I've been lucky enough to appear on the Risky Biz podcast with Patrick Gray many times, most recently to talk about the enormous challenges that come with AI. We spoke about finding applications that deliver real business impact, and ensuring the security and privacy of your organization's AI tools. So it was a real pleasure to return to the show recently to demo Tines Workbench, a Tines-powered AI chat interface that directly addresses both challenges.
We spoke about the customer conversations that led to the creation of Workbench - their frustration with lack of access to proprietary data, and need for an AI solution that can take action on their behalf. We took Workbench for a test drive with a security use case, using it to respond to a real data breach by grabbing IOCs from an external webpage, comparing them to the organization's own incidents and taking actions like resetting passwords..
You can watch the full video here, and I'm also sharing an extract from the conversation with Patrick. I really enjoyed this chat, and I hope you will too.
Eoin Hinchy: We're now two years into this journey of ‘AI is going to change the way everybody works’. And frankly, what we've seen has been completely underwhelming, outside of a couple of niche use cases like code-writing co-pilots or customer support.
Patrick Gray:
Or as it turns out, just a lot of introverts using ChatGPT to help them write emails! And then my favorite thing is they feed it a prompt with some bullet points. They generate an email, they send it over to the other person, who then uses a large language model to condense it back into the bullet points, which makes me think, in the future, perhaps we should just send the bullet points.
Eoin Hinchy: I'm with you! And it's amazing how many of these AI use cases ultimately just descend into writing an email. And that's been really disappointing to me.
We know this technology is amazing. Why aren't we seeing it make everybody's easier and making everybody more effective and productive?
And when we spoke to our customers and asked them their thoughts, outside of the security and privacy stuff, which I think is a bit of a given, there were two things that they consistently mentioned. One was, it's got very limited business impact because it doesn't understand my data, right? I can ask it to write an email all I want, but it has no access to my CrowdStrike alerts. It can’t access my SIEM. It doesn’t have access to my HR systems. So it's actually very limited in value because it doesn't have access to the real-time and proprietary data that I need to actually do my job.
That was the first thing. And then the second thing was, It can't actually do anything, right? It can't take action. It can summarize and rewrite, but the second I needed to go and quarantine a device or reset a password, or create a ticket, it can't do that because it doesn't have access to my systems.
And if it did, I wouldn't trust it to go and quarantine the device or fully analyze a phishing email.
Patrick Gray: You've got the sort of Skynet scenario there, only much, much stupider, where all of a sudden it starts quarantining healthy devices for reasons unknown.
Eoin Hinchy: Totally. It's like, it's like a really confident drunk Skynet. And nobody, nobody wants that. And so, those are the two problems that we began to chew on. And we came up with Workbench.
And you can think of Workbench as a Tines-powered AI chat interface. So if you've ever used ChatGPT or a similar tool, this will feel really familiar. You've got this big chat interface in the middle where you get to talk to your LLM.
What's different about this is the fundamental secure and private infrastructure that we're using. So when you're chatting to this, your data is not going anywhere. It stays in Tines. There's no internet connectivity here. There's no data traversal. There's no fine-tuning.
So I can do things like take a long list of customer data and paste it straight into Workbench, and it’s staying in Tines. This data doesn't go anywhere.
Patrick Gray: That is one thing I have heard from other companies offering products that rely on large language models is that there is genuine concern out there about data leakage, right? About stuff leaking into these models and then leaking out to other users.
It's not what you want. I think the protections there are probably reasonable, but no one can say for sure. And I think that's where that uncertainty comes from.
Eoin Hinchy: And I think you're absolutely right to call out, like, how legitimate are those concerns?
Patrick Gray: Well, we don't know yet. And I think that's the point. I mean, it could be fine, but we're not going to know for a few years.
Eoin Hinchy: Totally. And we're paid to be like healthy paranoids, right? That's very much our job. And so when we were building this, we were like, well, we have to be able to make an ironclad commitment that this data goes nowhere.
Patrick Gray: Let me ask you, [in the demo] I saw you had connected it to a bunch of tools, CrowdStrike and whatnot. Can you ask, ‘Has CrowdStrike seen anything with these IPs?’ Can you ask your NDR tool? Can you say, ‘Hey, I think we need to block this IP or this series of IPs’? How far down that rabbit hole can you go?
Doing that stuff is time-consuming, right? It's not particularly complicated, but it's a pain. It's absolutely a pain.
Eoin Hinchy: So the real power of Tines is that it can connect to anything and essentially do anything. It can ultimately automate any action regardless of what your tools are. So you can go as deep as you want. So if you want it to go and block IP addresses, if you want it to go and query CrowdStrike, you can do all that. You just need to turn them on.
/And there are two different sets of skills that Workbench has. One is these prebuilt integrations. And then the other is any workflow that's created in Tines. And so, for example, if we've got fairly complicated workflows, like enrich CVE, search JIRA, get info from Salesforce, all I need to do is turn them on, and then Workbench has the ability to access them.
So let's say I needed to connect to some internal system, it's something we built ourselves inside our company that lets us interact with our company blog, right?
Patrick Gray: So you're talking about some internal horror show, probably coded in Java, absolute enterprise crapware. I know exactly the sort of thing you're talking about.
Eoin Hinchy: Running on like a Dell machine underneath someone's desk. That kind of system. Let's say for example, want to connect to some internal system that's like accessing data from your blog. So here I've got a workflow. If I go to again, the core product and I search for blog. I've built a Tines workflow that allows me to connect to these systems. Tines can connect to this pretty easily.
So that’s Workbench, that's what we're really excited about. I think it clearly has the power, but we won't really understand fully until we see how security teams adopt and change based on this.
One thing we've learned over the last few years is that there is a huge amount of work that's really predictable and deterministic and that's where your workflows come in, where you can predict the same path all this time.
There's also a huge amount of work that isn't deterministic and does require creativity to investigate. And that's where Workbench comes in. And then for everything else, you've got your workflows.
Patrick Gray: And this is out now, right?
Eoin Hinchy: Yep, it’s brand spanking new. It's been in the hands of customers for quite a while, some early adopters. What we're particularly proud of is that this is also fully available in our Community Edition. So all our free users get access to Workbench as well.
It was a bit of a controversial decision, but one of the reasons we did it is because we think this does have the potential to change how everyone works. And so we want everybody to have access to it.
Learn how Tines Workbench helps teams take action and access proprietary data in real-time, privately and securely.