Palo Alto Networks’ Nikesh Arora: AI, Security and the New World Order

[00:00] I have a principle that I always joke even in our whole hands. I say, I've never met a person who comes to work to screw up. [00:07] I wake up in the morning, let's go, sunshine. It's time to go to work. Let me see how badly I can do today. Everybody walks in with the right attitude. [00:16] It's something that happens at work that we create that causes the unintended outcomes. It's not the person who walks in. If you found the right person with the right domain knowledge, the right intelligence, the right attitude, then the rest is upon us. [00:31] Thank you. [00:45] Today on Training Data, we have a very special episode with Nikesh Arora, the CEO of Palo Alto Networks. Since joining Palo Alto in 2018, Nikesh has built it into the largest and most valuable cybersecurity company in the world, with 70,000 customers and more than $120 billion of market value. [01:06] Prior to Palo Alto, Nikesh spent a decade at Google as the chief business officer, as the company grew from $3 billion, [01:13] to about $65 billion in revenue. [01:16] Nikesh is an extraordinary CEO. [01:19] with an inquisitive mind and a wonderful sense of what is happening in the world of AI. [01:25] Thanks to being in the center of it with Palo Alto and all of their customers. [01:29] Please join us for a wide-ranging conversation about AI,

[01:33] its impact on security, and what excellent leadership looks like. [01:37] We hope you enjoy. [01:40] Nikesh, thank you for joining us on Training Data. [01:43] We emailed you and asked you if you'd join us on the show, and your response was, and I quote, [01:47] as long as we can talk about DeepSeek and the New World Order. [01:52] Let's start there. Tell us more. [01:54] Like that, you know, we all have our interpretation of AI and a bunch of us trying to figure out and rationalize this in some sort of mental framework. [02:02] Like everybody else, I've had my own. And [02:05] I think from my perspective, what we've seen in the last 12 months has been phenomenal. We have people trying to build effectively. [02:13] a brain. [02:14] of some sort, a brain with immense capacity to remember everything, to process everything and do patent recognition, which is kind of like [02:22] You know, my... [02:24] interpretation of an NLM. Now that brain, because of being trained in data that's out there, is susceptible to reaching the wrong conclusions depending on the data it's using to train itself. So this is not a secret. [02:36] We hear of that in various contexts of hallucination or not having the right answer because I've never seen it before, and that's fine. You can call it the early brain, but at some point in time... [02:45] these things are going to become... [02:46] Very smart, possibly as smart as you bad. Then it would take several more years to hit Sonya stage. Exactly. [02:54] At that point in time, I think we all have to start getting a little worried. So the question is, how much money does it take to build this brain? One and two. [03:01] How can all of us use it effectively?

[03:04] I think we can all use it effectively today in certain use cases as we've seen out there, whether it's, you know, creative use cases or search use cases or... [03:11] data aggregation use cases or data regurgitation use cases, at some point in time, [03:17] You've got to take this brain and give it arms and legs. And let it do stuff. [03:21] And that's where things start getting dangerous. [03:23] And we've seen examples where people gave these brains the right to do stuff too soon, too early, where they started giving you free cars or refunding airline tickets, which is not a good idea because that is their version of hallucinating and giving stuff away. [03:36] But... [03:37] On the other hand, people are sitting in cars. [03:41] where these brains have arms and legs that are driving us around as a driver. So there are examples where... [03:46] There are precision use cases which are narrow and task specific, but we are letting these things... [03:50] get access to it. [03:52] I'm sorry for the long preamble, but the whole notion of the New World Order was, you know, [03:57] I don't have an opinion on whether it costs $6 million or more. My opinion is that if somebody built a brain cheaply and made it available cheaply, it just expands. [04:07] the opportunity for a lot of these startups, a lot of people to try and deploy that brand into various tasks. And that, to me, is a major shift in what has been sort of the mainstay of this industry, where we all thought we'd spend a lot of money to build amazing models. And it looks like there could be task-specific models which we built a lot cheaper. [04:24] And you mentioned some of the hallucinations and the attempts to jailbreak these models or prompt inject these models. There's a report that came out a few days ago about DeepSeek R1 that said, [04:34] 50 out of 50 prompt injections worked. So basically 100% success rate

[04:39] on attacking the model. Is that a deep seek thing? Is that an open source thing? Do you have a perspective on what the implications of that might be? [04:47] Maybe it's not as simple as $6 million gets you the same thing you get out of OpenAI. [04:51] Well, the question is, which one do you want, right? [04:54] And, [04:55] At the end of the day, [04:58] Every model is putting a bunch of guardrails around it. These models are all in the RAW. They have... [05:04] They're in the raw. Have you remembered the early versions of... [05:07] Chad GPD and Gemini, I think it was him called, Vertex was it called that, [05:11] It was called something else before Gemini. And those things had the opportunity for us to prompt inject as well. So there were versions of these models which had to have guardrails built around them. And those things, that's what it costs money to do is build guardrails. And the guardrails... [05:25] Initially, we're skin deep. As you know, we've heard of these phenomenal stories in the early days where people were able to jailbreak them and get around them and get models to start and doing crazy stuff. So I think we will see more and more guardrails, more and more. [05:37] simpler attempts being blocked. I think there are still sophisticated things that can be done to these models. Even the more practical [05:45] in your mind, more expensive models have [05:47] loopholes or have side doors which can be used to attack them to some degree. And we've seen that happen in the past. So yes, perhaps DeepSeek is not as guardrailed as it is, and perhaps it was built cheaply. But in the end of the day, whichever model it is, when you deploy it for a precision use case and give it arms and legs, it doesn't matter what guardrails the model comes with. You will have to superimpose better guardrails and controls around it. This is where people like us come in, where we say, it doesn't matter what you got.

[06:17] on this and make it only respond to task-specific stuff, i.e. if the model is designed to improve your manufacturing process, you can talk to her about rewriting Shakespeare. [06:26] Let's talk about that for a minute. What's in scope and what's out of scope for Palo Alto networks as it relates to... [06:32] securing AI. [06:34] Well, from our perspective, look, [06:36] we're seeing [06:37] to [06:39] interesting use cases. One, we're seeing a lot of people [06:41] who are employees, who are kids, who are users using AI, [06:45] in some way, shape, or form to augment their day job. And [06:49] you can call it Augment for now and maybe [06:51] it'll creep up and do more and more food as well, but [06:53] It's being used as human augmentation for now, right? Because we're not giving it control. I'm not telling an AI agent, go write me a paper for my class. I'm not telling an AI agent to write me a blog and possibly one of these days they will. But for now... [07:06] is being used for human augmentation. And the general fear in the enterprise is my employees are taking proprietary data and putting it in some model, and it'll be used for training. And over time, [07:14] it'll get [07:16] either out of copyright or get... [07:17] stolen or it'll be... [07:19] become part of the general knowledge-based selective originator. So we have a use case where [07:23] We can intercept data, which has been used by employees. [07:27] or AI that's being used by employees. [07:29] and provide visibility to enterprises and required controls so they can stop employees from going in. [07:34] using AI models or AI apps. [07:36] without any control. So that's kind of one use case, which is kind of interesting. We see a lot of companies [07:41] who want their employees to use AI, but... [07:43] They want them... [07:45] to able to in a controlled fashion.

[07:47] Other more interesting use cases, I haven't found a company which is not [07:51] experimenting with some sort of AI [07:53] project, whether it's a simple as a customer service chatbot, which seems to be the most popular example, or some sort of workflow automation capability, which is another example, to the extreme where people are using it to [08:06] Perhaps. [08:06] slowly etch, giving it control over certain control systems, which may not be mission critical, but they're experimenting there. In all these scenarios... [08:15] The biggest fear is... [08:17] The model runs amok. [08:19] The model gives the wrong answer. [08:21] or the model takes control, [08:23] Or somebody hijacks them all. [08:25] All those are scenarios which customers are wary about, which is kind of like, [08:30] Understandable. [08:31] In that scenario... [08:32] We have a product, which is effectively, we fondly call it the AI Firewall. [08:36] the iFirewall, which inspects anything going in, anything going out of the model, it'll make sure the model doesn't have backdoors, nobody can access it, the data is not being sent out of the model somewhere else, you can run it on-prem, you can run it, [08:47] in your, you know, [08:48] Protect your cloud instead. So those are kind of the two use cases we're seeing. [08:52] The... [08:53] Behavior of the model [08:54] is the responsibility of the people generating the model. Very good. [08:58] Our job is to make sure that the model doesn't get hijacked, doesn't get intercepted. [09:02] doesn't get taken over [09:04] or manipulated [09:06] so that [09:07] people lose control of their [09:09] quote unquote AI Bray. [09:11] Can you say a little bit more about, you know, what are the real threats from AI versus the perceived or the hypothetical risks? Like I remember back when when self-driving cars were still, you know, a little bit of a pipe dream and everyone was saying we're going to have these adversarial, you know, images, QR codes in the rows that are going to make the cars, you know, become weapons. And, you know, things are going to go crazy. And that ended up being like very academic theoretical risk. It feels like there's some of that happening in LLM lands. Like what are what do you think are.

[09:37] the [09:38] made up academic risks and what are the very real risks you think are going to, you know, where AI is actually going to really help the bad guys and we have to protect ourselves? [09:46] Well, look, there's the... [09:48] These two scenarios, right? A scenario where the bad guy is just going to use the LLM so attack us faster. [09:54] Right? [09:54] Are you seeing that happen already? [09:57] It is already happening. If there's a critical security incident or vulnerability in a product, you can go to certain jailbreak models or open source models out there, which will give you a recommendation on how to exploit the CV. [10:09] because 3,000 models are hugging face. You can pick a model which hasn't been given guardrails or given any morals effectively in the context of a brain and saying, hey... [10:16] Here's a CV. [10:18] What are the five steps you take to protect it? [10:21] One of the five steps that bad guys could use to attack it. So he says, oh, by the way, watch out for these five things bad guys could do. [10:26] So there are models out there that can actually give you a recipe to figure out how to exploit a CD, or you can actually tell it. I tried to attack a customer. [10:35] With option A, [10:36] I turned option B, none of them worked because it gives this... [10:39] Return response and it says, hey, how about you try option C? So there's a whole bunch of ways that these models can be used. They're very helpful. [10:46] Right now. Yeah. [10:47] They don't try and solve your problem, and there's a risk that, actually, not just a risk. It's actually true right now. And what that does is it reduces your risk. [10:55] You're... [10:56] mean time to attack and exfiltrate data or mean time to breach. [11:00] Which means the only way to solve that problem is to be as nimble, as effective and as quick as the bad guys are, which sort of like, you know, it's a it's a as I always say, it's kind of a disbalanced problem.

[11:11] They have to be right once. We have to write 100% of the time, which means they might need this sliver of data to attack you. We need the entire corpus of enterprise logs, enterprise data from every IT system to be able to understand where there may be an almost activity which is being driven by AI. So is it going to mean right now AI is, at the margin, more helpful for the bad guys than it is for the good guys? [11:31] Well, it depends. We can always sell our book and tell you if you're deployed an X-Lion product, we can be as equally effective and equally helpful and tort the bad guys. But yes, they're not fully deployed. Not everybody has it. So yes, there's a possibility that it just has made the ability to attack much faster for the bad guys. [11:48] All right. [11:49] And that's kind of a real threat. It's not a perceived threat. And I think if you play the movie forward and say, let's abstract ourselves from this today, and this is version one or version two of AI, in five years from now, everything will be happening in a real-time basis. Everything, every bad actor or bad LLM agent would be able to attack an enterprise infrastructure which is not fully secured. And there will be agents running around the infrastructure trying to make sure that every loophole, every door, every window is locked and constantly monitored. So you can imagine the battle of the agents on either side. [12:19] Yeah. [12:19] I don't think it's infeasible. It's possible. But to get there, there's going to be serious upheaval required of the enterprise data that exists in the company, which, by the way, is not... [12:30] Unlike the fact that to get effective AI for organizations, we're going to have to have a lot of good data to automate or manage or [12:38] run businesses. So I think that's kind of where we're going to end up.

[12:41] In terms of the other... [12:44] Bart Sonja, you asked about the perceived versus real threat. [12:47] the [12:48] Think about it this way. [12:50] Let's resume, and we all, I think, [12:52] I don't know how you guys talk about this, but I'm guessing you agree that at some point in time, these models get smarter and smarter and they'll be more and more capable. So, [12:58] Let's assume that's going to happen. They get very capable. This person is equivalent of a PhD researcher from... [13:04] Pick your favorite university and do drug discovery. Now, you've trained it. You've given all the data that exists in enterprise. It's all proprietary. It's all the drug data for Alzheimer's, Parkinson's. You pick your favorite research project that you want to do, and [13:18] You ask the model. [13:19] or this brain, to give you an antidote to various medications. It could be amazing for society. [13:24] And the question is, in the wrong hands, [13:27] This trained brain could also be asked to make a virus. [13:32] to create that situation. [13:34] create a bioweapon [13:35] It's possible. This brain has no guardrails. You've trained all the data. It has all the knowledge that you need to have. Then the question is, can I make sure that this brain cannot be taken over by the wrong people? [13:46] Then it falls in bad hands. [13:48] So just for fun, if you were supreme ruler of the universe and you had a magic wand. [13:54] And you could determine... [13:56] exactly what regulation was going to apply to this hypothetical. [14:00] What sort of regulation would you craft? [14:03] You know, Pat, this is an interesting debate, and I had a debate about this with a very smart [14:09] uh, [14:11] person who's involved in some regulatory aspects of this, look, at the end of this...

[14:16] There will be two versions, I think. One version is [14:19] critical systems, where before giving AI control of critical systems, you'll have to go through a serious certification discovery process with... [14:28] some part of the US government. [14:30] Right. [14:30] You cannot give the control systems to AI for shipping routes and running cargo containers which can crack when... [14:38] burn or control the entire electrical grid of the United States. You can't give it to an AI model because you need to have controls in place and need to be able to have a conversation around what the fallbacks are and what the controls are. So I think there'll be a set of classified activities which will need. [14:53] some degree of consultation, some degree of certification, validation. It's kind of like [14:57] FDA does drug approval, so there'll be some version of [15:00] You know, AI approval, which can have critical irreversible impact if you give control to AI. And that'll have to be some sort of certification mechanism. [15:08] And I think [15:09] where it is not as fatal, [15:11] where it's not as critical, perhaps, [15:14] you'll have some degree of [15:16] Self-responsibility. You make a bad car. [15:19] people have a problem with it, you're responsible. [15:23] Not every car goes through inspection process. [15:25] But there's a tremendous amount of accountability to the car companies. [15:28] that they don't have seat belts, they don't comply with regulations, that they're responsible for the bad outcomes. In this way, if you deploy AI in a bad way in your company and give it on the legs of control, [15:38] then you're responsible. There'll be some degree of... [15:40] It is impossible for any guy of the authority to create an inspection system. [15:44] Oh, [15:45] Just the amount of computer data

[15:46] which can get it right every time. [15:48] So there would have to be self-policing and self-accountability in there. [15:52] just the way it exists today in many industries. [15:54] Nikesh, do you think AI labs get nationalized in this, you know, your version of supreme ruler of the universe? [16:02] The high labs get nationalized. I don't think so. I think the problem is... [16:07] If [16:08] given that we're living in hypothetical, if it is true that a new model can be produced at a lot lower cost, [16:16] which is in the single-digit millions or tens of millions, [16:20] And. [16:21] AI Lab [16:22] It could be anywhere. It would be impossible to find, discover, and... [16:27] You know, control. [16:29] So, [16:30] What's stopping somebody? And part of these challenges, the concepts are very dangerous on a global basis today, which we live in effectively. [16:37] A world with no borders, even though I know that we have a whole different conversation on borders, but conceptually, [16:42] What's stopping somebody from deploying $50 million in a server cluster in a country which has... [16:48] lacks regulation vis-a-vis this stuff, and me building it there, or somebody building it there. So I don't think that [16:54] The idea that, yes, of course, if it's a 500 billion dollar [16:58] AI cluster that is needed to build the world's superbrain in AGI, yeah, you can find a way of [17:04] maintaining some degree of oversight, perhaps, on it. But if the answer is this 20 million bucks and I can build a world-class model, which is really smart, then I think all bets are all. [17:16] Let's say I am not necessarily a CISO, maybe a CEO. Let's say I'm a corporate executive of some sort.

[17:22] And I see the potential for AI. So I'm excited about trying to use AI, but I'm very scared. [17:28] I'm very scared because I think that when my people use AI, they're just increasing the attack surface and making us more vulnerable. [17:34] And I'm also scared because I think there are bad guys out there who are going to weaponize AI against us and sneak in in ways that they might not have been able to sneak in before. [17:42] What would your advice be? You know, top three things that you advise this person to do. What can people do to get the benefits of AI without exposing themselves to unnecessary risk? [17:53] I think that would be ill-informed fear in my mind. Okay. [17:59] I think... [18:00] There are perfectly fine use cases, which I'm sure you can integrate and Sonia can and a lot of people can, where you can run... [18:08] a model in a [18:10] constrain on-prem or a dedicated cloud cluster which cannot be intercepted or cannot be manipulated, [18:16] In the end, that model is only useful if you put your own data into it. And if all you do is have the model... [18:22] generate responses, but you're not letting it give it any control. You can on experiments. [18:27] You can look at what the model produces and compare that to other things. You can do A-B testing and say, wow, the model says this, and my best researcher says this. And you can run experiments and understand the power of AI without giving it any control. So I think that's why the fear is a bit misled. [18:40] It's not doing anything. [18:41] Trying to give you the outcome and you can see if it's faster, better. [18:46] And both are possible or one is possible. Some things happen faster, some things happen even better. So I think running A-B testing, being able to test it is easily possible in today's world without having any fear.

[18:56] I think it's even possible for letting employees experiment with it in a way that, [19:00] It is not... [19:01] manageable. I think where it starts to get [19:04] More interesting, not dangerous perhaps, is when you start letting AI act on your behalf. [19:09] Right. [19:10] in whichever capacity. And that's where I think [19:13] Any... [19:14] Any person, not just CEOs, anybody would have to go to a rigorous amount of testing to see how it reacts in various circumstances, because depending on what you're giving control to, it could have a significant impact to whatever product, service, business that you're running. [19:26] That's where I think it becomes more interesting. But I think for now, running experiments, running models, which cannot be hijacked or manipulated, models that won't run amok. [19:33] It's all possible today. I think [19:35] You know, it would be... [19:37] Irresponsible. [19:39] for companies to not experiment. [19:42] All put. [19:44] Because I don't think that... [19:46] This thing's going away. [19:48] Yeah. You may not know exactly how to get to the future, but you know if you do nothing, you're going to get left behind. [19:53] I learned about Chad GPT on a flight to India. I was going there to go speak at my alma mater. And I read about this thing. I was sitting at Dubai airport, not doing anything for two hours. I kept playing with it. And I rewrote my entire speech. [20:06] I went and said, you're about to witness the biggest technological revolution. Now, I just say it before Jensen said this is the iPhone moment, but [20:12] More important, he's got a bigger mountain. He's the supreme commander of AI. [20:16] So we'll let him... [20:17] We'll attribute that quote to him, but that's okay. And I felt it was a seminal moment. And I came back and I said, [20:24] You know what? First things first, I have no idea about this. I called a bunch of my teams like, what do you guys know?

[20:28] What do we mean? Nothing. We're all like, you know, a bunch of the important uninformed. But we're important, but we had an opinion. So the first thing I did is I put them all into a... [20:38] like a training room. I invited everyone from Thomas Corian's team to, you know, [20:43] Nat Garmin now, his team, or a bunch of startups, just brain dump on us. [20:48] And we did that. [20:50] For two days a month, we get people to brain dump. We had a bunch of our people go come with ideas. We had 70 ideas. People weren't executed. Cut them down to seven. We started playing with it. [20:59] We ran everything, every possible problem that you could run with Vertex AI or with the first model of ChatGPT or the first model of Claw. We tried everything. We ran everything through. [21:10] We had models running with AI. We had models running with semantic search. We were training with all kinds of data. [21:15] And we learned. [21:17] We learned what is useful. We learned what is not useful. Now it's doing some things by itself, which we had to go jerry-rig. But [21:23] You know, we are partially informed. It's better than being totally ignorant. [21:27] What was the biggest surprise from those learnings? The biggest surprise? Well, [21:33] The early version of this thing was pattern recognition, was data summarization, was, I'll call it, infinite memory. Once you train it on some data, it's never going to forget it. Now, there are use cases where I have 50 people solving the same problem, and depending on who answers your phone, they're going to solve it differently. [21:50] In this case, I improved the general level of awareness and knowledge for my entire team playing. [21:55] get it to tell you the answer, and then work from there. So it did sort of lift the average intelligence of the average capability of the teams.

[22:02] And I think as it gets better and better, it's going to shorten the time to answers. And I mean, at the end, I want to expose a lot of this stuff to our customers, right? [22:10] So they can go solve this problem. So my problem is if you don't start learning when every startup is learning, [22:16] Eventually, the startups do your business, right? You've seen that in every technological revolution that we've run into, whether it's the cloud, mobility, the internet. [22:25] We saw it every time. And every time, there was a large... [22:29] now we can call them legacy, but large businesses with dominant market share, with every asset at their behest, which they could have deployed. And nobody should have seen the light of day who was competing with them with the new technology. But for some bizarre reason, every time you turn around, there was a Travis, there was a... [22:45] you know [22:46] Chad Hurley at YouTube, and there was a Larry Page, and there was a Mark Zuckerberg, and there was a Neil deGrasse. So, [22:52] The challenge is that if we don't go embrace this as early as we can and learn while everybody else is learning, we run the risk that we're late and then we go in. [23:01] Law of unintended consequences. Maybe on that note, one thing I'd love to understand is it seems like the biggest platform companies in security are kind of formed around these platform shifts, like, you know, the firewall, identity as a perimeter, you know, maybe the cloud and CSPM. Like, do you think AI is a new platform shift opportunity from a security point of view? And do you think a new security platform company, which could be you guys? [23:25] Or is this very much, you know, is similar kind of set of tools is going to is going to serve the first world?

[23:34] I think... [23:36] AI has the opportunity. [23:38] 2. [23:40] turned securely on its head. [23:44] And the reason I say that is that security is a needle in a haystack problem. [23:48] Right? [23:49] because you don't worry about it [23:51] until you have to worry about it. [23:53] So you suddenly wake up and get really, really smart very, very quickly because something's happened in your infrastructure. [23:58] And it's just impossible to go from 0,000 overnight because somebody calls the hell as shit. There's so many infrastructure. They've exfiltrated some amount of data or they are in the midst of exfiltrating data. [24:09] And traditional security has been [24:12] I'd say – [24:13] 95% [24:16] at the border. [24:17] or on prevention... [24:19] and 5% on detection and remediation. [24:22] Right. You buy a firewall. It inspects everything that's coming in. You block a bunch of stuff. You buy some sort of, you know, remote access endpoint agent. You buy an endpoint XDR capability. And that all works because there's a lot of prevention that happens in that process. [24:35] But, [24:36] The problem in breaches is it's not what you prevent, it's what you let in. [24:41] And there's things like zero-day attacks, which have never been seen before. So if you haven't seen it very often, you can't prevent it. And the only way you figure out all that stuff is you ingest a lot of data, look at it, and look for anomalous behavior, right? You can't rely on security signatures. So if you're going to look at anomalous behavior, you need to be able to ingest all data. You've got to look at pattern recognition. You've got to say, does this happen like this every time? And say, well, I don't know, but it looks like something's different is happening. So I think this whole notion of...

[25:07] doing pattern recognition, ingesting a lot of data, analyzing it on the fly. [25:11] and looking for things is easily possible with, call it machine learning, call it AI, call it whatever you want to call it. But I think that's the only way we can do this at real-time speed. [25:21] What about what it means to be a security team, a CISO, a security practitioner in this new world? [25:27] And, you know, we get 20 pitches a week right now for like the AI-powered SOC analyst or the AI SOC. What is your vision for, you know, what the future? You already have one, so you should send them our way. It's like, you know, try it. [25:40] Let's give you on how that evolves and what the end state is for humans and security. [25:45] Like insecurity. [25:47] uh, [25:47] at a very... [25:49] First principle level, we sell two things. We sell a sensor, [25:53] with sensors at the edge of your perimeter, whatever the perimeter is, whether it's your laptop, whether it's your application, is it your customer accessing your bank account? That's the perimeter, right? The perimeter is the edge of your technological footprint. [26:05] That's a perimeter. So we all sell sensors that sit at the perimeter and inspect. [26:08] It's like having like a digital security. [26:11] guard at the perimeter. We all sell parameters and we protect the parameters, we inspect the parameters, we block the parameters. And then what happens is that somebody's in a bad app, somebody's in the back door, somebody's in the side door. By mistake, then people enter through there. [26:25] So that's we sell sensors, we protect parameters, and then we analyze data in the back end to look for any vulnerability that you might have been created by the infrastructure that you have. That vulnerability could be exploitable in the future, so we look for potential exploits, and that's what I want to do. Which means, and the reason I tell you a story is that, which means...

[26:44] If I want to sell... [26:45] NEI powered anything... [26:47] I need to be at points of data collection in enterprise. [26:50] Thank you. [26:51] Because AI requires data. [26:53] So-- [26:54] Again, this is the old adage, right? I am in the best place to collect all this data and analyze it. And of course, that doesn't mean anything because in history, people who are in the best place got knocked off their knees and somebody else came and built something better because they were lazy sitting on their haunches. Now, the only thing is we don't want to be lazy. We don't want to sit on our haunches. We're out there. [27:12] hustling as... [27:13] fast as we can, not as nimble as possibly in a startup, but we're nimble enough as a company. We've done 27 products, which are in the magic corner to the right. So we're not shy. But [27:24] I think every security company, every security startup is going to walk to every customer and say, I can build this for you. The customer is great. How do we start? He says, well, let me go deploy a bunch of sensors around your perimeter so I can collect the data. Holy shit, I already got a bunch of you guys in the industry. You've got sensors out there. Then what do you want me to do? Then give me all your data. I'm like, wait a minute. You want all my data? Who are you again? [27:44] So I think that's kind of the risk you run into is this is a large data problem. [27:50] And large data problems are harder. [27:52] to solve as a startup. Not to say it's not being done. There are people out there raising $500,000, but not everybody can do that in security. [27:59] Fair enough. Do you think security teams are comfortable giving arms and legs, I think, so to speak, like agentic? Oh, no, I think they're petrified. [28:08] Do you think that flips at some point? And when? [28:11] Well... [28:12] I think most of the security terms aren't asked, right? I mean, Waymo wouldn't exist if they outtalked a security guy.

[28:19] Tesla FSD possibly would not exist some security. Are you crazy? You're giving the car control to your car. All kinds of bad things could happen, right? So from a security perspective, these all bad things happen. [28:31] I mean, security leaders are, for the most part, risk managers, right? [28:36] They're risk managers. They're trying to understand what the business need is and how do I deliver the business need with the least amount of risk possible. [28:44] The safest room in the world is one with no windows and no doors. [28:47] But it's not very useful. [28:48] So you got to let doors and windows be created, which means you're managing risk. So security people are risk managers. They sit down with the business, understand what potential risk does it cause. They'll give you some ideas as to how to make sure that you protect against that risk. And they'll set up a whole bunch of safeguards and say, you know, you know. [29:04] Gate 1, gate 2, gate 3, if it doesn't stop, get stopped here, get stopped here, get stopped here. [29:09] And then after the races. I think security people will allow... [29:12] The arms and legs have to because that's kind of the crying meat of the hour. [29:16] I think the question will be, what kind of security tools do we have in place to create those protections that customers can comfortably go ahead and use these capabilities? But that's been true with every technology. [29:27] Our partner, Jim Getz, and for any listener who's not familiar, Jim has been involved with Palo Alto since formation. [29:34] Jim has a creative mind. One of the things that Jim mentioned was after you came in about seven years ago as CEO of the Innovation Engine, [29:43] And Palo Alto really started to pick up. And I think we see that today also with how quickly you guys have pounced on AI.

[29:49] I guess the question, maybe two questions. [29:52] Question one. [29:53] Thank you. [29:53] If you had to reach yourself, [29:55] If you had to read Palo Alto on agility, nimbleness, ability to respond to market conditions, [30:01] I know you're a tough grader, so you can't give yourself an A+. How would you grade yourself? [30:06] And then question number two, [30:07] you do have all the advantages of scale and data and distribution and being at those points where you need to collect the information to do whatever detection remediation you need to do. [30:17] But it's hard to get a big organization to move fast enough to respond to the market. So question one, how would you grade yourself? Question two. [30:23] How do you drive agility at this scale? Like just practically speaking, what do you do to make that happen? [30:30] You know, our... [30:32] Let's go first step first. I'd give us a seven or seven and a half. [30:37] or scale of 10 in terms of agility because we have bad. [30:42] 15,000 people? [30:43] probably 5,000, 6,000 people on our product side. So there's a lot of stuff, a lot of complexity, a lot of legacy stuff that has to be brought along, a lot of stuff that has to be dicked and dyed to make sure that these things work. And, you know, I think part of the challenge, as you know, is that... [30:58] You have a sole base of 70,000 customers, right? Any tweak you make which impacts 70,000 customers brings their infrastructure down. You lose your license to operate. [31:06] So it's not like we can innovate, throw shit at the wall, see what sticks and go with that and ignore the other stuff. So we have a serious responsibility in making sure stuff that we build, that we put in line, has to keep performing and not bring down any of this infrastructure because the best security is in line. We have to be able to watch what's going on. Inline security has the property that if it doesn't behave, it can impact your infrastructure.

[31:36] relates to inline securities. From that perspective, I think [31:39] 7.[redacted address] to be. So you're probably over at 3 or 4 [31:43] seven years ago, as an industry. I don't even say a Palo Alto. I think as an industry, it was three or four. And I said the industry has moved its agility. If I look at some of the newer players... [31:50] They're moving faster. They're not sitting back anymore because they see the playbook for the future. [31:54] is not where you let other people... [31:57] instead of come by in the new swim lane and say, nice to see you, you know. [32:01] congratulations, great job. Now it's like, holy shit, how did they get there? We're going to go chase them down. So I think the industry dynamics have changed. [32:07] In terms of how do you drive agility, [32:11] You, as you know, possibly from talking to Jim and from talking to us, that [32:17] We have no... [32:19] sort of [32:20] Qualms about going and finding people who are doing it amazingly well and embracing them and saying, you got this figured out. Let's go do it together. We'll run fast. Right. Sometimes companies get trapped in this idea that I have so many resources, I can take them down. They don't understand. There's a team of 50, 100 motivated people funded by people like you who are out there running at sort of light speed. [32:40] who've built an amazing... [32:41] products which are going to get traction and they're competition on every day in the market. [32:46] And they get better and better and stronger. So the question is, when's the right time to say, oh, shit, let's embrace them. They've got less resources, but still managed to kick our ass. Let's go make them part of our team. We've done that 19 times, as you've seen. So we're not shy about embracing innovation if it doesn't come. And having said that, I was looking at it the other day. I think more than half of our products are made in Palo Alto.

[33:07] So it's not like we only have one strategy, we do both, because in some cases, [33:12] Building on our platform is a lot easier from a go-to-market and deployment perspective than buying something and spending time integrating it. So we've gone to the point of scale that... [33:20] It's more important for us to innovate on our platform than just go out there and will you nearly try and look at the fastest innovator and try and stick them onto our tech platform. So I think from that perspective, it's that constant balance. What do you buy? What do you build? [33:32] How do you embrace somebody else doing it better? And then you've got to be nimble and say, you know what? I am going to get some stuff wrong. The question is, when you get punched in the face, how quickly you recover, right? Don't let him count to 10. [33:42] So, [33:43] And it's kind of like... [33:44] how you maintain agility, and then... [33:46] And the only other thing is... [33:48] I call it relentless inspections. [33:51] Relentless inspection of your go-to-market capabilities, of your deal, relentless inspection. What form does that take? What's the sort of thing you might do in one of those relentless inspection conversations that somebody else might not do? [34:02] Well, I'll give you an example. Um... [34:05] For the longest time, I kept seeing us doing really well in certain things, and our teams would create all these incentive programs to drive more behavior, to get people to sell. [34:14] And I have my sales leaders tell me that everybody has an account plan. I said, these things look like very interesting things. I should take a look at one. [34:21] So, [34:21] One fine day, this is possibly an year and a half ago, we're having a tough quarter. I said, great. [34:26] Here's what we're going to do. [34:28] We're going to start from customer number one and keep going. [34:32] Please show me your account, Blanc. [34:33] So what does that mean? Send them five slides, fill those five slides and show up on a Zoom call. You have to show up and explain those account plans to me.

[34:41] And... [34:42] I'll fast forward. I've probably been through 750 of them so far in the company. [34:47] I did about 15 yesterday. [34:49] And it's like theater now. There are 500 people dialed in from across the company. [34:53] Wow, y'all get to watch. [34:57] Get these salesperson calls. We can dial in and watch an account review and process. Because for me, it's basically them learning how to do it. And we go through it and say, who's the person? Who's the buyer? Does he understand the product? What did you pitch? How do you sell it? Did you sell it? Did you talk about this? Did you not talk about this? Why did you talk about this? And by the way, the best thing for our teams is... [35:15] If you feel that [35:17] This doesn't look as robust as we'd like it to. [35:20] Me, BJ Jenkins, our president, many of our product leaders, we will get involved. We're not just randomly inspecting. We're actually assisting. [35:29] And like, you'll be surprised if people spin off their laptops are open, like people are pinging people on LinkedIn, texting people saying, hey, do you know this person, this company? I don't think our plan is robust enough. We don't know the right people. Let's go. [35:40] So, [35:41] That's kind of like... [35:42] grassroots. [35:44] I have a... [35:46] little, um, [35:49] whiteboard in my office where I write down things which I want my team to remember. And the second thing written on it... [35:53] It says sales is a math problem. [35:55] Soon. [35:57] So... [35:58] which people find hard to understand. Like, look, if you have the best product in the market and you are able to win... [36:04] and generate billions of dollars of DCV a year, [36:08] then the question is, why are you losing?

[36:12] It's not the product because there are people buying the product is working. [36:15] It's not that nobody's willing to buy it. [36:17] There are lots of people who are willing to buy it. [36:19] What happened in that process where you were selling that... [36:23] You didn't win. [36:24] Somebody else did. Let's go inspect it. [36:27] Yeah. [36:28] And sometimes you'll find some product things that you need to fix. Many times you'll just find execution errors. [36:33] Let's keep going on this thread of driving performance out of people because one of the other things that Jim said was that you have – [36:39] sort of an exceptional ability to recruit and retain really exceptional people. [36:43] and that you sort of drive followership [36:46] in a way that's unique, like you're pretty hard on people and you demand a lot from them. [36:50] Yeah, I went to speak yesterday for a person who I worked with at Google. [36:55] Her name is Lexi Reese, and she actually ran for Senate. She has a startup now, and she introduced me by saying, [37:01] I didn't quite enjoy my time when I used to work for you, but I'm a better person. I learn a lot. So I'm like, well, I'll take it whichever way you give it to me. But anyway, sorry. Well, and Jim said you balance that with a very nice human approach where people know that you care about them and you'll go to bat for them in the right situation. So I'm just curious. [37:17] You've now been an executive in a variety of contexts, and you've been successful every time. [37:22] um, [37:22] Google is a consumer business, Palo Alto is an enterprise business. You kind of grow up around marketing and sales. You become more of a product person. [37:30] And so you've got this – [37:32] diversified set of experiences that [37:34] I'm an enterprise person. You're a full-fledged enterprise person from now, for sure. I guess what leadership principles or what leadership techniques are you?

[37:44] are sort of context independent. [37:46] that worked at each step in your journey. [37:49] And are there other things that are kind of Palo Alto specific? But I'm mostly curious, like, what are the – [37:54] sort of core principles of your approach to leading people. [37:58] Not a lot of Palo Alto specific, right? Because at the end of the day, [38:01] My senior executives are not writing product documents. [38:05] They're analyzing strategy, analyzing go-to-market, they're understanding, of course, do I have experts in cybersecurity? Of course. We could survive without that. So here's Zook, our founder, Lee Clark, our culture product officer. [38:16] So the other product leaders that we have, they're very smart guys. They understand. [38:20] While our products exist in this industry, they act as sounding boards. Sometimes I'll challenge them. [38:25] performance, right? I'll push back so I'll fill it out. [38:27] So, [38:28] There's no... [38:31] getting this done right without the right... [38:32] domain knowledge. [38:34] So you have to have that. But I think outside of that fact that there's domain knowledge, [38:38] You still have to have the right people. [38:40] as is possibly understood, that I don't suffer for it. [38:43] because I can fix a lot of things I can't fix without... [38:48] And if somebody doesn't get it, [38:51] Like for sure. [38:52] And, um, [38:53] You have to make sure you surround yourself with smart people. [38:56] Where do you find them? Keep them. [38:58] Because the next question becomes, you know, what is the attitude these people bring to the table? [39:02] As long as they are [39:04] willing to learn and humble when they understand they're part of a team, [39:06] All systems go. Like, I have a principle that I was joking even on all hands. I said, I've never met a person who comes to work to screw up.

[39:15] I wake up in the morning. Let's go, sunshine. It's time to go to work. Let's me see how badly I can do today. Everybody walks in with the right attitude. Yeah. [39:25] is something that happens at work, [39:27] that we create that causes the unintended outcomes. [39:31] It's not the person who walks in. If you found the right person with the right domain knowledge, the right intelligence, the right attitude, [39:37] Then the rest is upon us. [39:39] And then the question is, how does management create the environment that people can thrive? [39:45] And it's not just about, you know, happy-go-lucky environment. I always say, [39:49] There are three jobs that we have as leaders. One is we have to identify the North Star. People have to know which mountain we're going to climb. [39:55] You get the best climbers, you need to find out, you haven't told them which one, they're all on eight different mountains around you, you're not sure what happened, they're all in different places. So my job is to make sure I identify the mountain, I fight, I argue, I debate, I cajole, whatever needs to happen to make sure we have a plan of record where we're going. [40:11] Ample degree of input, but at the end, somebody's got to make a decision. [40:14] Then the next thing is, is it achievable? Can we write a plan to make it happen? Because the last thing you want is people come say, I get it. You wanted to build this. [40:22] But he gave me, you know, one pickaxe and one shovel and two people. [40:26] And you want me to go dig a platinum mine. It takes a lot more than that. So the next question is, is it a feasible plan to get it done? And are you resourcing it right? [40:35] And very often companies... [40:37] Look at our industry, right? [40:38] A lot of people had the right ideas. When I came to Palo Alto... [40:41] It's funny, I joke sometimes I didn't do anything different. We had a cloud security acquisition we'd done. We had an XDR acquisition we had done. We had the idea of building a SIM.

[40:50] We just hadn't resourced it. [40:52] We hadn't written the plan for it. [40:53] We kind of knew what we wanted to do, but we hadn't sat down, debated, argued, said, what does the future look like? And we hadn't written the plan. We hadn't resourced it. [41:01] One thing the resource we need. [41:04] So... [41:05] You... [41:05] You don't have a plan, you have an idea. [41:07] Ideas are not good enough. You've got to have a plan. [41:09] And I'll start. [41:11] You have to... [41:12] that you can sort of [41:14] executed supply. And the third job of management is to keep communicating it and weeding out things that block the execution of the plant. [41:21] Whatever it is, whether it's a [41:23] The person is not doing it, whether it's a resource that's not available, whether it's a contract that's not working. It is blogging and tackling and sort of making way for your team so they can go and execute behind you. [41:33] So if you follow those principles and find the right people around you and, you know. [41:37] Don't suffer fools and [41:39] Have a good time while doing it. Sometimes some people do get more scrutiny than the others, but... [41:45] It's good for their career and good for their character. It's amazing. [41:49] Let me ask one more question on sort of management leadership and then maybe we can go back to some AI topics. So you mentioned the 19 companies that you guys have acquired in the last six, seven years. [42:00] Maybe two questions on that one. [42:02] At the moment when you're pulling the trigger, [42:06] What goes through your mind? Like how do you, when it's time to make the go, no-go decision, [42:10] How do you decide that an acquisition is actually an acquisition you want to make? [42:14] And then maybe second question, [42:16] One of the things our partner Jim mentioned was that [42:18] Pretty much all the founders who've joined forces with Palo Alto Networks have stuck around.

[42:22] The majority of them. So, yeah, so what you do post-acquisition to actually – [42:27] keep them around and maybe it's the same thing you were just talking about with leadership generally i learned more than that like um [42:34] I think before we get to decide it's an acquisition we want to make, we spend enough time to understand, you know, is it even worth engaging with the company for a few hours or a few days, right? [42:44] Um, [42:44] And we have some principles. [42:46] I don't like buying number two or three. [42:49] It's a lot of founders, a lot of companies say, well, you know what? The first one's a billion. The third one's a billion. Let's just take the third one. We've got enough resources. We'll spit and shine. It's going to make it brand new. It'll be worth a billion dollars. [42:59] Well, there's a reason a trade is a $300 million, not a billion, first of all, which means they possibly have some gaps which the customers have identified and you haven't. [43:07] Two, you didn't actually take out the biggest player in the market. You're still going to be four steps ahead of you. So now all you've done is taken a nimble startup, which is number three. It possibly made it slower. [43:16] Describe all your love and attention to it. He's like saying, okay, well, bring me along, but... [43:21] So now you suddenly slow down number three, you enhance the [43:24] the opportunity of a number one or two. So you sit there and say, okay. And a lot of times you joke about it saying, I wish this competitor would be bought by somebody in competition because it's slowing down. So we make sure we're only looking at one and two at best. And sometimes they're neck to neck. Sometimes they're chosen to different parts. And we did that in the browser space. [43:41] We're very happy with the acquisition of talent. I think it's doing really well with that and DSPM with Digg. Actually, in our industry, what has happened since Pat and Sonya is that – [43:50] At first, people looked at me and said, what the hell is this guy buying these companies? I don't know what his plans are. And now, we actually have a slide we keep track of. Once we buy something in a category, that category becomes hot.

[43:59] So people think we know something. We've done a good job about that. But look, I think the principle is you've got to make sure you're buying the right – [44:07] sort of right player in the market. [44:10] Then you've got to make sure that you can convince the founders that they believe a better together story than the going alone story, right? [44:16] There's no sell and dump because it's not going to happen. We're not going to take the asset because... [44:20] When you're buying, you're basically buying [44:22] A North Star, an execution plan, and a team that executes. [44:26] But usually they're... [44:27] a third or 40% down their journey. It takes more than seven years to build a great product. [44:32] Usually these things are three years out, three or four years out. They haven't fully matured into a full product that's going to win in the market. [44:38] So you need them around and use a team around. [44:41] and [44:42] So once we figure out this is the right company, the right attitude, you know, we can actually make it work. And there are now, given our scale, there are some technical considerations. Do we have to rewrite the stack, which takes longer? Is this a complementary area that can just run on our stack easily? Is this something you've never done before, in which case it doesn't matter which stack's on? So a lot of those considerations from an integration and time-to-market perspective. But let's assume... [45:05] all those hurdles have been surmounted. [45:08] And we're actually engaged to the company. I have a rule. I walk in and tell my team and I, [45:12] I live it. I say, treat them on day one [45:15] as they're part of your team. [45:16] Hmm. [45:18] Because if they're going to work with you, they're going to remember every interaction. [45:23] Very often I find many companies, the most well-intentioned companies, start treating it as acquirer and acquired.

[45:31] I come from a country which was acquired or ruled and I don't like this idea. There's no one rules the other. It's like we're part of the team and [45:41] The day the deal gets signed, [45:43] We'll all be on the same page. We'll all be trying to drive the same stock price and the same business forward. So for that six weeks that you're in that discussion phase, why is it important that [45:53] You're the acquirer and you're the acquired. So let's assume we do that. [45:57] We like a company, then... [45:59] I send out the finance and accounting guys and legal guys to do diligence. And I tell this founder and their team saying, your job now in the next six weeks is to build a joint product plan. [46:07] and a joint org chart. [46:09] At the end of six weeks, if you don't like the product plan, [46:12] or I don't like it, and you don't like the org chart, and I don't like it, [46:15] There's no deal. [46:17] This is alert behavior. The first two, three times we didn't do that. And we discovered we spent the next six months arguing about what the product should be and who should be the boss. This doesn't work. This is a bad idea. So I'm like, hey, buddy, you want the money? You can have the money. It's my house. I'm going to paint it yellow. You don't like the color? [46:33] Tell me now. [46:34] You can get somebody else to paint it pink. No problem. [46:37] Ciao. [46:38] That has an amazing cleansing property. [46:42] Because you're making a decision with all the facts in front of you saying, if I get part of, I can be part of Palo Alto, this is going to be the product strategy. It could be yours. It doesn't have to be mine. I'm not smart enough. [46:51] So, [46:52] But we have a joint product strategy at the node store, and we have a joint plan of execution. [46:56] And then... [46:57] Very often, Pat just goes back to Jim's comment. [47:00] Most often the founders we have...

[47:03] bought companies from [47:05] become the senior vice presidents of our company running their business. Our people work for them. [47:09] Which I think is unique. [47:11] in the market. Very often you'll find there was an acquirer SVP who ran crypto or blockchain or pick your favorite. I'm using non-security terms to keep it, protect the innocent. But you say, oh, since I'm responsible for this. [47:25] These people are going to work for me. I'm like, wait a minute. You had all the resources. You lost to them. We're not going to have them go work for you. Maybe you can learn a few things. So we did that a bunch of times. And in some cases, our teams worked for them really well. In some cases, our teams left. It's just fine. Hmm. [47:38] So I think those are some of the things that allow us to... [47:41] make these amazing founders going to work here and actually drive more value for us collectively. [47:45] Nikesh, I want to ask you about some of the chess that's now happening on the AI stage, because I think you've played the chess game so flawlessly in the security market and... [47:54] You have so clearly emerged the winner. The AI space, by contrast, feels just white-hot competitive Hunger Games right now. [48:02] I'm curious your view. I think it's a lot clearer than that. I think it's just – [48:07] It's just not clear to the naked eye, but I think it's a lot clearer. But go on. Say more. Tell us more, yeah. Yeah, tell us more. Look, if you think about... [48:15] The state of maturity of AI... [48:18] You know, there are two extremes. [48:21] We'll call them the... [48:22] very precise, the AlphaGo type situations which, you know, Demis and Google built together, which are [48:29] I'd say fine-tuned models which are designed for drug discovery or the...

[48:34] Bio-Pharma Field [48:36] And there you see that they did a really good job. They focused on the trained right data. They hopefully tweaked the models in such a way that that can actually become a useful thing for society. So you have that, which is highly tuned AI models, very task-specific or category-specific. [48:50] And then you have the generic ones. [48:52] And the generic ones are, you know, the rage today between the clods and... [48:57] the mistrawls and the [48:59] Gemini is in the opening eyes of the world, and those are large. They're [49:03] all-encompassing, all-knowledgeable, [49:05] But you saw this movie before, right? You saw this movie in search. [49:09] And as a Google, you know, then you had vertical search because... [49:12] The large Google search could not do as good a job of local search, so you had local search. The large Google search couldn't do as good a job of product search, so you had product search on Amazon. [49:21] How can you be amazing at everything? [49:24] in this space when you couldn't do it in the last few technological evolutions. So I think over time, we're going to have to figure out what the distinction between... [49:32] in a general purpose, large scale, I know everything, I can do everything model. [49:36] versus models that are fine-tuned for tasks. And I don't believe that all the perfect information in the world exists in open domain, that you can go out and build it without... [49:45] you know, specialization. [49:47] which means you are going to need specialized proprietary data to build these models. And I don't know how you share data between GlaxoSmithKline and Novartis and Pfizer and say I can build the best drug discovery model in the world because I have perfect information. [49:58] Right? [49:59] That's a question that remains to be seen. So I think over time, you'll see a bifurcation from an enterprise use case. And in our business, in the enterprise side,

[50:05] You need precision. I can't afford to be wrong. [50:09] You know, wrong turn by a Tesla is going to kill somebody. [50:11] A wrong... [50:12] block by Palo Alto is going to bring somebody's infrastructure down or a wrong permission is going to let a bad actor in. So I don't have that tolerance that consumer models can have because they have low consequence. [50:25] So I think high consequence applications require a lot better model, a lot more training, and more precise domain data. I think that's going to become... [50:33] sort of [50:34] thing of its own. I think everything we're seeing today is general purpose models and eventually they'll be like and I don't know the answer was that general purpose models become task specific evolved models or there's a new category of task specific evolved models which are built more in the [50:48] sort of genre of the AlphaGo version. Now on the general models... [50:53] I think, [50:54] the people who can deploy them against existing consumer properties are sitting pretty. [51:00] Right? [51:01] because it creates more retention, more continued monetization of space. So whether Google can deploy a whole bunch of AI against its three plus billion users across multiple properties, or if Mark Zuckerberg can do it, vis-a-vis Facebook and three billion users across [51:13] Instagram, you know, WhatsApp and [51:16] and Facebook. [51:17] That's [51:18] That's cool. I think Sam's done a great job in building a consumer direct business on the subscription side, which he continues to drive very well. And that's become sort of [51:27] instead of his moat, [51:29] now because no other model has built a subscription-based consumer model. So I think you're seeing the general purpose models

[51:35] being built by [51:37] Existing large consumer properties, you're seeing a new consumer property emerge vis-a-vis OpenAI. [51:43] I think the enterprise use case is still... [51:46] early because we haven't seen the mission critical applications be developed because of the lack of great training data. [51:54] Anyway, that's what I think. [51:56] Let me ask you, one of the things that's not on your LinkedIn profile is prior to – [52:03] Prior to SoftBank, prior to Google, prior to T-Mobile, if I had my facts straight, you were an award-winning equity research analyst covering telecom. [52:11] And I believe that one of your claims to fame was calling the Internet bubble and the bursting of the Internet bubble. I still have that note, a cell note that I wrote in November 99. Not bad. [52:21] So. [52:22] Are we in an AI bubble? [52:24] Lightning doesn't strike twice. How would I know? [52:29] Look at... [52:30] Again, [52:31] for the number of times I've heard it's different this time, you know, we can all be very rich. So, [52:37] But there are some things that are different, right? If you look at where the AI inflation has happened in the equity markets, it's still... [52:45] In the plumbing. [52:47] And the plumbing is real. It's not like people are driving the plumbing up without substance because you're selling four times or ten times more chips than you sold two years ago. So there's real revenues that underpin that. Now, clearly, people are projecting that into a trajectory, which I don't understand. And every day you see a new development, you tell me, is Target the future or is DeepSeek the future? And I don't mean with all its negative connotations. I mean, as a concept, are we going to have cheaper models being built?

[53:14] for large-scale application with limited specialization. [53:19] Or I'm going to have a supermodel. [53:21] in the context of AI [53:23] which is going to be expensive, but be able to do everything amazingly. You tell me the answer, and I'll tell you mine. [53:29] Sonia, should we head into lightning round or do you have more questions? Let's do it. Great. Lightning round. Okay. You just bought a cricket team. [53:35] Why? [53:36] You know, there's a bunch of us who are together. It's not just me. There's 10 of us, including your partner, Jim Getz. [53:42] Um... [53:45] We're all failed cricketers. We all support aspirants. So there's a part of that that's... [53:50] There's part of the passion that says, wow, I can be associated with a sport at the highest level without having the talent. It's kind of interesting. That's one reason for it. [53:59] You couldn't have a bunch of us buy it who are... [54:02] business savvy and say, well, is there a business model here or not? And if you look at it, [54:06] The only thing that's left in streaming... [54:09] That is linear sport. Mm-hmm. [54:12] No longer news, television, movies, nothing is linear. The only thing that's linear is sport. You want to watch it when it's happening. Pretty much when it's done, you know the score, and you lose the interest to watch that. [54:21] that event, right? The post-event viewership is a lot lower in sport than live viewership. Every other is the other way around. [54:31] Every other streaming content is the other way around. [54:33] the post [54:35] Launch. [54:36] viewership is higher than launch viewership. [54:39] whether it's movies or television or any podcast or any video streaming that do. Hopefully this one, right? So it's the only linear sport out there.

[54:46] is being bid up. [54:48] Cricket is the second most watched sport in the world. [54:50] uh, [54:51] IPL is the biggest franchise. Hundreds is the next best thing. It's in the country which is the home of cricket. [54:57] And then we follow the same philosophy that I told you about my startups. You've got to buy something, buy the best. [55:03] So we bought Lourdes, which is the home of Prickett. It's going to be fun. [55:06] Love it. What did Cricket teach you about life or leadership? It's a team sport. [55:11] It doesn't matter how good you are. [55:14] The other 10 people suck. [55:17] It doesn't matter. [55:19] It teaches you that, right? You can have a bad day and you can still win because you participate with the rest of 10 people. So it teaches you about life. It teaches you about business. [55:29] You're wearing a Pebble Beach pullover. I hear you won a Pro-Am recently. What's your handicap? My handicap's... [55:35] 9. [55:36] and it's a combination of the best pros that I could find, luck, [55:42] and a few misplaced good shots. [55:45] Nvidia, $118 a share, $2.9 trillion market cap. [55:52] 39 times earnings. Earnings are growing about 150% year over year. Long or short? [55:57] I don't understand it. [56:00] If you were Jensen, would you be making the same moves? Look, Jensen has played a very long game. [56:06] I think he's built a phenomenal franchise. I think what he's done is like no less than what Elon has done. [56:11] for electric cars. I think, you know, he took something that he built for gaming, thought about it, understood the large need for compute and put all his energy and thought behind it. He's been the longest serving CEO in the world, right? So you can't take it away from him. You just can't even trivialize it. We have to talk about him with tons of respect. What he's done is amazing. He has a vision and he's taking it beyond

[56:32] just the chips because he's slowly building an ecosystem saying my chips work with a lot of other things together. So I don't think from a long term perspective you can argue that AI is not going to be relevant. I don't think you can argue from a long term perspective that we will be constantly doing some form of development, which requires more and more compute. Like in the history of mankind, compute is not going to be relevant. [56:51] and bandwidth and memory have never shrunk. Yeah. So it's not about to start now. [56:58] I think he's sitting a phenomenal asset. [57:00] Is it a $3 trillion asset today? I don't know. It'll be a $3 trillion asset in 10 years, possibly more. [57:08] What CEO do you admire most? [57:11] I have a collection of CEOs. I admire traits that CEOs exhibit. It's very hard to have one idol in life because one idol has the property that they could disappoint. But if you admire certain things certain people do, [57:23] You learn a lot from that aspect of it. And if you have the same circumstance, you might do the same thing. You have a different circumstance, you might do a different thing. I mean, I admire Elon's creativity and what he's done for the world. I wouldn't want to work for him. [57:36] but I admire what he's done. It's amazing. Like, [57:39] I always joke with my team, I'm saying, would you go on a rocket to Mars built by the guys around you? People are like, I don't think so. But imagine you've got a bunch of people who build a rocket and people go up in that thing. That's amazing. Well, you sit in the car, which has got no driver in it, and so people have done it. So. [57:54] Look at what Satya did to Microsoft. He took somebody nobody believed he could turn this around a $3 trillion company and he did. It's amazing, right? [58:01] Tim Cook, Steve Jobs is a hard act to follow. And Tim's done a phenomenal job in taking that amazing company and maintaining it

[58:08] down the middle and constantly innovating. What can Mark Zuckerberg recently, right? He's taken that thing around and turned it around. Now, [58:15] you know, [58:16] The fact there are certain things that they've done which I respect is amazing. That doesn't mean anything about the rest of their lives, and I don't need to worry about it. [58:23] Which CEO is executing the best in AI right now? [58:27] For all the conversation around... [58:31] SAM. [58:33] I think... [58:34] All he's done is amazing, right? [58:36] I mean, before ChatGPT came about, we weren't talking about AI. [58:40] Right. [58:41] Before Chad GPD came out, you think Google didn't know about AI? I knew about AI when I was at Google. [58:47] Do you think Google didn't have a self-driving car then? They did. Do you think Satya didn't know what AI means? He did. [58:52] But look at what's happening right now. You can't run into a CEO who wants to do the words AI. [58:58] Sam has created [59:01] the next, the impetus for the next technological revolution. That's the way Steve Jobs did it with the iPhone. [59:07] And the fact that it was a straight face, you can go out there. [59:10] and get people to commit to spending half a trillion dollars in building infrastructure. [59:15] I think the mag seven, everyone was the CEOs spending way more money in building compute and data centers because nobody wants to be left behind. I just have some of your job executing AI now. [59:24] you know, history is... [59:26] is hard and business is hard and we don't know that means that you'll be the winner in the future but [59:31] Damn, has he done a great job in getting us to where we are, yes. [59:34] I think that's it. Thanks, Nikesh.

[1:00:04] .