EP. 47 Biometrics, Sabotage & $5 Trillion Infrastructure with Kevin Surace
EP. 47 Biometrics, Sabotage & $5 Trillion Infrastructure with Kevin Surace
About This Episode
Kevin Surace, inventor of the world’s first virtual assistant and the technology that laid the foundation for Siri, join us for a wide-ranging conversation on the two forces reshaping enterprise tech: AI and cybersecurity. Kevin exposes why the MFA and authenticator apps most companies rely on are actively being exploited, and why biometric FIDO2 is the only real fix. He also gets candid about why 80% of AI rollouts are failing, what true AI-first culture actually looks like, and why the one-person, fifty-agent startup is coming for every traditional business that isn’t paying attention.
Know the Guests

Kevin Surace
Serial Technology Entrepreneur
Kevin Surace is a serial technology entrepreneur, innovator, and thought leader known as the "father of the virtual assistant." His pioneering work at General Magic in the late 1990s laid the foundation for modern voice AI technologies like Siri and Alexa. With over three decades of experience across multiple industries, Kevin has founded and led numerous successful technology companies, earning recognition as a visionary in AI, cloud computing, and cybersecurity. Currently serving as CEO & CTO of Appvance.ai since 2012, Kevin has developed revolutionary generative AI technology that eliminates manual software testing, using AI to automatically find bugs in enterprise-class software. He also chairs Token, a next-generation biometric authentication company that uses fingerprint rings to stop ransomware attacks by replacing legacy MFA systems.
Know Your Host

Matt Pacheco
Sr. Manager, Content Marketing Team at TierPoint
Matt leads the content marketing team at TierPoint, where his keen eye for detail and deep understanding of industry dynamics are instrumental in crafting and executing a robust content strategy. He excels in guiding IT leaders through the complexities of the evolving cloud technology landscape, often distilling intricate topics into accessible insights. Passionate about exploring the convergence of AI and cloud technologies, Matt engages with experts to discuss their impact on cost efficiency, business sustainability, and innovative tech adoption. As a podcast host, he offers invaluable perspectives on preparing leaders to advocate for cloud and AI solutions to their boards, ensuring they stay ahead in a rapidly changing digital world.
Transcript Table of Content
00:12 - Introduction & Kevin Surace's Origin Story
04:39 - Why Your MFA & Auth Apps Are Already Compromised
07:33 - The Biometric FIDO2 Fix & the Case for Going Passwordless
14:34 - Convincing Enterprise Leaders to Ditch Legacy Security
23:11 - Why AI Adoption Is Failing & What AI-First Really Means
26:10 - The AI Sabotage Problem & Lessons from the Industrial Revolution
32:47 - Agentic AI vs. RPA, Infrastructure Bets & the Energy Crisis
50:40 - Future Trends, Advice for IT Leaders & Kevin's Upcoming Book
Transcript
00:12 - Introduction & Kevin Surace's Origin Story
Matt Pacheco
And welcome to Cloud Currents, a podcast that navigates the ever-changing seas of cloud computing, cybersecurity and emerging tech. I'm your host Matt Pacheco and I lead the content marketing team here at TierPoint. And in my role, I help businesses understand cloud and security trends to help them make better decisions about their IT strategies. Today we have a truly exc. Exceptional guests. Someone who's been at the forefront of the technology innovation for over three decades. Kevin Surace. He's known as the father of virtual assistants. That's awesome. Having pioneered voice AI technology at General Magic in the 90s that led the foundation to Siri, Alexa and a lot of the other modern voice assistants.
Currently, Kevin serves as CEO and CTO of Appvance, where he's revolutionizing software testing through generative AI and as chair of Token, a cybersecurity company stopping ransomware attacks through next gen biometric authentication. Kevin is also a highly sought after keynote speaker. He does a lot of these, delivering around 50 talks annually on AI and innovation to corporate leadership teams around across the world. In today's episode, we'll explore the evolution of AI from its early days today's generative models. Discuss the critical cybersecurity vulnerabilities that most companies don't even know they have, and look at how AI is transforming everything from customer service to manufacturing and cybersecurity. We'll also tackle controversial topics like job displacement, energy consumption and the future of robots. Should be a fun combo. Kevin, welcome to Cloud Currents. We're so glad to have you on.
Kevin Surace
Yeah, thanks for having me, Matt.
Matt Pacheco
Sweet. So let's talk about your journey. Let's start there. Can you tell us about your journey from start to where you are today in tech?
Kevin Surace
Well, you know, I was raised in upstate New York actually, and my dad worked at GE in audio Electronics. So I kind of got this excitement about electronics and ultimately computers from being around all that stuff, if that makes sense. And that led me to Silicon Valley where I spent many decades and got some 95 worldwide patents or so on a whole variety of things, including the, the first virtual assistant called Portico and my talk, and her name was Mary and all of the things that, that we learned and in fact much of what we learned about human interaction with a software we learned during that time and laid out in these patents on how one would do this. Right.
And, and, and it turns out humans like to interact with other humans and we immediately anthropomorphize them, we give them names and we have an interaction, because that's the interaction we're used to, right? So if you were virtual, Matt, I would start to interact with. Even if I knew you were virtual, I would start to interact with you like you're a human. It's just what we do. And this was born out of several Stanford studies, believe it or not, and a book called the Media Equation. So it's great to work on that. And I think, you know, that was in the late 90s. I had done some work before that in semiconductors and some other things and in the first cellular data phone, which was called Air Communicator, which came before the voice stuff.
So I've had lots of fun things I got to do.
04:39 - Why Your MFA & Auth Apps Are Already Compromised
Matt Pacheco
Tell us a little bit about where you are now.
Kevin Surace
So look, I'm working on a number of things, as you mentioned. I do about 50 keynotes a year around the world on AI on the joy Success Cycle, which is my upcoming book. And especially in the era of AI and the Joy Success Cycle and also cybersecurity. So cybersecurity company I have is called Token it. We believe that the future is biometric security. And if I don't know that you're you even here, I don't know that you're not a virtual you or a deep fake or an interactive deepfake. Right. So I will know in the future because you will use your fingerprint to log into everything. And fingerprint is something that should never be stored in a network. It should be stored in a hardware device. It should be right next to you. It must be proximal to the person logging in.
It must be bound to the application that you're logging into. And, and if you do all that's in essence un-hackable. You can't do relay hacks. You can't do really all of the common hacks that are done today. And so what people probably don't know that are listening to that. This. A few may know, but most don't. Is that your off apps? You know, we know what these off apps are that say, is it you logging in or here's the number or MFA or two FA or any of the. Those are not just hacked every hour. It's very easy to do. But. But in fact, they're a honey pot. Like if you're using the Salesforce off app, there's a kit that thwarts that right now. It's. And it's incredibly Easy. It's a relay kit. All of these are relays.
And I'll take a moment, explain how a relay works. A relay attack. Real time relay attack. So what a real time relay is I send 2000 of your employees a phishing email, but it's generated by AI, so it's become indistinguishable from. From real. It says, you better log into your, you know, employee to your point.com account, right? Whatever it is. And so, because something's up. And so, yeah, you click on it, you go to login. It looks pixel perfect because the website that you're logging into, which is fake, a spoof site, is pixel perfect, and it's generated by AI in about five minutes, literally pixel perfect with a relay on the back end. That means the front end is pixel perfect. But everything I'm putting in there is going to the hacker, right? So I send this to 2000 employees.
I get one that takes the bait. You log in, you put in your ID and your password. They've got that. But then you go, I'm protected because of MFA. I have an auth app, or I have a 2fa that comes on my phone. And what do you do? The Auth app lights up and it says, is it you logging in? And you say, yes, it is. It's not you logging in. It's a hacker in Russia logging in. That lit up your off app. You didn't light it up, okay? Because it's real time. They lit it up. You say it's you, or even you take a number and put it in there and that relays to them, and they put it in the real app, right? So all you do, it's called real time relay, or man in the middle, Real Time relay attack.
All you're doing is authorizing them. And so everything that we rolled out over the last few years in MFA2fa off apps is incredibly easy to hack. It's become the number one hack. The number one hack is it coming in the back of the cloud, the back of the network. Why? We've encrypted the data. Now, we also encrypted our data over the last five years. So nobody wants that. They want to come in the front door because the front door decrypts the data. So if I get in the front door, I run a report. I'm done in two minutes. You never found me. You didn't know I went in there. And you can't stop me because you let me in. You literally let me in with your ID, password and MFA or off app, right.
07:33 - The Biometric FIDO2 Fix & the Case for Going Passwordless
Kevin Surace
So what happens is with a Phyto 2 biometrics I have a device. Here's, here's an example. This is, that's a token ring actually. So I can show you one of those. So I can just wear this, right? And then that has my fingerprint stored in it that was stored originally to the original web application domain. Makes sense so far. So now hacker tries to do this hack. First of all, nothing happens with the ring at all. Why? Can't light it up over cellular, can't light it up over WI fi. It doesn't work that way. It only works within three feet of the actual computer logging into the actual original domain it was registered to. So you know this fake domain, right, that has some letter off or whatever isn't the original domain so it won't do anything.
So it works on biometrics proximity, I've got to be proximal to the computer logging in. So they can't log in Russia and it's domain bound so it's kind of unhappy. It's really unhackable. That's so there's nothing to relate to anyone. Right. And finally most people using these like these token devices, they go passwordless. So they log in two seconds. There is no ID or password, there's nothing to relay. You just touch your thing and you're in. But you're only in the application that you're using know supposed to be in within three feet because it works wireless. So that's the ticket, that's the future. And the same is going to be true with zoom calls and teams calls which do support this.
So if you're logging in with a token device and it's biometric, I know you are you have to be you because you literally had to put your fingerprint in to get in. No fingerprint knowing. And by the way, if you lose one of those devices, no one can use it. It's tied to your fingerprint and you keep your fingerprint with you. You didn't give your fingerprint to your corporation. You just keep it with you and you can erase it if you want be done with it. Right? So I think that's the, that is the future of id. And one last thing on this that people say, but we've trained our people to watch out for phishing emails.
So UC San Diego did this study of, I want to say it was 8, 18,000 employees I think and they trained a group and they didn't train another group and then they just fished them all and said, what's the difference? There was a 2% difference in those trained versus not trained. So the fact of the matter is it didn't matter if that makes sense. There's only a 2% difference of those who logged in, who went to the, who took the fishing bait versus not the fishing bait. And that's getting lower because these AI phished emails are so good. So this is just a different time, different place. If you use an off app today, like the Salesforce off app, you're literally a honeypot. Like all the ransomware people know is, I know how to get that every single. I win every time.
Every time I have your data, it's easy peasy. So different times. So there you go. That's one of the things I'm working on. We didn't get to all of them, but that's. There's one. Yeah.
Matt Pacheco
And I have plenty of questions, but let's talk about the other thing you're working on and then we'll dive into some questions I have about each of them.
Kevin Surace
So probably a couple other things. Obviously keynote, then I've got my book coming out called the Joy Success Cycle coming out in the spring this year, 2026. So that's exciting in this era of AI. Another company I've got is called advance, and we have been using AI to find bugs in software instead of humans. Instead of humans automating or writing scripts or any of that. The AI writes all the scripts, finds all the bugs and delivers them to you. I'll tell you the biggest problem there is. People don't believe it. The second biggest problem, and that's unfortunate because it works, the second biggest problem is sabotage. Just employees especially, you know, if you're offshore and this is your, and your job is to the manually find bugs or, or automate scripts. They just sabotage the thing and say, well, it doesn't work.
They tell their bot doesn't work and it can't work and it. Well, that isn't true, you know, but people are afraid for their jobs. It's one of the points you brought up. And, and this is an era of people being worried that this AI is so good it's going to eat their job. And so, you know, they do everything they can to try to make it look bad. But I can assure you the advanced AI script generator will find about 10 times more bugs than your people will. And it'll find them based on your own Business requirements. That's, that's not an arguable. It's a knowable. The fact that most people don't use that today. They're scared of it. They're, they. What do they do with this whole team? They got 300 manual testers. What do they do with them? I don't need that anymore.
Right. All of these are cultural problems and cultural shifts that are going to happen. And we're seeing this in AI, throughout AI for customer support. I was on a podcast a few weeks ago. The guy looks at me and says, well, how do you feel that since you invented the AI assistant, right. How do you feel that it's going to take millions of customer support jobs? I said, well, I wasn't thinking of that when were working on it. We're just trying to get people their email when they were driving. Right. I mean, I was just trying to service. I mean, we could imagine that would be the case someday, but it wasn't what were trying to do. But this is how technology advances. And eventually it advances enough where it can replace tier one customer support.
And frankly, AI outperforms tier one customer support in almost every industry today. And so if you're a tier one customer support person, I hate to tell you, but that job probably isn't going to be around a long time. And just as if you were a secretary when the PC came out, you know, at some point people got PCs on their desktop and the secretarial pool went away. We could see that coming. Like this wasn't a surprise. So there's a lot of things we see coming, but they open up new opportunities. They really do. And we're making companies more productive. And when we make them more productive, the goods and services go down in cost. The demand goes up for those goods and services and we hire more people, but in different roles.
Matt Pacheco
That's excellent. You have your hands in a lot of things. Yeah, it sounds like AI seems to be the reoccurring theme and everything you're doing. So we'll have plenty of questions about that. Let's go back to the token piece because you answered a lot of my questions before I could even answer them about MFA and security and legacy msa, MFA and biometric authentication. But I guess one of the biggest challenges sometimes with new technology adoption, because the ring is a new piece of technology for an enterprise or medium sized business. How do you convince leaders that it's needed? Because sometimes they'll think Microsoft authentication is perfect.
14:34 - Convincing Enterprise Leaders to Ditch Legacy Security
Kevin Surace
Yeah, great. Look, it's A great question. And you can't convince everyone, right? What we do is we have lots of data and hacker kits that specifically hack the Microsoft Auth app in the way that I told you with just a simple relay. And you can download the kit for free and use it. It's on the dark web, it has a name, you just get it. It's well documented, it's been downloaded by universities, they did the research, they put out the research paper. It basically, the paper basically says if you're using the Microsoft Auth app, you have no protection whatsoever. None. You literally have none. A user is going to hand over the keys to their office access, right? Or their admin access or whatever it is, period, Full stop.
This is known now whether a CISO or head of ID I am wants to read that and understand it and think it's going to hurt them. It's like anything else, right? It took them years to just get regular 2fa. And 2fa is 25 years old. You know, this isn't a new idea, right? SMS off is has been around a long time. Then auth apps, probably for 10 years. Those are not secure, period, full stop. They're the opposite of secure. I can't convince everyone of that. And that just goes back to, you know, early adopters versus mid versus late adopters, right? And early adopters read the data, believe the data and say I need to protect myself so I can sleep at night. And others go, oh, it probably won't hit me. And then it does.
And of course the result in our industry is they get fired, right? Which is unfortunately, that's what happens, right? They knew what the solution was, they chose not to execute the solution. And the solution costs very little. You know, a hundred dollars a year per employee. What is that, 01% of their salary or something? It's just nothing, right? But they can. Well, the Auth apps free. And it's worth exactly what you're paying for zero. Whether you use the Auth app or not doesn't matter. Your credentials are being relayed, right? So I, I, I think there's going to be or there are early adopters and there are, you know, thousands and thousands of people using that device. We also have just a habit here. That's a, that's a token bio stick, actually. Let's see. There you go. The USB is for charging.
This is a wireless device, but you can charge it with usb, so it just sits on your desk. You know, thousands of people log in every day with these devices, right? Millions of times that is a game changer. And as every CISO who has gotten these told me two weeks later, Kevin, I sleep at night now because I locked the front door. The front door has always been unlocked. That's why we put 90 other tools in the network to try to see who's in my cloud right now. The only people who are in my cloud, their fingerprint matches. I know it's them. It's not about possession, right? If I have, you know, a UB key, it's about possession.
But of course, we know 30% of those are lost every year and someone else has picked it up and they're, and they plug it in and they log in as you. So without biometrics, you can't guarantee the person's the person. And that's true on these calls, it's true in logging into your network, it's true for your admins, it's true for everybody. The future is biometrics, period, full stop. And it might even be that way even for banking customers. And when you think about a major banking customer, I don't know, 100 bucks a year for a subscription for one of these devices is also zero if you're a major, you know, a commercial banker with say, Chase or Bank of America or JP Morgan, whatever it is, right? So I think we're, because of AI, we're heading to a biometric future.
And, and when and some CISOs get that and some, they hear you, but they have other priorities. I'll add one other thing. The nice thing about biometrics is you can go completely passwordless. No id, no password, it's just your fingerprint. No one else can get in. They have your fingerprint or they don't. I mean, unless they cut off your finger. That's that. That's it. So once you go passwordless, you save over 20 seconds per logon versus an off app. You take about 28 seconds down to 2 seconds, right? That's amazing. That's like game changing. It's game changing. So you end up recovering $1500 of productivity per year from your employees, per employee. And unfortunately, CISOs don't get a bonus for that, but it's a, the CFO gets it right, HR gets it right, people get it.
So you can get some buy in from your other C level execs when you say, how'd you like fifteen hundred dollars of productivity on average back from every by going passwordless. And the employees love it because it's wireless, they just touch it and they're in. There's, there's no apps and numbers and where's that app? I hate this Octa app. But think, you know, forget it. All that's gone. All that's gone. Touch your thing, you're in. And it's. And biometric FIDO 2 is supported by every major SaaS vendor today. Like, it's Salesforce, it's Microsoft, it's everybody, they already support it. Hardly anyone uses it, but the support is there. And you just literally hit the switch and say, that's all we Support is biometric Phyto 2, and you're done. That's it.
So, you know, there's early adopters, there's late adopters, and there's those who are going to get hacked and ask. For the last year, you can ask, you know, Quantum and mgm, Qantas and MGM and Clorox and a whole bunch of others, you know, why didn't you choose Biometric security? Because it cost you millions and millions of dollars in ransomware and you lost all this data and productivity, and you could have just chosen these devices. You'd have been done. That's a long answer, but you get the point.
Matt Pacheco
Yeah, now I get the point. And I, I do see the reluctance, especially with a physical device, like getting a company with 10,000 employees. That's really interesting from a manufacturing perspective, too, and being able to deliver them. That was my other question.
Kevin Surace
We can deliver millions. So that's awesome. Actually, made in Vietnam, not in China. Made in Vietnam, but yeah, we can deliver millions. There's no limit of the delivery. The limit is, you know, the limit is. And it's not employee acceptance either. So one thing we did is make sure that it's convenient and wireless. Convenient and wireless. You know, really underline that. Convenient and wireless. Convenience trumps all, as Steve Jobs taught us, convenience trumps all. And these have to be convenient devices to have everyone say, yep, I want to do this, and I understand why it's important. And, and another thing is your fingerprint's yours. You didn't give your fingerprint to the corporation. It's, it's a device that is owned by the corporation, but it's yours. You know, it's assigned to you.
And when it's not assigned to you yourself can erase the device from your mobile phones, delete my fingerprint from my device, and it's gone. So you are still maintaining your fingerprint. You didn't hand it to anyone, and they didn't go in the Network. It's one of the problems with pass keys is pass keys get network shared. They get stored in the cloud so you can use them across devices. And that's a honeypot. It's like all I got to do is get to that cloud point and say I can get into anything. Right. So we don't do that. Nothing's stored in the cloud here.
If you use passkey like Apple, Microsoft, Google, et cetera, that, so that you can use it across devices, they store it in the network. That's a very bad idea. So the thing with a Fido 2 device is it must be stored in something called a secure element. That secure element is a chip that if you try to take the device apart and get at the chip somehow it destroys the data. So it's very secure. It's like a bank vault for your fingerprint. You do not want stuff stored in a network. You don't want anything to do with passkey stored in a network. You want everything in a device and the device that's cryptographically bound to your fingerprint and whatever domains that you know, have associated with, only the device can authorize you.
And if you lose the device, it doesn't work for anyone else. It's, it's fantastic. Like it's brilliant. And you can wear a ring and you know, half our customers wear a ring, half the customers want a different form factor and there'll be more form factors.
23:11 - Why AI Adoption Is Failing & What AI-First Really Means
Matt Pacheco
It's all good, always good to have options. So you mentioned adoption and I'm going to shift a little to the AI conversation. So we talked about a little bit about security, adoption, adopting some of these. But mass adoption's kind of important, like you said, Steve Jobs and convenience, easy to use. So in the past you've mentioned that only about 2% of people are actually using AI to its potential. Can you. And companies, even companies are rolling it out to desktops. They're making it widely available, but people are still not using it the way it could be used to its fullest potential. Why do you think adoption is so low? Is it not convenient?
Kevin Surace
You know, I, I, I, I get to speak to at so many conferences with so many corporations. Right. They're sea level execs and you got C level execs pounding the table that have figured this out and said, I want everyone to use it the way I use it, which is for everything, and AI first mentality. But most employees, they see this as a little tool, first of all, they see it as kind of a co pilot, because mostly that's what got rolled out. So you've got Copilot, and it helps you with spelling. You know, it kind of stopped there. It helped me with a layout in one of my PowerPoint slides. I go, you know, you're using 1% of what it's capable of, right? And so part of this is you got to go teach people how.
How about, you know, how about analyze this list of warranty claims and tell me what we can fix in the factory. Now, you can't do all that with Copilot. You can do that with other models, right? So if I've got a video that I want to analyze of my line and how to make that line more productive, that's Gemini. That's what I have to use, because they can analyze videos. Other models can't analyze videos. Well, it's because Gemini was trained on YouTube videos where other models weren't allowed to do that. So you've got all of these different opportunities there. You got a million AI products out there that are very targeted. You got some core foundational models that do certain things. And once you get to know what all these tools do, you run your life with it like it's everything.
If I haven't used AI five times an hour, I've. I've failed myself. And what's interesting about that is I tell that to people and they just gasp. They go, what? I said, well, what did you do with AI? Well, last week I asked it a question about this recipe. You know, you go, last week, there's someone at a competitor that's 10 times more productive than you are today because you are not using this at all. So AI first. That means before you go to Word, before you go to Excel, before you go to anything, go to AI and say, I need to achieve the following task, or I have the following opinion on something, or I need to write the following thing, or I need to analyze this document. I do a lot of analysis of documents. Here's this thing I wrote. Boom.
Here's the document. Poke holes in it. Tell me how I can do better. Tell me what's wrong with this. Right? How is this going to play to the rest of the team? It's amazing.
26:10 - The AI Sabotage Problem & Lessons from the Industrial Revolution
Matt Pacheco
So. So you also mentioned and. And this one stuck out to me, was sabotaging AI rollouts when you were talking a little Bit about Advance and kind of the bug testing. We'll get to that in a little bit. But can you tell, talk us about, talk to us about how leaders are addressing some of this resistance too?
Kevin Surace
Yeah, there was a survey done in the fall that showed that 31% of employees anonymously agreed that they were well admitted to sabotaging AI tools coming in. And that Sabbath, that hurt 80% of the AI rollouts. 80% of AI rollouts are failing because some employees have somehow sabotaged it. So I'll tell you, at advance, we saw, we have seen employees. So AI writes these scripts and runs them and it finds all these bugs in their software that this team said don't exist. This is production software. Doesn't exist. What finds all these bugs? Oh, it must be wrong, really. Here's the script. Retest it. Of course, the AI is right. It, it's, it's a machine. It knows what it's doing. So it's right. So now there's egg on their face.
So, you know, a few days go by and they say, oh, these AI written scripts, they don't run at all. So of course they do. I know the code absolutely because their AI tests them before it hands them to you. So I know they run. Nope, they don't run it. It writes junk. Look, look, it's got these extra lines in there. They actually edited the scripts and put bad code in to break them. On purpose? On purpose to show their boss it doesn't work. That leaves me or someone telling their boss that team is sabotaging the rollout, that a human put this in there. This is what AI produces what a human. And then the problem is you've got a boss that says, are you calling my people liars? Right? I mean, there's like, no, it's a no win situation.
Everyone is facing this today. We are seeing it in customer support. We're seeing, of course, the other AI vendors doing a lot of different things are reporting this. I've got a lot of friends running AI companies and they're all reporting this a lot of the same thing. We know we did great work. We know what the outcomes were. We could measure it. And they, and these employees said, nope, didn't work, don't want it, don't need it, because they're looking out for their jobs. And that's really too bad. That is, that is really too bad. It's in the Industrial revolution when they rolled out equipment that was helping to automate the manufacture of textiles and people would throw their sabots, the workers, their shoes, their sabots into the machine to sabotage the machine. That's where the word comes from.
So automation rolling into the workplace has been sabotaged for 200 years. This is not new. This is what workers do. But eventually the workers lose. Like this. To be clear, the machines won, right? It took about two years and the machines were there and the workers were gone and that was that. That is going to be the same here. You can try to sabotage the AI, but that isn't a winning stand for you. The winning stand is to become the robot overlord, become the expert in the AI. And if these people want to sabotage them, turn them in, right? Say they're sabotaging it. Let me tell you what it really did. I want to be the robot overlord. You move up, they move out, right?
Someone's going to move up to run this AI, to own the AI, to own the outputs, to check the outputs. This is true in every industry, in every field. So you want to be the person who moves up and becomes the manager because someone's going to do that and a bunch of people are going to be gone and the saboteurs are always terminated every single time. We have hundreds of years of experience of this.
Matt Pacheco
Yeah, it seems like the world is changing fast and people are still trying to adjust to some of these and adopt to some of these new technologies. And it's not different than probably things in the industrial revolution or move from, to manufacturing with automation, like all of that. It seems to be a reoccurring theme, but I guess it's also how do you educate those employees too on the benefits to them because sometimes it might be kind of short sighted. If you think it's going to replace you, maybe it can enhance you.
Kevin Surace
It will enhance you. Well, it's going to enhance or augment or amplify some percentage of your team and the rest of the team is going to be gone. That's what happens. Right? And so you don't want, in some of these areas, you don't want to be the people who are going to be gone. So I always recommend, you know, become the AI expert, become the AI overlord, the robot overlord. Those are the people who win and those are the people certainly in my companies that we keep, they are leveraging AI to the hilt and we want to keep them and we want to put them at the forefront. That's what we do. And these other people who are, oh, it doesn't work, it Doesn't. Yes, it does. And, and you sabotaged it. And that gives me zero confidence that I should keep you.
Matt Pacheco
So what skills would be most valuable for IT professionals and business leaders in this kind of AI world to make sure they aren't displaced?
Kevin Surace
Learn every tool. You can learn all the different models and then learn the targeted tools that have come out of startups and other companies. Right? You got to go way beyond Copilot. Copilot is just scratching the surface. You need to use the five big models and again then you need to go on to sort of a variety of other tools. In my presentations, my keynotes, I'll typically use, you know, 40 different AI tools or so and demonstrate what they do and why I would use them. And there's some great tools in hr, there's great tools in marketing for intents now, for intent to buy. I mean there's all these different things that work with AI. You want to know what they are because that's the future of your company.
And if you don't think that's the future of your company, then there's a startup that's going to eat your lunch because that is how they're working. You know, the startup that's going to be worth $10 billion that has one employee has already been born. I don't know which one it is yet. It has one employee, 10 AI agents, 50 AI agents, 10 different AI, 20 different AI tools. It's one person just letting the AI do what it's supposed to do. And it doesn't. They don't even have to raise any money. This is fascinating, right? They are going to eat your lunch because they can deliver products and services, goods and services at half the price. You can, you can't compete.
But it takes us 3,000 people to do the same thing. Well, I guess you didn't. You're not an AI first company, are you? You're an AI last company. You lose.
32:47 - Agentic AI vs. RPA, Infrastructure Bets & the Energy Crisis
Matt Pacheco
Very interesting. Can you explain the difference between agentic AI and traditional process automation or robotic process automation?
Kevin Surace
Of course. This is an interesting time because everyone talks about agents and there are some agents being used in corporate America. Agents are being heavily used in startups, of course, or smaller companies. RPA has been around for 10 plus years, 20 years really, and robotic process automation. And the thing with RPA is it's very rules based, right? You've written a set of rules. If this, then this. Right. So you've got all these conditionals in there by the way. What's great about rules in big companies is you have a predictable outcome. It's really good. If you're a large company and a regulated industry, you need predictable outcomes. This is not a bad thing. I think someone listening to this that's in a smaller company goes, oh, that's totally stupid.
Well, I don't know if you're in the insurance business or the pharma business, the medical business, the baking business, fintech, whatever. A rules-based system is a really good idea. It is not bad. It is not bad. So those large companies spent 20 years rolling out RPA and certainly the last 10, and automating most, many or most of their repeatable processes. They've already got RPA doing it. So now agents come along and an agent can also automate those processes. It does it with AI, so it's making decisions along the way rather than be rules based. So that is really cool for a startup, you go, wow, let it make its own decision. If you're a bank, you go, I don't want to make its own decision because it could make one that puts me in jail. Right?
I mean, so you start putting rules around it and then you start putting rules around. You go, what gain do I have? I already have RPA that automated this very sophisticated rollout process for some application, the cloud and check process, whatever it is, right? Or something that checks in five different systems to make sure this isn't fraud. I've already RPA that, it already runs in three seconds and it does it incredibly fast and there's no human involved today and it's got a set of rules. What am I going to do? Take three seconds to three seconds? It's not going to go any faster, right? I have no gain to go to AI. All I have is risk. I have risk.
So when you look at large enterprises that already took 10 years, spent millions of dollars, rolled out RPA, they are less incentivized to go to this agent thing that makes its own decisions. One, because they've already saved all the money, there's no more money to save. Two, because they want a predictable outcome actually. And rules based is a good thing. It's not bad. Now if you're a startup, you never did rpa, you go, hey, here's a dumb process that I do over and over again. Or this person in the corner does, let's just create an agent that does that. And the agents aren't perfect, they don't do everything. You know, they're trying to interact like a Human does, and they don't do that exceptionally well today. You know, RPA took a long time to understand how to interact with web apps.
For example, we're trying to use AI to do that, and AI doesn't do that very well because it isn't using the accessors and locators the way RPA does, which, you know, sort of built in rules about how to do that. So, you know, it doesn't work as well, it's not as reliable, it's not rules based, but it's really cool and you can implement one in 20 minutes. Now for a startup that just eliminated a seat over there, it's really great and maybe it's not right all the time and I don't care. Again, for a bank, not going to happen. Right. So I think that's where the bifurcation is. If you've already got RPA in place, it's probably pretty darn good. I don't need it to make its own independent decisions. If you don't. An agent is a great thing.
It'll make its own independent decisions. But again, you are doing a type of robotic process automation. You're just doing one with rules and one with AI, making its own decisions on the fly based on everything it saw and heard. So in the insurance industry, for example, I could process a claim with RPA for a long time now, for, certainly for 10 years if I wanted to do so. But it's very rules based and if you sent in pictures, maybe a human would look at those pictures and make some decisions and then kick off the rpa. Now I can use AI to look at the pictures itself and say, I'm going to set in literally in a minute. I'm aching, you know, $5,000 for this person to have their car fixed or replace their car, whatever the case is.
So, you know, I think you're going to see places where it comes in, where it makes sense to start making real decisions just on the fly and other places where it doesn't. But look, isn't it great that we have more choices than we did just a few years ago?
Matt Pacheco
That is great. So those agents probably have to be trained on internal, important internal data and security teams. They're always looking at the risks, as you mentioned. There's always a risk. What are, how do you. So what are some of those concerns that companies typically have when it comes to AI agents having access to, let's say, multiple cloud applications and the data within them nobody likes, and how do they mitigate those risks?
Kevin Surace
Yeah, yeah, nobody likes it. You know, having machines, an AI agent basically, you know, access all this data, just opens up all these AI users that you can't 100% verify, and you certainly can't verify with biometrics. So if someone hacks into that VPN or gets that IP address or whatever the secure protocol is, maybe they mimic that, you got a problem because they can come in as this AI agent and interact with your data in really bad ways. So that's scary to corporations. Obviously we have ways to mitigate it, right? We can lock down IP addresses, we can do a lot of things, right? Its IP addresses, it's vpn, it's secure exchange of some kind of encrypted ID form, whatever, right. But nonetheless, all of those have some kind of risk. It's not a zero risk.
And, and so the upside has to be really high. The thing, the thing with RPA is you could install it fully in house and it stayed in house. It literally worked behind your firewall 100%. So you know, now if you get agents that work 100% behind your firewall, which you can do, you know, you can put llama behind your firewall, for example, and run, you know, use that as kind of your AI base, that might work fine. But the, I think these are some of the things that people have to make tradeoffs about. And, and again, what is the gain? Right? If I can get rid of 30,000 employees that were processing claims, I'm willing to take a lot more risk than, you know, if I get rid of one person. And this isn't just about getting rid of people.
But you get my point, right? Some CFO somewhere is going to say, what's the productivity gain? Where's the savings? I'm going to spend millions of dollars rolling this out. How do I get the millions back? And a CIO's got to answer that.
Matt Pacheco
So let's talk about the other side of AI, the kind of infrastructure. I have a few questions about infrastructure since that's probably going to affect your area as well. There seems to be a lot of investment in AI data centers and that infrastructure to support AI applications and AI services. What are your thoughts on some of that investment and how it relates to what you're doing?
Kevin Surace
I think if you add it all up, what everybody's committed, it's like $5 trillion over the next 10 years and more electricity than has ever been generated in the history of planet. You know, probably that's not going to happen. That's just my, you know, having seen boom bust cycles now, that doesn't say AI isn't going to happen. Remember when the Internet bust happened? The Internet grew like wildfire. Had nothing to do with the fact that the underlying technology was wrong. It had to do with the fact that there was too much money and too much excitement and it got over its skis. Right. Clearly, if you invested in Amazon and stayed with it through the bust, you did quite well. Same with Google. They were just overvalued for where they were at that moment in time. And that's what we're seeing here.
So, you know, are we really going to build $5 trillion of AI infrastructure? Probably not. And there's many reasons for that. Inference is going to get at least 2x more efficient every 18 months or so, just following Moore's law. And, and then we've got algorithmic law, which is a little different, but the algorithms are also getting better. We're having some breakthroughs and algorithms that go, wow, this is three times more efficient for solving this problem just algorithmically. Right. So, you know, in ten years we might be doing inference at a hundred x more productivity than we do today. Right. Or more efficiency than we do today. So that's a hundred x improvement over where we are today, by the way. Maybe it's a thousand X, but it's going to be numbers like that. Well, that's pretty interesting. Right?
That that recalculates what kind of hardware I need and how much I need of it and how many people are going to take use of it. And you know, people are doing all kinds of projections around video and how much video is going to be created. And, and obviously people are out there creating cat videos. All you got to do is go on Instagram today and see cat and they're great. I love it. Right. I'm very entertained. But eventually that waits. Right. And, and, or wanes and, and you get into real business and real effort. So I think it's not going to be 5 trillion because who's going to pay 5 trillion if you're putting 5 trillion in 10 trillion or more has got to come back the other way in dollars. Maybe 20 trillion. Who's got 20 trillion?
Who's going to write $20 trillion worth of checks? And then the numbers don't add up. And, and now you've got people that really have to build power plants next to these things because there's just not enough power. So they're doing small modular nuclear, which I think is a great idea. I love nuclear. It's great. They're restarting nuclear plants. Should have never shut them down. That's just my opinion. I know it's controversial, but it is a zero CO2 technology that we've had since the 1950s and it's gotten much safer over the decades. Probably we should be using it rather than coal, you know, or even natural gas. So all of that is interesting. I think it's fascinating that it's going to be the technology industry that is driving the resurgence of nuclear, which is a zero CO2 power source. It's. That is a.
Couldn't have guessed that, right? Everybody stayed out of it until they really needed power and then they just got in the game. But it's, you know, lastly, I mean the big question, the elephant in the room is Nvidia going to go from 5 trillion to 10 trillion? Probably not, right? I mean, I hope you got, if you got In Nvidia at 100 billion, it, this was a great run. But it's just, you know, they're already the most valuable company in the world. They're more, they are, they have more valuation than the entire semiconductor industry outside of them. You know, the numbers at some point are just a little nonsensical and you can't keep doubling in growth again. Right. So well run company, great company, great products, about to have a lot of competition. TensorFlow is a real competitor.
A lot of these technologies are real competition for what they do. And so, you know, in five years we might have five flavors of inference processors. Right. As opposed to just GPUs from Nvidia. So I think the marketplace is going to look quite different nonetheless, fun to watch and fun to participate in.
Matt Pacheco
Do you foresee any of the pushback from consumers and communities about some of these AI data centers and AI tools in general using so much power? Do you see that affecting.
Kevin Surace
No. Consumers always generally I'll get in trouble for this. Right. Kind of overestimate the impact they have by protesting and moaning. And listen, I'm gonna say it's right or wrong. It's just, it generally doesn't have any impact. What it, what it tells them is they probably have to come and show up with their own power sources, but those exist. Solar, wind and small modular nuclear, I think are just going to come along for the ride. And they're available technologies today. People are going to install them and they're going to say, I'm just mostly staying off your grid. And we heard you got you. And by the way, they just can't pull that much from the grid anyway. There just isn't enough. Right.
It isn't about the price going up because price is only going up because they're firing up peaker plants and then they're running them all the time. That's not a sustainable future anyway. Right. Nobody wants that. So, so in the end, you know, you see, the big guys are trying to figure out how do I install this next to a nuclear plant, how do I put in small modular nuclear, how do I add re. You know, solar and wind. They're going to do things like that. There's, there's just no choice. And the, you know, our grid is not built to produce twice as much power as it both produces and handles today, or else it would have been there. Right. It doesn't do that except with peaker plants and then I gotta run those. So I, I think this sorts itself out.
I mean, it's good that people, you know, complained about the price of power, but it's going to sort itself out anyway because the data centers are really. The cost of running a data center is all power after you build it, right? It's power and water. Power and water. So I need cheap water. I need cheap power. They're going to put in small modular nuclear because they can generate power 3 or 4 cents a kilowatt hour. They are not going to pay 12 cents a kilowatt hour. They don't want to pay it. You don't want to pay it. It's water finds its own level pretty quickly.
Matt Pacheco
So let's talk a little bit about physical AI before we get to future trends. So you said the game really changes in the past when we have humanoid robots doing laundry, cooking and cleaning. How far away we are from that kind of reality.
Kevin Surace
I'd love to say 20, 30, it's probably a little longer. You know, we always underestimate how long these things take, but the strides we've made in humanoid robots is amazing. And we're using reinforcement learning for them to train themselves now. And so once we got coders out of it and allow robots to train themselves, they can start to get much better at many things. They're basically building their own neural net on how to fold laundry, for example, rather than I have to code in every fold for every different piece of laundry. That is a lot of coding. It's a lot of rules. Right? This is, this is much more interesting as a way to move forward is to have Them train themselves.
So now that they're doing that, you know, it does come down to mechanics and solenoids and motors, and those are hard things. But, you know, look at the progress that was made just in the last few years. It was only 10 years ago that we could get a robot to actually walk from Boston Dynamics. It wasn't that long ago. And today they can run and jump and, you know, they've just got a lot more capability, except for that stupid one out of Russia that was a piece of crap that fell over on the stage. And then they run over and they cover it up like it didn't happen. I'm sorry. We saw it. You know. You know, you're all the. All the great Russian engineers left Russia a couple years ago. They're not coming back. I'm sorry. Right, so.
Matt Pacheco
So right now the concern is that there's a chip shortage. Not chip shortages only, but memory, all of that. Right now there's a big strain with. With providing them to enterprise customers rather than smaller potential customers between consumers and smaller businesses. How do you see that affecting some of that, those advancements with physical AI, like creating these robots and all that. Do you see that?
Kevin Surace
I was in the semiconductor industry many years ago, and semiconductor industry tends to go boom to bust. And so you go in these years where there's absolute shortages because there's this thing that's on fire. And three years later, by the time you build your extra fabs, it's. There's a market flood. And this has been true in drams since the invention of drams. Literally, there's a shortage, you could charge twice as much. Then there's a glut, you could charge half as much. And it just does this. So I think we're in one of those cycles and the cycle will prove itself out. It will, because there's not infinite capital. And I wouldn't worry about it if people are building fabs like crazy. I mean, TSMC is now going to build like nine fabs or something in Arizona.
They, you know, they know they can't just be in Taiwan. So lots of lots is happening. You know, Micron, one of the largest D ram manufacturers, building all these fabs in upstate New York because there's plenty of water, lots and lots of water, and you need water. And so, you know, people are getting smarter about where they put these things too. I don't know that I'd be building that many fabs in Arizona. That's me. Just because of the water needs. But I think you'll see people getting smarter to put them where the natural resources are, and that don't put a strain on the community.
50:40 - Future Trends, Advice for IT Leaders & Kevin's Upcoming Book
Matt Pacheco
Very cool. So beyond these practical uses, let's talk about the future. What emerging AI trend are you most excited for in the next five to ten years? Let's say.
Kevin Surace
Well, lots of people want to talk about AGI. I could care less. I don't. I don't know what that. Well, at that moment, then it's smarter than humans. Okay, listen, just. Just use chat GBT and ask it a question and convince yourself that it's not smarter than you. It's already smarter than you on 99 of its answers. So does everybody get over it? You know, at the point it's a hundred percent versus it doesn't matter. Well, that's the point that humanity. No, it isn't. We're just gonna look in math. Excel's been smarter than us since the late 80s. It's a hundred percent, right? In math. A hundred percent. It's better than any human at math, period. Full stop. And it's a million times faster. And somehow we survived the fact that we don't do math anymore. So you'll survive this too.
And, and it's fine. The big trend. Look, I think we will probably get beyond Transformers. You know, Transformers LLMs multimodals are based on everything that we put out there on the web, but it's not really based on creating anything new. And we know that. Right. These aren't inventing models. They are leveraging all of human invention, which is amazing, but it's not going to come up with a whole new field of physics because it doesn't have any basis to do so. It's just regurgitating what we've taught it. So there will be a model that does and that does not go down the transformer road, and it doesn't go down anything any of the way we've trained. It's going to be something really completely different than we've thought of. And I await that day. And that could happen in the next 10 years.
Matt Pacheco
It's exciting. So everything's rapidly evolving. You've talked about a lot of the new innovations, from adoption enterprises to some of the new ways applications like app mance are working. And token, what advice would you give kind of IT leaders who are trying to navigate all of this change? What would you tell them and give them advice to navigate this AI innovation?
Kevin Surace
Yeah, I mean, you want you and your people to be at the forefront of technology, especially now. It is Moving much more rapidly. It's always been the case. It's moving very rapidly now. You want to be at the forefront in ID protection, for sure. It's biometrics. Just. Just get past that. It. Whether you believe me now or you believe me six months from now, it is biometrics, right? Like that's. There's no question about that in AI, you need to be at the forefront of everything happening in AI. You need people on your team who understand the models, understand the risks, understand how you can use them in a private fashion. You need to understand MCP so you can move between models. I mean, these are the things you just need to know about today in the. In. In. In it.
And none of that you were taught in school. None. This is all new. But take the time to be an expert because your company expects you to be the expert in AI. You didn't sign up for it, but you're. The CIO falls under you. So get with it.
Matt Pacheco
What's one thing you wish every business leader understood about AI that they currently don't?
Kevin Surace
Yeah, it does 10 times more than you think it does. And you just need to try it and get used to it. Right. Again, I use an example. I'll give you another example. Injuries in a plant. I did for. I was working with a company, they had, you know, 10,000 injuries in the plant, and they're all written in English, right. So you can't really categorize them, but, Jenny, I can. Here's the 10,000 injuries. They're in a spreadsheet. Tell me what we fix in the plant to reduce these by 50% immediately. Boom. Here's the five recommendations. I can't do that with traditional analytics. I can't do it with the database. I can't do it with formula. I can't do with anything else but something that reads English and can absorb sort of what all that was and make recommendations and apply them.
I mean, that's brilliant. And when I tell people that, they go, oh, my God, I never thought of that. Yeah, you didn't think of 99, of what you can do. Get creative, and it's going to change your world.
Matt Pacheco
You could even ask the AI hey, what are some interesting ways I could use you to do X, Y and Z? It was a great conversation, Kevin. So we loved hearing about what you're doing at Advance Token, all the interesting AI things you're doing. Plug your book. Tell us about your book real quick before we go.
Kevin Surace
Yeah. The Joy, Success cycle coming out. In the era of AI, you know, how do people find joy? Every moment of their work, every moment of the day, every task. That's what the Joy Success cycle is about. And it basically says if you want to be the most successful, you are going to drive that with joy. It's not the other way around.
Matt Pacheco
Excellent. We look forward to it. We appreciate you being on today. Thank you for talking with us and for our listeners. Thanks for listening in. Stay tuned for more episodes at Cloud Currents where you'll hear more of these great conversations. You can find us anywhere you get your podcasts. Thank you.
