Skip to main content
Background image

Agentic AI Needs Humans on the Loop with Michael Chavira

Share

Podcast

About This Episode

As AI systems start acting on their own, the hardest security problem is no longer approving what a model outputs but governing the conditions under which it is allowed to act at all. Michael Chavira, co-founder of Axiologic Solutions, argues that most organizations confuse governance with security, writing policies and standing up AI councils that describe intent while leaving the enforcement layer, where a model actually touches data, underbuilt. His answer is to move humans out of the approve-every-action role and onto the loop, where they define the boundaries an agentic system runs inside and watch for it to step out. 

That control is only as good as the data underneath it, and for most enterprises, the data is a weak point. Chavira makes the case that AI security is ultimately data security, since a model is only as trustworthy as the data feeding it, and he walks through why shadow AI, unlabeled data and untracked workarounds quietly undermine even well-governed systems. For tools that answer the same question differently each time, he recommends harness engineering and continuous data operations as the way to secure the system rather than chase every output.

Podcast

Popular Episodes

      Podcast

      Agentic AI Needs Humans on the Loop with Michael Chavira

      FP-TTP-Transcript Image-Michael-Chavira

      [00:00] Welcome, Michael Chavira

      Rachael Lyon:
      Hello, everyone. Welcome to this week's episode of the To The Point podcast. I'm Rachael Lyon, here with my co-host, Jon Knepher. Jon. Hi.

      Jonathan Knepher:
      Happy Friday, Rachael.

      Rachael Lyon:
      Happy Friday, my friend. Okay, so I've got a question for you. You know, I love TikTok, but everywhere I'm on TikTok, all I see are people talking about this Nothing phone. They're like, I'm getting rid of my iPhone. I'm getting the Nothing phone. What is that about? Like, what do you know about all of that?

      Jonathan Knepher:
      I don't know that I know the Nothing Phone, but it sounds like a great idea, right?

      Rachael Lyon:
      I think it just kind of strips all the extras off, so it maybe just functions as a phone. Can you imagine a phone that's just a phone and very inexpensive? I don't know.

      Jonathan Knepher:
      You know, that sounds, that sounds. It sounds great to me.

      Rachael Lyon:
      I'm thinking about that. Yeah, I've been thinking about that a lot. So. So we'll dig more into that then, I guess as a topic for next time. Really excited to welcome to the podcast today Michael Chavira. He's the co-founder and managing partner of Axiologic Solutions, a firm providing AI, data science, cybersecurity and engineering services to US defense and intelligence agencies, which he grew from a two people shop into an organization of more than 300 today. He's also the founder of Logos Edge Advisory where he helps companies put practical AI to work. And he's a systems engineer by training and a formal naval intelligence officer.

      So he spent his career building and securing AI. Lots of work there. Great insights to come. He's also an outspoken advocate for AI that supports rather than replaces human judgment, especially in high stakes settings, which is a really hot topic that I hope we can dig in today. Welcome. Welcome, Michael.

      Michael Chavira:
      Thank you, Rachael.

       

      [02:14] Governance Is Not Security: Enforcement and Harness Engineering

      Jonathan Knepher:
      So, Michael, we've heard around that, especially around Axiologic, that AI is easy to consume natively but difficult to consume securely. And we know a lot of organizations have done a lot of things like putting in policies and AI councils in place, but that's not the same thing as actually securing AI.

      Michael Chavira:
      That's right.

      Jonathan Knepher:
      Is it?

      Michael Chavira:
      No, you're right, you're right. You know, so to me, when you're looking at the policies and I've been a part of numerous organizations at this point where they're talking about, oh, we need to come up with an AI policy, we need to come up with an AI strategy. Those things are governance that describes intent. It does what you want it to be true. Like securing the AI is whether the intent is enforcing enforcement at runtime, security in the stack, when a model is actually touching the data. But there are two different layers, and most organizations only have that top one. They're focusing on that one, the intent layer and then the enforcement layer. And so to me, you can't have one without the other.

      And so the enforcement layer, again, you're looking at what actually executes a model is running in a production, what's touching the data, the controls, the monitoring, things of that nature. You're looking at the boundaries. And I would say that a few years ago the big topic was prompt engineering. Everybody's like, oh, we need to just have better prompts, better prompts to do these type of things. And then over the course of that last year, it's been more context engineering, where you're building models around things, making sure that the system, the LLM remembers that project and how you build that context. And now it's been more about that harness engineering where you're building a system. And this is kind of where I kind of get excited about this because having that systems background is kind of what I've been advocating is you're looking at that harness engineering aspect of it, where you're building the system around the AI. So it doesn't matter what AI tool you have, you can drop that into your harness.

      It should run the same way. And so it's been pretty interesting seeing how things have been evolving over time. But to me, that's what you need. You need the governance, the intent, as well as the enforcement layer.

      Rachael Lyon:
      Yeah, absolutely. I'd like to come back to an interview that you were doing. Actually, I think it was beginning of June that was leaning into that. I think it was MIT Sloan, they had a stat come out, about 95% of AI projects fail. Then I guess the part of your conversation was how to succeed. But I found it really interesting that a fraction of enterprise data is AI ready. Most organizations rely on incomplete, biased or stale data sets. And Gartner saying poor data sets cost businesses about 12.9 million annually.

      So contribute to about 40% of failed business initiatives. That's crazy to me. I mean, are you starting, I know that was from October. Are you starting to see things change as people? I think there's a lot of learning happening, right? There's a learning gap. So are these learnings starting to the knowledge needs? Like, is it all coming together or are we still kind of fumbling our way through for a bit?

      Michael Chavira:
      I would say it varies. I was actually just up at MIT two weeks ago actually, and it's something. I'm always happy to go up there and learn more things. It was a small reunion that we had. And seeing what people are doing at that point, I feel that they're at the forefront of what AI is doing. And then I'm able to bring that information back and apply it into the different things that I'm doing in the office, as well as my writings and other stuff like that. I would say that yes, the data is the big issue. You heard the term garbage in, garbage out.

      That's kind of where that applies more here overall, where I think now we're looking at what data can actually do overall. What are those things that you need to look at in the data? So you need to secure the data. You make sure that the data is classified. If you need to classify it, you need to label it, you need to look at that data science aspects of it overall and how you. If you need to secure the data first and making sure that it is cleaned up and ready to use for the LLM or for the AI model, whatever you want to use for that. And so to me, that's the one piece that a lot of people are trying to do. They're trying to put the AI first, you know, and then they get upset. It was like, hey, this is giving me some wrong information.

      Like, why is that? And so all the AI is going to do is just find those errors faster. You know, it's going to find your. The things that you don't want people to find. It's going to find that faster overall for you if you're not cognizant of what's going into the model.

      Jonathan Knepher:
      So we've heard about, you know, keeping a human in the loop and you've pointed out a shift towards human on the loop. And, you know, I've also seen a lot of folks who have just an incredible amount of trust in the output of their AIs as well, and are just being complacent. You know, what's the difference in practice between these strategies and how do we make sure that people are staying in control?

      Michael Chavira:
      So that's a very good question. I mean, in the loop to me means a human reviews the output before it acts right on the loop means the system acts inside a defined boundary and that human supervises system. Stepping back a bit in the exception, the shift is from approving the action to governing the condition under which the action is allowed, if that makes sense. Right. So this tracks the move from prompt to context to harness engineering. So. So you're no longer looking at the output on every prompt that you give it. You're setting up the harness and you're letting the system run.

      This is more like these are the beginning parts of building agent tools, agentic AI, if you've heard about that, that's what they're trying to, that's what that means. So the human role is just moved up a level from operator to supervisor overall. So that's more or less that's what the human in the loop, human on the loop means on that aspect of it. On the part for the security teams, [inaudible], on the loop is not less oversight, it is, it's just different oversight overall. You're stepping up the reviewing the answers. You start proving the harness and your job becomes defining the boundary, instrumenting it and watching for the system to leave it.

       

      [08:54] The Generalist Shift and AI Complacency

      Rachael Lyon:
      So digging a little more on the human element. I'm curious in your perspective here because you're hearing, or I've been hearing a lot more about, well, now we can get to a place where we have more like cyber generalists because they are using these AI agents. And I mean, is that a long term model? People should be thinking to, if you're a cyber generalist, what have you and you're not a SME, let's say in kind of what the output should look like, what looks correct. Right. And also being aware of anything open source and vulnerabilities. And do you see that shift happening to more of a generalist versus specialist role in cyber because of AI?

      Michael Chavira:
      A little bit. I would say that you don't need to be an expert in any of these topics anymore. I would say like a friend of mine, he runs a software company. He says over the last three or four months everybody started vibe coding at this point. So vibe coding has become a big thing. And he's seen that he doesn't need to hire as many of the junior software coders anymore. The computer science people that are graduating from colleges, those positions are slowly dwindling away. And what has become more valuable to him and to other people as well is like guys who have already had established careers and they're seeing how they can see the beginning aspects of what the requirements are to the ending and they can see that whole system overall.

      They've had the experience building it. These are the guys that are actually doing a great job. And I would say that from a cyber. You know, I don't have a cyber background, but I know enough to know that, you know, hey, we need to look at securing the data, looking at, you know, the security elements of it. I've seen it from, you know, back when we were supporting the army, doing the intelligence, surveillance, reconnaissance stuff, I used to do like, you know, building those type of systems to then supporting some of the different agencies in the government space where you're looking at building the systems overall. And cyber has always been a big topic there. Right. And it's always been like how, you know, the different aspects of it have.

      Or the. My career path has given me different viewpoints to view cyber overall. So you don't need to be an expert, but you need to understand the basics of it. That makes sense.

      Rachael Lyon:
      Yeah.

      Jonathan Knepher:
      Where do you think we're going kind of further on that topic? Right. Because I'm, I see a lot of people, like, like I said before, like, complacency, complete trust in the output, even when the output's not really valid. Right. And one of my colleagues described it to me the other day as putting the burden of proof onto the next person down. Now, the recipient of all of this, or the person doing the next layer of code review is now having to validate things that tend to be also a lot more verbose than human generated content. Like, do you think this is going to get better or is it going to continue getting worse?

      Michael Chavira:
      I think it's going to continue getting worse before it gets better. And you remind me of an article I read. It came out a few months ago. Please correct me if I'm wrong, but it was called Learning Fast and Slow and Artificial. It was. Some Wharton professors came out with this and they ran some experiments where people were trusting the output of the AI over their own judgment. And so it was one of those things where once you become cognizant that this is happening, you really need to bake that into your system and you need to start looking at. That's why I'm a big proponent of the harness engineering and having that human on the loop to understand, hey, this is what you still need to think through this process.

      Don't trust the AI output complacently overall, you need to start looking at, you know, is this right? This is your starting point. You know, this should be speeding up the process. This is not going. This is not your solution. First off, first and foremost, this needs to be your starting point and think through that process overall. Don't just turn off your mind and just trust the AI. And I think that's where it's very easy to do that, I think. You know, I was just talking to a university professor friend of mine, he was saying that that's an issue running rampant right now in some of the universities.

      So it's just like you need to teach people how to think almost, right?

       

      [13:21] Securing the System: Zero Trust and Keeping Humans on the Loop

      Rachael Lyon:
      Yeah. I don't know if you've heard this phraseology, Michael, that what cybersecurity AI security is data security in the realm to your point. Garbage in, garbage out. If you don't have good data to work with, then you're starting at a disadvantage. However, with, with exponential acceleration of data creation, how can these organizations be thinking about how to secure data? Right. To inform their agentic outputs? And particularly with shadow AI, like what are you seeing on the shadow AI front as people just kind of want to go off on ChatGPT on their phone and maybe just put in a little code, little something just to see what comes back and you're putting it in a public LLM. Oops.

      Michael Chavira:
      Yeah. To me shadow AI is the same disease, just with a different symptom overall, you know, employees paste their data into public tools just like you're saying, because it's easy. You know, the sanctioned path isn't set up yet. Companies are still trying to figure out, you know, how to integrate AI. And I found very interesting talking with, you know, at MIT, talking to some professionals who are actually really far, far more knowledgeable on this topic than I am. And they say, hey, do you know how many companies have actually instituted integrated AI successfully that are large corporate businesses? And I was like, guess like 10%. You know, he's like, no, it's closer to zero. He's like, it is very hard to do this because you're looking at workflows, you're looking at changing training people, you're looking at, you know, the social technical system aspect of it.

      You're the socio-technical aspect, STS, where you're looking at how humans interact with technology and that's a big piece of it overall. When you just drop it in AI and try to integrate it without updating the workflows and updating how work is done and the training and the culture piece of it and having great leaders to kind of help you think through that, it's going to be really hard to adopt. And so those are things that are happening, but it's going much slower because people are running into these problems. And so yeah, of course the employees are going to go use a tool that they're familiar with that maybe already speaks for them or talks like them and not realizing the issue that they're having by leaking this data out. So you can't secure the model if you can't secure where your data lives and how sensitive it is and what it can reach.

      Jonathan Knepher:
      And talk some more about how to secure things given the non deterministic nature of, of all of the AI stuff. Right. Like normally, to your point, you would put all these frameworks in place and it would be pretty straightforward. And now who knows what's going to come out of any given query?

      Michael Chavira:
      Yeah, I mean, to me, I mean first deterministic just means the same input, same output every time. You know, I think that's important to define in the normal software cycle. This was something to expect. Non deterministic means when you ask the exact same question, exact same prompt and you get a different answer every time. And so it's very hard to do. And that's AI overall. So in security that means that someone's formally, you're looking at how to make that happen overall, how can you go about fixing that. And that's when you're looking at that harness engineering to go through and do those type of things.

      Right. And so that's why. So you stop trying to prove the answers overall, you're gonna prove the boundary. Does that make sense? You're gonna look at the system instead. Think of, you know, think of, you're gonna go hire a very, very sharp employee. You know, you're not gonna go and approve everything they write, everything they say to your clients. You're not gonna do that. You're gonna give them a job description, you're gonna give them the tools that they can log into and things that you cannot log into.

      This is going to be the same thing with the AI and that's kind of what that harness is trying to do, if that makes sense.

      Rachael Lyon:
      Yeah, I like that I haven't heard that before.

      Michael Chavira:
      Harness engineering, it's something that I would say it's become a new thing over the last month or two. I started hearing about it and when I started, I've been just staying up way too late learning more and more about this stuff because there's some people are like way out in front of these things and I felt that I was way ahead. And then like I said, I went up to MIT and just talked to some people there that seem to be even further ahead. And it's just been amazing as to what people are able to do with these type of things.

      Rachael Lyon:
      Absolutely. Another area I'm really fascinated with as well in the whole AI realm is basically overprivileged access. You need the AI to connect to your sensitive systems and all of these other things. But how do you put in where zero trust should apply relative to an agent and making sure that you're not getting access to something that maybe you don't need the HR payroll data as part of your finance report or what have you, but the AI agent has its tentacles into everything. How are you seeing that be managed? I guess because it seems like a tricky line to walk.

      Michael Chavira:
      It is. And you're going for that deterministic versus non deterministic, you know, set up, you know, so, and that fix is going to be continuous authorization, you know, so permission is not a certificate you earn once in frame on the wall. It is a live status that you have to keep going back and checking it out. So you wire the system to constantly report on itself, you know, and so, you know, I use the analogy like, you know, when you get your driver's license, you know, you take a test, use a driving test and you get a license and you're free to drive, you know, rest of your life hopefully. You know, think of it like a car that, you know, it gets, you know, it's self reporting on itself, it crosses the yellow line, it pulls over, it's, you know, it swerves a little bit or speeds up too fast, it pulls itself over. So now you're looking into those type of systems overall, where those are things that you need to be really cognizant of.

      Jonathan Knepher:
      And how do you maintain though, like a closed loop on this control? Right. Like, like I've seen, you know, as, as an interaction and process progresses. Right. Like, a lot of these models end up, you know, being able to call other tools, being able to search things and sometimes they, they go and search for a lot of things that are, is unrelated. But then now they have all this data in the context of a given transaction. Like that really feels like something that needs better control. But yet we want to be not in the, not reviewing every cycle, right?

      Michael Chavira:
      You don't have time to review every cycle. You have time. This is where that human is on the loop. And so you set up the boundaries, you set up the system and you give it those tools. And the minute it escapes that boundary of those tools, that's when you can actually go through. It's like, hey, what happened here? That's when the human steps in and looks at it like, I would never give a final result from AI to a client or to anybody else and say, that's pass off as my work. You need to take that and you need to actually go through it and make sure that it actually fits with what you have. Your professional background gives you that knowledge and that expertise and your experiences overall.

       

      [21:02] Getting Started: AI Assessment and DataSecOps

      Rachael Lyon:
      So I'm interested in the dichotomy, Michael, of. I think kind of what we're talking around here too is there are the organizations that are off to the races. They just jumped in both feet first and oh yeah, securing stuff. Yeah, yeah, we'll get to it. And then there are those who maybe have held back a little bit, right? They have the pressure for AI, but they're just not sure what to do, what to. And I don't know if today it's a 50, 50 split or whatever that number is, but how do you have conversations with those two sides, those two different CISOs, right on advocating for them, a path forward? How do you claw back and how do you get started?

      Michael Chavira:
      I would say to get started is doing an AI assessment first look at making sure you have your processes mapped out, making sure that you take a hard look at your data. If your data is living in different silos overall, it's like, how can you bring that data together? Do you trust your data? I was surprised to find when I started talking to different companies how many workarounds people were developing. So their data might be living in a database somewhere, but they've set up their own spreadsheet. They don't trust the data. They're keeping their own spreadsheet on their own, and they're tracking stuff on their own because they don't trust that or they don't know how to use those databases. You need to find out all those little intricacies of how your business is operating, you know, so mapping out the data, mapping out the workflows is going to be very important. And once you learn that, you can go through and you can assign your AI assessment overall and say, hey, this is where I think AI could actually be very helpful in my organization. This is where I think it would be very successful.

      And then start implementing there, run a pilot and come up with some ROI numbers as well to help you make measure that success. And ROI is not going to be how you've measured it in the past. It's going to be more like time saved. How much more work can be processed through the system, things of that nature. So I've been helping out a few organizations now doing that type of work and it's been fascinating seeing how people are working. It's things that I've just been used to doing on my own and seeing how things work in the government. It's very interesting to see how organizations outside the government are operating and you're seeing a lot of the same, same issues overall. You see the same workarounds that people come up with using Excel.

      A lot of people just don't write down processes, they just have it in their brain. It's like, oh, I know how to do this and I can streamline it by just going down the hall and talking to Jack down the hall there. He can knock it out for me real quick.

      Jonathan Knepher:
      Right. I love that there's always the walk down the hall and get stuff done.

      Michael Chavira:
      It protects their job. They look at it like, hey, if I get AI in here, am I going to lose my job? That comes back to training where people shouldn't have to worry about that. When you're looking to optimize the system overall, AI should be able to help you get those things done.

      Jonathan Knepher:
      So I want to talk a little bit as well about data SecOps and your view at it from Axiologic and what types of things are you protecting and help help our listeners and CISOs kind of understanding what they need to be doing.

      Michael Chavira:
      Yeah. So DataSecOps, it's short for Data Security Operations. Right. So the simplest way to say it is treat the security of your data as a constant running operation. The same way modern software teams treat shipping codes. Right. Instead of a one time checkpoint that you clear and forget. So you start with what you are protecting and is it not just one thing? The data you train the model on, the data it pulls in while it is running, the question, the context people feed it and the answer it sends back.

      Every one of those is a way in or way out. And most teams are only guarding the first one. So what are you protecting it from? Someone poisoning the data going in, information leaking out the model, reaching into a source that should never have been able to touch, and the system slowly drift away from how it was supposed to behave. These are all things that you should be thinking about overall. And so here's that part that matters most to me. And these pieces sit in a chain and each one depends on the one before. So if you label your data wrong, you grant access wrong, the access is going to be wrong, the model pulls the wrong things, and if it pulls the wrong things, the answer is going to be wrong. So you need to really think through that process overall and how your data is going to work through that.

      So it's going to take some time. And so you got to think of it like a kitchen. If you're a chef and you're used to and you're cooking somebody else's kitchen and you have ingredients that are expired or wrong, the dish you're going to make is going to be ruined. Right. So you got to think of it that way. It's like you got to make sure you have all the right ingredients, all the right setup that you need, all the right tools to cook that meal you want to cook and make sure it's done properly.

      Rachael Lyon:
      That's a good analogy. I like that I'm the world's worst of using things that are expired. So given the customers that you work with, particularly intelligence agencies and whatnot, I'm curious on your perspective. There was a couple executive orders that came out earlier this week, particularly around the supercomputing, supercomputers by 2028, scientific research, but also I think, sensors for certain aircraft, things like that. So when we start putting that together with AI, particularly for government agencies, where you got to get it right, because if you don't, it could be a very significant impact. What are the conversations that you're having around that?

      Michael Chavira:
      I was just writing a white paper for Axio on those type of things on AI initiative that's coming out. So I'm not sure how much I can talk about those things, not only because I'm not supposed to, but also because I don't know. But it's something that I just see how AI is being used and I see the procurement. There are requests for information that the government's putting out there and seeing that, hey, they're thinking more about this. They're definitely leaning more into how we get AI into some of these classified systems, how we can manage that. But they're going to run into the same problems that we're just describing during this talk about how, you know, once people get involved, it's not just going to be a simple solution. Right. You need to start looking at the processes, you start looking at the STS of the system overall. And I would say that, you know, the supercomputer, the supercomputing as well as, like the sensor systems and all that, those are going to be more data that needs to be ingested into the AI.

      Rachael Lyon:
      Right?

      Michael Chavira:
      Making sure the data is done properly is ingested correctly that it's labeled properly. All those things that we're talking about, it's going to really matter. And so it's all going to be part of that same process overall.

       

      [28:18] Regulation, Token Economics, and the Global AI Race

      Rachael Lyon:
      Okay. And just for grins. Sorry, Jon, I have one more follow up. I haven't seen a lot of discussion around this, but I'm curious on there's AI, there's quantum, and then there's cross domain information and how all of that can work together. I mean, is, is that even possible? I don't know. I mean, you probably can't speak much to that, right, given the different classifications of systems. But I've been thinking a lot about that lately. How do those kind of technologies get impacted?

      Michael Chavira:
      Yeah, I mean, I would say that I was a system engineer by trade and seeing new technologies come in, I always like playing with that shiny new toy and seeing how new technology is going to impact, you know, give you a new solution or impact the work that you're doing. And this is going to just be the same thing. There's always going to be something new that comes out. And as a system engineer, you got to look at it like, all right, how does this fit into my system? What needs to change? What training do your people need to get to do this? And if it's going to be the next great thing, like, you know, we definitely need to be in front of it. I would say that I was never an expert in cyber, but I've learned enough to know that what I need to do and what I not need to do, I wanted to do that more because I had employees who were talking to me. They were way more knowledgeable about this stuff than I was, but I wanted to make sure that I could hold my own. And so when you're talking about things like quantum, and I spoke to some quantum engineers recently and they're like, all this stuff is so boring. It's all statistics.

      And I'm sure to them it is. But you know, I'm still, I'm still a novice when it comes to those type of things.

      Rachael Lyon:
      Go ahead, Jon.

      Jonathan Knepher:
      I was going to ask on, on your, your answer about like the, the broad use of, of, of AI, do we, do we need more regulation or, or controls? Or are both government and private agencies just going to continue to kind of run without bounds until, until we run into a problem, right? Like, or is. Is there a problem that's even there for us to run into?

      Michael Chavira:
      I, I think that we're seeing some of that aspect play out right now. I say last year, it was about a year ago, I went to. I got certified. You know, I got certified in Europe, in the Netherlands for. Was a chief AIO officer type of training that they had. And I chose to do it in Europe because they had some very strict AI laws about what you can and can't do. And that's where I started really getting deep into the governance pieces of these type of things. I was like, hey, I think this stuff is going to really matter.

      And when I brought that up to organizations here and I went to a few conferences on AI and the sentiment was like, well, we have laws on cybersecurity that will handle those aspects. We have laws on privacy that will handle those other aspects there. AI for the last year or more has been playing a very big gray zone in the United States. And I think now we're starting to see those. The repercussions of not having true policies that need to be put in place. And I think we're going to see that happen over the next six months to a year. I mean, we just saw Fable get taken down after, what, three days, four days. And it was.

      They called. Called it a privacy security issue or a security issue overall. And was it Mythos was never even released or was given to, like, the government? I don't know. But there's all those things that, you know, it's like, hey, we're running into these problems now. They're only going to get exasperated more as time goes on.

      Jonathan Knepher:
      Do you think, though, that we'll end up with regulation, though, that also kind of protects the government use as well as protecting against, you know, commercial misuse?

      Michael Chavira:
      I don't know. It's. It's hard for me to say because, you know, I don't speak for the government, but I imagine where. Why we wouldn't do that. You know, I think Fable was taken down for a reason, you know, and I don't know what those exact reasons are at the moment, but I think it's, you know, there's got to be something there with the security. You know, if they didn't want the foreign nationals to have it, there's something that there's. There's a reason why. And so, yeah, I do think there's going to be some issues there.

      I think that token economics is. Are going to be another thing that. Oh, yeah, it's going to be a big topic of conversation coming up, you know, because, you know, we're seeing the issue, you know, all this stuff with data centers being brought up and, you know, data centers being built everywhere. And then all the resources being used behind that. And, you know, I don't think people made that connection. I was like, you know, hey, I'm using AI to make a video of a cat doing something, you know, some karate or whatever is like, you know, that costs, you know, this amount of money downstream or upstream, however you want to look at it. But people haven't made that connection just yet. And so I think that's going to be a big topic of conversation here in the next year or so about, you know, how this should actually be priced out and everything.

      So I think we're going to see some changes. But, you know, what do I know?

      Rachael Lyon:
      It's an interesting topic, though. I mean, I'm glad you brought that up. We were just talking about that last time about China's building data centers under the ocean and people wanting to launch data centers into space. And then the whole economics element in China, I've been reading a lot. They're using public LLMs because of the cost efficiencies of said model versus private. And when you start looking at those cost efficiencies, it's, you know, you're kind of doing a business calculus, right? And is it, is it worth the chance or can we put enough guardrails in place with a public LLM to make it viable? I mean, what's your perspective on that?

      Michael Chavira:
      I think, you know, I've been reading a little bit about the Chinese LLMs, and those are ones that I, I don't use for obvious reasons, but I am very interested in how they're doing things. And I. What I'm seeing is that I think that we've been running a similar race. We're not running the same race against China. China has been very much about, hey, we need to get AI integrated quickly into our business, get it quickly integrated into our everyday life. However, China is very concerned about what AI is going to say. And so that's been a big issue with them. Whereas on the US I think the race has been towards AGI and trying to get to that level of general intelligence.

      And so I think two different races. I'm not sure who's ahead or who's not. But then, as I've seen, I spoke to some friends from that part of the world and they're like, yeah, we have enough AI in the factories now that if we need to retool and change them out to be data centers for the nation, people would do that. And so it's very easy for China to get some of those things done. And change things up if they need to. It's a one party system, so it makes it a little bit easier for them. They don't have the bureaucracy and the two parties go back and forth that the US might have. So in some instances that's something that it's really interesting to see how they're doing work and how their models and their tools are working.

      You know, I'm not sure if you are familiar with the Manus procurement or the, the merger acquisition that was done with the, the gentleman, the Chinese gentleman who sold to, I think, was it Meta. They sold the, the Manus AI and then they, they were in Singapore and then they went to China. Now China won't let them leave, you know.

      Jonathan Knepher:
      Oh, wow.

      Michael Chavira:
      And so I'm not sure what happened with, with that. I think maybe the, the people. The acquisition was canceled, but it's something that, I mean those are challenges. I mean AI is creating a lot of positions, but it's also taking a lot of positions away. And so it'll be interesting to see what happens over the next few years on where it goes worldwide as well as within the United States.

      Rachael Lyon:
      It's like arms race, right? I mean there are significant impacts and consequences right. On how this plays out over the coming years. So I wish we all had a crystal ball so we could at least have a little sense of how it's going to turn out. That would be nice.

      Michael Chavira:
      It would be nice. You could invest a little bit here and there.

      Rachael Lyon:
      I don't know. Could an AI model do that for us? Could it crystal ball for us? I don't know, Jon.

      Jonathan Knepher:
      Well, probably better than other crystal balls would work, but yeah, it'll definitely give you ideas.

       

      [38:18] Michael Chavira's Path to Cyber

      Rachael Lyon:
      My eight ball. So we always kind of like to end our conversations. Michael, on kind of a personal note, we know the path, right, to get to cyber AI, all of those elements, it's not necessarily linear. When you were a young chap in middle school, were you dreaming of all these things and you're making your dream come true or just life kind of brought you these opportunities and you, you followed this journey to where you are today?

      Michael Chavira:
      Yeah, I would say it was my journey was kind of like Forrest Gump. Like I never, never thought I'd end up in the D.C. or Maryland area. But you know, the military brought me out from Wyoming. It brought me to the D.C. area and I ended up staying here. I built a great career, made some great friends and family, and I'm on the east coast now. There's a big part of me that would love to go back out to Wyoming, and my parents are still out there, and I miss the West.

      It's something that I really enjoyed, but at the same time, the path. I've always loved school and going to school. I have three master's degrees. It's something that I just continued going to school for a while, and then I stopped. And then now that my business has gone to a reasonable size and I have a great team behind me, I was able to take some time and pursue that doctorate, something I wanted to do since I was a kid. So that's why I got so deep into AI, because my dissertation and all the different things I'm doing is all about AI integration and how it should work and should not work and why, all those reasons why not. And so it's become a great passion project for me.

      Rachael Lyon:
      Nice.

      Michael Chavira:
      So, yeah, I mean, I've enjoyed it so far, but, yeah, we'll see what the future holds here soon.

      Rachael Lyon:
      It feels good to learn as an adult. I never thought I would say that in my younger self, but going back to school, getting. I went and got back my master's in 2019, and my brain said, thank you for learning. And that's what I love about AI and cyber and all. You're constantly learning. I can't think of other professions where you necessarily have that opportunity.

      Michael Chavira:
      No, you're right. And it's having that learning mindset. I think it's important. And I've tried to instill that, you know, with the teams that I'm supporting, you know, we might have a setback here and there, and people are down. I always try and say is like, hey, well, what did we learn from this? Like, it wasn't a. You know, if. If you repeat it again and we fail again, then we didn't learn anything. You know, we need to, you know, what did we learn? Let's share it.

      Let's. How can we fix this so we don't, you know, don't make that same mistake again. And I think having that learning mindset is important. And so I like going back to school. I like doing some executive education here and there. You know, going to Sloan at MIT was a dream school of mine, you know, something I never thought I'd be able to get a chance to do, and I'm glad I did. But it's something that, you know, over the course of time, you know, I've just continued to learn, and I don't know what's going to happen after the doctorate, you know, because I don't. I don't see myself stopping.

      But I will not be getting another doctor. It's a lot, but it's a lot of work. Yeah, it is. It is.

      Rachael Lyon:
      What is it with the doctorate? Publish or perish, I think. Is that what they say?

      Michael Chavira:
      It is. It is. I'm fortunate enough that the topic I chose was obviously AI. It led me to talk to you, too. I put some posts out there as I've gone down to Florida. I spoke down there. I was just asked to go to speak on my dissertation in Spain. So I'll be doing that in a couple of weeks.

      Rachael Lyon:
      Nice. Yeah. Is the World Cup still happening then? When you.

      Michael Chavira:
      The World Cup is on right now. I'm watching it.

      Rachael Lyon:
      Yeah, no, I know. I don't know. How long does it run? I don't really follow it. I just learned about the Viking, the Premier. The Viking, Erling, whatever. I mean, I was like, wow, I'm learning a lot about soccer right now.

      Michael Chavira:
      But, oh, no, we love it. I've been a huge soccer fan and I'm really fortunate. Like, I live an hour, 20 minutes from Philly and Monday, this has been a long week for me because Monday I took my son and my wife and we went to Philly to watch a game. And so it was a. It was a great experience because my. He's nine years old. Eight years old. You know what? Eight year old gets to go watch the World Cup game.

      I mean, I'm, you know, 47 and I'm watching my first one now, so that's awesome. I kept telling him, I was like, man, you're a lucky little kid. Lucky little kid. And all we wanted to do was go kick around a football and stuff.

      Rachael Lyon:
      That's awesome. Yeah. It's such a great opportunity. It's. Yeah. But I wish I knew more about soccer. I just kind of get bored myself. But I think in person it always makes a big difference.

      Like basketball games when you have courtside seats, it's a very different experience than on tv. So. Yeah, huge difference.

      Michael Chavira:
      No good.

      Rachael Lyon:
      No, go ahead.

      Michael Chavira:
      No, I was going to say, like my business partner Tom and I, big soccer fans. So we used to have seats at D.C. United and we got, we were able to get field seats for a while and I took Eli to, to a couple of games where we're on the field and since like when we were at the World Cup game, he's like, why are we not on the field? But those tickets are a little bit more expensive.

      Rachael Lyon:
      But if the ticket gods are listening. Yeah, we want to manifest field seats again. That'd be great. Well, thank you so much, Michael. This has been a lot of fun. I appreciate your insights and congratulations on the doctorate. That's a huge, huge achievement.

      Michael Chavira:
      Well, thank you.

      Rachael Lyon:
      And to all of our listeners out there, Jon, you want the drum roll?

      Jonathan Knepher:
      Smash that subscribe button and you get

      Rachael Lyon:
      a brand new episode every single Tuesday. So until next time, everyone stay secure. Thanks for joining us on the To The Point Cybersecurity Podcast, brought to you by Forcepoint. For more information and show notes from today's episode, please visit forcepoint.com/podcast and don't forget to subscribe and leave a review on Apple Podcasts or your favorite listening platform.

       

      About Our Guest

      ttp-370-Michael_Headshot-square

      Michael Chavira, Founder & CEO, Logos Edge Advisory

      Michael Chavira is the founder and CEO of Logos Edge Advisory, which helps small and middle-market companies deploy operational AI that delivers measurable returns. A systems engineer and former naval intelligence officer, he has scaled an organization from two to more than 300 employees, generated over $90 million in annual revenue, integrated strategic acquisitions, and served on boards advancing the responsible use of AI.

      In 2009, Michael co-founded Axiologic Solutions, a government contractor providing AI, data science, cybersecurity, and engineering services to U.S. defense and intelligence agencies. His experience combines strategic planning, technical expertise, and hands-on operational leadership.

      Michael advocates for AI that supports rather than replaces human judgment, particularly in high-stakes environments. He also speaks to universities about developing curricula that combine practical AI use with critical thinking, responsible decision-making, and creativity. He serves on the boards of American University's Kogod School of Business and Ashland University.

      Michael holds a BS in mechanical engineering, an MBA, and master's degrees in systems engineering and finance. He is completing a Doctorate in Business Administration at Drexel University focused on executive leadership, AI integration, and strategy.

      Born and raised in Wyoming, Michael enjoys camping, hiking, and spending time outdoors with his wife and three children. His philanthropic roles include Chairman of City Kids Wilderness Project, Strategic Chair of the Buffalo Bill Center of the West, and Executive Board Member of Scouting America's National Capital Area Council.

      Check out Michael's website, LinkedIn, Instagram, or YouTube Channel