Nitro Software: The Hidden AI Risks Lurking In Everyday Document Workflows

[00:00:00] AI agents are only as strong as the data that they're given. When provided with an outdated dataset, your agents could end up doing more harm than good. But not with Denodo. With an AI data layer built within your platform, your agents are provided with real-time data changes. So with Denodo, your agents can finally make the right business decisions. Simply visit denodo.com to learn more.

[00:00:27] What if the biggest AI risk facing your business isn't another sophisticated cyber attack or a rogue AI agent? But maybe your own leadership team quietly using tools that IT doesn't even know exist? Well, my guest today is the CEO of Nitro Software. A company that is trusted by 67% of the Fortune 500 and millions of users across 195 countries.

[00:00:57] But before leading one of the world's largest document productivity companies, my guest was helping build AI technology long before ChatGPT became a household name. As CEO of Voices, he led the voice AI startup that eventually was acquired by Apple. And all this gave him a front row seat to the evolution of AI years before today's AI gold rush began.

[00:01:21] So today I want to explore Nitro's recent research that revealed that 68% of C-suite executives are bypassing approved AI tools and just experimenting on their own. And while that entrepreneurial mindset might sound familiar to anyone who remembers the early days of shadow IT and BYOD, it also raises a few questions around security, governance, trust, and accountability.

[00:01:47] I will also discuss why document workflows sit at the center of almost every business process, why AI should start with the outcome rather than the technology, and how European approaches to privacy and data protection could quietly be becoming the competitive advantage rather than the compliance burden that it often gets reported as. So if you're trying to make sense of the opportunities and risks that surround AI adoption,

[00:02:15] today's conversation should give you plenty of real world insights from someone who has been building and deploying these technologies for far longer than most. But enough from me. Let's try and tap into his experience right now as I introduce you to him. So a massive warm welcome to the show. Can you tell everyone listening a little about who you are and what you do? Sure, Neil. Thank you. Cormac Whelan, I'm lucky enough to be the CEO at Nitro Software,

[00:02:43] which is essentially a PDF and signed software application that's been around for actually it was our 20th anniversary last year. And we compete in the mainstay against Adobe. They will probably be our biggest competitor in most of our markets. Yeah, so we're in that space. Awesome. It's a pleasure to have you join me, especially as I know you've literally just cut off a plane and straight into a conversation with me.

[00:03:11] So kudos for making our conversation today. And one of the reasons I was excited to get you on here is I was reading about your recent research at Nitro. And there's a stat in there that particularly stood out. And that was 68% of C-suite executives are bypassing approved AI tools and just using their own solutions. And maybe that is unsurprising. It sounds very familiar, getting a few flashbacks of BYOD and shadow IT. Not too much changes over the years.

[00:03:37] But why has this ask for forgiveness, not permission culture emerged? And what risk does it create for organization? Well, I think there's probably a few reasons. I mean, it's probably, you know, hype and pressure and accessibility, right? And so the accessibility, it is like, you know, AI is so accessible today. It's so easy to access on a personal, professional or on a, you know, at a business level.

[00:04:04] And I think that the hype and pressure that a lot of executives are feeling, you know, both in their, you know, their senior management rooms and in their boardrooms, you know, to, you know, be doing things, to understanding, you know, how AI could change their businesses, their business process, their business tactics, their business strategy, both shorter term and longer term.

[00:04:25] And I think that's, you know, that has forced them into that sort of what I would call experimentation, you know, that pressure to be able to show that they're making progress, that there's, you know, that they're driving to an outcome, leveraging AI.

[00:04:42] Because there is so much hype and hyperbole, you know, you know, you walk into any airport, you know, every radio station, any big sporting event, you know, it's the Anthropics and the NVIDIAs and, you know, the, the open AIs who are advertising. I just think that there's, you know, there's, there's a lot of pressure there at the moment. Yeah, I completely agree with you. And you are at the helm of a tech company there, and you must see a lot of AI adoption in your own organization as well.

[00:05:10] And I'm curious, from your perspective, what separates organizations that are not just adopting AI, but adopting it responsibly from those that are creating security and compliance problems without realizing it? And I think it's an important question, especially at this time where so many are just diving into agentic AI and, hey, hundreds of agents for that, thousands of agents for that, for other things here. What are you seeing?

[00:05:33] I mean, I think, I think it's, it's natural to do that, you know, that dabbling and that experimentation, but I think you then quickly have to move into a more strategic imperative as in what is the outcome? You know, what are the places I want to be able to improve my business? What is the strategic outcome I'm trying to like, you know, change or trying to achieve with this? I think it has to be both a top-down and bottoms-up approach to that.

[00:05:59] And, you know, I think as in all like, you know, like, you know, like things in terms of business strategy, start with the outcome in mind. I do think that sometimes executives get caught up in it has to be AI this and it has to be AI that. And, you know, sometimes I wonder why, you know, what's the outcome we're trying to achieve and how is it better leveraging AI or how is it more elegant or how is it more easy, like, you know, more easy to achieve.

[00:06:26] But from my perspective, it's starting with the outcome in mind. And yes, we've, you know, we've deployed AI into almost every part of our business. You know, we're a technology company, so that's probably not a surprise. But, you know, our legal team, our finance team, you know, our marketing team approaches all leverage AI.

[00:06:46] And it's first starting with, you know, how does this help us achieve a better outcome, whether that's through productivity or, you know, swiftness to market or ability to, you know, create more content or whether it's the ability to, you know, drive better quality into our code or better, you know, better usability into our product. You know, we start with the outcome in mind first and it's a very programmatic and strategic approach across every part of our business.

[00:07:16] And I know document workflows are a topic that you're passionate about and they are often viewed as routine business processes, but there is so much more going on here behind the scenes. So can you tell me a little bit more about why you believe documents, contracts and e-signatures are possibly one of the most overlooked security challenge in the AI landscape that we're seeing now? I would say that, like, you know, I would never accuse anybody of being passionate about document workflows, Neil.

[00:07:44] But, like, you know, I would never put that on somebody. But what we're passionate about is, you know, how do we move our users and, you know, we've, like, 3 million monthly active users using our products literally, like, across the globe. How do we get them to focus on the more important things in their day and make it sort of routine and easy to use?

[00:08:05] And the documents, if you think about it, whether you're in a HR function, think about all of the incredible data and information that's in the average document, whether it's a procurement document with, you know, with a supplier in your supply chain or a vendor. You know, there's, you know, whether it's a share, you know, purchase agreement, whether it's a, you know, employee contract.

[00:08:29] There's a tremendous amount of highly confidential and highly domain-orientated data in there, making sure that the security and the fidelity of that information is, you know, that's what we're passionate about. You know, and making that sort of, that routine, you know, that kind of GDPR compliance, you know, like, is just there in the background. It happens automatically.

[00:08:59] You can trust it, you know, that that's going to be the case. And apologies for outing you there as someone that's passionate about document workflows. But maybe I got caught up because I know it's been a massive week for you. And I saw, I think it was June the 18th, you guys were online and talking about how to get more from those document workflows, access PDF, e-sign, redaction, automation, et cetera, all in one session.

[00:09:24] So you do invest a lot of time in this stuff and bringing people along for the ride and helping them see what they can do, right? We do. We do. And we're, you know, like, and to be fair, we have a lot of people in the business who are very passionate about that and understanding that, right?

[00:09:40] And it's that ability to, you know, like to make the, you know, the fidelity and accuracy of the feature functions sort of seamless into the workflow of the user, understanding what the user has tried to do. We kind of talk about trust, transparency, and intimacy here, you know, that granular understanding of what the user is trying to do.

[00:10:05] And at no point in that motion, no matter what work surface they're in or no matter what workflow they're in, to make sure that, you know, we never compromise on the, you know, the trust and the transparency with the customer and with their data, which is very precious to them. And before you join me on the podcast today, I did a little research on you. I'm always fascinated by the origin story of my guests.

[00:10:31] And one of the things that I learned was that before joining Nitro, you served as CEO of Voices, which is an AI startup that specialized in voice-driven natural language interfaces, which was acquired by Apple back in 2020, which was before everyone got really excited and the bandwagon that everyone jumped on around AI. It was a good couple of years before any of that happened.

[00:10:53] But I'm curious, as someone that was involved in this space before it went mainstream, what lessons from that experience should enterprise leaders maybe apply today as they build AI systems that employees and customers can ultimately trust? Yeah, that's a great question, Neil. And to be honest with you, I've been a sort of product and a technology guy my whole career, even though I started life as an accountant.

[00:11:18] And so I kind of got past that quickly and moved into technology. But what I thought was fascinating about AI and what I wanted to put to test in joining an AI company in 2017 or 2018, and it was very much a – we were very much a bleeding edge. We worked on a thing called parallel wave nets, which was an early form of architecture and how you deploy neural nets.

[00:11:49] And we were probably one of only two or three companies in the world who kind of achieved, you know, like, you know, sort of like superior capability in that space. And that was the reason why Apple bought us was to try and figure out how they could go apply some of that into, you know, some of that capability into, like, you know, the Siri tech, which was probably, you know, starting to, like, you know, get data at that stage.

[00:12:14] But, you know, AI, like anything else, like, you know, like the internet, like, you know, the cloud, like, you know, all of the languages that preceded it, it is, you know, it is an end to a means or, you know, a means to an end. It, you know, it's not necessarily about the AI. It's about what's the outcome you want to achieve.

[00:12:33] And so what we were doing was building a voice AI that you could host on device without having to use anything more than what was on the device, whether that was a phone or, you know, a laptop, you didn't need to talk to the cloud. And it meant we had to shrink down all of the, like, you know, the neural nets, you know, into a very, very small footprint.

[00:12:56] And that's why we use this thing at the time called parallel wave nets, which came out of the same, you know, the, you know, came out of the same research at DeepMind as the attention is all you need, which is where the, you know, the, the original paper on, you know, what became like large language models.

[00:13:17] So our view is that like a product is a product, whether that's a glass, whether that's a car or whether that's software and leveraging AI, you know, to like achieve a, a, you know, a fantastic outcome for a user. That, that's what was interesting about that. And, and I think we, you know, we did something like we did something pretty cool. So does that answer the question here? It really does.

[00:13:43] I'm going to have to dig a little bit deeper because I think we are what speaking at a time where there's a lot of people uncertain about their careers, their future, and maybe pivoting a career change, et cetera. And just listening to the first part of your question answer there, you, you went from accountant to technologist, entrepreneur, CEO. Is there a story there from accountant to technologist? I feel like there's got to be, right?

[00:14:04] I did accounting and finance in, in university because I didn't think I was intelligent enough to do computers, but I was, computers were something I played with, like, you know, myself and my best friend. As we grew up, like, you know, we, we convinced our school to buy the first, you know, their first, you know, like desktop. And we used to kind of go down and kind of run programs and try and build game programs.

[00:14:27] You know, I, when, when we were in university, we were, we were in two different courses and we were a couple of years apart, but we managed to hack the mainframe and the university to get like, you know, so we liked to play with computers. And I, so I was always in technology and I, I wanted to work when I came out of university. I wanted to work in a software company and, and I figured, you know, I, accounting and finance was something I could probably like master.

[00:14:51] And, you know, the, the thing, the interesting thing about, you know, being part of a finance team is you get to see where any organization spends its money, its resources, you know, and, and that was my approach. So the first company I went to work for was a company called Epicore software.

[00:15:08] I took a three week contract and ended up as like, you know, SVP running product and engineering and professional services globally reporting to the CEO, like 28 years of age. So yeah, it was like a, a crazy fun journey. I'm also somebody who is quite comfortable in chaos. And I think that probably didn't hurt. Yeah. Comfortable in chaos. Absolutely love it.

[00:15:36] And fast forward to present day, AI is everywhere, but of course, European organizations have traditionally placed a very strong emphasis on privacy, governance, and data protection. So as AI adoption does accelerate right here in 2026 and beyond, do you think those values are becoming a business advantage rather than a, just another regulatory burden? Would you say?

[00:15:59] Yeah. So what we've, we've always looked at Europe as being sort of the highest common denominator in terms of like regulation, particularly around, you know, like, you know, personal identity information, you know, personal, like, you know, health information, GDP, or we think all of those standards are just like slightly more thought out.

[00:16:22] And maybe because they're a little bit later, you know, they, they, they, they have tended in Europe to come a little bit later than say some of the American set standards. And so we've kind of, you know, the way we've looked at it is that, you know, we see it as a strength, you know, we try and hold ourselves, you know, to, to that, to that regulatory burden, because we think that that is, as I said, the highest common denominator.

[00:16:45] So when we walk into a market in, you know, you know, Asia or Australia or, or the U S you know, we're usually, we usually stand above the, the kind of the, the data and, you know, data privacy regulation and hurdles there. So, so we think it's an advantage if you, if you adhere to it, that's how we've tended to treat it. And the market is flooded with AI announcements, products, and promises right now.

[00:17:13] I've been at 15 tech conferences this year, the first half of this year and seen nothing but big promises around agents and agentic AI. I suspect you've seen exactly the same. So how can business and technology leaders distinguish between genuine innovation that delivers real value and improves business outcomes? And what would you describe as a maybe expensive security theater? Cause there's a fair amount of theater out there when it comes to AI at the moment.

[00:17:39] There is like, there's an incredible amount of marketing dollars and marketing push. As I said, it's in every airport and every train station, you know, every, every Metro like, you know, is colored like in some, you know, like, you know, like, you know, like, you know, from like, you know, advertisement from NVIDIA or Anthropic or, you know, any of the kind of the, the, the big hyperscale providers. And, and, and, and there's a lot of hype to that and a lot of hyperbole.

[00:18:08] And, and I think, you know, what we try and say to, you know, to our customers and the executives of our customers focus on outcomes, you know, like AI should be a seamless and almost back. It should be almost routine and in the background. Right. And you should never do anything that like, you know, puts, you know, that, that, you know, that trust or that, uh, your like transparency of your data at risk, you know, like focus on what the outcome is.

[00:18:36] And, and if, if AI helps enable that and, you know, accelerate that fantastic. But, but if it doesn't, you know, there, there's, you know, there's, there's other way to, to achieve that, but it is hard to get people past, you know, the, you know, the, the marketing dollars and the, you know, the, every time you turn on CNBC or, you know, somewhere that like, you know, like, you know, or Bloomberg, you know, everything is,

[00:19:02] if it's not talking about like, you know, the current American political system, it's talking about AI. Right. So it's hard to get past that focus on outcomes. That's our, our perspective, um, with our, with the executives that are customers. I love that. And obviously it's a big year for you as well. A lot of big announcements. You've been on the road a lot, a lot of different conferences to anything that excites you about everything that you're working on this year or anything you can share about, uh, your focus for the remainder of the year.

[00:19:32] Yeah. Like, look, we, we kind of came into the business like myself and, and the team that came in here, oh, like, you know, two and a half years ago, you know, all of us kind of came from an AI background because we thought this was going to be the most transformational three or four years in technology history.

[00:19:50] And, and we thought that documents and document workflows and document work, work surfaces was a really interesting place to go apply a sort of platform API, AI orientated strategy that if you, if you think about it, whether in a small organization or a, or a large company like a Deutsche Bank, you know, like a document is, is, is part of almost everything they do in that business.

[00:20:16] Whether it's, whether it's, whether it's, whether it's, whether it's, whether it's, whether it's, you know, their advertising and how they talk out to the market and to the customers, whether it's their investor relations, it's, it's part of everything.

[00:20:33] And that's why we sort of, we, we all came into a document workflow and signature, you know, company in, in 2023 and 2024, because we thought this was going to be such a transformational time. And, and, you know, that's proven to be true. We're, we're really excited. We spent a huge amount of investment over those two years in sort of, you know, what I would say clogging up or removing a lot of the clogging that was in our product, the single threading and things like that.

[00:21:02] And we now, our latest version of our product is really a very AI, API platform first orientated, you know, view of, of, of, of an app of a, of a, of a document application that can be applied anywhere into any work surface or into any workflow.

[00:21:20] And our view is, is to make sure that, you know, we build a product that allows all of that, you know, rich feature function, accuracy and fidelity and capability in a, you know, a secure and consistent way.

[00:21:34] That's seamless to the user that allows them to do hard things, really elegant and easily and get on with their day, get on with the things that they're employed to do by, you know, that the company they work with and that they're great at and take that, you know, take all of the document workflow at stuff out of their way. That's, that's why we kind of came here and that's what we're pretty excited about for the next couple of years. Well, thank you so much for taking the time to come on here and share your story.

[00:22:02] It's great hearing about it from the very beginning to where you are now. And one thing I must also bring up just before I let you go is you also serve as the chairman of Qstream, which is an end-to-end micro learning solution that was developed at Harvard Medical School. Tell me more about that before you go. Sure. Like Qstream is a really interesting, like a business. It's, it's basically like a business based around built around micro learning. And in particular, it has a real strength.

[00:22:28] It has, you know, two or 300 customers that are all sort of, you know, like in, in the pharma and healthcare space. And it's around how they train around process structures, you know, new drugs. It's, it was, it was based out of Harvard. They, they, they, the founder came out of Harvard.

[00:22:47] He built the product to be able to teach clinical practitioners how to administer, you know, drugs in, in, in certain circumstances and certain like under, under pressure and under duress. And what he found is that repetition is the best way to learn. And that's, that's how we learn to walk. It's how we learn to talk. Right.

[00:23:11] And, and so he spent a lot of time, he did a PhD on this and he created this product called Qstream. And, you know, it's about micro learning. It's a, it's a cool little company, you know, and again, AI is a huge enabler, like, you know, for a company like that, because previously, you know, Qstream's problem was how do you get the content? You know, like all this, you know, like all this, like rich content that's out there in all of these, you know, pharma and medical and healthcare organizations.

[00:23:40] How do you absorb that quickly and then be able to get that into a Qstream to create that sort of micro learning, that repetitive learning motion that happens daily and weekly and monthly, you know, in, you know, whether it's clinical practitioners or, you know, the, the, the, the other practitioners in these businesses. And that's what, that's what the product was built to do. So it's, you know, it's like AI is having an exciting effect there as well at Qstream. Wow.

[00:24:09] That's a thought provoking moment to end on. I completely agree with you there. AI is a huge enabler. So many big opportunities around that. And for people listening to our conversation today, they want to connect with you, learn more about Nitro software, Qstream or anything at all. Where would you like me to point everyone listening? Sure. If they want to connect to me, I wouldn't understand why, but if they did, they could reach out to me on LinkedIn. But, but go nitro.com is our website.

[00:24:34] You know, if anybody wants to go play with our products, you know, we have like, you know, so we have free conversion products on our website. We have, you know, trials on our website. You know, they can buy our product on our website.

[00:24:45] But, you know, I would say to them, you know, go download our, like our MCP server, you know, which is sort of, you know, the kind of new model context protocol and go, you know, go, go hook up our MCP server with their, you know, their cloud or their Anthropic and see, does it help with the accuracy and fidelity of like what they're trying to do with their documents day to day. So go, go play, go, go experiment.

[00:25:14] And I think you hit the nail on the head there. Go play, go experiment. I say this to everyone that's a bit nervous about any form of technology. Just have a play and experiment. So I'll include links to everything you mentioned. If I can find a video as well and make it easier, I'll include it all on the blog post over at techtalksnetwork.com. So I'll include everyone to check that out. But I, for one, just love chatting about not just your origin story and the path that you've been on, but why ask forgiveness, not permission could become an enterprise security nightmare.

[00:25:42] A few warnings along there, along the way. And how to spot genuine innovation versus expensive security theater. Pure gold from my side. But a big thank you for sitting down with me after a flight today to put this in a language everyone can understand. Really appreciate you, Tom. No, no problem, Neil. It was my pleasure. Thank you for having us. Hopefully we made a little bit of sense.

[00:26:05] While the AI industry often feels dominated by headlines, marketing budgets, product launches, bold predictions, my guest continuously brought it back to data. What problem are we trying to solve here? And I loved his perspective on privacy and regulation. Because in the past, I have heard people say that European data protection standards are almost an obstacle to innovation. But my guest sees things far differently. And I think he's right.

[00:26:32] By operating to a higher standard right from the beginning, that's where companies can build trust, confidence and consistency. And these are the things that travel across borders and markets. And maybe the biggest takeaway there is that AI is the biggest enabler. Technology itself can almost disappear into the background.

[00:26:51] But what matters most is whether it helps people work smarter, make better decisions, improve customer experiences and achieve outcomes that would otherwise been very difficult or impossible. But over to you, as AI becomes embedded into every aspect of business, maybe even your life, where do you think organizations should draw the line between experimentation and governance? And how can leaders encourage innovation without creating unnecessary risk?

[00:27:21] As I said earlier in the show, I will be including a blog post over at techtalksnetwork.com for this episode. I'm going to put some videos in there and lots of links. So you can just click on that link. And as my guest said, play, experiment and come back to me. Let me know how you got on. But that's it for today. So thank you for listening as always. Bye for now.