Listen

Description

Episode 11: McKinsey Got Hacked, McDonald's Writes Python & We're Big in Uzbekistan 🍺

Week 11. Eleven weeks of consistent podcasting — a personal consistency record for both of them. 🥳 

The podcast now has listeners in Venezuela, Malaysia, Kenya, Ukraine, Vietnam and Uzbekistan. Almost certainly the same person with a very well-travelled VPN. Hello to all our world listeners.

Kieron stopped off at Neil's northern castle on the way back from a Housing gig in Glasgow. He took the sunshine with him when he left. 

McKinsey got hacked — and it's a warning for everyone running RAG AI 🔐 Donald WhatsApped Kieron the news at 7am. McKinsey's internal RAG system, Lilly, was breached in March — 100,000 documents, 57,000 user account details, and the prompts, all exposed through 22 open endpoints. Probably an AI tool that spotted their JSON file formats and quietly helped itself. The lesson: if you're running RAG AI without regular penetration testing, you're hoping for the best. Leading AI runs pen tests constantly. Donald spotted and locked down a minor exposed endpoint the same morning. That's what vigilance actually looks like.

Prompt injection — and the McDonald's Python developer 🍟 Prompt injection is the art of slipping instructions into an AI to make it do things it shouldn't. The McKinsey version is terrifying. The McDonald's version is brilliant: a customer asked their support AI to help him finish a Python script before ordering chicken nuggets. It obliged. He announced he was cancelling his Claude subscription. £20 a month versus unlimited nuggets. With large fries and a milkshake.

Pricing — transparency, tokens and not getting ripped off 💷 The strategy session in Penrith produced a really important conversation. Token pricing is confusing, opaque, and vaguely terrifying (see the £150k overnight bill from Episode 10). Neil's take: be radically transparent. Fixed costs, consumption costs, kill switches, and using mini models that are 10 times cheaper. It's the right thing to do so customers understand what they're buying. Even if his mates it the pub call him a "soft lefty".

New wins 🎉 A new council social care customer. And a trade body confirmed on Wednesday that KnowledgeFlow's Policy Buddy is being deployed across 10 member organisations. Shared knowledge, shared learning, shared insights across a geographically dispersed group. The kind of national change infrastructure Kieron and Neil have spent careers building, now with AI baked in.

Kieron at the Share Annual Conference 🏴󠁧󠁢󠁳󠁣󠁴󠁿 Kieron spoke at the Share Annual Conference and Awards in Glasgow. A packed room and an honest conversation about what Copilot can and can't do. Most people in the room were using AI to summarise documents. Which is fine, but it's also the worst way to let AI bias creep in unchecked, because Copilot doesn't know who you are, what you care about, or what a good summary looks like for your organisation. KnowledgeFlow does.

AI observability — the Glastonbury of the AI world 🔬 Kieron and Neil are heading to the Gartner Data Analytics Summit in a couple of weeks.  They describe it as the Glastonbury of the AI world. Kieron is on a mission to track down Wilco Van Ginkel, Senior VP at Gartner, who he mat last year. Wilco's latest research is on live AI observability and evaluation, which is exactly what Leading AI is currently building. The key insight: you can't test AI output like a calculator. You mark it like an essay. And you need to keep testing live because model drift happens. Wilco, brace yourself.

The Cumbria Clock Company, repairers of Big Ben, get a heartfelt farewell shoutout. Keith the pirate clockmaker may yet appear as a guest.

Two mates. A bar. Thirty years of business between them. And all they want to talk about is AI.

Pull up a stool, we'll get the beers in. 🍺