⁓ last night at 11:30 p.m., I submitted a issue and proposed an approach for how we're gonna tackle a problem. We are working on a new product here called Otto a super agent. And one of the challenges we have is we have a core team moving really fast, and we have some developers further out, and they are working on larger, chunkier PRs. And so we need an automation to signal what's going on, key decisions, and

researching who's impacted and then propagating out targeted information the changes that may be relevant to them. But these are way upstream of PRs. These are changes in planning process and decisions, architectural decisions. And I submitted a proposed approach for that last night. So do stand up a little later and see if they're gonna take my approach.

⁓

That's fantastic. How important is it for management or for you in your role to still be in touch with code? ⁓ You mentioned in a different level maybe, how much time do you spend in your calendar for this and how important is it for you?

I

spend more time in code now than I've spent in years. I think that decades even. I think that ⁓ I know a lot of senior folks that ⁓ suddenly feel like they're back close to code in a way they haven't been in a long time. Because ⁓ there's sort of been a great flattening. And ⁓ it's very easy for a leader like me and and you to go and see what's going on across the org and you know, branches being worked on and ideas being planned and metadata on how fast different teams are moving and what they're working on. So

I think there's been kind of a great ⁓ flattening of orgs and people are feeling closer to code. And then I can't tell you how many execs I've met, not even not the like former developers like me, but just in other fields that spend their weekends, you know, trying AI and coding things and vibe coding apps and trying things. And ⁓ the the great news is it's like an ex an explosion of excitement in code. The scary news is a lot of those execs think deployment and operations is easy. So

You know, it's ⁓ that's I think we'll probably go deep on this.

Yeah, probably I had some, some cool topics that we might touch later. ⁓ I have another format in the podcast where I asked my guests, ⁓ about a question that I can take over to the next guest. And, ⁓ I spoke in my last episode to Golo Roden. He's an co-founder and CTO of the native web.

And we were talking a lot about AI, obviously, and we were segueing out to the educational system and how education would be impacted when AI plays a major role. And the question for you would be, if you could redesign the education system from scratch, what would the future of education look like for you?

Yeah. ⁓ I really believe in the foundations. I just I just have to tell ya, ⁓ it's it's I ⁓ I had the privilege of both a lot of like hands on technical stuff and more of liberal arts of reading and writing and English and history and and classes like that. ⁓ I I still think the foundations are there. I think I think when people get into trouble or when they think only one thing will save them, you know, ⁓ I can be

maker and just use AI and then that's gonna like get me through my career. ⁓ or I can just do the humanities and all the AI all the AI will take care of all the code all by itself. Or I'm just gonna go really hard on the tech and never learn to write and never learn how to make a critical argument and a persuasive piece of writing or a presentation, never learn how to tell a story. And I was just surprised, you know, the the pieces really come together. So my my wish for the educational system is they

Keep sticking to balance and avoid the short-term trap of like, well, we need to kids teach kids to do X or teach Y one thing, if that's going to equip them for the workforce. I'd say I'd say a true story. What's hot right now? Okay. core AI scientists, right? What do they do? CUDA kernels, matrix math, you know, KV cash optimization.

Okay, it's almost the same work I did in computer graphics when I was in grad school in the late nineties. And when I was in Austin in the late 90s at UT Austin, ⁓ I got a master's there, they had AI and they had graphics. And we did the same math. And the graphics people, you know, had like did Hollywood and oil and gas and stuff, and the AI stuff went nowhere for a long time. It was the same math. So, you know, learn the basics, it'll carry you really far.

If you come out and you just learn one narrow thing right now, like you just learned, I don't know, CUDA for kernels, that's the hottest thing in the world right now, but in a few years it might not be. So, you know, stay you know, use your breath, tr learn different things, and don't forget all those soft capabilities like the writing and thinking and learning. It's super, super important in the long run.

Yeah, I agree. I see the thinking process is very important and writing is also a good way to organize your thoughts and the things. But on the other hand side, I read that knowledge is going to be a commodity. So I don't need to learn everything. I just ask the AI and do you agree with that, that we have to be on a different level with our creativity and have other...

What you

key factors that are more important or do you see that's not the case?

well you've worked in big organizations, so you'll know like it's it's an art and a science to move an idea through an organization and get demand for it. It's not just writing. ⁓ it's interesting. I I see early career people sometimes that want to get their idea through. And so they write a lot. They use AI and they write a lot, and they come to me and they've got a 12-page document explaining their idea. And it's like, this this could have been a paragraph, a really well thought through paragraph. And AI will happily write.

twelve page doc explaining why idea is good. It has a very hard time getting it actually to the the diamond heart of the essence in a couple of sentences. And I think that just creates a a ton of opportunity for all of us. I don't know. I don't know, you see bigger docs? Yeah. Yeah.

Yeah, I do. Yeah,

I see a lot of floating stories and ⁓ I tend to like the one or two lines which have the essence and don't need to fluff around that. So maybe this will be a good point to go back to the basics, right? Totally agree.

Yeah.

Yeah.

Yeah, I also saw a post of you, and I think it was LinkedIn with a video that you say, ⁓ the kids are going to be fine. So no worries, they learn ChatGPT today. They know how it acts, how it hallucinates, and how to use it. And they will teach us later. With this conviction, do you still today ⁓ think kids or your kids needs to learn how to code? how would you?

I didn't push my kids to learn how to code. I had ⁓ two, I had some of my kids were interested. One of them went pretty deep on it, but then did not make that their field, but then is now using it more and more in the in the field that they've chosen. So ⁓ you know, like I think under every good coder is like a a bunch of feelings and personality and opinions and interests. And a lot of those interests are

problem solving and pulling things apart and uncovering how things work and putting them back together and b taking their own idea and building them. And I think those feelings are underneath that those latent feelings are underneath the coding itself. So we I don't know if we were great parents, but we try to like really emphasize that. So like find their joys and interests and passions and that so far, so far that's worked pretty well. So ⁓ I think people that are really passionate about learning how things work will end up in code. You know, they may start in ChatGPT or whatever, but they'll end up in code. ⁓

It's pretty easy to start in Replit or a Vibecoding tool and get something. You very quickly are into code when you get deeper and you wanna like make the thing work to bend your well to to do something. It's very easy to generate a whole lot of code with Claude Code or Codecs. ⁓ it's very hard to make it less code that works. So ⁓ I for teaching I think people should be really encouraged to

learn things deeply and learn technical things deeply when they really interest them. But I wouldn't just jam someone and force them to code against their will. I'd let them let the let the let it pull them in.

Yeah, fantastic. And ⁓ like you said, the code writing part is not the only part when you are ⁓ a programmer or something. It's more like understanding how systems work, talk to your customer and understand the requirements, think in systems and things like that. So that's fantastic. ⁓ For listeners who don't actually know Workato what is Workato doing and ⁓ who are your customers? Who are you helping?

Yeah, ⁓ we're an enterprise agentic orchestration company. We've been doing integration orchestration for 12 years. We're a fully AWS-based, AWS-based cloud-native multi-tenant integration platform. The core idea was that it could be a heavy-duty integration platform that really moves data and events from system to system reliably, dealing with all the issues of scale and API semantics and retry and error handling and.

Format conversion and data transformation and field mapping and rollbacks and item potency. We would do all that stuff. So customers and developers could worry about I need all my leads to flow through from our market system into my sales automation system. When we get an order that it goes through all the processes needed to turn into cash, we can run companies treasury and people operations. ⁓ we're we're a horizontal multi-tenant cloud platform. We

work with more than twelve hundred different applications we've native connectors for more than anybody else in the world. And customers build primitives called recipes, sort of a automation primitive in a low-code environment that, you know, ⁓ uses our configures our runtime to take events and take advantage of connectors and transform data through. So this has proven to be just like a great business with like customers like Vodafone and Toyota and ⁓ L'Oreal and

Aon and ⁓ Visa, Atlassian, like sort of I like the A to Z of companies use us to ⁓ help run their core operations. The thing that's been really exciting over the last two or three years is that is a really important foundation in which to build on tools for agents. Agents are incredibly great at cognition and they can write code and connect to systems and stuff, but they make mistakes and they don't always follow business processes. And a big part of a business is ensuring.

That your people or your agents follow business processes and onboard a customer the right way, or ⁓ pay an invoice the right way, or ⁓ ensure an employee's onboarding you know goes through all the required legal steps and documentation steps and they can be audited to that effect. So we do that and we offer those as tools to agents through an enterprise MCP layer. And this business has just absolutely taken off because companies over and over again say, we have all these different systems. In many cases, they have.

Business processes running in Workato. Now they're gonna bring in all these different agent projects. And their agent projects are pilots using service credentials connecting directly to ⁓ you know, production APIs, which is like every word in that sentence is wrong. And so they come to Workato for a governed enterprise MCP layer that offers tools over all their existing systems, processes, and APIs, and they can use different agents against those enterprise MCP service. And so we have.

really bet the company on enterprise MCP and orchestration is our our go forward and it's been great.

That sounds fantastic. And I think there are lots of words that you mentioned that I want to do a double click on it later. But for now, if you speak to your customers or if you look into the companies, what do you see? Is ⁓ it just personal efficiency and optimization for personal stuff like emails, PowerPoints things like this? Or do you see real world use cases that face end customers?

Yeah.

And what do you see when you go to do your companies today?

Yeah, that's a great question. Well, I I was in Europe last month. I met with about 50 customers in a series of meetings and events and stuff. and the theme I heard, customers and prospects, just you mix of current customers and people that are not workado customers. And the theme I heard was there was a lot of AI energy, a lot of ⁓ support from senior leadership, push from senior leader to leaders to figure out AI. And they'd done a lot of pilots. And all those pilots had kind of gone okay.

You know, they could kind of get data in statically, or you know, do like a data dump or run some things in pilot, but they they're really struggling to get a ton of value beyond sort of the first pilots. a lot of chat products that were giving them sort of minimal access to data, no mutations, you know, not doing rights, not starting a business process. So ⁓ ticket like

identification, but not then like carrying through the ticket to completion, like then, you know, running the ticket process through completion to get a ticket closed out for customer support or things like that. So they're kind of stuck at the early stages of pilot and low impact activities. I think candidly the Microsoft stuff hasn't you know was in in Europe certainly, ⁓ you know, Microsoft's got an amazing footprint with Copilot and ⁓ three sixty five and all these things and amazing products. I I worked there almost a decade. So huge respect.

But I think the combination of those products just kind of being available to people, maybe not with enough training and not enough infrastructure support to enable them with the capabilities to do things. People were doing things like summarizing meeting notes and drafting emails and taking a meeting and then sending a with a customer and then responding to the customer with a summary and useful things, but not really the promise of AI. And so we start to show we see some of our customers around the world doing with.

You know, MCP servers ⁓ running core business processes. We have a technology in Workato where we can carry out work safely on behalf of the user with their credential, their token, as opposed to a service account. It's hugely important because now suddenly agents can work safely on behalf of a user as opposed to having over provision them and and run a lot of risk. So we're starting to see customers in our ecosystem doing pretty extraordinary things with enterprise MCP.

And then enabling their agents to do new things ⁓ and and really resolve you do ticket deflection for IT, like with our customer, like Samsara does IT support and does ticket deflection and and routing and escalation. ⁓ customer support, one of the largest ⁓ retailers in Korea uses us for customer support. In that case, it's an agent assist, so it's intent and then starting the business process, but there's still a human customer service in the loop. ⁓

But in more and more of those domains, what it starts to look like over and over again is the ingredients that let the agent have more value in the company is letting it do work. And to do work, you have to add some security and governance and structured business process and sometimes human in the loop or escalation rules. And that looks like business process, which is what we do. And so that that bridge is working really well for us.

So that's a good match. What you mentioned two sentence before is, that people just try to optimize the meeting notes that do this and things like this. And I had a former podcast guest, to say that % of all POCs and use cases will fail and 30 % should make up for the 70 % that fail.

Yeah.

And when you see all the use cases and you work internally, what is actually a really good AI use case from POC? What makes it a good use case and what is just, you know, fiddling around with tools and ⁓ making just another chat window.

Yeah, yeah. Yeah. Yeah.

Yeah. We we had an interesting journey. So two years ago we built products called so we started building products called genies. And genies were ⁓ autonomous agents that could ⁓ take input like from a user via chat or for a business event and then ⁓ select and use, come up with a plan, select and use different tools like workado recipes. And we use those internally for IT support.

We have a license optimization genie that helps find like unused Microsoft or Salesforce licenses and propose the user move to a read-only license or move to just use dashboards of actually having a full product license. We've saved customers millions of dollars of that, actually. That's been great. And then and then so that work has worked really well for us. The genie strategy has worked well for us. And then we layered on top of that in a year ago, just over a year ago, we launched Enterprise MCP with Anthropic in New York.

But and we load it out to all of our employees, for example. But we didn't really get takeoff until in the fall. We added MCP servers for our core systems. We use Salesforce for CRM, Marketo for Marketing, ⁓ High Spot for content that like our customer-facing folks use, like PowerPoints and all their like marketing collateral. ⁓ we use a tool called Gong to ⁓ record calls with customers to make sure we get notes and track follow-ups and can share it with them to cover the.

Presentation. ⁓ we have a product called Data Genie that provides a semantic layer on Snowflake. So basically Snowflake for all operating data. And then all these MCP servers work with my user permissions, and I have pretty broad permissions as a leader at the company. Our employees went to town with Claude and Enterprise MCP because suddenly, when their agent had access to all this different data and business processes, it was amazing. The I I was at a dinner in New York with customers and a sales manager sitting next to me showed another customer.

Look, here's how have my guys, my sales reps, run their territory. And he shows his phone, he shows these dashboards he built on his phone. And the dashboards were like the state of your customers, what's going on with them, ⁓ things that you know they've said in the press they're trying to achieve, their current consumption of our products, the the last meetings we had, the follow-ups we said we'd do. It's like a daily kind of focus. And he said, I had Claude build this for my sales reps.

And it prompts them every AM to go do their job and use this. So this is a sales rep on a mobile phone that's vibe coding, MCP, agentic, business. I mean, like amazing, right? So yeah, all together. So, you know, when you get it together and you and you get it in a format, there's a lesson there. You get it all together and you get it a format that a user can really interact with. It's like magic and they're very creative. Back to that creativity point that we were on. And so we found enterprise MCP in ChatGPT and Codecs and Claude and Copilot just

⁓ All the boxes checked.

light up the use of those products. And so we make a strong recommendation to our customers to add enterprise MCP from Workato into your products, into your chat investments, and your chat investments will go up and generate more value. And our evidence is, you know, we've done this with customers. Our internal use went up a thousand percent in a hundred days. Same product, same AI product, the AI model didn't change much, but when we got all these enterprise MCP tools in, like our usage went through the roof.

And that's, amazing. Thousand percent is just huge.

It was

it was it was eleven hundred percent. It was absolutely unbelievable.

Yeah. But going to your points back, when you see the enterprises right now, everybody is fiddling around with POCs and agents popping up somewhere. the security thing that you mentioned is like not really in control and we have just the wild west. ⁓ what do you think is really necessary to get this under control? Is it all only technical or is it also on the business side?

Yeah, yeah. We're at the like web apps directly accessing databases phase of most companies AI agents architectures. You know, like the web app is like, I need to get this data, so I'll just like manipulate the tables, you know, like and make mutations. And I think we've all learned, the those of us have been doing this a while, that you like you you want an a a layer, an API, you want like a clean separation of concerns.

education.

Mm.

That you can scope and manage and govern. And and that's true with like APIs and REST and SOA and like all these kind of principles over the years have all been those same one idea over and over again, which is have a governed layer that is the interface between your agents or y and your and your back end and your business processes. MCP is a really great protocol for that. It probably won't be the only one. That's just, you know, A2A and others will come up. That's totally fine.

But have yourself a layer in between your agent dreams and the reality of your platform.

Yeah. So you think the separation of concerns is something that we need to implement. You mentioned also some other building blocks for security and compliance. Maybe you can elaborate deeper on that. So in your security layer, what do we need to, what are the governance building blocks for running AI MCP smoothly?

Yeah, but this like a debate too with CLI also. It's like if you're making agents, your team's making agents, you're buying agents from vendors, like all those things are happening. Like how do they work with data? And you just you have to comply with corporate policies, or they can't do any kind of high risk operation. So, you know, they have to ⁓ be appropriately scoped, they have to be monitored, they have to be observed, you have to know what data is going in, you have to be able to trace it for an audit, you have to be compliant with regulations. And so you're gonna need identity integration, you're gonna need logging.

You're gonna need actions on behalf of a user, not over-privileged service roles. ⁓ you're gonna need ⁓ OAuth like protocols for for a user to prove who they are. You're gonna need token caching and secure token storage with a platform you trust. Don't don't trust the developer to both manage tokens, secure them, you know, skeep them secured in some vault somewhere, you know, in a safe way, keep them out of the agent's reach. The agent can't go malicious and do something.

And then also handle all the token refresh that handles the quality of life stuff. So it's just, it's it's a long list of things that are a lot less fun, that have to be done and have to be done right. And the best way to do that is with a layer that enforces all that. So we call that Enterprise MCP. It's really easy because MCP lets the clients do it. The end users can OAuth, use ChatGPT or Copilot, whatever they want, OAuth into the different apps that they use, SaaS apps they use. Workato will persist that token. And then when the agent wants to

Work on behalf the user, it uses securely uses that token. We can monitor everything, we can apply policies in there. We've some new products like Otto We're starting to apply richer, like LM as a judge. You can put this layer on top of your existing apps, databases, MCP servers, Workato recipes, PEGA, like whatever you have, you can put this right on top of it and have one place to look and observe all of it. It it it

It logs out to ⁓ OTEL, so OTEL compliant observability. So use your observability platform if you want. ⁓ you can trace and learn how things are going and suddenly know how all of your agents are working and have confidence that no matter what vendor they're from or the maturity, the engine team that's building it, that they're always getting access to your data and systems one consistent way that you are control of the policies around that.

Yeah, hear a lot of people mentioning something like an enterprise AI control plane or something like this. Is this what you're referring?

Yeah. Yeah. You

know, yeah, absolutely. You know, I think that, you know, that everybody likes to have fun with terminology, you know, and the as the vendors try to figure out the space. Yeah, everybody is promising that they're gonna be the horizontal thing that secures all the agents and then making a bunch of promises around that. And when you dig into it, they're kind of promising different things in a lot of cases. So I saw a Microsoft product and the product was really what it was doing was monitoring desktop software for

Cowork like products running on your desktop, which sounds like a really important component to have, but that is not the same as like an enterprise-wide control plane for agents. That's like a Windows desktop monitoring thing. I don't know. It's important. If you have doesn't do anything if you're not on Windows desktop. So, like like does not totally seem like a complete solution, but I'm sure they will add many more pieces to to their solution. Their Microsoft. They do a good job of stuff like that. ⁓ the way we look at it is it's not just ⁓

It's not just a registry and it's not or an installation thing or an IT database thing. I think ServiceNow is doing it that way. It's not just a Windows desktop thing. We think of it as control and execution. We actually want to be in the data plane that it's not just data for reads, it's and and writes, it's mutations, it's running business processes, ⁓ it's changes to policies. So it is, we wanted to, we believe there should be a layer.

An agent control and execution plane that all the work actually flows through. So not just discovery, not just identity, but that the work really flows through. And that's what MCP gives you. Like if all those operations and tool calls go through MCP, that really is your control and execution plane. And that's what Workato Enterprise MCP is about. There'll be others, you know, ServiceNow will say bring everything in. Salesforce say bring everything in. The hyperscalers, AWS and others will offer more pieces in their world.

we look at it as a really neutral horizontal plane and for some customers we think that'll be a really good fit, right, especially in that enterprise MCP layer.

And do you believe that there's just one layer and because the industry is moving so fast and it could be rigid to be just a single, I sometimes think of a single point of failure there. If you don't move fast enough, protocols change, things change and it's also a hard call to integrate in everything, especially in huge companies. So how do you deal with that?

Yeah, yeah. Yeah.

That's why I need integration.

I like that's where we started is the integration platform that solves problems like that and keep things integrated. Yeah, you know, always ⁓ I heard a lot of companies that worry about one vendor and then they are big in AWS and don't have a or Microsoft and maybe don't have a, you know, like an overnight path out if they really had to. ⁓ I think that you take I think in any in any in life and in tech, you take bets and you take bets on things you can trust.

That solve your problem and look like they'll be a good partner and good technology and have a track record. And so we try to do that. You know, these other big players do a really good really good job also. ⁓ I think it to your point specifically, I do think ⁓ hyperscalers are a really key ingredient here that are gonna be a big part of this. I think customers are betting at the bottom. I think IDP, you know, the big IDP players, identity players will will continue to be really important providers, you know.

Whether it's Microsoft or an Okta or somebody else. ⁓ companies really rely on that. Identity is really important in all this. I don't think that'll go away. Observability and logging, companies have found strategy and companies they like. The interesting thing about the agent space is that's the space where things are changing the fastest, where all the different I don't know, like I think Microsoft has both a a copilot, a next gen copilot, and they licensed co-work from a comp you know from Anthropic. So

Even they, you know, even internally there are many to choose from. A company like Microsoft, many choices. So it feels like it'll be a fast moving space. And that's one more reason to say, like, if this layer is really fast moving, we better have a layer here that that works with all of it and lets us swap this stuff out and evolve fast. Match that, match that rate of evolution.

Yeah.

Yeah,

so decoupling is the key thing here. When you work with your prospects or customers or the people you see, the companies you see, I bet not all of them are adopting that layer. What do you see our people who are far in that AI game doing right? And on the flip side, what are the learning fields that you see when people are?

starting with AI and not seeing the effects that we see. And probably not only from integration part, but overall.

Yeah.

⁓ I think you know, every company has a different place of their journey, and then inside there they're do the humans are a different place in their journey, the teams are in different places their journey. It was pretty fun. We we we're a member of the Agentic AI Foundation, the AAIF. We gold members. And so a colleague and I, Zane Turner, gave a presentation ⁓ on the big stage in New York on a month or two ago at the MCP Developer Summit. And right before us was Uber.

And so Uber had some engineers that presented the internal governed secure enterprise MCP layer they had built from scratch for Uber services for Uber engineers to use while they did their jobs. And they described all the stuff we just talked about: ⁓ secure token management and keep alive, observability, governance. It was a great talk. I encourage you to look it out, look it up. It's on YouTube.

And how they had gone from kind of a mess to a governed enterprise MCP layer. And they had, I don't know, team of seven working on it. And it took two years and built all this stuff. It sounded really cool. And it was being used largely by engineers and not by productivity staff. And then our presentation was next. And I kind of just wanted our presentation to be is like, okay, we sell that thing in a box. We did we we didn't do that, but you know, there's always like build versus buy trade-offs. And so I think there are people,

Yep.

You know, flashlight is the thing you find after you stub your toe in the dark. So, you know, I think there are a lot of people that go on their journey and we're all, all of us, us too, learning new things and discovering new problems. And then when we solve those problems, we have to decide do we want to build all that ourselves from scratch and code and then own it and maintain it? Or do we find some tools that help us? And in a lot of those areas like identity and hyperscale, you know, core infra, we found that there's some key vendors we trust to do it. I I think AI will be the same thing going forward.

Yeah, pretty interesting. I think the clearer the image is going to be, in which direction we're going, the more established we see solutions that help us for sure. In Europe, we're starting to see some attention to costs, because maybe the engineers' salaries are not as high as in the US. all of sudden, we've

are more sensible for cost in AI. And on the same thing, we heard something like, I'll you look it up, token maxing. Can you explain to what token maxing is and what you really think about it?

Well, like, you know, one of the perks of a of a ⁓ you know, a tech job is you get toys, tools, tools that are toys, and you get access to like APIs and and coding tools and stuff. And so token maxing is just really going to town and using lots and lots of AI to do your job and your coding. And use those coding tools and generate a lot of code and generate a lot of PRs and refactor and ⁓ go, go, go really fast. And you'll see people.

⁓ with like a dozen different terminal windows open in a grid. And when they walk around, they have their thumb in their laptop to keep it open so the Claude will keep going no matter what. Like they put the put in the seat and put the seatbelt on the laptop and then leave it open. It's like little buddy, you know, sitting next to you in the in the in the car when you're driving or on the bus. ⁓ Look, if you can use these tools and work in new ways and get really productive, it's like magic.

And if you're running in circles and generating giant PRs that aren't getting obsect ⁓ accepted and you know you're you're stuck in the review queue and ⁓ it's kind of becomes performative. And some companies have turned on dashboards as who's using the most tokens, and then they quickly find they need to turn that off because everybody wants to be in the top of the dashboard to look good, but then they just doing kind of useless stuff. So token maxing is the performative burning of tokens to it's like looking busy.

And ⁓ I don't think it's the most valuable thing for employees to do. And so I I you know, there's nuance here, but I I'd really encourage people to learn the new ways of working where you can get more AI to work for you, but d don't do it just to burn tokens for both tokens' sake or or man measure your people that will or you will not be happy with the outcome.

Yeah, it's more about measuring the impact. So what do I get for those tokens? Do you have internally something how you measure impact or how do you get a feeling how worth the tokens are spent?

Yeah, yeah. Yeah.

This is like the whole lines of code thing, right? Like companies would measure engineers on lines of code. Well you just get more code, but you just get bad code, you know. You you you and then but we want to look at how many code how much code we can take out, you know, and and ⁓ we have tools internally. ⁓ it's but I give I've given the same advice. I I I was at Google when the Dora people ⁓ came to Google. Google acquired their company. So I've been

Yep.

Exactly.

you know, on the ⁓ around this for a while. ⁓ my advice to CTOs and CIOs and engineering leaders is ⁓ you you have to look at outputs and look at things like Dora metrics and things like rate of change and you know the acceptance rate and things like that and really see if you're moving your product forward. And ⁓ I I think it's happening now is PRs are getting larger and larger number of lines, but then there's more rework and they're not getting accepted.

And so I I would stick to things like door metrics. Don't look at lines of code, look at real outputs. That that is the path forward for ⁓ getting actual productivity out of all the performative AI usage.

Yeah, okay. so basically that what we did before just manually still applies when we get just a lot more code from the machine.

Yeah, well I have product

teams that are moving l quite literally ten times faster than they could have moved two years ago.

Yeah, sure. And because if they know what they want and then it helps really. And if, if that, if the outcome makes sense, then it's totally worth it to use it.

Yeah. Yeah, yeah. And

you've seen this thing, you have to work in a different way, right?

Yeah, sure. That's a whole different way. Back to the cost control thing, you mentioned several times the layer in between the decoupling layer. This would also be a good chance for model orchestration. Do you see something like ⁓ routing the traffic to certain models based on the core topics? Is this something that you're thinking about or have implemented? Or do you believe in the choice of the

people.

I I wanna

I wanna be provocative here. Okay. I think this model routing stuff is a technical need, but the idea that ⁓ at runtime some other system, not the agent, how it was designed, will dynamically choose what model to use. I think it's kind of hooey. I kind of don't buy it. ⁓ you get very different agentic behavior with different models. We were just talking about which, you know, Sonnet four five to four six and some behavioral regressions that we saw.

Okay.

⁓ and then four or five has different versions. So the idea that, like, you know, a central IT team is gonna save money by just choosing four agents what model they're gonna use, I don't really buy it. So I totally believe in selecting models and cost control and different, you know, horses for different race courses. But I'm I kind of don't believe that you're gonna swap out models. And also the model agent interaction is really strong, you know, like even the ⁓ open AI models versus anthropic models have kind of different.

seat feel, the way they work with MCP tools, how tenacious they are working against goals, best ways to prompt them. So I I kinda don't believe that the model selection will be a dynamic cost reduction thing, totally separate from the agent and use case. I kind of don't buy it.

Okay, very interesting. So the decoupling should not be between agent and model. It should be more like the agent should be optimized for the model and ⁓ we should use other factors to save costs.

Think it's just physics right now. So, like, I think people would want that. I just am not convinced. You know, like I'm I'm not convinced. I don't have good evidence for that.

Okay.

That's totally fine. We were talking ⁓ about agents ⁓ now for quite a while and ⁓ there are agents that do specific tasks and there's also something like OpenClaw where agents just run autonomously and where are we in that space? What do you see? Do we have already those agents running, doing stuff on their own or is it just the delegation part?

So what do you see?

I feel

like we all got a one-two punch over the winter holidays last year. Like it was like December. Really it was really the winter holiday where I got time to s I got a chance to spend time with Opus four six, if I remember, four four six, I think. You know, that that big and and codex was and ⁓ open AI was there also. But like we got that big leap where suddenly, like, wow, many hour task, you know, simple prompt to get a goal many hours.

And then it was January, we got open claw. It was like punch number two. Like, okay, just turn it loose and see, you know, pretend it's a person, give it to your computer and let it go. And ⁓ it's like a good movie there were or like a roller coaster. There's a lot like highs and lows in that open claw, you like it can do this, bad news it can do this, good news it can do this, bad news, you know. ⁓ I think there are a lot of people that bought a Mac mini and then realized, wait a minute, I cannot give this thing access to my email. There's all sorts of stuff in there that I don't want it to have. It don't shouldn't delete even, like just

Yes.

So ⁓ we got really inspired by that. I wrote a position paper for our board thinking about digital workers and for the workado board. And then we put together an engineering team in my world here in the AI lab ⁓ here in San Francisco. It's kind of cool space on a on a little bit of a foggy, foggy Friday. And ⁓ put together a team to build a digital worker. We had the idea that we could combine the cognition of the best models.

Yeah.

With the enterprise MCP control and execution plane, so we could like run it safe. Like it could actually do things for your business safely. So we spent a month or two on that and released internally, we we built this thing called Otto, a prototype of a digital superagent. And Otto ⁓ has its own computer, Otto lives in Slack, it's multiplayer by default. It's goal-driven. You give it a goal, and Otto goes off and does it. So it can work with your corporate data, it can work with other people, and and it runs 24-7.

Our employees starting in March went to town on that and we had a thousand users of it, which is basically every employee of the company in the first week. So we said, wow, we've we've we've got a hit here. So we have been productizing Otto and we released it a couple of weeks ago to the world and have been working with some of our largest customers on Otto, and they are having a great time. We're we're in s we'll be in Slack and Teams for in Slack right now. Teams is, I don't know, a couple of weeks. And customers are rolling out Otto to, you know.

like augment their workforce. And it's easy to think it's kind of chat because you talk to it in English, but it's in Slack and people almost immediately discover it's like a person they can just delegate work to. And so you can do things like Otto ⁓ we had our users trained to use Claude with Enterprise MCP to say, you know, tell me Atlasine is a customer. Tell me about our customer Atlassian. It's public that they're required. And it would like go and find out all the stuff they're doing and

And give me a brief. But I could say, Otto, I'm interested in this. I had this conversation with the CTO of Atlassian. I'm interested in this. Keep tab, you know, find out what's going on, keep tabs on it, and keep me updated. And so Otto takes my notes from the gone call, research from the account, asks questions from Otto-to-Otto communication of the with the account team that's working at Atlassian, bring back the feedback to me.

And then scheduled a weekly deep dive that checks in on things that are happening and checks in with the account team and brings me an update. So now every Monday morning at 8 a.m., I have an update, a quick little update waiting for me. Hey, I've been keeping tabs in Atlasia, and here's what's going on. So it's like we had this other teammate. This teammate has access to the our corporate systems and Snowflake. This teammate proactively reaches out to the account team and has questions and it preps a brief for me and it never sleeps. And I love it.

Yeah.

And it's long running, right? You said something, just keep me informed means there's something running.

Yeah. Long running has it.

Yeah, that's exactly right. And there's some little nuances of how I think it's really cool. So one thing that like a lot of our customer success managers are doing and and our at our customers also is monitor the customer usage of our product and let me know if anything important changes. Like it goes up or it goes down or they can't log in or whatever. And it like it's just always there every day checking here's what's new. And then it's it it's pulling the data every day and it's staying silent.

And then it tells you, it decides that something important happened. Like, wow, they started building a whole bunch of new work Otto recipes, or that pilot project you've been talking about, they finally started that pilot project. So our most innovative users of this Otto super agent have been line employees across the company, not engineers. ⁓ one little nuance, Felix, I'm really proud of is ⁓ a lot of these agents, because either they run on your ⁓ your laptop or a Mac mini, like Codex runs on your laptop.

⁓ and it has a little bit of cloud features now, but you know, like it primarily is a like a desktop product. And ⁓ OpenClaw, you know, you use it over WhatsApp or whatever, but it runs in a Mac mini or a VM or something. But ⁓ if you want those to react instantly to data, you have to pull fast. Like like we have Workato which has event-based triggers. Like we can trigger a recipe. So Workato already has this giant cloud runtime that knows how to trigger on giant.

Thousands of different operations across different apps, a new lead comes in, an opti changes status. We already know how to do that inside Workato, and we have that. And so we can wake up the Otto and tell it it's got work to send it a message and tell it it has work to do. So the between that and how we do the enterprise MCP for security, the you know, the Otto, the agent never has access, access to any tokens or directly work with systems. All the action, all the control and execution happen through Workato. So there's no

There's no like credentials to steal because the work happens inside workado. So we think that's a much safer architecture also.

Yep.

Yeah, great. And so it's server-side push instead of long time pulling things.

Yeah, yeah, we're through because

Workato is an event driven architecture with trigger you know, computed triggers and hundreds of different apps. It's pretty cool stuff.

Yeah.

Fantastic. But I have to rewind a couple of sentences. You mentioned OpenClaw runs in Mac mini and you won't give him access to your emails. And on the same page you said, Otto is basically accessing everything. And what I see is the agentics thing is really cool, but lots of enterprises are just... ⁓

Yeah, yeah, yeah, yeah, yeah.

giving no access to the agents at all and they wonder how it's not good working. So what is the right balance and what are you guys doing different than the open Claw giving access to emails?

Yeah. Yeah. Yeah. Yeah. No. Yeah. Yeah.

This is really important. So we really believe agents need access to corporate data and be able to take action on behalf of users. Like absolutely, that's the future has to be there. And it's utterly not safe today. And the only way to make it safe is to keep the decision if an agent has permission to do something or not.

Completely out of the agent. It has to live somewhere else. So we put that in the Workato layer that makes Otto go. So we have a decision engine that makes real-time calls of whether an MCP tool call is allowed or not. It's not just an entitlement question of does this agent have access? It uses LM, a separate LM as a judge, like, this it's reasonable to send one email on behalf of Adam. It's not reasonable to send a thousand emails on behalf of Adam.

It's not reasonable to send an email 3 a.m. on behalf of Adam. It's not reasonable to send an email on behalf of Adam that has an attachment that looks like data that's being exfiltrated. That logic for that doesn't live in the Otto agent. It lives completely outside of it. So this layer that's got that separate layer that provides those guarantees and provides that ⁓ governance and judgment over what operations or safe operations. We have that in work Otto enterprise MCB, and that's why we were able to make Otto, but we can bring that to any agent.

So any agent, any client, we can bring this real-time decisioning engine inside work Otto. So ⁓ it's it's isolation, it's like a separation of concerns, architectural principles, Felix, but that's how we did it. And so our employees can safely and our customers can safely use Otto to work with corporate data, per user, you know, verified actions, email, reads, writes, you know, ⁓ we'll do a push approval notice on your phone if it's a higher risk operation.

So this human in the loop when we need it and all that is outside of Otto's purview because again, Otto is an agent, so it can do work, but you can't trust it to make those critical decisions.

Fantastic. And you said ⁓ sending in your behalf and does it mean that Otto sends with the same rights to your emails or is there some least privileged thing that you said, I only want you to. Yeah.

Yeah, ⁓ yeah, let me just I'll describe exactly how it works. So Otto

has some base level of access to corporate data, like an independent employee. And then if if I say Otto, send an ⁓ email to the CTO at Atlassian thanking them for our last meeting and put a summary of our call in and ⁓ remind them that I'm looking forward to you know having them at the AI lab in San Francisco. Okay, so

Otto has enterprise MCP access to my email, has access to my, we use ⁓ Google Suite, Google Workplace, I forget what they call it. So it's Gmail. So it has access, it has OAuth credentials to that, but Otto doesn't have those credentials. It has tool access to an enterprise MCP server. So Otto's like, great, I'll draft the email and send the couple calls because Gmail's APIs are weird. It uses the Enterprise MCP server. But Otto doesn't actually have the token itself. The Enterprise MCP layer does.

So to send that mail is a higher risk operation. It's an external email, it's going to a customer, it's got some business information into it. So Otto asks the enterprise MCP layer if it can send this, and the enterprise MCP layer decides if it's safe. And the enterprise MCP layer in this case will say, you know, that's external email, that's customer information there. I need Adam's ⁓ actual human approval, and it'll pop the draft for me to approve, and I get a button to approve it on my phone, just like an octopush.

So low risk operations, the Workato Enterprise MCP layer will decide, like read a couple of emails, and high risk operations it will ⁓ surface to me.

That's very interesting because lots of companies that I see, have like agent IDs or something that they have like different or assume role situations where they give the agent less ⁓ credentials to run that operation. And what I understand ⁓ you were saying is basically the token from Gmail is the same token as you would use, but you have something around that. ⁓

Yeah. Yeah.

holds the agent in control. Is that right?

Otto has

Otto has its own identity. So, like that, it has an agentic identity, and that identity has very limited privileges. Like can't read my email. But it can look at our confluence and research the web and things like that. And that's companies do that for safety. And uniquely, what Otto can do is a permission escalation flow where it asks to use an enterprise MCP server with my Gmail to do some operation. And then Workato decides what is allowed or the human, you know, it then escalates the human.

We call that permission escalation and a contextual permission escalation. I think we're the only people that have it right now, like in an enterprise MCP layer. So it's it's pretty exciting. ⁓ you you know, the you have to constrain agents to minimize blast radius, so that's least privilege, but then they can't do a lot of useful work. And so you need a way to escalate their privilege and you need to do it safely. And that escalation can't be decision of open clock. It has to be decision external to it. So we think putting that

Yeah.

Permission escalation in the enterprise MCP layer is a really powerful way to do it. And we kind of saw that in an identity too, right? Like ⁓ an IDP knows when you come in with a password or whatever to a third-party app that yes, you're authorized to use it, but it's still, as policy, is like, no, we need an actual push notification for you in your Okta app to say this is really you. Like it's an external out-of-band thing to really confirm. It's an escalation process, a human escalation process. So

That's fantastic.

it's it's a familiar pattern that we've seen before in other areas and it's working really well for us.

Yeah, that sounds amazing. Really interesting. ⁓ Explain me the future. When I have like thousands of Ottos is it just me with an army of agents or is it a team still with an agent? How will we work in the future? How did your work change?

Yeah. Yeah. Yeah.

Well, I use different agents and tools and Claude and Codex. I love all of them and I kinda use them for different stuff. I use increasingly a lot of Otto. ⁓ it I think probably for all of us feels a little overwhelming. Like I like having a set of tools, but when it's like Ali and Bobby and Charlie and Debbie and Edna and like they're all like different tools for different things, you know, like Slack bots, whatever it starts getting a little confusing. So it does feel like fewer entry points would be really valuable. I could come in and some of these

A to A protocols may help with this, but I I I I kind of think maybe there are different work modalities people like. I I like the terminal. I use Cloud Code and Codex a lot there. Like it just works for me. But for other tasks I might use ChatGPT or Copilot or or Otto in many cases. But probably like fewer of those surfaces companies will pick on, will will pick up. ⁓ and then and then they'll they'll work together. ⁓

The thousand Otto thing really was what we experienced. It was amazing. Like we suddenly had all these helpers. we and somebody invented Otto to Otto is like the name of that communication. And it's been delightful, Felix, like to just kind of delegate work and know it's gonna take off go off and taken care of. You know, we kind of one of the there's a story that was really interesting. I was sitting with our CEO and a colleague at lunch. The CEO's Otto had sent me some this is in March when we first released Otto. CEO's Otto had sent me some slide deck, and I don't know, I thought some numbers weren't right.

I told my Otto to update the numbers. My o my Otto researched, update numbers, told VJ my boss, our CEO's Otto, updated the deck. And then this colleague, Alex at the table, said, yeah, yeah, I got I got the updated deck too. And I was Why did you get the deck? You weren't in our cot. It was, well, VJ shared with me, so Otto made sure I knew there was a new deck. We were like, that's cool. That's really handy. So now I can say, Otto, like, you know, keep tabs with this team and

That's cool.

You know, talk to all the East Coast sales reps, see if they have any feedback on this thing, pull all their feedback together, revise the deck and then show me when it's done. And it'll like take care of it. So, you know, when you get a when you get product market fit and usability fit and it feels really natural, things just kind of take off. I think like Claude Code in the console was like that. Like, I can just it's like just like a Unix thing and I just tell it to go and it just does it. It felt it felt pretty familiar. And I think Otto with Slack and multiplayer, yeah, our experience has been good. There'll there'll be many other products like that out in the world, but

It's been it's been really, really delightful.

⁓ do you see it more like a real personified thing? So you give Otto the name Bob, for example, and Bob lives in your team and it gets an onboarding how the team works. Or is it more like there are some things working there and I just delegate work. So what, what is your feeling? Sure.

Yeah.

Um, it's a new world. I'm gonna tell you two funny stories, okay?

one Otto lives in channels and group DMs also, and because it has a unique session, it's like a different Otto. So somebody, we have a virtual sales bell. It's like our like our wind wire when we win things with customers, the announcement, and everybody kind of congratulates. And somebody added Otto to it. And Otto was like so cheerful, it was like, Great job. Y'all did an awesome job. That's a great deal. Like, really, you put a lot of work into that. And it was like a little too much.

you

And we had like coach Otto to tone it down a little. So that was fun. And then the other thing is you can personalize Otto to work the way you want. It's got a memory, the memory learns as you work with it, but you can also just tell it, like add this to the way you work, and it memorizes that. I think ⁓ OpenClaw a soul file. There's like, you know, there's different approaches to this. ⁓ so one of the designers in my org decided, the UX designers org decided he wanted to talk in Shakespearean. And then it did such a good job he couldn't understand it. And he was like,

Yeah.

Di dial it down, my lady, you know, like in it dialed it down. It was like I don't know, twenty percent Shakespearean. So yeah, people are gonna personalize this stuff in fun ways, I'm pretty sure.

Yeah, sure. coming back to the thing that we had in the beginning where you said we need to know the basics, we need to steer everything. If I imagine a world now, former team was like seven people, now it's just me with 50 agents and it's...

Is this something that you see or is it more like, because when you are with a team, there's some team motion there. There's team spirit where we have ideas, we become in new things. Do you see this more like the future? Like I'm a single person, a single employee working only with agents or do we have still team constellations where we have just few capabilities more that we can delegate the stuff that we don't really shouldn't be doing in the first place.

Yeah.

I like crave human collaboration. You know, when we built this AI lab, we built a physical building we could really bring people together in. And we have community events here. We had one last night. We had like ⁓ it must have been a hundred people last night. So we we we have three to five events a week here, you know, with our community and partners and customer and our developer community. ⁓ I really like that. I get a lot of value out of I think the best ideas come out of that. So I know there's like the

one person in a bat cave with all the screens coating away, running the the the giant business. I don't know. I think ⁓ I think the world is gonna continue to have humans working together to solve problems and come up with ideas and agents will help them, but I think humans working together can can create some some really create some real magic.

Yeah, so I think that's a good thing and I love it always work with people and get good ideas and have supporting tools to help you. Moving on with MCP, you mentioned a couple of times you're the MCP company and you're betting really hard on MCP. You wrote an article in MIT's loan management review around October last year.

And you said something like, MCP is the Windows XP of AI. Amazing product, tons of use, but riddled with vulnerabilities. Can you share some insights how you came up with that analogy?

Yeah. Yeah. Yeah.

I I ⁓ this has been the real journey we've seen from like the first rollout of MCP with like open source custom MCP servers running on people's desktops to where we are now in a world of like governed enterprise MCP. So yeah, the the remember we started like ⁓ developers would install an MCP server and it would wrap APIs and they would log in locally and then this key with access, this token with access to different corporate or

Systems just live on their desktop, you know, like in a directory, not in a secure vault, like readable. Like you really powerful and exciting, but really wide open. Like there's just a lot of like high level trust there that that key doesn't leak and the developers who they say they are, and the file doesn't get read by some other agent on the machine. Like just a lot of a lot of risk there. And then no understanding from the company of like, well, what's hitting these APIs, right? Because just API consumption.

So a pretty wild, wild West. And what we've really moved to is fully managed cloud-based remote MCP servers. vendors are now starting to offer MCP servers direct. Salesforce offers an MCP server now. They didn't, I think, if I Salesforce Headless, but I think six months ago, if I remember, they didn't even have a managed MCP server. They offered an open source ⁓ you know, thing. So the world has moved a lot. I I hope we made some small impact writing that piece to like help, you know, ⁓ push people to to move things along.

⁓ but the thing that's really important is think about this intentionally. How do you expose MCP servers and tools that safely and securely enable agents to do their jobs? You know, all those things have to be correct. They, you know, they have to be remote, they have to make sense, you know, be token efficient for the use case, they have to be scoped appropriately for the user and the work to be done, they have to be monitored and governed, and increasingly they have to be.

I think design for the agentic use case, even where the MCP tools, the actual tool calls need to make sense for the use case. ⁓ Salesforce, I used to run the Salesforce platform. There's like thousands of different API act ac endpoints you could you could call, right? It's too big. You don't want to dump all that into a ⁓ a client. You would want to sales process or opportunity lifecycle or lead management MCP servers, you know, MCP servers for the job to be done. So I think that's very clearly the direction the world's moving.

Okay, you say there's also a chance that I can have specialized MCPs for my use case. I see some.

Yeah, so work Workato,

you know, wraps thousands of apps and we can just wrap APIs, but Workato can compose an MCP server just with clicks for the job to be done. So w this is really what's great about Workato. With it through our our our our recipe technology, you can build enterprise skills. Enterprise skills just become tools. So if you want a straight so an example, we have two MCP servers internally around sales. One is a Salesforce MCP server, which provides access to a number of Salesforce APIs and calls and

Could a broad range of activities, SASL, SOCL, like you could do lot. And they have another one that's a sales process MCP server. And the sales process MCP server is about updating and advancing opties, opportunities. And it does things like everybody's got like a sell system for like how they configure. Felix, I don't know if you're CRM guru. I'm I I've I've learned a little bit over the years. But everybody's got a different system of how they want to like track customer information opportunities. And you know, it's like,

you know, like their language, their policies, their tagging, the their rules. And so our sales process MCP server has three or four calls. And one of them is advanced and opportunity stage. And it requires that it complies with our selling system. It's tagged appropriately. There's a business value assessment has been done. So we're really comfortable that the customer can articulate the business value they'll get of using Workato. If they can't articulate the business value and we can't write, don't write that down. The sales rep can't move the opportunity for it, cannot move.

The tool, the tool call just won't allow it. And ⁓ the third thing that we do, they have to attach a recording where the customer says, yes, we're actually interested in per pursuing this project because we don't want to waste anybody's time. So one, you know, one MCP server, a handful, three or four ⁓ tool calls around sales process for opportunities, way simpler for the agent to understand than giving it a whole Salesforce MCP server. ⁓ and by the way, it would need the selling system as reference context, the document.

To ground it and it would need the gong thing for the calls. So it would actually like you'd you'd be asking the agent to like use two or three MCP servers plus always load a certain set of context to make sure it gets the grounding right. So or a skill. So it really takes complexity out of the the work for the agent to do if you can offer MCP servers that make sense for the job to be done.

Yeah.

And ⁓ did I hear it correctly that you also have the workflow or the checkboxes ⁓ implemented in the MCP or is this something that lives outside of the MCP?

It lives in Workato, so that's like where the

Workato business process layer, or we call the recipes, will run through the business process. We make it really easy for the business to like describe how they want employee onboarding to work or ticket resolution to work or customer refund processing to work or order to cash to work, those processes, ⁓ pen paying vendors, all those different business processes that kinda run through a company. Many companies choose us as a place for those things to live. And then those can just be exposed as tool calls. So start a

refund process and the refund that's customer wants a refund. Start the refund process. Okay, that's fine. But it doesn't just go start the refund process and then pay them. It starts the refund process. Goes to this process that includes like a research and approval stage and validation that they're actually a customer, all all of that stuff.

Very interesting. Sometimes there's a debate when to use an MCP server and when not, and when do I use an API, when do I use a service or when do I use a skill or a CLI. What's your rule for builders that are struggling with MCP right now to, I mean, a couple of years ago or last year it was the hottest thing, but now people say, ah,

and not really, and what is your rule of thumb when to use an MCP server locally or in the server? And when do you use other things?

Yeah. I

yeah. I think you gotta be a little careful in the Twitter sphere of all this because there's like a lot of nuance that's lost. It's not maybe the best place to to do real architecture work, ⁓ engineering work. ⁓ MCP servers are not going away. They're hotter than ever. The adoption of Enterprise MCP from Workato is just off the hook. The AAIF, the Linux Foundation group that we're a member of, is growing faster than cloud net of native ever grown. There are hundreds of companies in it.

It's it's so you know, this is like Kubernetes, but growing even faster Kubernetes that we've seen what's happened with with you know K8s and ⁓ you know the energy around that entire ecosystem. ⁓ the CLI thing is like a great example, like it's like it's like apples to oranges. You know, if your agent ha is gonna use a CLI, that means it has access

Mm-hmm.

To bash to call the CLI. Well, think about the security blast radius of giving an agent bash. Like it can do anything. It is a full computer. It also generally means that the agent has a high level of permissions. You know, the CLI is running on the machine. The CLI has a token in it that has a high level of permissions. So you're not only you're also talking about putting a token, you know, like a ⁓ a ⁓ a token out all the way to the edge.

Yep.

Where the agent is running and that has a high risk. So I just don't think people are having a real conversation about this. For an agent running on somebody's machine, like a developer, it makes perfect sense for her to use lots of CLIs, maybe MCPs also. But I think for a lot of enterprise scenarios of core work happening on behalf of users, it doesn't make a ton of sense. The answer is if you tell us CISO, good news.

So MCP Proof.

If we just let like an open cloud like thing have bash and every employee's laptop will be able to do more things with CLIs, you they are gonna throw you out of the building.

I mean, this is also an interesting discussion with the CISOs if we have like coding agents on the client, we see other white collar workers installing Copilot, GitHub Copilot and things like this. And they develop their own agent that run on a client. And how do we secure that? Do you see that? ⁓

Yeah,

it's wild, dude. Codex and co co-work and these class of products are amazing. The ones that like install on your laptop, they're amazing. And I I've actually gone deep on this. And they do absolutely amazing things. The hardnesses are amazing, the the models are amazing, the capabilities. But as a as a CISO, you have two decisions to make immediately before you turn that product on. And number one is ⁓ do you give it access to drive a web browser? Because when that web browser goes, the user's off, which means that tool now has

Whatever access the user had. So, like a line employee might be not be a big deal. What if it's your CEO and Codex has access to a web browser? And what's interesting, and I think this is on Codex, but not Co-Work. Maybe one of your listeners will correct me, or maybe it's changed this week. I don't know. ⁓ if I remember right, Claude Co-Work has a browser plugin that lets it operate the browser.

Codex uses on Apple, uses OAS, the Apple Script stuff. So it actually even has a higher risk surface of making modifications to your screen. And so as an admin, you have to decide you enable the, I think it's called OAS, I apologize, but the Apple script basically technology. Full machine automation. So you have to decide if you enable that, you turn off. And if you turn those things on, you have a giant security risk. weird risks of high risk operations by an agent on behalf of a user without good observability or governance over it.

And if you turn stuff off, the products are super limited on what they can do. You're kind of back to a chat product. So, you know, what really, really d you know, big hard choices for CISOs right

Hmm.

So what do you do? Is it like every of these tools in a sandbox or just not allowing them? What is your advice?

we thought really hard. We did turn browser automation on, but we you know, our mental model right now is that ⁓ the we see our users we don't see these products like Otto. We see users on their desktop doing stuff, but they're largely watching it. In fact, even if you switch focus and stuff, they kind of don't work. So they're still kind of human in the loop in terms of they don't run twenty-four seven unattended, largely the there's some

modulo that, but they largely don't work that way. Where Otto does want run 24/7 headless. And that's one reason why Otto by Workato, like, you know, we could do these different things. We've got it set up differently. I think if if the cowork and copilot products were really driving an employee's Mac or Windows machine and using their browser with their credentials and running all night and responding to emails and things like OpenClaw, I don't think we would approve that. And I wouldn't encourage customers to improve that.

Okay, so maybe the OS vendor needs to ⁓ fill the gap there and have a different security layer there.

I we just think that the desktop is the right place for some agentic workloads, but not the right. We we put it into Otto in the cloud and it lives in Slack, but we have very we feel more confident that we've got a strong layer that provides some enterprise, you know, trust guarantees around it. So that's why we feel more confident able to do that. But obviously it's a fast moving space. The thing that the cowork and the codex people are doing are allow you to start something on your machine and move it to one of their cloud VMs.

Cloud containers, they have the different flavors of this. And then I think that just raises a really interesting question. Like, okay, it's it's running for your CEO on her laptop, and she presses some button and it moves to the codex or co-ork cloud, whatever that is. What did it move? You know, a login browser session to the corporate email, you know, the keys to the core AWS and first, like what is in what entitlements, what keys move in tokens?

move to that. That's not very well explained right now. It's not governed right now. I I think a lot of companies would be really anxious about that. What what security in the multi-tenant environment are there? Where is it located? Like there's all these questions. Like, you know, you these companies, you know, c ⁓ the hyperscales like AWS and and Azure and Google had to do a whole lot of work to earn trust to run customers' core information in the cloud. And now they're like, well just press this button in your codex and move this state of your laptop into a into a VM somewhere. That feels a little

The upload my brain, you know, is a little risky. Yeah, yeah. In my opinion. My opinion.

Yeah, yeah,

yeah. Fantastic. it's, for me, it follows the same pattern. We just release something that people can play with it. And then afterwards we think about security and ⁓ reimplement. Same with the MCP stuff. First draft hadn't had security in until, I don't know which version.

But they started off and say, this is cool thing. You can access AI with it, but left out security. So probably this is something later on that needs to be re-implemented and needs to be made enterprise ready.

Yes,

yes, yes.

Yeah. And, on, on that side, as you mentioned a couple of times Attlassian and Salesforce they bring their own agents and they bring their own MCPs. And sometimes they call it agent societies. And is this something where societies need to talk together or what are you seeing? I see you smiling. I bet you.

Yeah, yeah. Yeah.

Well, there's all these protocols around this, right? Like ⁓ MCP, you know, like an agent could sit behind MCP. So like Otto already does agent to agent. We we did some work with Box, I we work do work with Rovo, Atlassian's agents. That's already like Otto, Otto to other agent. That's that's agent to agent. And ⁓ A to A looks pretty exciting. There's a protocol there, some cool work. I can't even keep tabs on all of it. ⁓

I don't know, I don't know. What do you think? I feel like I just want the work to get done and then feel confident in the work. And if it enlists other resources to help with the work, I'm very okay with that. If it goes off and gets lost and I don't know where my data goes, I don't know what's happening and I don't get good results, I'm really unhappy with that. So I think we have to stay anchored on like things working for users.

Yeah, for me, it's ⁓ still the same thing. Like we did all the automations with chat that ⁓ when you have one chatbot that's really useful, you like that. But if you have like a ton of chatbots that's ping and ring from all sides, it's kind of distracting. And if you just lose your work somewhere and then you get pinged from somewhere else, and I'm not so really sure.

Yeah, yeah.

We've liked

like Slack is nice, like it's not the only thing, but like one of the reasons we put Otto in Slack is because like we see employees spending a lot of time there and see it as a good central place. And so it made the agent feel more like a coworker that they know how to work with instead of making them learn something different. Like Codex does amazing things in my machine, but like I gotta go in, it beeps and bloops, there's different things happening. Like it's the only thing cognitive load for me to think of, versus we we put Otto by workado and we brought it in Slack, it brings it closer to the user we felt in the way they already.

And how do you deal with saving intent is when you are in Slack, for example, we discuss in Slack and say, Hey, this is a good idea. Let's call this customer or let's send out this email. And ⁓ if I not intentionally tell my bot or my agent to persist it somewhere, it's just flowing information through the chat and it's gone.

⁓

It's the same like with JIRA tickets and things like this,

Yeah, yeah, like 'cause like 'cause Slack is yeah. Yeah.

in format or in times, I don't know, two or three weeks ago or something, we made JIRA tickets and we planned our work and then we start working. But if we are in a chat world, which is just continuously scrolling and there's no, do you think it is this,

Yeah. Yeah, yeah.

Yeah, yeah.

Otto, Otto has a multiplayer

memory, and Otto is what we found is Otto is the person that does the work. So when we say somebody ought to go out and do something, I what we found our users saying, Otto, go keep get this done. And Otto goes and gets it done. Otto doesn't forget, like I forget. So like we've learned a usage model that's pretty exciting. Otto, Otto remembers key things.

And so if there's a change in a JIR ticket or something that we want to notify some customers about, Otto will go out and do the work and notify those customer success managers that there was this change. And Otto will track it and Otto will keep us posted on their progress. So I think, you know, I we're learning. Felix, I don't I don't have all the answers, but a thing we discovered was Otto had this really nice behavioral stuff of ⁓ adding like more, like becoming like a digital teammate that was very reliable.

Yeah.

But this means on the same hand that we don't need something like Jira or Salesforce anymore because it's all in others memory. We don't need to document things.

⁓ I don't know. ⁓ I don't know the answer to that. I think it's gonna be entertaining. I I don't think I'd make Otto my system of record for everything, but it is definitely a nice addition to have like a really reliable teammate.

Yeah.

Yeah, very good. ⁓ You spent some decades and working in different companies that shaped the future of software development and you obviously spend a lot of time in developing experience and building developer experience platform. With all these new AI technologies, development has changed. Do we still need to develop experience platform and what's their job and how would they change in the future if we still need them?

Seems like stuff has changed a lot, right? It like for developers, it's changed like more in the last two years, it's been, I don't know, maybe the last 10 years or more, right? So pretty massive changes. ⁓ you know, it's funny, even even with all this change, it's easy to get things wrong. You know, like there were a lot of things that felt really natural inside VS Code or IDE that now people kind of don't really want to do in an IDE. It's like not the best way to look at it. It's optimized more for file changes and diffs when we're like working in flows more.

Yep.

Exactly.

All the change is exciting, ⁓ which is really fun. ⁓ I love all the excitement in developer tools. I think we need developer experience thoughtfulness more than ever. There's more money in developer tools than there has been in a decade, which is pretty exciting. So I it's a pretty exciting time for me right now, I feel like.

And do you have any ideas how we will change how it would would change? Do we need still see CI/CD pipelines and things like this? Or is this something a relic from the past?

⁓ well that feels like a whole other podcast for sure. But I mean I think and I you probably would know a really a lot about this with your depth. ⁓ it it seems like things are changing fast. You know, flows, more ephemeral work. It's sometimes easier to just go ahead and prototype something and then tear down, you know, and analyze what you learned from building the prototype than than writing and then write the design doc, you know. So ⁓ I don't think some of the tools we use were designed for that kind of velocity.

I think some like that when we opened with that communication tool I w am building this solve for this problem of fast decision making at the frontier is hard to communicate to all the team and the downstream effects. So

Yeah, fantastic. Adam, thank you so much for spending so much time with me. Before we close the podcast, I have asked you a question from my former guest in the beginning. Now I want you to give me a question that I can take over to my next podcast guest. Do you have something for me?

my gosh. my gosh.

Well, I have this interview question I do a lot, which is ⁓ something like ⁓ you get an invoice via email at your company, how do you pay it? Okay. And inexperienced candidates often start with things like I'm gonna do NER to extract the numbers from the PDF and the account number. And when you get into it, you realize the hard part of the age is probably not actually dealing with the PDF. It's all the business processes and

security re open ended security risks and vulnerabilities, it's like a rabbit hole. So here's my here's my question for your next guest. How far away are you do you feel we are from a agent for you that'll pay your bills for you? With like access to your bank account, okay?

That's fantastic.

I'm interested in maybe you join in the next podcast and hear the answer as well. Yeah, that's really cool question. ⁓ Thank you so much again. can people find you online?

I can't wait.

I'm easy. I'm on Twitter. I'm Adam S E. I'm on LinkedIn. ⁓ I I don't always love the like political stuff on Twitter, so I'm really spending more time on LinkedIn. I try to make videos to share things I'm thinking about. I love connecting with people. And and in the real world, I'm in San Francisco at our AI lab. And if you're here, I hope you'll come to one of our events and there's a Luma calendar of our, you know, five events a week and bringing in our community and AI researchers here around Workato has been really a

That sounds great. Should we add some links? I bet we should add the YouTube that you mentioned or some of your, you have like an engineering plug or something that we should

Absolutely.

That sounds great. Let's post some stuff.

All right. Thank you so much for joining the podcast. was a pleasure speaking to you, Adam.

Thank you so much for

the opportunity. Yeah, really fun.

And to all the others, thank you for listening again. I hope you as much as I did. It was really great what we learned See you in next episode. Thank you very much. Bye!