96% Human Error: Why AI Security Starts with the Human, Not the Model

96% Human Error: Why AI Security Starts with the Human, Not the Model

Some travel operators ask you to shout your passport number across a crowded desk and think nothing of it. While intentions are good (checking who you are), this episode is about why that is a serious security failure and what it would take to fix it. Yagub Rahimov is the CEO and founder of Polygraf AI, a company building behavioral security and contextual privacy tools for enterprise environments. In this conversation, he and Alex work through the specific vulnerabilities created when AI agents gain user level access, why human behavior rather than model failure is responsible for the vast majority of data breaches, and what a genuinely privacy respecting travel product would actually look like. What You'll Learn: * Agent security: AI agents are a new category of user in the digital security pyramid, with the same system access as humans but no training in deception or social engineering. * Deep fake risk: Voice cloning is already sophisticated enough to impersonate individuals convincingly to family members and colleagues, without any technical breach of the underlying systems. * Mosaic intelligence: Even anonymized data fed repeatedly to an AI can be re-identified over time through behavioral pattern mapping, a concept Rahimov terms "mosaic intelligence." * Behavioral control: Addressing human behavior in real time, before a violation occurs, is more effective than after-the-fact audit or punitive controls, demonstrated by a 72% drop in DLP violations for one enterprise client. * Data in AI tools: Organizations that deploy internal LLMs without governing what employees input are creating serious exposure, as one $25M chatbot deployment illustrated on its first day. * Travel industry failures: Asking passengers to recite passport numbers and dates of birth aloud in crowded gate areas, or type personal data into in-flight entertainment screens, represents a real and unaddressed privacy risk. * Tokenization as a fix: Stripping personal data before it reaches an LLM and reuniting it with processed output via tokenization can deliver the same analytical value with substantially less exposure. * QA at scale: AI makes universal quality assurance of customer interactions cheap enough that random sampling is no longer the only option, with one call center client processing 500,000 calls daily at 5 to 10 cents per call. Time-Stamped Highlights: * (00:00) Introduction: The airport data disclosure problem * (00:00:42) What actually happened with Meta's Instagram AI chatbot * (00:06:17) AI agents as a new user type: the security pyramid explained * (00:08:57) Deep fakes in practice: voice cloning, elderly parents, and the CEO * (00:14:36) North Korean infiltration via data science job interviews * (00:20:54) How Polygraf detects synthetic speech in real-time video calls * (00:28:42) The meeting note taker with 23 vulnerabilities * (00:36:24) How Mr. Paranoid travels: loyalty status, one airline, mid-tier hotels * (00:42:58) The oil and gas CEO kidnapping and the email summarizer attack vector * (00:49:00) What travel companies get wrong about passenger data collection * (00:30:10) Mosaic intelligence and why anonymizing data is not enough * (01:07:07) The $25M HR chatbot and the 72% DLP violation reduction * (01:14:12) Building the next OTA: tokenization, QA at scale, and simplicity * (01:21:01) Red teaming, visibility, and why behavioral control is the next frontier Guest bio: Yagub Rahimov is CEO and founder of Polygraf AI, a company specializing in behavioral security, contextual privacy, and AI risk management for enterprise clients. He works across defense, financial services, and enterprise technology sectors, and is an active contributor to conversations on AI behavioral control at venues including the Gartner Security Summit. LinkedIn: https://www.linkedin.com/in/yrahimov/ [https://www.linkedin.com/in/yrahimov/] | Company: https://polygraf.ai/ [https://polygraf.ai/] About the Podcast: The Travel Tech Podcast features long-form conversations with leaders across travel and technology. The show explores how software, data, operations, and distribution come together in real businesses, with an emphasis on tradeoffs, incentives, and lessons that transfer beyond any single company or role. Host bio: Alex Brooker is the founder of Airside Labs, an AI business that applies aviation-grade testing and compliance rigor to enterprise AI systems. Before founding Airside Labs, he built and scaled complex software in aviation and safety-critical domains, and he invests in early-stage technology ventures. LinkedIn: https://www.linkedin.com/in/alex-brooker-2280002/ [https://www.linkedin.com/in/alex-brooker-2280002/]

You Can't Vibe Code a Tour Operator

The travel industry is ten years behind on tech, and AI itinerary builders are making it worse, not better. Alex Ragin is the founder of Zoftify, a travel focused software agency, and Tourseta, a booking and operations platform built specifically for high volume multi day tour operators. In this conversation, he draws on a decade of building software inside the travel industry to explain why the operational complexity of group travel is so routinely underestimated, why vibe coded solutions collapse against real world edge cases, and where AI is actually delivering value versus where it is still mostly a demo. What You'll Learn * Travel tech complexity: The industry is not one market but a collection of micro industries (airlines, hotels, tour operators, cruises), each with distinct workflows that make cross vertical software almost impossible to build well. * The AI use case filter: The most reliable test for a legitimate AI application is whether a simpler procedural solution would be faster, cheaper, and more reliable, and in most cases it would be. * Itinerary builder limitations: AI itinerary tools still require manual validation at every step because missing supplier data causes errors that directly damage traveler trust and booking relationships. * The vibe coding ceiling: Code represents roughly 20% of what makes a complex software product work; the remaining 80% is domain knowledge, process design, and edge case handling that AI cannot yet substitute. * Where AI is genuinely productive: Internal development workflows, UI/UX auditing, and unstructured data analysis are the areas where Zoftify has seen consistent, measurable productivity gains from AI tooling. * The AI search shift: Tour operators are already seeing meaningful lead quality from ChatGPT and Gemini referrals, often outperforming traditional Google traffic on conversion, and this is where the real near term disruption is happening. * Niche focus as a business strategy: Tourseta deliberately avoids FIT and day tour operators to stay laser focused on the bookable multi day, high volume segment, a sub vertical with almost no specialized competition. * The group travel operations problem: Managing a 25 or 50 person tour involves payment installment tracking, passport data collection, rooming list management, supplier confirmation, and last minute changes at a scale where a single missed step creates outsized downstream problems. Time Stamped Highlights * (00:00) Introduction: Group Travel Is Harder Than It Looks * (02:07) How Zoftify Started: From Two-Person Consultancy to Travel Agency * (04:09) Why the Travel Industry Chose Them (Not the Other Way Around) * (06:24) What Makes Travel Tech So Complex: Micro-Industries Within the Industry * (10:12) AI Hype in 2022 vs. AI Requests in 2026: What's Actually Changed * (14:14) Where AI Earns Its Place: Development, UX Audits, and Data Analysis * (19:20) The Chatbot Reality Check: When 70% Resolution Rates Don't Show Up * (22:47) Why Itinerary Builders Still Need a Human in the Loop * (28:29) You Can't Vibe Code a Tour Operator: The 80% Problem * (31:41) Tourseta's Origin: Building the Same Platform Seven Times Before Productizing * (36:54) The Multi-Day Tour Operations Stack: Payments, Manifests, Rooming Lists * (43:06) Where the Industry Is Headed: AI Search, GDS Adaptation, and Distribution Gaps * (48:31) Opportunities Alex Won't Chase: Cruises, Corporate Travel Niches, and More * (49:31) How to Reach Alex: LinkedIn, Zoftify, and Tourseta Guest Bio Alex Ragin is the founder of Zoftify, a travel focused software development agency, and Tourseta, a booking and operations platform for multi day tour operators. He has been building software for the travel industry since 2015, with prior experience in fintech and video streaming for major UK broadcasters. LinkedIn: https://www.linkedin.com/in/alexander-ragin/ [https://www.linkedin.com/in/alexander-ragin/] | Zoftify: https://zoftify.com/ [https://zoftify.com/] | Tourseta: https://tourseta.com/ [https://tourseta.com/] About the Podcast The Travel Tech Podcast features long-form conversations with leaders across travel and technology. The show explores how software, data, operations, and distribution come together in real businesses, with an emphasis on tradeoffs, incentives, and lessons that transfer beyond any single company or role. Host Bio Alex Brooker is the founder of Airside Labs, an AI business that applies aviation-grade testing and compliance rigor to enterprise AI systems. Before founding Airside Labs, he built and scaled complex software in aviation and safety-critical domains. He also invests in early-stage technology ventures and advocates for practical, real-world AI deployment strategies. LinkedIn: https://www.linkedin.com/in/alex-brooker-2280002/ [https://www.linkedin.com/in/alex-brooker-2280002/]

The New Olive: How GLP-1 Drugs Could Save Airlines $580M

The only sustainable innovations that actually scale are the ones customers never have to think about. Josh Dorfman has spent two decades building them. Josh Dorfman is the co-founder of Planted (plantdmaterials.com), a materials startup building structural panels from fast-growing grass as a direct replacement for wood-derived products in U.S. home construction. He came up through consumer sustainability media (books, Sirius radio, TV) under the Lazy Environmentalist brand before pivoting to B2B climate technology. In this conversation, Josh and Alex explore the mechanics of low-friction sustainability across building materials, aviation, carbon credits, and the unexpected efficiency gains hiding in the GLP-1 drug story. What You'll Learn * The Drop-In Rule: Sustainable materials only reach scale when they integrate into existing workflows without asking the customer to change anything. * B2B green sales: Even the most environmentally committed executive cannot justify a purchase on environmental grounds alone. The product has to win on performance and price first. * The Trove playbook: Climate companies that succeed eventually stop leading with climate, treating sustainability as a downstream brand benefit rather than the sales pitch. * Carbon credits: Voluntary offset schemes largely transfer the cost of an airline's impact onto consumers while delivering minimal real-world emissions reduction. * GLP-1 and aviation: Jefferies estimates adoption of weight-loss drugs like Ozempic could save U.S. airlines around $580M annually in fuel costs, about 1.5% of fuel spend. Jefferies separately modelled a 2% weight reduction translating to roughly 4% EPS uplift. The point: the most significant efficiency wins are often not engineering solutions.  * Battery cost curves: Declining battery costs are already reshaping U.S. power grid additions (51% solar, 28% battery storage projected for the next 12 months) and will accelerate electric aviation faster than most forecasts assume. * Grass over trees: Planted's core material grows 10x faster than timber and can be harvested annually, enabling carbon sequestration at a scale that tree-planting programs cannot match. * Storytelling as company-building: In a venture-backed startup, the founder is simultaneously selling the company and the product. The skill set required is identical. Timestamped Highlights * (00:00) Introduction: IATA 2050 targets, SAF adoption, and why materials innovation matters * (00:31) Josh's origin story: The Lazy Environmentalist, Vivavi furniture, and going green in Brooklyn * (07:01) The pivot: from consumer media to B2B climate materials * (12:49) Why sustainability pitches fail, and what actually drives B2B purchasing decisions * (18:56) The Trove case study: Fight Club rules for climate companies * (25:03) How Planted was born: a SpaceX engineer, six trash bags of hemp, and a phone call * (32:52) Testing every biomass: from hemp to Halloween hay * (38:41) Bringing it to aviation: SAF, the GLP-1 surprise, and the $580M olive * (32:33) Carbon credits: why they're mostly marketing, and what airlines should do instead * (38:00) Planted's roadmap: biochar, graphene, and potential aviation materials * (43:50) Battery technology and why the cost curve matters more than regulation * (44:06) What's coming in 2026 for Planted: furniture launch, new panel systems, homebuilder announcements * (49:50) Ground fleet electrification and the Our World reusable cup trial Guest bio Josh Dorfman is the co-founder and CEO of Planted (plantdmaterials.com), a North Carolina-based materials company producing structural building panels from perennial grass as a timber replacement. He previously built the Lazy Environmentalist media brand across books, Sirius Satellite Radio, and television, and hosts the Super Cool podcast (getsuper.cool/podcast), which covers climate technology and founders. LinkedIn: linkedin.com/in/dorfmanjosh/ About the Podcast The Travel Tech Podcast features long-form conversations with leaders across travel and technology, exploring how software, data, operations, and distribution come together in real businesses  with an emphasis on tradeoffs, incentives, and lessons that transfer beyond any single company or role. Host bio Alex Brooker is the founder of Airside Labs, an aviation AI agency applying aviation-grade testing and compliance rigour to AI systems in safety critical and regulated domains. Before founding Airside Labs, he built and scaled complex software across aviation and both business and safety critical domains. LinkedIn: linkedin.com/in/alex-brooker-2280002/

Vibe Booking: Hotel data Is Not AI Ready. Here's Why

The travel tech stack has a dirty secret: the more suppliers connect to each other, the higher the chance your inventory ends up competing against itself. Olivier Boinet is the founder of room-matching.com and Omnitravel.ai, two tools built to solve the data normalization and room-mapping problems at the root of travel distribution chaos. In this conversation, Alex and Olivier work through why hotel data loses quality and identity as it moves through the distribution chain, how the current API landscape creates circular inventory loops, and what hoteliers need to do right now to ensure AI search agents can find and trust their properties. What You'll Learn * Room mapping: Identical hotel rooms listed under different names and codes across suppliers create significant matching errors that still require manual comparison in most agencies. * Data normalization: Pushing inventory through intermediary systems strips away a hotel's personality, including the specific content, offers, and experiences that differentiate the property. * Distribution loops: In B2B travel, strategic partnerships between suppliers are so interlocking that a hotel's own inventory can circulate back to it through a chain of partners, marked up along the way. * AI discoverability: LLMs evaluate hotels first as websites. If a property's content isn't structured for machine legibility, it won't surface in AI-powered search results or recommendations. * Dynamic content personalization: Corpus-based retrieval architectures allow a single property's content to respond differently depending on whether the searcher is a Gen Z solo traveler, a British couple, or a corporate booker. * Vibe booking: High-quality, experience-focused content drives significantly higher conversion, whether the audience is a human or an LLM scanning for properties to recommend. * Direct booking imperative: As LLMs increasingly route booking intent straight to properties, hotels without structured, AI-ready web pages will lose direct channel share to those that have invested in content quality. * The confirmation paradox: The industry-wide check-recheck-check loop across API chains consumes enormous resources and still produces availability errors, a structural inefficiency that AI pressure is beginning to expose. Time-Stamped Highlights * (00:00) Introduction and context: the fake hotel booking episode that sparked this conversation * (00:01:17) Olivier's origin story: from software developer to travel agency floor shock * (00:02:00) 20 agents, 10 portals each: the room comparison problem in practice * (00:03:05) Building room-matching.com: applying NLP and heuristics to dynamic room deduplication * (00:05:00) The normalization trap: why pushing data through intermediaries erases hotel identity * (00:06:14) Omnitravel's approach: using the live website as the source of truth for AI-ready data * (00:09:22) The circular inventory problem: how B2B partnerships create self-distribution loops * (00:11:23) What LLMs are actually doing when they evaluate hotel websites * (00:13:10) Dynamic personalization via corpus-based retrieval: serving different content to different traveler profiles * (00:10:40) Vibe booking: why content quality is now a distribution strategy * (00:09:01) The check-recheck-check loop and its cost to the industry * (00:15:14) Open-source tools that can power personalized AI content distribution today Guest bio Olivier Boinet is the founder of room-matching.com, a dynamic room-mapping platform used across the travel industry, and Omnitravel.ai, a data normalization and AI-readiness tool for hotels and tour operators. With 30 years of software development experience spanning antivirus heuristics, NLP, and travel technology, he brings an unusually technical lens to the distribution and content quality problems facing the hospitality sector. Connect with him at linkedin.com/in/olivier-boinet-3b328023, room-matching.com, and omnitravel.ai. About the Podcast The Travel Tech Podcast features long-form conversations with leaders across travel and technology, exploring how software, data, operations, and distribution come together in real businesses, with an emphasis on tradeoffs, incentives, and lessons that transfer beyond any single company or role. Host bio Alex Brooker is the founder of Airside Labs, an AI business that applies aviation-grade testing and compliance rigor to enterprise AI systems. Before founding Airside Labs, he built and scaled complex software in aviation and safety-critical domains. He also invests in early-stage technology ventures and advocates for thoughtful, real-world AI deployment strategies. LinkedIn: linkedin.com/in/alex-brooker-2280002

The Day We Killed the Date Picker

What if the AI moment in travel is less about building a better OTA, and more about making the OTA unnecessary? Christopher Olivares is the solo founder of Elyo (elyo.io [https://elyo.io/?ref=travel-tech-podcast&utm_source=podcast&utm_medium=podcast]), a conversational AI travel assistant that helps travelers find the cheapest flights across flexible destinations and dates, with no commissions, intermediaries, or date pickers. In this episode, Christopher traces his path from OECD policy analyst and expat traveler to vibe-coded solopreneur, and explains how generative AI unlocked both the product idea and the ability to build it without a technical background. The conversation covers the incentive problems embedded in OTAs, the economics of airline distribution, the future of travel discovery, and why AI may finally enable a return to genuinely traveler-first service. What You'll Learn * Traveler intent vs. traveler input: Elyo is built around decomposing what a traveler wants (cheapest meeting point, most flexible weekend, best value destination) rather than the rigid inputs legacy search UIs require. * The OTA commission problem: Using a "free" platform isn't free. Commissions get reflected in prices, and the traveler absorbs costs they never see. * Freemium as a trust mechanism: Elyo's subscription model exists specifically so the platform doesn't have to earn commissions, which keeps the traveler's interest as the unconditional North Star. * AI as a leveler for solo founders: Christopher built Elyo without any prior coding experience, using LLMs both to imagine the product and to build it, illustrating a real shift in who can launch a technical startup. * GDS access is getting harder for startups: At least one major GDS has closed its developer portal, raising barriers for early-stage builders trying to validate ideas before committing to full commercialization. * The seller-of-record problem: Many white-label distribution APIs make startups the seller of record for tickets, a liability that most early-stage founders (Elyo included) want no part of. * AI as a return to the travel agent era: By removing the human cost of advisory, AI can deliver the personalization of pre-internet travel agents alongside the price transparency the metasearch era created, without the commission layer. * Corporate travel is an underserved use case: The remote-team "where should we rendezvous?" problem is a direct extension of Elyo's core optimization, and today's corporate booking platforms remain shockingly poor on UX. Time-Stamped Highlights * (00:00) Introduction and episode overview * (00:01:14) Christopher's background: diplomacy, teaching English in Japan and Spain, and the OECD * (00:04:26) The data standards challenge: why counting schools is harder than it sounds * (00:07:05) The original idea: meeting friends in a cheap third city * (00:10:34) Why generative AI unlocked both the product concept and the build * (00:14:19) Elyo: what it is, how it works, and why the date picker had to die * (00:24:12) The traveler-first business model: freemium, no commissions, direct airline links * (00:32:07) Navigating airline distribution: GDSs, NDC, white-label APIs, and the seller-of-record problem * (00:37:45) Incentive structures in travel: why "free" platforms aren't free * (00:40:01) The AI moment in travel distribution: OTA integrations into chat services * (00:44:45) Corporate travel and the remote-team rendezvous use case * (00:45:51) The return of the travel agent: personalization plus democratization * (00:48:12) Early adopters, honest pricing, and what's coming next for Elyo * (00:47:37) Where to find Elyo and the origin of the name Guest Bio Christopher Olivares is the solo founder of Elyo, a conversational AI travel assistant. Before launching Elyo, he spent four and a half years at the OECD in Paris working on internal ethics, education policy, and international statistical indicators, and is currently completing an executive master's in statistics and artificial intelligence at Université Paris Dauphine. LinkedIn: https://www.linkedin.com/in/christopher-olivares-40b8b283/ [https://www.linkedin.com/in/christopher-olivares-40b8b283/] Elyo: https://elyo.io/?ref=travel-tech-podcast&utm_source=podcast&utm_medium=podcast [https://elyo.io/?ref=travel-tech-podcast&utm_source=podcast&utm_medium=podcast]  About the Podcast The Travel Tech Podcast features long-form conversations with leaders across travel and technology, exploring how software, data, operations, and distribution come together in real businesses, with an emphasis on tradeoffs, incentives, and lessons that transfer beyond any single company or role. Host Bio Alex Brooker is the founder of Airside Labs, an AI business that applies aviation-grade testing and compliance rigor to building enterprise AI systems. Before founding Airside Labs, he built and scaled complex software in aviation and safety-critical domains. He also invests in early-stage technology ventures and advocates for thoughtful, real-world AI deployment strategies. LinkedIn: https://www.linkedin.com/in/alex-brooker-2280002/ [https://www.linkedin.com/in/alex-brooker-2280002/]