How to Build and Implement AI Systems That Businesses Can Trust 

Intro  0:01  

Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:21  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional, providing practical privacy advice to overwhelmed companies.

Justin Daniels  0:35  

Hi, I am Justin Daniels. I am a shareholder and corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk, and when needed, I lead the legal cyber data breach response brigade.

Jodi Daniels  1:01  

And this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust, so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business, together we’re creating a future where there’s greater trust between companies and consumers. To learn more and to check out our best-selling book, Data Reimagined: Building Trust One Byte at a Time, visit Redcloveradvisors.com So, in your intro, Justin, you forgot a really important job that you also do. I

Justin Daniels  1:42  

can’t wait.

Jodi Daniels  1:43  

It’s Bug Killer and Wasp Nest Killer. Sorry to anyone who might like Wasp. Sorry,

Justin Daniels  1:49  

you know, it’s interesting because the lady I play pickleball with, she’s like, “Well, do you tell people on your podcast that you play pickleball? And I’m like, I don’t think our viewers would really care either way.

Jodi Daniels  1:59  

I don’t know, we have a lot of pickleball players, we could have a whole little podcast pickleball tournament.

Justin Daniels  2:04  

Yeah, maybe.

Jodi Daniels  2:05  

All right. Well, thank you for killing the wasps outside our front door today. And I hope everyone else out there has a.. I hate bugs. So, moving along,

Justin Daniels  2:14  

I think you think

Jodi Daniels  2:15  

them.. I hate them. Well, I’m proud to stand on a chair and say that I’m definitely afraid of them. It’s okay.

Justin Daniels  2:20  

I have pictures of that.

Jodi Daniels  2:21  

I know I’ve even called neighbors over. I hate books. All right, now that everyone knows that.

Justin Daniels  2:24  

Okay. Well,

Jodi Daniels  2:26  

today,

Justin Daniels  2:26  

so let’s introduce. We have a very unique perspective today. So, we have Myles McNamara, who’s the principal software engineer for Tarkenton. So, he is the lead technical architect and full stack developer specialized in building secure, scalable software solutions. He oversees infrastructure, code, and system design, serving as the team’s in-house expert. Previously, he worked with a Fortune 500 government contractor and ran his own software and hosting company. Hi,

Jodi Daniels  2:59  

Myles. Welcome to the show.

Myles McNamara  3:01  

Hi, thanks for having me, guys.

Jodi Daniels  3:03  

Well, Myles, we always like to get started with understanding people’s career journeys. So, can you share yours?

Myles McNamara  3:10  

Yeah, no problem. So, kind of, as you mentioned, right? So, I spent most of my career building and operating systems, right, where security, you know, actually matters, right? So, government systems, large scale infrastructure, you know, environments really handling sensitive data, and so, you know, over time, a lot of that work started kind of converging around the same challenges, right. How do you move that data efficiently? How do you automate things? How do you do it in a controlled, secure way? And, you know, as a developer, AI was really the first place that that paradigm shift showed up in a practical way, right. It was one of the easiest areas to start integrating, we’re already working with structured data API automation pipelines. It was kind of the next natural evolution, and you know, once AI became accessible and usable, it was the next step, right? So developers always use tools like open source to be more efficient. AI is just the next layer of that. So, you know, now that we’re able to do that, move these actually move and process data, they can interpret it right. We’re kind of using that to really go forward with things, and that’s really where my focus has been lately.

Jodi Daniels  4:08  

Very interesting. I know we’re going to get deep and technical, which is going to be super fun.

Justin Daniels  4:14  

So, Myles, will you want to share with us a little bit about what Tarkenton does and how it AI, how its AI works,

Myles McNamara  4:22  

sure, not a problem. So, at a high level, right, what we do is we partner with companies to help them design and integrate technology in a way that actually makes sense for the business, right. We’ve been doing this long before AI, working with enterprises, SMBs, and, you know, everything from embedded systems and organizations like ADP to, you know, rebuilding tech stacks and helping reduce tech debt, things like that. AI is just kind of the latest evolution of that work, but you know, the core challenge hasn’t really changed, right? Our core philosophy we have that Fran really has is our maximum, right, is that the mission of business is to help people. So we kind of like to approach this as a partnership, and we’ve really been able to. Kind of see from the inside how enterprises are under pressure to adopt AI, and kind of they have a lot of that internal friction, and on the other side, SMBs know they need it, but they’re so focused on running their business they don’t have the time or resources to figure it out, right, especially in a secure way. So really, what we end up doing is helping translate the, you know, we need AI into something real, you know, what problems are you actually trying to solve? What data do you have, and what did systems actually do, right? And so, pipIQ is kind of that product that really came out of all that experience for us. And you know, again, after working inside these environments, we kept running the same challenges around data control, security, you know, really actually making AI usable in real-world systems, and so you know, instead of solving that from scratch every time, we kind of built pipIQ as its foundation for for our business, right? And pipIQ, at its core, right, it’s a private AI platform that focuses on control, right, where data lives, who can access it, what the system is allowed to do. You know, every customer runs in its own completely isolated environment, where their data, their documents, their vector databases, document processing, everything is internal, right, without being sent to any third-party providers, and so you know underneath that, right, we’re really model agnostic as well, so we’ll use internal and external models, depending on the use case, right, if it’s gov cloud or third party providers if needed, or you know, some clients even like running it in their own, you know, their own fully hosted setup. The real constants here is control, and we’ve built, you know, our own PII detection and handling layer as well. So, when we need to call those external models, we’re only sending exactly what’s necessary with that PII redacted tokenized, so we can rehydrate it once we get that final response back, right? So, at our core, we’d like to partner with companies and go through it, and really help them to get not just plugging in AI, right? Everybody’s, I need AI, I need AI. It’s really about building the right environment for that, so that they can actually use it safely and effectively.

Jodi Daniels  6:55  

All the rage these days is AI agents. I need an AI agent to do whatever it seems like people want it to do, so how do you actually design an AI agent from scratch?

Myles McNamara  7:09  

That’s a great question. So, when we design an AI agent, the first step we actually take is deciding whether we actually need an agent at all, right? And a lot of things are being called agents today, and a lot of times they’re really just workflows with a model and some kind of tool calls. In those cases, you’re usually better off keeping structured because you have the flow and it’s much easier to secure, right? An agent really makes sense when you need the system to make decisions, like choosing what tools to use in what order, adapting to a dynamic problem, but once you give that system that kind of autonomy, right, then the design really becomes your security model. So, for us, when it comes to designing an agent, the first thing you kind of have to look at is like really what data can it access, right? What tools can it call, what actions it’s allowed to take, right, because those decide, or those define what your risk is, so you know, as a developer, for me, right, when we come and look at it, a lot of times people are looking at going, what can what should my agent be doing, right, and as a developer, for me, the way I have to really think about it is I have to come back and look at it and really say, what should it not be doing right, what should we not have this allowed access, and you got to kind of take that step back to really go through that and look at it from, you know, the high level look of it, because this is where things can start to get really scary if you’re not looking at it from that angle. Is that, you know, prompt injection can come into play, right? Once an agent can call tools, you know, prompts are not just text, they actually start becoming actual actions, and so you know, really, any kind of untrusted input can influence the system to do something that you know you didn’t intend it to do. So, again, for us, and especially me as a developer, the way we look at it is really taking it from a step back and saying, what should you not be able to do, and kind of mapping that out and figuring out how those two play together, so that you can actually then come in and say from the start, right, I have this agent, it is secure, I know exactly what the data is, I know exactly where it’s going, I know exactly what it can control and what it can do, so it’s very really for us it’s purpose built right and tightly scoped, so it’s choosing that right level of autonomy, so that you really do have control, the security, the permissions, things like that. So, again, we have people come to us, and they’ll ask us about agents, they’ll say, we need the agent to do this, we need it to do this, we need to do this. Again, for me, as a developer, I have to take that step back and really say, okay, I know you want it to do that, but what should it not be able to do? And I think that’s what a lot of people kind of miss whenever it comes to really designing an agent itself, because there’s so many tools out there, there’s so many other pieces you can use to build these things, that it’s, it’s hard to really answer that question without really looking at what it should not do. That kind of makes sense.

Jodi Daniels  9:54  

It does. I think it’s a really important.. I mean, I’m always having conversations with people. Always trying to say, think of the worst case scenario. I know you don’t want that to happen, but let’s take a worst case scenario, and then how are you going to mitigate so that doesn’t happen? And this is sort of a similar, similar situation,

Justin Daniels  10:13  

but I would say there’s another variation on the theme of what Myles is saying. So he’s asking the question of what not to do, and then my head is thinking, what are some of the unintended consequences of what it’s allowed to do, because I guess Myles, one of the things I wanted to kind of delve in with, with you a little bit was just in the comments you’re making, it sounds like as a developer you are consciously aware of privacy concerns, where the data is going, security concerns, and what’s interesting to me is, you know, for example, you probably saw the recent trial with Meta, an article that Jodi and I wrote, where there’s evidence that came out that they made a design choice in their AI that if somebody was, you know, some kind of predator, they got 17 strikes before they were thrown off the platform, and in my mind I look at that and I was like they made a conscious decision to not worry about what I thought was a pretty serious risk, and so I was wondering if you could talk a little bit about from your perspective as an engineer, and you may have your degree of privacy or security expertise, how do you think about some of these competing interests? And then when it goes through the funnel of this process, I assume marketing gets involved and other people get involved that can dilute some of these concerns from a security and privacy perspective, because they don’t always necessarily drive revenue or could create friction that would limit adoption.

Myles McNamara  11:49  

Yeah, it is a bit, a major issue, right? And it’s kind of when you look at it, it’s, you know, we can try to do everything we want to do, and I think there was actually a recent thing that came out about the whole FSU thing, and the guy using Chat GPT, and stuff like that, too, right? And it’s where it’s, you know, that’s just using Chat GPT in general, but it’s kind of the same, you know, around the same idea of everything, right? Is it’s where those safeguards live, right? And what are you putting in there, and where are you designating that specific agent, or whatever it is, to, you know, like you said, can it, you know, after this, you set it to do this, and really, a lot of that comes into constantly evolving as you’re going through stuff, but for an engineer, you have to kind of balance a lot of those things between each other, because when you’re putting in kind of that, that the rules that you put in there, as well as kind of, you know, handling not only that, but just like that unsafe input, right, it’s just like when you’re building a website, right, and I always, with my developers and stuff, I always have to reiterate to everybody when I talk to them, is that you know any kind of input that comes in, you have to just treat it as unsafe input, right, no matter what, and that’s again when it comes to designing these systems, when it, you’re looking at the marketing side of things, and they’re like, we want this thing, and we want to say this, or we want to do that for developer ourselves. We have to kind of, or at least an engineer side of things. When we engineer these agents, we have to really take into consideration the fact that, yes, I understand you may want to do that as the marketing side of things, but at the end of the day, if we don’t have these real security and the privacy controls in there, then at the end of the day, it’s not going to matter if something bad does happen, right? And something happens and you get sued, or something else happens there, or it could even be something like you’re using an agent to, like I said, you know, you’re inputting, you’re pulling in untrusted input, right? And it could be a web page, it could be a support ticket, anything like that could then influence unintended actions in that agent, or however you have that set up, without you even tending to do it right. It could be things hidden on there. I know a lot of there’s tools out there now, like I think it’s Tavoy, things like that, right? They’re actually doing handling for you, because they’re an MCP server where you can actually search the internet, checking on there to actually see if somebody’s trying to do, like, you know, prompt injection, things like that to try and protect that stuff, but at the end of the day, it’s for the engineering side of things. It’s really having to, we end up having to push back a lot, because for me, I’m not comfortable putting out something if it’s just for the marketing side of things. Again, if I need, if I’m looking at it, I’m going, okay, we need to have this security piece in here, this security piece in here, but it’s not only that, right?

Myles McNamara  14:23  

It’s also taking in and looking at and seeing having that audit ability of looking at how things are functioning and actually going, and you know, you can build the thing, but it’s a constantly evolving thing that you need to make sure that you then keep iterating on and going through, and so it’s it’s hard to really answer the question, because again, there’s each angle has different opinions about how things should be done, but from the engineering side of things, at least for me, it’s more about putting in those safeguards as best we can, but also continuing to adapt, because things are going to consistently change, people are going to come out with new ways to, you know, break things, get into. Things, and we’ve seen that with all the prompt leaks and everything else, and so it’s again, it’s it’s not the model itself where the risk is coming from, it’s coming from how that agent is really integrated into systems, right, the permissions, the data flow, and really that control around everything, and if you treat it just like it’s a smarter chat bot, then you’re going to miss all those risks entirely,

Jodi Daniels  15:22  

you talked a lot about various security risks and controls. One might be one or two controls someone listening could say, oh, I should really go and talk to our various teams to see if we have these in place.

Myles McNamara  15:36  

Well, in the essence of whenever you’re building agents and things like that, if that’s what you guys are kind of referring to, so whenever you are going through and building these agents, right, a lot of the controls that really need to be put into place is really how that system operates, right, the clear data boundaries, right, what data exists, who can access it, right, how is it isolated between users, between organizations, between agents, right, even because that information gets passed between from one agent to another, right, and so how is that data coming from here? How’s it going to there? And so, for me, the biggest thing control wise is, is just at the end of the day, is that data itself, and really understanding how the system operates. What we’ve seen a lot of the times, and even customers we’ve gone into work with a lot of times, is they just do some integration and they just give it access to like everything, because they just, they just want it to work, and they don’t even think about having even just the basic controls in there, of, you know, how is how is the access here set up, who can access it, do we actually have any kind of logging or any audit ability or any tracing to be able to look through and see how did that thing happen, and so you know a lot of like I said, a lot of time we’ve come in and gone through it and it’s going okay, you guys have just you gave it access to everything you guys have and anybody on your network can actually go in there and start pulling this stuff, and so it’s like you know again that’s where we kind of built the pipIQ stuff, right, is so that we can have those separations as well, to where you can have finance, you can have, you know, HR, they can all have their own little what we call team spaces, at least, but it’s making sure that that control is there of the access to the data, because at the end of the day, again, models are going to do whatever they’re told to do, but whatever data you give them, right, then can come spit out all kinds of different things,

Justin Daniels  17:27  

so Myles in answering Jodi’s questions about the security controls, I kind of want to zoom out a little bit, because one of the things that Jodi and I see constantly is everybody’s in a rush to deploy AI, AI agents, and this little conversation about AI governance, a lot of which you’ve been talking about with these various aspects, it just gets overlooked, and I think that’s part of the reason why we’ve seen some of these strange results, like bots or agents selling a Ford f1 50 for $2 or things of that nature, and I was just wondering if you could share a little bit about from your perspective, how do you build AI governance into system design, or at least stop long enough to have the conversation, because I’m sure even in your current role and other roles you’ve had, there’s always that pressure to get the software done, tested into market, and I don’t want to talk about AI governance, just slows me down.

Myles McNamara  18:29  

Yep, and that’s actually a really great question, right? Because I think there’s two parts to this, and you guys have actually touched on this a lot in some of your other videos too, right? Is that you know if government or if governance lives in a document, right, it’s already failed, right, just just in period like that, right. So, again, it is, you know, governance is something that you have to layer on after, you know, in the system as it’s being built, right from the beginning, and we’ve seen a lot of organizations treat that as like the policies, the guidelines, things like that, and so for us, what it really comes down to, again, kind of, as I mentioned, right, is creating those clear data boundaries, right. Again, Who can access it? What data exists? You know, how it’s isolated, and then just setting those permissions at the system level, right? What actions are actually allowed, right? What requires approval, and not just writing it down on a piece of paper, right? Actually designing the system within mind of that, and I kind of touched on this before again, but right, that goes back into the whole idea of the visibility, the logging, the audit trails, so when something does happen, if it does, right, you can answer not just what happened but why it happened, and I think a lot of AI systems are missing that today, you know, and that’s when you kind of look at it and you’re going through it and you know there’s a there’s model and data control and making sure you understand where the data is going, you know what models are being used, what external dependencies exist, right? That’s what we’ve seen a lot too, is that you know you’re sending data here, it’s coming here, and if you don’t design that from the top down, then you’re already, you’ve already kind of lost control, and you know it’s not. But at least for us, governance is in a separate layer, right? It has to be built in that architecture, right, through the boundaries, through the permissions, through the visibility, and if you don’t do that up front, then it’s very hard to bolt it on later. So, you know, in the general sense of things, as an engineer, we always try to get people to do this, but as you guys probably know and have seen, right? It’s always sometimes ends up being a later thought, right? Security always ends up being an afterthought of, oh, we should have done that. So, it’s for me, and something I always push is that it has to, it has to be done that way, because if you’re not, if you don’t understand where that data is going, who has access to it, what third-party providers are being used, then you’ve already kind of lost the battle,

Justin Daniels  20:44  

so Myles, just as a follow-up, just, you know, someone in the industry, what do you think happens as to why the AI governance conversation doesn’t happen? Is it as simple as there’s this rush to market and it just slows down, or what do you think is about your particular background that you’re consciously aware of the design? Hey, what should it do? What it should not do. My security and privacy, because when we see products from other companies or just talk to other teams, Jodi and her work and mine, it seems like these conversations don’t happen, or people aren’t aware, or just a different perspective.

Myles McNamara  21:24  

Yeah, so it’s personally I’ve always been a very security-focused person, so for me it just comes natural at first. But I think to answer your question right, a lot of the times what it ends up happening is that you know it’s not necessarily intentional, right? It’s not like somebody’s like, “I’m just, I’m not going to do this at all, we’ll deal with it later, right. It’s a lot of times it is just it’s it’s either just that ignorance aspect of it or they’re really just trying to push to get to market so fast of whatever they have, or they’re just they don’t have the resources, right? They’re they’re they brought in people and they said you do this thing right. They don’t really have somebody overlooking the security aspect side of things, and really looking at it to say no, guys, we can’t do this, and they’re just kind of, you know, going and checking that checkbox of yes, connect it to this server, yes, connect it to this MCP server, yes, send all my data here, yes, you can access all my stuff, and so I think it’s what ends up happening is is that you have decisions made by, you know, people maybe not necessarily doing the implementations, and then they kind of push on those who are doing the implementations to, we need this done, you have this deadline of xyz, and then that kind of ends up getting those things as kind of as an afterthought, right? And now with AI, that makes it even more visible than it was before we had AI, right, because now you have AI going through, especially with myth those release and stuff like that, kind of with what Claude was talking about, like it’s it’s a little bit scary, right? So you have to get this stuff integrated from up front, otherwise once these bigger, better models come out, things like that, you know, they’re going to be actively exploiting everything, and how you protect yourself, really, for me, and as an engineer, I have to push back, even when I get that from the top. I have to push back and say no, we need to do this. It has to be done this way. We need to go through this extra step, and you know it’s.. Do you want your company on the front page of the paper tomorrow?

Jodi Daniels  23:17  

I’ve been saying that for a really long time. We really had papers too, so nobody believes

Justin Daniels  23:24  

that until they’re on the phone. I’ve been

Jodi Daniels  23:25  

using that line for decades. So, Myles, knowing what you know about privacy and security and AI at a party, people might come and ask you, so what is what should I be doing? What’s your best personal privacy or security tip, you might tell them.

Myles McNamara  23:45  

I would say my best tip is that it’s not guaranteed. A lot of people just inherently believe that privacy and security is just inherent, and it never really is, especially now, and we’ve learned that with all the Facebook data stuff, right, and stuff like that, that we’ve learned it’s just, it’s that’s that’s not the case. The next thing would kind of be that you can’t treat AI tools like they’re isolated systems, right? You have to assume anything you put into them as a part of a larger data flow that you may not fully control or know where it’s going, right, whether it’s just logs, it’s integrations, it’s how the systems configured. People don’t think in the terms of, like, what does this model do? You know, it’s kind of like what you really need to think is like, where does my data go after I send it, right? Are you training on it? Are you going through this, and you know, kind of like we had talked about before, right? Finding that checkbox of, you know, don’t train on my data, right? Do they make it easily accessible? Can you go check in their terms of service? Is it? Do you even know if that’s actually happening? And so I think that’s where we have a lot of these issues right now, with like shadow AI and things like that, is that you know people are pulling up their phones and they’re just typing stuff in there, but did they actually go through the process of don’t train on my data and. I’m dropping in this company document that has all this sensitive data in it, so to me the biggest privacy and security tip I tell everybody is it is never guaranteed. Assume anything you put in there could be on the front page tomorrow.

Justin Daniels  25:18  

So, Myles, when you’re not designing cool AI tools. What do you like to do for fun?

Myles McNamara  25:24  

My wife would probably give you a different answer than I would here, but for me, a lot of the things I do for work kind of carry over into what I enjoy, right? So I like tinkering and building things, being a maker in general. So you know, I love being the talk of the neighborhood around holiday seasons because my house lights up from LEDs and all this stuff I put out there. I also like kind of messing around in blockchain technologies, right? I do that a lot, cryptocurrencies, things like that. And just recently, I’ve got a five month year old son now and a three and a half year old daughter, so I actually enjoy spending time with them as well, and outside of that, if I’m able to, I love painting, and that’s one of my paintings right there. But it helps me disconnect from technology and just focus, you know, on things not zooming around me.

Jodi Daniels  26:14  

It’s a really pretty painting, and anyone listening should go watch the video, and you can see the painting in the upper corner, it is really quite nice. Myles,

Myles McNamara  26:22  

thank you.

Jodi Daniels  26:23  

Well, thank you so much for joining us. If people like to connect and learn more, where could they go?

Myles McNamara  26:28  

They can check out our website at tarkenton.com t a r k e n t o n.com or pip i q p i p i q.com

Jodi Daniels  26:40  

Amazing. Well, thank you again for joining us. We really appreciate it.

Myles McNamara  26:43  

Absolutely, thank you guys for having me.

Outro 26:49  

Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes, and check us out on LinkedIn. See you next time.