All right. So welcome, Michelle. Good to have you back on unsupervised learning.

All right. So welcome, Michelle. Good to have you back on unsupervised learning.

Yeah, I'm happy to be here. Thanks, Daniel.

Yeah, I'm happy to be here. Thanks, Daniel.

So you're the senior VP of product engineering and data science at BlackBerry, and you've been on UL before. So good to have you back. And what I wanted to talk to you about today is deepfakes. And basically what you're seeing around that, and I guess starting off like what are the main cyber threats that you see deepfakes, uh, picking up for us?

So you're the senior VP of product engineering and data science at BlackBerry, and you've been on UL before. So good to have you back. And what I wanted to talk to you about today is deepfakes. And basically what you're seeing around that, and I guess starting off like what are the main cyber threats that you see deepfakes, uh, picking up for us?

Yeah. You know, I think we're constantly getting immersed with, um, you know, this intricate dance with innovation and malicious intent. And I think initially we were seeing that content was getting generated, whether textual in nature, like better phishing, more convincing phishing, I would say, or personalized phishing, if you will, from a content Perspective, trying to reflect your browsing habits. You know, have a phishing email that would create such that you would probably click on them. And on that, I think it's progressively gotten more sophisticated. And, you know, with media, I think we're seeing, you know, generative AI that is were used for generating content with the multimodal model technology. It basically revolutionized. I mean, the idea was that it was mostly for the entertainment and education industry. But on the other hand, as we are seeing with these deepfakes, it's not just limited to phishing and textual, uh, type of attacks or social engineering attacks, but more powerful sort of reality, indistinguishable reality from fiction type of attacks where, you know, deepfakes cause this dystopian vision that is becoming a reality. Now malicious actors are creating highly convincing Videos, audios, individuals saying things that they would never say or do before. Identity theft has been a main fragment of that that is sort of coming into effect with these deep voice fakes. So yeah, so I think it sort of started with the deception and now in a full form of, um, identity compromise.

Yeah. You know, I think we're constantly getting immersed with, um, you know, this intricate dance with innovation and malicious intent. And I think initially we were seeing that content was getting generated, whether textual in nature, like better phishing, more convincing phishing, I would say, or personalized phishing, if you will, from a content Perspective, trying to reflect your browsing habits. You know, have a phishing email that would create such that you would probably click on them. And on that, I think it's progressively gotten more sophisticated. And, you know, with media, I think we're seeing, you know, generative AI that is were used for generating content with the multimodal model technology. It basically revolutionized. I mean, the idea was that it was mostly for the entertainment and education industry. But on the other hand, as we are seeing with these deepfakes, it's not just limited to phishing and textual, uh, type of attacks or social engineering attacks, but more powerful sort of reality, indistinguishable reality from fiction type of attacks where, you know, deepfakes cause this dystopian vision that is becoming a reality. Now malicious actors are creating highly convincing Videos, audios, individuals saying things that they would never say or do before. Identity theft has been a main fragment of that that is sort of coming into effect with these deep voice fakes. So yeah, so I think it sort of started with the deception and now in a full form of, um, identity compromise.

Mhm.

Mhm.

Yeah. And when you, when you talk about identity compromise, uh, what do you mean what type of attack would that be like. What is the scenario look like.

Yeah. And when you, when you talk about identity compromise, uh, what do you mean what type of attack would that be like. What is the scenario look like.

So um, I think, you know, if you, if you look at like, you know, um, increasing number of deep fakes, what we see in, in social media, even things that are, um, you know, pretty benign people trying to lose a few years, uh, or trying to lose a few. um, years from their life in terms of looking more young or, you know, seeing how they would look if they get older, uh, even some similar these benign activities, the most concerning development is the ability to take some of the same technology and apply on voice and creating, you know, voice cloning, uh, and voice fakes. And the reason why it is very disturbing as a trend is because, uh, typically what you hear, you're you're being trained to like, with all these years is, is real. Like, if you recognize somebody's voice, we, um, you know, our, our brains are trained to associate relationship based on, uh, audio senses. So with deep voice or voice cloning technology coming out because this enables cyber criminals to create fake identities, um, you know, that enables people to disclose information that they would otherwise not pass some biometric. Um, you know, voice checks and things like that. That's what I mean by identity. Um, yeah. Cloning?

So um, I think, you know, if you, if you look at like, you know, um, increasing number of deep fakes, what we see in, in social media, even things that are, um, you know, pretty benign people trying to lose a few years, uh, or trying to lose a few. um, years from their life in terms of looking more young or, you know, seeing how they would look if they get older, uh, even some similar these benign activities, the most concerning development is the ability to take some of the same technology and apply on voice and creating, you know, voice cloning, uh, and voice fakes. And the reason why it is very disturbing as a trend is because, uh, typically what you hear, you're you're being trained to like, with all these years is, is real. Like, if you recognize somebody's voice, we, um, you know, our, our brains are trained to associate relationship based on, uh, audio senses. So with deep voice or voice cloning technology coming out because this enables cyber criminals to create fake identities, um, you know, that enables people to disclose information that they would otherwise not pass some biometric. Um, you know, voice checks and things like that. That's what I mean by identity. Um, yeah. Cloning?

Yeah, that makes sense. One way I like to think about this is to imagine, um, when I think about what can happen from a deepfake. I like to think less about the deepfake itself and just imagine the impact that it would have. So, for example, one, uh, one of the big things is, uh, Beck attacks. And this is before I. Right, or before modern AI. So it was like, um, you just send an email and say, hey, the boss wants you to transfer this money because we're doing this merger and it's really important. And if the email was, uh, convincing enough, then that money would would transfer and they would lose, you know, a thousands of dollars or millions of dollars or whatever. so that would be one. Um, and then there's other things like, uh, you're convinced to vote a certain way, you're convinced to have a certain opinion, a positive or negative opinion about a person. So I like to think about the impact of it and then be like, okay, so how do we defend against that? Mhm. Um, because there's multiple ways to trick you into doing something like somebody could just get on and it's not a deep fake at all. They just convince you that you should transfer this money like like oh you should buy this real estate. It's, uh, you know, it's Oceanside, but somehow it's in the middle of the country and there's no ocean, but they're just really good at talking. So they convince you. So it's like the technique to get you to do the thing might not be the best place to look for it, because there's so many of those techniques. The question is the money transfer, the vote, the, um, opening up access to an attacker to, like, hey, I need you to turn on remote access so I can get access in. Well, that that would be the flag, right? What do you think about that sort of mental framework?

Yeah, that makes sense. One way I like to think about this is to imagine, um, when I think about what can happen from a deepfake. I like to think less about the deepfake itself and just imagine the impact that it would have. So, for example, one, uh, one of the big things is, uh, Beck attacks. And this is before I. Right, or before modern AI. So it was like, um, you just send an email and say, hey, the boss wants you to transfer this money because we're doing this merger and it's really important. And if the email was, uh, convincing enough, then that money would would transfer and they would lose, you know, a thousands of dollars or millions of dollars or whatever. so that would be one. Um, and then there's other things like, uh, you're convinced to vote a certain way, you're convinced to have a certain opinion, a positive or negative opinion about a person. So I like to think about the impact of it and then be like, okay, so how do we defend against that? Mhm. Um, because there's multiple ways to trick you into doing something like somebody could just get on and it's not a deep fake at all. They just convince you that you should transfer this money like like oh you should buy this real estate. It's, uh, you know, it's Oceanside, but somehow it's in the middle of the country and there's no ocean, but they're just really good at talking. So they convince you. So it's like the technique to get you to do the thing might not be the best place to look for it, because there's so many of those techniques. The question is the money transfer, the vote, the, um, opening up access to an attacker to, like, hey, I need you to turn on remote access so I can get access in. Well, that that would be the flag, right? What do you think about that sort of mental framework?

Yeah, I think, you know, that is a that is definitely the correct mental framework. I think we're talking about the, um, the malicious intent largely has not changed. Right. Whether, like you said, whether it's, you know, you know, getting people to do something that they would otherwise, not in a very simple terms. Right. And the speed at which the act of convincing the speed, if you could map it to the act of convincing somebody has definitely increased because of these audio visual, these perceptive sensors, which we believe as real. What you see is, you know, what the reality looks like and when that is being questioned on, you know, that sort of definitely, you know, gets it to a point where you are now going to be targeting the different aspects to take advantage of. You talked about financial, social, uh, defamation, personal attacks, like, you know, all all of these put together I think is, is now the landscape that these actors are operating with some of these technologies. And I think, you know, the most concerning aspect, I'm convinced that, you know, as the technology evolves, like, you know, there will always be this cat and mouse. But the most concerning aspect, I think, of these deepfakes is the potential for eroding trust. Trust from from systems that are legitimate, that are that are true. And and I think, you know, that that is more of these intangible, uh, effects of this technology, I think.

Yeah, I think, you know, that is a that is definitely the correct mental framework. I think we're talking about the, um, the malicious intent largely has not changed. Right. Whether, like you said, whether it's, you know, you know, getting people to do something that they would otherwise, not in a very simple terms. Right. And the speed at which the act of convincing the speed, if you could map it to the act of convincing somebody has definitely increased because of these audio visual, these perceptive sensors, which we believe as real. What you see is, you know, what the reality looks like and when that is being questioned on, you know, that sort of definitely, you know, gets it to a point where you are now going to be targeting the different aspects to take advantage of. You talked about financial, social, uh, defamation, personal attacks, like, you know, all all of these put together I think is, is now the landscape that these actors are operating with some of these technologies. And I think, you know, the most concerning aspect, I'm convinced that, you know, as the technology evolves, like, you know, there will always be this cat and mouse. But the most concerning aspect, I think, of these deepfakes is the potential for eroding trust. Trust from from systems that are legitimate, that are that are true. And and I think, you know, that that is more of these intangible, uh, effects of this technology, I think.

Yeah. So how do you see these being used in attack chains? So we already have existing attack chains. How do you see these being added in or like augmented with this technology?

Yeah. So how do you see these being used in attack chains? So we already have existing attack chains. How do you see these being added in or like augmented with this technology?

Yeah. So I think, you know, we started the discussion with, you know, phishing. Um, we talked about this disturbing trend with textual content. Now we're seeing with, with video. Um, and we're seeing with voice. So voice we already talked about, for example identity. Identity masquerading, for example, you know, faking voice identity. We've already seen in the media, for example, some of these things playing out with millions of dollars or potentially private information being disclosed. Right. As cyber financial crimes, for instance. Right. Um, and in video like, you know, uh, elections coming up in both Canada and United States, you know, uh, this, um, this disinformation or spread of disinformation at this, at this speed is changing public opinion visually. Uh, these are sort of these, uh, Attack vectors, I would say like changing perception, changing or distorting reality. Um, in, in sense for, for the mass and also in financial crimes like, you know, leveraging this technology, uh, to defame brands, uh, create a direct financial like, you know, you talked about millions of dollars getting siphoned, uh, creating those. So it's all motivated in, in those areas. So, um, and we're seeing, you know, the reality it's no longer hypothetical. Um.

Yeah. So I think, you know, we started the discussion with, you know, phishing. Um, we talked about this disturbing trend with textual content. Now we're seeing with, with video. Um, and we're seeing with voice. So voice we already talked about, for example identity. Identity masquerading, for example, you know, faking voice identity. We've already seen in the media, for example, some of these things playing out with millions of dollars or potentially private information being disclosed. Right. As cyber financial crimes, for instance. Right. Um, and in video like, you know, uh, elections coming up in both Canada and United States, you know, uh, this, um, this disinformation or spread of disinformation at this, at this speed is changing public opinion visually. Uh, these are sort of these, uh, Attack vectors, I would say like changing perception, changing or distorting reality. Um, in, in sense for, for the mass and also in financial crimes like, you know, leveraging this technology, uh, to defame brands, uh, create a direct financial like, you know, you talked about millions of dollars getting siphoned, uh, creating those. So it's all motivated in, in those areas. So, um, and we're seeing, you know, the reality it's no longer hypothetical. Um.

Yeah, absolutely. So there was, uh, one recently with, uh, Ferrari. I don't know if you saw that one. It was, uh, it was basically somebody masqueraded the CEO's voice, um, on a phone call, and they would actually they actually had done a bunch of stuff on WhatsApp first to get them to the point of almost doing this thing that they wanted. And then the final step was, hey, I need to talk to you on the phone. So it was Ferrari. So they're Italian, so they have the voice of the person. They also have the right accent from the right part of Italy. Mhm. So, um, it was fairly convincing, but something the executive that they were talking to and trying to trick something made them question it. So they asked him a personal question that they knew about the CEO. Mhm. And the fake CEO the deep fake couldn't answer. So they ended the call. Yeah. So so I think um that was a lucky case that you had somebody who was suspicious. But have you seen other similar sort of attacks where um, I guess there was also the one where someone was convincing to send money. I think they actually did convince them to send.

Yeah, absolutely. So there was, uh, one recently with, uh, Ferrari. I don't know if you saw that one. It was, uh, it was basically somebody masqueraded the CEO's voice, um, on a phone call, and they would actually they actually had done a bunch of stuff on WhatsApp first to get them to the point of almost doing this thing that they wanted. And then the final step was, hey, I need to talk to you on the phone. So it was Ferrari. So they're Italian, so they have the voice of the person. They also have the right accent from the right part of Italy. Mhm. So, um, it was fairly convincing, but something the executive that they were talking to and trying to trick something made them question it. So they asked him a personal question that they knew about the CEO. Mhm. And the fake CEO the deep fake couldn't answer. So they ended the call. Yeah. So so I think um that was a lucky case that you had somebody who was suspicious. But have you seen other similar sort of attacks where um, I guess there was also the one where someone was convincing to send money. I think they actually did convince them to send.

Money in a British, um, British form. Yeah. Yeah. That's right. Very one. You know, I think the Ferrari one is actually a very good case study. Like, I think, you know, in that one I haven't looked fully into it. But on the on on the brief, um, articles that I read, it seemed like the suspicious element was the subtle mechanical, uh, intonations in the voice that was detected, which sort of got them into sort of questioning. And, and it's great for this person to have asked a, um, a shared secret, if you will, or a previous yes question that they would have otherwise not known. Um, but you know what? Like, you know, my first thought reading that was like, uh, this is real time voice cloning, right? As you're speaking. Uh, it's sort of generating this. Right? So the compute cycles that are required, typically for audio latencies to work is anywhere from 9 to 42 milliseconds for a continuous stream of, of communication. And this will get progressively better. Like if it were a static recording that you're playing like a like a video. Um, that voice overlay or an audio, for example, uh, you know, uh, or audio voice notes, for example. Uh, they would be spot on because it would have had the compute power necessary. And the algorithms that we have today and that are used by these threat actors. But I bet that this particular technology of real time cloning, which is as I'm speaking, it is sort of, um, transferring the the audio nuances to somebody else's Mercury would get just better, uh, over time. So this is quite, quite concerning. But the other one, I think, you know, there is I came across resemble I or resembled I forget like, you know, they track quite a few of these incidents like, you know, worldwide. Um, for many of these fake like whether it's robocall AI misinformation. Um, and, you know, I recently read a report from, from Deloitte, I think the fastest growing forms of adversarial. I, uh, like, you know, deepfake related are all on financial crimes, like financial losses. And they're projecting about over 12 north of 12,000,000,000 in 2023. Uh, which was the case, and 40 billion, um, by 2027 in aggregate. So which is, you know, is growing at an astounding rate over, I don't know, like 12 to 40, like 25, 30%. Yeah. You know, compounding rate. Um, and you know, in one of those reports, you know, especially for the financial crimes Deloitte reported, these fakes are proliferating, um, mostly in the banking and financial services as being the main target. Hmm.

Money in a British, um, British form. Yeah. Yeah. That's right. Very one. You know, I think the Ferrari one is actually a very good case study. Like, I think, you know, in that one I haven't looked fully into it. But on the on on the brief, um, articles that I read, it seemed like the suspicious element was the subtle mechanical, uh, intonations in the voice that was detected, which sort of got them into sort of questioning. And, and it's great for this person to have asked a, um, a shared secret, if you will, or a previous yes question that they would have otherwise not known. Um, but you know what? Like, you know, my first thought reading that was like, uh, this is real time voice cloning, right? As you're speaking. Uh, it's sort of generating this. Right? So the compute cycles that are required, typically for audio latencies to work is anywhere from 9 to 42 milliseconds for a continuous stream of, of communication. And this will get progressively better. Like if it were a static recording that you're playing like a like a video. Um, that voice overlay or an audio, for example, uh, you know, uh, or audio voice notes, for example. Uh, they would be spot on because it would have had the compute power necessary. And the algorithms that we have today and that are used by these threat actors. But I bet that this particular technology of real time cloning, which is as I'm speaking, it is sort of, um, transferring the the audio nuances to somebody else's Mercury would get just better, uh, over time. So this is quite, quite concerning. But the other one, I think, you know, there is I came across resemble I or resembled I forget like, you know, they track quite a few of these incidents like, you know, worldwide. Um, for many of these fake like whether it's robocall AI misinformation. Um, and, you know, I recently read a report from, from Deloitte, I think the fastest growing forms of adversarial. I, uh, like, you know, deepfake related are all on financial crimes, like financial losses. And they're projecting about over 12 north of 12,000,000,000 in 2023. Uh, which was the case, and 40 billion, um, by 2027 in aggregate. So which is, you know, is growing at an astounding rate over, I don't know, like 12 to 40, like 25, 30%. Yeah. You know, compounding rate. Um, and you know, in one of those reports, you know, especially for the financial crimes Deloitte reported, these fakes are proliferating, um, mostly in the banking and financial services as being the main target. Hmm.

Interesting. So as the stuff gets better and like you said, it becomes indistinguishable. Like there's no way to tell the difference. Mhm. Um, so one one thing is the voice sounds better, but what I feel like if there's extra context the more the attacker knows about the thing. So imagine this is a fully automated AI attack. That's even worse. So it's not even a voice a real time clone of a person. It's actually like an AI agent that's just calling and trying to get the things to happen. But but it has been given a full database about everything about you or about me or about this, uh, Italian executive. So it knows, like, the name of their dog because it got it from, like, Instagram. Right? And it's got all this personal data about like, it knows the wife's name and everything or whatever. So how how do you defend against that? So let's say it's a perfect voice. It's perfectly real time, but it also has deep knowledge from open source intelligence about the actual perpetrator.

Interesting. So as the stuff gets better and like you said, it becomes indistinguishable. Like there's no way to tell the difference. Mhm. Um, so one one thing is the voice sounds better, but what I feel like if there's extra context the more the attacker knows about the thing. So imagine this is a fully automated AI attack. That's even worse. So it's not even a voice a real time clone of a person. It's actually like an AI agent that's just calling and trying to get the things to happen. But but it has been given a full database about everything about you or about me or about this, uh, Italian executive. So it knows, like, the name of their dog because it got it from, like, Instagram. Right? And it's got all this personal data about like, it knows the wife's name and everything or whatever. So how how do you defend against that? So let's say it's a perfect voice. It's perfectly real time, but it also has deep knowledge from open source intelligence about the actual perpetrator.

Yeah, yeah.

Yeah, yeah.

No, I think, you know, it's, uh, as you're saying, right? I mean, this type of, uh, generative AI, adversarial AI, you know, it creates new attack vectors with all of this information, multimodal information that no one sees coming, and it creates a more complex, nuanced threat landscape, um, that, you know, prioritizes identity driven attacks, and it'll only get better. Um, so in the short term, the way I think about this and most companies that that I talk to their CISOs is like training, right? The first thing is at least deepfake detection training, which is recognizing inconsistencies in facial expression, uh, audio quality or video quality? Uh, before disclosing sensitive information, uh, validate using a verification protocol, uh, of contacting them through known means, like, for example, through their, uh, known contacts, like phone or ask them questions like you talked about this shared secret, like ask them something that you know they would otherwise have not shared or disclosed. Uh, create these these validation, uh, protocols, um, and have people be more aware of social engineering from, from an awareness perspective. Right. Um, I mean, that's the, you know, that's just to get get to the short term problem just with exposure and training, really. But on a more broader term, I think social engineering awareness, uh, basically should should drive these regulatory verification process. I think the governments have have a part to play here to make content provenance or identity? Um, you know, spoofing, using AI, uh, as a mechanism, as a mandatory safeguarding, like in Canada, for example, I can say, uh, most of the provinces have enacted legislation on sharing non-consensual media, for example. So the acts are already there, uh, in identity fakes, for example. But that needs to be put on AI. Um, the no. AI Fraud Act, uh, that was introduced in the US House of Representatives, I think, uh, earlier this year I believe is a good first step. Right. Uh, fraud itself. There are regulations around that. There's laws around it. We just need the governments to to catch up to the level at which the technology is progressing and, and create it within, within the AI framework. Um, yeah.

No, I think, you know, it's, uh, as you're saying, right? I mean, this type of, uh, generative AI, adversarial AI, you know, it creates new attack vectors with all of this information, multimodal information that no one sees coming, and it creates a more complex, nuanced threat landscape, um, that, you know, prioritizes identity driven attacks, and it'll only get better. Um, so in the short term, the way I think about this and most companies that that I talk to their CISOs is like training, right? The first thing is at least deepfake detection training, which is recognizing inconsistencies in facial expression, uh, audio quality or video quality? Uh, before disclosing sensitive information, uh, validate using a verification protocol, uh, of contacting them through known means, like, for example, through their, uh, known contacts, like phone or ask them questions like you talked about this shared secret, like ask them something that you know they would otherwise have not shared or disclosed. Uh, create these these validation, uh, protocols, um, and have people be more aware of social engineering from, from an awareness perspective. Right. Um, I mean, that's the, you know, that's just to get get to the short term problem just with exposure and training, really. But on a more broader term, I think social engineering awareness, uh, basically should should drive these regulatory verification process. I think the governments have have a part to play here to make content provenance or identity? Um, you know, spoofing, using AI, uh, as a mechanism, as a mandatory safeguarding, like in Canada, for example, I can say, uh, most of the provinces have enacted legislation on sharing non-consensual media, for example. So the acts are already there, uh, in identity fakes, for example. But that needs to be put on AI. Um, the no. AI Fraud Act, uh, that was introduced in the US House of Representatives, I think, uh, earlier this year I believe is a good first step. Right. Uh, fraud itself. There are regulations around that. There's laws around it. We just need the governments to to catch up to the level at which the technology is progressing and, and create it within, within the AI framework. Um, yeah.

I I'm sorry. Go ahead.

I I'm sorry. Go ahead.

No, no, I was just saying that, you know, training and then the regulatory criteria. But there are things in the technology side as well that we can do. But perhaps, you know, the immediately, uh, there are these two things that come to mind.

No, no, I was just saying that, you know, training and then the regulatory criteria. But there are things in the technology side as well that we can do. But perhaps, you know, the immediately, uh, there are these two things that come to mind.

Yeah. Well, one thing I worry about there is that I agree that government is going to get involved and should get involved, but I think about spam calls in the US. I don't know about Canada in the US. It's still very bad. Um, I basically have an allow list. Mhm. Um, and all other calls just go directly to voicemail because I couldn't handle it any other way. Mhm. Um spam calls are already illegal. Fraud is already illegal. So I if the government says it's illegal to do fraud with I, if it's already illegal to do fraud, I'm not sure what exactly. Like who would be willing to do the fraud without I. Mhm. Even though it's illegal. But once the new law came out they would be like oh well now it's illegal with AI so I'm not going to do it.

Yeah. Well, one thing I worry about there is that I agree that government is going to get involved and should get involved, but I think about spam calls in the US. I don't know about Canada in the US. It's still very bad. Um, I basically have an allow list. Mhm. Um, and all other calls just go directly to voicemail because I couldn't handle it any other way. Mhm. Um spam calls are already illegal. Fraud is already illegal. So I if the government says it's illegal to do fraud with I, if it's already illegal to do fraud, I'm not sure what exactly. Like who would be willing to do the fraud without I. Mhm. Even though it's illegal. But once the new law came out they would be like oh well now it's illegal with AI so I'm not going to do it.

Mhm. Yeah.

Mhm. Yeah.

No I think you know and that's where so, so I think the that's a great point. So the first thing is you know educate. Right. We all need to be aware that reality is getting distorted and be aware of our surroundings. Yes. Number two we do need some guardrails regulatory guardrails. Right. So that, you know, at least it it puts some checks and balances. Or if somebody were to to file a complaint, there is a legal framework to act upon. So today for example, if I went and said something like this happened. Um, the legal framework is not there to support, uh, let's say the, the, the legal proceedings that would follow this.

No I think you know and that's where so, so I think the that's a great point. So the first thing is you know educate. Right. We all need to be aware that reality is getting distorted and be aware of our surroundings. Yes. Number two we do need some guardrails regulatory guardrails. Right. So that, you know, at least it it puts some checks and balances. Or if somebody were to to file a complaint, there is a legal framework to act upon. So today for example, if I went and said something like this happened. Um, the legal framework is not there to support, uh, let's say the, the, the legal proceedings that would follow this.

Yeah, that's a good point.

Yeah, that's a good point.

Yeah. But also there is a technology side to it, right. Like, I mean, if you take a step back and if you think about it, look it will get progressively better. And why do I think about it that way? because, you know, this branch of generative AI, you know, works in a way like like, you know, we talked about this, I think, in our previous discussion about adversarial networks. Right. Adversarial networks, Gans like or or various types of autoencoders, for example. Typically, the way it works is like you have two pairs of network, right? One, you know, deep neural network is called the generator that's generating this content. And the other one is a discriminator and it's critiquing the content. Simplest way to think about that. So the generator will get better and better as the discriminator gets better at critiquing critiquing the generation. Right. Yeah. Zero sum game. So the very technology that is sort of enabling to detect and identifying what is a fake and what is real in itself is assisting in getting better at the content. So that's why, you know, I think about this as, as the need to accelerate the framework, the regulatory framework for authenticity detection technology. So accelerate the innovation on cryptographically securing generative AI content through fingerprint.

Yeah. But also there is a technology side to it, right. Like, I mean, if you take a step back and if you think about it, look it will get progressively better. And why do I think about it that way? because, you know, this branch of generative AI, you know, works in a way like like, you know, we talked about this, I think, in our previous discussion about adversarial networks. Right. Adversarial networks, Gans like or or various types of autoencoders, for example. Typically, the way it works is like you have two pairs of network, right? One, you know, deep neural network is called the generator that's generating this content. And the other one is a discriminator and it's critiquing the content. Simplest way to think about that. So the generator will get better and better as the discriminator gets better at critiquing critiquing the generation. Right. Yeah. Zero sum game. So the very technology that is sort of enabling to detect and identifying what is a fake and what is real in itself is assisting in getting better at the content. So that's why, you know, I think about this as, as the need to accelerate the framework, the regulatory framework for authenticity detection technology. So accelerate the innovation on cryptographically securing generative AI content through fingerprint.

Okay. I like that.

Okay. I like that.

Simplicity. You know, the government regulatory criteria can come in and enforce the authenticity. Like we all need to learn how to verify you know, what is valid and what is authentic content. Just look at how we learned how to check if a browser is safe, right? There is a little.

Simplicity. You know, the government regulatory criteria can come in and enforce the authenticity. Like we all need to learn how to verify you know, what is valid and what is authentic content. Just look at how we learned how to check if a browser is safe, right? There is a little.

Um yep.

Um yep.

Lock at the left hand side. Oh, okay. It's safe. Right? SSL and all that. Right. The same way we need to sort of, you know, do the same thing to learn how to check if a content media is safe. And, you know, we consume our content through browsers. Right. I mean, all of this thing is manifesting itself in the very vehicle that's delivering it is are these browsers. So there.

Lock at the left hand side. Oh, okay. It's safe. Right? SSL and all that. Right. The same way we need to sort of, you know, do the same thing to learn how to check if a content media is safe. And, you know, we consume our content through browsers. Right. I mean, all of this thing is manifesting itself in the very vehicle that's delivering it is are these browsers. So there.

Is a way and.

Is a way and.

Mobile apps and mobile apps.

Mobile apps and mobile apps.

And mobile.

And mobile.

Apps. But at the end of the day, there is a way and and we consume most of the content using these sort of instruments. So we can see how I'm drawing these parallels, that if we sort of accelerate the innovation on cryptographically security, securing and validating these, these fingerprinted content, then we should be able to tackle this technology, right? I mean.

Apps. But at the end of the day, there is a way and and we consume most of the content using these sort of instruments. So we can see how I'm drawing these parallels, that if we sort of accelerate the innovation on cryptographically security, securing and validating these, these fingerprinted content, then we should be able to tackle this technology, right? I mean.

So I like that. Yeah. Is it. So it's when you're saying legislation you're not talking about make it illegal to do bad things because it's already. No no.

So I like that. Yeah. Is it. So it's when you're saying legislation you're not talking about make it illegal to do bad things because it's already. No no.

No. Yeah. Yeah.

No. Yeah. Yeah.

You're talking about requiring, uh, technology providers to have an authenticity mechanism. It's really funny you say that because I was going to bring up a similar point. So, um, we're in zoom right now. You see, when I'm talking, you see, I have a green outline around. Mhm. When you talk the you have a green outline. And in this case that's to indicate that that's person is talking. Right. Obviously however I've been thinking about exactly what you said. Which is, um, what if Apple and Android and YouTube and all of meta, they had a mechanism where, um, so let's say I'm talking to you on the phone. Mhm. When I initiate my phone call to you. Mhm. Um, it's using my secure enclave on my phone. And so it's verifying that I got in with my face or my finger or um touch ID or whatever.

You're talking about requiring, uh, technology providers to have an authenticity mechanism. It's really funny you say that because I was going to bring up a similar point. So, um, we're in zoom right now. You see, when I'm talking, you see, I have a green outline around. Mhm. When you talk the you have a green outline. And in this case that's to indicate that that's person is talking. Right. Obviously however I've been thinking about exactly what you said. Which is, um, what if Apple and Android and YouTube and all of meta, they had a mechanism where, um, so let's say I'm talking to you on the phone. Mhm. When I initiate my phone call to you. Mhm. Um, it's using my secure enclave on my phone. And so it's verifying that I got in with my face or my finger or um touch ID or whatever.

Authenticity. Yeah.

Authenticity. Yeah.

Yeah. So it authenticates that. And then when the call comes over to you, you see something, you see a blue outline, you see a green outline, you see a check mark, just like you said with the lock symbol. So now when we're having a conversation, it's validated. So same same with this. Like you said, we could do you could do a real time deepfake pretty soon. So it looks like I'm talking to shell, but it's not actually you. But if there was a green outline on a check mark, that would mean that some combination of my operating system and zoom had validated and continued to validate. So maybe in the middle of our conversation, we both get prompts because we've been talking for ten minutes. We have to re authenticate the feed. Mhm.

Yeah. So it authenticates that. And then when the call comes over to you, you see something, you see a blue outline, you see a green outline, you see a check mark, just like you said with the lock symbol. So now when we're having a conversation, it's validated. So same same with this. Like you said, we could do you could do a real time deepfake pretty soon. So it looks like I'm talking to shell, but it's not actually you. But if there was a green outline on a check mark, that would mean that some combination of my operating system and zoom had validated and continued to validate. So maybe in the middle of our conversation, we both get prompts because we've been talking for ten minutes. We have to re authenticate the feed. Mhm.

Mhm.

Mhm.

So yeah you know you you're spot on. And you know I almost think of this as a joint government and industry partnership. Like you know I'm often I have the opinion that this is definitely a solvable problem. Yeah. And as an industry thought leaders we have to establish what this common identity assertion protocol is and standardize that. And then all of these companies that are in the business of of creating media or transmitting media or exchanging media, sort of, you know, um, adhere by it. Like, I mean, you know, I'm, I'm actually quite, um, encouraged to see the DARPA very recently, uh, to deal with at least the, uh, face swapping technology and the puppeteering technology, which which is also a phenomenally interesting branch of generative models is where your expressions you are still the same person, your identity is not solved, but your expressions are. But to deal with that, they initiated a new research, I think called the Media Forensic Research Acceleration Program R&D program, if you will, to identify fake digital visual media detection method. Right. Um, and that will tackle, you know, those sort of things. But I think in order to deal with the identity side of things or validating, I think, you know, what what you're suggesting is, is a great way of of tackling that. In fact, I was recently reading a paper like there is this cryptographic mechanism called um, uh, zero knowledge proof. And the idea is, is quite simple. It's basically, um, there is something that both you and I know without you disclosing what you know, I'm able to verify, uh, whether your claims are true or not.

So yeah you know you you're spot on. And you know I almost think of this as a joint government and industry partnership. Like you know I'm often I have the opinion that this is definitely a solvable problem. Yeah. And as an industry thought leaders we have to establish what this common identity assertion protocol is and standardize that. And then all of these companies that are in the business of of creating media or transmitting media or exchanging media, sort of, you know, um, adhere by it. Like, I mean, you know, I'm, I'm actually quite, um, encouraged to see the DARPA very recently, uh, to deal with at least the, uh, face swapping technology and the puppeteering technology, which which is also a phenomenally interesting branch of generative models is where your expressions you are still the same person, your identity is not solved, but your expressions are. But to deal with that, they initiated a new research, I think called the Media Forensic Research Acceleration Program R&D program, if you will, to identify fake digital visual media detection method. Right. Um, and that will tackle, you know, those sort of things. But I think in order to deal with the identity side of things or validating, I think, you know, what what you're suggesting is, is a great way of of tackling that. In fact, I was recently reading a paper like there is this cryptographic mechanism called um, uh, zero knowledge proof. And the idea is, is quite simple. It's basically, um, there is something that both you and I know without you disclosing what you know, I'm able to verify, uh, whether your claims are true or not.

Almost like Diffie. Hellman.

Almost like Diffie. Hellman.

Yeah, except in Diffie. Hellman. Yeah, yeah, except that there is.

Yeah, except in Diffie. Hellman. Yeah, yeah, except that there is.

But but, um. But the middle person doesn't get to see the thing exchanged.

But but, um. But the middle person doesn't get to see the thing exchanged.

Exactly. Yeah. And this zero knowledge proof is, is actually applied in many different places. It's not new, but what is new here is the application of zero knowledge proof in authenticating and privacy maintaining hardware. Like, um, you know, I came across a company that's sort of dabbling with this called snark. They're using zero knowledge, zero knowledge proof microphones, which you know, can prove the audio was indeed recorded in that thing. Some media companies like Canon and Nikon are dabbling with zero knowledge imaging technology, whereby they can ascertain that this was actually captured using light rays coming in a camera lens.

Exactly. Yeah. And this zero knowledge proof is, is actually applied in many different places. It's not new, but what is new here is the application of zero knowledge proof in authenticating and privacy maintaining hardware. Like, um, you know, I came across a company that's sort of dabbling with this called snark. They're using zero knowledge, zero knowledge proof microphones, which you know, can prove the audio was indeed recorded in that thing. Some media companies like Canon and Nikon are dabbling with zero knowledge imaging technology, whereby they can ascertain that this was actually captured using light rays coming in a camera lens.

Oh, interesting.

Oh, interesting.

And or if it has been edited in a particular way. But this whole audio visual industry coalition content provenance, authenticity is a serious topic. And it is time that, you know, we we find ways to certify, uh, source of digital content, how it was generated. Um, and things that you just talked about ascertain before these gadgets, like mobile devices and other such things are used to validate these things right now, if you think about it. Right. Privacy, uh, or identity verification is only used for content that you own. Like for example, my phone, for example, is going to ask me for my password and a bunch of other things before it shows me my stuff, right? Or opens. But that has no bearing when I'm calling you, for example. Like you have no idea. Right. So so this this thing is, as you mentioned, is actually now very important is all of this identity validation that happened on the phone. This trust needs to be expanded into the other entity that you're interacting with. So the trust network needs to be, um, shared using whatever methodology that these companies choose. But yeah, our standardized.

And or if it has been edited in a particular way. But this whole audio visual industry coalition content provenance, authenticity is a serious topic. And it is time that, you know, we we find ways to certify, uh, source of digital content, how it was generated. Um, and things that you just talked about ascertain before these gadgets, like mobile devices and other such things are used to validate these things right now, if you think about it. Right. Privacy, uh, or identity verification is only used for content that you own. Like for example, my phone, for example, is going to ask me for my password and a bunch of other things before it shows me my stuff, right? Or opens. But that has no bearing when I'm calling you, for example. Like you have no idea. Right. So so this this thing is, as you mentioned, is actually now very important is all of this identity validation that happened on the phone. This trust needs to be expanded into the other entity that you're interacting with. So the trust network needs to be, um, shared using whatever methodology that these companies choose. But yeah, our standardized.

Yeah. So I think that's correct. Um, I'm also thinking about a thing that you said earlier when you mentioned Puppeting. Um, yeah. I didn't know there was a name for this, but I think it might be the same thing I'm thinking of. So the the avatar on the other side looks like this young, like.

Yeah. So I think that's correct. Um, I'm also thinking about a thing that you said earlier when you mentioned Puppeting. Um, yeah. I didn't know there was a name for this, but I think it might be the same thing I'm thinking of. So the the avatar on the other side looks like this young, like.

Um.

Um.

Like, uh, almost like anime looking, uh, influencer girl. And she's, like, really animated and, you know, pretty and everything, and she's talking about whatever the topic is. And then you see right next to it, it's actually like a 47 year old male, and he's the one actually doing all of the emoting and everything. And, um, it is real time face swapping and real time hand swapping, uh, costume clothes, everything. So that raises an interesting point. Uh, based on everything we talked about.

Like, uh, almost like anime looking, uh, influencer girl. And she's, like, really animated and, you know, pretty and everything, and she's talking about whatever the topic is. And then you see right next to it, it's actually like a 47 year old male, and he's the one actually doing all of the emoting and everything. And, um, it is real time face swapping and real time hand swapping, uh, costume clothes, everything. So that raises an interesting point. Uh, based on everything we talked about.

At.

At.

The start of the call, um, there was authentication that happened. So they got a green box. Um, but then this technology is now on. So now it looks like this other person. Um, so what? This just got me thinking, and I hadn't thought of this before. You know, this reminds me of, uh, gaming situations where, um, games, there's so much hacking happening in games that, uh, a lot of game vendors switch to basically having to run a rootkit.

The start of the call, um, there was authentication that happened. So they got a green box. Um, but then this technology is now on. So now it looks like this other person. Um, so what? This just got me thinking, and I hadn't thought of this before. You know, this reminds me of, uh, gaming situations where, um, games, there's so much hacking happening in games that, uh, a lot of game vendors switch to basically having to run a rootkit.

Mhm.

Mhm.

So they need end to end, top to bottom deep kernel implementation to know that you do not have some sort of shiv. Yeah. Some sort of injection capability inside of the thing. And it's looking at all the processes that are running. It's looking for evidence of malware. It's looking for evidence of tampering. So, so the question is like if we start a video call and then I start software like that. Mhm. That technology needs to be able to know that I'm using the puppet technology and that there's an interception and translation happening.

So they need end to end, top to bottom deep kernel implementation to know that you do not have some sort of shiv. Yeah. Some sort of injection capability inside of the thing. And it's looking at all the processes that are running. It's looking for evidence of malware. It's looking for evidence of tampering. So, so the question is like if we start a video call and then I start software like that. Mhm. That technology needs to be able to know that I'm using the puppet technology and that there's an interception and translation happening.

Correct.

Correct.

Yeah. And I think you know that's a that's a very well uh explained kind of Uh, thought process. And that's also one of the reasons why I think it's not just that. And I talked about this zero knowledge proof mechanism for authenticity built into the hardware. Um, because, you see, if my camera is showing my video and if the camera in the live stream, this hardware authenticates that the video stream is basically what it is processing using the, uh, the ZK hardware, uh, research I talked about. Then any cross stream or stream mixing in the middle, um, the receiving software should be able to validate the authenticity that this is not what the camera captured. Right? Yes. And that is the key, right? It you know, it's not just at one level. It has to be that the trust has to go all the way from the physical level. Right? The lights and everything around here. To what the camera sensor captures, to what the media gets digitized. So just trying to tackle that the digital media layer is insufficient. It needs to have the analog. Um, it needs to have the analog ancillary to also transport this authenticity and validation mechanism back for for real time communication, whether it's an audio microphone or a video camera or sensor. Yeah.

Yeah. And I think you know that's a that's a very well uh explained kind of Uh, thought process. And that's also one of the reasons why I think it's not just that. And I talked about this zero knowledge proof mechanism for authenticity built into the hardware. Um, because, you see, if my camera is showing my video and if the camera in the live stream, this hardware authenticates that the video stream is basically what it is processing using the, uh, the ZK hardware, uh, research I talked about. Then any cross stream or stream mixing in the middle, um, the receiving software should be able to validate the authenticity that this is not what the camera captured. Right? Yes. And that is the key, right? It you know, it's not just at one level. It has to be that the trust has to go all the way from the physical level. Right? The lights and everything around here. To what the camera sensor captures, to what the media gets digitized. So just trying to tackle that the digital media layer is insufficient. It needs to have the analog. Um, it needs to have the analog ancillary to also transport this authenticity and validation mechanism back for for real time communication, whether it's an audio microphone or a video camera or sensor. Yeah.

Yeah. I love what you're saying there, because I love the fact that the hardware itself is involved. So to your point. Canon. Canon. Canon and Nikon. So it's almost like they would have their own version of like a secure enclave or something similar where it's like, that's a protected system. It's the one doing the signing at the at the camera hardware level, which is part of a later signature which is passed on. That's right. So it's like this chain of custody where it's an unbroken thing.

Yeah. I love what you're saying there, because I love the fact that the hardware itself is involved. So to your point. Canon. Canon. Canon and Nikon. So it's almost like they would have their own version of like a secure enclave or something similar where it's like, that's a protected system. It's the one doing the signing at the at the camera hardware level, which is part of a later signature which is passed on. That's right. So it's like this chain of custody where it's an unbroken thing.

Yeah.

Yeah.

But the challenge with that, Daniel, is that, you see, right now, the fragmentation in this space is going to be devastating. Like, that's the worst thing that can happen. Yeah. Fragmentation. Meaning that okay, one person is doing or one company doing it this way. The other company is doing it that way. And there is no like, you know, um, so so that's why I think it's very important that the Logitech camera can interact with some of my phone camera, for example, or, you know, the interoperability of this. So like, imagine if your web browser did something different, uh, of SSL and something else did something different. It's going to be just a chaos. So standardization of this mechanism to tackle deep fake authenticity of of digital media, whether it's stored media or media in transit.

But the challenge with that, Daniel, is that, you see, right now, the fragmentation in this space is going to be devastating. Like, that's the worst thing that can happen. Yeah. Fragmentation. Meaning that okay, one person is doing or one company doing it this way. The other company is doing it that way. And there is no like, you know, um, so so that's why I think it's very important that the Logitech camera can interact with some of my phone camera, for example, or, you know, the interoperability of this. So like, imagine if your web browser did something different, uh, of SSL and something else did something different. It's going to be just a chaos. So standardization of this mechanism to tackle deep fake authenticity of of digital media, whether it's stored media or media in transit.

Um, you know.

Um, you know.

Now that I'm thinking about this, I think you're right about that, because I think what will probably happen is the what we will agree on is we agree to trust zoom and then zoom on each of our sides. Does the camera validation because the camera got some sort of certification from somebody like Apple or Mac OS or windows? Correct. So zoom trust the camera. Therefore zoom signs it. Therefore your side agrees because zoom side zoom signed both sides.

Now that I'm thinking about this, I think you're right about that, because I think what will probably happen is the what we will agree on is we agree to trust zoom and then zoom on each of our sides. Does the camera validation because the camera got some sort of certification from somebody like Apple or Mac OS or windows? Correct. So zoom trust the camera. Therefore zoom signs it. Therefore your side agrees because zoom side zoom signed both sides.

Sure. Something like that.

Sure. Something like that.

That works. That works too. And yeah, that's you know, that that is a kind of standardization. But I was going a little bit broader. I was saying that we should like, we should almost go to the layers of network communication, the same way how we communicate with streams like we do. Like you talked about Diffie-Hellman, I'm talking about, you know, um, stream establishment at the internet protocols. Authenticity.

That works. That works too. And yeah, that's you know, that that is a kind of standardization. But I was going a little bit broader. I was saying that we should like, we should almost go to the layers of network communication, the same way how we communicate with streams like we do. Like you talked about Diffie-Hellman, I'm talking about, you know, um, stream establishment at the internet protocols. Authenticity.

Oh, sure.

Oh, sure.

So I think it's time for us to look at, like. I mean, we can keep patching this stuff, right? We can we can keep creating these glues and, you know, but I think it's time to to take a step further and start, um, you know, um, the contracts of this authenticity of the hardware, the data, like the same way how we digitize the data. We need to embed some of these validation mechanisms right into the protocol.

So I think it's time for us to look at, like. I mean, we can keep patching this stuff, right? We can we can keep creating these glues and, you know, but I think it's time to to take a step further and start, um, you know, um, the contracts of this authenticity of the hardware, the data, like the same way how we digitize the data. We need to embed some of these validation mechanisms right into the protocol.

You know, honestly, we should, um, not not perfectly on topic, but we should actually collaborate on this because, um, I don't think it's going to be easy for a small company to do this. I think this is really going to be like a consortium. Mhm. Um, but I used to be at Apple. Um, I still know a lot of people over there. I know a lot of people are thinking about this, but I am very surprised that I have not heard more people talk about what you just said. So for example, um, IPsec, uh, Randall, like all the fundamental protocols, uh, the fundamental algorithms, what is an underlying base standard like TCP, IP, like TLS? Um, um, you know, is it, uh, are we doing public key for the exchange? Are we doing symmetric for the for the, uh, the communication? Yeah. So it's like all those things need to be considered and built into like, like you said, a fundamental protocol which includes the authentication piece, which includes the re prompting for authentication over certain periods of time based on, uh, so for example, here would be a great like method for the, uh, thing. Uh, you have a policy established during the, the initiation of the call so that if certain things are being talked about. It up levels the requirements so it prompts you both sides more often.

You know, honestly, we should, um, not not perfectly on topic, but we should actually collaborate on this because, um, I don't think it's going to be easy for a small company to do this. I think this is really going to be like a consortium. Mhm. Um, but I used to be at Apple. Um, I still know a lot of people over there. I know a lot of people are thinking about this, but I am very surprised that I have not heard more people talk about what you just said. So for example, um, IPsec, uh, Randall, like all the fundamental protocols, uh, the fundamental algorithms, what is an underlying base standard like TCP, IP, like TLS? Um, um, you know, is it, uh, are we doing public key for the exchange? Are we doing symmetric for the for the, uh, the communication? Yeah. So it's like all those things need to be considered and built into like, like you said, a fundamental protocol which includes the authentication piece, which includes the re prompting for authentication over certain periods of time based on, uh, so for example, here would be a great like method for the, uh, thing. Uh, you have a policy established during the, the initiation of the call so that if certain things are being talked about. It up levels the requirements so it prompts you both sides more often.

Mhm. Mhm.

Mhm. Mhm.

For revalidation. Yeah. Things like that.

For revalidation. Yeah. Things like that.

Yeah absolutely. And you know you talk about Apple and I think it's interesting right. Apple is in a unique place to to really solve deepfakes is because they have a full control of end to end ecosystem if you will.

Yeah absolutely. And you know you talk about Apple and I think it's interesting right. Apple is in a unique place to to really solve deepfakes is because they have a full control of end to end ecosystem if you will.

Yes.

Yes.

Um, all the way from the hardware to the content to the method of that content distributes, and they have statistically significant density of communities that interact with those content. Um, so, so that, that, you know, that's one aspect. And the other aspect is I think, you know, if you look at the rate at which the technology is evolving, um, deep fakes are probably Significantly impacting our ability of what reality looks like and or eroding trust from systems.

Um, all the way from the hardware to the content to the method of that content distributes, and they have statistically significant density of communities that interact with those content. Um, so, so that, that, you know, that's one aspect. And the other aspect is I think, you know, if you look at the rate at which the technology is evolving, um, deep fakes are probably Significantly impacting our ability of what reality looks like and or eroding trust from systems.

Yep.

Yep.

And that is massively concerning.

And that is massively concerning.

Yeah I agree. Yeah. One thing I just realized is, um, I would love like a little I think this is probably coming soon with AI agents. So you have like a little bot that is watching this chat. And one of the things it would have reported is, um, Shil's background looks like a real background that is blurred. Daniel's background looks to be AI generated. So I, I'm watching him very carefully to make sure he doesn't have six fingers or something. You know what I mean? So you could just have an alert that's like right off the start before we even started. It's a fake background.

Yeah I agree. Yeah. One thing I just realized is, um, I would love like a little I think this is probably coming soon with AI agents. So you have like a little bot that is watching this chat. And one of the things it would have reported is, um, Shil's background looks like a real background that is blurred. Daniel's background looks to be AI generated. So I, I'm watching him very carefully to make sure he doesn't have six fingers or something. You know what I mean? So you could just have an alert that's like right off the start before we even started. It's a fake background.

Mhm.

Mhm.

You know what I mean.

You know what I mean.

Yeah. No.

Yeah. No.

Absolutely. Yeah. I think, um, I think there are various ways to solve this, but, you know, um, there are things that can be done in the short term. There are things that can be done in the mid-term. But I think, you know, if we're talking about thought leadership, vision as to where we're going, I think it's time for us to kind of, you know, uh, rethink what we are doing and how we're going to deal with fakes in general. Digital fakes. AI is helping it make better.

Absolutely. Yeah. I think, um, I think there are various ways to solve this, but, you know, um, there are things that can be done in the short term. There are things that can be done in the mid-term. But I think, you know, if we're talking about thought leadership, vision as to where we're going, I think it's time for us to kind of, you know, uh, rethink what we are doing and how we're going to deal with fakes in general. Digital fakes. AI is helping it make better.

But yeah, yeah, yeah, yeah.

But yeah, yeah, yeah, yeah.

I think the way you're talking about it is exactly correct. Ultimately it's a trust issue. So anything that is eroding that trust is really the problem. And that's where we start.

I think the way you're talking about it is exactly correct. Ultimately it's a trust issue. So anything that is eroding that trust is really the problem. And that's where we start.

Exactly.

Exactly.

And then we start with that trust problem. And then you start thinking about a trust protocol a more fundamental technology protocol like TCP, IP, like HTTP, something, you know, at a deeper, more fundamental.

And then we start with that trust problem. And then you start thinking about a trust protocol a more fundamental technology protocol like TCP, IP, like HTTP, something, you know, at a deeper, more fundamental.

Yeah, yeah.

Yeah, yeah.

And you know, Daniel, there is also another important thing here. Like, you know, some of these things were developed for entertainment purposes. Like, if you think about it, the very premise. Right. If you go look up in GitHub and you search for, uh, FS, uh, Gann, uh, facial expression and you'll see like incredible research papers and then implementation of them. And they are majority uh, the goal is to demonstrate what the technology is capable of. Some of the first applications were for fun and. Yeah. So what like, you know, I sent a picture or video that looks, uh, five, ten years, um, you know, of my age taken off, right? As long as I do not claim, I think it's perfectly fine. As long as they say, hey, you know, look, this is. And there is no claims made that this is who I am or this is what it is. The problem becomes when some like, you know. So the root of the problem is, is a fake, whether it's deep or not, I think is is it or AI generated is a different point altogether?

And you know, Daniel, there is also another important thing here. Like, you know, some of these things were developed for entertainment purposes. Like, if you think about it, the very premise. Right. If you go look up in GitHub and you search for, uh, FS, uh, Gann, uh, facial expression and you'll see like incredible research papers and then implementation of them. And they are majority uh, the goal is to demonstrate what the technology is capable of. Some of the first applications were for fun and. Yeah. So what like, you know, I sent a picture or video that looks, uh, five, ten years, um, you know, of my age taken off, right? As long as I do not claim, I think it's perfectly fine. As long as they say, hey, you know, look, this is. And there is no claims made that this is who I am or this is what it is. The problem becomes when some like, you know. So the root of the problem is, is a fake, whether it's deep or not, I think is is it or AI generated is a different point altogether?

Yeah.

Yeah.

No, I think that's right. It's it's a great point because there's a harmless removal of 15 years of age. Mhm. But if it's a guy and he's trying to get a model, uh, modeling job and the modeling company stands to lose money from this contract being signed, now that innocent thing is no longer innocent.

No, I think that's right. It's it's a great point because there's a harmless removal of 15 years of age. Mhm. But if it's a guy and he's trying to get a model, uh, modeling job and the modeling company stands to lose money from this contract being signed, now that innocent thing is no longer innocent.

Exactly.

Exactly.

Yeah. Exactly. Which is why, you know, the technology is just enabling. And that's why my points were like, we need to find a way to deal with the technology. Mhm.

Yeah. Exactly. Which is why, you know, the technology is just enabling. And that's why my points were like, we need to find a way to deal with the technology. Mhm.

Yeah. So any any tips for people to learn more about this.

Yeah. So any any tips for people to learn more about this.

Yeah I think you know um like we recently did like the threat research team and the and the data science team, uh, did some work to, to publish this um, thing from BlackBerry about deep fakes. I encourage people to read it. I think they're going to find it informative. It's developed in a language that is very easy to understand, and I think right now I would encourage people to sort of learn about these things of what's possible. Right. That's the first thing that at least you're skeptical when you see something or your antennas kind of pick up something that that you might otherwise might not have. So awareness I think, is is the key at this time.

Yeah I think you know um like we recently did like the threat research team and the and the data science team, uh, did some work to, to publish this um, thing from BlackBerry about deep fakes. I encourage people to read it. I think they're going to find it informative. It's developed in a language that is very easy to understand, and I think right now I would encourage people to sort of learn about these things of what's possible. Right. That's the first thing that at least you're skeptical when you see something or your antennas kind of pick up something that that you might otherwise might not have. So awareness I think, is is the key at this time.

Okay. Yeah, we'll definitely put the link to that in the show notes. Um, any predictions for like the next year or 2 or 3 years?

Okay. Yeah, we'll definitely put the link to that in the show notes. Um, any predictions for like the next year or 2 or 3 years?

Um, well, I think this technology is going to get progressively better. You're going to see more hyper realistic content. In fact, you're going to start seeing full body, not just faces and expression puppeteering. I think you're going to see, you know, hyper realistic content. You're going to see content interacting with other content in social settings. You're going to see more personalized attacks through this mechanism. Uh, you know, public figures or people you dislike. You're going to be able to start propaganda and the availability of these tools like, I mean, from $5 to $15 a month. From a subscription perspective, you can create some of this stuff, uh, with a bit of programming. You can go download these GitHub projects and do your own, if you will. Um, you know, the like, you know, the possibility is limitless. So deepfake as a technology will continue to evolve because it does stoke a, a, uh, in a reason for why we do certain things that, that are, uh, not the best moral grounds, if you will. So it will get become more sophisticated, harder to detect the very technology that is required to do this. Um, is is going to basically enable this, this growth. And the challenge will be there in the coming years unless we as a community do something about it.

Um, well, I think this technology is going to get progressively better. You're going to see more hyper realistic content. In fact, you're going to start seeing full body, not just faces and expression puppeteering. I think you're going to see, you know, hyper realistic content. You're going to see content interacting with other content in social settings. You're going to see more personalized attacks through this mechanism. Uh, you know, public figures or people you dislike. You're going to be able to start propaganda and the availability of these tools like, I mean, from $5 to $15 a month. From a subscription perspective, you can create some of this stuff, uh, with a bit of programming. You can go download these GitHub projects and do your own, if you will. Um, you know, the like, you know, the possibility is limitless. So deepfake as a technology will continue to evolve because it does stoke a, a, uh, in a reason for why we do certain things that, that are, uh, not the best moral grounds, if you will. So it will get become more sophisticated, harder to detect the very technology that is required to do this. Um, is is going to basically enable this, this growth. And the challenge will be there in the coming years unless we as a community do something about it.

Yeah. So the better that stuff gets, the more we're going to need the types of controls that you talked about.

Yeah. So the better that stuff gets, the more we're going to need the types of controls that you talked about.

Exactly.

Exactly.

Yeah, absolutely.

Yeah, absolutely.

Where can we learn more about you and your team and the work that you're doing?

Where can we learn more about you and your team and the work that you're doing?

Uh, we, uh. That's great. Like, you know, we have a data science research blog where we publish, uh, things that we learn, um, time to time, uh, at BlackBerry, um, papers that we publish. Um, so, so I welcome, uh, people reaching out if they want. Uh, I always love to have a great conversation. Some of these conversations we had were very insightful. Um, yeah.

Uh, we, uh. That's great. Like, you know, we have a data science research blog where we publish, uh, things that we learn, um, time to time, uh, at BlackBerry, um, papers that we publish. Um, so, so I welcome, uh, people reaching out if they want. Uh, I always love to have a great conversation. Some of these conversations we had were very insightful. Um, yeah.

Okay. Well, awesome. Well, it's great to have you back. And, uh, great conversation, as always. I appreciate the time.

Okay. Well, awesome. Well, it's great to have you back. And, uh, great conversation, as always. I appreciate the time.

Hey, thanks a lot, Daniel. Thanks.

Hey, thanks a lot, Daniel. Thanks.

All right.

All right.

Take care. Bye.

Take care. Bye.