. Yeah, I guess there's a human looking at it. It's for sure a Turing test. Yeah, no, no. So artificial criminal behavior. So I guess that's, you know, that's a Turing test of just a special kind. Okay, well, kind of getting back on script, and I'm sure we're going to come back to this. One of the things that we have in common is that we're both repeat entrepreneurs. And you actually founded Spotfire back in, I think, 1996 and sold it 11 years later. And then you found Recorded Future a little bit after that. And I was wondering if you could go back in time to when you started Recorded Future and what you were thinking at that moment and what the insight was that led you to start Recorded Future. Yeah, that's a great question. So Spotfire was data visualization. We started that, I'm aging myself here, but in the early 90s, working for my PhD on how to visualize large data sets and kind of a predecessor to Palantir and a whole bunch of other sort of things. Not to make any claims, but we were the first by means because we're not. But we did a nice job with certain kinds of data. So then we had sold that to a company in Palo Alto called Tipco. Worked out great. And we're very excited about that. But then the idea struck me that that was sort of all about visualizing what was in an Oracle database or an Excel spreadsheet or what have you, that sort of data. And so it sort of struck me. I was on the treadmill running and literally while we had signed the deal to SalesBotfire, but we hadn't closed yet. So it was like in this weird in-between timing. And it struck me that, oh, I wonder if we, instead of thinking about analyzing what's in an Excel spreadsheet, what about if I could hook up an analytical engine straight to the internet? So, you know, use that sort of approach to things. And now the internet is, at the surface level at least, is mostly human-produced text. So now you had to deal with, look at entities and events and these sort of things out of text and try to make sense out of that and organize it in a way that you could do analysis. And yeah, that was sort of the inspiration. That's how we got into it. Interesting. And the name Recorded Futures is super evocative. Did that come to you from the start? No, not maybe immediately. It was one of my co-founders here, Eric, a very clever guy. And the idea from the beginning sort of was this idea that we would find these future time points in text, you know, like Xi Jinping is traveling to Moscow on Friday. And if you could actually keep tabs of everything that's known in the world from all the sources, we should get a good picture of where Xi Jinping is. He's an extreme example. And so, and from the beginning, Eric suggested we should call it, I guess, recorded time, I guess in one of the Shakespeare Macbeth until the end of recorded time was sort of that thing Then of course the domain name recorded time was taken and it became recorded future which was probably a better name to begin with But so, yeah. And it fits well with the idea that, you know, most secrets are known. Most secrets are just got to get to where they are. And let's get to all of them. It's interesting. You know, it seems like a little bit of an entrepreneurial anti-pattern here of like, It doesn't sound like you're really starting with a specific customer pain port and working backwards. It sounds like you kind of started with your sort of interests. Was it obvious that intelligence was going to be a big customer of this? Because it does seem like, as broadly as you would find it, almost any organization would benefit from this kind of analysis. Totally. And that's probably my weakness, but maybe it's also a decent strength. So Spotfire started as we could visualize any data set. In that case, we stumbled onto visualizing and analyzing pharmaceutical discovery data, very super high-end, super valuable application, and it worked out great. Then in that, we actually ended up doing a lot of counterterrorism work in the sort of CT space in intelligence. And I've always loved that world, and we've done a lot of good work in that. So when we started Recorder Future, to your point, we knew that there was an application in this sort of strategic foresight or whatever. It turns out that we ended up in the cyber world with it. But no, it's certainly more of inventing a big-ass hammer and trying to figure out where you could apply it rather than the other way around. But isn't that how a lot of good stuff comes up? I don't know what you would say. I think a lot of good ideas come that way. Well, look, I mean, you've been incredibly successful. So I think people's strengths and weaknesses are often always connected. I'm just curious about your process. Like, you know, when you started this company, did you have like a big list of possible use cases and you kind of ran down the list talking to people? Or how did you how long did it take you to kind of get to these like specific use cases? And how did you approach that? We sort of knew that there was something in intelligence for sure. We also thought about commercial intelligence and sales intelligence and lots of other sort of things, you know, for sure. And there's people who build similar type companies in lots of different spaces. We had a long list. I think I still have those, whatever you want to call them, presentations. You can imagine the first venture presentations. Yeah, yeah. We quickly went to In-Q-Tel and Google Ventures. They barely existed at the time, but ended up taking money from In-Q-Tel and Google Ventures back in 2008, 2009 or something like that. And sort of honed in on this Intel thing pretty early. But could have gone many other places too, for sure. So one question that I always get asked that I feel like I never have a good answer to, but I think I'm going to turn around to you and ask it to you is you've now done these two companies and you've done both for quite a long period of time. What did you do differently in your second company? Like what did you take away as a second time entrepreneur? Oh, that's the sort of Peter Thiel question. It sounds like, you know, like that. I only bring that one up because literally every podcast I do, I always get asked that question and I never know what to say. So I think maybe you'll have a better response than me. If I started with the bad side, you know, so with the first company, it took us a little time and we stumbled on. We started very generally and then we focused on pharmaceutical discovery and killed it in that domain and then worked from there. That domain ended up being fairly limited and probably limited the outcome of the company at some level. we sold that for 195 million. Nothing to sneeze at, but, you know. Congratulations, man. No, no, but these days people are like, yeah, yeah, yeah. To put it in terms like now, that would be like a $5 billion exit in 2025 just for the younger listeners. Man, man. It's just like, I'm just thinking about it. So then here, I think we, like the failure point, we thought we could do multiple application errors. We, for multiple years, ran an intelligence track and a quant trading track to create quant trading signals. And we had a Sirius C investor came on board and he, you know, you shouldn't listen too much to your board. But this one guy, he just said, kill that. And I'm like, you're actually right. We should just kill it. And we killed it. And that was a great sort of like freed us and we could just run. And it is sort of already started weathering a little bit. But so that was certainly that we got, what do you call it when you think too big or, you know, like we thought too highly of ourselves. In terms of what we did differently that was better, you know, we probably picked a bigger problem. That was great. This cyber intelligence turned out that we ended up sort of riding a massive wave. This investment in cybersecurity that I've sort of gone through the last 10, 15 years has been incredible. And even though we certainly dissolve a subset of it, by riding a big wave, you can make a lot of mistakes. You've seen that in AI also. The wave is big enough. It allows for a lot of mistakes. Maybe also, no, that would probably be the answer to that. I'm sure there's more. No, actually, a great segment to my next question, which is that you've been in this massive wave of not just cybersecurity, but the application of ML and AI throughout your 15-year arc in recorded feature. And I'm really curious how the availability of data and the new applications of ML and AI changed recorded features business over the time that you operated it. That's good. So there are sort of two aspects of that. One is the data, and then there's like what you now can do with data here. So we started off with, you know, the stuff that we called AI in 08, 09, 10 sort of thing. We wrote our first entity extractors and event extractors with like lots of if-then-else, just stacks of if-then-else statements sort of thing. We also wrote a lot of good test cases to test whether it was right or wrong. Does this text lead to this, that sort of thing. though obviously ridiculous from a point of view of like what people are doing now and we've probably gone through three generations even for those entity extractors and we use some commercial stuff now we sort of own all that internally and it's been a great journey with that and now that's all based on these sort of models as you could expect and and the availability of data for sure have sort of helped through that we used to have entity extractors for for each language now that that is one coherent model that sort of spans i don't know 15 30 languages and it's amazing how it cross learns between languages that are not in not just inside into european languages but it's like cross languages sort of bananas that this stuff even works it's like it's mimicking human brain somewhere somewhere there is something wild going on in that and and so so So that's sort of super interesting. The other big piece, probably sort of could spend a lot of time on this, but is how that was one thing to do feature extraction if you want, or like, yeah, feature extraction, data extraction out of content. Now with all this generative stuff, you could obviously... So in intelligence, there are sort of two aspects to it. You think about if you run fancy intelligence agency, you've got the collectors, the James Bonds running around in the world, and then you've got the analysts who are sort of putting stuff together. The collection part is sort of what I first described. The second part of writing to, you know, everything from the simple. Summarize what happened in Somalia last week to what are the second order implications of what happened in Somalia last week. You know, like so from basic questions to more advanced. Or summarize the second order implications of what happened in Somalia and get a report written in Arabic that I can share with my partner in Egypt about that. Those are like pretty juicy, heavy questions. And by the way, do that every week for me and deliver it to me at 8 a.m. You know, now you've taken a fair amount of work and stacked up there. Now, and we do that. And it just happens. It's sort of mind-boggling, isn't it? So if somebody would have told me that five years ago, I would not have believed it. It was maybe, maybe three years ago. But it's pretty mind-boggling that this works. And it works with a mix of text and images. And actually, we collect a lot of other weird data, sort of more net flow data, malware data, very technical data. We spend a lot of time on how to wrap that in human language so the LLMs can handle that sort of data too. And even there, it works. So, you know, I fall off the chair here. And, you know, like maybe that's because I'm dumb, too dumb to understand it. but it's pretty mind-boggling. I totally agree for what it's worth. Actually, I wanted to ask you, when ChatGPT came out, I think it was two or three years ago, was that like the same watershed moment in the Intel community that it was here at Silicon Valley, or did it take longer for people to realize the implications? I think, you know, so first, even inside Recruiter Future, it took me just like, I remember I was sort of debating with, you know, my co-founder, Stefan Treve about sort of like, you know, are we coming to AI sort of yet another AI winter or is it about to take off? And I'm like, ah, it feels like it's done. That was Christopher comments and Stefan is like, it's going to take off, buddy. And I'm like, he was, of course, very right and I was very wrong. And so to begin with, but then I think there were people in DC who ran with this very cool, in a very cool ways. I don't want to talk about them, put names to things and so on, But there are areas in there where people have been extremely forward-leaning and built incredible stuff. And we've had the good chance to spend time with those people. If they listen now, they'll know who I'm talking about. And we do comparison of notes on what we're doing, what they're doing. And, you know, sometimes their benefit is if they have access to very special data, we have access to the internet in a way that we think maybe other people don't. And we try to collaborate on some of that. But no, I would say in general, the government is never the best at taking advantage of new tech. Well, not never. That's not true. Because sometimes they put crazy satellites in the sky and stuff. But in general, not always the best adopter of tech. But in this case, some parts of the government was pretty amazing. Okay. Another big moment that I think happened around the same time as GPT was the invasion of Ukraine. And I know that recorded feature is this important moment for recorded feature. Could you kind of take me back to that moment inside of recorded feature and what you were doing and how you responded? Yeah. So I would say a couple of different things. They were a customer from before in some areas. And, you know, we have probably 47 different countries around the world that use us in some sort of national capability. and all sort of in the West plus plus or the extended West are sort of a weird way of describing the world, especially with those who live in the East. But, you know, it's sort of got to explain it in one way or the other. So in that world, 47 countries and Ukraine was one of them. But so when the invasion happened, we did not approve of that. So we said, let's help out. And we provided our technology and it's been deployed nicely in a number of places over there. It has been very good for them, I think. You can find a lot of good, I'll leave it to you to find the good proof points that they've been willing to talk about. Very, very specific such. Well, wait, why don't you tell us about the proof points? I would love to hear about them. It a lot to brag on this And you have to be careful with this and that But there are some very specific examples where we been able to So because part of this is that when something is like so think about when a spy tries to, again, we talk about the criminals who can be pretty brutal. Well, not brutal. Of course, they're brutal, but pretty non-subtle. They're like just, they want to go make money. Many cases, they don't really care about whether they burn something, whether they create havoc, as long as they make money. and they don't necessarily think the longest term. A spy, it doesn't matter if it's a Russian spy or a Chinese spy or frankly our own spies, if they want to go get access to information, for example, they are willing to take, you know, if the policy is that we should know what's in Putin's diary or in Xi Jinping's travel records or the other way around, one is willing to spend any number of years to get to that information and you have to be very subtle about it. So if you assume that Russian spies or Chinese spies or anybody who's trying to come out in Ukraine are trying to do that, they'll be very careful, very subtle and so on. So what it turns out then, or for that sake, when somebody wants to come and destroy something in the world of computers, when they do that, they sort of become a gigantic honeypot, if you think about it. It's like just everything shows up there. So when we deployed Recorder Future across a whole bunch of places there, we ended up also learning a ton. So you sort of get in the way of the absolutely most modern malware of various sorts and all the other stuff that comes around that. And so any number of times we've been able to sort of detect incredible things and then be able to have that data flow into all our other customers in a way so that they can be defended against the same. So it ends up being sort of a, I don't know, probably not a popular analogy, but virtual iron dome type of thing that, you know, that this turns into. And it's a pretty incredible sort of outcome out of that. And yeah, continues well to this day. Interesting. One question that comes to mind for me there is, is it ever tricky to decide what governments to work with and not work with? I mean, running Weights and Biases, I've been kind of surprised by how many different customers we have where employees might object. And then I think, okay, it's really not my expertise to figure out who the good guys and the bad guys are, But, you know, we're not exactly at the same level that you are. I mean, it kind of is your job maybe to figure out who the good guys and bad guys are. And it's actually like probably pretty complicated. Like once you really start digging in, like how do you approach that? Like if a new government wanted to work with you, do you have some kind of like flow chart that decides if they're on our team or not? Yeah. And how does that work? So, you know, as you can imagine, it's not something we necessarily publish, but I just say some general principles. But you're right. First of all, it is our job to be able to make those sort of judgments. And you have to make choices and no such choices will be perfect. And it's not like we can claim to have the most, we're software dudes. We're not necessarily, we're software people. We're not necessarily moral philosophers just to be, not overstate our own abilities. But, you know, we chose to not have customers in China and Russia and Iran and North Korea. That was sort of an easy choice. There are countries that US law and European law, same countries to some degree, but also places like Cuba and Sudan. There's six, seven countries, Syria, that you actually go straight to prison if you sell them stuff. So that makes it pretty easy. That's easy. I agree. Those are the easy ones. Then you have maybe other places that are more tricky. And there I'm not going to start naming, but we made choices where there's a number of countries. we just stay away from. And then as well as companies, there's a number of countries, oh, sorry, companies that, for example, you know, engage in illicit hacking behavior that we stay away from. So there we call it an audit list, call it whatever. You don't publish that. But, and then there's the companies that help out some of these things and so on. So there's a, we have a process maybe, and it is a flow chart. It's not a bad way of thinking about it. And then we have sort of a committee at the very core of this when there's choices to be made. And sometimes you actually have to make choices. And we make those choices. So I make no claims about that being easy. But it's never been that hard either. It's sort of sometimes can be hard to write down. But we have sort of a committee. And in the end game, that committee is who decides. And I think we've been able to do that in a way that we can go to bed nicely and so on. Now, our stuff is for cyber defense also. It's pretty worthless. It's not like you're not going to use our software to decide where you're going to drop a bomb or to do where you cannot even, you cannot physically use us to intrude into a phone or do any of the malicious stuff. It's cyber defense. So even if a bad guy got their hands on it, it wouldn't be great. but it's not like it's going to create complete havoc in the world. And in the endgame, it's hosted softwares. If the wrong guy got their hands on it, we can cut it any time. So there's a number of controls to it, so it's good. I guess one of the things that's important to me is that our customers know that we're not going to cut them off if they get sort of politically unpopular, which is why I want to be super clear about our criteria. Do you worry about that at all for record features? Just so kind of clear what you guys are willing to do and not. So first of all, our stuff is fairly expensive. So we only have 2,000 customers, you know, whereas somebody else, you might have many, many more. So that then, and we know who they are. They run, every customer of these 2,000 goes through sort of a KYC process, know your customer. So it's, if somebody shows up and they're called a company name that we have no idea of, they have no website, they have no nothing it's just not going to spend a hundred thousand dollars or you know if our stuff ranges from that up to millions and millions you know that it self-selects a lot of different things it's like whereas if you have a little dev shop with four guys who might use some ai tools it's it's i think you might be more difficult for you to make those sort of choices so uh i don't know tell me if i'm wrong but but i i think we sort of in there's a whole bunch of of variables that have made it so that this has been less of an issue, actually. That's great. Actually, shifting gears, I think, you know, we found a saying of yours that I think you repeated earlier here that I wanted to ask you about, which is saying, you know, I think it's like in the last 25 years, the internet reflected the world, and the next 25, the world will reflect the internet. Can you expand on what you mean by that? Yeah. So the first part is sort of the trivial one is sort of like everything that's happened in the physical world, sort of whether it's everything from sort of transactions to interactions to like how we do business, how we sort of the simple stuff has sort of moved onto the Internet. And the Internet then through that becomes a reflection of what's going on in the world. And I think we're all very happy to see that. And there's not a lot of drama that comes out of that. But then sort of saying that as soon as those systems here is sort of, it's internet first is sort of what's starting to happen. And whether that's sort of the trivial social when, you know, you see kids where what's going on in TikTok or Facebook or whatever is sort of the, maybe not kids and Facebook, that's not true. But, you know, whatever the preference of or social network of preference is, it's sort of it starts in the internet world. when democracy is sort of first internet and then on to the world, when business is first internet. And now we end up in a world where what happens on the internet is actually what defines the world. And that's sort of what I think becomes pretty interesting because now if you run a country, it becomes tricky. You know, who's in power? Is it the country or is it Mark Zuckerberg with Facebook? And I think it's been pretty interesting even observing Facebook and just seeing how Facebook switched head of government affairs at the same time as he was a flip president. And that was probably not by random. So I think we're going to see a lot of this. And if you sort of fast forward where that will be 25 years from now, I'm not keen to be a politician writ large, but I certainly wouldn't want to try to be a politician in 25 years because it's probably going to be pretty tricky. And I guess, you know, you talked about elections earlier, and we've had a lot of people on the show actually talking about different kinds of election interference and mitigation efforts. When you kind of roll forward the trends that you're seeing, do you think that, you know, the U.S. society has to operate a different way to be successful in this more vulnerable world? Big question. I'm a huge democracy fan. I sort of like whether you take it from a positive way that how positive isn't it that we can live in a world with sort of humanity's been around for tens of thousands of years. And it's sort of most of the time it's been the strongman that rules and you sort of follow. And even when there had been democracy, it's only or some it's only been for the super privileged or whatever you have sort of thing. Like so pretty damn positive that we can have a vote. So that's sort of pretty amazing that we get to live in that time. Now, if you then fast forward and start thinking about what's going to happen there. First of all, I was going to say that the other non-suppositive way is to say there's a lot of other ways. And maybe democracy isn't the best, but at least it's the best of the worst. It's sort of like none of this stuff is amazing. It all has problems and so on. But I certainly haven't seen anything remotely as good as democracy. Now, so if you go forward and you just say, what are the ways that democracy could develop? Again, there is this sort of thing, because we think very much in democracy in terms of countries, and I think that's important, and that's probably going to remain true. But again, if the sort of the groups of people are not necessarily following national borders, it might make it very difficult. Now, maybe we are sort of a new era right now. I can't really make that judgment where there's a new set of nationalism going on in a bunch of different places. Better for worse, we can only observe it. And that seems to be the case. But maybe that's a reaction to what's going on, what happened on the Internet. And I think there's many other of these sort of things. I think maybe the negative view would be that the world has been manipulated in many different ways. And there's amazing opportunities in front of us to manipulate. If I put on my, I want to be evil brain, there's many ways to be evil. But maybe on the other hand, people are also, let's be positive and say, maybe people are getting smart. And, you know, a lot of manipulation is pretty primitive. So hopefully, you know, like I'm sort of always saying, look, people always come up with wonderful tech solutions to deal with this. How about if we do what they do in Finland and just get people great education and we can sort a lot of these problems. Let's make sure that people can read really well and other sort of things and it can work out. So I am rambling a little bit, but I guess I'm generally an optimist. Democracy is better than anything. And yeah. That's great to hear. I mean, what do you like, do you think that when you think about sort of like AI's like offensive techniques and defensive techniques, do you have a sense on like what wins in terms of like I don know election interference or kind of any other conflict that we come into here Like you know like you can use AI to look for security vulnerabilities and fix them or look for security vulnerabilities and exploit them I mean what Yeah no if you think about like sort of if cyber attacks with large have just happened faster and faster. And so if I start there, just because that sort of closes the home and clearly, so for now the AI stuff you're really seeing is really only sort of better phishing emails and so on. But even there, it's like, you know, Like there was a reason most cyber attacks happened in English speaking countries for a long time, because writing the phishing emails was easiest to do in English sort of thing. But now you can do that in all kinds of different things. You can do more targeted stuff, blah, blah, blah, blah. But people are going to start writing software that once it gets in, it traverses through systems automatically. That for sure people are. And there's people working on that. And whether those are slow, slow moving things that tries to not detect or it's the sort of stuff where they don't really care. and there's that run through the system. That's going to happen. That's going to set up the bar for the defenders to try to build things that you're not going to actually be able to run counter that with just humans. You're going to have to use AI to sort of get or some version of automated analysis, but we can call it AI, to fight against that for sure. And who wins that there? Yeah, I like there's a guy, Rob Joyce, who's a terrific man who used to run cyber defense for the U.S. government at NSA. He, before that, ran the hacking team there, one of the groups famously called TAO at the time. And he has a great saying where he said, you have to know your network better than the bad guy coming at you. And if you're a big company, it's freaking hard to know their network. And, you know, a crawler plus some AI is going to outsmart most IT guys, even if they work there for 25 years. So there you have that. And I don't think it's certain who wins that. for sure. In disinformation, to your point, I'd like to think that we should be able to write, you know, so in the recorded future when you get text and images and all this stuff, now we try to classify and say the set of information you're looking at here is very likely machine-generated and it being machine-generated with these models. That sort of stuff to help the researcher. Now, when that can be in our operational system, so whether I'm on TikTok or in my email or whatever to say that. But maybe on the other hand, maybe 75% of what I'm going to deal with in the future is going to be machine generated. So maybe that's not enough. It's like the world, the future is maybe machine generated. So I think that's sort of interesting. And then you have the actual warfare stuff where what's going to happen is that I'm going to paint a square and say in this 10 by 10K kilometer, there's going to be drones hanging over that stuff with guns and grenades or what you pick. And anything that moves in there is dead. You know, like that sort of stuff. And people are working on that right now. That's going to change the nature of warfare in a brutal way. So, no, there's going to be all kinds of nasty stuff in front of us. Sorry to sound doom and gloom here. In that vein, I guess, and maybe this is even a practical question, what does it mean that the dark web is moving from kind of forums to telegram? Telegram. I mean, I'm sort of vaguely aware of Telegram as an alternative to Signal. I've watched many, many, maybe most of my CEO friends gradually move to Signal in the last year or two to the point where I feel like I'm using it quite a bit more than I expected to. Is Telegram and Signal like equivalent or why? Shouldn't us CEOs be using the same network that the criminals are using? Would that be the most secure network? First of all, use Signal. Good choice. Make good choices, Lucas. Use Signal. All right, I'm using Signal, just so you know. Signal is great. Signal publishes their source code. You could argue, this is actually, I haven't still yet really figured it out, but there's no real server to attack in Signal. There's lots of really good things. And all the fancy spies of the world in all the good countries use Signal. So the fact that they're not uncomfortable, now that might mean that they have a big cabal where they all share, you know, or you're going to look at your and mine emails. But no, I've seen plenty of very smart people use signals. I'm a huge signal fan. It's great. The good telegram, on the other hand, you know, so the guy, I'm not going to remember his name now, but, you know, very cool entrepreneur in many ways. He built VK first, sort of the Russian Facebook. He was forced to sell that because the Russian government did not appreciate that he had built this. They forced him to sell it to an oligarch in Russia. He would sort of, really, imagine your arm being up here and you sort of have to say yes. And he had to say yes, and he sold it. He then started Telegram and moved to Dubai to be able to sort of run it separate, Abu Dhabi or Dubai, I think it's Dubai, and built a messaging platform that is unlike Signal, if I understand it correctly, does have sort of a centralized place to be. It has encryption that is not at the same way of end-to-end encryption as of Signal and others do in any number. Like some of this is way above my pay grade, but there's a whole set of reasons why Telegram is not as good. It is interesting from this sort of, and it's dangerous in this world to sort of say good and evil, but the set of people that we don't necessarily love or many of them are on Telegram. So that means that there's a lot of data to be picked up on Telegram. The signal-to-noise ratio, signal in a different way, but it ends up being a good place to go look for. And especially the criminals are on there, whether it's sort of cyber criminals or people in trafficking and all kinds of interesting stuff are there. And it's turned into a very good information source. Is there something about Telegram's feature set that it's better for criminals? If any criminals are listening to this podcast, do they be convinced to switch over from Telegram to Signal? I mean, surely they wouldn't want their desk. I think it's social. It's social. And it also turns out that Ukraine, it has obviously in the Russian sort of world, it's very popular. So it's popular in Ukraine as well. I see. I'm not by any means saying that old Telegram people, users are bad by any means. It just sort of happens to be a certain class of criminals that ends up being concentrated on Telegram. Okay. Okay. Interesting stuff. All right. Well, like rolling forward into the... There are some people who would be very mad at me for saying this stuff. Wait, why? What part would they be mad at? Yeah, but once you sort of say that one platform is more criminal than the other, you know, like... Well, we can edit it out if you want, but... No, no, it's all good. It's all good. All right. Never mind. People have been mad at me for many things. It's all good. But actually, another question maybe that comes to mind for me is like, yeah, I feel like, you know, in my very kind of like low level of celebrity, you know, like every like, you know, month or two, I get someone reaching out on LinkedIn, like saying, I'm going to come kill you or something. But you must get these kind of threats like all the time. Like, do you worry about you and your family's like safety being so kind of involved in this world? Do you like, I mean, do you walk around with a bodyguard? You must be constantly concerned about getting hacked. How do you think about that? Do I look afraid? You don't look afraid. Is that for cause or for hubris, I guess? No, trying to be funny here. No, I'm not afraid. That's sort of, you know, and you choose when you get involved in this that you sort of, and no bodyguards unless it's needed. It's sort of one way of thinking about it. And one should be cautious. The sort of Russia deemed as whatever they call it, undesirable enemy of the state. So just before Christmas, there was a verdict, if you want, from the national prosecutor or the general prosecutor of the Russian Federation put out a statement around why recorded future is an enemy of the state. is an undesirable, very specific language, not like random stuff. It was very specific. So that was less great, if you want. That sounds bad, man. I mean, don't people that are undesirable going to Russia get thrown out of windows and stuff? I'm not super up on this. I can assure you I'm not traveling to Russia anytime soon. Sure. That seems to be off the... No, look, I think we're very, very careful with information security here. We run a good physical security program here as well. We try to be very careful and thoughtful about how we travel, what we do, and be thoughtful about things. Then, at the same time, one should not overestimate where you are on the list of problems that the bad guys have. Whether it's the Chinese government or the Russian government, they have a lot of shit to deal with. And I don't think we're sort of at the top of that list. So that's sort of, I don't want to simplify it, but information security, we've got to be on our A game. All right. Well, let's wrap this up and come back to the here and now. So a couple of months ago, you announced that you were getting acquired by MasterGard for $2.65 billion. It's got to be one of the biggest acquisitions of the last year. Can you talk about what the thesis was and how that came about and what your plans are going forward? Yeah. No, so we had a long discussion with them, you know, multi-year sort of discussions that have been going on. The sort of the simple thesis is that it's sort of maybe not as known, but they run a great payments business, of course. They have a services business that actually includes pretty nice assets on the cyber and intelligence side. They wanted to expand on this, and we could be a nice fit into that. But we also, the financial intelligence side is super interesting. That's especially as we talked about cyber criminals and so on, this sort of financial endpoint to things. If we get our hands on a stolen credit card, it would be awfully interesting to know whether that card has been used or not. And the cards that have been used or not actually tells you a whole lot about the whole supply chain of where those cards came from, just to have one random sort of example. So there is a lot of those sort of things. So we're going to be building out our business. We're continuing to operate on our own standalone. There's a lot of cool synergies that we can do together. And it was also one of those where it just felt like a really good home for the company. It has great people and sort of long-term value in mindset of things, which was important to me. Because kind of to your point, for both you and I who've built companies for a long time, you want to make sure they end up in places that are not just going to be like fly-by-night type stuff, but people who are serious and want to do things over long term. So there's any number of reasons that sort of stacked up where this was a great place to take it. Any advice for me for success post-acquisition? I think, you know, make sure to keep doing execution very well. It's sort of like you have to keep at your A game. we're early into it but you know build good friendships good good relationships with people because this stuff is not easy uh when you do it as you know it's like you know it's easy to come up with a lot of clever thoughts on paper but when you're going to make make it do it's like with people so make sure you have good relationships with those people and and uh yeah i think that's it just and and don't just think it happens sort of automatically you know it's sort of like it's Unfortunately, I guess it continues to be hard work. It's sort of unavoidable. Awesome. Thank you, Christopher. Real pleasure to talk to you. Thanks for having me. It was great. It was great. Thank you. Thanks so much for listening to this episode of Gradient Descent. Please stay tuned for future episodes.