Looking Back on Our TechTalkThursday #24

Our second TechTalkThursday this year was number 24 of the event series and took place on the 5th of June 2025 at 6PM in our office. We were happy to welcome three external speakers who all held very fascinating talks. There were almost 40 people attending the event on site, also some interested Nine employees, a few speakers’ guests and many external attendees interested in the topics of Human Centric AI, Chatbots, Large Language Models and Auth.

This TechTalkThursday was again live-streamed on YouTube and we were excited to see some listeners also on that platform. As usual, Thomas Hug, CEO and Founder of Nine, started off the event with a short introduction, presenting the evening’s agenda, introducing the speakers and presenting the topics of their upcoming talks. This time, the three speakers were Fabio Duò, CEO of freihandlabor GmbH and Founder of PeakPrivacy, Florian Schottmann, CTO of Supertext, and Warren Parrad, CTO of Authress.

Human Centric AI or From Finding Solutions to Empowerment: the Journey at PeakPrivacy

In his TechTalkThursday session, Fabio Duò discussed his company’s journey from developing AI-driven solutions to embracing a human-centric approach to artificial intelligence. He’s the founder of freihandlabor, a software development company launched in 2009, which also produced a product called PeakPrivacy. The company primarily supports startups by building web applications and providing technical partnerships, and over time, became deeply involved in machine learning and AI solutions.

Initially, their approach centered on using AI to automate tasks like chatbots and assistants, often requested by startup clients. However, Fabio quickly observed that these systems typically failed to deliver real value – chatbots, for example, frequently resulted in poor user experiences. The team realized that simply embedding AI into processes didn’t work effectively in many cases, leading them to rethink their approach.

A turning point came when freihandlabor developed a cover letter generator for NGOs applying to philanthropic grantmakers. The tool used a large system prompt and structured data to produce customized application letters. Despite technically functioning well, users found the generated letters lacked personal tone and often required manual tweaking – highlighting the limitations of automated content generation.

Fabio emphasized that most AI tools, even those praised as «agents», are ultimately built around elaborate system prompts – a text file guiding the AI’s behavior. He noted that these tools often perform better when domain experts, rather than AI engineers, create the prompts. Training subject matter experts to write effective prompts turned out to be more efficient than teaching AI specialists about niche business needs.

This insight aligns with recent findings from Y Combinator, which initially championed fully autonomous AI agents. Y Combinator later acknowledged that such agents are often not scalable across diverse clients due to varying requirements. Customizing prompts for each use case introduces significant overhead, often turning AI companies into consulting operations, contrary to the scalability goals of tech startups.

To address this, Fabio advocated for empowerment through education and tooling – enabling clients to build and maintain their own AI solutions. His team created an «ambassador program» and onboarding workshops to teach employees how to build and integrate AI agents into their workflows. For example, staff at Swiss SMEs working on customer support can automate responses using a small set of well-designed prompts tailored to common inquiries.

freihandlabor’s evolution also included launching PeakPrivacy, an OpenAI clone hosted on our Swiss servers at Nine using open-source models like Mistral and DeepSeq. Their infrastructure is designed to preserve data privacy, rotating models quarterly and using prebuilt models without fine-tuning.

Ultimately, Fabio championed a pragmatic, accessible AI strategy centered on equipping users with the knowledge and tools to craft their own solutions. Rather than aiming for full automation or generic AI platforms, the focus is on reaching 80% effectiveness through personalized, prompt-based systems. From there, automation can be selectively scaled. This philosophy underscores a shift away from tech-centric innovation toward human-centric empowerment in AI adoption.

Beyond Chatbots: How to Leverage Large Language Models for Targeted Use Cases

In his presentation, Florian Schottmann, CTO of Supertext, then explored the capabilities and limitations of large language models (LLMs) and argued that chatbots like ChatGPT, while powerful, are not one-size-fits-all solutions. Supertext, a language AI company specializing in translation, combines engineering and linguistic expertise to develop more effective AI-powered interfaces for specific use cases.

Florian opened by addressing a common misconception: equating LLMs with chatbots. LLMs like GPT are the foundational technology behind chatbots but can be applied in many other ways. These models are trained on vast yet finite datasets to predict the next word in a sequence, using iterative optimization techniques. However, they are inherently imperfect and limited by their training data, which leads to a phenomenon called «hallucinations» – outputs that sound plausible but are factually incorrect or fabricated.

One key issue he highlighted is the generic interface of ChatGPT, which, while versatile, often becomes inefficient for targeted or high-stakes applications. For instance, in translation workflows – Supertext’s area of focus – contextual accuracy, consistency, and the ability to incorporate expert feedback are crucial. Florian illustrated how customized interfaces outperform general-purpose chatbots in these situations. His example contrasted the generic ChatGPT prompt-based approach with Supertext’s tailored translation platform, which streamlines language selection and allows for expert validation, thereby reducing errors and improving usability.

He also discussed instruction tuning, a technique that enhances base models to follow conversational instructions by showing them examples of helpful responses. While this improves user interaction, it does not eliminate the risk of hallucinations or guarantee the model will understand specialized tasks without additional context or oversight.

The talk strongly advocated for building custom interfaces or AI-powered products that cater to the specific needs of users rather than relying on general tools. In programming and translation, users often need more than a chatbot – they need agents that interact with local environments (e.g., creating files, maintaining consistent terminology) and systems that provide robust quality assurance.

Florian stressed the importance of human-in-the-loop design. AI-generated outputs should be reviewed, especially in contexts requiring precision, such as legal or financial texts. He shared that Supertext includes training programs for clients, helping them understand both the strengths and limits of AI tools. This prevents misuse – such as over-reliance on automation – and encourages thoughtful integration of AI into workflows.

Finally, he touched on data privacy and security, noting that Supertext hosts its models in Switzerland – using our Nine infrastructure – and complies with data protection standards. Data from users is deleted unless explicitly retained for model improvement, ensuring compliance with strict privacy expectations, especially from corporate clients.

In conclusion, Florian’s central message was that success in AI-powered solutions hinges not on the chatbot itself but on the interface, context awareness, expert feedback, and alignment with specific user needs. While ChatGPT and similar tools are impressive, building focused, domain-specific solutions can yield more practical and efficient outcomes. His insights underscored a growing consensus: AI’s true value emerges when it’s thoughtfully embedded into the unique fabric of each task and industry.

What the @#!? is Auth?

In his energetic and humorous talk, Warren Parrad, CTO of Authress, broke down the often-confusing world of authentication («Auth») by focusing on its fundamentals rather than the myriad protocols (OAuth, SAML, OpenID, etc.). His goal was to arm developers with foundational knowledge of how modern authentication systems work, empowering them to implement secure and effective auth flows in their applications.

At the core of authentication lies the token, specifically the JSON Web Token (JWT). JWTs are used everywhere in modern systems to represent a user’s identity. They contain metadata, user information, and a cryptographic signature to prevent tampering. Importantly, JWTs are not encrypted and can be read by anyone, which makes signature verification crucial. Any system receiving a JWT must confirm its authenticity using a known public key to prevent impersonation or attacks.

Warren outlined the basic authentication flow: a user attempts to access protected resources, clicks a login button, is redirected to an identity provider (e.g., Google, Facebook), and upon successful verification, receives a JWT. This token is stored client-side (e.g., in local storage) and sent on subsequent requests via the Authorization Bearer <token> HTTP header. He emphasized that tokens should never be sent in URLs or arbitrary headers.

He criticized over-reliance on large language models (LLMs) for building login components without understanding the underlying architecture. A key message was: know what you’re building before you start. Warren encouraged developers to define clear goals – like securely identifying users and verifying their identities – before diving into code.

Next, he explored common pitfalls in authentication interfaces, such as relying on a single federated provider, outdated methods like CAPTCHAs or security questions, or poorly implemented login screens. He recommended using proven frameworks, open-source solutions, or SaaS platforms to build secure, compliant, and user-friendly auth systems.

A significant portion of the talk was devoted to token lifecycle management. JWTs expire, so silent authentication (not refresh tokens) should be used to renew them without user interaction. Refresh tokens, Warren argued, are misunderstood and often misused. Their correct use case is delegation – granting one system access to another system’s data on behalf of a user (e.g., a photo-sharing app accessing a user’s Google Drive).

On token revocation, he boldly claimed it’s usually unnecessary and counterproductive. Since JWTs are self-contained and represent identity, invalidating them outside expiration is typically a sign of flawed architecture. He advocated instead for revoking session credentials or not embedding permissions in tokens at all.

Instead of permissions in JWTs, Warren emphasized authorization as a separate concern. He introduced resource-based access control, where specific permissions are tied to specific resources (e.g., a user can only manage their own photos). This approach enforces the principle of least privilege and improves security by limiting access scope.

He further critiqued complex security systems that add risk through unnecessary features and called out major OAuth providers (Apple, Microsoft) for deviating from standards in inconsistent ways that complicate implementation.

In conclusion, Warren demystified auth by focusing on core principles: use JWTs wisely, implement clean and user-friendly login flows, separate authentication from authorization, and minimize complexity to reduce vulnerabilities. His talk provided both conceptual clarity and practical guidance for securely managing user identity in modern applications.