00:00:00
It's one of the biggest winners right
00:00:01
now. The big daddy of the cyber security
00:00:03
space.
00:00:03
>> Palo Alto Networks is an outer performer
00:00:05
in the space.
00:00:07
>> CEO Nesh Aurora.
00:00:09
>> This might come as news to you, but
00:00:11
humans have been writing bad code for a
00:00:13
very long time.
00:00:14
>> I spent 10 years at Google and you know
00:00:16
Google search was democratizing
00:00:18
information. If you take that analogy
00:00:20
and think about what AI is doing, AI is
00:00:23
democratizing intelligence. Money is a
00:00:26
way to keep track. It's not the goal.
00:00:29
You've been the CEO of Palo Alto
00:00:30
Networks for eight years.
00:00:33
>> Coming up on eight years this week.
00:00:34
>> Eight years. And I think when you
00:00:35
started it was $17 billion market cap if
00:00:38
I remember correctly.
00:00:39
>> And this morning I checked it's 238
00:00:41
billion which if you listen to what we
00:00:43
said yesterday now that you passed 100.
00:00:45
You're more likely to actually 10x. So
00:00:47
the first 10x was actually much much
00:00:49
harder. So you're on your way to a
00:00:50
trillion dollars
00:00:51
>> from your mouth to God's ears.
00:00:53
>> I think you are.
00:00:54
>> Okay. Okay. So, let's just double click
00:00:56
into what you see because you are sort
00:00:58
of in a really interesting position to
00:01:00
see all of it. You see the birth of AI.
00:01:04
Maybe you you've seen the rise and fall
00:01:06
of SAS.
00:01:08
All the models talk to you. You were one
00:01:10
of
00:01:10
>> the rise again, right?
00:01:11
>> The rise again. Uh you were one of the
00:01:13
first and the few that got access to
00:01:15
mythos. So, just let me just push the
00:01:18
button. Go Nesh. Start.
00:01:21
>> Well, uh first of all, thank you for
00:01:22
having me here. I think AI is exciting.
00:01:25
I think it's exciting to see all the
00:01:28
stuff that's gone down in the last
00:01:30
possibly 24 months. Um
00:01:33
I think Sarah just said it, they were
00:01:36
right in anticipating the huge amount of
00:01:38
compute that was going to be needed. So
00:01:40
all that stuff's going on. But you can
00:01:43
see that, you know, there's this notion
00:01:47
which we talked about briefly last time
00:01:49
that AI is really democratizing
00:01:51
intelligence. What that means is I have
00:01:54
250 people in marketing. They produce
00:01:57
varied forms of output. Now I can get
00:02:00
90% of the output to be consistent
00:02:01
across those 250 people. I have 5,000
00:02:04
people who talk to customers. There's my
00:02:07
my failure mode is when 5,000 people do
00:02:10
different things where people say, "I
00:02:12
want to talk to Joe because he knows how
00:02:13
to solve the problem and Jim doesn't."
00:02:16
So now you can get 5,000 people to act
00:02:18
almost consistently in their
00:02:20
interactions with people on the other
00:02:22
side. So I think it's going to have a
00:02:23
phenomenal impact to how we run
00:02:26
businesses, how we operate. It's going
00:02:29
to change the entire landscape.
00:02:31
>> Now in that context, you touched upon
00:02:33
mythos and I know Dave has been very
00:02:35
involved with this. Mthos has shown us
00:02:37
that all the bad code that humans have
00:02:39
written over the last 50 years can be
00:02:42
assessed by AI and shown uh the
00:02:45
vulnerabilities can be shown. We tested
00:02:47
for 6 weeks and in 6 weeks we found what
00:02:50
would have taken us 5 to 7 years.
00:02:52
>> Wow.
00:02:53
>> Say that one more time.
00:02:54
>> In 6 weeks we found vulnerabilities
00:02:57
which would have normally taken us 5 to
00:02:59
seven years to find. So Methos these are
00:03:01
vulnerabilities where these are
00:03:03
vulnerabilities in your own codebase or
00:03:05
in your customer in your own code. Oh
00:03:07
wow.
00:03:07
>> So Mythos was not oversold. It was
00:03:10
legit. The capabilities of AI in being
00:03:15
able to assess vulnerabilities in code
00:03:17
are real. Not just that, if you put it
00:03:21
on ultra mode, which is persistent
00:03:22
thinking, so it keeps trying until it
00:03:24
gets an answer, you can actually daisy
00:03:27
chain vulnerabilities, i.e. finding a
00:03:29
new attack path into your into your
00:03:31
vulnerabilities. Now, we pride ourselves
00:03:33
as a top percentile of companies that
00:03:36
test our code because we're in the cyber
00:03:37
security business. If you take that and
00:03:40
compound that across all the companies
00:03:41
that exist in the world that write their
00:03:43
own code or the 10 million developers
00:03:44
write code, this thing is going to find
00:03:47
stuff which would have taken us 10 years
00:03:50
to find.
00:03:50
>> How much did it cost? Like did you track
00:03:52
the token cost? Was it $100 million, $10
00:03:55
million?
00:03:56
>> No, it was in the low millions. But
00:03:58
again, the cost as Sarah said, the cost
00:04:00
curve is going to come down already.
00:04:02
OpenAI has got a model which is cheaper,
00:04:04
more consistent. You know, Anthropy's
00:04:06
come out with other models. You buy You
00:04:07
buy the hype.
00:04:08
>> It's not hype. It's true.
00:04:10
>> That's
00:04:10
>> the capabilities. The capabilities are
00:04:12
real.
00:04:12
>> You know that the capabilities are true.
00:04:14
>> Yes.
00:04:15
>> I mean, you saw IBM announced a project
00:04:16
for $5 billion to fix open source.
00:04:18
That's the biggest problem.
00:04:19
>> What would have happened if Claude
00:04:22
didn't have the restraint and they put
00:04:23
it out in the public? Do you think it
00:04:25
would have been like a real attack
00:04:27
vector and caused chaos in corporations?
00:04:29
I think u we're 3 months away if not
00:04:32
already there from this being available
00:04:36
in the wild.
00:04:38
>> Okay. Open source.
00:04:39
>> Yeah.
00:04:40
>> Just 3 months.
00:04:41
>> Yeah.
00:04:41
>> Yeah. Cuz I mean we've been saying that
00:04:43
it's roughly 6 months away before Mythos
00:04:46
level capabilities are available
00:04:48
>> in Chinese models, you know, open
00:04:51
models, whatever.
00:04:52
>> But you're saying it could be 3 months.
00:04:54
>> Well, look, there's what is 4.8 is
00:04:56
already out, 5.5 is already out. They
00:04:57
have similar capabilities. And look, you
00:04:59
don't need to crack the hardest code to
00:05:03
crack. You just need to find a few
00:05:04
vulnerabilities in code that are out
00:05:06
there. Just take an take an old
00:05:09
industrial system which is running, you
00:05:11
know, OT code on the edge. You can find
00:05:13
that vulnerability reasonably easily.
00:05:14
>> So So we're in a race right now between
00:05:17
the cyber defenders finding these
00:05:19
vulnerabilities and patching them before
00:05:22
>> the cyber attackers do the same thing.
00:05:25
>> Yes. And how do you feel like we're
00:05:28
doing in that race?
00:05:29
>> So, not as well as we should be doing,
00:05:32
which is great for our business, but
00:05:33
that's a different story. So, look,
00:05:36
every company has to go look at their
00:05:37
code base and figure out where the
00:05:40
vulnerabilities are and fix them. So, if
00:05:41
you talk to CIOS today, their biggest
00:05:43
problem is all the vendors are showing
00:05:45
up saying, "Please patch my piece of
00:05:48
boxes that hardware that you have.
00:05:49
Please, please patch my code that you
00:05:51
have because I found vulnerabilities.
00:05:53
Fix it." while the CIS are busy finding
00:05:55
their own vulnerabilities to fix their
00:05:56
own vulnerabilities and then this huge
00:05:58
thing called open source which nobody
00:06:00
knows quite how to solve.
00:06:01
>> So is it is it fair to say that as model
00:06:04
capabilities go up systemic business
00:06:07
risk of large enterprises also goes up
00:06:10
>> on the cyber side? Yes, there are
00:06:12
antidotes being built by people like us
00:06:14
and others where we're going to provide
00:06:16
some capability where you don't have to
00:06:17
patch everything. But look, Sarah said
00:06:19
something very interesting around
00:06:21
harnesses, memory, and context, right?
00:06:24
The part we don't talk about here is
00:06:26
organizations don't have memory and
00:06:28
context of everything they do every day.
00:06:31
That's why you need to store a lot more
00:06:32
data enterprisewide to learn what good
00:06:36
looks like and what bad looks like. The
00:06:37
same problem is in cyber security. We
00:06:39
need to we need to collect 10 times the
00:06:42
data in the enterprise from a cyber
00:06:44
perspective to be able to understand how
00:06:46
to defend ourselves against the AI
00:06:48
attackers.
00:06:49
>> Do you think that the traditional
00:06:51
companies like the SAS businesses that
00:06:53
have existed
00:06:55
in this world? What is their place as
00:06:58
all this knowledge becomes more
00:06:59
persistent and stored? What happens to
00:07:01
SAS?
00:07:03
>> Well, you see SAS is Bill said SAS is
00:07:06
different pieces, right? Okay. If you're
00:07:08
an analytical SAS company, it's over.
00:07:11
>> It's over. What is an analytical SAS
00:07:13
company?
00:07:13
>> Somebody that says, "I'm going to
00:07:14
collect a lot of data for you and
00:07:16
analyze it for you. I don't need you to
00:07:17
analyze it for me. I can run models
00:07:20
against data and analyze them myself."
00:07:23
So, if you think about there's a lot of
00:07:25
every SAS company has a marketplace. You
00:07:27
can buy Salesforce marketplace. What do
00:07:28
they say? You have Salesforce data. I'm
00:07:30
a marketplace app. Take me and I'll help
00:07:32
you analyze the data. I don't need to.
00:07:34
>> You don't need that.
00:07:35
>> I can just go run NLM against the data.
00:07:37
So the entire incrementality that has
00:07:39
been sold as incremental software
00:07:41
modules to all of us doesn't need to be
00:07:43
sold to us because I'd much rather have
00:07:45
Lens run against
00:07:46
>> Interesting you bring this up. We had an
00:07:48
instance with a SAS product with 20
00:07:50
seats. Nobody was logging in and using
00:07:53
it but the data was there.
00:07:55
>> Yes.
00:07:55
>> So we created like three accounts, got
00:07:58
rid of 17,
00:08:00
>> connected it to Slack, connected it to
00:08:01
Claude, and now everybody can interface
00:08:04
it through a natural language. and we've
00:08:06
reduced our bill by 90%.
00:08:08
>> Well, not just that. What are you going
00:08:09
to do next, D? Uh, Jason, is that you're
00:08:12
going to take data from different
00:08:13
products, put them in one place, run
00:08:15
analytics against that. I want my data
00:08:17
for my sales reps, my productivity data,
00:08:20
my, you know, inventory data from SAP. I
00:08:23
want it all one place so I can run
00:08:25
analytics against it and say, who's
00:08:27
selling a lot? Where do I have less
00:08:28
inventory? Let's build inventory in a
00:08:30
region where my salespeople are
00:08:31
extremely productive. to run that query
00:08:33
you'd have to have talk to three
00:08:35
different SAS products tomorrow you can
00:08:37
put all the data in one place so so
00:08:39
that's sort of category one analytical
00:08:41
SAS is dead
00:08:41
>> catalytics okay category one analytics
00:08:44
dead
00:08:45
>> yes in medium term you get all these
00:08:47
bounces today and tomorrow that's these
00:08:49
are marginally irrelevant
00:08:50
>> infrastructure software undervalued
00:08:53
>> okay what is infrastructure software
00:08:55
>> stuff that gives you databases you
00:08:57
collect data into it stuff that allows
00:08:58
your infrastructure to work whether it's
00:09:00
a you know database software data
00:09:02
bricks, snowflake like that.
00:09:03
>> Data bricks, snowflake, MongoDB, Oracle,
00:09:06
Oracle, all these things you need
00:09:08
>> core storage infrastructure, core data.
00:09:10
>> We are going to need 10 times the data
00:09:11
stored in enterprise than we have today
00:09:13
for the next three years. 10 times
00:09:15
>> okay.
00:09:15
>> So anything that helps you collect
00:09:17
infrastructure, data, manage it, you
00:09:19
need I think the category in the middle
00:09:21
is called let's call it system of work
00:09:24
or system you know of record people call
00:09:27
them. Those are deeply embedded in the
00:09:29
way businesses work. I have 6,000
00:09:31
salespeople. They know how this works.
00:09:33
What's going to happen is step one, we
00:09:35
will take away UI and let agents do the
00:09:37
work. UI enterprise software and
00:09:40
consumer software UI is the worst thing
00:09:42
we did as technologist.
00:09:45
>> You had a couple of examples of this.
00:09:47
You told me the story. I don't know if
00:09:48
you want to repeat it of this one
00:09:49
company. They tried to hold you hostage
00:09:51
on a license.
00:09:52
>> Yes. That was analytical SAS. So that's
00:09:54
>> and you just pointed AI at it and you
00:09:55
just
00:09:55
>> Yes, we just got rid of them. That's a
00:09:57
different issue. But I mean, think about
00:09:58
it today. We spend our lives having
00:10:01
product managers design UI so all humans
00:10:04
can interact with data behind the UI.
00:10:06
>> Yeah.
00:10:06
>> If all like if you believe agents are
00:10:08
going to work and I say I just tell an
00:10:09
agent look figure out from my sales call
00:10:12
figure out the key points and go post it
00:10:14
into you know whatever sales tracking
00:10:17
system I have with this Oracle or
00:10:18
Salesforce right an agent conceptually
00:10:20
should be able to do it should we're
00:10:21
spending trillion dollars building these
00:10:23
agentic backends. We need these agents
00:10:25
to be able to do it. If that happens UI
00:10:27
goes away. If UI goes away, I can rewire
00:10:31
my system of work, right? I have sales
00:10:35
guy shows up and says, I had the sales
00:10:36
call, do all the paperwork and all the
00:10:39
that needs to happen in the back
00:10:40
end of the company and just I'm done,
00:10:42
>> right? If I can change the way work
00:10:45
happens which is where you will get true
00:10:47
efficiency where five people become one
00:10:49
in a company all these SAS software that
00:10:52
does system of work needs to be
00:10:54
re-engineered for the next 5 years
00:10:55
>> and and it's also happening passively
00:10:57
which is really interesting it's looking
00:10:59
at email it's automatically taking the
00:11:01
Zoom transcript and summary so the sales
00:11:04
system of record is now like you don't
00:11:06
even need to input it it's like I
00:11:07
already have the Zoom call notes I have
00:11:10
the deck the deck was made the sales
00:11:13
deck was made by AI. It's just we're all
00:11:16
going to be looking at a chat window and
00:11:18
just saying here's what I want.
00:11:20
>> Your audit trail becomes a lot better
00:11:21
because humans are not touching your
00:11:23
data. It's always remanaged by agents.
00:11:25
So I think the whole system of work,
00:11:27
system of record gets reinvented in the
00:11:29
next 5 years.
00:11:30
>> Yeah, there's no data entry. That's an
00:11:32
interesting point. Yeah.
00:11:32
>> Let's talk about national security for a
00:11:34
second. I just want to maybe zoom out.
00:11:36
So the one side of mythos as you said is
00:11:39
like the value that it has to you and to
00:11:41
your and to enterprises.
00:11:44
The red team version of mythos is where
00:11:48
foreign state actors or you know can
00:11:50
essentially create economic havoc inside
00:11:52
of a country.
00:11:53
>> Yes.
00:11:54
>> As these models escalate in their
00:11:56
capability, what do you think should
00:11:57
happen when these models are ready?
00:11:59
You know, uh, the sad truth is in a year
00:12:02
there's a few thousand breaches or
00:12:04
attacks that happen. They happen for
00:12:06
pretty rudimentary reasons. It's not
00:12:08
because somebody cracked a hard to crack
00:12:10
thing. It happens because 89% of attacks
00:12:13
happen because credentials get stolen or
00:12:15
>> username and password.
00:12:16
>> That's it.
00:12:18
>> My password is password.
00:12:19
>> Yeah, I'm sure it is. Do you have dollar
00:12:21
sign dollar sign?
00:12:22
>> Fantastic. Well done. See, you're
00:12:23
already ahead of everybody else. So 89%
00:12:26
of breaches happen because of simple
00:12:27
things. So I don't think we need more
00:12:29
models to go crack this stuff. Now we
00:12:30
will need you these models can attack
00:12:32
critical infrastructure and things we
00:12:34
try and protect from a national security
00:12:36
perspective. Yes, we need defenses
00:12:38
there. I'm not worried about the
00:12:40
national security part being protected
00:12:42
because they're very on it. They are the
00:12:43
right people. They spend 10% of their
00:12:45
budgets on it on security. I'm worried
00:12:48
about the small offices across the
00:12:50
country where they're using some piece
00:12:52
of package software and you're running a
00:12:54
dentist office or doctor's office.
00:12:55
Remember when when change healthcare got
00:12:58
breached
00:12:59
every physician's office shut down
00:13:01
>> shut down and it's ransomware
00:13:02
>> because of ransomware to change
00:13:03
healthcare that's was the clearing
00:13:04
system that's when United Healthack had
00:13:07
to actually have give billions of
00:13:08
dollars of credits to the physicians to
00:13:11
be able to run their businesses at that
00:13:12
point in time that's what one should
00:13:14
worry about it's less about the big nuts
00:13:17
will get cracked
00:13:17
>> it's less about cracking some PG&E power
00:13:20
generation facility it's more economic
00:13:22
chaos
00:13:23
>> yes
00:13:24
>> and so what what what do we do?
00:13:28
>> I don't think there's a sort of a silver
00:13:31
bullet. I think this will take time. I
00:13:33
think this will basically take a while
00:13:35
until every system gets upgraded,
00:13:37
renewed, fixed over time. I just think
00:13:39
it increase the terminal value of the
00:13:41
industry. Right.
00:13:42
>> Right.
00:13:43
Do you think that there's a world in
00:13:45
which these models become so good that
00:13:48
you could see yourself advocating for
00:13:50
more nationalism around how they're
00:13:53
controlled and how they're managed and
00:13:56
how they're where we point them or do
00:13:58
you think there should be a maybe a set
00:14:00
of these models that never see the light
00:14:02
of day that only the NSA and other folks
00:14:04
could have access to or guys like you?
00:14:06
>> I have a slightly differentiated view
00:14:07
about models and how they will evolve
00:14:09
versus what we heard earlier from an
00:14:11
OpenAI perspective.
00:14:13
I think I still believe models are going
00:14:16
to become a utility layer. You'll be
00:14:19
able to buy intelligence on the fly
00:14:22
where you can say I don't need 180 IQ
00:14:24
person to go do this task. Give me 120
00:14:27
IQ and I need a 250 IQ to do this task.
00:14:29
I'll pay $10 for this and for this I'll
00:14:31
pay 1 cent. So I don't know there's a
00:14:33
one-sizefits all give you the most
00:14:36
up-to-date model to answer my customer
00:14:38
call saying sorry sir I have no idea how
00:14:40
to solve your problem. So I think models
00:14:43
will get differentiated from ut
00:14:44
utilitarian perspective. Um so if you
00:14:48
look at already what's happening in the
00:14:49
market right the profit pools are in
00:14:51
applications not in models more Sarah
00:14:54
talked about codeex running away she
00:14:56
didn't say open AI is running away she
00:14:58
says codeex is running away just say
00:15:00
just the way I'm sure Dario says cloud
00:15:02
code is running away so you're seeing
00:15:03
that
00:15:04
>> they're attacking profit pools
00:15:05
>> they're attacking profit pools because
00:15:06
that's where the money is going to come
00:15:07
from the profit pools are an application
00:15:09
that companies can use the profit pools
00:15:11
are not in model usage by companies
00:15:13
because most companies have no idea how
00:15:15
to use the models
00:15:16
>> look at these companies in a way OpenAI
00:15:18
and anthropic as the new Microsoft
00:15:20
office coming in and doing all
00:15:23
applications all productivity software
00:15:26
for organizations
00:15:27
>> no I see there's going to be application
00:15:29
companies which are going to arbitrage
00:15:31
between models and solve your business
00:15:32
problem
00:15:33
>> so you still think they won't go to the
00:15:35
application layer because this is a big
00:15:37
debate should you engage with open AI
00:15:41
and train their systems to then take
00:15:43
your business from you and anthropic
00:15:46
keeps releasing their legal model, their
00:15:48
accounting model, and it does feel like
00:15:50
in order for them to hit their revenue
00:15:52
numbers, they might need to do what
00:15:54
Microsoft did, which is release the
00:15:55
office product on top of the operating
00:15:57
system.
00:15:57
>> See, if I'm a company, I don't want to
00:16:00
write every piece of software myself. I
00:16:03
want my HR system software, which is
00:16:05
agentic enabled and AI enabled to be
00:16:08
delivered by some application company,
00:16:10
could be a new AI application company. I
00:16:12
want my sales management system built by
00:16:14
the new agentic AI salesforce of the
00:16:17
world, whether it's Salesforce or
00:16:18
somebody else. So, I want applications.
00:16:20
Now, what Sarah said is the profit pools
00:16:23
are in the application layer. That's why
00:16:25
they want to be the application layer.
00:16:26
So, I think we're still waiting for that
00:16:28
layer of companies to be invented or
00:16:30
created where applications will sit
00:16:33
because 50,000 companies need the same
00:16:35
application. Why would I build it
00:16:37
myself? It's highly inefficient. It's
00:16:39
silly for me to use OpenAI directly and
00:16:41
rewrite my entire sales system because
00:16:43
I'm smart, right? I'm not. I want
00:16:46
somebody to do it for me. So, I think
00:16:47
that layer of companies is still not
00:16:49
fully formed. We're still going to be
00:16:50
waiting for
00:16:50
>> you want a control plane, a harness, and
00:16:52
then
00:16:53
>> that's right. They will build the
00:16:54
harnesses and the memory into those
00:16:56
application layers. Now, the question is
00:16:57
how big is the application layer? Is it
00:16:59
one application? There's there's one,
00:17:01
you know, enterprise application that
00:17:03
does everything. Or is it specialized?
00:17:05
>> You did it and you kicked out this
00:17:06
software vendor. You did it because they
00:17:09
were being abusive in pricing. So,
00:17:10
>> we still use this different vendor.
00:17:12
>> What's that?
00:17:12
>> We swapped out for a different vendor.
00:17:13
We just took more control.
00:17:14
>> Love it. So, it really is a pricing
00:17:17
issue and and that's why the SAS
00:17:19
apocalypse in some ways makes sense.
00:17:21
They're not having pricing power because
00:17:23
you could say, "I'll just put 10
00:17:24
developers on this and I'll save $10
00:17:27
million."
00:17:27
>> Yes. I think the part back to what
00:17:29
Chamat said about the regulation or
00:17:31
whether you want to regulate these
00:17:32
higher powered models the question is at
00:17:34
some point in time when these newer
00:17:36
models which are even more powerful get
00:17:38
built they will come at a different
00:17:39
price point and they might have to go to
00:17:41
a certain vetting process to understand
00:17:43
what their capabilities are but I think
00:17:45
we're in a global race I don't think
00:17:47
holding back our models for 3 to 6
00:17:49
months is going to help us anybody else
00:17:51
is going to put them out in open source
00:17:53
I I was I was shocked to hear when I was
00:17:55
talking to the CEO of one of these model
00:17:57
companies he says is the entire weights
00:17:59
of their most recent model can fit on a
00:18:01
USB stick.
00:18:02
>> Oh, say that again. The entire weights
00:18:04
>> entire model weights of their newest
00:18:07
model fits on a USB stick. That's the
00:18:10
IP.
00:18:12
>> That's incredible
00:18:13
>> because all the data can be distilled in
00:18:15
under 24 to 48 hours and model comes
00:18:17
out.
00:18:18
>> I'm curious.
00:18:19
>> So that's the IP. So are you telling me
00:18:21
that you know we can hold on to that for
00:18:24
6 months?
00:18:25
>> Right.
00:18:26
We we have a debate about um how
00:18:30
difficult it is to make a frontier
00:18:31
model. Some companies are starting to
00:18:33
think about making frontier models using
00:18:35
their data advantage to to build their
00:18:38
own. Have you thought about that at
00:18:40
PaloAlto? Because it does seem like you
00:18:42
have proprietary knowledge on how
00:18:45
security works. Could you build your own
00:18:46
large language model or a VSSML a small
00:18:49
language model that would give you some
00:18:52
advantages?
00:18:52
>> Here's the part
00:18:54
>> nobody talks about. Yeah.
00:18:56
>> Is the false positive rates on the
00:18:58
models. What is the false positive rate
00:19:00
on 4.8 and 5.5?
00:19:03
>> No idea.
00:19:04
>> You guys don't talk about it. You should
00:19:05
the false positive rate on mythos was
00:19:07
30%.
00:19:09
>> Oh wow.
00:19:10
>> Right. Do you really?
00:19:11
>> So it thought it found something but it
00:19:13
hadn't.
00:19:14
>> Yes. So the problem is it's great for
00:19:17
attack. It's horrible for defense.
00:19:20
It finds 30 times 30% of the time it
00:19:22
finds something. I found a problem and
00:19:23
you say let's plug the hole. Wait, there
00:19:25
wasn't a hole there in the first place.
00:19:26
>> No missile inbound,
00:19:27
>> right? Yeah.
00:19:28
>> So now the same problem applies in
00:19:30
enterprise. If you use a if you use a
00:19:32
model without the right harnesses, the
00:19:33
right training, you could be running
00:19:35
into 10 20% false positive rates. Let's
00:19:38
use the model to pay I don't know
00:19:40
insurance claims.
00:19:42
>> Yeah.
00:19:42
>> Oh, great. 10% 20% false positive. I
00:19:45
just lost money.
00:19:45
>> The sickopantic nature of these is
00:19:47
ridiculous. Yeah.
00:19:48
>> So So the problem is not who wants the
00:19:51
new S model. The problem is how do you
00:19:53
take that model with 20% or 10% false
00:19:56
positive and make it 01% false positive.
00:19:58
In my business, I want 0%.
00:20:00
>> Without losing the false negative,
00:20:02
right,
00:20:02
>> without losing the negative, the false
00:20:04
negative.
00:20:04
>> But it's like saying, hey, let's take
00:20:06
the new self-driving car. Mercedes is
00:20:08
going to use Opus 4.8 and you can just
00:20:10
sit in the car and it's going to drive
00:20:11
you. I'm not putting my kids in that car
00:20:13
with a 10% false positive rate. Are you?
00:20:15
>> Right.
00:20:16
>> So, there's a lot of work that happens
00:20:17
post the model which needs to happen to
00:20:20
make these things useful and effective
00:20:23
in the business context.
00:20:24
>> Let me uh slightly pivot for a second.
00:20:26
You were for a very long time the chief
00:20:28
business officer at Google. You were the
00:20:30
president of SoftBank.
00:20:32
Now you're the CEO of Polit. So let's
00:20:34
play armchair CEO.
00:20:36
>> Armchair CEO.
00:20:37
>> Armchair CEO.
00:20:38
>> I'm still I'm still bristling from David
00:20:39
Friedberg trying to create a distinction
00:20:41
between founder CEOs and non-founder
00:20:43
CEOs. Just saying.
00:20:44
>> Just saying. David,
00:20:45
>> by the way, false positives, false
00:20:47
negatives, too. M
00:20:49
>> give us what you would keep, what you
00:20:50
would change, and what you like about
00:20:52
the following companies.
00:20:54
>> This is going to get recorded and put
00:20:55
out there to say we're just getting your
00:20:57
thoughts. You're one of the smartest
00:20:58
business people.
00:20:59
>> I don't like that you're one of the
00:21:00
smartest business all in asking you a
00:21:02
question. Don't peopleing people. Are
00:21:05
you ready?
00:21:05
>> Yeah, sure.
00:21:06
>> Okay.
00:21:08
>> What you keep, what you change, what you
00:21:09
like, what you don't like.
00:21:11
>> Uber.
00:21:12
>> In a world of
00:21:13
>> I'm bored of it, dude. I can't talk
00:21:14
about my board of Uber.
00:21:15
>> I'm the board of Uber. I'm not going to
00:21:16
talk about Uber. I didn't know that.
00:21:18
Sorry. Okay.
00:21:19
>> Dr. Dra, he's the CEO. He's a great guy.
00:21:21
>> Okay. Uh, Whimo.
00:21:23
>> Should get me fired.
00:21:25
>> Whimo.
00:21:26
>> What do I like about Whimo? The cars
00:21:28
work. It's amazing. They should have
00:21:30
more in many more cities around the
00:21:32
world. Faster. I I would say that to
00:21:34
Teigira. I think she knows.
00:21:36
>> Google at large.
00:21:38
>> I think Google's underrated. I think
00:21:40
it's going to be the first 10 trillion
00:21:41
dollar company in our lifetime. I think
00:21:43
they have all the assets that are that
00:21:45
are needed to make this successful. I
00:21:46
think people underestimate you can be a
00:21:48
model company, you still need to have a
00:21:49
sales force that convinces customers to
00:21:51
go out there and embrace these models
00:21:53
and buy them. And if you think about it,
00:21:55
three hyperscalers have the biggest
00:21:57
number of sales people out there. So
00:21:58
they should
00:21:59
>> part of why they're a little bit
00:22:00
undervalued is just the conglomerate
00:22:02
nature is hard to understand.
00:22:03
>> I don't know. You guys are smart of that
00:22:04
stuff. I'm just a hired hand CEO.
00:22:07
>> I didn't say that. Reaper said that.
00:22:09
Let's just be clear.
00:22:10
>> I know. I know.
00:22:11
>> I was I was providing a thesis on
00:22:13
recovery out of the SAS apocalypse.
00:22:15
Okay.
00:22:16
just to be clear and I used to work
00:22:17
together. There's a way to segment that
00:22:20
basket.
00:22:20
>> Okay. And you're not in that basket.
00:22:22
>> I thought you were making a distinction
00:22:23
about how people who are founders, CEOs
00:22:26
have uh have the right to take more risk
00:22:29
and are allowed to take more risk.
00:22:31
>> I was saying that
00:22:32
>> and I think and I and I think you you
00:22:34
provide a unique counterpoint to that
00:22:36
and and there's not a lot of point. I
00:22:38
think the same was true of Jeff Weiner
00:22:40
and I think that there's a few other uh
00:22:42
really great CEOs, but they are like Neo
00:22:44
in the matrix type anomalies and I think
00:22:47
you're one of those people and there's a
00:22:48
very rare kind of personality profile of
00:22:51
someone that's willing to take risk and
00:22:53
take ownership of something that wasn't
00:22:54
theirs in the first place and they make
00:22:56
it theirs and uh it's a it's a
00:22:59
extraordinarily unique trait far more
00:23:00
unique actually than being a scalable
00:23:02
founder.
00:23:03
>> It's an incredible save.
00:23:04
>> You're forgiven.
00:23:05
>> Yeah, good save.
00:23:06
>> Let's go back to ARM. Wow, that was
00:23:08
incredible. Open AI more sick fanic than
00:23:11
chat GBT.
00:23:12
>> He's like actually
00:23:14
the best.
00:23:15
>> Let's go. Let's go back to Art.
00:23:16
>> I'm liking this. He has been more often.
00:23:19
Yes,
00:23:20
>> they need to sell faster.
00:23:22
>> Open AI.
00:23:22
>> They should sell faster, right?
00:23:24
>> They should sell faster.
00:23:26
>> I mean, I you said it, didn't you just
00:23:28
say it when you Sarah was here that
00:23:29
Anthropic seems to have improved their
00:23:32
ARR much faster than OpenAI?
00:23:34
>> I mean, that's just the statistics.
00:23:35
>> They kind of went all in on enterprise
00:23:37
and voting specifically.
00:23:38
>> I think I think that's like the the the
00:23:41
conversation right now is it's a race to
00:23:44
take over the profit pools.
00:23:46
>> If you are going to need tens and tens
00:23:48
of billions of dollars every year to get
00:23:49
what is that one gawatt is 10 billion
00:23:51
revenue
00:23:52
what are the what are the most
00:23:53
>> what does it cost to build you?
00:23:54
>> So what are the most exciting
00:23:55
>> cost 50? So this is a great deal.
00:23:57
>> So what are the most exciting profit
00:23:59
pools then? So we got coding that's been
00:24:01
the breakout application over the past
00:24:02
year. It's massive. You've got
00:24:05
infrastructure like you said the new
00:24:08
databases. I think cyber security is
00:24:10
clearly one of them because the threats
00:24:11
and patching cycles so much more
00:24:13
dynamic.
00:24:14
>> There's a slight difference within Yes.
00:24:16
So as you can see these models are
00:24:17
trying to be the the enablers of better
00:24:20
cyber security which is good because all
00:24:22
of us need to use them to test and
00:24:23
you're probably going to see I if you
00:24:25
saw Enthropic has already uh made their
00:24:29
cyber capable model available generally
00:24:32
so that everyone can use it and open eye
00:24:34
has got one I'm sure Google has one too
00:24:36
but they understand this is a place
00:24:38
where CISOs or chief security officers
00:24:40
want to use it to test the code so this
00:24:41
is another profit pool I think we
00:24:44
haven't seen the onslaught against the
00:24:46
application software companies yet. I
00:24:48
mean there's tens and tens of billions
00:24:50
of dollars in application software which
00:24:52
is waiting to get reinvented as we
00:24:53
talked about. I think eventually you'll
00:24:55
see these people saying what if I took
00:24:57
this 4050 hundred billion dollar tamdown
00:24:59
I can build a whole brand new backbone
00:25:02
AI and it be so differentiated that
00:25:04
it'll cause customers to move. We are
00:25:06
seeing it as a playbook in the
00:25:08
accelerators.
00:25:10
Now
00:25:11
>> in the year zero and year one companies,
00:25:12
people are coming to us with the pitch,
00:25:14
this is a $1,000 a seat per year, $500 a
00:25:18
month seat SAS software. We can do it
00:25:20
for less. We're going to charge them
00:25:21
based on consumption. We're going to
00:25:22
take 80 90% of the cost out as to what
00:25:26
your is doing with 8090.
00:25:27
>> The two fastest places to make revenue.
00:25:29
>> Yeah.
00:25:30
>> In enterprise are replacement ts. If you
00:25:32
replace something, I already have a
00:25:34
budget. It's easy. I take something bad
00:25:36
or replace with something better, I get
00:25:38
money. So replacement TAMs are
00:25:40
beautiful. If you can replace an
00:25:41
industry, replace the profit pool is
00:25:43
great. The second place is consumer
00:25:46
revenue. It's a lot easier to get five
00:25:48
bucks per per user on a consumer side.
00:25:51
>> Netflix.
00:25:51
>> So that's where I mean, look at it. I
00:25:53
think we collectively probably pay more
00:25:55
on subscriptions per month than we ever
00:25:57
did historically. And you thought your
00:25:59
cable bill was high.
00:26:00
>> Yeah. Do you think that you're going to
00:26:01
end up building more or less hardware in
00:26:03
the future? If you had to guess,
00:26:05
>> hardware even today is the cheapest
00:26:10
way to uh manage low latency, high
00:26:14
throughput bits. You still need a data
00:26:17
center.
00:26:17
>> Yeah.
00:26:17
>> What's a data center? It's just managing
00:26:19
high throughput, low latency bits.
00:26:22
That's why if you look, financial
00:26:23
services is the most reluctant industry
00:26:26
to go to the cloud
00:26:28
>> because you increase latency. If you
00:26:30
increase latency, you reduce profit. So
00:26:32
if you look at every of your largest
00:26:33
financial services companies, whether
00:26:34
it's Goldman or JP Morgan, Morgan
00:26:36
Stanley Street or these guys, they're
00:26:38
doing hardware.
00:26:39
>> Yeah.
00:26:39
>> Try to get them to run their business on
00:26:40
the cloud, they can't because they will
00:26:42
have higher latency. They will lose
00:26:43
money,
00:26:44
>> right?
00:26:44
>> So hardware is still be made. I mean, I
00:26:47
remember when I used to buy Silver Lake
00:26:50
and I had heard Dell was done. Nobody
00:26:53
wanted hardware. I think Dell might be
00:26:55
back to like a three $400 billion market
00:26:57
cap. So hardware is still going to be
00:26:58
around. we're going to need is the
00:26:59
fastest uh way to move.
00:27:01
>> Are hardware development cycles changing
00:27:03
because of AI? Like are you seeing a lot
00:27:06
of like generative design stuff moving
00:27:08
in silica that historically was manual
00:27:11
and long cycle?
00:27:12
>> Yeah. But the long pole in the tent is
00:27:13
never designed, right?
00:27:15
>> The long pole in the tent is production.
00:27:16
Today you can't get a box produced
00:27:18
because every every piece of hardware
00:27:23
componentry is backordered. Everything's
00:27:25
expensive and every factory in the world
00:27:28
is backorded because we're trying to
00:27:29
build all these GPUs based you know chip
00:27:32
cards for every data center in the
00:27:33
world. So
00:27:34
>> do you think the US is equipped to fill
00:27:35
that supply chain need?
00:27:37
>> Can we do that here or do you think
00:27:40
>> 10 years
00:27:41
>> with a commit with a with a firm top
00:27:43
down commitment? Well, I mean the good
00:27:45
news is that I think the hardware
00:27:48
industries is seeing a bonanza of a
00:27:51
lifetime. And generally when you see a
00:27:53
bonanza of a lifetime, you can go commit
00:27:55
10, 20, 50, $100 billion. I mean, I've
00:27:57
seen a CEO on television committing a
00:27:59
hundred billion dollar plan to go build
00:28:01
more memory. So that's good. That means
00:28:04
they have the money to go put the money
00:28:05
in the ground literally to go build
00:28:07
these things for the future. So I think
00:28:09
that gets us more certain that the
00:28:11
>> I think I think the tax incentive has a
00:28:12
big has a lot to do with that the
00:28:14
accelerated depreciation on the uh the
00:28:17
capex you get 100% write off in the
00:28:19
first year right under the under the
00:28:21
>> just a just a final question as we wrap
00:28:23
up you over the last eight years you've
00:28:26
grown organically very aggressively but
00:28:28
you've also been pretty acquisitive
00:28:29
you'll you know you'll take shots and
00:28:31
they've generally worked so you have a
00:28:33
ton of permission in the market when you
00:28:36
hear what Bill Aman said about how
00:28:38
there's this kind of overbeaten
00:28:40
companies. There's a few that get
00:28:42
celebrated. That's a right pool for you
00:28:44
to pick from, but some of that would
00:28:46
require you to go maybe a little
00:28:48
horizontally far a field, some would
00:28:50
say. How do you maintain the discipline
00:28:52
or do you see yourself at some point
00:28:53
considering things that are not nearly
00:28:56
so much right down the middle of of
00:28:57
cyber?
00:28:58
>> So, I tell you what, um, until about an
00:29:00
year and a half ago, we used to buy
00:29:02
product companies and throw them into
00:29:04
our go to market engine. We could rewire
00:29:07
their backend. so they can work better
00:29:08
with their go to market engine. So for
00:29:10
me, if I'm selling $10 million to a
00:29:12
customer, next time I go two years
00:29:13
later, if I can sell them 20, it's the
00:29:15
most efficient way for me to advertise
00:29:17
my go to market spend. Right? So that
00:29:18
was the model. We played that, we ran
00:29:21
that playbook to lots of 150 billion.
00:29:23
Then we got to a point where says, oh,
00:29:25
we see an inflection arriving in
00:29:26
identity. It's going to be important
00:29:27
from an agentic perspective, security
00:29:29
perspective. So we bought a $25 billion
00:29:31
company which we closed 3 months ago. Um
00:29:35
now it's actually a very different
00:29:37
opportunity has presented itself and the
00:29:39
different opportunity sort of goes like
00:29:41
this. If you can be the best at
00:29:44
leveraging AI to run the most efficient
00:29:46
enterprise business in the world your
00:29:48
operating margin can be far in excess of
00:29:50
the industry and if you can if you can
00:29:53
crack that code
00:29:54
>> gross and net you're saying gross in the
00:29:55
'9s net in the 40s50.
00:29:57
>> Yeah. If you can crack that code then it
00:29:58
doesn't matter what you buy.
00:30:00
>> Yeah.
00:30:00
>> So I think the problem right now is
00:30:02
execution problem. Most subscale
00:30:04
companies cannot afford to go optimize
00:30:07
their company and run it better. So if
00:30:09
we can run our company much better than
00:30:11
everybody else and have a higher
00:30:13
operating margin then the street will
00:30:14
say fine if you take something at a 20%
00:30:16
margin make it a
00:30:17
>> your first M&A was really tough. No,
00:30:19
like they were pretty skeptical and then
00:30:21
you kind of shoved it in their face.
00:30:22
you're pretty skeptical when they found
00:30:23
a guy who didn't know cyber security
00:30:25
into enterprise show up who worked at
00:30:26
Google and they're you know the track
00:30:27
record of people leaving Google and
00:30:29
being successful out of Google is still
00:30:32
>> you know varied
00:30:33
>> so basically you're saying the menu is
00:30:34
open and
00:30:36
>> I think we need the next 6 to 12 months
00:30:37
to figure out how this AI settles down
00:30:40
and how can we use that effectively in
00:30:41
enterprises I think if you think about
00:30:43
it u you know the the the people keep
00:30:47
hoping that less people will be we need
00:30:49
to run companies I actually have a
00:30:50
counter view I think we're going to have
00:30:52
more people at Palo Alto on the
00:30:53
technology side than we've ever had
00:30:55
before because I think AI is causing
00:30:57
everything to ask for a transformation.
00:30:59
So I have more technical people today
00:31:01
than I would have had if AI didn't
00:31:03
exist.
00:31:04
>> Ladies and gentlemen, CEO of Palo Alto
00:31:06
Networks Nicasura.
00:31:07
>> Thank you guys.
00:31:11
>> Thank you sir.
