 We're back in Las Vegas at the Aria for Falcon 22, CrowdStrike's big user conference. I'm Dave Vellante and you're watching theCUBE. Sven Krosser is here as the Senior Vice President and Chief Scientist at CrowdStrike and we're going to get a masterclass in AI for security. Sven, thanks for coming on. Appreciate it. So I love the title. Just I'm excited to have you on. I understand you were like employee number two or you know, really early on. Among the initial nine, yeah. 11 years ago and I think two days you started. What was that like? Was that, did you know George beforehand or kind of? Yeah, I knew George before, like not as well as I know him now. And it sounded like a pretty good proposition about what he was having in mind. Like things security-wise didn't really work that well back in the day. And we wanted to try something new, like cloud native, data-driven AI and use that to stop breaches. So yeah, like it was very exciting. Like you go there, you have nothing there. First day you open your laptop and you try to reinvent security. Yeah, so I mean, I know he never, he talks about this. I never said we're going to be an AV company. But of course, you know, you start with antivirus and when you're at an end point and known malware, okay, but unknown malware at the time wasn't really being addressed. And if I understand it, you guys brought in machine intelligence from the start. That's, that's right. And like the way we looked at it is, like back then we said you don't have a malware problem. You have an adversary problem. Just like recognizing that it's not malware, but there's people behind it that act on objectives that you need to, that you need to counter and you don't want to run after them. You want to be ahead of them. Like that was, that was the approach, like at a very high level that we were taking. And you know, now we have it a little bit more summed up and we say we stop breaches. So like that's the end result. So how do you specifically leverage AI? Which parts of the portfolio, is it across the portfolio? And, you know, where did it start? How did it evolve? Yeah, we're very data-driven. So we're working hard to use the proper tools to work with data wherever we can. And AI being one of these tools that we like to bring to bear. The, the clouds, the cross track security clouds at the moment we're doing about roughly two trillion events with a T per day. Like that, that volume of data, like going through our platform, that's not something that you can, that you can work with manually, right? So we need, we need to bring the heavy machinery. Like that's, that's how we're bringing AI to bear. Two trillion events per day. I mean, there aren't a lot of organizations that see that many events a day. I mean, maybe, maybe some of the hyperscalers possibly. I don't know. That's a... Yeah, I think, I think it really allows us to get unprecedented insights into what's actually going on out there in the, in the landscape. And, you know, it's, it's like, it's like with a camera or a telescope, the bigger your aperture, the fainter signals you can detect. And that's why, that's why the volume is, is critical. And that's why we, that's why we, from the get go set out to build a cloud native platform so that we can actually aggregate this type of data and analyze it in one spot, basically where, where everything comes together that we can draw these connections. Will we ever see security without humans? I don't, I don't think so. This, this, this notion that machine intelligence is so intelligent that it just takes these jobs over. To me, it's more like a tool, right? Like these, these algorithms, they do need to learn from something. They need to learn from human expertise. The way at CrowdStrike we have things set up is like our, our human teams, our threat hunters, our MDR staff, our incident responders, like whatever they do, we're taking these insights and we're feeding them into the AI algorithms. So if there's, if there's a new type of attack and we have an incident response team on the ground and they find something that gets leveraged, put into a database and our AI can learn from it. I really like that in the keynote, Kevin Mandia actually talked to that, you know, like get the incident responders out there, get their knowledge, bake it into products and that's, that's the approach that we're taking with, with, with our AI. So in my head, I'm thinking, okay, what do humans do better than machines? I mean, humans are creative, right? Machines really aren't creative, right? I mean, and adversaries are very creative. So I guess flip side question, what does AI do? What does the machine intelligence do that humans can't do? Is it scale? Is it just massive volumes? Help us understand what humans do well and machines do well and how they complement each other. Yeah, so AI is very good at working with extremely large amounts of data. Again, like cloud native platform, like that's where you get this AI advantage. It can work with data that is a lot more complex, like more facets of data. So we talked about XDR here at Falcon a lot, right? Like you get data from all these different products from all these different angles. Like the more different facets you add to that, like it becomes overwhelming for the human mind. It's just like so much complexity that a human can put together in their brain. With AI, you don't have these limitations. It's just math. It's just like multiplying big matrices and you can work with a lot larger data sets, like those two trillion events that we do per day on the QuadStrike security cloud, but also data that is a lot more complex that has more facets, looks at the problem from different angles. That's where AI is especially useful. I want to ask you, as a topic I haven't asked anybody this week and I've been meaning to is, you know, there's this concept of living off the land, right, using your own tools against you. How are you able to detect that? Is that because of lateral movement? Or I mean, I'm sure there are many, many factors, but how are you addressing that problem that's kind of stealthy using your tools against you? Yeah, so adversaries, this is again, there's motivated humans behind that. They figured if they drop a malware file on the machine, that's an artifact, an indicator of compromise, right? And that can be detected. So they're avoiding dropping files on disk that could be detected or to bring their own tools. They try to work with the tools that they find on the machines. They need to act on objective though. There's something they want to accomplish. Like they're not logging in just to, you know, like do nothing. And this is where indicators of attack come in, right? Like we know what their objectives are and we're trying to capture this. We're describing this in an abstract way. What is it that they try to accomplish? That's what indicators of attack describe. And when they act on these objectives, then we can catch them. So I think that the term indicators of attack, you may have coined it, I'm not sure. I think there was an announcement at Black Hat. Those indicators are not static, right? That's your point. The humans on the other end are motivated. Are you, can AI help predict future indicators of attack? Maybe working with humans? Yeah, this is something that we recently rolled out where we're connecting our AI intelligence to our indicator of attack framework. Where basically the AI crunches the big data and then the indicators, the knowledge that the AI generates understanding the context of the situation can feed into the indicators of attack that we're evaluating to see if an adversary is acting on a specific objective. And then if an IOA triggers, that can feed back into the AI and the AI can use that information to derive from more precise results. We have a good feedback loop between these two systems and they're more tightly integrated now. As an AI expert, I want to ask you, is the intelligence, is AI actually artificial or is it real? Well, it is artificial because I guess we build it, like it's human-made. I think a lot of people get hung up on the term intelligent and it's not really intelligent in the sense that it acts on agency with agency, like you would look at a problem, right? It's good at solving specific types of tasks and problems that we can define in ways that these algorithms work on it, but it is not the same level of creative thinking that a human brings to the problem. And this is going back to the beginning of the conversation. This is why we like to have humans involved in the teaching of the AI. The AI can act autonomously in real time, stopping threats, but there's humans that take a look at what is going on to give the AI input and feedback and improvements because we are up against other humans, right? You don't want to have a human kind of press the buttons of the AI until they found a way around it, but that's called adversarial machine learning, a very real threat as well. We're looking at the problem as humans against humans. Like what tools do we need to bring to the battle to keep the adversaries out of our customers' networks? Okay, so my follow-up is, but there are systems of agency, fraud detection is an example, but I think your point is that that never would have been possible without humans. Is that right, or? Yeah, like on the one hand, these systems get trained with human knowledge. On the other hand, there are humans that take a look at if the systems give the right responses. Like there isn't, if you talk to your smart speaker, like for me, like I'm asking my smart speaker to turn a specific light on in my living room and it half the time doesn't work, right? Like that wouldn't happen with a human. There's a lot more context and understanding and humans are more robust. Like it's harder to fool a human. The limitation that we humans have is complexity, complexity and volume. So we're trying to make like a peanut butter and cookie approach, a peanut butter and chocolate approach rather, where we want to use the human creativity alongside the AI which can handle scale, complexity and volume at unprecedented scales. And when you bring it out to the edge, we were just talking to Stefan Goldberg about IoT and extended IoT. When you think about AI, a lot of AI today is modeling that's done in the cloud and then applied. But when you go up to the edge, you're starting to see more AI inferencing in near real time or even real time. Will that change the equation? What's the future of AI and cyber look like? I think it will be pervasively applied. So we're using it already on the edge, on our sensors but also in the cloud. On the sensor, we want to be able to act very quickly. On the endpoint, we want to be able to act very quickly without any delay with local information or if the system is offline for a period of time. So we have AI models running there. In the cloud, we have the advantage of being able to work with vast amounts of data without slowing down our customers' machines. So like models will be applied everywhere where there's data. That's kind of the name of the game. Like let's bring this type of artificial intelligence, this type of refined, digested expertise wherever the data sits. On the endpoint, in the cloud, where you have it. And CrowdStrike doesn't care, right? I mean, it's just- I mean, we care about stopping- Yeah, but you're agnostic to the physical location of- That's correct. The activity. So last question is how should we as humans prepare for the future of AI in cyber? That's a good question. I would say like stay creative and like figure out how we can get that knowledge that you have, like formalized into databases, right? AI, the way I look at it is an amplifier of human expertise. You do something at a small scale as a human. The AI system can do it at a big scale, right? Like it's kind of like digging with a spoon, whether it's digging with an excavator, with a backhoe. So I'd say stay creative and see how we can take things that we do as humans in the small scale and let's do it in the cloud, like with large data volumes. Great advice, good creativity, I think, is the key. Sven, thanks so much for coming on theCUBE. Really appreciate your time. Thanks for having me. You're very welcome. Okay, keep it right there. Listen, by the way, I meant to tell our audience a lot of resources at siliconangle.com, thecube.net, wikibon.com has a ton of research all available for no charge, no password needed. Just access that, check it out. We're live from the Aria Hotel in Las Vegas, Falcon 22, Dave Vellante for theCUBE. We'll be back after this short break.