SentinelOne On Why Traditional Security Models Are Failing In The AI Era

[00:00:00] - [Speaker 0]
I'd like to thank Denodo for supporting the Tech Talks Network and helping us bring so many different stories to life because every business needs data that its teams can actually trust. So if you need data your teams can trust, Denodo can help your organization deliver curated, governed, and easy to use data products for analysts, business users, and AI applications alike. And you can learn more by simply visiting denodo.com. What happens when cybercrime becomes as easy to access as a subscription service or buying an item off eBay, especially when the outcome is powerful enough to rival nation state capabilities. This is the uncomfortable reality that we're stepping in today.

[00:00:50] - [Speaker 0]
And I'm joined by Chris Hosking, AI and cloud security evangelist at SentinelOne, a company working at the frontline of defending businesses and governments against a rapidly shifting threat environment right now. And my guest spends his time working closely with threat researchers, tracking how attackers are evolving, and more importantly, how quickly the rules are changing. And right now, it's those changes that are happening at a pace that many organizations are still struggling to fully grasp because we've already seen the rise of malware as a service, ransomware as a service, but what we're seeing emerging now takes things to a whole other level, the AI threat market. Now what used to require deep technical expertise can now be carried out with just a few prompts, a small payment, and access to tools openly discussed on the dark web forums, and it is that barrier to entry that has dropped dramatically. And this is changing who can launch an attack and how often those attacks can occur.

[00:01:56] - [Speaker 0]
And none of this is theoretical or or spreading doom and gloom. It's already playing out in real world incidents. So today, I wanna explore what this shift means in practical terms, understand why traditional defenses are struggling to keep pace with AI driven threats, and learn how the scale and impact of the attacks are changing. And while this is no longer just a problem for security teams, but it is a board level, even national concern. So we will unpack the growing role of state actors who are operating in the same marketplaces as independent attackers, blurring the lines that were once incredibly clear.

[00:02:35] - [Speaker 0]
So how do you defend your business when the tools used against you are becoming cheaper, smarter, and more widely available by the day? A quick thank you to NordLayer for supporting the podcast and helping me make these daily conversations possible. And if you are listening and you're responsible for security or IT, you will know the reality. The reality that most of your risk now sits inside SaaS apps and browser activity. That gap is exactly what NordLayer is addressing with its new business browser.

[00:03:10] - [Speaker 0]
So instead of bolting security on from the outside, it builds it directly into the browser itself. This means you can control access, monitor activity, enforce policies, and reduce shadow IT all from one single place. And most importantly, it does it without adding deployment headaches or complex onboarding. You get things like browser based data loss prevention, SaaS access control, and zero trust browsing, but delivered in a way that your team can actually use. So if you've been trying to simplify your stack while improving visibility, please check it out at nordlayer.com/browser.

[00:03:53] - [Speaker 0]
But enough for me. Let me introduce you to my guest now. So a massive warm welcome to the show. Can you tell everyone listening a little about who you are and what you do?

[00:04:05] - [Speaker 1]
Yeah. Thanks for having me, Neil. Great to be here. I'm Chris Hosking. I'm a AI and cloud security evangelist with SentinelOne.

[00:04:13] - [Speaker 1]
For those of you that might not know the company, we're a cybersecurity company, essentially focused on how we can provide AI powered cybersecurity for threat detection and response, which sounds like a mouthful, but it's really about how can we use the latest technology to give defenders an advantage, to give them the edge. We believe in something called autonomous security intelligence, is about how can we help bring together machines and humans to sort of achieve the scale and the speed that we need to defeat modern threats. But anyway, as an evangelist, I sort of sit at the crux of research, what's actually happening, the kind of products we're building, and then security teams looking to sort of up their security postures. And I do things like a breakdown AI and cloud attacks, try and separate hype versus reality, and, give advice to security teams and sort of try and provide some guidance. Is the role.

[00:05:14] - [Speaker 1]
It's a it's an odd one.

[00:05:16] - [Speaker 0]
A cool one, though. Right? And what a what a great job title as well. And one of the things that put you on, my radar was when you spoke about the the rise of an AI threat market on the dark webs. It sounds incredibly sinister, almost cold air, I say.

[00:05:31] - [Speaker 0]
But can you paint a picture of of what that actually look looks like today and how it compares to maybe earlier waves like malware as a service and ransomware as a service? What is this that you you're speaking of, and, what makes it different?

[00:05:44] - [Speaker 1]
I I think what's important to first start off with is a lot of people think of, you know, cyber criminals or these big threat actors that we see on the news as these singular entities who attack us. The reality is is cybercrime is quite an ecosystem. You've got different groups that specialize in different things. And it makes sense, you know, if you think of our businesses, we purchase software, we work with other partners. And so the dark web has always been a place for cybercriminals to meet and to to sell their wares and their their services and their offerings.

[00:06:16] - [Speaker 1]
Right? And essentially, with the rise of AI, naturally, we're seeing a lot of these tools either now built by AI or enabled with AI. And so we're seeing this sort of whole new range of AI tooling that's being sold. Some that focuses on how can we build better phishing emails, how can we more readily try and break in and steal passwords from a from a business, to those same models you already talked about, malware as a service and ransomware as a service, just AI malware as a service, AI ransomware as a service. And so it's a wave that's incredibly concerning in that it's, a lot faster and a lot larger in terms of scale than the previous waves, but also not fundamentally different from the previous waves.

[00:07:06] - [Speaker 1]
It's still just people selling tools to make a little bit of money, to help someone else break into a business.

[00:07:13] - [Speaker 0]
When I was doing a little research on this before you came on the podcast, it almost feels like a an eBay of cyber attacks where attacks can now be launched for as little as £35 or $50 for our US listeners. But what has changed technically and culturally to to bring that barrier of entry down to this level?

[00:07:31] - [Speaker 1]
AI has been a great accelerator for all of us. I think we all see that in our daily lives. The problem is is that's also helps threat actors and cyber criminals. Yes. You know, distributed denial of attacks, service attacks are now down as low as £35.

[00:07:50] - [Speaker 1]
You know, these are attacks which focus on how can you disrupt a business, how to can take a business offline. That's not the only kind of attack that's now this cheap or this easy. AI has really enabled a lot of threat actors to perform attacks that they might not otherwise be able to achieve. You know, late last year, Anthropic did a report on a UK based threat actor. Now this threat actor was able to build out using Claude code different elements to orchestrate ransomware as a service.

[00:08:20] - [Speaker 1]
And they explicitly called out, this person doesn't actually seem like a phenomenal coder. They're not incredibly technical. But with the assistance of Claude Code, they were able to build out this model and start charging people between 400 to 1,200 US per attack. So essentially, we're seeing a lot more people being able to carry out these attacks faster than previously at larger scale than previously. And so it's sort of unfortunately, AI is accelerating this marketplace and these threats as well.

[00:08:53] - [Speaker 0]
And just to further bring to life what you just said, I also read that you'd spoke about malicious AI tools have surged by over 200% in the last twelve months alone, which is quite alarming. So what what kind of tools are we talking about here, and how are they being packaged and and sold to would be attackers?

[00:09:11] - [Speaker 1]
Yeah. This one's really interesting because it's one that captures a lot of news headlines when people talk about they they say dark LLMs. And they've got, you know, they've got very, you know, catchy names, evil GPT, fraud GPT, wolf GPT. The first thing that I wanna make really clear, it's important to know that these aren't, you know, trained by threat actors and criminals to be masterminds. It's more what they're doing is they're taking frontier models.

[00:09:40] - [Speaker 1]
They're taking the popular models that you know, ChatGPT, Claude, Mistral, Grok, and they're breaking those models to allow them to perform outside of where their safety constraints would usually allow them to. That's called jailbreaking. So they're jailbreaking these models so that it will allow them to perform more sort of unsavory tasks. And then they're wrapping that up so that they can commoditize it. So they might do something like wrap it into Telegram and so it's more like a chatbot.

[00:10:11] - [Speaker 1]
And then they can sell it to you as a service. But it's important to note that as well, AI is a is a marketing term as much as it's a technology term. Within this marketplace, we also see fake tooling where people say, hey, come use my AI powered malware and it's, you know, a rehash version of malware that was maybe made in The Philippines in 2022, but they've slapped AI on on the cover of it to try and make some money, and it's actually not, AI at all.

[00:10:42] - [Speaker 0]
Yeah. So many great points there. And we do have this worrying shift from highly skilled attackers to almost anyone being able to launch an attack with ease. So how does this change the the threat profile for businesses that have previously felt that they were too small or too obscure to be targeted? It feels like everything's up for grabs now.

[00:11:02] - [Speaker 1]
Yeah. I I think it's it's first worthwhile noting that a lot of small businesses often think, hey, we're too small, we're under the radar, we're not going get hit. We're not, you know, traded on the London Stock Exchange or the New York one, so why would anyone bother with us? The reality is is that the lion's share of attacks do target small and medium businesses often because they've got lower cyber defensive capabilities. So they are actually being attacked more than the big boys are.

[00:11:33] - [Speaker 1]
It's just that the big boys make the news. Right? It's splashy when a global retailer gets hit. What I would consider is that with the proliferation of these tools, with the speed gains that AI is giving to cyber criminals and nation state actors, it's increasing scale. So I think if you're lucky enough to have not been hit as a small business, it is luck.

[00:11:59] - [Speaker 1]
And first of all, there there's, you know, there's that great sort of American footballing quote of hope is not a strategy. I'd say that's even more important now. The increase in scale means that, you know, if you know, let's compare this to roulette. If you felt safe because you put your money on one number and you were hoping that you wouldn't get hit by an attack, they're now not throwing with one ball, they're throwing with like, let's say, eight. The rise in scale just means your luck is shrinking essentially.

[00:12:28] - [Speaker 1]
So we need to understand what the risk is and and react proportionately, I would say, and not not have hope as a strategy.

[00:12:37] - [Speaker 0]
And when you look at that speed gains that AI brings, combined with the fact that there's no hiding away from this, that some of the traditional security models that businesses rely on, they were built for a very different era, and so much has changed over the last couple of years. So where do you see these traditional models falling short when it comes to AI driven threats? And and what are you seeing in the field that that highlights these gaps?

[00:13:01] - [Speaker 1]
There there's a few things. Traditionally, a lot of tools were built on how can we look for what we know is bad. And so then the onus was put on cyber security companies to say, collect everything that we know is bad. That model is absolutely broken in the AI world because of the proliferation, the rate of new threads. You can't keep up by saying, hey, we know what this looks like.

[00:13:23] - [Speaker 1]
Everyone be on the watch for it. You have to, move to a model where you look at behavior. Where you look at not saying, hey, I recognize this attack but I recognize what it's doing. I see that it's malicious. Stop it.

[00:13:37] - [Speaker 1]
So the first thing that I would say is a lot of traditional defenses are built on that sort of outdated known bad model. That said, over the last few years, a lot of improvements have happened across the cyber field moving to a behavioral based approach. There's still gaps however in that you might have a behavioral based approach for let's say endpoint security and then a separate one for identity security and a separate one for cloud. And so another real sort of failing or gap in traditional tooling is a lack of context or too many disparate tools, I would say. And that's being reflected by the rates of attacks that we're seeing and the types of breaches that we're seeing that hit hit the news.

[00:14:21] - [Speaker 1]
I mean, there's been a real glut of supply chain attacks recently. You may have heard of the, you know, Light LLM and the Axios attacks. I think where the what this really comes down to is human speed and human scale aren't enough. As well as traditional tooling might be failing us. So we need to upgrade our tooling, but we also need to look at how can we offload as many tasks as possible, to the machine.

[00:14:50] - [Speaker 1]
How can we make tasks autonomous? How can we sort of remove as much noise out of cybersecurity as possible so that humans can actually do the work that they're best at.

[00:15:00] - [Speaker 0]
And I know elsewhere, you've also raised concerns around nation state actors maybe tapping into the same AI marketplaces that we're talking about here today. So how does this blur the lines between organized cybercrime and geopolitical conflict? Again, sounds incredibly alarming.

[00:15:19] - [Speaker 1]
So the these are two groups that have been growing increasingly friendly, that in group that have been growing closer and closer together. And in some cases, they are one in the same. Some nation state threat groups will moonlight for profit. And they say, by day, we're going to do what we need to do for the government and then we're going to generate money by night, sometimes even then to fund their own operations. Often, we'll actually see nation state threat actors pretend to be cybercrime to mix up attribution.

[00:15:50] - [Speaker 1]
Because obviously, they want to cover their tracks and not be seen to be Russian secret police or what what or, you know, or the Iranian revolutionary guard. So they'll actually engage in ransomware and extortion to try and cover up their their tracks. But that's a relationship that's been growing, yeah, increasingly intertwined. We've got examples of the Russian military intelligence contracting out to cybercrime groups to attack and focus on Ukrainian businesses around the, you know, the offset of the that conflict, the the Ukrainian war the war in Ukraine. It's getting closer and closer together, I would say.

[00:16:34] - [Speaker 1]
Certainly, nation state threat actors have already benefited greatly from AI tools. An example I would give is, the use of AI in developing phishing emails from North Korean threat actors. And that makes sense. If you think of North, Korean threat actors, they used to have to train, their, you know, their employees to say, hey, we need you to learn English. We need you to sound convincing.

[00:17:00] - [Speaker 1]
Now write this email that's going to convince a business. I can now talk to AI in Korean and say, hey, please analyze the best marketing emails from the Fortune five hundred. What makes people click their emails? Now I want you to write one for us and just the link is slightly different or the outcome is slightly different. But you know, that that's a massive, increase in their capabilities.

[00:17:23] - [Speaker 1]
The same thing goes for also their, their fake IT worker scheme. They used to have to train people in technical universities for years. Now, with the with what's possible, through AI and being able to assist work creation and to help translate and to even fit in, you know, we've seen threat actors ask questions to AI like, hey, what's beer o'clock? So I know how to respond appropriately. You know, that's something that potentially you wouldn't have been able to learn previously and that would have caught you out, but now makes these threat actors and these phishing campaigns much more convincing, and much more effective.

[00:18:01] - [Speaker 1]
So yes, certainly AI is giving sophistication to nation state threat actors and it's delivering a closer and closer relationship to organized crime, as sometimes organized crime comes up with a tool that a nation state wants to use. And they'll they'll go for whatever's best to help them achieve their goals.

[00:18:23] - [Speaker 0]
And I think enterprises defending against act bad actors has always felt like a giant game of whack a mole. But now when we zoom out from it, we're talking about organized cybercriminals, nation state actors, and there are even real world examples of I think it was the twenty twenty five nursery cyber attack that involved teenagers. So what lessons should organizers organizations take from all these examples here in in terms of preparedness and awareness? Because that game of whack a mole is getting even harder. Right?

[00:18:54] - [Speaker 1]
Yeah. That game of whack a mole is getting even harder. It's interesting to note that trend in teenagers involving in cybercrime. I I won't chat about it too much,

[00:19:03] - [Speaker 0]
but Yeah.

[00:19:03] - [Speaker 1]
I think there's a really interesting world of teenagers chasing clout or seeing cybercrime as a way to make money. You know, it's essentially the often the digital form of graffiti is, hey, look at what I'm able to achieve and and to to brag about it. There's an important lesson there for businesses actually in that it's often not about you. So it's not about what you stand for. It's not about what you particularly sell.

[00:19:29] - [Speaker 1]
It's about the fact that you can be hit. It's worthwhile noting that a lot of these attacks for smaller and business for smaller and medium sized businesses are automated. Like you you may have heard about the team PCP attacks. They managed to hit about 75,000 different businesses in January because they built an attack where it would target one company, it would get in, and then it would actually use their infrastructure to scan for new victims. And it's not looking at a specific type of company or a specific type of, you know, product that they sell.

[00:20:06] - [Speaker 1]
It's looking for do they have a vulnerability that they that is present that they can get in with. And the chain then continues and it grows by itself, know, it's self propagating. And so within there is the lesson that I wanted to talk about in response to this question is, so much crime is opportunistic. So much crime hasn't actually been made more sophisticated, just faster and easier to do. So now more than ever, we've got to put the obvious locks on our obvious doors and close the obvious windows.

[00:20:40] - [Speaker 1]
So many of these attacks are driven by what we like to call primary vectors, which is, hey, you've leaked passwords somewhere along the line, or you've leaked credentials as you're building your software. If they can be found, they'll be used to to get into your environment. Or you have public facing vulnerabilities that if you scan your environment, you can see. Those are kind of like the first off things that we need to fix is, hey, let's find everything that's public and exploitable and patch it or or ensure that that's not, able to be reached. In an environment where passwords are being reused or, you know, or seek or credentials have been leaked, those need to be rotated immediately.

[00:21:26] - [Speaker 1]
That culture needs to be fixed if possible because these are really sort of easy wins for attackers. So that's where we've got our first start, I would say.

[00:21:36] - [Speaker 0]
And for any security leaders or indeed business leaders listening who are under increasing pressure to balance innovation with protection, Any practical steps that you're seeing work right now to to better defend against this new wave of AI enabled cybercrime that's available to almost anyone?

[00:21:55] - [Speaker 1]
Yeah. So I'm not gonna immediately go out and say, hey. Buy from a fancy cybersecurity company. Although, you know, my sure my employer would love that. I actually think it's worthwhile slowing down.

[00:22:07] - [Speaker 1]
It's not always about buying five new tools because there's five things that we're worried about. I think it's often about taking a beat and making sure that the programs and practices we have in place are working as they should. So many times I see security leaders that have bought a tool and they're not actually using it Or they may not be using it to its full extent. Or it hasn't dramatically changed the way their team is working as it should. Investment in cybersecurity tooling is important.

[00:22:40] - [Speaker 1]
Investment in your own people, in your own processes is doubly important. So what I would say is it's about looking in house at what can you do better for $0 before it's about spending money? It's sort of my first advice is how can you make your team more efficient. But certainly, where I am seeing security teams get an edge is the adoption of AI. And, in terms of taking the load off of their small teams.

[00:23:14] - [Speaker 1]
The more that we can have AI speed up things like describing what's happening or even just describing the steps that we're taking so that we don't have to, you know, document our own actions. That's a speed gain. The the more we can automate the boring things and the things that slow us down and have our security professionals focus on their incredible and understanding their own business. They know Susan from HR is the one that always clicks emails, so that's where they're first gonna look at something you know, like that kind of intuition, their knowledge of the business, that's what we need to unlock. And so, yeah, my my advice to security leaders and practitioners is look at the efficiency gains that you can have within your own environment already.

[00:23:59] - [Speaker 1]
What processes can be changed? And then where can you adopt AI to get rid of manual labor intensive, time intensive tasks, and and that'll uplift your profile.

[00:24:10] - [Speaker 0]
And speaking of SentinelOne, for people that are hearing about you for the first time, you are an AI powered cybersecurity platform. And I was also reading that fairly recently, you've introduced new AI security offerings to try and give defenders more of a decisive advantage. Tell me more about the the kind of work that you're doing there to help people stay ahead of some of these attacks.

[00:24:32] - [Speaker 1]
Yeah. So, for a long time, our security has been AI powered and ML powered, which is about how can we understand the behavior of attacks, and that's across endpoints, identity, cloud environments. In the last few years, we've been looking at how can we leverage things like generative AI and agentic AI to perform autonomous security activities. And so that's things like being able to converse with a security analyst that's that's agentic and say, hey, I I have this question. Can you find this across my environment?

[00:25:09] - [Speaker 1]
And then have it then suggest back, hey, I know that you're looking for potential intrusions related to people clicking emails. Here's where we suggest you look next. So follow-up queries, document everything. But sort of what's what's cutting edge for us is we've recently released the ability to start actually autonomously detecting and autonomously responding to threats via an agent. So that rather than have you respond to every threat, the agent can start to understand, hey, this is the chain of events.

[00:25:44] - [Speaker 1]
This is what's serious. This is what's occurred. Ask the seven questions that you might ask and get to a response at machine speed rather than waiting for it to come onto your docket. And so for a long time, we've been about stopping things at machine scale and machine speed. Now for more advanced threats, we're looking at understanding those and machine scale and machine speed and providing defenders with all of the information they need and the options that they need to respond.

[00:26:12] - [Speaker 1]
Yeah. It's all sort of about giving defenders the advantage.

[00:26:16] - [Speaker 0]
I love it. And outside of San Antonio, I've got to ask you, what did you think of the situation with the clawed code security and and the the the aftermath there and how it's now only going to organizations? What did you take away from that big story over the last few few weeks?

[00:26:32] - [Speaker 1]
You know, there's been so many stories over the past last few weeks, know, ranging from Mythos to Axios and Light LLM to the Claude code leak. My first big takeaway is that often these sort of once a year security incidents are now once a week or once a month security incidents. Yeah. We're sort of heading into emergency mode a lot quicker than we otherwise would have been. Whereas whereas we're seeing a lot of failures happen in how people are building software in the supply chain, I think that that's only going to grow.

[00:27:09] - [Speaker 1]
I think there's an interesting lesson there in that A lot of people are often trying to ensure that they're shifting their security left into how they're building an environment. That's always going to be important. But given the rise in supply chain threats, I think equally important is ensuring that in real time, at runtime, as your cloud environment runs, as your endpoint runs, you've got security there to protect yourself. I know a lot of people often have a a mindset of let's make sure attacks don't happen and then we don't have to actually focus on what to do if they do. It's now becoming more apparent that attacks will happen, things will get through.

[00:27:49] - [Speaker 1]
You have to be ready to detect and respond. You've got to sort of be ready for the worst day because as we look around, a lot of people unfortunately are having their worst days.

[00:27:58] - [Speaker 0]
I think that's a powerful moment to end on today. And for anyone listening wanting to carry on the conversation, maybe check out some of the content that you produce and how you stay active and equally anything to do with SentinelOne. Anywhere in particular you'd like me to point everyone?

[00:28:13] - [Speaker 1]
I would really shout out the SentinelOne blog. I'm a big fan of of threat research across the across the web, not just SentinelOne, but we've recently put out some phenomenal blogs about these supply chain attacks like Axios and Light LLM. We have a team called the Sentinel Labs team who just put out incredibly detailed and prescient analyses and forecasts of what where we think the the industry is heading next. They've recently put out some material about what they think is the next version of this AI threat market that we've been discussing, is prompt smuggling as a service, which is even more exciting, which is, you know, how can you build malware through contacting multiple LLMs and then have that all stitched together and returned to you. But yeah.

[00:29:00] - [Speaker 1]
If the question is where to find out more, I'd say head to the SentinelOne blog because there's some really killer research there. As well as we do we do webinars all the time and so if you wanna see a face, if you wanna hear an Australian accent, that's a that's a good place to go.

[00:29:14] - [Speaker 0]
Absolutely. Love it. And we covered so much there from why the barrier to entry has collapsed, cyberattacks, why they're hitting harder than ever, national security hanging by a thread. And I'll include links to everything that you mentioned there, including your own LinkedIn as well because I'm sure you're, incredibly passionate about producing content. So we'll put a link there to, to that there too.

[00:29:35] - [Speaker 0]
But more than anything, thank you for sitting down with me, sharing your story, the work that you're doing there, and I'd encourage people listening to feedback. Let them know what they took away, took away from today's conversation. Let's keep this conversation going. But thank you for today.

[00:29:48] - [Speaker 1]
Oh, thanks for having me. It's been a real pleasure, Neil.

[00:29:52] - [Speaker 0]
After this conversation, I think it's hard to ignore just how quickly the balance of power is shifting in cybersecurity. And one of the things I'm gonna be taking away is how that conversation we had today moved away from isolated attacks carried out by highly skilled individuals towards an entire ecosystem where capability is literally packaged, priced, and made accessible to almost anyone and for as little as $50. And when attacks can be launched for the cost of a family takeaway, think I the conversation changes from whether you will be targeted to how often you are prepare to how often and how prepared you are. And, of course, there is a wilder implication here that goes beyond individual organizations. When the exact same tools are being used by lone actors and nation stakes alike, the line between cybercrime and cyberwarfare suddenly becomes very hard to define.

[00:30:51] - [Speaker 0]
And that has real consequences for critical infrastructure, public services, and everyday systems that we all rely on without thinking twice until they go down on a Wednesday afternoon. But at that exact same time, there's also a clear message for business leaders here. Security can no longer be treated as a background function or something that is is only revisited after an incident. It has now evolved at the same pace as the threats themselves, and that means we need to rethink how AI is used defensively as well as offensively. So if you wanna learn more about Chris and his team at and what they're seeing across the threat landscape, I'll point you towards the website, LinkedIn channels, and they do share a lot of updates and insights and research.

[00:31:37] - [Speaker 0]
So check those out. But over to you. If cybercrime has become easier to access, faster to execute, and harder to detect, are you and your organization truly adapting fast enough to keep up? Head over to techtalksnetwork.com. Let me know your thoughts, but we're out of time today.

[00:31:56] - [Speaker 0]
I'll be back again real soon in your podcast feed with another episode, but thank you for listening today. Bye for now.