Caleb Sima: [00:00:00] We did nine predictions about AI by 2025. Nine out of nine a hundred percent are accurate. I'll still sound by my prediction that bubble burst. That's a bold prediction. I like your prediction 'cause it's like ballsy. Data scientists are now just gonna be called AI engineer because AI engineer sounds better, sounds cooler, has higher salary income.

This is my evil conspiracy theory stuff. Nvidia, all the frontier providers are all holding themselves up. They don't want the token cost to drop.

Ashish Rajan: Apparently we made a lot of predictions. Throughout 2025, this is the final episode for this particular season of AI Security podcast and we are putting this under the lens.

We are trying to figure out how much of the predictions we made throughout the episodes on 2025, season three actually came through and what are predictions of 2026 for AI. They may be a few bombshells just letting you know, but hopefully you agree with them or you probably have your own predictions.

Would love to hear that in the comment section below. If you are someone who is watching on Spotify or YouTube, definitely let us know in the comments. If you have your own [00:01:00] predictions as well, let me know if you agree with my bold prediction for 2026 and if that would come to fruition. If you know someone who is interested in predictions for 2026 of AI security, what that would look like and what would go forward and what have the changes been across 2025 that actually came true?

Definitely share this episode with them. And uh, if you are here for a second or third time and have been enjoying the episodes of AI Security Podcast, I would really appreciate if you could take a quick second to hit that follow subscribe button, whichever platform you're listening or watching on be on Apple, Spotify, LinkedIn, YouTube.

Your support means a lot. And thank you so much for supporting, as always, on conferences that we go to as well. So looking forward to hearing a lot more about what you think about this particular episode and what your predictions are for the next year coming. I hope you enjoy this episode. I'll talk to you soon.

Peace. Hello. Welcome to another episode of AI Security Podcast. Today is the final episode for season three. I'm a bit sad because AGI is not here yet, but hey we'll figure out what else have we, uh, not gotten to, uh, but maybe to, to set the stage, man. Uh, I was gonna start off by saying we should probably talk [00:02:00] about some of the top of mind things for us today in December, 2025 for where AI is and where do you stand on AI today?

I guess, obviously, I'm sure your opinion about AI and the practical use case of AI has evolved as we have spoken for the past three years. Where does it stand for you today?

Caleb Sima: Like, that's an interesting,

Ashish Rajan: it's,

Caleb Sima: it's

Ashish Rajan: not a FAD, right?

Caleb Sima: Yeah. What do you like? I mean, there's a lot of ways we can go with that, but let's just maybe start with today.

What is the state of it and what do I feel? Has it gotten to a point of utility that we had hoped we would see maybe a year ago? Is that a

Ashish Rajan: Yeah, yeah, yeah. That's a fair thing. Yeah, yeah, yeah. I think I like the, an example, maybe we just take it from a utility, but also how much is production today, if you like.

Caleb Sima: Oh yeah. So, from a utility perspective, I think from a consumer version and from an individual version, I think AI has made pretty great strides. Like when you look at [00:03:00] where we were a year ago and our prediction for some of the things that it could do today, you know, obviously hype was and is always way overblown, but I do think that it has done a lot.

Now what I think used to take, all of these wizzywig. Sort of if this, then that Zapier Connect plug, do all of this today, almost every service offers a type, a couple sentences and it will by and large get it done and it, it will work. I think that, almost any sort of expert you can think of, health, medical, fitness, fashion engineer, software management, you know, whatever you think of you can get access to.

Yeah. And for most intents and purposes, 90% of the time it's, it's Right, like it is pretty good. Like you can have an expert on call anytime, anywhere. And I just think that, you know, from a consumer [00:04:00] individual perspective, coding has gotten way better. Yeah. Like, actually, I'll give you an example.

Since since AI started, maybe like two and a half years ago, I created this very simple eight line of different sprints on how to create a more and more advanced web crawler, right? Okay. It starts off with just a simple web crawler, you know? It says, okay, now do it multi-threaded. Okay, now do it distributed.

Okay, now use browsers and be able to do it. Okay, now use AI filtering on it. You know, like it just got more and more advanced. And I remember, you know, two and a half years ago, I take this exact same thing and it took me almost an entire week, and I barely got past step four before I got Oh, okay. Just didn't work.

And then over periods of models, it finally got, oh, I was able to complete all of them, but it took four days to do it, and then it completed all of them, and then it took two days. Then the next one and it took a day. And then now when I do it, it literally takes 15 minutes. And I used to do it step by step.

You [00:05:00] know, just do one sprint next to this. Now I just take the whole thing and I dump it and it just does it. Wow. And so like that advancement over the couple years of this exact same sort of PRD prompt that I created, and I always use the exact same thing. You can see the progression. Like it's really amazing.

Ashish Rajan: Yeah. 'cause I, I was gonna say for me personally, from a consumer side, obviously the AI is, when we first started talking about it, the consumer utility was the top of mind thing. People knew that there's a potential here for how it could be used in enterprise from a utility perspective. I think initially, uh, the way I was using, I was just totally lost in the whole prompt engineering conversation to a large extent.

Now that has become second nature. Even if you have giving it half bake sentences, it still kind of understands a bit of it. Obviously it requires. Precise instructions, but at least you got, you get to a point where I was I'm actually started this, doing this experiment where every time I'm coming to the US on a flight, which is an 8 flight, I run a experiment on some kind of an AI agent.

Like the first one that I ran [00:06:00] was I wanted to update my website, and I was not finding time to do that. And finally, in the eight hour flight with British Airways internet, I just plugged in. Before I landed, my site was already live. I think that to me was like not something I could have ever done in my entire life before AI.

And if was just basically one of those things where it'll give instructions by, I think I was using vercel and something else. It just gives me instructions, Hey, this is where it needs to change, whatever, blah, blah, blah. And I think the other thing that I also want to call out is in the, on the utility side, now's no longer, you know, there was a hype in between where the Apple hardware design person, Steve, he kind of had come out and said, Hey, the way AI is supposed to be consumed, we are not consuming it that way.

We are basically still limiting ourselves. And even though I'm sure there's a certain way to use ai, I definitely find that today my default for most things is definitely using ai for example travel going somewhere. Obviously it's not the best, but in certain scenarios, but it's a default number one now.

Which is [00:07:00] super weird to think that I used to go on Google first and do all these things, but now my default is, oh, I'm just gonna ask the question even if it's for news and stuff. I Has your any other behavior changed for you from a utility perspective?

Caleb Sima: I, I mean, I'm, I'm exactly the same. I think, you know, I use AI way more than I used even Google, I think in the past, right?

Ashish Rajan: Yeah.

Caleb Sima: Uh, because I'm using it for all these different avenues of my life, and utility wise, I have agents running in the background, constantly doing things for me. I have code that's, I'm running with, I have advisors that I've built that I'm constantly communicating with. I have just the general work stuff that I'm editing posts and documents and reviewing.

Like there's, there's just a lot, right? There's a lot that is going on here yeah. Yeah. Like, you know, it's really interesting that I think AI for sure, for us at least as being more cutting edge people, we are adopting quite easily. Yeah. And so, yeah, like it's a big deal.

Ashish Rajan: Yeah. And I, I guess, funny [00:08:00] enough, because initial thinking for a lot of people was, it's gonna take away jobs.

It's gonna be, uh, something that would not augment, but today it's a lot more clearer. At least as far as I can see, it has definitely augmented a lot more. Now I have quote unquote AI workflows for certain things that I run where I don't wanna explain the same thing again. There's workflows for it, there's cloud skills for it, there's Gemini gems for it.

There's just so many ways you can automate AI workflows if you wanted to. And finally, we can stop talking about the different between automation and AI workflows. I remember the first season, we would just explain to people, Hey, this is agentic. Yeah, this is not, agentic got such a long way away from that as well.

But I think one thing that is still remained overwhelming, which is there in the beginning, overwhelming, I at least I would think was still overwhelming, was how would we use this in enterprise applications and what would be the use case for security? And I think that, obviously I have opinion, but akin to know from you, like from a, either from a utility perspective or from the integration of AI for how much.

It would be used by businesses

Caleb Sima: last [00:09:00] year. We actually predicted that in 2025 that there will not be mature AI production systems beyond very, very narrow areas or specific things. And I believe so far that has been pretty much confirmed. It's validated most, yeah. It's still pretty early. Reliability. Yeah, scalability.

And what we've also learned, cost has been big barriers. Um, oh my God, yes. In ai, these are really big barriers.

Ashish Rajan: Actually, we should just quickly unpack that as well. 'Cause for people who may have missed an episode I don't think cost is spoken about enough. We all, we obviously, I understand we are AI security podcast, but just to get these things into production, right?

Quote unquote production, not like the, uh, the lovable MVP that people have been sharing across the globe and going, Hey, I'm putting things in production and just falling back. Can we just unpack those three for people, just the cost aspect and what are some of the challenges for why even at the end of 2025, our prediction is still true?

Caleb Sima: Yeah, like, you know, what we actually talked about previously is our [00:10:00] assumption was cost was going to go down, right? Because at that time, AI costs kept dropping, cost per token was boom, boom, boom, boom, boom, boom. And everybody was basically sort of at that time saying, Hey, it's a race to the bottom.

Yeah. Right? Where okay, everyone is going to lower their cost per token, blah, blah, blah. Which sort of ha like I have evil sort of conspiracy theory.

Ashish Rajan: Yeah. Let, let's hear those conspiracy theory as well, man.

Caleb Sima: But, but what has actually occurred is, yes, co token per cost has definitely gone down. Yeah. Right.

However, it hit a somewhat floor, and not only that, but clawed its way back up into cost. Barriers and lines being drawn no more max, you know, you pay $300 a month, you can use whatever you want that has all been killed. Yep. There's a bar for it.

Ashish Rajan: Yeah.

Caleb Sima: Yeah. That's right. And actually people who are building production systems are finding the cost to run AI stuff.

Is [00:11:00] astronomical. Yeah. Um, I mean, it is really expensive to be able to build this. I was talking with a portfolio company who was basically like, Hey, we've built this AI, red teaming offensive product. Yeah. And we are deployed in a lot of productions and like our bottom floor for a decent sized enterprise, our cost alone in AI is a million dollars annually.

Ashish Rajan: Yes. I can believe that. Just

Caleb Sima: for a standard enterprise AI offense. And I'm like, how do you charge? An AI red teaming product back to the customer At over your cost. Yeah. Like you're coming to Robinhood or whatever company it is and saying, Hey, we do have this AI red teaming, but you know, it's, our floor is a million, so like we're gonna sell you at a three and a half million or four and a half million dollar deal.

Ashish Rajan: Yeah.

Caleb Sima: And so like, this is like the cost is starting to. Become a real challenge. Yeah.

Ashish Rajan: Um, I think one of the reasons I've moved away from cloud code is that as [00:12:00] well, 'cause to what you said, I think that Max plan earlier allowed for unlimited usage and after that, to be fair, to give people some context as well, it's not that the first attempt of you using AI gives you the perfect answer.

So it a lot of the tokens of wasted and just debugging and it kind of adds to like, once you get to the point, I'll just use the example of that portfolio company we're referring to. Red teaming probably means continuous realtime interaction with this set system, you're spending tokens consistently, like for a, on a quote unquote realtime basis.

No wonder the cost is so high because it's just burning tokens at that point. And don't

Caleb Sima: forget about context. Oh yeah. Tool calling. Info and metadata constantly going with every call. Like it's, yeah. Yeah. It's basically like you have one meg of memory and you know, 80% of it is already taken every single call by the same crap.

Uh, and then, you know, like, it's just, it's bad.

Ashish Rajan: Yeah. But do you feel like, I think specific talking about the, uh, the quote unquote security side of things as well, in terms of [00:13:00] maturity of the. Conversation for production ready. At least there is a, and this is kind of going on the same prediction we had, I think I'm just reading up the notes here.

2025 will not yet have mature AI production systems beyond the narrow areas. And AI reliability would still be evolving and deployment will remain narrow. I think that prediction is on the money there, but I wonder also, if you were to put a security lens on it is the other one, which is the SOC automation, which was the, the wave in the beginning of 2025, which I think, which we called out as a prediction as well, that SOC automation would be the most tangible real world AI impact across the board for how AI would be used for security.

Caleb Sima: Which by the way, this is a good transition into our predictions. Yep. Right? Yep. Yeah. So we should just go directly into our predictions. We, we obviously created a set of predictions that said about AI by 2025. Yeah. Um, and we did nine predictions and throughout 2025 identified. Yeah. Yeah. Nine out of nine a hundred percent are accurate. Yeah. And so the first one, which was sort of, [00:14:00] will we have mature AI production systems?

Yep. Unless it's narrow areas, probably not. I think that's fairly accurate so far. Yep. Number two, you said SOC automation. Yes. So SOC automation will be the most tangible, real world AI impact. Yep. I think that is true.

Ashish Rajan: Yeah, that is still true. I think where what there 53 vendors in this particular space now since the time of, uh, 20, at least the conversation became a hot topic.

There are 55 or 53 companies that are solving ai Soc, they're also the, the flip as well. A lot of people, sorry.

Caleb Sima: I said it's mainstream

Ashish Rajan: for sure. A hundred percent. It's mainstream. And I, I think the other side to the build versus buy conversation for this as well, a lot of people have started understanding the fact that, oh, it's not something that I can build myself.

And people do try and I'm talking to people who are quite advanced in building engineering capabilities in their organization. They've done a lot of security engineering, but even they come to a point and go, okay, at what point do I call it, I'm building an AI product versus just automation. 'cause pre, previously, a lot of that just meant I'm just automating [00:15:00] things.

I'm just automating the, to what you said earlier, if then statement, if I see this thing, that means it's a threat trigger a detection. Have a response, all of that. But a lot of people are finding that it's not as simple as, I'm just gonna feed my cloud logs into AI and it will do the prediction for me.

And goes back to your example earlier, the cost of running that itself would be just humongous. Why would you take that on yourself and let's give it to someone else. Although I'm curious, I know we made the prediction just about, so automation, is there any other field in cybersecurity that you feel has had a real world AI impact in terms of automation or AI adoption?

From cybersecurity perspective,

Caleb Sima: we did make a prediction around that, which was around cyber office. Cyber Offense.

Ashish Rajan: Okay.

Caleb Sima: Yeah. And so we said in 2025 we should see that pick up rapidly, that there'll be a lot of AI scanning tools, other types of things. 'cause it's low hanging fruit that can be easily AIed. Yeah.

[00:16:00] And uh, what is the hottest thing right now? It is AI red teaming and running.

Ashish Rajan: Yep. So then the next one is, the next one is AI red teaming. Although, and since the time we predicted this, or at least how this conversation, there's been a I guess someone has gotten up the rank on hacker one as well.

Charles Nu, all the written number one, just using AI automation or ai, AI driven red teaming testing. The reason I brought that up also is I also feel there are sparks of AI automation across GRC as well across cloud security as well. 'cause there's all these acquisitions that have happened as well since the time we spoke.

So obviously a hundred percent top of the ladder. For adoption is SOC automation, which was a prediction that is still true. The second one is the AI red teaming, which we kind of covered in episode on as well. It's still pretty hot. I feel like there are little tiny sparks of, uh, GRC engineering, cloud security engineering, or cloud security that are also getting quote unquote traction, but obviously not as, not the same level as SOC automation as well.

Uh, the other one that I think you predicted was the browser [00:17:00] security.

Caleb Sima: Yeah. Well, I predicted that the next big move for AI is to get in the browser. Uh, because it makes total sense that that is where you spend all your time and you can get all this context. I predicted that, you know, this was way before, but now what is the hot thing?

Is every AI foundational company is either buying browsers or building their own browsers. Yeah. Because they are all about getting into browsers of context. So yes, that is another prediction.

Ashish Rajan: That's right. Because even that is, uh, I think something to add to then I'd love to hear your thought on this as well.

It's also integrating into the OSS as well, right? The Windows update that they did, they want to integrate copilot into your operating system. Apple has obviously all done the similar thing as well. They're trying to integrate AI into your phones. Gemini is native as well, and whatever Sam Ortman comes out with, uh, Steve from X Apple, that would be like, so it's all also embedding into our devices as well, natively.

But then we still, I don't know if you're at that point where, [00:18:00] since the time you made the prediction that the adoption of AI browsers is all time high. I haven't really seen any STAs on this, but I definitely don't see a lot of people raving about it either. Have you seen anyone being like, do you use it?

AI browsers? Yeah. AI browsers.

Caleb Sima: Yeah, I don't think so yet. And to me, I feel it's because what I hear a lot of people that are doing AI browsers per se, but I think that it's very hard for you to switch browsers, right? Like it, that is like asking to switch operating systems no matter what benefit. So the people who have switched into AI browsers specifically are super early adopters, super techie already, you know, at the edges.

They're like you and I, right? In terms of their AI usage. Yeah. And the only reason why I haven't switched to an AI browser is because of security concerns. The biggest problem with AI browsers is prompt injection becomes the biggest threat ever.

Ashish Rajan: Yeah.

Caleb Sima: Yeah. Because the browser has access to everything and prompt injection is completely, you know, it is a problem that is [00:19:00] unsolved.

And so it is very bad in AI browser world for that. That's the only reason why I haven't switched AI browsers. And so I think there's this, there's a combination of both. I think AI browsers quite haven't shown. The, you know, right now everyone's still getting used to the go here and do all your stuff with AI versus use what you're using and AI will do it with you.

Yeah. That is a whole second stage, that needs to occur and then you need to then say, well, I'm gonna switch in order to get that. I also think a lot of people who are like us, 'cause we're again, early adopters, we have very specific models that we use for specific things. I use Gemini for this. I use CPT for this.

Yep. I use, that's true. You know? You know, like this is all, and right now the problem with these browsers they don't allow you to pick the specific things at which you want for your specific models. Mm-hmm. Um, and, and I think again, we're early adopters. We're techie. We're geeky. Um, yeah. This is very much an early adopter nerd problem space.

Mm-hmm. And it just hasn't gotten, AI needs to get [00:20:00] more mainframe. Like if we go, and my guess Ashish is like if we go to Iowa Yeah. And we talk to the average person in Iowa about their usage of ai. It's gonna be like, what? It's gonna be very little. Like, okay, well I use it like I use Google, right?

Yeah, they are. They are where we were two years ago. Yeah. Right. And so I think we've gotta see that shift occur before I think really these true adopt and prompt injection has to be solved.

Ashish Rajan: Like that's, yeah. And I guess maybe just to double click on that prompt injection for a second there. And you know, we have the top 10 list now we have top 10 for everything.

Top 10 for MCP, top 10 for agent ai, top 10 for the list goes on. From an AI specific perspective, I think, I don't know if we actually. Called it out as a prediction, but I think, I'm pretty sure over time, I think it was one of the conversations we had with Jason Clinton from Tropic and all the other guys were there in that panel that we did for state of AI security or actually the one that we did recently, uh, which is the Black hat conversation we had with Jason Headaches and Daniel Mesler where we were talking about the different threats and which ones are real and which ones are [00:21:00] just like, I guess they, yeah, but I don't know how often that happens.

Prompt projection was still number one in that list. Data poisoning and everything else that's been listed in top chain was kind of like, how often is that really happening? Am I really in your environment? Like I still feel maybe this is something that is top of mind for people today and would continue to be, uh, the prompt objection still seems to be the most reasonable, at least.

Today as, as we record this from an AI system security perspective, everything else is like kind of, but I would probably put them in like a low, medium versus prompt. Is, prompt objection is like right up there if they're high risk, right?

Caleb Sima: Yeah. I think a prompt injection is again an unsolved problem.

Yeah. That continues to be a unsolved problem. So like, and the, the real issue is when it comes to browsers and the ability for any text to then take control. It's very, very hard to trust anything you browse and then be able to say, oh, okay, this will work, right? My browser, if I browse a random website and it has access to my Gmail, like, we're screwed.

[00:22:00] You know that that solution has to be figured out really well. And I don't know, like when that happens then, you know, I think, we'll, I will adopt and switch, but until then I'm not.

Ashish Rajan: I think the other one, which I think, funny enough, it came out yesterday or day before. I don't know if you saw it. I think it's called ID Expo exposure or Id, ID release.

Essentially it's a bug in, it's a remote remote code execution bug on Id. Yes, used by browsers, so I can't remember the name, exact name of it, but essentially it's not just browsers, but it's also your IDs. These days are susceptible because if you're using AI for coding, then you're definitely in that category as well.

Another thing is data security, which is one of the predictions that we had as well, where that two data related predictions we had. One was data security will be the biggest winner and data platform will become the enterprise AI operating system. Think, I don't know. It feels like the data security is still very top of mind for a lot of people.

People are still trying to have a hundred percent data classification coverage across the organization. Which may not have been the case before, but people are definitely serious about it, especially after, and I don't know if you knew this, but I [00:23:00] recently came across uh, so I'm doing this, uh, obviously, you know, the AI Security summit in here in the UK for Blackhead Europe.

One of the conversations about EU AI Act, which I did not know is a thing, is that any European company that is using AI has to give a annual transparency. I guess algorithm transparency information or something, I can't remember the exact legal name for it, but the whole idea is that you need to be able to show the reasoning that was done behind decision.

What was the for data lineage, if you wanna use that word. And that is something that people who are trying to follow EU AI Act have to come across. I don't know. And the hope is it's gonna travel through America as well, in terms of finding some way of version of it. Um, although we haven't had anything after the, what was it?

The AI action plan or Trump released something. Right, which was the

Caleb Sima: Yeah, well, I mean, in our current administration, you know, obviously. We're not gonna see any new policies, regulations, or compliance stuff come around here. 'cause that all those have been ripped apart though.

Ashish Rajan: Oh, even the, uh, the one for AI has no longer active.[00:24:00]

Caleb Sima: Oh, I'm not sure. I'm not sure if that is Oh, right. Okay. Out or not. But it's just say we're not very pro policy, security and safety.

Ashish Rajan: Talk, talking about policy and safety as well. In terms of the legal frameworks or, uh, cybersecurity frameworks that we have loved, they have also evolved quite a bit.

Any and I think we, obviously, we never made a prediction on it, but we did have a protection around AI governance, privacy, and national AI ecosystem will continue to be more geolog. Yeah.

Caleb Sima: Yeah. Our, our, I think our, the overall set of that was every. Country, this is a race and everyone will start to close down their data because data is money.

And yeah, we predicted that we would see that occur. And that is true. That has definitely happened. Like obviously I think the Europe has always been very pro privacy, pro their data, their citizen data, but you know, that has absolutely amplified and you're seeing that everywhere. China, us [00:25:00] everyone is locking, locking down for sure.

Ashish Rajan: Yeah. Do you find that at least in the, obviously we are talking about predictions that we made, uh, on this, do you actually see this change outta curiosity considering, I mean, they're trying to find a balance between innovation and being able to win the AI race. Have you got some thoughts on whether this is a good thing?

Just geo locking,

Caleb Sima: I mean, obviously. It depends on how you look at it from who, who benefits from, from geo locking and who doesn't is, right? Yeah. So it depends on which view you're coming from. Like I, I, I don't really, you know, I really don't have an opinion, right? Like, as a consumer, you're going to lose in the sense that the capabilities of a model will be less than because you have less data.

Mm-hmm. Right. As a consumer, from a privacy perspective, you might win in the sense that well, okay. You know, making some assumption that your personal data may not be in the model anyways. But like. You know, like, hey, like I like to ensure that, okay, at least Europe controls its data is [00:26:00] not gonna go share it to the us.

You know, like these kinds of things, you know, might be, uh, a great thing for you. But like, listen, at the end of the day, one thing we've learned is that the more data AI have has access to the better it is. So yeah, only restriction on that data is going to be negative in the capability of the model. And you know, we still have that even in the us like at least to some extent.

I don't know the, I'm sure some reader can tell me that I'm, what the answer is here, but like, Gemini is going to be dumber if it does not have access to all of our personal Gmail data. Mm-hmm. If it does have access to all of our personal Gmail data, it will be way smarter. Like just, it's just a given.

Yeah. So I don't know how to answer that right. Is, does privacy and safety. Hurt us or not. I will say I, I have a, you, you know, my thing on safety, I think we are way overprotective on models. I think, for example, I can't use Gemini and Nano banana to upload a photo of me and my family and like modify because it has my [00:27:00] daughter or my kids in it who are underage and it refuses to, you know, mess around with any photos or video of kids.

It won't do it. Wow. And it's just like, there's just a lot of, do you remember like way back, I don't know how many seasons ago I was complaining that it AI wouldn't even generate an image of a bullet for me. Yep, I remember that. Yeah. That

Ashish Rajan: was first

Caleb Sima: season. Yeah, we were talking about first season and like that has not gotten any better.

Uh, no. In fact, grok used to be the model that you could go and have some freedom, and that has gotten even more locked down than even the foundational models today. You know, it's just, it's really frustrating to me that somehow models, model, companies have decided that they need to deci to make the decision as to what is safe, or you need to be my mom and my dad to tell me what I can or cannot do with your model.

And like that is problematic, which I [00:28:00] believe OpenAI. This will, this should go into our next prediction. Yeah, yeah. Go for it. Yeah. Predictions for 2026.

Ashish Rajan: Yeah.

Caleb Sima: Is that OpenAI and others, which we are saying are going to start doing. You've seen this spread of. Age ident authorization. Right? Which is you need to prove you are not, you are of a certain age, right?

Like if you are 13 and below 16, 18 and below, 21 and above, like all, like there are, there are now age restrictions. UK is obviously in your, is all about can't go and access things without having an age. Yeah. That obviously is gonna pair directly to identity, which is gonna go directly paired. Where hey, maybe, and I hope this is true, that these foundational models will then say, okay, you're over 21.

You are a cl I have your identity, I know where you are. Like all, I will then open up the models. OpenAI has talked about having an adult content model, right? This is the kind of stuff that, okay, [00:29:00] finally let's have some, some reasonableness and some logic in what safety.

Mm-hmm. And actually for all the model providers. Like an OpenAIs for this, this is gonna make them a ton of money. Right? Yeah,

Ashish Rajan: I would imagine so as well. Yeah. Yeah. I guess to to your point, it's I think my opinion on this is kind of for, for lack of a better word, and maybe you are more, and maybe it's just because I'm part, part of the European, uh, bandwagon.

I guess I definitely like the safety option also, because you almost see how far humans can go when there are no. For lack of a better word. No. Barriers is probably not the right word. No guardrails. Maybe if you gonna use security context, I guess just because you like obviously I come across a lot of the specific cases around bullying and all that as well, which kind of happens quite often and I think I, growing up I obviously never have that, but I definitely find that imagine something like a nano banana being misused for any of that.

I can totally imagine. 'cause let's be honest, school kids are probably very creative in how far they can go in terms of pulling a joke on someone. So I don't know if, if, uh, I would not want that. I [00:30:00] definitely feel the, I personally feel, and that again, that's my personal opinion, to have age restriction is a good thing.

Maybe it gotta goes back to what the episode we had on identity proving who you are and you're a human. Uh, that was the world coin, I wanna say. Yeah,

Caleb Sima: it's world coin.

Ashish Rajan: Yeah. So I, I definitely feel we're almost inching towards that kind of a future as well. And over here in the uk. Now, no matter to, to what you said, uh, even if you're a business or an individual, we are all required to have an identity login with the government as well, with the passports and everything else that's coming in there.

It was already the case in Australia already. Uh, for some time. Uh, I don't know if it's in the case in the US but it definitely is a case here in Europe and UK and Australia, where now governments have started asking for identity that's linked to a, some sort of id, which there was a physical person who had approved it, like, for example, a passport or driving license.

So you had to go into a physical office and share, share basically, Hey, yes, I'm a Ashish and blah, blah, whatever my [00:31:00] credentials are. Well,

Caleb Sima: I mean, the, the point being is, AI will be the forcing function to get us to identity. And to re reset the way that our, at least the US' identity infrastructure is built.

And this brings up a lot of great examples, which is, hey, kids should not go and generate, bullying photos or whatever they want to generate there, and then spread it around, right? Yeah, of course not. They shouldn't be able to do that. Yeah. They shouldn't also do the same you know, even before ai, they could easily go and go use Photoshop and go do the same thing, but the barrier to entry was too high.

Yeah, yeah, yeah. Um, but now, like, what would happen is, you know, you can't use AI without being authorized. So an identity is now linked to everything you do in ai. And then that, that then creates accountability. Yeah. That accountability is gonna be linked. When they generate that image will be linked to that identity.

That image is [00:32:00] now. Associated. So if they go and they pass this out, then it's gonna be clear, oh, that was Bobby who did that. Yeah. You're in trouble, right? Mm-hmm. Like that is going to come. Yeah. It just makes no it will happen.

Ashish Rajan: Yeah, I, I think that I, and I guess I know we kind of getting into 2026 prediction, but one thing which is left in the 2025, actually two things that are left in the 2025 predictions we made.

One was the whole agentic AI will be over hyped with very few real deployments. I think one season we, I'm pretty sure we had to define Egen AI multiple times and AI kind of took off. Now, every pipeline, every person you speak to, they're all making agent pipelines. No one's really making an AI pipeline anymore, even though I'm pretty sure it's an AI pipeline.

But hey, I'm, I'm not the best, I'm not the best judge of it. Maybe because they have CPS A two A, this is so much, has kind of happened from a protocol perspective that that was at least, I would like to think we were still right there, that it is still not the true agentic AI that we have been talking about.

A lot [00:33:00] of people who have clearly have worked in this space. I've been talking about the AI workflow, which has been quote unquote made agent for everyone. It's kind of like that's kind of where we are. The number of people who who are using CPS and A two A are still far fewer. Uh, there's still a lot more people who are running AI workflows with say a question, going to an LLM, getting a response back, whether it's an A-P-I-C-L-I, whatever the, the format may be.

But having cps, because there is still a big question mark on the security part of MCP in spite of the updates that came from them. And there's still a lot of unknown in terms of sandboxing. How do, how are we sandboxing say, 10,000 MCP servers running inside an organization? The scale of it, but for me as well, uh, what are your current thoughts on, I know we kind of called, it's over hype.

It is still over hyped.

Caleb Sima: I mean, I would say, no. Well, I mean obviously the problem was with, with hype is just everyone's calling everything an agent. Right. Just going back to everything was calling everything ai. Now [00:34:00] everything has been called an agent.

Ashish Rajan: Yeah.

Caleb Sima: And I mean, technically speaking, you know, we defined what an agent was, which was Yeah.

Something that could only accomplish something. Normally a human would, would only would have to do prior to ai. Yeah. Right. Like that, that's the agent part. I think that MCP as an example, internal to companies, I think is everywhere. Yep. Like every engineer, everyone is plugging their crap into MCP.

Everyone's doing their glue code with MCP. I mean, you're seeing it everywhere. In fact, someone had showed me a stat, I don't know where the stat came from, but it was. MCP internal to enterprises is like super high. MCP and consumers is low, right? Yep. And I think what's happening is people are building production systems in the sense that for consumers, like if you go to something like task lit.ai, right?

Yep. That's for consumers. It's sort of the, the, the, the AI Zapier, they absolutely use MCP for all of these integrations that you go and provide. Yeah. [00:35:00] Um, and that is being used everywhere. Uh, so I don't think it's overhyped in the sense that, hey, do we think agent stuff and their capability and what they're saying it can do is overhyped during the actual usage and what it really can do.

Mm-hmm. I do think it's pretty mapped. And in fact a lot of people, again, let's, you know, going into next predictions, but it's not about the model's intelligence anymore. What it's about. It's about how you use the model and the workflows around the model. So did you see that thing that is like poetic, I think just announced?

Did you read that? Yes. And so you know about this and I'll tell the, the audience like it's not about then improving the model. It's about building the workflow management around the models and scaffolding. Being able to say, Hey, when I tell Gemini to do something, I'll use OpenAI to validate.

I'll use this model to then pass information to that [00:36:00] model. I'll then manage it over here to call this tool versus that tool. It's all of the orchestration of doing this really well. And understanding the flows is where you're eking out. And that is agentic, right? That's agent, that, that is eking out sort of real intelligence out of these things.

And so I think that's where you see that next wave.

Ashish Rajan: Interesting. Uh, I still feel, uh, the, my reasoning for feeling it's all still over hype is the fact that the number of applica, I'll just use the word agentic AI in production is not where it is. But the amount of services that want to help you build agentic, secure agentic, I mean even sneeze and I don't know, marry as well, if you want to use that word.

I definitely find there's a lot more people who are talking about it and a lot less people taking into production. I think that's kind of where I'm coming from. I think for me the hype is more from the fact that it's not the, yes, a hundred percent. I think we kind of [00:37:00] spoke about the scaffolding is more important.

We were talking about the, the DARPA competition that happened and there was this whole debate about whether it's the right AI or the scaffolding around AI that's gonna win. And I think the answer was the scaffolding around the, oh, she, no answer was the opposite answer was, uh, the people who won were the people who were using only ai.

The scaffolding people came second, which is the trial of bits of which we spoke to.

Caleb Sima: And, uh, well, I, I, we don't know. I don't like, from what I remember, the reason why he said that they came in second versus first was actually they were being too filtering Yes. On their identification of issues versus the team that did it didn't filter.

They just said, we're just gonna do everything and then the remediation, patching will figure out what's valid or not. That was sort of the

Ashish Rajan: Oh, yeah, yeah. Sorry. No, that definitely was, but I, I, my understanding of the, the part that they worked on for the one year that they were given, they were building the scaffolding around it.

They had to redo the entire thing again because it broke or whatever. [00:38:00] But I, I think I, you kind of summed it right as well. Uh, I guess where I'm going with this is that having those conversations with people made me lean more on the fact that it's a hundred percent on the scaffolding or the workflow as you, as you said, is what.

The secret sauce would be for moving forward, but at least today, what I see and where I feel ent ai feel hyped is that I was talking to someone recently and uh, they were talking about the Yeah, yeah. We, we use ai, but a lot of people still define them being ag agent as them using copilot and Chad, GBD in their, in their office for a, yeah.

Skill set or gem. It's still very much on, like, I think the number of people who are using MCP in production or building actual flows are your tech forward companies who probably don't have a regulation that they need to adhere to, and rightly so, right? They're able to go faster because the people who have to have the regulation to what you said are prompt injection, that is still a big unsolved problem.

Now, me as a bank cannot have a chatbot available to the internet where I can ask it any questions that [00:39:00] I want, which creep into the territory of, I don't know, asking health questions and getting a response and going, Hey, my bank of whatever just gave me some health advice. I followed and it was not right.

I think. Those guardrails are still not perfect. And at least that's my justification of it. And I think I definitely find that we are far from calling it like mainstream. Like mainstream in my mind is more like, oh, I have co-pilot, which is mainstream now. I think it's almost like some kind of a co-pilot, whatever the version may be.

Yep, yep. I would agree with that. Yep. Which leads me to the next next prediction for CISOs who are tossing between, uh, actually this is an interesting one. So, so the prediction was CISOs should not hire AI agent engineers yet. And because, uh, the, the whole, obviously this was confirmed I'll let you say your thoughts on this, if you are stand on, this has evolved, uh, since the last time we spoke about this prediction.

Caleb Sima: Yeah, I mean, I, I actually am still probably sticking with that prediction, which is no one has hired AI [00:40:00] engineers in that sense. That is the, the dream moving forward is that quote unquote, I can obtain the budget of. AI engineers by building an AI engineer. There's a lot of people going after that.

I do believe it will happen though. Like for example, I have a portfolio company that when they started building their product, I was like, oh, we need to make it, it's for detection engineering. We need to make it like a co-pilot for detection engineering. Maybe it can replace the junior detection engineer, right?

Mm-hmm. Similar to what you saw in soc, you know? Yeah. Like, oh, and then after seeing what they've built and how they've been working with customers, this thing is. Staff principle level detection engineer, right? Like it is absolutely doing the entire job of a very smart principle detection engineer. And so it replacing and or you quote unquote hiring that versus the [00:41:00] others I think is very.

Close and if not pragmatically reasonable into

Ashish Rajan: the future. Hmm. Interesting. I think my reasoning on this still stands as well, but maybe for different reasons. Uh, one is I, I think, I love the fact that you called out budget because I was at AWS we went last week, I think, and I had a few conversations, which was, which surprised me, which was some of the CISO budget for AI is actually going to the CDO, the chief data officer.

But they're saying that they are responsible for data, and if AI security is predominantly a data security problem, they should be under my budget or my remit. Uh, so a lot of CISOs have started losing their AI budgets, the ones who are signing ai products or security products at the moment. A lot of them are potentially from I don't wanna make a blanket statement, but essentially they're trying to tick a box in the organization for they're doing something.

And I think it, it's probably oversimplifying it or over putting, as I said, putting a blanket statement on it. But there's definitely a lot of. Need for proper budget [00:42:00] conversation, uh, for people. I'm sure, I'm sure people would go into this in 2026, about where that budget should sit, whether it should be sitting with the CDO or should it sit with the ciso.

The, that was an interesting conversation for me was to whether who should own it, and I'm like, I'm technically thinking that, wait. Because we talk about security for ai and ultimately security responsible is for ciso should be there, but hey, maybe I'm biased because we are on a security podcast.

If you, if you, if this was the chief data, sorry. Data security podcast may be a different, uh, the, the second thing, one, the AI engineering piece for me was interesting is that a lot of people, uh, who are trying to replace an AI engineer at the end of the day, in my mind, an AI engineer not at least the current stage of it would be a data engineer who's trying to help a security.

At least that's the stage that I believe we are in. We are not in a stage where I, a, because I don't have a data pipeline to actually congregate, bring all the information in. Maybe I have a theme, but I don't have a data pipeline where I can [00:43:00] start, piping that into a LLM and start doing predictions or whatever else I do, I would like to do for my security team.

That's where I'm finding a lot of people are finding that they're not hiring for AI engineers because the AI engineer currently is, is sitting with the data people who are trying to show ROI to the organization for why we investing so much money in ai. That's a lot of conversation I'm having.

Caleb Sima: Yeah. So like, you know, to maybe tackle both of these.

Yeah. I I think technically what you're saying makes a lot of sense, but I feel practically speaking, what happens inside of an organization is there is no, everyone just becomes AI engineers. Guys who are data engineers are gonna be retitled AI engineers, data scientists are now just gonna be called AI engineers.

That's right. Yep. They're just all because AI engineer sounds better, sounds cooler, has higher. Salary and comp.

Ashish Rajan: Yeah.

Caleb Sima: So like I, I don't think, I think data engineers and data scientists are just gonna be thrown into an [00:44:00] AI engineering bucket. Yep. I'm with you on that. Yep. And that's pragmatically what will probably end up happening or if not already happening.

And then it goes to your budget question, your budget question it, maybe it's different with ai, but I don't see how it would it be versus anything else in the org. You know, every company has a different culture how they approach budget for cyber. Yep. Like you can say, let's just take, without ai, let's just take engineering versus security.

Yep. Okay. If you take that model where it says, well, engineering owns the security budget because they build all of the shit you need to protect. Mm-hmm. Uh, so they should own the security budget, which in some organizations is true. Right. You have a product security team that sits in the engineering team, and then you have a risk team or an audit team that may sit outside of that team, um, that has their own budget, that does their own things, and that that can, can occur in a lot of organizations.

There's just a CISO that has both the product and the risk [00:45:00] organization and they're given the budget to go and do those things. So similarly, I think in AI or data that it's the same thing, right? Like if you buy a DSPM product, that is built for security people. Yes. Right. Like the security team's gonna buy DSPM, the data team probably isn't gonna, but maybe.

And the CDO may say, and depending on the organization, data security, DSPM, anything revolving around that, they're gonna have their own security team that will budget that, and then there'll be a risk audit team external to that to make that work. Mm-hmm. All, you know, again, every organization does it in various culture and process.

Yeah. You know. Overall, I feel there are always pros and cons to either of these models.

Ashish Rajan: Yeah, yeah. Oh yeah, a hundred percent with you. And I think the o other thing that I would add to this a a hundred percent based on the organization culture for sure, and depending on where the organization want to go.

'cause another kind of organization are the ones who have built the AI Governance Council, where all these calls are being made by the council, not [00:46:00] even by individuals. They're the ones who are deciding where the budget would go, what the policy would be, what AI would be used. So there's that definitely, that kind of organization as well that we probably can.

I think at least it gives the people a variety of different options. And maybe some are, some people rate face, some people are going, oh yeah, that kind of, that maybe is what my organization is like. I'm conscious. We should also talk about our predictions for 2026. I think we've kind of gone through all nine of our predictions that we're made for 2025.

Caleb Sima: For 2026 authentication authorization is gonna be super, super key. Moving into next year, I think we're gonna see self-trained, self fine tuned models. Come out, that'll be super interesting.

Ashish Rajan: Um, what, what do you mean by that? Just to kinda expand.

Caleb Sima: So actually a long time ago when I did this, I, I, I did that BSides presentation about Yeah. Where AI is gonna go. Yeah. And I made this prediction in there that hey, models [00:47:00] need to learn like humans.

Ashish Rajan: Yeah.

Caleb Sima: And right now, the way that it works is you build a model and then you take data and you fine tune it.

Yep. And these are very separate instances. That's right. Why should they be separate? They should just be one continuous thing where you produce a model, it will learn, it will fine tune itself and then evolve on its own. Mm-hmm. And, uh, that next year I think will be a reality. We are already seeing that uh, hugging face just announced that on hugging face, now they've created a MCPable automation that you can take a model and fine tune that model all automatically.

So you can just literally prompt it and it will fine tune itself. So the ability to auto collect the data, do the thing, fine, tune itself, push to production, and then make this a very seamless. Thing I think will be by 2026, a normal standard thing. Which would be really interesting.

Ashish Rajan: Do, do you reckon the AI bubble would burst in 2026?

I [00:48:00] mean, it feels like it's pretty close to bursting right now. I mean, December now, so I guess next, I mean, I don't imagine it happen next month, but I mean, I guess one thing I think you, I

Caleb Sima: I, I, I do think 2026, we should probably see a bursting of the AI bubble. Yeah. It's gonna be bad. The problem is, is like, I don't know if the government or other players will allow the bursting of the AI bubble, oh, it's built such an amount of, you know, this is my evil conspiracy theory stuff again, but like, it's, there's so much capital in this that it's, it's a too big to fail problem, right?

Where I think there's so much money. That they like, it's gonna be very diff like, I don't know if they'll allow it. I think they will like just continue to pump capital to keep it there. Because like at the end of the day, the cost and the amount of productivity you're getting outta AI definitely don't think matches these multi-trillion dollar businesses and companies who [00:49:00] are making, 20 million in revenue, but getting, you know, $800 billion valuation, you know, just, just like crazy shit.

Yeah. Um, I just don't, I don't think that can last for long.

Ashish Rajan: Maybe, maybe that's a bubble that burst in terms of the crazy valuations rather than, I guess it's a, for me personally, I definitely feel, and I maybe you agree on this as well, that even if the bubble did burst. AI is not gonna go away.

So hopefully we continue to have AI security conversations after that as well. For sure. Yeah. Yeah. So I, I don't think AI is gonna go away. Kinda like to, I think maybe you called this out at the, uh, the.com boom or someone else is calling it out where, even though.com boom did happen, but the internet has continued and evolved into what it's today, but some companies would completely disappear.

I'm looking at OpenAI, but it'll be really interesting if it does.

Caleb Sima: You Whoa, whoa, whoa, whoa, whoa, whoa, whoa. Let's back, back up here for a minute. I gotta get, make sure we get, did you just make a prediction that OpenAI is gonna dis disappear?

Ashish Rajan: I definitely feel it would, and I, I'll give you the reason for this as well.

The reason I say that, and I feel that is more from a [00:50:00] perspective of, I think, and this is me being, making a financial analysis and not, I'm not even a financial expert looking at what Google Gemini is doing in terms of, they have the, you know how if you look at the. What was that circular thing that floated around between Nvidia OpenAI and then Yeah.

Yeah.

Caleb Sima: The, the, the, this is the evil conspiracy part. It is like Nvidia, all the frontier providers. Yep. Right? Yep. Uh, are all holding themselves up because they don't want the token cost to drop they's, right. They want keep that high. Yeah. Uh, so that they continue to benefit from this, Yeah, I agree.

Ashish Rajan: And I think that's gonna, but then Google on the other hand has their own processes that they've been working on that they've released and they've been using. So I think I definitely feel the Amazon's Google, they have the advantage here in terms of already having the capability to continue the race, for lack of a better word.

Whereas people who are relying on other people to provide them Chip. I think, uh, the thing that I was looking at, [00:51:00] you're saying

Caleb Sima: that go Google and Amazon already have the business. Yeah, they're just catching up on the AI that's versus AI is trying to figure out a business. Uh,

Ashish Rajan: that's right. Yeah. I, I would say that's a better way to put it.

Yeah. I think from, with the people who created the AI space, and I think, I don't know if you read this, but I think there was a speculation going on. Anthropic is trying to go public as well. They're trying to hit IPO. Yeah. You almost go like, what are you running IPO on? Are we just like Don? But, you know, but the

Caleb Sima: thing is, is like people are gonna invest a ton of money 'cause like they're gonna go public.

Everyone's gonna invest.

Ashish Rajan: Yeah, yeah, yeah. The hype would be there, but that doesn't mean the public company cannot be, uh, it may be get bought by someone else, but I think my, I, because I didn't think of Anthropic in that place for some reason. 'cause I definitely feel that it definitely gives me better 'cause they were not in that whatever that the, the friend circle of Nvidia, uh, chip manufacturing foundation model was.

Right. I definitely feel for, for me personally, I'm like, it's definitely very much used everywhere. It has opened the door for what could be a possibility, but it definitely. Has all the science. For me personally, [00:52:00] looking from the outside as like, I don't know if this company would exist as it does exist today with all the hype around it.

Because if you think about the number of experiments they've run, they tried consulting, they tried, uh, that didn't work. Then they went down the path of, hey, to what you were saying, they have specialized model for special things. That's just experiments trying to figure out, hey, what other revenue source can we add to continue to survive and continue to show?

We are more than just a chatbot. Yeah. Whereas Google has all the other things, Amazon has all these other things. Microsoft is like, Hey, I don't really care. Use whoever you want. I'm just gonna let you create anything like the foundation pieces of these foundation models, they're not disappearing.

They're just, to your point, catching up. I think that's where my, my, I guess, conspiracy theory is coming from. I definitely don't think there is a lot of runway for them if, unless they come up with a chip. Somehow they, they solve the, become like this data center provider. 'cause they don't even have their own data centers.

Caleb Sima: I mean, they're, they're in the middle of that right now. But you know what, what I would say is, man, that's a bold [00:53:00] prediction. I, I can't, here's the thing that I would maybe counter. Yeah. I would you are right in this deep, there's this deep sense of there is a bubble that's holding these guys up.

Right? We know this. Yeah, yeah. But the thing that we're waiting on is the, uh, is there has to be proof. That this can, that they are overpriced, right? And so then that proof comes in what ways? You could say China produces, like one of the things China's very much into is it's not about the size of the model that matters as much in order to get to this next barrier.

Efficiencies, yeah. Intelligence, right? Yeah. Yeah. They are very much saying. Actually, it's not about 80 billion, a hundred billion, you know, like, you know, parameter model. It's, it is about your refinement and able to run things cheaply. Yeah.

Ashish Rajan: And so efficiency too, like lack of better word. Yeah, efficiency is right, the right kind of parameter.

Caleb Sima: That's right. So DeepSeek is pushing these barriers. And so like when they come [00:54:00] out and be able to say clearly you can build just as smart models, way, way cheaper, cost way, way cheaper inference. And here's how you do that. Either through them producing the right model, producing different chips that can now do it at, far more efficacy than Nvidia can, or whatever it is, which I don't know if it's even possible, but like whatever that is, these things have to come in as barriers to say, oh my God, there's an outlet that has proven that what these guys are all stating is false.

Yeah. Yeah. And so what we have to, like, what is that thing that comes out and says, oh, what these guys are, OpenAI and Anthropic and Nvidia are all false, uh, is going to be the big thing that we need to be able to see,

Ashish Rajan: to be fair. I mean, it's not just the Chinese model, right? 'cause the Mistral, which is the French version as well.

Yes. But isn't it,

Caleb Sima: Did it, didn't Google buy half of that or something? I forgot.

Ashish Rajan: Oh, I don't know. I didn't read that news, but I think I, it's, I mean, I guess it's kind of goes to show that it doesn't have to be just an American [00:55:00] company doing it. I know every movie is like American superhero, but I think it's, it's like, it definitely has proven that to what you said, the proven the point that there are other ways to achieve the same result is kind of where I point.

Caleb Sima: By the way, Ashish just to, that DeepMind is European, it's London

Ashish Rajan: oh, I mean, deep Mind is European. Yeah, but not, yeah. So Google

Caleb Sima: actually is European, uh, it's uh.

Ashish Rajan: The, and I guess yeah, because Waymo thing happened in Oxford as well, so there's a lot of European things in there. Deep

Caleb Sima: DeepMind is created out of London.

Uh,

Ashish Rajan: yeah. So there you go. So is the, the European people who are kind of maybe leading the charge over here, but I guess, so you had another point,

Caleb Sima: kinda,

Ashish Rajan: you had another point in there that you wanted add, so didn't wanna cut you off after the fact that China has proven Oh

Caleb Sima: yeah. The, and the, the thing that OpenAI has, that nobody else has is I actually, I would say maybe two things.

Number one, they have the Mindshare, the brand. Everyone says ChatGPT. Everyone knows about OpenAI. Mm-hmm. Like on a consumer level, they [00:56:00] are Kleenex, right? Like they are the, they are Coca-Cola. They are, yeah, they're Uber. Yeah.

Ashish Rajan: Yeah. They're, they're Uber. They're the brand period.

Caleb Sima: Yeah. Right. There is just no, there's nothing else that could even come close to that brand.

Nothing like Claude doesn't, Google doesn't. No. Like nobody can come to that brand. And the second thing that they do quite well, that none of their other competitors is they actually can build a decent consumer product like chat. GPT as an app is decent. It works well. It actually has the right features, it has good feel and, and I like it.

Versus Anthropic not so great and Google terrible. Mm. Right. Terrible. And so, like, you know, these are two very, very key facts that are hard to beat. Is they, OpenAI is AI for most of the consumer world

Ashish Rajan: to Yeah.

Caleb Sima: Yeah. And they build a product, they are actually good at building consumer decent experience products.

Ashish Rajan: Hmm.

Caleb Sima: And so [00:57:00] like, will Google win to the consumer? I just, I don't think so. Look at how their integration of Gemini is with their office suite. It's terrible. Mm. Like everything they do in user consumer experience is bad. Yeah. Yeah. You know, so is Anthropic gonna win the enterprise?

Is Google gonna win the enterprise? Very plausible, but on the consumer, I don't see anyone competing with OpenAI.

Ashish Rajan: I'll give you the consumer side, I definitely find that, you know how earlier we were talking about, we are probably using a different kinds of, for different purposes, you put perplexity for something else, you use Anthropic, something else, and Cortex or whatever.

I, I definitely find for, let's just say my consumer problems, I definitely lean more on Chat GPT. So I, I agree on that also, whether it's, I'm talking to it. Or I'm using it. I think, uh, I've told my family to use it. This, if my 70-year-old dad can use it, it's almost like saying, okay, how good is a UI that someone who's in their seventies can actually work with it and talk to it and [00:58:00] do all of that?

Yeah. Yeah. So a hundred percent on the consumer side, I think where I'm coming from is, obviously I need to ask perplexity. What's an example of a company that was, uh, the, the as popular as Uber, but never survived. But I, I dunno the example top of my mind, but I, I definitely find that actually, I don't know.

Would no, would not be a OL I'm trying to think of any, any companies from Intern Boom that were like all the hype back then, but then just come like, I don't know. Yeah, net Navigator was a browser. I can't think of anyone who was just there like that. They, they started the race 'cause Google and stuff came much later.

It I'm sure. So, well,

Caleb Sima: in the search engine game you've got like Alta Vista, Lycos, Yahoo. Yahoo was a big one. And then Google came around and just ate their lunch.

Ashish Rajan: Yep. Yeah, for sure. I wonder if that's kind of where I'm going with this, because just because OpenAI has opened the door for it and kind of like yourself and what we're talking about here, I'm sure other people notice in the UU, the UI part of this is the key.[00:59:00]

Maybe, uh, that is the one thing that makes 'em stand. But at this point in time, if I, I, I'll still stand by my prediction and I think if maybe they get survived, I don't know. Maybe, uh, when we do this episode again in 2026 December, I would be like, I cannot believe so such and such thing happened.

Or I could be completely right.

Caleb Sima: I mean, this is the fun part about the predictions, right? Yeah. Yeah. I like your prediction. 'cause it's like ballsy.

Ashish Rajan: Yeah. I mean, I, I definitely, I, it's funny. I think to your point, it definitely is very, uh, very palpable is where I'm coming from.

Caleb Sima: It's, yeah. And, and the thing is, is like you are, everyone knows they're kind of, they're kind of, there's some truth in that.

Right. There's, there's a little bit of like, man, this can't keep going. Right? Yeah. Like this is not, like, they're not, what you're doing is not enough. Right? It's not sustainable. It's not, yeah. It's not and the thing about it is, if anyone did sort of what we are saying around actually dropping token price or proving that better models is not about more compute power, [01:00:00] um, that the game, that whole, the whole Ponzi scheme collapses.

Yeah. Right.

Ashish Rajan: Yeah, because I guess to your point at the moment, the ecosystem of all the AI applications that we see, they're all built on top of ChatGPT or similar. Yes. 'Cause I think to your point, that it's that it's that whole entire ecosystem who is trying to work on this, but they also are planning for the fact, what if I use Gemini for it?

I, I mean, I'll, I'll love for people who are reading or watching this to leave a comment on whether, what their prediction for this as well. Uh, but I think we already made two predictions, two strong ones. Any more prediction before we wrap up? Man, before, uh, I mean, we spoke about AI bubble. I definitely feel I'll,

Caleb Sima: I'll do, I'll do my predictions through other episodes.

Ashish Rajan: I've got more, but yeah. Oh, perfect. I think the only other thing I'll call out in which we kind of said was unlikely, which was the production use cases for ai, I definitely find we should be able, and my my hope is this a, there, there is still a knowledge. If I were to put it at a scale in terms of knowledge of AI and how to [01:01:00] secure ai, that is still on a, still on a scale.

People who are probably listening to this episode or listening to Cloud security podcast, or sorry, AI Security podcast or keeping up to date on the AI space. They're probably on the very right of they know what to talk about and how AI is evolving and all of that. But there's still plenty of people who are not touching at all any of the basics of AI or going into the, uh, nitty gritty of, Hey, if my data team or engineering team is building something in ai, what do I need to do?

'cause there's, there's a, there is still no training per se for this. Uh, there's no great evals for this. So I definitely find that is one place that I would, I strongly believe would change in 2026. There would definitely be more applications coming out in production because the amount of pressure that these people have on their, uh, diet reports, I would be surprised if there's not many more applications.

Agentic applications to use the word that would be in production 2026. I definitely feel we are very close, uh, to [01:02:00] getting something there.

Caleb Sima: Yep. I agree with that. I mean, you have to and, and I also think that it's so close, like when I look at the companies and I'm looking at, it's very close. It's, it's, it's at that 90% and that 10%.

Ashish Rajan: Yeah. You can almost touch

Caleb Sima: it.

Ashish Rajan: Yeah.

Caleb Sima: Yeah. But it's so close. There's so much capability, so yeah,

Ashish Rajan: I agree. Yeah. Yeah. And I definitely feel we are not getting away from prompt injection even in 2026. There is no way. I think that is, I think the intent base. Maybe we reduce the false positive, but it would be, uh, continuing into 2026, I think.

With that said, I think I've got four predictions already. And to what Caleb said, we probably could, would keep making more predictions throughout the 2026 season. Uh, but thank you everyone for tuning in. I think, uh, well that, that would be a wrap for season three and we'll see you on season four. Yeah.

Thanks for tuning in. Thank you for watching or listening to that episode of AI Security Podcast. This was brought to you by Tech riot.io. If you want hear or watch more episodes of AI security, check that out on ai security podcast.com. And in case you're interested in learning more [01:03:00] about cloud security, you should check out a sister podcast called Cloud Security Podcast, which is available on Cloud Security Podcast.

Do tv. Thank you for tuning in, and I'll see you in the next episode. Peace.

‍