Positioning for the Near Future
Digital Assistants for Product Selection
Watching the new “podcast” from the partners at Y Combinator may induce some cringes. But if you can wade through the self-importance of the gatekeepers there is some underlying truth in their excitement. At one point Garry Tan says he believes that LLMs and Generative AI may recreate every type of enterprise software! That is about the extent of their imagination—take an existing solution and inject some AI and you will have the next billion dollar business.
That gave me pause. In the space I am lucky enough to be in at just the right time there is NO existing enterprise software. The industry analyst business, comprised of Gartner, Forrester, IDC, Omdia, 451, and hundreds of others, is based on services and content. No software.
Two decades ago there was a software platform. Gartner acquired DataQuest in the mid-90s which had a data platform. But that is long gone. There are various attempts at social proof solutions like Gartner Peer Insights, and G2, but let’s face it, those sites suffer from the same abuse as Twitter and Facebook and are as reliable for actionable information.
The IT-Harvest Dashboard began as a simple idea. I had put thousands of hours into tracking and curating data on thousands of cybersecurity vendors. We assumed that others would find value in having all that data at their fingertips. Industry analysts, VCs, PE firms, corporate development, OEMs, and those selling to cybersecurity companies, have found us and signed up. We have a page for every one of the 3,800 cybersecurity vendors that looks like this one for Fortinet
In many cases our product descriptions are *better* than those on the company’s own website.
In December of 2022 our CTO, Maximillian, had started to work with OpenAI to see if we could get a large language model to categorize a vendor (it can’t). But along the way he discovered the true power of generative AI. [The same thing Ken Kantzer writes about here.] We had a single json blob of the structured content of all 3,000 vendors’ websites. He fed that to GPT3.5 and asked it to return a description of each company. It would take me an hour to write a single description and I doubt I could write more than three or four in a day. GPT3.5 wrote 3,000 descriptions in 72 hours at a cost of $450.
We went through several rewrites after that, always improving the prompts to return less effusive language and dissuading hallucinations. Last April we could not resist and announced SOCrates, a chatbot that could interact with our data. It is amazing what happens when you link your database to a large language model.
We just re-launched the Dashboard because we are adding product search. We have ingested 10,340 products so far. Thanks to GPT4 the process is a lot simpler than before. No Langchain, or Pinecone required. For each product we capture name, description, and features. We also align the product with Mitre ATT&CK Techniques.
What started as a simple Dashboard for accessing curated vendor data has evolved dramatically in two short years.
We are building enterprise software to disrupt the traditional industry analyst paradigm.
And yes, we are building it with the help of large language models.
Last week I was in Baltimore for the Global Cyber Innovation Summit, an invite-only event that invariably hosts speakers I do not see anywhere else. The audience was Fortune 200 CISOs. This year’s event concentrated on the disruption that AI was bringing to the cybersecurity industry. My one take away? LLMs will continue to grow in power for at least three years. Specifically, in twelve months they will be 10X as powerful and in 24 months, 100X.
I may not know the full capability of GPT4-Turbo today, but a ten times improvement in reasoning and capability in twelve months is going to have a positive disruptive impact on everything. We intend to be ready for it.
Imagine an AI assistant that knows everything about the segment of cybersecurity you are interested in. You can hold conversation with it by text, phone, or Zoom. Over time it learns to understand your organization and your tech stack. It can recommend the best products that will fit with the rest of your stack. It will identify overlaps in capability that could lead to cost savings. It will see gaps in your defenses. It will reach out to you when a new attack technique could threaten your current architecture and suggest changes.
Wait a second. There is an area of enterprise software that IT-Harvest fits into: Decision Support. According to Wikipedia the key elements of Decision Support Software are:
DSS tends to be aimed at the less well structured, underspecified problem that upper level managers typically face;
DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions;
DSS specifically focuses on features which make them easy to use by non-computer-proficient people in an interactive mode; and
DSS emphasizes flexibility and adaptability to accommodate changes in the environment and the decision making approach of the user.
DSSs include knowledge-based systems. A properly designed DSS is an interactive software-based system intended to help decision makers compile useful information from a combination of raw data, documents, personal knowledge, and/or business models to identify and solve problems and make decisions.
The IT-Harvest Dashboard already provides all of the above for security architects looking for a knowledge base of cybersecurity products. But we did not “inject LLMs” to make it relevant. We built it with the help of large language models.
Once GPT5 is born watch for an upheaval in decision support software. IT-Harvest already has the only database of cybersecurity products. Our digital assistants will be better informed than any human will ever be. Imagine having a decision support assistant that knows everything!
If you want to discuss your use case request a demo at dashboard.it-harvest.com
https://www.nytimes.com/2024/04/10/business/investment-banking-jobs-artificial-intelligence.html
Ahead of the game again. Cyber decision makers need to use your solution to make better, more informed assessments of their IT environments.