Summary:
In this episode of Sidecar Sync, Amith Nagarajan and Mallory Mejias unpack three major developments shaping the AI landscape for associations and nonprofits. First, they explore the rapid evolution of AI models—including ultra-fast releases like Gemini 3.1 Flash-Lite and the growing capabilities of systems like GPT‑5.4 that can interact directly with legacy software. Next, they discuss how AI agents could disrupt traditional software pricing models, potentially reducing the need for seat-based licensing as automated systems handle more work. Finally, the conversation turns to cybersecurity risks in the AI era—from voice cloning and impersonation attacks to the dangers of blindly connecting new AI tools to sensitive organizational systems. The episode closes with practical guidance for leaders: experiment boldly with AI, but do it thoughtfully and securely.
Timestamps:
0:00 - Welcome to Sidecar Sync
👥Provide comprehensive AI education for your team
https://learn.sidecar.ai/teams
📅 Register for digitalNow 2026:
https://digitalnow.sidecar.ai/digitalnow
🤖 Join the AI Mastermind:
https://sidecar.ai/association-ai-mas...
🎀 Use code AIPOD50 for $50 off your Association AI Professional (AAiP) certification
📕 Download ‘Ascend 3rd Edition: Unlocking the Power of AI for Associations’ for FREE
🛠 AI Tools and Resources Mentioned in This Episode:
ChatGPT ➔ https://chat.openai.com
Claude ➔ https://claude.ai
Gemini 3.1 Flash-Lite ➔ https://deepmind.google/models/gemini/flash-lite/
Software Shock: AI’s Broken Logic ➔ https://shorturl.at/HoWFI
AI vs. AI: The arms race for security ➔ https://shorturl.at/bnbv1
Data Warehouse, Data Lakes, AI Data Platforms ➔ https://shorturl.at/6CstU
https://www.linkedin.com/company/sidecar-global
https://twitter.com/sidecarglobal
https://www.youtube.com/@SidecarSync
⚙️ Other Resources from Sidecar:
More about Your Hosts:
Amith Nagarajan is the Chairman of Blue Cypress 🔗 https://BlueCypress.io, a family of purpose-driven companies and proud practitioners of Conscious Capitalism. The Blue Cypress companies focus on helping associations, non-profits, and other purpose-driven organizations achieve long-term success. Amith is also an active early-stage investor in B2B SaaS companies. He’s had the good fortune of nearly three decades of success as an entrepreneur and enjoys helping others in their journey.
📣 Follow Amith on LinkedIn:
https://linkedin.com/amithnagarajan
Mallory Mejias is passionate about creating opportunities for association professionals to learn, grow, and better serve their members using artificial intelligence. She enjoys blending creativity and innovation to produce fresh, meaningful content for the association space.
📣 Follow Mallory on Linkedin:
https://linkedin.com/mallorymejias
🤖 Please note this transcript was generated using (you guessed it) AI, so please excuse any errors 🤖
[00:00:00:14 - 00:00:09:17]
Amith
Welcome to the Sidecar Sync Podcast, your home for all things innovation, artificial intelligence and associations.
[00:00:25:09 - 00:00:27:07]
Amith
My name is Amith Nagarajan.
[00:00:27:07 - 00:00:29:07]
Mallory
And my name is Mallory Mejias.
[00:00:29:07 - 00:00:47:16]
Amith
And we have an episode packed with three super interesting topics. I think all of our association and nonprofit listeners will find both interesting, maybe a little bit frightening and definitely relevant. So we'll get into that in a minute. First of all, Mallory, how are you doing this week?
[00:00:47:16 - 00:00:54:19]
Mallory
I'm doing well, Amith. I'm thinking that could be our tagline, interesting, frightening, and relevant, the Sidecar Sync podcast.
[00:00:54:19 - 00:00:56:10]
Amith
Pretty much how we roll.
[00:00:56:10 - 00:01:21:18]
Mallory
I am doing well. Still in the thick of moving. We're actually, by the time this podcast is out, fingers crossed, we should be moved into our new house. Our new house will not have a kitchen at that time. So we'll be, well, I don't know what we'll be doing for the next few weeks, cooking on a hot plate, having a mini fridge, but you know, we're just taking it day by day. And yeah, that's kind of all I've been thinking about. To be honest, how are you, me?
[00:01:22:20 - 00:01:27:09]
Amith
I'm going great. It sounds like, yeah, you're about to relive your college dorm life or something, you know, for a little bit.
[00:01:27:09 - 00:01:43:10]
Mallory
Yeah. You know, I guess I have done it before. That's a good point Amith. I've done this before back in college. I did have a hot plate, although I don't think I was supposed to in my dorm room, but I do enjoy cooking and I had a little mini fridge. So yeah, I guess we're going back to freshman year, college days, and we'll get through it.
[00:01:43:10 - 00:01:49:07]
Amith
I bet you your favorite AI could probably give you all sorts of interesting recipes that work on a hot plate.
[00:01:49:07 - 00:02:08:02]
Mallory
Oh, a hundred percent. I've been using AI at this point, mostly for the asking all the questions I don't want to ask our contractor or feel like I should know before I talked to our contractor design tips, but I haven't gone to it yet for recipes. But I think that's what we're going to have to do at least for the next two weeks.
[00:02:08:02 - 00:02:12:24]
Amith
Well, welcome to the joy of home ownership. Um, I hope the, I hope the move goes well.
[00:02:12:24 - 00:02:27:09]
Mallory
Thank you Amith. I was just actually at the dentist today and my dental hygienist, she was a homeowner and I said, was it worth it? And she said, Oh, I don't know. It's a lot of work. I said, Oh, that's not what I want to hear now, but we'll figure it out.
[00:02:27:09 - 00:02:38:17]
Amith
Yeah. I think the stage old advice has always been if you plan to stay in the same place for 10 years, then you're pretty much in good shape. And if you plan to move around a bunch, sometimes it's not as worth it.
[00:02:38:17 - 00:02:52:11]
Mallory
But, yeah, well, I, well, knock on wood. I think we'll be there for at least the next 10 years. Amith, what has been going on in the world of AI for you across the Blue Cypress family of companies? Anything interesting you want to tease or share with our audience?
[00:02:52:11 - 00:06:45:10]
Amith
Well, it's not one of our topics Mallory, but I'm excited about new model releases that have happened since the last time we recorded. And so in that time, uh, a model called Gemini 3.1 Flashlight has been released. So in the Gemini series, which is Google's flagship language models, uh, or I should just say AI models because they so much more than language these days, um, there is the pro edition. So Gemini 3.1 Pro, there is the flash edition, which is the smaller, faster, and less expensive version. And then they have a really small, really fast and really inexpensive model called Flashlight. So think of it almost as light, large, medium, and small, or pro is large, flash is medium, and flash light is small. And I was excited about 3.1 Flashlight because this model is incredibly smart and it's really, really fast. It's like a thousand tokens per second, which for those of you that aren't super familiar with inference speeds, it is roughly 10 times as fast as what you experience in something like chat, GPT or cloud when you use it. Now, it's not as smart as those apps are today with the frontier models you typically use in them, but many of the workloads we need in order to automate a lot of different business processes, Mallory, you know, we don't need the most cutting edge models. That's actually always been true, but it's particularly true now in early 2026 when we have this amazing level of power. So one quick stat on that is Gemini 3.1 Flashlight is roughly equivalent in intelligence to the O1 model, uh, which was at the time we, you know, you remember those, the episode we were leading up to Project Strawberry Mallory and how much fun we had with that. Q-Star, Project Strawberry, all that stuff. And so O1 was, you know, a radically powerful, incredibly, you know, incredibly intelligent release. Then of course DeepSeek R1 came out, which was comparable to O1 and then lots of other things have happened since then. But this is a model that is essentially instant, essentially very close to free for all practical purposes. It's not technically free, it's, but it's very cheap. Um, and it's about as smart as O1. And that's amazing to me. It's, that's not been, you know, much more than a year since O1 became available to the public. So I find that fascinating also just today, GPT 5.4 from OpenAI came out and that model is particularly good at computer use, which we have covered here on the Sidecar Sync a number of times. Association listeners, if you're wondering why computer use matters to you, it's because you have legacy software. You have lots of old software out there, much of which doesn't have APIs. An API is an application programming interface. It's the way computers have talked to each other for a long time. And many old AMS and LMS systems either don't have an API or the API is really bad, right? It's really, or sometimes vendors try to charge you extra for it. Well, if AI systems can master, truly master using a computer, you could say to something like chat GPT, log into my AMS, look up a member, renew the membership, terminate the membership, do whatever. And of course you have to, you know, be comfortable with the security and all that around it. But if the AI system can figure out legacy software, it opens up the door to a lot of automation and goes to a point that we often talk about. And I know we're going to touch on today, Mallory, in that, we don't necessarily want to prioritize the classical systems upgrades that people have been doing and painfully paying for both, both financially and emotionally in this market for a long, long time. So computer use I think is really important to track. And the point being that GPT 5.4 from open AI, which you'll have available in the chat GPT app by the time you hear this is quite good at computer use as is Claude, as is Gemini. But it's just always exciting to see progress on that front.
[00:06:46:19 - 00:06:53:21]
Mallory
Amith will, across the Blue Cypress family, will we be testing out Gemini 3.1 flashlight in place of other models we've used before?
[00:06:53:21 - 00:07:24:21]
Amith
Indeed we already are. So within our skip AI agent, which is the analytics tool, we are testing flashlight for some of the orchestration prompts that are in there. So orchestration generally just means making small decisions, thinking about what to do next. It's really good at that. For doing things like deeper analysis and coding, we still use some more intense models that are a little bit slower, a little bit more expensive, but it's something we're starting to test, I should say, in that particular product. And we'll be testing it in a lot of other places, but I'm quite optimistic about its capabilities.
[00:07:24:21 - 00:07:39:14]
Mallory
I think you said it best on an episode a few weeks ago, Amith, that the most intense, the smartest models, the most cutting edge models kind of think of it like sipping the fine wine. You can use them for the most intense workloads, but you don't necessarily need it for every step in the process.
[00:07:39:14 - 00:07:51:23]
Amith
Yep, exactly. So yeah, you know, the cloud Opus 4.6 is like the fine wine sonnets more like, you know, to buck Chuck and, uh, you know, haiku is war. So think of it that way.
[00:07:51:23 - 00:09:55:08]
Mallory
I love a good to buck Chuck. Well, with that, let's dive into today's episode. First, we are talking about what's happening in the software market and why the rise of a Gentic AI has investors in a panic. Then we're getting into cybersecurity because AI is changing the threat landscape fast and associations are not immune. And then we're going to wrap up with the practical stuff. What should association leaders actually be doing right now to protect and future proof their tech stack? So let's start with the good old software market. A JP Morgan report from early February of this year flagged something that should get association leaders attention. According to Bloomberg data cited in the report, the S and P 500 software index has fallen into bear market territory. The most oversold since 1990 with valuations collapsing to levels last seen when the world was bracing for recession in 2022. And the trigger is not economic. It's a Gentic AI. Now, as a reminder, a Gentic AI refers to AI that doesn't just answer questions. It actually takes action on your behalf. Tools like Claude code, let users interact with their computer in plain language to pull and analyze data, track expenses, write code tasks that entire SAS companies were built to handle. Investors are now pricing in the possibility that if AI can do all of that, the business case for a lot of traditional software starts to disappear. Even the companies that should be benefiting chip makers, AI labs are getting swept up in the sell off to what the data does make clear is that companies actively using AI are pulling ahead. According to JP Morgan, the 145 S and P 500 companies actively using AI are posting net margins, two to three percentage points above their non AI peers. For associations, the concern is twofold. The vendors you depend on for your AMS, your LMS and event platforms are operating in an increasingly unstable market and the organizations that are not leaning into AI themselves are falling further behind the ones that are.
[00:09:56:16 - 00:10:09:24]
Mallory
So Meath, when you look at what a Gentic AI can do right now, how real do you think the threat is to software categories associations depend on? Like I mentioned, AMS, LMS, event platforms, financial platforms.
[00:10:11:05 - 00:10:24:09]
Amith
Well, I think there's two ways to look at this. One is, does the AMS or LMS suddenly become less capable because of a Gentic AI in terms of its classical use cases of processing memberships, handling event registrations,
[00:10:25:19 - 00:10:44:08]
Amith
you know, doing different kinds of learning activities? And the answer is of course not. A Gentic AI doesn't degrade software's capabilities. However, the question then remains, well, will people choose to not purchase those types of products because a Gentic coding tools like cloud code make it possible to replace their functionality?
[00:10:45:09 - 00:10:53:22]
Amith
You know, somewhat easily, I think you could say, and that's got a couple of asterisks on it that I'll come back to you in terms of what does that actually mean? I think it's an interesting question.
[00:10:55:02 - 00:13:20:05]
Amith
So as a, you know, lifelong software entrepreneurs, someone who started a number of software companies in this industry and in others, I can tell you that software development itself, the part that's about like the bits and the bytes and making the software do a particular thing, it's definitely become easier. So, you know, now it's, I wouldn't say it's trivial. It's still a process that's very important to get right. But it's much, much easier than it was before. So that means that the barriers to entry and the ability for either individual organizations or new companies harnessing a Gentic AI to come into the market to offer alternatives, it's never been better. I find that exciting. That means choice increases. That means opportunities increase. I don't think that for the core pillar business systems like AMS and LMS associations will flee to use cloud code or Gemini or Covex to build their own AMS. I think some will. And I think in some cases it'll work just fine. But I do think there's value in really battle tested hardened systems that can process your financial transactions and manage key critical business information for you in a reliable way. I think there's value in paying for that. Now the question is how much would you be willing to pay for that? Will that number come down? Will it, you know, erode the value in that market and undermine the profitability of these companies, ultimately leading to further consolidation, the demise of some of these companies perhaps. But I also think the flip side is, is that the companies that are perhaps, you know, forward looking enough to leverage a Gentic AI can put in such a tremendous amount of additional capability into their product that it could be really life changing for their customers. You know, if I were still running an AMS company and to be clear, I'm not, I have no involvement in AMS or any other similar types of systems in this industry. But if I was, I would be really excited about completely retooling a lot of things, you know, modernizing legacy pieces of code that would otherwise never get improved, probably improving user experience, you know, things that get swept under the rug or ignored for a long time in a lot of these, these older systems. So I don't know that that will happen with any or all of the AMS companies in the market now. I'm hopeful it will. I'd love to see all of them compete and thrive, leveraging AI and benefiting their association customers. But I think that's a little bit Pollyannaish to think that's going to happen.
[00:13:21:18 - 00:14:05:20]
Amith
So when faced with the choice of, do I buy a new AMS or do I potentially build my own, you know, the pendulum might swing closer to the build your own or maybe use a generic off the shelf system for some core componentry like picking e-commerce system. That's really good. Pick a CRM system that's really good and have cloud code wire them up. That becomes more possible. I think that there's still a lot of work involved in that and there's a lot of risk, a different kind of risk than picking a singular vendor. But I think it potentially could shift the decision making framework for a lot of people. But right now I don't see it impacting the association market like in 2026 certainly, but I do think it has a lot of potential to change things over the longer arc essentially.
[00:14:07:03 - 00:14:26:18]
Mallory
Wow. The idea of building your own AMS sounds wild to me. I feel like you have a very unique perspective on that though, as someone who founded an AMS company and also is very experienced with AI assisted code generation. Do you think that's actually, with those two perspectives, do you think that is actually something feasible an association could do? Build their own AMS?
[00:14:26:18 - 00:17:14:12]
Amith
It's possible. What I would caution people to think through deeply is practices, particularly around financial transaction processing and the nuance and the detail that goes into a really a scaled system, a scaled meaning assistant that's been used for a while, just in my own experience, getting that right, getting the accounting correct, getting the inventory correct, getting all of the different transaction types like renewals and cancellations and all these things to work exactly right, to be gapped client, to have proper audit trails. There's so much detail and nuance to doing that well that I think you could pretty quickly find yourself in this trap where you might be able to rapidly build 70 or even 80 or more percent of the total solution, but the last pieces of it, you might find yourself challenged with. I also don't think there's that much upside to replacing those systems with AI generated tools, because if you have an AMS or an LMS in place that's largely working, but let's say it isn't your favorite tool, because I don't think I've ever heard anyone say an AMS is their favorite tool, but to the extent that it actually performs the core functions well, you might instead of thinking of a wholesale replacement using a Gentec AI to maybe pull certain pieces of functionality that aren't perfect in the AMS out of it. A good example is committee management. Most AMS is really is everyone that I'm aware of has some sort of committee management functionality, which actually in many ways is lifeblood of what associations are really all about is organizing people and doing work together, collaborating. This is such a critical piece of what associations are formed to do. And AMS tend to be pretty terrible at doing this well. You know, they're not good at scaling committee engagement. They don't have workflow tools. They rely on kind of a hodgepodge of different things. So I think, you know, hopefully there'll be many solutions that come up that are related to that particular example, but there will be things like that that are not financially, you know, at the core of what an AMS does, but potentially could be spun out and put onto other platforms or built from scratch. So there's opportunity there. The way I'd look at it is both where is your greatest pain? So where, and not just in an AMS, but just in general, your operational pain, and where potentially can AI solve for that pain by giving you a way of connecting systems better or giving you a new user experience. What I would urge people to do is to think about the member experience more, because when I talk to association leaders, they often focus on the pain that's closest to home, which is their staff's pain. And by no means am I suggesting that the pain that staff have in operating the business is unimportant. It's extremely important. But comparatively speaking, member pain I feel is an even more important thing to consider.
[00:17:15:14 - 00:17:23:02]
Amith
So Mallory, take for example, membership applications. Have you ever joined an association online and tried to fill out a membership app?
[00:17:24:06 - 00:17:32:14]
Mallory
I don't know that I can say I have, but typically online forms and documentation tends to be, something that makes you want to pull your hair out just a bit.
[00:17:32:14 - 00:17:48:01]
Amith
Seriously. Yeah. I was doing something like that right before this pod. There was some compliance form I had to fill out and it was like eight steps and it was very, very Byzantine like in terms of navigation. So I think that when members want to sign up,
[00:17:49:03 - 00:18:29:21]
Amith
you should make it pleasant. You should make it easy. You should make it perhaps even enjoyable. As we like to say, reduce or remove the friction and actually make it an enjoyable process to welcome them in. Make it the first positive experience they have rather than this, you know, multiple back flips type of a feeling that people have when they try to join. Some associations have approval rules where there's committees of people that review and approve applications, but most associations just make it hard. They just have, you know, and it's not because they want to, obviously. It's because they have old technology and they kind of cobble together different ways of creating a membership application where, you know, there's, you know, 10, 20, 30, 50, 100 pieces of information that they want to capture.
[00:18:30:22 - 00:19:29:12]
Amith
Some of that information they might already have. Some of that information might be public record. Some of that information may be available online, but they don't necessarily make it easy to bring that together for the user. The user being your brand new, shiny new member who wants to join your association, but is having a hard time doing it. So think about that use case, right? That's almost the universal pain or people who want to submit a proposal to speak at your conference or the experience that your volunteers who are helping you sort through those applications, what they have to go through to review and to provide feedback on abstracts that are being submitted. So all of these processes have opportunities for dramatically improved user experience. Now, since software is very close to free, you can build these things. And this is where I think associations should really start to play. I don't think they should like, you know, rip out their core infrastructure right away. I think rather they should look at these long ignored areas and look to make some pretty dramatic improvements. That's what excites me anyway.
[00:19:29:12 - 00:19:43:19]
Mallory
Right. And to go through that application process piece by piece and do what we always say on the pod, which is ask why. Why do we have this? Why are we requesting this information? And if the answer is because we've always done that, that might be a sign. That's a place you should start.
[00:19:43:19 - 00:21:42:16]
Amith
Totally. And, you know, a good example, too, like part of it is just making a better user experience, like capturing the information and doing it in a way that that is, you know, smarter and all that. Then the other thing to consider is, well, what about the modality? You know, how can you get the information you need not only as fast as possible, but in a rich way. So what about having a voice based onboarding agent that can have a quick conversation with a member? Imagine yourself having your very best member services professional on your team, taking five minutes to talk to you, Mallory, and say, hey, Mallory, I'd love to welcome you into our association. Let me just have a super quick call with you. I want to ask you a few questions just to get you set up. And not everyone wants to have a voice call, but a lot of people would find that quite helpful. And so in that call, if you had, you know, an experience where you could both talk to an agent, in this case, an AI, but it feels just like a human, and perhaps some stuff pops up on the screen that you need to fill in and it's explained to you. We are able to do lookups based on public records. So if you're in a publicly licensed field, like something like, you know, acupuncture or a medical field or CPAs or things like that, well, those databases generally are available so we can look you up. If not, maybe we can get your permission to link to your LinkedIn profile and grab all your info from there. There's lots of ways to make that easier, but to walk the person through all the choices they have to make in signing up for something could be pretty cool. And so like a quick voice interaction coupled with, you know, experience where you see stuff on the screen, this is a possibility right now. In fact, we're about to roll out exactly that kind of an audio agent on the Sidecar website. Most likely by the time you hear this podcast, it'll be live on the sidecar.ai website. And our idea there is to give every single individual who's interested in learning about Sidecar a truly remarkable experience in considering, you know, whether Sidecar is the right fit for them to help them in making that choice, whether it's the wrong fit for them or the right fit for just them or perhaps the right fit for their whole team.
[00:21:42:16 - 00:22:20:09]
Mallory
I'm really excited to see that roll out. Everybody check it out and let us know what you think. Amith, last question on the software market to really close out this topic. I know, I think it was two weeks ago we were talking about HubSpot and potentially metering agent access to your own data, which is kind of insane. Check out that episode if you want to learn more about that. But the idea that software companies that are using seat based pricing, do you think putting on your software entrepreneur hat, do you think that has to change for software companies in the future? Because AI agents can do so much work within the platform, you don't need as many seats?
[00:22:20:09 - 00:22:47:12]
Amith
I think that absolutely is right. I mean, you know, the number of seats, classically, what software companies have thought is if their customers are growing because they're successful, to which hopefully the software has been helped, you know, a component of that of that growth, they'll grow with the customer. And so if you have 50 employees, and then later you have 70, and then 100, you'll need more seats, and therefore your license cost will grow attributable, you know, again, in part to the software's assistance in that growth trajectory.
[00:22:48:15 - 00:24:23:00]
Amith
And that's not really the path that most people will see going forward, you know, you're going to be able to get a lot more done with fewer humans doing a lot of the work that you need to do with software. AI agents will do a lot of the interactions between one software product and the next, just like we were talking about in the intro, where computer use is becoming a thing agents can do. So that's like one user or so. I think usage based in the context of number of seats, that model is probably going to go away. You know, what we try to do across our companies at Blue Cypress is have organization wide pricing, where we look at the organization's relative size, not in terms of staff, in terms of annual budget, and price it based on the value that we think we can create, which tends to scale up with org size, but it also makes it affordable for smaller groups. We like that because it's aligned with our mission of trying to help everyone. But that's, you know, roughly speaking, a value based pricing model as opposed to seat based. But even that model might become obsolete at some point in the not too distant future where, you know, some people are experimenting with a per use fee where, you know, for example, if you have a customer service agent rather than charging a flat annual fee, you charge for each email at response to things like that. Association leaders I've spoken to about those types of models tend to be a little bit concerned because it's harder to budget for and associations tend to be very focused on having clear fixed and, you know, visible budgets, which I totally get. But I think those kinds of variable cost models that use other levers or other metrics to drive pricing will become much more normalized.
[00:24:23:00 - 00:24:35:07]
Mallory
Yeah, and that's what I was going to say. So to everyone listening, if some of the software platforms you're currently using have seat based pricing, I think that's just something to keep an eye on because it will likely go away sometime soon.
[00:24:36:09 - 00:25:22:10]
Amith
Yeah, I think a lot of the legacy vendors will stick with that pricing model for years to come, even and then, you know, kind of go down with the ship type of thing where, you know, it's kind of like the transition from installed, you know, on prem software to SaaS based software in the cloud. And, you know, every time there's a transition, there's always, you know, a slowness to adapt. Also that you have to look at the incentive structure of the company, what they're trying to achieve if they're trying to optimize cost and margin and trying to aggregate and consolidate customers and things like that. That playbook typically doesn't like to venture too far into innovation territory to see what works for the next 10 years, they're more focused on the next two to three years. And so incentives and time scales are really important things that drive behaviors like this.
[00:25:22:10 - 00:25:27:09]
Mallory
Want to move to topic two for today, which is cybersecurity's arms race.
[00:25:28:12 - 00:25:56:04]
Mallory
Cybersecurity has been swept in the same sell off, but the logic here is actually backwards. AI isn't disrupting this industry, it's pouring fuel on it. The more AI spreads into organizations, the more attack surface there is to defend and the more sophisticated the threats become. Bad actors are now using artificial intelligence to write convincing phishing emails, automate attacks at scale, clone voices for fraud, and probe systems for vulnerabilities around the clock.
[00:25:57:04 - 00:27:11:06]
Mallory
According to JP Morgan wealth management research, 16% of enterprise cyber attacks are now AI generated, and those attacks are 24% worse in terms of damage. IBM's 2025 data breach report puts the global average cost of a breach at $4.4 million. And that same report found that 97% of companies that experienced AI related security incidents didn't have adequate protections in place 97%. Even in thropic experience this firsthand, outside actors use Claude to launch attacks against tech companies, financial institutions and government agencies with only 10 to 20% human involvement. A small group with limited expertise executed what would have previously required a full team of hackers. Also the spending response is massive. JP Morgan projects global cybersecurity spend will reach $240 billion in 2026, with AI driven security growing three to four times faster than that. For associations, the scale may feel different, but the exposure threat is still real. You hold member data, financial records, and in many cases, the professional credentials of entire industries. The bar for defending that is rising quickly.
[00:27:12:14 - 00:27:23:22]
Mallory
Amith, we've said on the pod many, many times from the very beginning, only good AI can fight bad AI. What now in 2026, what does that actually look like in practice?
[00:27:25:06 - 00:28:15:21]
Amith
I think that's a point worth repeating probably on every episode. I think our listeners might get a little bit tired of hearing that, but ultimately AI is too powerful to fight through traditional means, is essentially what you're saying. I think that in 2026 what this looks like is being savvy about the tools that you use and asking those tools to help you. Claude, for example, made the news recently around the same time as this with a capability or a skill that was added to do essentially cybersecurity audits effectively. Now what you might have paid quite a bit of money for to a cybersecurity firm can be done largely by Claude and other AIs as well, but Claude just was very forward with how they were approaching it. That really shook up the industry. Every time Claude releases a new skills pack for co-work or something like that, it tends to cause a ripple effect.
[00:28:16:23 - 00:28:30:17]
Amith
The reality of it is that when you think about automating what we have been doing, that's fine. But these new threat vectors you're talking about where AI is increasingly sophisticated and coming at us with faster speeds,
[00:28:31:18 - 00:29:01:03]
Amith
coming at us with new types of attacks, that's what we have to be worried about. My thought for listeners at this point in time in 2026 is the same thing I tell folks about other topics within AI, which is to be familiar. You can go to AI and you can ask it to help you evaluate your own security. Most people just haven't ever paid attention. It's kind of like living in a small town. You don't bother walking your door. You just kind of take for granted that you've had peace and quiet in your neighborhood or in your town for as long as anyone can remember.
[00:29:02:07 - 00:29:38:18]
Amith
I think that's how a lot of people approach cybersecurity. They set a password and that's about it. They don't change it. There's all these things that people do that are very poor practices when it comes to cyber. Maybe there's budget constraints. Maybe there's other factors that led people down this path. It isn't important until it is a type of problem. You really need to pay attention to this. You have tools available to help guide you through the idea of, "How do I do a cybersecurity audit? How do I make sure that what are the practices?" You've got some amazing tools at your disposal such as Claude and Gemini and chat GPT. That's one general comment.
[00:29:40:06 - 00:30:06:15]
Amith
One of the things I'd like to say here about this is this is an all of us problem in the sense that it's not about the technology. It's not about the latest model. In fact, a lot of the most severe vulnerabilities are the state vulnerability categories that we've always had, which is you and me, Mallory. We as the humans are the weak link in cybersecurity because we're so easy to fool.
[00:30:08:11 - 00:32:05:17]
Amith
It's not that we're lazy, but we aren't as diligent and as disciplined as a machine because we're not machines. We're people. What do bad actors do is they take advantage of those behaviors. They take advantage of those vulnerabilities. With AI systems, since we're moving so much faster, it wouldn't be hard, for example, for someone to have a skill or an MCP server or something like that that has far more access than you might give a traditional tool. All of a sudden, you've just said, "Wow, this is so powerful. This is so easy to use. I'm so busy. I'm just going to connect this MCP server with my Claude or with my chat GPT and let it do a bunch of work for me." You don't realize that you got that from a non-trustworthy source. People are somewhat throwing caution to the wind. Actually, some of the earliest adopters tend to do this because, "Oh my God, there's this new tool. Let's go check it out." Then they connect an MCP server or they connect their own data to an AI system that they don't know about yet. I was talking to an association CEO the other day and they're like, "Hey, have you used blah, blah, blah AI tool?" There's a tool I actually hadn't heard of, which there's plenty of those. I don't know all AI tools, obviously. The way I looked at it, it looked fine, but I'm like, "Well, who's behind this? Who's the company? How much money have they raised? Are they owned by a bigger company?" I just wanted to know a little bit about the people behind it. I think it's an important point is that you don't want to just start... If you want to go experiment with whatever new tool is, that's great, but sandbox it. Don't give it access to your SharePoint. Don't give it access to your HubSpot. Don't give it access to your financial system. Yet, I'm seeing people go out and increasingly throw caution to the wind and say, "The value prop is so enormous, I'm just going to go ahead and do these things." That, to me, is a big opportunity area to tighten up on. Not to stop experimentation. That would be counter to everything we've shared for 124 episodes before this Mallory. We want people to experiment, but to just be smart about it and to not throw everything you've got into some new untested tool.
[00:32:05:17 - 00:32:06:20]
Mallory
Yep.
[00:32:07:24 - 00:32:16:24]
Mallory
It sounds like one of the practical takeaways there, Amith, is... I don't even know if I knew this, but you can do cybersecurity audits with ChatGBT, with Gemini, and with Claude.
[00:32:18:06 - 00:32:58:07]
Amith
They can walk you through the audit. They can't access everything. Actually, you wouldn't want them to technically be able to do an audit. Because to do the audit, you have to be able to access things. For example, if you're a Microsoft user and you use Microsoft 365 for your email and SharePoint, there's actually tools built into that platform that are quite good for fundamental like just the overall cybersecurity profile. But you have to know that you should use these things and you can go and use them. So, ChatGBT could say, "Hey, log into your Azure portal. Go over here, click these buttons, generate these reports." That's actually very valuable. But you don't want to connect ChatGBT and give it admin-level access to your AWS or Azure account. To me, that would be crazy.
[00:32:58:07 - 00:33:36:20]
Mallory
Right. And I know within the Blue Cypress family of companies, we've talked about this on the pod before, but we've had some scenarios where bad actors were attempting to impersonate our CEO, Johanna Snyder, via text. Thankfully, over text with a different number and some odd writing that didn't quite match her style. But you've got to think nowadays with how good AI audio is, it would be a pretty scary thing for someone to... I'm sure there are videos out there of our CEO speaking out there on YouTube, wherever they may be, or our voices on the pod, clone our voices. Totally. And then potentially a bad actor getting their hands on that, that would be concerning. So, Amit, I'm sure you've given that thought before.
[00:33:38:03 - 00:33:40:10]
Mallory
What could we do? How do you fight that?
[00:33:40:10 - 00:35:15:04]
Amith
The simplest solution sometimes is the best. And this is by no means foolproof. But one of the things you can do is meet with your leadership team on a regular basis. I'd recommend quarterly and come up with a system of verbal passcodes that are non-obvious keywords, essentially, that you agree to. And you don't use AI for this and you don't write them down in your computer and you don't record this on Zoom or Teams. But what you do is you get together with your board or with your leadership team and you make sure no recording devices are turned on. You get out good old-fashioned pen and paper and you pick different kinds of keywords. You pick three or four of them is what my recommendation is. And you rotate them or you throw them out at the end of each quarter. And then the idea would be for anything that's non-trivial, if someone calls up and says, "Hey, would you mind sending a wire transfer, Mallory?" And when you get a call like that, no matter how likely you think that is to be the actual person, you ask them to verify the codes. And if they don't have the codes, then you don't do the thing. And you're like, "I'm really sorry, Johanna. I can't do that for you because your codes didn't match." And if it's the real Johanna and she's mad at you, well, she's not going to be mad at you for long because you do your job. And so this is not something that's foolproof. Codes can be guessed, things like that. But the reason I think that's a valuable technique is it just takes it offline. It takes it away from the computer. So it's not something that's in your computer anywhere. You have it written down on a piece of paper that's in your wallet or something like that.
[00:35:16:04 - 00:35:57:18]
Amith
And these practices are good at the family level too. You can talk to your spouse and say, "Hey, let's think of a passphrase that probably only we would know something unique to your relationship that is very unlikely for others to have ever heard of. Even your closest friends might not know certain things." So I think that's really important. The other thing too is you shouldn't volunteer those passcodes. So if you get a call saying, "Hey, Mallory, I want to take care of this thing. Can you give me the passcodes?" And you're like, "Oh yeah, it's blah, blah, blah, blah, blah." That would not be good either. So you know that you're, I mean, to the extent we all know we're humans and not AIs at this point, we don't want to be offering those. The person requesting something is the one who has to offer those codes to us.
[00:35:57:18 - 00:36:11:08]
Mallory
Yeah. I'm thinking of how deep this could go. Because Amith could say, "Johanna, give me the code. Johanna says, "You give me the code." But hey, I think in the face of technology, going analog, going back to pen and paper, I do think there's a lot of value in that, keeping things offline.
[00:36:12:12 - 00:36:12:18]
Amith
Totally.
[00:36:13:21 - 00:36:56:22]
Amith
And if you're caught in a situation where let's say you haven't done this exercise, you don't have codes, you just ask the person a question, say, come up with something like, "It's your spouse. Hey, where do we have our first date?" Well, that's probably not recorded somewhere. I mean, maybe there's a credit card receipt or something and some really advanced AI hacked into that. Most likely, it's not going to know, right? Because these are at-scale attacks. It's probably actually a fairly low-grade AI, and it probably doesn't have access to tons of data on you, but just the basics. And just be smart about it. Ask a question, verify it. And if it is your spouse calling, you guys can joke about it that evening, right? So it's one of those things that I think is really important to prepare your family for, just as much, if not more so, than your work colleagues.
[00:36:56:22 - 00:37:13:18]
Mallory
And you made a great point, the other episode, Amith, where you said it's not necessarily hackers are going after the organizations with the most money, but they're going after the organizations that are most vulnerable. So I feel like we might have listeners who think, "Ah, this is probably not a concern for us." But the truth is, you never know.
[00:37:14:20 - 00:37:35:05]
Amith
Yeah. I mean, associations are not the biggest targets, but they tend to be pretty vulnerable. I mean, as do most nonprofits. I mean, and bigger organizations aren't necessarily less vulnerable. I mean, there's a lot of big organizations that are horribly run, but hackers are pretty smart. They're going to look for the the opening that's there and they're going to take what they can get. So you have to be careful.
[00:37:35:05 - 00:38:27:08]
Mallory
So we've just covered two things that on the surface might seem unrelated, a software market in free fall and a cybersecurity threat that's accelerating. But for associations, they're actually the same problem viewed from different angles. Your tech stack is the foundation your organization runs on. And right now it's being squeezed from both sides. The vendors building your tools are under pressure to adapt or die. And the systems you're running are increasingly in the crosshairs of more sophisticated attacks. So if you are an association leader listening to this, you might be asking, "Well, how do I know if my vendors are keeping up? What does it actually mean to protect ourselves when we don't have a big IT team?" And if AI adoption is what separates the organizations pulling ahead from the ones falling behind, where do we start? So I wanted to end the episode with a little discussion on some more practical takeaways from everything we've talked about. So, Amith, in terms of association vendors,
[00:38:28:16 - 00:38:36:15]
Mallory
what do you think associations should be asking their vendors right now that they probably aren't asking in this moment? Or what do they need to be keeping an eye on with their vendors?
[00:38:38:09 - 00:41:23:02]
Amith
To me, the first thing is to have a good relationship with your vendors. Having been on that side of the table for a long time, it was always a goal of ours at prior companies and now at Blue Cypress to know our customers really well and to try to spend quality time to understand their pain points both with us and just in general so that we can improve. I think associations need to, if you haven't reached out and said hello to your AMS or LMS vendor in some time, do that. Have a casual conversation with them and just get to know them a little bit better. A lot of these companies have had a lot of turnover too. So there's been a tremendous amount of consolidation through acquisitions in the association technology landscape. You know, the LMS and the AMS companies, including my old company, have all been kind of swallowed up by private equity owned companies. Not all, but many of them are. And that's not bad or good, it's just different. And so what you should do there is get to know the people who are running these places and get to know some of the staff at them. So go to the user conferences, take the time to actually understand what these companies are doing. As you get to know the people, you'll learn more and that's important. So these are not like trivial relationships where you're, you know, downloading a piece of software for $10 and using it for some one-time function, these are systems you're running your whole association on. So making a small investment in the relationship can often pay dividends. Another reason that's important is many times the systems that you already invest in do a lot more than you realize. And, you know, I've seen that from many different seats over time. You know, these days when I talk to association CEOs and other leaders, they often say, "Well, we want to get to AI, but, you know, we got to get that old AMS replaced first because it doesn't do A, B, C, D, and E." And I'm like, "Huh." I'm like, "But you're using system X and I know a good bit about it and it doesn't appear to me that that's probably truly a deficiency, right?" Like a lot of times people think the system doesn't do something that it actually might be able to do. And so I would actually verify that that's actually the reality of the situation that the system doesn't do what you want it to do. Not to mention, it's not to suggest that all AMSes do everything. Obviously they don't, but it's worth verifying that. So that's one piece. In the process of getting better acquainted with your vendors and evaluating these things, I would also, coming back to your original question, Valerie, I'd ask them what their AI strategy is. I'd ask them to go deeper. I don't want to hear the trivialities of, "Hey, we threw a chat window in here and you can now ask a really simple question or whatever." That's great. I mean, that's the first step. But how are they looking to transform the fundamental idea of what their software is because of AI? Because there's new capabilities. The way you can approach the entire concept of what a membership system is could be completely different. Do they have vision is what I'm getting at, right?
[00:41:24:08 - 00:42:29:08]
Amith
Are they looking at their feet and looking one inch ahead? Are they looking past the horizon? Do they have the capacity? Do they have vision? Do they have leadership? Do they have technological leadership and visionary leadership that's going to allow them to do that? And do they have an alignment with you? Are they under ownership structure such that they're willing to make investments in those future things? And these are things you can find out, not by asking them those literal questions, but just asking them like, "Hey, how long have you guys been doing this? Who's the management team? Who owns the company? How long have they owned it? What are your goals?" Just ask questions like that. And I think you'll learn quite a bit. So I'd encourage associations to do that. And then when it comes to AI, I mean, if there isn't a pretty thorough answer to that question at this point, I'd be pretty concerned. I do think most of the AMS vendors, I know that space more than LMS and other sides, are actively looking at this and trying to come up with the right answer. And some I think have better responses than others. But at this point, I think there should be a very clearly articulated and pretty deep product vision for the next couple of years of what the vendor plans to do with AI.
[00:42:30:09 - 00:42:50:10]
Mallory
I would say Sidecar is a part of the Blue Cypress family of companies. And I would venture to say we're a pretty tech savvy group of companies. So with that in mind, Meeith, do you have any advice for association leaders wanting to audit their whole tech stack? You kind of got into that, looking at vendors, seeing if they have a vision, do they have an AI strategy? Is there anything else you would tell them?
[00:42:51:14 - 00:43:06:07]
Amith
I mean, it's not exactly what you're asking. I mean, the audit of the tech stack, part of it's taking the inventory, knowing what's where. You can certainly hire consulting firms to help you with this. You can do it yourself. I think you could probably go to an AI tool to help you navigate what's the right process for that.
[00:43:07:13 - 00:43:27:22]
Amith
And you'd probably get a lot of help from that. But the thing that I think could be interesting to do is to reframe the conversation a little bit. So people say, "Well, our vendor isn't great. Maybe you don't have a great relationship with them. Or maybe you just think their technology is really bad or really old. But perhaps you've had it for 10 years."
[00:43:28:22 - 00:43:56:01]
Amith
And my question would be, will replacing that vendor likely create outsized gains? If you think of it as an investment and a potential return on investment, what's the likely outcome? What's the potential downside? And what's the potential upside? And usually making a major system change results in a pretty significant downside risk. It's a guaranteed cost financially, energy-wise, opportunity cost, as well as emotionally, as I mentioned earlier.
[00:43:57:17 - 00:45:54:08]
Amith
But it's also got some pretty significant negative in terms of the downside risk. If there's a system failure, if there's data conversion problems, it's going to do a whole bunch of things that are potential risks. Now, what's the upside? If you have a beautiful, amazing, perfect, world-class, stunning, flawless implementation of your shiny new AMS, what is the potential upside? I mean, generally speaking, I'd say it's incremental. It's not transformative. It's going to make your organization hopefully a little bit better. It's going to make your processes somewhat more efficient. Hopefully it'll make your member experience somewhat better. But typically, it's not a transformative experience. So what I'd be doing right now in 2026 is not doing incremental work. I would put those things on hold because they don't have the right ROI relative to risk ratio. It just doesn't make sense to rip those systems out today, especially because there's limited time in the day and there's limited dollars in the bank. You can't do everything at once. The alternative to that is to go heavy on AI and to think deeply about how you can drive truly transformative changes. In this episode alone, we've covered a couple of ideas like the idea of a voice onboarding agent or rethinking your membership application, which are things that would reduce pain, increase quality, and improve results externally as well. And that's not going to happen because of an AMS replacement. It's going to happen because you've rethought your business process. So my general view, it's clearly biased because I think about AI all the time, but I think that you need to prioritize things that have limited downside risk, preferably, but really most importantly, massive transformational upside. And the classical portfolio of IT projects of AMS, LMS, FMS, those types of things, they don't carry any of that upside. At most, they have an incremental benefit, but they have a lot of downside risk. And most importantly, perhaps, they suck up every ounce of energy you have for quite a while.
[00:45:54:08 - 00:46:16:13]
Mallory
I can hear a listener now, though, I mean, saying, "We would love to implement a member service agent." We would see a huge upside to that potentially, but we don't want to connect it to all of our crusty old systems that are janky and broken. Why would we invest in an AI agent knowing that it potentially may not work to its fullest potential if we don't do all that other incremental work? What would you say to that?
[00:46:16:13 - 00:48:20:08]
Amith
Yeah, I'd say there are strategies to address that. It's a totally reasonable concern, but replaced in the AMS typically isn't the best route to solve that problem either because you go from one proprietary system where you're the tenant and not the owner to another proprietary system where you're the tenant and not the owner. And I think what you really want there is to solve the problem. And solving the problem means having true data ownership. And so, from my perspective, that's a really key principle to put in place is that we, as the association, want to, once and for all, truly have ownership of our data. And I'm not talking about the legal sense of the word. Technically, you most likely do own your data. In fact, I would venture to guess that the vast majority of associations have those legal terms squared away. However, operationally and practically, going back to the HubSpot example, if your data is in a system like that and you have to pay to access it or even just use an API to access it, you don't truly own your data. Operationally, your degrees of freedom around that data are very limited. So, that's why the data platform, the AI data platform strategy is so important. Using some kind of technology to unify your data across all your systems, bring it together. We talked about that ad nauseam at this point on this pod. But I think it's a point worth repeating, because it's germane to the topics today. But ultimately, getting your data house in order, getting your data unified, is not as hard as it sounds. You've tried it before. You've probably failed at it. You've tried to do data warehouses. You've tried to do data lakes. They've all failed. They've all been expensive or they've all been challenged, I should say, as opposed to necessarily outright failed. But they've been tough. There's better ways to do that now because of AI. And that's much more accessible. And so, I think people need to think about more creatively about this problem. Because just going saying, "Oh, well, it's going to be great when we move over to System X. It's this magical world that has everything perfectly integrated and that world doesn't exist." And so, you're just going down a path of deferring reality for 12 to 18 months and spending a bucket of money at the same time.
[00:48:20:08 - 00:48:49:19]
Mallory
And it resonates with one of you what Amitha is saying about, "Oh, we've tried data unification in the past and it was too expensive and it didn't work." Based on a previous conversation we recently had on the pod, I wrote a blog that really kind of details the difference between those and why this is different right now with an AI data platform. So, I'm going to link that in the show notes if you all are interested in reading it. Amith, what is final takeaway, the one thing you want association leaders to walk away from in this episode besides education?
[00:48:51:16 - 00:49:46:05]
Amith
To me, ultimately Mallory, it's what I don't want people to do is to feel overwhelmed and feel that there's no point in getting started because there's a lot and it is overwhelming. I mean, everyone I know in AI that I know well is overwhelmed. And that's because they're telling the truth, right? I'm overwhelmed by this stuff. The solution to that is what we talk about every time, which is start and just make some forward motion as little as it needs to be one step at a time. So, there's that. But I do think it's worth investigating a little bit more depth, pick one of these three topics and dig into it a little bit, do a little bit of research. A friend of mine that I was with this week texted me after we were hanging out and said, "Hey, what's the best way I can learn more about the stuff you were talking about?" Because, of course, a lot of my friends asked me about AI stuff. And so I said, "Well, just go ask Claude. Go talk to Claude and tell Claude that you want Claude to be your tutor."
[00:49:47:07 - 00:50:16:21]
Amith
And so you can do that. People don't necessarily take advantage of the tool right in front of them to help them think through things. So, be thoughtful about the tools you select. Make sure you're working with companies that you trust and that have good agreements, but use the tools to help you navigate this. And there's people out there, ourselves obviously included, but there's people out there who are able to help you as well, which is also a good resource. But ultimately, there is no substitute for your own experimentation and your own learning through doing.
[00:50:18:07 - 00:50:20:05]
Mallory
The associations that come out of this period
[00:50:20:05 - 00:50:25:17]
(Music Playing)
[00:50:36:10 - 00:50:53:09]
Mallory
Thanks for tuning into the Sidecar Sync podcast. If you want to dive deeper into anything mentioned in this episode, please check out the links in our show notes. And if you're looking for more in-depth AI education for you, your entire team, or your members, head to sidecar.ai.
[00:50:53:09 - 00:50:56:15]
(Music Playing)