Hey, everyone, and welcome to this week's episode of AI Security Ops, where we have a special guest with us, Minster, who's going to be demoing one of his, tools that he has put together recently, and we are all very excited to check it out. But before we dive into that, first, talk about Black Hills information security. If you or your organization needs any kind of security testing, external, internal, web app, mobile app, AI Security, I mean, really anything security related, security operation monitoring. We do it all here, so come check us out, blackhoseinfosec.com. Additionally, we do have training that we provide from our same professionals that provide our security services day in and day out who put together awesome training that they share with others at a really great price.

Check them out at antisyphontraining.com. So with that out of the way, Alex, over to you. Tell us about what you got together and think you got a demo for us today as well, which which should be awesome. So let's let's hear it. Oh, I think you're muted.

Sorry. I muted for the intro. Yeah. And so it's it's always difficult to kind of figure out like where to start with this, but really where I started with the project was was actually from a lot of people that were moving off moving between different AIs that they were going, oh, this one's no good. I'm gonna try to capture all of my stuff and move it over here.

And then they go, oh, that one's no good, so I'm gonna try to capture all my stuff and move it over here. So I kinda came upon like a a concept and a project of an OpenBrain to where you're just going, okay, this is this is stored centrally and you just have your different AIs connect to it. I'm like, well, that's really cool. Like, I can, you know, iron out like some of the problems. So I started kinda kinda thinking on it and, you know, and working from there.

So I built it and I was like, well, I put all this time into building it, like, how can I use that to help me? And then also how can I use this to help, like, the info information security, help my career? I do cyber threat intelligence. So I'm like, how can it help in that aspect? So once I did get a lot of the different things pulled together, what I have and and and people are thrilled with it.

There's some nerds out there that are thrilled with what I I called, like, my original OpenBrain, and I called, like, it the OpenBrain Holocron. So that's that's a Star Wars reference there for, that Holocron, but it helps that it gives that kind of it's not meant to be storage of like every every thought, every piece of information in the universe. It's basically kind of an index and kind of a lens so that it helps you define certain things to where I can say, hey, like for cyber threat intelligence, I can say, hey, I work in the fintech industry. Do I need to tell it all the specifics of my organization? No.

I can say we're in the FinTech industry, we care about these things, we don't care about these other things. So when I say, hey, run this thing, it's able to sort of go from that point. I think another big advantage is that it it can start cold. I don't have to go through and re explain to any AI, you know, what what the deal is, what the background is. You see all these, you know, clever prompt engineering that they give you this block of prompts that's like this long and then you'll get the actual thing that you want to output.

I I sort of have that and that's one of the the demos that I have is I sort of have it now to where I can just invoke a phrase and say and it can it knows what to output. You know, so that's that's one of the and so I I built that for like the cyber threat intelligence. So one of the other cool things that I did is where it all can capture from. So I can I'll I'll I'll have that as part of the demo too to where I can have it capture the thoughts from from Slack integration, from Discord integration, from any of the AIs that I have connected into it. And I think it does solve that one of the big security problems is having this brain on a on a need to know basis.

Where nowadays you because I get the question, they go, well, isn't that the same as, you know, some of the MCP tools out there, some of the integrations where you go, oh, you just hook it up into your emails, and now your AI can read through all your emails. You can read through all of your, you know, Google documents. And I go, yeah. But this is on a need no basis. Like, I've seen offers where it goes, hey.

If you want to I I use YNAB for, like, budgeting purposes. And it goes, hey. You can connect YNAB to your AI and I go, but why? Why do I need it to know all of my transactions? With OpenBrain, I can tell it a couple of things about my budget, about like, you know, if I say like, hey, I'm trying to cut down on Amazon purchases there.

That's all it needs to know. It doesn't need to know all the things that I spend money on, you know, so it would have that information for need to know.

Very very cool. One of one of the things before we go forward, one of the things that's that jumped out at me is you mentioned that it runs on free tier infrastructure. Could you speak a little bit more about that of how you achieve that and kind of like what what you what you mean when you say free tier infrastructure?

Yeah. So the free tier infrastructure that I have is so I'm running it through super base and I'm using OpenBrowder as well just kind of route all of the things. While I run it on like the free tier infrastructure, I do have that little like asterisk there of it gives you like the free tier options. For me and the stuff that I'm doing, it's fine if you start building together like a team or if you have like your whole security team trying to use it, you might run into like the usage limits, the rate limiting that says, hey, there are so many too many things trying to call it. That has been a benefit.

One of the other things that is a a a that helps out sometimes though is that having it plugged in for the capture in so many different areas seems to get around some of the rate limiting to where I might be interacting through Cloud or Gemini and it says, hey, it runs into a rate limiting. Well, if I wanna capture something, can still just have my Discord bot capture it and it's able to connect and save that information, but it may rate limit like AI interaction with it. That that AI token might be rate limited, but I can go over to somewhere else to save the information or at least have some capabilities still remaining. If I threw more money at it, sure, it could expand for a team. I'm also looking into, you know, building this out if there's a way to build it out kind of like using internal tools to a company instead of saying, hey, let's let's put over all of our stuff in the the super base over here in this free tier.

They go, okay. Yes. It's it's one more cloud, one more tool that we have to get sign off on. Can we build this internally? And if so, how?

So that's that's the next stage of my

project. Very, very cool. I I love it. I do I have more questions, but I don't wanna get ahead of the demo. So I think maybe it'd be great if we jump into the demo and you show it off and then we can we can go with follow-up questions from there.

Sure. So I think I can start with the with one of the demos. I will start sharing my screen. So this is is my my own, you know, Discord server that I have here. So I just have, like, the Blues Bunker, and then I have, like, some of the OpenBrain ones, and I built the Discord bot to capture things.

This kind of, I guess, you know, maybe like a shout out to Flare Academy because it's already had it summarized. This works well as kind of a demo for, you know, all of the stuff that I I have. So I'm just going to copy and I'm going to invoke the capture. So I go capture the thought. Let me put that all in there, and then I can do just like the one more optional tags.

So these are the user tags that I put in in case it just it will add its own tags, but I wanted to have, like, the capability for some, you know, specific tags. And I can do, you know, specific tags of, you know, vulnerability. This one is a clog. Maybe I just go like VHAS. There we go.

For something that I brought up on the on the podcast. So I can submit that. That will do that capture. That will do the thinking. And I can have something like that.

Yeah. So I can even have the the other things that I can do is I can do captures not just of items. So as you see here for the people listening in, it says, it responds back captured as observations, SQL injection, AI exploitation, security mitigation. Has the action items because this article is about cloud code can be manipulated, has the action items implement strict code review process for cloud m dot m d's configuration files, treat cloud m d as executable code, and enhance security controls and file integrity monitoring. So it has some excellent items for the thought.

I can also do the capture of the thought and I can go, BHIS team thinks this is impressive and wants to, you know, dig into AI automation more. And I can put in like just a a tag of BHIS. So I can have have that. And where that where I I put in for those types of captures is for like the the cyber threat intel. I can put in I can capture a thought like if I our CSO is like, hey.

If if I go like, hey. My CSO shared an article worried about, you know, NPM packages, you know, the NPM attacks concerned about that. I can I can tag that because then when I do the threat intelligence report, it would float that to the top and go, hey, this is one of the priority things in that intelligence report? So then I have and I can do so here's well, I'll go look at the databases of stuff first. Let's see here.

So this is a little bit of showing move this over here. It's a little bit of showing the CTI captures. So I can run that and it will have all of the things that I captured, but then it also has the item here that says, you know, it captures it with the ID, the content, clog code can be manipulated. So it has if I view the cell content, it would have everything that's that's captured here. I can likewise go into the metadata, and I can view that cell content and has it as the type of, you know, observation, the source that has a Discord.

The other thing that is that I've done with the different Discord channels is I set up for the bot understanding the source and what tags it needs to do, what it what it needs to do, what information it needs to capture. So it knows that, hey, if I capture something in like the source is, you know, CTI inbox, it has the the appropriate, you know, context where it knows what it needs to do. Like, always put a CTI tag on it. Always kind of, you know, you know, break down, like, the input based on cyber threat intelligence. Now if I drop something into, like, my other channel, which is, like, Holocron thoughts or their general thoughts, I have some other channels for that I I didn't show on screen that are for, you know, different projects of mine.

It has that context of knowing, hey, this is how I need to parse the information, but it also has so these are the things that it it added itself. It knew to add SQL injection, AI exploitation, and security mitigation. Those were not tags that I typed in. The tags that I did type in, it has, like, the user tags, you know, vulnerability, clot, and BHIS. Those are the tags that I added to it.

Now it's a date mentioned and then, you know, it's like the Discord message ID. You know, then there is the one that I put in down here for, you know, BHIS team thinks this is impressive and wants to dig into AI automation. You know, they have the metadata. Any questions thus far? I have, like, more things to to demo.

Oh, yeah. I I have a question. I guess first, I I like how this can integrate with so many different things. It seems like I mean, you're using Discord as an example of putting in data, but you mentioned that, you know, you can connect from other other channels as well. But being able to switch between different AI agents seems pretty powerful, so you're not locked into to any one of them.

But I just that was more of an observation. To to my question is, and and maybe you'll you'll cover this later so you can punt, but how do you how do you handle up, like cleaning up? Like, you you you're putting in tasks, so what what happens when the task is done? Like, how do you how do you close that loop or you you put in an observation, especially with Threat Intel. I mean, Threat Intel can can go stale after a a few weeks, few months.

Do do you have any sort of method of of cleaning that up or indicating, like, how how stale or relevant

Yeah.

And and those are in the so for for cleaning things up, that was gonna be kinda one of the next things that I was gonna demo is that I could go, you know, like, you know, capture.

Alright. Perfect. Consider it a segue.

Yeah. But those are both, you know, excellent questions that I have. So I have the, you know, capture thought and I go I can go something like, you know, John Strand, you know, thinks, you know, MFA is overrated and eight character passwords are just fine. So this would be kind of an example of, like, well, what if what if I type something into AI that isn't Ops? I go, I that that's a mistake.

Because if you do that, like, currently with, like, Claude or with Gemini or ChatGPT that you go, oops, I I put something in there that shouldn't be in there. How do you how do you how do you fix that? How do you remediate sending something into Claude's, you know, you know, capture? You know, how do you how do you get that cleared out? Now I can go I can run this again and look at this thing and I can go, John Strand thinks MFA is overrated and eight character passwords are just fine.

Then go, like, view cell content. So I can go through this thing over in the table editor. I can edit this or I think it can go yeah. So in the table editor, I can edit that one. It might have a lot of thoughts in it.

I'm gonna try to figure out where that is too. But I can delete that that item. There we go. John Strand thinks, you know, if it is overrated, I can just go I mean, it's not one. Yeah.

Just delete row or edit row. I can just delete it. Delete. Done. And I can go back to that SQL editor.

I can run that again just to double check that it's gone and that one is is no longer there. So that's a way of just kind of editing it. Additionally, for some of the instructions, so getting into right now with this, I I don't have the ability to tell discord you know, through discord or through any of the AI agents for, you know, for going ahead and deleting the information or or updating the information. So that would be the end of deletions or updates is something that it doesn't currently have the capability to do. What it can do though is it can put in instructions to supersede.

And that's also kind of a good area as well because I could sit there and say put into the database that it's like, hey, my favorite color is orange and then I can put in there, hey, my favorite color is blue. And if you ask, hey, what if you ask a question, what's my favorite color? It might not know that it's like it's gonna go and it's gonna see two entries in there and it's gonna have to kind of struggle as to like, well, which one is. But if I put in, hey, my favorite color is orange and I put in, hey, my favorite color is blue, this is version two and this supersedes any other favorite colors, then when I ask it, it has you know, it it goes and it it brings those up and it goes, this is the one that supersedes all the the previous ones. This is the latest version of Alex's favorite color.

So that is that is the way that I have that set up right now. Where that gets where that can get fun is I create protocols that I can then invoke cold. And this is one that I set up that I set up recently and I go bring this over. So, hopefully, this can start up cold, and I can go, you know, connect to OpenBrain Holocron, you know, what is it? Mean, you just say, like, you know, and here we go.

Saddle up the Intel. And hopefully, this will run and process or we can run some some questions in q and a, but it says, you know, thinking about concerns with its request. It loads the tool so it knows to connect to OpenBrain. So it's running the primary poll, so it's listing thoughts, but it's limiting it to 50 and going back thirty days. You know, now running the full 10 steps CTI Yeehaw version two.

So it's running, you know, Yeehaw version two steps two through nine are coming in hot. And for some of these, I did tell it to be it be it be a little over over the top with the with the Yeehaw cowboy references. You know? So hopefully it would you know? So right now it's searching those thoughts.

So it's connecting into the Supa base for, you know, all sorts of different items, you know, listing them and doing some of that processing. But this is it's something that it's running. So it's architecting the output file. So I had to do a JSX file, you know, with, you know, consolidated threat intelligence. Hopefully, that will come up as, you know, a real nice file in a bit.

If not, I do have and I do have one that already ran that looks, you know, very impressive and polished for, you know, its output. It gives you kinda, like, the the steps that it's going through. So it's architecting the CTI dashboard. You know, I have seen where this I think while this is running, it's like I have have seen where, you know, I discussed this concept with a number of people, even those that aren't in the information security industry. Here it has that 10 steps complete, dragnet closed, you know, rendering the posse report now, you know, standby deputy.

So again, I did I did instruct us to go, you know, over the top with some of the the Wild West themes here that BHIS has. But I've seen where this, you know, helps solve some of the problems for people even not within the industry that go, well, I use AI and I have to kinda try to keep everything in like one separate through one full thread because if they open up a new thread, it's not gonna know what's happening. Know, because I can say like I'm working on a project and go, hey, that's a cool idea. Let's put a pin in that and I'll I'll I'll start a separate thread on that thing. You know, where they go, hey, this would be easier if you had this technology in place or you have this set up.

I'm like, okay, cool. Not doing that right now. Put a pin in that and I can come back to it later. Then I can ask later and be like, hey, so that those upgrades to my network, my home networking that you suggested, what do I need to do for those? And I'm not faced with an with an AI that goes, how, what, I don't I don't know what you're talking about.

It goes, hang on, let me check your OpenBrain and and check that, you know, that. I think also while this is running, you'd note that I said, you know, connect to OpenBrain Holocron. I can create multiple OpenBraines. So I can create one, you know, let's say if I wanted to do something, I thought it was like even in in my past that it's like I've done work with TraceLabs and looking for missing persons. If I wanted to create a OpenBrain just for that to capture all these little, you know, the flags, little bits of intelligence that I have, put them into an OpenBrain and then have it run a protocol report or have it run some guidance for like what other threads should I dig into.

I can do that and then I know there's I I don't I don't mean anything by this when I say you can just, you know, delete your brain afterwards. But you have that where you go. It's like, I can just archive that. I can move that away and I can have that say, you know, specifically segmented to where I go, you're not I'm not having it connect to this threat intelligence in order to access this. When I run a CTI report, it's not connecting to the brain for this.

And so there's a lot of benefit in kinda creating those individually. And again, kinda like that Holocron concept, can have a Holocron for, you know, Master Yoda, Master Sifo Dyas, you know, all these. And I can have like a combined Jedi Council Holocron. So if you're thinking about that for like red teams or blue teams, you go, here's all these things that can be be checked, and even referenced for if I go, hey, I struggled through a Splunk alert, this is what it turned out to be, I don't need to connect my AI to Splunk, I don't need to connect AI to my EDR. I can just put a note in there being like, hey, this issue came up, this was the alert that fired, this was what it turned out to be, and I can save that so that three months from now when I have like Brandon's, you know, screwing about on the network again and it fired an alert, I can go, oh, yeah.

We what did we do last time that happened? And it goes, oh, last time that happened, you looked into this. Here's a Splunk query that you ran. Here's how you validated that it was not an issue and it was just random goofing around on the network again. Okay.

Cool. That saves me a lot of time. I don't have to sit there and go, oh, yeah. Now I have to struggle through that again for a couple hours. So I don't know if this is so I'm gonna leave that to still runs.

But I do have I don't know if it yet. It is still processing, but I do have where I did one output and hopefully I can get this brought up and showcase that. So this is the output from yeah. It says, you know, dispatch from the cyber defense policy, the CTI EHA, Frontier Threat Intelligence. This will also kinda help with the let me close the sidebar to try and make expand this out a little bit more.

Anyway, I couldn't say, you know, right here it says, you know, what in tarnation is this? It's like, what is CTIE and Holocron? It's like, cool.

Nice. Yeah. I love the the theming. That's wonderful.

That's Parker, this territory is hot. So, you know and I was actually, like, clicking on the the shared screen and not the actual item. So it's like, what is Holocron? So it goes, you know, here's here's what it is. You know, how does, you know, CTI Yeehaw work to explain that, you know, why is this?

And I go, you know, that was based off of, the one that I do with the CTI Alpha where I go, okay, run that. And then I'll put things for, you know, for my industry, you know, highlighting things from, like, the CSO, you know, the severity of deputies needed. So it goes like, okay, you know, one deputy is just an informational, you know, five deputies, all hands on the wagon, sheriffs in the field. But it goes, you know, you have the roundup executive summary. You know, it does say, you know, I had, you know, you know, partners territory is hot.

Nation, you know, nation state wiper campaign. You know, Cisco trivia light LM chain is still shaking out fallout and Honda all approved, you know, just proved you can wipe, you know, bunch of devices with compromised domain admin. I did have it, you know, because it was for BHIS. I had it go. It's like, you know, look for any, you know, BHIS or John Strand mentions there.

So if I toss in, if I capture anything that's like a BHIS blog okay. Cool. Or if I go, hey, you know, John, somebody from BHIS said this on a recent podcast, I can highlight that up here. But I can go, you know, poison watering holes to either supply chain attacks, you know, that has listed there. So I can go, you know, these details.

Yeah. And it goes, okay. You know, five deputies and this needed. So it's like a five star thing for, you know, North Korean outfit. You know, ran a long con on Axios NPM man maintainer.

And it goes, you know, warrants are, you know, the action required. So again, this is following kind of that steaming, so it's following that instructions. And as you saw, yeah, I can go back and see if it it built that. But just invoking the, you know, saddle up the intel, I can go, you know, formal and go, you know, run CTI EHA. But it has, you know, these, you know, you know, for outlaws and bandits, it has, you know, malware and active campaigns.

So Vidar, you know, rides in on, you know, fake cloud code. You know, so it has, you know, team c PCP. So these are all like articles and things that I've captured really just throughout whenever. So it it helps like my capture as well because I can just go into the Discord from wherever and go, okay, capture this. It it adds it into this.

I can I can even just say for a lot of, you know, for a lot of the the items, I can even talk through like the, you know, through the different AI things has the ability to update?

Okay. And when you're so when you're capturing the articles, are you just, like, providing do you just provide, like, a URL? Or you, like, do you paste in the whole article or what

I I've been paste I've been pasting in more of the article Okay. Because it doesn't so what it what I have it capture is what goes into the database.

Okay. Okay.

When I have it run like the protocol to put together the intel, sometimes it's dependent on whether it can actually read that article. So sometimes I may go, hey, I saw that this there's this URL for it. I wasn't able to read the content. So you're like Paywalled or whatever. Paywalled or whatever.

So I go, okay. Well, I'm just going to paste in as much as the content as I can.

Okay. Okay. Gotcha.

Yeah. So it has you know, here's the, you know, action by role. You know, this is kinda making up like the roles of the blue team detection engineering. You know, here's even this capture right here, you go, this is based on the stuff that I know that it's highlighted, you know, here are some of the, you know, summary of actions for each group, the blue team, AppSec, cloud security, or even just like threat intel.

Oh, nice. I see a trampoline syscall pattern. That is hardcore.

So those are the yeah. So those are some of the the items and demos. I think it was doing yeah. Let's see here. Okay.

So it was trying to run some stuff, I guess it had some difficulty connecting to Claude, you know, but it was running through those process. So I at least was able to show that it, like, you know, captured those those different steps. Yeah. Claude has been up and down for the past couple of days. Yeah.

And I I mean, I suppose, you know, if I wanted to, I could even go into just for like the the the benefit there, I could even go into ChatGPT for this. It's opening it up on on the side. So I could probably even say

So Alex, how how are you able to connect? How are you connecting in the different agents or bots to to your to your second to your brain, your open brain? Holocron.

So, yeah, so I'm I'm configuring those through like the connectors. So I have the, you know, within, you know, Supabase, I have, you know, the the connectors and like the authentication keys for each one. And then I just go into the configuration for like the settings. I have to double check where that is on.

Is that is that through like MCP protocol? Yep. Okay.

So it's doing those now. I can probably just I'm gonna try OpenBrain Holocron and run CTI yeehaw. So it may be like, okay, well, Claude is down, you know, so I can ask chat GPT to do the same thing. Now it may have a different interpretation of it, you know, so this had less of a so it had a defined function, so I ran it the way it was designed. So this is the output that that it did.

So it still has a lot of that interpretation. And so it does that as the different aspects. So it may not have so again, different different AIs have different approaches, but that's one of the things that can be leveled out a bit by having it contribute to a lot of the items. You know, this is, you know, this is an interesting that it, you know, at the end it says, you know, if you want, I can take this one level deeper, map this directly to a MITRE attack, align it to your org structure, or turn it into a briefing deck for leadership. I can go, okay.

Cool. Let's let's see that. Turn that into the briefing deck for leadership. So I can have it do that and I can then also have it, you know, connect back for, you know, for updates. So I have, okay, here, your CTIE briefing PowerPoint.

Can I just expand that in here? It's not able to do that. So I could download it and and show that while I grab that real quick and I can try to take a look at that over on. So I can see what kind of, you know, output it did for for PowerPoint and, you know, how that looks. Now sometimes it may come up as just kind of a a mess or it just it may not, you know, replace me because if you can look at this executive briefing, that's kind of bare bones.

But it accelerates, like, what I am able to do. This does not seem the chat GPT seemed a little dumb on this one.

It it almost looked like it didn't it wasn't able to pull, like, live threat intel sources. Yeah. Because it it responded suspiciously fast.

Yeah. It was like, oh, it generated PowerPoint, like, suspiciously fast. So again, you know, kind of looking at things across, you know, multiple AIs, you may go, okay, that's one's, you know, failing to be a benefit to us. Yeah. I don't so now it has CrowdStrike sponsored in here as well.

You know? But I could go, you know, even for feedback, I could go, you know, update, you know, OpenBrain, Holocron to note that mission from ChatGPT is lacking. So I can have it do those. One of the other strategies that I've done that would probably that could also benefit security teams is that really at the end of a end of a project that I do if I'm working through a solution, one of the clever questions that I've asked for Yeah. So it has, you know, so it has that log, you know, that that insight is now in the hologram as an observation with follow on actions.

One of the things I've done at, like, the end is I go, okay, summarize our project and I said, and note the things that I did well and note the things that I struggled with. And then it has that as a call for future instructions because if I say, hey, here's a problem that I'm trying to deal with and it goes, hey, here's something that you can code in Rust and I go, I I I can't code in Rust to save my life. It will know that and it will go, look, if I if I need to tell Alex to follow these instructions, he's gonna need some extra hand holding. Or it may be like, look, he can he can understand this concept, write a PowerShell script, write some Python, like, I barely have to tell him what needs to be done. He's got it.

Then it knows for, you know, it can build those follow ons like these are areas that you're skilled at. These are areas that you struggle with and it can have that, you know, refined knowledge to to do those updates. So, Alex, if I was going to set up my own OpenBrain, what stack of tools, what what do I need to do to start from scratch and start implementing something like this? Do I have to have my own Discord server? I mean So they I mean, for the, like, the Discord servers, do you have to have you know, benefit to have, like you would need to have a Discord server that you have the admin roles into.

Doesn't need to be your own Discord server. You know, I built mine, you know, spatially. It could even be, like, in, like, the BHIS server. If somebody wanted to throw a bot in there and start having things captured to an OpenBrain, they can do that if, you know, if somebody gave them permission to add bots to add a specific bot to that server. I started off with just building my own Discord server.

The instructions I first came across were how to integrate it into the Slack. So I had to kinda come up with, like, the tooling for connecting it to disc to Discord because at this point, I'm not connecting it into any of my, you know, corporate tools even though I am doing, like, the cyber threat intelligence. That's pulling from, like, public sources and, you know, just giving the the broad information of, like, the other things that our CSO, you know, is concerned about and we're a fintech organization. So define it that way. What you would need usually start with is you if you have like a GitHub account, you sign up for Supabase with that GitHub account that you have, you know, establish something in in Supabase and OpenRouter.

I think between the two, I put in, like, $10 of credits for for, you know, fetching requests. That so far will last for a long time, you know, just to kinda get that off the ground. Discord servers and, you know, really whatever, you know, whatever AI agents, you know, you want that, you know, that have that MCP capability. So sometimes that that does also depend on, like, the AI if they go, well, you're on the free tool. Actually, I did drop from since I built this, I dropped away from ChatGPT plus to just the the basic one.

So that may be why I'm getting a little less functionality is that it's like, well, you're not paying us money anymore versus, you know, Claude, I I put the money into. So some of those are dependent. Claude, it encourages you to have, like, the Claude desktop in order to get that set up. I do hope to to share some of the instructions from, you know, from the various sources kind of pulling this together. You know, I personally am very thrilled that I got this completed.

I I think speaking a little bit to, like, just the the the neurodiversity is that I just kinda have I have so many projects that are, like, 80% complete. So when I put this brain thing together, would it it took people ask me, like, how long did it take you to do this? And I'm like, well, it took me, like, a couple of months, but realistically, it took me, like, one day. But I was like, the couple of months where you're kinda getting the ideas towards, like, there's so many threads coming together that are 80% complete. And I'm like, I'm gonna sit down and I'm gonna make myself do this because the reason why is that, like, this will then help me keep track of, like, a lot of those projects that are 80% complete that I can store those in the OpenBrain.

Like, the OpenBrain's gonna help me with this. So I'm really happy that I I did that that last 20% to kinda pull everything together and say this is now a thing that's done, you know, and kinda consolidating all, like, the scattered thoughts or random projects where I go, oh, hey. This thing is cool. Like, know, Brian mentioned something on the podcast that I thought was cool. I'm gonna dig into it.

I'm gonna write it down and maybe I'll forget it, you know, or, you know, you you tag something or you bookmark something that you have somebody you know, you have 500 bookmarks and you've only looked at, like, three of them in the past year. But you saved them because you thought they were cool.

Yeah. No. I I, I I absolutely love this, for, for, yeah, the the exact the use cases you mentioned there because, you know, storing, like, like, full, like, documentation or blog write ups or whatever. I mean, like, full form stuff, you know, that I feel like that's relatively easy to, like, archive and go back to. But it's it's those those quick thoughts, quick notes.

Like you said, you see something that you think is cool. And for me, that that becomes much more of a challenge to organize and find again, recall, put it all together. Because, like you said, I mean, you try bookmarking, you end up with a million bookmarks. That's not that's not helpful. So I might jot down things in, like, OneNote or, like, literally, like, on a piece of scratch pad that I keep on my desk or I have, like, other versions of it too, like the digital, like, boogie board and other stuff.

But, you know, it's like this is wonderful because I feel like this is this is a good solution to that problem of being able to consolidate those those, you know, quick notes, and and to, you know, put them together, get reports, or even, I mean, throw in longer stuff like like you have, like full articles that you can then, you know, you can then correlate with other thoughts and ideas and get this whole report. This is this is really, really cool. I really like this.

Yeah. And it it it's auditable that, you know, I go, okay. I mean, here they've even thought of, you know, probably once I have it on, like, a a corporate side, like, I can run a a protocol out saying, hey. Connect to the OpenBrain. See if there are any sort of, like, oopsies or secrets that are in there.

And if not, what is the most sensitive thing that is contained in, you know, in this this OpenBrain? And where I say, like, once I connect to the corpora is because, well, it's kinda hard to give it the to store the to store the instructions of what to look for without that also being kind of an exposure in itself. Like, I'm not gonna store in my personal cloud, hey. If here are some secrets that I don't want them to know, like, you know, don't don't don't disclose, like, you know, what my, you know, what my my current desktop is called, you know, or don't don't disclose, you know, all this or that, you know, you know, don't put my my pet's name out there as part of the database. Well, if I have those instructions, where am I saving those versus, like, in a corporate environment, you would go, okay.

This is the corporate paid isolated Gemini clawed, etcetera. I can put those, you know, that those clauses in the protocol saying, okay. Make sure, like, this is how some of our internal tools are named. This is how some of our, you know, development items are named. You know, let you can you can give it specific things to look for, and it also has that semantic knowledge of, okay.

You know, I understand that, you know, these are things that shouldn't be there. You go, oh, you actually have you actually accidentally saved, like, a API key in your OpenBrain. It's like, okay. Cool. Or not cool.

How do I fix that? How do I remediate that? So you have that that ability to go into that that database query or even you'd have like a database admin, somebody that's familiar with SQL that goes, okay. I'm gonna run these calls, see what turns up, and if it comes back with like some references to these, I can edit that cell, I can delete that cell, I can just go, nope, that's not part of it anymore versus a lot of like the, okay. Connect it to it's trying to be helpful.

Connect it to all of your emails. Okay. What's in those emails? It it's hard to kinda audit that and going, oh, well, you didn't know that, like, your AI is connecting these emails that actually have some credentials stored in them or some, you know, pen test reports that are in there or some list of vulnerabilities that are in there versus I'm like, look, if it needs to know of a vulnerability of concern, I can put the relevant details into the brain. I can control kinda what it knows about that saying, hey, you know, MFA is currently a struggle for our organization or we can't you know, we're we have tellers that, you know, not all of them have access to phones when on the line, so they can't do MFA.

I can detail things in like those general terms and say, like, hey, that's an area of struggle without getting into specific vulnerabilities.

Nice. Oh, I I love that. Yeah. That's that's great, very useful feature. Very cool.

So, Alex, you mentioned putting together a a write up for this or, like, kind of a, like, instructional of how to put this together. Any estimate on when we might be able to see that and where we can find that when you're done with it so we can all put our own Yeah.

I would

our own brain together, if you will? Yeah.

I would put that as so I put that if I share that, it would most likely appear on my GitHub, which would be just, you know see, that would just be, like, you know, github/belouve, which is my handle at b e l. Here we go. I just go, you know, that my git home is, you know, slash blue. So I have that typed out on screen for like, you know, note that my GitHub is blue. I'm just gonna tell, you know, here it is that I'm just saving that up to, you know, my trying to save that to my OpenBrain.

I can even just go into Discord and save that. So that would be where it would would appear as just one of the projects there. Likewise, they may, you know, make note of it within the VHIS Discord server as well. So I may make a a note there being like, hey. If you if you tuned in for this, you know, here's where it is.

So it's, like, saved in both places. So it's saved in, you know, so Claude has that saved in its memory and it also saved it into, you know, the overall memory so that it knows that is mine.

Okay. Oh, very cool.

I don't have a blog or anything, but No. It's it's possible that if it develops, I can reach out to BHIS and guest blog or something and say, here's what this is. I do really like that, you know, even for that that CTI e house that has some of the breakdown of, like, you know, what is this? What does it do? You know, how does this how does this work?

Again, I help you know, I use some AIs in order to help me, like, refine my tools so it has a little bit of that knowledge for, like, what I referenced and what I built. So I'm kind of I'm going to use AI to I'm going to use a bunch of instructions to create an AI that's going to tell me how I created it, if that makes sense. But Oh, yeah. I'm gonna use that to help kinda create the documentation and go, we started from this. We found some of these commands didn't actually work, and we needed I needed to struggle to to fix them, fine tune them.

Like I said, the Discord plug in wasn't I didn't I wasn't able to find it, so I kinda took what it was trying to do and built that into a bot. So that would probably be, like, a really valuable item to share once I, you know, scrub my keys from it, etcetera, and say, like, here is a generic how you build, the the Discord bot, how you build, like, a Slack integrations. So, yeah, it'll have some good information there.

Nice. Very, very cool. Well, looking looking forward to it. And thank you so much for sharing with us. That's again, this is this is awesome.

I I absolutely absolutely love this. This is wonderful.

Yeah. And I'm really open to feedback as well. So people see this and they go like, Alex, you're missing this point. You're totally overlooking this thing. Great.

That's what I want to hear. Or if I had I also additionally want people to take this project and do awesome things with it. Like, I made I want to make something cool so that somebody else can grab it and turn it into something that's, like, awesome, mind blowing that they really, you know, take it to the next level, you know, just kinda opening the door for this.

Excellent. Oh, very cool. Cool. Well, we're at the top of the hour. I think we'll go ahead and wrap things up.

Again, thank you so much for joining us, Alex. We really appreciate it. For everyone else that tuned in, thank you for joining us as well. We'll see you next time and keep on prompting.