本集简介
双语字幕
仅展示文本字幕,不包含中文音频;想边听边看,请使用 Bayt 播客 App。
2025年,我们首次看到了真正AI代理的雏形。
In 2025, we saw the first glimpses of true AI agents.
2026年,每家公司都将急于将它们投入生产,届时他们将需要Keycard这样的公司来管理代理舰队。
In 2026, every company will be rushing to get them into production, and they'll need companies like Keycard to manage fleets of agents.
在这次对话中,十六Z合作伙伴Joel De La Garza与Keycard联合创始人兼首席执行官Ian Livingston探讨了从协作者到代理的演进、工具调用的安全现实、为何企业会先于消费者采用,以及如何控制你的代理。
In this conversation, a sixteen z partner, Joel De La Garza, sits down with Keycard cofounder and CEO, Ian Livingston, to discuss the continuum from copilots to agents, the security realities of tool calling, why enterprises will adopt before consumers, and how to control your agents.
让我们开始吧。
Let's get into it.
看来我们正站在所谓‘代理之年’2026年的开端。
So it's shaping up to be that that that we're at the beginning of what sounds like the start of the year of the agents 2026.
是的。
Yeah.
我们接触的每家公司都明确希望将某种代理投入生产,而不仅仅停留在实验室阶段,而是要让它们走向客户,开始实际使用。
It seems like every company we talk to is definitely looking to get some sort of an agent into production, not just in the lab, to get them out into customers' hands and to start having them use it.
因此,我想分享一个故事。
And so I'd I'd like to share a story.
我想我们可以就此开始。
I guess we could kick this off.
非常感谢你,Ian,来我们的播客与我们讨论这个话题。
And and thank you so much to you, Ian, for joining us on our podcast to discuss this.
我其实有幸听到了我所知道的首个关于AI代理的安全事件。
I was actually privy to hearing about probably the first security incident I've ever heard about with an agent.
作为一名安全人员,我们经常强调人们必须明确说明你解决的是什么问题。
And as a security person, we constantly harp on people to be very explicit on what is the problem you solve.
安全领域的问题通常表现为安全事件。
And the problems in security are often manifested in security events.
因此,我们正在与一家公司交流,或者听说了一家公司——一家拥有SaaS服务的大型公司,他们部署了一个代理。
And so we were talking to a company or heard about a company, a relatively large company that has a SaaS service that implemented an agent.
他们希望给用户提供一个提示,以便查询系统中的数据。
They wanted to give a prompt to their users to query data that was in the system.
这是一个非常常见的用例,你可能已经见过好几个类似的案例
Very common use case, you've probably seen several of them roll
出去
out
最近。
recently.
这个代理本质上会为你公司返回数据。
And this agent would essentially return data for your firm.
所以你可以问:嘿,我想了解我们业务的这个特定部分。
So you could say, hey, I'd like to know about this specific part of our business.
你能告诉我们更多吗?
Could you tell us more about it?
它会给你一个提供你所需数据的答案。
And it would give you an answer that would provide you with your data.
非常有用,非常有帮助。
So super useful, super helpful.
但问题是,你可以询问其他公司的数据,它会很有趣地回答:不行。
Now the problem was, you could ask for other firms' data and it would very interestingly say no.
比如,我不能给你通用电气的数据。
I can't give you data for General Electric, for example.
但如果你只是说,‘给我我的数据’,它就会返回来自其他公司的数据,而这些数据是由一系列不同的角色提供的。
But if you just said, hey, give me my data, it would return on a revolving cast of characters data from other companies.
当我一听到这个事件时,我立刻想到了你,因为我想,天哪,这里存在身份验证和授权问题,这就是身份和代理面临的难题。
And immediately when I heard about this incident, you came into my mind because I thought, my god, there is an auth n, auth z problem, and that is the problem with identity and agents.
欢迎。
So welcome.
非常感谢你的加入。
Thank you so much for joining.
非常感谢你邀请我,乔尔。
Thank you so much for having me, Joel.
没有什么比你们公司更及时的了。
And nothing could be more timely than your company.
确实再及时不过了。
Nothing could be more timely.
是的。
Yeah.
这太不可思议了。
It's incredible.
你知道,我们花了很多时间与公司交流,帮助它们尝试采用代理或为代理构建工具。
You know, we spend a lot of time talking to companies trying to adopt agents or trying to build tools for agents.
但归根结底,你基本上会遇到两类安全问题。
And invariably, you basically have two categories of security problem.
对吧?
Right?
你有这种提示注入和工具调用的动态问题,没错。
You have this sort of prompt injection tool calling dynamics Yep.
因为你面临这种不确定的循环。
Of the fact that you have this indeterministic loop.
然后你还得考虑:我该如何理解这个代理实际上应该被允许访问哪些内容?
And then you have, how do I understand what this thing, this agent should actually be able to access?
然后,从开发工具的人的角度来看,我该如何在确定性的基础上理解代理实际上应该拥有哪些访问权限?
And then downstream, you know, from the person who's built the tool, how do I understand, like, what the agent should actually have access to on a deterministic basis?
这几乎从计算诞生之初就一直存在的一个根本性问题,即在复杂的用户A使用代理B访问工具C的关系中,如何进行上下文理解。
And this is like a fundamental problem that's almost always existed from the beginning and dawn of like computing, which is the contextual understanding of in complex relationships of user A is using agent B accessing tool C.
在什么上下文中,该代理才应该被允许访问这些内容?
Under what context should that agent have access to things?
这是该问题的最后一个例子。
And this is the final example of that problem.
我们在各个领域都会听到这个问题。
And we hear about this across the board.
无论是电子商务、企业工作流程,还是人们构建代理时,都会问:我该如何构建一个具有确定性防护机制的东西,为这个代理的访问范围和行为设置明确的边界?
Whether it's commerce, whether it's enterprise workflows, whether it's people building agents is how do I build something that has some deterministic guardrails, some level of guardrail that puts a box around this thing has access to and what it can do.
因此,从根本上说,有许多问题需要解决,它们属于非确定性或概率性范畴,涉及模型本身、模型可访问的数据,以及如何消除某些误导性提示。
And so fundamentally, there's a lot of things you can you have problems you have to solve that are of the nondeterministic or probabilistic category around the actual model itself and the data that model has access to and how you remove certain interpret prompts.
但另一方面,问题在于:我该如何编写访问策略,并向资源的所有者提供明确的保障?
But on the flip side, it's how do I write access policy and how do I deliver guarantees to someone that owns a resource.
所以,以我有一个数据库为例,我想让代理可以使用它。
So in the case of, I have a database, I wanna expose it for agents to use.
但我希望确保只有最终用户能控制哪些代理有访问权限。
But I wanna ensure only like the end user can control what agent has access to.
嗯。
Mhmm.
作为数据库管理员,我必须确保在任何时刻都不会向代理泄露其不应访问的信息。
And I as a database person ensures that I never leak anything that they to the agent that it shouldn't have access to at any point in time.
而这取决于该交易中所有相关方的上下文。
And that's contextual based on all of the different parties in that transaction.
完全正确。
Totally.
对吧?
Right?
因此,我们正迈向一个代理主导的世界,在此之前,我们处于点选软件时代,作为用户,我进入一个软件,点击操作,软件就会返回我确切需要的内容。
And so we're moving to a world with agents where it used to be that in a point click software world where I as a user go to a piece of software, I point and click, and the software returned to me exactly what I was.
身份问题曾经非常静态且简单。
And the identity problems were very static and very simple.
就像这个用户属于这些组一样。
It's like this user is a part of these groups.
成为这些组的一员就是如此。
It is a part of being in these groups.
这就是你能访问的内容,而且它不会改变。
This is what you get access to, and it didn't change.
但现在我们正进入一个新世界,在这个世界中,用户可以调用一个代理,用户会暴露一些工具,这些工具代表下游资源和工具所访问的下游数据,而这些访问权限可能基于该用户实际想要做的事情而具有上下文相关性。
But we're now moving to a world where a user can pick up an agent, the user is gonna expose some tools, those tools represent downstream resources, downstream data that that tool access may be contextual based on what that person's actually trying to do.
因此,他们可能正在扮演角色,比如客服人员杰克通过MCP提供的代理访问客户B的数据。
So they may be acting, you know, maybe, you know, Jake from customer support working on using accessing customer B's data through an agent that's then made available via MCP.
你希望精确限定该代理根据杰克明确意图所能访问的客户数据范围。
And you wanna be able to scope exactly what that agent has access to from that customer based on what Jake is actually explicitly trying to do.
因此,代理永远不会拥有杰克本不应拥有的访问权限。
So the agent never have access to things that Jake wouldn't have access to.
更重要的是,代理永远不会访问杰克不希望它访问的内容。
And more importantly, the agent never has access to things that Jake doesn't want the agent to have access to.
而且,安全性以及所有相关资源的所有者最终也需要以一种前所未有的方式发声。
And that security and the owners of all the different resources involved also ultimately at the end of the day need to have a voice in a way that they haven't before.
是的。
Yeah.
而且也许让我们来谈谈,这真是一个很好的概述,指明了对话的方向。
And and maybe maybe let's and that and that's like a really wonderful overview where the conversation will go.
是的。
Yeah.
我认为,也许我们可以从头开始,不要重复那些已经被说得烂熟的话题。
And I think I think it's great that maybe let's start from the beginning and and not to, like, retread ground that's been, like, beaten to death.
当然。
Absolutely.
我们不必非要深入讨论代理到底是什么。
We don't have to go necessarily into a fundamental discussion of what is an agent.
是的。
Yeah.
但也许从当前最新的情况开始,简要介绍一下现在什么是智能体,会更有帮助,对吧?
But it might be helpful to start with maybe some some brief like up to the minute sort of update as to what what are agents now, right?
因为我觉得我们见证了这项技术的第一波浪潮。
Because I think we saw the first wave of this technology.
它基本上只是一种模型的形式。
It was basically just some form of model.
没错。
Yep.
人们会说,看,我的智能体就是一个大语言模型,你只要往里面扔东西,就能得到输出。
People were like, look, is my agent and a large language model and you just throw stuff into it and get an output.
而现在,它们似乎已经进化了,所以也许简要谈谈我们现在认为的智能体是什么样子?
And now it seems like they've evolved and so maybe just really briefly touching on sort of like, you know, what are we considering agents like at the present?
当然。
Absolutely.
我总是将这视为一个连续体。
I always think of this as a continuum.
也就是说,存在一种代理行为的连续谱。
Like, it it's sort of there's this continuum of agentic behavior.
事实上,当我与客户或行业人士交谈时,我常常会陷入一场漫长的讨论,试图定义代理。
And in in truth, many of the times when I'm talking with customers, people in industry, I get into this long diatribe of, like, trying to define agents.
我认为思考这个问题空间的方式,可以类比我们对自动驾驶等级的理解。
And I think the way to think about this problem space is, know, in the same way that we kinda think about autonomous levels of driving.
对吧?
Right?
你有一个零级代理。
You have, like, a level zero agent.
那很可能就是我们已经构建的软件。
Well, that is probably software we already built.
它是基于规则的,整个过程中没有任何不确定性因素。
It's rule it's it's there's no little piece of indeterminism in the loop.
是的。
Yeah.
而且它不会自己做决定。
And it's not making decisions on its own.
是别人在做决定。
It's someone else is making decisions.
当你从零级逐步过渡到一级时,情况就不同了,这时候仍然是人类主导,但有AI辅助帮助做出部分决策。
And as you progress from like level zero to level one, which is, okay, there's now you have it's still human driven, but there's AI assistance that's helping make some part of the decisioning.
就像副驾驶。
Like a copilot.
就像副驾驶。
Like a copilot.
没错。
Exactly.
对吧?
Right?
比如,协作者就像是某种高级的自动补全。
Like, copilots are, you know, some people say that's an advanced autocomplete.
嗯。
Mhmm.
没错,确实如此。
Well, that's true.
但要成为高级自动补全,它必须做出底层的假设和决策,而这些决策涉及大量工具调用和后台的多种操作,以自动化部分流程。
But in terms for it to be an advanced autocomplete, it has to make underlying assumptions decisions and part of making that's gonna be many tool calls and a lot of different things under the hood to help automate part of
这个工作流程。
that workflow.
所以我们已经远远超越了协作者阶段。
And so we're well well through copilot.
我们确实已经远远超越了协作者阶段。
We're well through copilot.
没错。
Exactly.
我们现在正达到这样一个阶段:好吧,作为人类,我该如何离开呢?
And we're now getting to the point where, okay, how do I, as a human, get to walk away?
对吧?
Right?
所以我对智能代理说:嘿,代理。
So I say, hey, agent.
请替我完成一项任务。
Please go do a task on my behalf.
我经常喜欢购物,因为这是我们每个人都做的事:嘿,代理。
And I often love to do shopping because it's something we all do, which is, hey, agent.
我很想雇用你。
I'd love to hire you.
你能帮我找到最合适的那条我尺码的牛仔裤吗?
Can you go find me the best pair of jeans of my size?
这是关于我牛仔裤的详细信息。
Here's the details about my jeans.
你能确保价格在50美元以下,然后帮我去出价吗?
And can you make sure it's under $50 and then, you know, may place a bid?
明白了。
Got it.
对吧?
Right?
在这种情况下,人类希望拥有随时退出的能力。
And what you wanna do in that situation is the human wants to able to walk away.
是的。
Yeah.
当代理准备购买时,它必须返回征求人类的批准,因为金额超过了购买限额
And when the agent's ready to purchase, the agent has to either come back to the human for approval because it's over some purchase limit
完全正确。
Totally.
或者代理可以
Or the agent can
就这么做。
just do it.
就像过去那样,你会设置一个编译任务,然后走开去吃个披萨,等它完成后再回来。
It's like the old days where you would you would you would set a compile job and walk away to get a pizza and come back when it's done.
对吧?
Right?
没错。
Exactly.
所以这就是第三阶段。
So that's stage three.
这是第三阶段。
It's stage three.
你可以把这种转变想象成:代理最初就像我们最好的朋友,在耳边低语,提醒我们:嘿,你可以这么做,对吧。
And you can think of the transition is it goes from agents are sort of like our best friends whispering in our ear, telling us like, hey, you could do this Yeah.
到一个代理现在置身于中间的世界。
To a world where agents are now they are now in the middle.
而且随着时间推移,随着你逐渐走向更高级的自主性,达到类似Waymo的第五级水平
And increasingly, then over time, as you get more autonomous to level five, equivalent of like a Waymo
是的。
Yeah.
这些代理会去执行长时间运行的任务,基于我们赋予它们的某种决策模型进行操作。
You know, these agents are off doing long running tasks that are doing you know, operating within some decisioning model that we've given them.
所以它们是受人类控制的。
So they're human controlled.
对吧?
Right?
它们可以在这些边界内自主运行。
And they can operate around those bounds.
但作为人类,我不必时刻关注它们在做什么。
But as a human, I I don't have to look and be aware of what they're doing.
它们可以自行去完成这些任务。
They can just go off and do those things.
你知道的。
You know?
每年都要报税。
Every year, file my taxes.
嗯。
Yeah.
但要确保,你知道,它们已经经过了我的账户批准。
But make sure, you know, they've been approved by my account.
所以我们现在是从Waymo的阶段开始,由司机帮助汽车确保它是
So we're starting at the stage of the Waymo with the driver helping the car make sure it's the
正确的事情。
right thing.
没错。
Exactly.
这就是代理的下一个阶段。
That's the next stage of agency.
事实上,许多公司实际上在让Copilot取得成功方面面临困难。
And in truth, many companies are actually struggling to make Copilot successful.
对吧?
Right?
比如,很多下一代的Kershur最初只是个漂亮的自动补全功能,那确实很棒。
Like, a lot of the next generation of, you know, Kershur starts as like this beautiful little tab completion, and that that was awesome.
下一阶段是,好吧。
And the next stage is, okay.
现在,我该如何在代理中整合联系人和数据的可操作性?虽然我可能仍处于半参与状态,但更多的工作正在被完成。
Now, how do I involve, like, contacts and data actionability when I for this agent where I'm still maybe semi in the loop, but more work is being done.
因此,这是一个随着时间推移的连续过程。
And so there's it is a continuum over time.
但我也想说,任何涉及人类的系统,其核心决策都已被抽象化了,嗯。
But I would also say, like, anything that has a human is abstracted from the core decision making Mhmm.
这需要访问数据,没错。
That involves access to data Yeah.
或者涉及任何可操作性,都是一个你真正进入代理型劳动力领域的时刻。
Or involves any actionability is a moment where you are actually entering the realm of now we're an agentic workforce.
绝对如此。
Absolutely.
是的。
Yeah.
所以这些系统本质上可以独立做出决策。
So these things can make decisions essentially on their own.
尽管它们是在更大流程背景下的微小决策。
Although they are micro decisions within the context of a larger process.
没错。
Exactly.
但它们确实有能力插入自己的不确定性因素,没错。
But they do have the ability to to to to insert their their indeterminants Exactly.
并执行大量这些流程。
And do a lot of these processes.
对吧?
Right?
因此,这就是身份、授权和认证问题出现的地方。
And so that's where, I guess, the problem of identity and authorization and authentication come in.
没错。
Exactly.
没错。
Exactly.
因为你基本上会达到这种状态,于是就出现了各种各样的工具中毒类攻击,你可以利用这些攻击,而TrailerBits博客是个很好的网站,我们可以找到相关信息,他们有一些像Pajamas这样的东西,非常有趣。
Because you basically come to this position, and so there's, like, all of these wonderful tool poisoning types of attacks where you can use and TrailerBits blog is a great website we can find, but they have they have things like pajamas, which is, like, really interesting.
嗯。
Mhmm.
但当你深入研究时,就会发现,当代理核心模型在没有人类参与的情况下开始进行多次工具调用时,问题就出现了。
But you you dig in and you basically find, like, the minute that the the model at the core of the agent is actually starting to do more than one tool call before the with a human not in the loop.
是的。
Yeah.
对吧?
Right?
在底层,你可能会遇到很多这类攻击,这些问题会真正影响到用例的采纳。完全正确。
Under the hood is a point where you can have a lot of these attacks and these problems become like actually an issue for gaining that use case adoption Totally.
在企业环境中。
In the enterprise.
对吧?
Right?
因为你到了这样一个位置:代理可能会访问生产数据库,获取生产数据,然后通过网页浏览器发起工具调用。
Because you get to this position where like an agent may go access like a production database, take that production data, and then makes a tool call with a web browser.
完全正确。
Totally.
但其实并没有发生任何写入、更新或删除操作。
And what happens, there's no like write or update or delete that's occurred.
它们非常温和。
They're very benign.
但他们使用网页浏览器,获取一些生产数据,其中可能包含客户信息,并将这些数据输入到网页浏览器的查询中,因为他们试图利用生产数据库中的上下文来解决用户提出的问题。这时,我们就进入了身份访问问题的范畴:用户是否应该有权访问?代理是否应该被允许访问这些生产数据?
They But use a web browser and take some of that production data, which might have customer data and send it into the query of the web browser because they're trying to like use the context that they have in production from the prod database to help them solve some problem the user gave And this is where you start to come into like, okay, now we have an identity access problem, which is like, should that you that user be able to access should that agent actually be able to access that, like, production data?
对吧?
Right?
开发者用户可能希望能够访问生产数据。
The user, like, developer probably wants to be able to access the production data.
但我们真的希望代理能够访问这些生产数据吗?
But we but do we want the agent to have access to that production data?
我们是否还希望代理在之后能够使用网页浏览器,或进行其他操作?
And do we then want the agent to able to use, you know, a web browser or do something else with it after the fact?
你会进入一个高度情境化的身份与访问控制的复杂世界。
You get into this complex world of identity and access that's hyper contextual.
绝对如此。
Absolutely.
这让我想起,如果你还记得云计算早期的网络架构,对吧?在那段旅程的初期,我们也遇到了很多类似的问题。
And then it reminds me though, if you remember if you remember sort of early networking in cloud, right, we had a lot of the same problems at the beginning of that journey.
是的。
Yeah.
这有点像是,嘿,我们构建了一个非常棒的服务。
Which was sort of like, hey, we built this really cool service.
是的。
Yes.
而且它只是一个单因素登录。
And it's a single factor login.
没错。
Yep.
或者你只是让它对任何人开放,对吧?
Or you just do it's open to anyone, right?
这是匿名访问。
It's anonymous access.
访问。
Access.
然后你会遇到一些数据被过度访问的问题。
And then you end up with kind of these issues where data gets over accessed.
但这次感觉非常不同,对吧?
Have these over But this time it feels very different, right?
因为有了这些代理,你可以综合大量数据中的信息,而以前这需要人工完成。
Because you have the ability with these agents to synthesize a lot of understanding across large sets of data that previously would require a human to do.
所以这些边界实际上变得更加清晰了。
And so it seems like these edges are actually a lot sharper.
过去你必须在大量数据中搜索特定术语,对吧?
You used to have to search for specific terms across a large data set, right?
而这一直是黑客的做法。
And it was always what hackers would do.
对吧?
Right?
寻找关键对。
Look for key pairs.
寻找这个。
Look for this.
寻找与密码相关的内容。
Look for something password.
寻找社会安全号码。
Look for social security numbers.
但现在你只需问一个问题即可。
But now you can just ask it a question.
比如,CEO有逃税行为吗?
Like, did the CEO cheat on their taxes?
对吧?
Right?
因此,这带来了许多非常有趣的问题。
And so this creates a lot of really interesting problems.
它创造了大量有趣的问题。
It creates tons tons of interesting problems.
我认为另一件真正改变数据问题本质的事情是,从纯粹的数据安全角度转变为身份和访问问题,这个问题非常深刻,需要对整个问题领域进行彻底的重构或重新思考,因为它是完全情境化的。
I think the other thing that, like, really changes the data the the problem from just a pure data security standpoint to, like, an identity and access problem that that is that is deep and requires a completely reinvention of of this problem space or rethink of the problem space is that it's entirely contextual.
是的。
Yeah.
对吧?
Right?
所以过去在防火墙时代,情况是这样的:如果你在边界之内,那就没问题。
And so it's it used to be, you know, in in the firewall world, it's like, okay, if you're inside the perimeter Yeah.
对,你可以读取、写入、更新、删除,想做什么都行。
Right, you can read, write, update, delete, whatever you want.
传递性信任,信任。
Transitive trust, trust.
宝宝。
Baby.
对吧?
Right?
对吧?
Right?
然后
And then
我们转向了
we moved to the
云环境,建立了VPC,并采用了IAM。
cloud and we put in the VPC, and we added you know, adopted IAM.
我们重新建立了一个边界,对吧。
And we kind of reestablished a perimeter Yeah.
在我们自己的小盒子内部。
Inside our little box.
但后来,我们开始将它拆解。
And then what's occurred is, you know, we started to unbundle it.
因此,这些问题变得普遍起来。
And so some of these problems became prevalent.
我们当时遇到了2022年CircleCI被入侵的事件,导致很多人获得了生产数据的访问权限。
And we had, like, you know, 2022 CircleCI got popped, That gave a lot of people access to production data.
这种事情本不该发生。
Like, that shouldn't have happened.
这非常痛苦。
It was painful.
但这些问题本质上都是类似的问题。
But these are all problems of, like, all similar issues.
代理的新特点是,要产生巨大价值,它们需要访问大量高价值资源。
What's new about agents is, one, is in order for them to create a lot of value, they need a lot access to high value.
没错。
Absolutely.
对吧?
Right?
因此,代理的价值创造并不只是建立在模型之上——模型带来的是机会,真正的价值来自于运行时的上下文。
And so the value creation of an agent, not as on top of the model, the models create opportunity, but it's the context at runtime Mhmm.
而它们在运行时所能访问的内容、所能执行的操作,使得智能体能够真正创造价值,而不仅仅是一个基于旧数据集回答问题的笨拙工具。
And the things they have access to at runtime, the actions they can perform at runtime enable agents to actually create value versus them just being like a dumb thing that's answering a question based on an old dataset.
我们有SAML。
And we've got SAML.
我们有OAuth。
Got OAuth.
对于这些内容,我们已经有了各种各样的标准。
We have all sorts of standards that are out there for a lot of this stuff.
但它们似乎并没有正常发挥作用。
And they don't seem to be working right.
而这个问题看起来像是一个经典的难题,对吧?
And then this seems like the classically difficult problem to solve, right?
因为在企业环境中,多种不同技术正在融合。
Because you have a blending in the enterprise of multiple different technologies.
你面对的是一个全新的用例,与我们之前见过的任何情况都截然不同,正如我们所确立的那样。
You have this new use case that's radically different than anything we've seen before as we've established.
从产品角度来看,你是怎么想的?
How are you thinking just from a product perspective?
你到底该怎么解决这个问题?
Like, how do you actually solve this?
这真的非常困难。
This is, like, incredibly hard.
是的。
Yeah.
我的意思是,你提到了一些关键协议,这些协议实际上非常成功地帮助我们解决了用户联合、SaaS的采用,以及企业SaaS和软件基础设施部分的问题。
It's I mean, I think there's a you you made a couple of points on some key protocols that have actually, like, you know, were very successful in helping us solve user federation and the adoption of SaaS and the and the and the then this enterprise SaaS and parts of the infrastructure as a software market.
对吧?
Right?
首先,我们拥有一个数万亿美元的云市场,这简直不可思议。
It was amazing we have a multi trillion dollar cloud market in the first place.
根本的挑战在于,当我们解决用户联合时,从未需要应对这个底层的根本问题:现在我们需要能够跨云、跨网络和跨公司来联合一块计算资源。
The the fundamental challenge is, you know, when we went and solved user federation, we never had to solve what fundamentally under the hood problem this is, which is now we have a piece of compute that we need to be able to federate across cloud and across, you know, network and companies.
对吧?
Right?
所以我们基本上是在说,好吧,我们已经解决了用户相关的问题。
So we're basically saying, all right, not only We've already solved the user things.
我们可以理解用户是谁,但我们要如何理解什么是代理呢?
We can understand who a But user how do we understand what an agent is?
我们该如何识别这个代理?
And how do we identify that agent?
因为要想开始解决这个产品问题,我们首先必须建立起代理的概念。
Because in order for us to even start cracking open this like product problem, we have to first be able to establish the concept of an agent.
这样我们才能理解并控制:在上下文中,这个代理应该具备哪些能力?
So, we then can understand and control, well, contextually, what should this agent be able to do?
那你们在这个问题上得出了什么结论?
And where do you land with that?
代理只是像Joel v2那样的东西,还是说它是其中某个子集?
Is an agent just like a Joel v two, or is it sort of some other subset of that I
我认为, broadly 来说,我们所看到的、我们对代理的看法是,代理将是一种被多个用户使用的工具。
think, like, broadly, you know, what we're seeing and what we're thinking about our our view of what an agent is, is that an agent is going to be a thing used used by multiple users.
大多数代理都会出现这种情况:我会像开发一个待办事项应用那样,为我自己的特定需求构建一个代理。
Like most agents, there there will be situations where I as in go build an agent just like I as in go build a to do app for my specific thing.
嗯。
Mhmm.
但当我们谈论企业环境,或者即使是消费者场景,比如 ChatGPT,我并不会去构建一个属于 Ian 的 ChatGPT。
But when we're talking in, you know, in the enterprise context or we're talking in even a consumer context, let's say, like ChatGPT, like, I don't go build it's not Ian's ChatGPT.
它就是 ChatGPT,而且 ChatGPT 正在不断增强其代理能力,以优化我的工作流程。
It's ChatGPT, and increasing ChatGPT is in in gaining capabilities to be agentic and it optimize my workflows.
因此,在这个语境下,ChatGPT 是一个代理,而 Joel 使用的是 ChatGPT。
And so in this context, ChatGPT is an agent, and Joel uses ChatGPT.
完全正确。
Totally.
我相信,许多公司都会对此感兴趣
And many of the companies I'm sure interest
但鲍勃也用,萨莉也用,GA也用。
But so does Bob and so does Sally and so does GA.
是的。
Yeah.
所以代理本质上是多租户的。
So agents are inherently multi tenant.
嗯。
Mhmm.
对吧?
Right?
因此,我们面临着与SaaS时代相同的多租户世界的全部复杂性。
And so we have all of the complexities of the multi tenant world that we had in SaaS.
完全正确。
Totally.
然后我们又增加了新的复杂性:这些代理现在正在执行越来越多的操作,我们该如何理解和管理全球范围内的这些操作呢?
And then we have then the added complexity that these things now are taking increasing actionability and our and how do we understand and manage that across across world?
那么,这些不同计算边界之间又是如何通信的呢?
And then how does that communicate between different compute boundaries as well?
所以我们实际上正在超越传统的访问权限概念。
So we're we're essentially going beyond the cat the classic sort of access rights.
它不再仅仅是读、写和删除,对吧?
It's no longer just read, write, and delete, right?
我们谈论的是增强认证,谈论的是增强授权,所有这些
We're talking about step up authentication, we're talking about step up authorization, all
都是根据用户的任务或意图,在运行时动态进行的,对吧?
By sorts of crazy dynamically at runtime based on the task or intent of the user, right?
归根结底,如果我们想达到一个真正理解访问控制本质的境界,那它究竟是什么?
Ultimately at the end of the day, if we wanna get to a point where we can, you know, really what is access control about?
其实,它主要是消除最坏的情况,确保顺利路径就是正确的路径。
Well, it's really about removing the worst case scenarios and ensuring that the happy path is the right path.
对吧?
Right?
所以,当你在使用一个智能体时,考虑到它的上下文窗口以及它可用的工具,我该如何确保这个上下文窗口、它所拥有的数据以及可执行的工具操作,都受到某种由终端用户决定的、确定性机制的约束?
So if you're taking an agent and you're thinking about the context window it has, the tools that's available to it, how do I ensure that that, that context window, the data it has and the tools actionability can take is bounded by something that comes from an end user that's deterministic in nature.
这就是我们对未来的看法:我们需要基于任务和意图的策略,并在下游强制执行。
And that's our view of where this is going is like we're going to need task based intent based policy that's enforced downstream.
明白了。
Gotcha.
所以,我们的权限模型本质上会变成一个矩阵。
So like our rights model your rights model essentially becomes a matrices
没错。
It is.
而不是这种线性的。
As opposed to sort of like this linear.
不是的。
It's not yeah.
它既不是线性的,也不是静态的。
It's not linear and it's not static.
它极其动态。
It's incredibly dynamic.
而且因为它具有动态性,所以实际上是超短暂的。
And it's and it's and I think the other component is because it's dynamic, it's actually hyperephemeral.
对吧?
Right?
意思是,没有任何两个任务会完全相同。
In the sense that no one task will probably look the same.
事实上,如果我们退一步思考,智能体为我们组织带来的终极价值是什么?这里的根本差异是什么?
And in fact, that's like if we step back and think about what is the ultimate value that agents give to our organization and what is the, like, the fundamental delta here?
没错。
Yeah.
我们正从一个世界转向另一个世界:在过去,如果我想让某个软件完成一项新任务,就必须由软件开发者来编写它。
We're moving from a world where, like, if I wanted a piece of software to be able to do something that new, a software developer had to write it.
没错。
Yeah.
我们正迈向一个新时代:如果我想完成某项任务,只要给模型提供正确的上下文和工具访问权限,它就能根据我运行时提供的数据,动态地制定计划并执行完成该任务。
We're moving to a world where if I want a task to be done, if I give the model, like, the right context and right access to tools, it can create a plan and execute on that plan and then complete that task, dynamically based the data I give it at runtime.
因此,在这个超瞬态的世界里,你面对的是大量潜在任务的长尾需求。
So it's completely different in hyperephemeral world where you have this long tail set of potential tasks.
采用智能代理的真正价值,在于它能够动态执行这一长尾任务列表。
And the net value of like adopting agent is the fact that it has this long tail list of tasks that are capable of being done dynamically.
明白了。
Gotcha.
我们需要改变信任机制,不再基于静态标准。
And we need to change our trust equation from one that's like based on static.
乔尔是安德森公司的合伙人。
Hey, Joel is a partner at Andreessen.
这意味着他有权访问这些公司的财务数据,因此乔尔可以对智能代理说:‘你能分析这两家公司的财务数据,告诉我它们的差异吗?’
So that means he has access these companies financials to where Joel can say to an agent, hey, can you go analyze the financials of these two companies and tell me the delta or the difference.
对吧?
Right?
这个代理仅在任务需要时才能访问这些公司的财务数据,而作为最终用户,你对此有一定的控制权。
And that agent only gets access to the financials for those companies based on the task, and you as an end user have some control over that.
嗯。
Mhmm.
那么,在下游作为执行者,你所持有的数据的公司或机构,能否也执行这一策略?
And then as an enforcer on the downstream, you know, the company or the place you hold that data, can it also enforce that policy?
而且在整体上,不仅乔尔知道,嘿。
And across the board, both not only does Joel know, hey.
我确实对这个代理代表我所做的事情拥有控制权。
I did in fact have control over what this thing is doing on my behalf.
我认为这非常重要。
I think that's a really important thing.
对吧?
Right?
我们必须明确,究竟谁最终控制并为这个代理负责?
Is that we have to establish, like, who ultimately controls and takes accountability for this agent?
这在交易性事务中越来越重要,比如支付。
And this is increasingly important transactional, like, payments.
嗯。
Mhmm.
另一方面,我如何知道乔尔确实告诉了这个代理可以执行这个操作,以便我能说,是的,你可以做这件事。
And the other side is on the other side is, how do I know Joel did in fact tell this thing it can do this action so that I can say, yeah, you can do it.
我同意。
I approve of it.
我们该如何处理这种责任问题?
And how do we deal with that liability?
绝对如此。
Absolutely.
你觉得最终会不会演变成一种模型,其中会存在某种推理模型?
Do think do you think eventually I mean, it sounds like you're almost evolving towards a model where there is gonna be some sort of reasoning model
没错。
Yep.
展开剩余字幕(还有 256 条)
这正是在做出这些判断。
That's making these determinations.
你觉得这场旅程的终点就是这样的吗?
Is that is that kinda where you think the end of this journey lies?
我觉得
I think
是的。
it yeah.
我们确实如此。
We do.
我认为将会出现这种配对,因为只有通过某种混合的确定性和非确定性系统,才能实现规模扩展。
And I think there's gonna be this sort of pairing because the only way you'll get the scale is that is is some formulation of of a high of a hybrid deterministic and nondeterministic system.
我下一个问题是,你如何实现这种扩展?
My next question was how do you scale that?
你如何实现扩展?
How do you scale it?
没错。
Exactly.
每秒多少个令牌?
And How many tokens per second
会是多少呢?
is that gonna be?
很多令牌每秒。
Many tokens per seconds.
我认为你会有两个部分。
And I think you're gonna have two sections.
对吧?
Right?
当你使用智能体时,在用户端,编写提示或与智能体交互的一部分,将涉及某种权限授予的互动。
You're gonna on the user side, when you are using an agent, a part of writing a prompt or interacting with an agent is going to be a level of access grant that's gonna interaction.
然后作为用户,你将具备一定程度的理解和控制能力。
And then you as a user are going to have some ability to understand and control that.
我认为这可能会被内置到代理界面中。
And I think that may be baked into the actual agent interface.
是的。
Yeah.
随着时间推移,代理界面会判断:嘿,这不一样了。
And then over time, the agent interface is gonna decide, hey, this is different.
是的。
Yeah.
这太吓人了。
This is scary.
乔尔同意这个吗?
Is Joel okay with this?
嘿,乔尔,你确定要这样吗?
Hey, Joel, are you sure you want this to happen?
顺便说一下,这正是你的代理正在做的事情。
And by the way, this is exactly what your agent's doing.
这是那个按钮,乔尔,你可以立即停止这个操作。
And here's the button that lets you, Joel, stop the action right now.
撤销它。
Revoke it.
你想做什么都行。
Do whatever you want.
我认为,根据代理代表你执行的操作的复杂程度,你可能会说,并非在所有情况下都需要,比如在财务场景中,这可能是一种非常常见、非常普遍的操作模式。
And I think depending on the sophistication of the action that the agent's gonna do on your behalf, you're gonna say, not in every case, the financial case, maybe it's like this is a very common action, a very common pattern.
没有必要每次都提示或询问乔尔是否需要给予条件性同意。
There's no point to prompt or tell Joel whether they need to, like, give conditional consent.
但在后台,实际发生的是,这始终是条件性同意。
But under the hood, what's happening is it's always conditional consent.
嗯。
Mhmm.
这是在代理用户界面阶段完成的,因为作为用户,你本质上是在说:我授权这个代理代表我执行这个操作,是的。
And that's being done on the agent UI phase because you're basically, as a user, saying, I'm granting this agent the ability to do this thing on my behalf Yeah.
运行时。
Runtime.
而运行时这一点对于理解责任至关重要。
And the runtime point part of that is really important from understanding a liability.
显然,在这一点上要集成遥测数据,比如:嘿。
Obviously integrate telemetry at that point where it's like, hey.
这个代理看起来像是在做
This agent looks like it's doing a
没错。
Exactly.
某种诈骗行为。
Some kinda scammer thing.
对吧?
Right?
没错。
Exactly.
是的。
Yeah.
在下游方面,执行授权策略的人——可能是MCP服务器,也可能是信用卡公司,或者所有这些机构,因为联邦各方都无法声称他们将拥有自己独立的自适应策略,来规定在你个人授权基础上他们额外要求什么,以及允许代理执行哪些操作。
And then on the downstream side, you know, the person that's enforcing the authorization policy, which could be an MCP server, it could be a credit card company, it could be all of them because they all because the federated concern won't be able to say they're gonna have their own adaptive policy about what they require on top of your individual, like, grant, but what they allow agents to do.
如果你看看自动驾驶汽车,这是一个非常好的类比:实际上,双方都存在一个持续的自适应系统,不断收集并改进信息。
And if you look at self driving cars, like, a really great analogy, it's actually, like, across the board, there there is a continuous adaptive system on both side that is, like, collecting and improving information.
但任何时候,谁拥有最终控制权都非常明确。
But at all times, it's pretty it's very clear, like, who has ultimate control.
以Waymo为例,我们仍然有人拥有最终控制权。
It's either in the case of Waymo, we still have someone in ultimate control.
他们并不在车里,但他们依然在掌控之中。
They're not in the car, but they're still there.
而在特斯拉的情况下,作为人类,我仍然坐在方向盘前,即使我并没有在驾驶。
And in the case of a Tesla, I as a human, I'm still sitting in front of a a wheel even if I'm not the one driving.
是的。
Yeah.
而且你可以接管。
And you can take over.
而且你可以接管。
And you can take over.
这就是我们需要的世界。
And that's the world we need.
而在现实中,这种情况正在发生,但你也要看到它的两面:特斯拉随时可以推送新的自动驾驶版本,甚至介入撤销或提醒说:嘿。
And just in the world, it's going but you also have two sides of that where any point that Tesla can, like, push a new version of self driving or even come in and prevent like, revoke or say, hey.
我们不能进行自动驾驶了。
We can't do self driving.
它已经出问题了,系统可以回滚并优雅地降级。
It's broken anymore, and it can roll back and degrade gracefully.
完全正确。
Totally.
是的。
Yeah.
我的意思是,我认为这绝对是正确的。
I mean, I think I think that's absolutely right.
就像,我们即将进入一个阶段,我知道人们很想相信我们已经达到了不需要人类的复杂程度。
Like, we're gonna I I mean, I know I know people would love to believe that we're at a level of sophistication where we don't need humans.
对吧?
Right?
但在可预见的未来,仍然需要人类参与其中。
But, like, for the foreseeable future, there's humans in the loop.
当你让一个代理去帮你预订去夏威夷的度假时,你肯定希望它在购票前与你确认清楚。
And when you task an agent to go out there and book your your vacation to Hawaii, you're gonna wanna make sure it confirms with you Exactly.
在你真正买票之前。
Before you actually buy the tickets.
对吧?
Right?
而且你还希望有能力回溯并理解,嘿。
And you're gonna want ability to roll up and understand, hey.
代理正在为我做什么,是在哪里做的?
What are what are agents doing on my behalf and where?
对吧?
Right?
我认为,无论是从终端用户还是企业终端用户的视角来看,未来都会有一个确定性的控制层级,让你真正理解这些代理在做什么。
And I think the future of of whether it's end user or enterprise end user perspective, it's going to be you're going to have, like, a deterministic level of control and a real capability to understand what these things are doing.
就像我去银行时,可以查看我所有的交易记录一样。
In the same way that when I go to my bank, I can go on with all the transactions I've made.
完全正确。
Totally.
我真的很想知道,你对第一个问题怎么看?我的意思是,从这个问题中衍生出几个问题。
I'm I'm really curious what do you think of the first I mean, there's a couple questions I think that that stem out of this.
第一个问题是,你认为是消费者会率先大规模采用代理,还是企业会率先大规模采用代理?
The first is, like, do you think it's gonna be consumers adopting agents or enterprises adopting agents at scale first?
如果你一年前问我这个问题,我会说100%是消费者。
You know, if you would have asked me this a year ago, I would have said a 100% consumers.
企业采用需要多年时间。
It's gonna take years for the enterprise.
我实际上认为,这一波浪潮由于多种原因而有所不同。
And I I actually think this wave is different for many different reasons.
嗯。
Mhmm.
一是企业内部工作流程优化所带来的净收益和运营效率是极其巨大的。
One is the net benefit and operating efficiency of the internal workflow optimization of the enterprise is, like, absolutely massive.
在董事会和高管层面,这一点非常明确,这就是公司下一步的发展方向。
Like, it's so clear to at a board and executive level how this is, like, the next step in the company Mhmm.
就提升盈利效率而言,当前的工具已经成熟可用。
In terms of just, like, gaining the next level of earnings efficiency that and the tools are available today.
我们现在处于这样一个阶段:员工在日常生活中已经使用这些工具,他们可以将使用Sora、ChatGPT或Claude的知识直接应用到工作中,心想:好吧。
And we're at a point where, like, their employees in their day to day life are actually using the tools, and then they can figure out they can, like, transfer the knowledge of using, like, making using Sora or Chat GPT or Claude and immediately take that to work and be like, okay.
这就是我可以这样做方式。
Here's how I can do this.
我们以前从未有过这样的机会,嗯。
And we've never had that opportunity where before Mhmm.
过去,企业对云的采用非常滞后。
It was that the enterprise was a very latent adopter of the cloud.
但现在企业已经上云了。
But now the enterprise is on the cloud.
是的。
Yeah.
所以,这一波在本质上与以往非常不同。
And so, we're in a Like, this wave is very fundamentally different on that level.
我认为第二个层面是,用户已经预先理解了数据就在那里,访问权限也已具备,我们已经在云上了。
And I think on the second level, so users are like a pre understanding the data's already there, the access is already there, we're already on the cloud.
在第二个层面上,过去在云采用方面,安全团队可能会说:等等。
And on the second level, we used to be in a position with the cloud adoption where security could say, hold up a minute.
我们必须认为,这个云还不够成熟。
We have to like this cloud's not mature enough.
我们不需要控制。
We don't have to control.
我们需要构建所有这些功能。
We need to build out all these things.
我们不需要扩展。
We don't have to scale.
比如,我们还没有真正让企业成功的必要组件。
Like, we don't have the pieces to actually make our enterprise successful.
这是一种不同的情况,因为他们确实不得不这么做,因为推动这一变化的并不是高层业务驱动因素,而是其他人推动了资产负债表的变化。
This is a different situation where they actually had to because it wasn't a top level business driver that finally drove like somebody else moving on the balance sheet.
它更多地与如何提升开发效率有关。
It was more attached to like, hey, how are we gonna continue and get developer efficiency?
当时有大量的云迁移行为。
It was a lot of movement to the cloud.
现在它已成为一项高层业务目标,即:如果我们无法实现收益效率,那么明年的增长将依赖于这个项目。
Now it's a top level business objective, which is like, if we can't get earnings efficient, like our next year's growth is coming from this project.
因此,安全团队现在并不像上一代那样处于可以喊停的位置。
And so we don't have the Security is not in the same position ahead was in the last generation where we could say, hey, we should hold up.
现在的情况是我们必须采取行动,而这将大大加速采用速度。
It's now in, oh, we actually have to do something and that's going to drive adoption much faster.
事实上,我们在大多数组织中看到的是加强版的影子IT。
And in fact, what we see in most organizations, it's like shadow IT on steroids.
是的。
Yeah.
安全团队说‘不’的能力已经不存在了,因为CEO和高管们都在说:我们必须采用这些技术。
And the ability for security to say no isn't there because it's really like the CEO and co they're saying, well, we have to adopt The these
云技术让所有CISO都成了紧急招聘下的牺牲品。
cloud made all the no CISOs a roadkill on the emergency for hire.
没错。
Exactly.
云技术终结了‘否决权’的时代。
That the end of the empire of no was cloud.
是的。
Yeah.
现在,你跟任何CISO聊,他们都会说:我该怎么安全地推动这个,又不至于搞砸一切?
And now, I mean, every CISO you talk to is just like, how can I enable this safely without, like, blowing up the sperm?
对吧?
Right?
而且我要怎么推动,这不仅仅是忽略他们在业务中的独立角色。
And and how do I enable and it's not just, you know, for the business, ignoring their independent roles for the business.
这不仅仅是关于如何提升运营效率,没错。
It's not just about, like, how do I gain earnings efficiency Yeah.
而是关于我们如何运营公司。
Inside, like, we run the company.
我的公司如何变得具有自主性?
It's how does my company become agentic?
我的公司如何成为一个代理?
How does my company become an agent?
无论是我如何与代理互动,我们如何成为代理?
Whether I'm like, how do I you know, my interactions, interact with agents, how do I how do we be agents?
完全正确。
Totally.
这是一场从上到下、每个企业都不可避免的变革。
It's it's a transformation top to bottom of, like, every business one way or the other.
你可以看到商业领袖们已经开始通过编程接触到这一点。
And you can see business leaders getting a taste of this with the coding stuff.
对吧?
Right?
没错。
Exactly.
就像第一次尝到甜头一样:哇,原来可以冻结招聘人数,却让员工产出更多生产力,对吧?
It's like the first little hit of like, wow, okay, can freeze headcount and get more productivity out of people, right?
所以我认为这完全正确。
And so I just, I think that's exactly right.
采用这些东西和提升盈利能力之间有着直接的关联,简直令人难以置信。
Like there's just such a direct translation between adopting this stuff and driving better profitability that it's insane.
他们还能立刻看出自己的公司将在新世界中占据什么位置,因为这触手可及。
And they can immediately see also like where their company is gonna fit into the new world because they it's touch feel.
这是立即可以行动的。
It's immediately actionable.
如果你不使用iPhone、ChatGPT或谷歌,那你根本就没在做生意。
If you're not using an iPhone or ChatGPT or Google, like, you're not in business.
因此,他们立刻开始思考:我们该如何保持我们的护城河?
And so they immediately start thinking is, well, how do we what's our what's our we maintain our moat?
所以,这涉及商业防御性的问题,也就是我们如何确保在产品层面不被边缘化?
So, there's a business defensibility component, which is like, how do we ensure that we don't get disintermediated on a product level?
对吧?
Right?
比如,我们可能是一个电商平台。
Like, maybe we're a commerce platform.
你知道吗,购物的未来可能是通过智能代理实现的。
You know, the future of shopping is probably through an agent.
我们如何确保代理能够与我们这样的电商平台互动?
How do we make sure agents can interact with us as a commerce platform?
或者如果你在开发SaaS软件,那就得想,我们如何真正成为代理,这样就不会被人取代,而是我们成为他们使用的代理。
Or if you're, you know, building a SaaS software, it's like, well, how do we actually become an agent so that, you know, instead of someone displacing us, we are the agent that they use.
是的。
Yeah.
我意思是,这很有趣。
I and I mean, it's interesting.
所以,就像我说的,我们在这条路上还处于早期阶段。
So like we're like I said, we're still pretty early on this journey.
是的。
Yes.
在代理领域,目前已经出现了两种标准。
And like there's two sort of standards in the agent world that have emerged.
MCP,是的。
MCP Yep.
显然,它并没有真正解决它初衷要解决的任何问题。
Obviously, which didn't really solve any of the problems it set out to solve.
是的。
Yep.
目前,这可能是大多数安全专业人士深夜最担心的单一问题。
Probably probably the single source of late night worries for most security professionals at the moment.
绝对如此。
Absolutely.
然后是A到A,这个方向还没真正兴起,或者说刚刚起步,我的意思是,你是怎么看待这个问题的?
And then A to A, which is which is sort of not really taken off yet or it's sort of getting I mean, kinda how are you thinking about this?
绝对如此。
Absolutely.
你知道,MCP,它们来自两个不同的组织,从不同的角度看待问题。
You know, MCP, like, think I they both come from two different organizations looking at problems differently.
而A到A呢,就是典型的谷歌风格,哦,我们得实现规模化。
And and A to A just, you know, is the classic Google, oh, we gotta get to scale.
我们该怎么扩展和管理这个东西?
Like, how do we scale and manage this thing?
我们该怎么在网路空间内扩展和管理这个东西?
And how do we scale and manage this thing across, like, network space?
非常优雅,考虑得非常周全。
Super elegant, really well thought out.
非常优雅。
Super elegant.
就像PHTP一样,没错。
It's like a PHTP Exactly.
它专注于一个问题:什么是代理?
And it's focused on like, well, what is an agent?
完全正确。
Totally.
对吧?
Right?
而MTP是另一面,即我们源于这样一个想法:如今Claude实际上无法做太多事情,因为它无法访问其他资源。
And MTP is the other side, which is, well, we came out of the idea of like, well, today Claude, like, really can't do much for It doesn't have access to other stuff.
那么,我们如何实现访问的扩展?
So how do we gain scale of access?
对吧?
Right?
我们如何向模型呈现这种访问权限和可操作性,即一组工具,使其能够合理地使用这些工具?
And how do we present that access and actionability, that set of tools to the model in a that it can, like, reasonably, it can do with
这些事情。
these things.
这有点像谷歌那一边,就是请求许可。
It's sort of the, you know, the Google side is the ask for permission.
另一面则是事后请求原谅。
The other side is the beg for forgiveness.
对吧?
Right?
没错。
Exactly.
从这个角度来看,你实际上有一个识别智能体的框架。
And from that perspective, you kind of have a framework for identifying the agent.
你有一个框架来调用这些工具,但双方都缺失的核心是:好吧。
You have a framework for something to call these tools, but there's no the core the core of what's missing on both sides is, okay.
酷。
Cool.
我可以大致理解一个智能体声称它应该能做什么任务,也能理解这些工具是什么。
I can I can kinda, like, understand what an agent says it should be able says its task base is, and I can understand what these tools are?
但我要如何加密地识别这些智能体,让用户能够访问并控制这些智能体的行为呢?
But how do I connect identify those agents like cryptographically, enable users to like access those agents, control what those agents should do.
而作为工具提供方,我该如何实际地提供这些工具,同时还能控制谁在什么情境下使用它们,并实现审计功能?
And then I, as a tool provider, how do I actually like enable those tools to be provided, but I get the ability to control like who can use it in what context and then have like auditing.
所以,MCP 明确表示:A 到 A,我们来探索一下。
And so like, MCP is definitely here to say, A to A, let's find out.
我的意思是,它正在解决一些我们都将面对的非常有趣的问题,比如:在一个分布式的代理世界中,我该如何知道这个代理能做什么、谁在使用它、它归谁所有,以及它的核心身份是什么?
I mean, it's solving some very interesting problems that we're all gonna figure out, which is like, well, in a federated world of agents, like, how do I, like, know what this agent can do and who uses it and how is it owned and what's its core identity?
是的。
Yeah.
而在工具层面,我该如何利用所有这些上下文来强制执行这些规则?
And then on the tool side, it's like, how can I use all of that context to enforce enforce this?
因此,这里缺失了一座桥梁。
And so there's a missing missing bridge.
MCP 目前采用最广泛,而且确实已经开始触及到那条‘失望低谷’,因为人们发现:嘿。
MCP definitely has the most adoption, and it's definitely hitting that, like beginning to hit some of that trough of disillusionment as people have found, hey.
它并不完美。
It's not perfect.
对吧?
Right?
他们有
They've got a
很多问题。
lot of problems.
每个人本地机器上都存着一堆生产环境的凭证
That everybody's got a bunch of production credentials on their local machines
运行着MCP。
running MCP.
而且
And
他们对此毫无控制权。
they have no control over it.
这把过去四五年里所谓的秘密泄露问题,变成了超级放大版的秘密泄露。
And it took what they used to be, like, you know, the secret sprawl problem of the of, like, the last four or five years and and it's just secret sprawl on steroids.
完全正确。
Totally.
而现在,你面临着这样一个问题:实际上,我们通过这个MCP,给了Claude或Kursor对我们核心系统的生产环境管理员权限,但我根本无法控制这个访问者到底是Ian本人,还是Ian的代理。
And now you kind of have this problem where like, oh, actually, you know, we're giving Claude or Kursor, you know, production production admin access to our core thing through this MCP, and I have no ability to control whether that's actually, you know, Ian or is it Ian's agent.
这在任何形式的采用中都是一个根本性问题。
And and that is a fundamental issue in in any form of adoption.
我们和合作方反复听到的反馈是:我的核心挑战在于,我无法区分这两者。
And we we consistently hear that from from people we're working with is, you know, my core challenge is I can't differentiate between these two things Mhmm.
这是一种看不见的风险。
And this is unseen risk.
因此,要么我继续放任这种风险蔓延,导致严重后果,比如代理擅自导出数据库,或将数据 dumped 到网页浏览器中。
And so it's it's either, like, I continue to let that risk propagate, and then we have really bad consequences like agents going and, like, dumping the database or taking the data and dumping it into a web browser.
是的。
Yeah.
硬盘。
Hard drive.
是的。
Yeah.
是的。
Yeah.
硬盘,或者说是,你知道的,
The hard drive or, like, you know,
让勒索软件。
letting Ransomware.
勒索软件。
Ransomware.
让你埋掉别人的东西,因为多租户环境真的很难理清。
Letting you bury someone else's stuff because, like, multitenancy is really hard to reason about.
另一方面,问题是,我该怎么实现,又该怎么轻松地采用它?
And then on the flip side of it is is, like, how do I do it and how do I adopt it easily?
从根本上说,这与上一代解决这个问题的方式非常不同,因为你处理的主要是交互,而不是用户与某个全能服务之间的交互。
And and fundamentally, you know, this is very different from the last generation of how we solve this problem because you're dealing with, most importantly, interactions, not between users and, like, some omnipocent service you bought.
是的。
Yeah.
这是用户之间、你购买的代理和你构建的代理之间的互动。
It's between users, agents that you've purchased, agents that you've built.
这些代理相互交互,同时还有一个工具调用层,代表你的外部系统,比如你的SaaS产品、Salesforce、CRM,以及你的数据库和数据湖Snowflake,同时也涵盖你的内部世界。
Many of those agents interacting amongst themselves and then a tool calling layer that represents both your external things, your SaaS products, your Salesforce, your CRMs, your and then your database and your data lake Snowflake, but also your internal world.
因为最终,为了获得运营效率或让你的产品具备代理能力,你需要将防火墙后方的大量功能
Because ultimately, what you wanna do in order to gain these operating efficiency or for your product to be agentic is to move a bunch of things that you see behind the firewall
嗯。
Mhmm.
提升到应用层,这样你的代理才能真正与之交互、使用并从中获得价值。
Up to layer the application layer so so your agents can actually interact with it and use it and gain utility from it.
明白了。
Gotcha.
太棒了。
Awesome.
是的。
Yeah.
所以,伊恩,非常感谢你今天来访。
So so, Ian, I mean, thanks so much for coming by.
我们非常兴奋能与你一起踏上Keycard的旅程。
Like, you know, we're super excited to to be with you on the journey with Keycard.
我们认为这是一家具有变革意义的公司。
We think that this is transformational company.
这将成为未来这个代理世界的重要基石。
This is gonna be an important building block of the future of this this agentic world.
它将主导一切,我们非常希望在剩下的几分钟里,能听你简单介绍一下Keycard以及你们正在做的事情。
It's gonna dominate everything and we'd love to maybe just in the in the in the few minutes we have left, hear a little bit about about Keycard and what you guys are doing there.
当然。
Absolutely.
我也非常高兴安德森能加入我们的旅程。
I'm super excited to have Andresen on on the journey with us as well.
这是我们过去十年一直在思考的问题,真正见证了我们正在经历的机器代理革命。
And, you know, this is something that we've been thinking about for the last ten years and really saw this, you know, machine agent revolution that we're going through.
那么,我们该如何真正利用深度学习和大型语言模型带来的这种令人惊叹的新技术呢?
Like, how do actually take advantage of this incredible new technology that deep learning and light large language models have brought us?
因此,公司目前的重点是帮助客户将智能代理投入生产。
And so the the company today, we're really focused on helping our customers get agents into production.
所以是笔记本电脑?
So laptop?
我们该如何把这些代理从实验室里拿出来,让它们真正为我们所用?
How do we get them off the, like, you know, over the lab and get them into production that are actually in utility for us?
因此,我们今天帮助客户做的就是,嘿。
And so what we're helping customers with today is, hey.
我们会帮助你识别你有哪些代理。
We're gonna help you identify what agents you have.
我们会帮助你识别哪些用户在使用这些代理,哪些用户可以使用这些代理,以及这些代理实际被允许访问哪些内容,并为你把这些范围框定起来。
We're gonna help you identify what users are using those agents, what users can use those agents, and what those agents are actually enabled to access and allow you to put a bounding box around those things.
我们还会为你提供一套工具,让你能够为你的代理构建工具——无论是你为内部工作流程开发的内部代理,还是与你的产品交互的代理,抑或是允许你构建代理的一系列SDK。
And we're gonna give you a set of tools that you can use to build agent like build tools for your agents, whether those tools are, you know, agents that are internal, things you built for your internal workflow, or agents that are operating with your product, or maybe a set of SDKs that allow you to build agents as well.
然后为你提供赋能软件,让你可以对组织说:
And then give you the enablement software so you can say, hey, organization.
这是你可以使用的所有代理。
Here's all of the agents you can use.
这是你可以使用的全部工具。
Here's all the tools you could use.
嘿。
Hey.
这是你如何将这些工具应用于不同的工具或不同的代理,并让它们获得访问权限的方法。
Here here's how you can take those tools into different different tools or different agents and let those things have access to it.
作为最终用户,你可以获得管理所有这些内容的能力,实现完全可审计性,并了解这些代理的访问权限配置,真正开始界定它们能做什么的范围。
And then as a end user secured, you get the ability to govern it all, have complete auditability, and understand what the access profile of these things are and really start to, like, get a bounding box on what those things can do.
太棒了。
Awesome.
而且说实话,鉴于我们在这个领域听到的安全事件数量激增,以及迫切需要一种可扩展的方式来管理这个代理世界中的身份。
And just, you know, honestly, based on the amount of security incidents we're hearing popping up in this space and the sore need for for some sort of scalable way to manage identity in this agentic world.
没错。
Exactly.
我的意思是,我觉得全世界很快就会涌向你的门口。
Like, I I you know, I think the world is gonna be beating a beating a path to your door any moment now.
我们已经准备好了。
And we're ready for it.
我还想补充一点,我们完全遵循标准且可互操作。
And and one thing I'll add is, you know, we're we're completely standards and operable.
对吧?
Right?
我们并没有去实现一堆孤立的、仅限专用钥匙卡的非标准方案。
So we're not out implementing a bunch of, like, off base things that are standalone key card only.
我们正在构建能够与所有现有标准互操作的系统。
We're we're building things that interoperate with all existing standards.
我们正在推动这些标准的演进。
We're working to drive those standards forward.
所以我们实际上是一个联邦解决方案,且不依赖任何特定供应商。
So we're really a federated solution, and we're not tied to any specific vendor.
这使我们能够成为您未来代理战略中的核心支柱。
And that allows us to be a sort of a central pillar in your agent strategy moving forward.
所有优秀的身份公司都基于某种开放标准。
All the great identity companies have been based on some sort of open standard.
没错。
Exactly.
很高兴听到这一条件仍在延续。
And I'm glad to hear that that condition continues.
非常感谢您的到来。
Thank you so much for coming by.
这真是太棒了。
This has been incredibly awesome.
非常感谢您邀请我。
Thank you so much for having me.
太棒了。
Awesome.
感谢您收听 a16z 播客。
Thanks for listening to the a 16 z podcast.
如果您喜欢本集,请在 ratethispodcast.com/a16z 留下评价。
If you enjoyed the episode, let us know by leaving a review at ratethispodcast.com/a16z.
我们还有更多精彩的对话即将呈现给您。
We've got more great conversations coming your way.
下次再见。
See you next time.
提醒一下,本内容仅作信息参考,不应被视为法律、商业、税务或投资建议,也不应用于评估任何投资或证券,且并非面向任何 a16z 基金的投资者或潜在投资者。
As a reminder, the content here is for informational purposes only, should not be taken as legal business, tax, or investment advice, or be used to evaluate any investment or security, and is not directed at any investors or potential investors in any a sixteen z fund.
请注意,a16z 及其关联方可能仍持有本播客中讨论的公司的投资。
Please note that a sixteen z and its affiliates may also maintain investments in the companies discussed in this podcast.
如需更多详情,包括我们的投资链接,请访问 a16z.com/dislosures。
For more details, including a link to our investments, please see a 16z.com forward slash disclosures.
关于 Bayt 播客
Bayt 提供中文+原文双语音频和字幕,帮助你打破语言障碍,轻松听懂全球优质播客。