AI for Business with BCN
AI for Business is the essential podcast for business leaders who want to stay ahead of the artificial intelligence curve. Hosted by BCN, each episode invites guests to share stories on how they’re using AI in their field and industry, with the goal to inspire you to bring this to your business.
We break down the biggest AI news, like major model releases, industry-wide shifts, and regulatory changes, translating them into practical strategies for the C-suite and business leaders. You’ll hear from guests, sector specialists, and our own AI consultants, all focused on helping you navigate disruption, seize new opportunities, and future-proof your organisation.
Make “AI for Business” your go-to source for staying informed, inspired, and ready to lead in a rapidly changing world.
AI for Business with BCN
Self-Driving Cars Today, Robot Coworkers Tomorrow?
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Robots are getting real, and the business impact is closer than most people want to admit. We pick up the thread on robotics and autonomy and ask what it means when “work” shifts from humans doing tasks to humans directing systems that do them for us. Along the way, we talk about why the first wave won’t be humanoids in your office, but focused, high-value robotics like self-driving vehicles, warehouse automation, and clinical tools that can scale expertise.
We’re joined by Mart Rotherham, CTO at BCN, and Matt Lovell, CEO of CloudGuard, to map the transition from today’s AI-powered software to tomorrow’s physical automation. Mark breaks down the idea of an agentic workforce and how abstraction changes job design: fewer hands-on tasks, more responsibility for clear specs, validation, and outcomes. Matt brings it down to earth; human governance, and ethical judgment can’t be bolted on later.
Then we shift to the risk side: CISA, the CVE system, and the National Vulnerability Database that so many security tools rely on. If that shared vulnerability backbone weakens while attackers use generative AI to find flaws faster, businesses face a widening gap between exploit speed and patch speed. We close with practical leadership takeaways on guardrails, patching discipline, and risk mapping so innovation doesn’t outpace safety.
Subscribe for more AI for business insights, share this with a leader who owns operational risk, and leave a review with your biggest question about robotics and security.
Thanks for listening!
I don't think it's seven years before most surgeries are performed, routine surgeries are performed robotically.
Sinéad HammondWhat does that mean for businesses that robotics are becoming a much more important part of the conversation?
Matt LovellWe cannot afford, as a global entity, as a human society, to lose CISA or an equivalent capability.
Why Robotics Now
Sinéad HammondWelcome back to the AI for Business podcast. Last time we touched on the widespread adoption of AI technologies, the increasing investment in AI, and the impact of safety with data centers, which process AI, springing up globally and even into space. That momentum is now pushing into something even more tangible and kind of sci-fi, which is robots. And this is moving closer every day to businesses and operational environments. So we're going to talk a bit more about how that works. And as AI spreads more quickly into organizations, it brings through new responsibilities. Later in the episode, I'll be asking Matt about some important recent developments from the CISA, the Cybersecurity and Infrastructure Security Agency, and what they signal about the risks leaders need to manage alongside innovation. I'm joined once again by Mart Rotherham, CTO at BCN, and Matt Lovell, CEO of CloudGuard. How are you both doing today?
Matt LovellV ery well, thank you. All good, Sinéad.
Sinéad HammondLet's start where we left off last time with a discussion around robotics. So when you talk about healthcare, I listen to someone saying that, you know, if you're training to be a doctor in seven years' time, the training will have to be completely different because by the time you finish your training, there will already be robots and different types of AI being able to kind of replace that learning a bit in that seven-year period because it takes so long to train to be a doctor. Robot sounds very sci-fi and a little bit like, you know, Hollywood. Should people, should businesses, should C-suite be taking note of this? Should they be listening? And even if they're not going to be like wandering round offices tomorrow, what does that mean for businesses that robotics are becoming a much more important part of the conversation?
Managing An Agentic Workforce
Mark RotheramI think it it's good to think about it from a an almost work displacement perspective. So we're seeing work displacement and the abstraction layers move up. So if we use you know, we talked a little bit about software development previously, but we still need really good, solid people that understand what software is and how to develop it. But they're being levelled up from writing a specific line of code to writing and validating a really good spec. I think what we'll see is the robotic kind of capabilities come through, similar things. The things that people do today that they may like or may not like will start to get abstracted from. In the the kind of virtual world, the software world that we spend a lot of time in, the concept is you're no longer a sole contributor, you're a manager, but you're managing an agentic workforce. And I think you can draw a lot of parallels with what's happening with AI and robotics, you're going to be able to think about managing that robotic workforce in a similar way. So it will take longer to come because physical takes longer from a robot wandering around your office or your factory or whatever it is that you're thinking there. But what we will see between now and the humanoid robots is much more autonomy in things. So that the first wave of things that we will all experience is the car. You know, we saw the latest version of FSD from Tesla launch, which again is another shift in capability to self-driving. Uber, Nvidia, and a whole swath of people are spending millions on self-driving in that domain. I think what we'll see is point AI robotic solutions start to saturate, like driving and eventually, you know, surgery, things like that. Before we get to the general use robots wandering around and doing things. It's kind of what we've seen with AI in the software land. You know, it's starting with certain domains and it's slowly encroaching out everywhere else. That's the kind of way that I see it coming. So from a general business perspective, keep an eye on what's happening in the software world and in the the the virtual world and what's what's been happening over the last three years there, and then think about the next three years of how that's going to start to come through from a the physical world.
Sinéad HammondAbsolutely. Matt, what are your thoughts on? Do you have any thoughts on robots? And I'm also interested in kind of I mean the security concerns, I guess, and again governance and why that's still really important. And I guess kind of not just generating more and more and making it bigger and bigger. Like we still need to think about these guardrails, I would say, but what what's your what's your kind of opinion, I suppose, on this?
Robotics In Healthcare And Trust
Matt LovellUh many and varied, in a sense that you can take robotics and you can look at the immediate application where we've got driverless vehicles, where we've got warehouse technology where there's no humans anymore, and and that's rapidly accelerating. If you take, if I've sort of ground myself back into healthcare where you started, I don't think it's seven years before most surgeries are performed, routine surgeries are performed robotically. And I think that's a really good thing, by the way, right? And I caveat that statement fundamentally, and there's always, always got to be human governance. And you know, you see that in the mass acceleration, and I've seen this in one of my other businesses in in medical analytics, where we move from a diagnosis in skin cancer to treatment within 90 seconds, right? And that massively accelerates survival rates for people with melanoma as an example. If you take the problems in our own health system, where are the pinch points? Where are the key problems? What are the priorities to solve? You look at AE and GP triage and diagnosis, initial diagnosis, how can we use robotics in those forums and particularly remotely as well, where patients either have to travel in and therefore we could alleviate that pressure point. And also, you know, from a GP point of view, those sort of peak activities where we can use robotics to alleviate those pressure points and release GP capacity for those elements that are human only. And the same for accident and emergency, and the same for other war duties where we can use and leverage robotics to you know understand and relieve key pressure points in resource because it is resource fundamentally in the expertise that we need to be thinking about. We've got to be training the surgeons for the future. How can robotics help us accelerate? You know, when if you look in the NHS, actually the one of the battlenecks of many, despite how brilliant it is, is actually taking doctors through that experience curve faster. So we've got more specialists in more areas, you know, whether that's physical or mental or a combination. So it's is looking at how robotics can help us move there. Can will we as a human entrust our soul conversation to an AI agentic process? It's going to vary, right? And it's going to it's going to take time for people to build trust and confidence. If I talk to somebody of my mother's generation, their only conception is that of a physical robot, and you know, they're seeing robots running marathons and various other sort of news headlines, and they're going, Well, they're almost there in physical capability. You're absolutely right. But can they perform autonomous tasks that that involve cognitive reasoning and some of the other capabilities that we need? Can they make those split-second decisions that are based on other people's judgment and make them correctly? You know, you've only got to drive on the motorway, you know, in bad weather to understand how difficult a autonomous system would find it, you know, if suddenly another vehicle had an issue in front of you and you've got to take evasive action. Humans have such an advanced capability in respect of responding to those. And it's just understanding how we put additional guardrails in place to accelerate specific targeted robotic use and build trust and confidence from there.
Sinéad HammondYeah, there's that big question about whether AI will or should or will ever be able to make those ethical decisions. And I think that's part of what you're saying there as well. And that kind of, and we talked about judgment in the past, but those judgment decisions that have kind of consequences. That I I actually had a chat with my AI last night to find out how close it was to that. And I think the the premise is that in it will always be a tool to assist as opposed to a tool to make those kind of bigger moral ethical decisions that humans then stay in the loop to do that. And we've spoken about that a lot recently.
CISA CVEs And The Security Backbone
Sinéad HammondSo, Matt, I know that you mentioned uh the CISA, and for people who aren't listening, who are you know not in security and listening to these sorts of updates day to day, in plain English, kind of what is happening at the moment, what does that mean? Something that's happening out in America, what does that mean for us? And then what does that kind of mean for a business on a business level and how we adopt and approach our use of AI?
Matt LovellGreat question. And I will try to break down this because it is quite a large topic for the audience, and I'm going to assume a relatively low understanding and bear with me while I try to build the different blocks that tell you the story.
Sinéad HammondSo convince me I'll be your level, buffer.
Matt LovellOkay, so the US Cybersecurity and Infrastructure Security Agency, or CESA, as it's easier to say, has and is an absolutely mission-critical organization for all of us, every single one of us. Let me explain to you and obviously to you, Sinead, and try to convince you. So, like with a lot of things globally, we need to have a standard that defines a security vulnerability. Okay, so we call that the common vulnerabilities and exposures or CVEs for short. So when a vulnerability is identified anywhere in software, in an API, in an interface, in an application, in a bit of code, if it is known or unknown, then it is classified, it has a severity rating, and it's documented in a standard reference system. Okay, and then that can be shared with everybody very quickly in terms of understanding this unique identifier and vulnerability and the properties associated with it. So the general annotation is you have a CVE, you have the year that it's been identified, and then it has a reference number, usually five digits, etc. So you would have, for example, OpenClaw, you know, a very recent product. It has a CVE in 2026, you know, because it's just been identified. It relates to a WebSocket hijacking vulnerability. So it's, you know, it's behaving under the user context, and that can be hijacked, and they can actually siphon or exfiltrate data from that. So it's a pretty severe vulnerability. And the vulnerability database itself is therefore mission critical to us all. And the US has formed a very big part of this with the MITA organization. People have heard of the MITRE attack framework, it's the same organization. And CESA and the MITA organization work together to put this database and make that publicly available for people. But it's predominantly funded by MITA and CESA, which is funded itself by the US government. Now, that funding was questioned over 12 months ago. It has been renewed for 12 months, but the funding is declining, right? And we are all, all of us, every single individual employee, business, you know, and people using devices in their own homes suffer from TVEs, right? We are all dependent on those being known to people publicly. Now, the US is saying everyone should contribute to that. And I agree with that principle, right? We are all reliant, we're all dependent, we're all benefiting from the service that CESA provides. CESA as an organization has lost some amazing talent, particularly recently. We've got people in there, absolute heroes, working for no salary at this moment in time. And therefore, the long-term benefit that we all derive from that is in question. And we cannot afford, as a global entity, as a human society, to lose CSRO and equivalent capability. One, because it's super trusted by people that find these vulnerabilities and tell us all about them. And two, this database is used by pretty much universally every vulnerability service that I know of to tell us what's going on. So the national vulnerability database, or the MVD for short, is where all of this ends up. And it isn't just about here are the vulnerabilities, it's about this is how severe, this is where it was most recently exploited, it's full classification, loads of references on how to patch and remediate it from the vendors themselves, and exploit vulnerability indicators. Why is that the most critical piece of information? I hear you ask, Sinead. And the simple answer is that attackers are using generative AI to identify vulnerabilities super fast. And therefore they can exploit those so much quicker. And if we haven't updated, if we haven't patched, if we're not even aware that vulnerability is a problem for us, it can be exploited without our knowledge and without any form of detection. And it could be a living off-the-land attack or it could be some other data exfiltration that takes place, and that's super bad for any of us. That's why this is so critical. If we don't all get behind this, if we don't all support CESA, if we don't contribute, you know, if we're using this insight and innovation, then CESA is in question. And the loss of CESA and the trust of that will be really difficult to replace. That's why that headline is so important. Hopefully, I've convinced you. Tell me.
Sinéad HammondYeah, I think my understanding is that you know all the systems that we rely on and we keep uh to keep us safe and secure without that kind of body there is going to put those security checks, I guess, at risk. Is from the most the most basic way I can explain what I think I understand from that. And I think then from a business decision level or from a business owner level, are there any things that we need to consider or think about based on the fact that maybe this is, I mean, you're saying we need to contribute more, but is there things that we need to think again about? You know, is it we need to be better at risk mapping or we need to make sure we're keeping our patching up to date, or all of those different types of things? Like what would you make as a essay as would be the key bit of advice for that?
Matt LovellLook, the the format of CISA Sinéad has worked super well. And we absolutely need some kind of centralized source. If you think about how AI is working in the language models and the large action models, etc., and they're culminating that together in the training capabilities at a global level. We need the same for vulnerabilities. We've got that for vulnerabilities in what CISR and MITA provide to us by contributing to it, by seeing the long-term strategic development of that organization and the amazing work that those individuals within there are doing right now as an absolute trusted source of that information is super critical to keeping you and everybody else safe at this moment in time. That's how I would put it back to you. So, do we need another CISA? No, we we need CISA, right? And therefore, let's get behind that and let's resolve this problem so we can go forward rather than backwards.
What Leaders Should Do Next
Sinéad HammondRight. I'm gonna leave us with that. I'm gonna take that as an open opportunity for people to learn a little bit more about CISA going forward and look at what what's going on and what we can do and how this all fits in with our own businesses. This has been a really interesting episode. Thank you so much, both of you, for joining. I always learn so much on these because there's just so much going on and so many headlines that I'm not able to keep track of. So I do really appreciate you taking the time to talk us through and help us understand a little bit more about what businesses really should be um listening to and looking out for and what we should be monitoring. Thanks again for both being here. Um, thank you to our listeners for listening and tuning in. If you would like to catch previous episodes, then you can check out our website at bcn.co.uk. You'll also be able to subscribe to future episodes that we do in this podcast series. So, once again, thank you so much, and we'll see you all again next time. Thank you. Cheers, thank you.