No Priors | With Palo Alto Networks CEO & Former Chief Business Officer of Google Nikesh Arora

1. 0:00 – 0:39

   Nikesh Arora Introduction

   1. SGSarah Guo0:00

      (instrumental music plays) Hi, listeners. Welcome back to No Priors. Today, we're here with Nikesh Arora, the CEO of Palo Alto Networks. He joined Palo Alto in 2018 when it was the next gen firewall player, and has since grown it to six to seven times the size as a leader as a platform security company. Previously, he was the SVP and CBO of Google during its massive growth phase from 2004 to 2014. Welcome, Nikesh. Nikesh, thanks so much for being with us.

   2. NANikesh Arora0:32

      My pleasure.

   3. SGSarah Guo0:34

      Uh, I don't know where to start because I want to talk about AI, I want to talk about security, I want to talk about leadership.

2. 0:39 – 4:46

   Nikesh on the Future of Search

   1. SGSarah Guo0:39

      I do think given your history growing Google as chief business officer, like, we have to ask you, what do, what do you think is the future of search and how threatened is it?

   2. NANikesh Arora0:48

      Nothing like a slow little lowball-

   3. SGSarah Guo0:50

      Mm-hmm.

   4. NANikesh Arora0:50

      ... welcome into your show.

   5. EGElad Gil0:51

      Got to work him up a little bit.

   6. SGSarah Guo0:52

      Yeah.

   7. NANikesh Arora0:53

      This guy was with Google too at that point in time, wasn't you? So...

   8. SGSarah Guo0:55

      But I talk to him too much.

   9. NANikesh Arora0:56

      (laughs) And what does he think?

   10. EGElad Gil0:58

       I think we should defer the question to you as the expert.

   11. NANikesh Arora1:00

       Oh, look at that.

   12. EGElad Gil1:00

       (laughs)

   13. NANikesh Arora1:01

       He doesn't want to put his, put his own mouth.

   14. EGElad Gil1:02

       Welcoming back.

   15. NANikesh Arora1:02

       He wants to have me do all the hard work.

   16. EGElad Gil1:04

       (laughs)

   17. NANikesh Arora1:04

       Look, I think, um, the idea when, when search came about, I still remember going out there and trying to sell search to people. And it was the, "Oh my God, you mean I can just go to the internet, type something and I can get the answer?" And we spent two decades trying to get all the information out there on the internet so it was easily accessible to people. And I think you saw the benefits. You saw the benefits of, you know, democratization of information. Farmers in India could get stuff and people could get information. I think now, we're in an age people are saying, "Great. Now, don't give me all this stuff to sift through myself. Try and make sense of all of it for me because it's too much." And that's what you're seeing in today's generative AI models. So I- I sort of, in my own words, I call that democratization of intelligence. All of us will have-

   18. EGElad Gil1:47

       Mm-hmm.

   19. NANikesh Arora1:48

       ... the basic intelligence which every other person next to us has because we can kind of go figure it out. I don't have to hire the same people to solve the same problem for me the 10,000th time and pay them money because it's already been solved 9,999 times and the outcome is on the internet somewhere. So I think to the extent that Google has sharpened its sort of skills on putting all that information together, being able to synthesize it, understand it, being able to interpret my intention as an end user and try and present me the most likely outcome, I think that should translate well to the notion of generative AI being able to summarize the same thing in a much more enhanced or ordered way for them. So I think from that perspective, will they have the ability to transition the current search product into a future product which is basically, you know, call it what you want to call it, you know, ask me anything or... And I think it's so funny, like, you know, when you worked at Google 15 years ago, Larry had that vision. He used to talk about getting to a point where you answer my question, answer my intent, as opposed to answer what I type. So I, he, he had the foresight to talk about it, he used to talk about AI. So I think from a product perspective, they are in a good position to be able to transition the product to what the end users need. And you've seen that with Gemini, you see that with ChatGPT, you see that with other models which are getting to the same place. Let's not underestimate the distribution power they have. There are two or three companies in the world which have distribution in the billions. And whether it's Facebook with all their properties or it's Apple with their properties or Google with their properties. So they have the distribution, they have the product chops, they have the AI chops. I think the question, bigger question is how does the business model transform from what it has been with

3. 4:46 – 8:12

   Shifting to an Agentic Model of Search

   1. EGElad Gil6:09

      Yeah.

   2. NANikesh Arora6:09

      ... who's the (whistles)

   3. EGElad Gil6:10

      And that's also a lot of Google's traditional revenue, at least on the advertising side, is direct response ads.

   4. NANikesh Arora6:14

      Yes.

   5. EGElad Gil6:14

      It's not the branding ads. So, it- it- it's part of that business model in some sense.

   6. NANikesh Arora6:18

      Yes, it is. And look-

   7. EGElad Gil6:19

      Yeah.

   8. NANikesh Arora6:19

      ... most direct response is lead gen, right, in the, in marketing speak? It's lead gen which eventually results in a transaction or fulfillment of information request.

   9. EGElad Gil6:26

      Mm-hmm.

   10. NANikesh Arora6:26

       So, at some level, it is a precursor to a transaction. People pay a lot more for the consummated transaction-

   11. EGElad Gil6:32

       Mm-hmm.

   12. NANikesh Arora6:32

       ... than for the lead. So, maybe the business model transition is stop giving me leads, give me consummated transactions through agents.

   13. EGElad Gil6:40

       Hm.

   14. NANikesh Arora6:40

       Maybe I'll get paid more to buy you the airline ticket directly than have you be able to find an airline ticket provider-

   15. EGElad Gil6:45

       Mm-hmm.

   16. NANikesh Arora6:45

       ... which is advertising versus transactions. I think the opportunity is there from a business model perspective, but I think before we go back to that stable world where these business models have transformed, we're gonna go through a very disruptive phase where a lot of these apps will be rewritten. And some of the ap- some of these apps-

   17. EGElad Gil7:03

       Mm-hmm.

   18. NANikesh Arora7:03

       ... we'll have to question, are they direct consumer apps or are they, uh, APIs that-

   19. EGElad Gil7:09

       Mm-hmm.

   20. NANikesh Arora7:09

       ... they be, or perhaps-

   21. EGElad Gil7:10

       Sure.

   22. NANikesh Arora7:10

       ... MCP client-server interactions, we don't call them APIs anymore, which will actually consummate that transaction.

   23. EGElad Gil7:15

       Who do you think is most vulnerable?

   24. NANikesh Arora7:17

       Wow, you guys don't ask, like, simple questions.

   25. EGElad Gil7:19

       (laughs)

   26. NANikesh Arora7:19

       You guys, like, go for the jugular on every one of them.

   27. EGElad Gil7:22

       (laughs)

   28. NANikesh Arora7:22

       Who do I... that's why you're such a good investor.

   29. EGElad Gil7:23

       No, it's, uh, it's, uh, we're- we're looking forward to your insights on this stuff, so.

   30. NANikesh Arora7:27

       Well, I don't... look, I think the most vulnerable people are where there is poor loyalty to the UI.
4. 8:12 – 16:55

   AI-as-a-Service

   1. EGElad Gil8:12

   2. SGSarah Guo8:12

      There-

   3. NANikesh Arora8:12

      Because-

   4. SGSarah Guo8:12

      There are, um, like, several more controversial ideas that OpenAI is trying to prove out. One now is the scalability of consumer subscription. And another, I think, is the-

   5. NANikesh Arora8:25

      How does that work?

   6. SGSarah Guo8:26

      I- i- well, it's just, like, can you... uh, I think it's actually quite surprising how many people are paying subs for this intelligence today.

   7. NANikesh Arora8:33

      Yes.

   8. SGSarah Guo8:33

      Right?

   9. NANikesh Arora8:34

      Yes.

   10. SGSarah Guo8:34

       I think the other is actually, and I want to talk about the B2B side, is that you should get paid for thinking harder and solving harder tasks in, like, a, a scalable way. This is what they want. They want to sell, like, work, right, to businesses. What, what, how do you react to that?

   11. NANikesh Arora8:49

       What do you mean by work to businesses?

   12. SGSarah Guo8:50

       I, I think there is a view that the traditional way that you sell most enterprise software or products is, like, it's a seat unit-

   13. NANikesh Arora8:58

       Yes.

   14. SGSarah Guo8:58

       ... or it's some sort of, like, volume unit, like an appliance or something or a coverage.

   15. NANikesh Arora9:02

       Yes.

   16. SGSarah Guo9:03

       Right?

   17. NANikesh Arora9:03

       Throughput-based, yes.

   18. SGSarah Guo9:04

       And here, um, throughput, traffic, et cetera. Um, here, the view would be, like, "Well, if I solve a really hard problem-

   19. NANikesh Arora9:11

       Yes.

   20. SGSarah Guo9:11

       ... for you, I have a unit of work."

   21. NANikesh Arora9:12

       Yeah.

   22. SGSarah Guo9:13

       It's essentially translating to a unit of compute or sort of charging for value. And, and so I think there's a strong belief in some labs that they should be able to charge for that. How do you react to either of those business model ideas? 'Cause you're now at Palo Alto-

   23. NANikesh Arora9:24

       Yeah.

   24. SGSarah Guo9:24

       ... in the business of selling direct value versus ads.

   25. NANikesh Arora9:27

       Yeah, okay, so are we pivoting from consumer to business now, or we're-

   26. SGSarah Guo9:30

       Yeah, yeah, let's talk about it.

   27. NANikesh Arora9:30

       ... we're, 'cause we go away from the subscription because we went off on the whole subscription idea of the people should base for subscription. Look, I think that is a bigger leap. The bigger leap is in the consumer world, we are much more tolerant of inaccurate answers sometimes or not perfect answers. I mean, how many times you go to a search even today, we're looking for something, you don't find the right answer, and you say, "Well, let me look again. Oh, I, I must have-

   28. SGSarah Guo9:57

       Mm-hmm.

   29. NANikesh Arora9:58

       ... asked the question wrong. Let me ask the question." You probably do that in your prompts in, in sort of ChatGPT or Gemini-

   30. SGSarah Guo10:03

       Sure.
5. 16:55 – 20:15

   State of Enterprise Adoption

   1. SGSarah Guo16:55

      Where are we actually given, um, your visibility into enterprises and actual adoption or value in use cases?

   2. NANikesh Arora17:03

      So I think the, the use cases where there are two, two current major use cases, right? One, let's call it, we call it generalized or perhaps cross-enterprise consistent activities, right?

   3. SGSarah Guo17:15

      Mm-hmm.

   4. NANikesh Arora17:15

      Generalized. So do you have a legal team inside there on legal terms? Every enterprise have a legal team? Yes. Do they have any particular proprietary knowledge compared to, you know, particular Palo Alto? Unlikely. It's more I need them for legal advice, not for Palo Alto advice. So in that use case, yes. Could we use a-... you know, however the equivalent or whatever those are. Sure. It enhances their productivity. They get their 50 years faster. Could I possibly in the future use some sort of AI-based interpretative app or interpretative, uh, yeah, application which helps me process my accounts to see what accounts to be able faster or codify them? Sure. So I could. So there's a whole bunch of repetitive generic tasks across enterprises which I'm pretty sure could be done by some version of an AI wrapper around LLM with some particular context or my data. Sure. So to that extent, I think we're all experimenting with those things. But my caution to my team is don't try and build them. Somebody's going to build them for all of us.

   5. EGElad Gil18:08

      Mm-hmm.

   6. NANikesh Arora18:08

      It'd be much cheaper to rent them by some perhaps metric or work-

   7. EGElad Gil18:13

      The AI has, yes. (laughs)

   8. NANikesh Arora18:14

      Yes.

   9. EGElad Gil18:14

      (laughs)

   10. NANikesh Arora18:14

       The AI has metric or work or, or per seat, maybe agentic seat. I don't know.

   11. EGElad Gil18:19

       Yeah, yeah.

   12. NANikesh Arora18:19

       But there'll be some mechanism that they'll charge us on.

   13. EGElad Gil18:21

       Yeah.

   14. NANikesh Arora18:21

       But we don't have to build it because it's going to cost me a lot more to build my own, you know, accounts payable-

   15. EGElad Gil18:26

       Mm-hmm.

   16. NANikesh Arora18:26

       ... accounts payable smart AI system-

   17. EGElad Gil18:27

       Mm-hmm.

   18. NANikesh Arora18:27

       ... compared to what I can buy off the shelf.

   19. EGElad Gil18:28

       Is that what your customers believe now, like all the enterprises, the largest ones that-

   20. NANikesh Arora18:31

       I think many of them do because this is not an easy problem to solve.

   21. EGElad Gil18:35

       Yeah.

   22. NANikesh Arora18:35

       Like first of all, finding the skill set, finding people who understand this, you know, living in this world of constantly evolving models where if you keep in... By the way, you know this better than me. Like there's no... Like, you can't take one model out and take the next version and stick it in, it works just the same way.

   23. EGElad Gil18:47

       Mm-hmm.

   24. NANikesh Arora18:48

       This is like getting a new PhD and training all over again, saying, "Let me explain how we work here." So from that perspective, I think most rational players in the enterprise space, as in customers-

   25. EGElad Gil18:59

       Mm-hmm.

   26. NANikesh Arora18:59

       ... would want somebody who's the expert to build it and for us to have some version of adaptability or adaptation to it-

   27. EGElad Gil19:05

       Mm-hmm.

   28. NANikesh Arora19:05

       ... and make sure it's secure. Like none of us, no enterprise customer wants their data to be floating in a multi-tenant environment saying, "Oh my God, my data is training other people's data." Now, to the extent it's accounts payable, have a good time, right? You know, you understand how I codify stuff.

   29. EGElad Gil19:18

       Yeah.

   30. NANikesh Arora19:18

       Have a good time. But to the extent it's proprietary data when I'm doing FDA trials, I don't want my FDA trial data training somebody else's data. So that's... But I think they will err on the side of caution and say, "I want my instance to be secured." So I think we spend half our time before we look at any of these packaged AI apps talking to them understanding the security.
6. 20:15 – 27:35

   Gen AI and Cybersecurity

   1. EGElad Gil20:15

   2. How do you think about that in the context of, um, applications that you think that may make the most sense in the... for cybersecurity? So if I look at funder activity, there's more and more activity around SOC.

   3. NANikesh Arora20:24

      Yeah.

   4. EGElad Gil20:24

      There's a lot of activity around pen testing.

   5. NANikesh Arora20:26

      Yes.

   6. EGElad Gil20:27

      There's, there's activity around a lot of areas that are very human intensive, in some cases repetitive tasks, which make a lot of sense for this form of generative AI to take over. And then there's people incorporating AI into existing products like Socket for sort of like a Snyk-like competitor or other aspects of, um, code security.

   7. NANikesh Arora20:41

      Mm-hmm.

   8. EGElad Gil20:41

      I'm sort of curious from your vantage point, what do you think are the most interesting areas of cyber AI?

   9. NANikesh Arora20:47

      So I think if you, if you step back and think about cybersecurity, right, there's a world of cybersecurity which operates and says, "This is the known bad. I found it. Let me stop it."

   10. EGElad Gil20:57

       Mm-hmm.

   11. NANikesh Arora20:58

       Sure. That's a good thing.

   12. EGElad Gil20:59

       Mm-hmm.

   13. NANikesh Arora20:59

       I found a bad actor, let me stop it. I found malware, let me stop it.

   14. EGElad Gil21:02

       Mm-hmm.

   15. NANikesh Arora21:02

       Now, to be able to stop bad things from... that, that are getting into your network, you have to be deployed every sensor.

   16. EGElad Gil21:12

       Mm-hmm.

   17. NANikesh Arora21:12

       So the first thing a cybersecurity company says, "Look, I can't stop what I don't see."

   18. EGElad Gil21:15

       Mm-hmm.

   19. NANikesh Arora21:16

       "So I have to be present every edge, every endpoint, every sensor of (...) the organization." So Fiverr has really made a conscious choice. Our strategy should be to get to be in as many sensor places or control points as we can.

   20. EGElad Gil21:28

       Mm-hmm.

   21. NANikesh Arora21:29

       So we did that. You know, we have, we have a SASE product. We have an endpoint product.

   22. EGElad Gil21:33

       Mm-hmm.

   23. NANikesh Arora21:33

       So that's good. I think sensor business will have to stay because if you don't, if you're not there, you can't find anything. It doesn't matter AI or non-AI. I got to be able to be there to find it.

   24. EGElad Gil21:40

       Mm-hmm.

   25. NANikesh Arora21:41

       And then sensors are pretty good at stopping the known bad.

   26. EGElad Gil21:43

       Mm-hmm.

   27. NANikesh Arora21:43

       It's a known bad, I stop it. Well, most cybersecurity breaches happen because the unknown bad-

   28. EGElad Gil21:47

       Mm-hmm.

   29. NANikesh Arora21:48

       ... because we stopped all the known bads.

   30. EGElad Gil21:49

       Yeah.
7. 27:35 – 29:53

   New Problems in Cybersecurity in the AI Age

   1. NANikesh Arora27:35

   2. SGSarah Guo27:35

      Uh, what new problems from AI do you actually pay attention to? You say like, "This is gonna be a mass market problem."

   3. NANikesh Arora27:42

      Look, I think if you, if you back up and, you know, read our own doc or believe our own rhetoric, if you believe your own rhetoric, then I, as a bad actor, should be able to unleash agents against an enterprise, against every aspect of it, and figure out where the breachable parts are or where the holes are-

   4. SGSarah Guo28:03

      Mm-hmm.

   5. NANikesh Arora28:04

      ... in a quick, in a matter of minutes or less than an hour.

   6. SGSarah Guo28:08

      Yeah.

   7. NANikesh Arora28:08

      And I should be able to point my attack towards that vector. I could, should be able to run simulations on how should I attack this thing, and I should be getting exfiltrated data. Now, you know, when I started seven years ago, the average time to identify a target, get through it, and exfiltrate data was in the three to four day-

   8. EGElad Gil28:25

      Mm-hmm.

   9. NANikesh Arora28:25

      ... timeframe. The fastest we've seen it right now is 23 minutes. So if you're, if the bad actor can get in an hour and exfiltrate data or shut down your endpoints with ransomware in under an hour-

   10. EGElad Gil28:38

       Mm-hmm.

   11. NANikesh Arora28:39

       ... then by physics, your response time has to be less than an hour. The average response time is still in days. So from that perspective, the biggest threat that AI brings is that it continues to compress the timelines to be able to come, you know, either shut down your business, cause a compromise, cause ransomware, cause economic disruption. If that's what it is, I think the pressure just went up higher on our customers to get their, their infrastructure in order. So that's the, that's the risk and the opportunity.

   12. SGSarah Guo29:11

       Yeah, I, I think Elad mentioned pen testing, which hasn't traditionally been like a very strategic part of the security landscape.

   13. NANikesh Arora29:19

       Pen testing... Yeah, pen testing is just to knock it down at every part of your defense. I think lots of companies don't do pen testing 'cause they're scared of what they'll find.

   14. EGElad Gil29:25

       Mm-hmm.

   15. SGSarah Guo29:25

       (laughs)

   16. EGElad Gil29:26

       Yeah.

   17. SGSarah Guo29:26

       Yeah, they're doing some minimum compliance level.

   18. EGElad Gil29:28

       Yeah.

   19. SGSarah Guo29:28

       But I think from a technology perspective, to your point, like what is pen testing that's trying to attack the area? There are companies like Red and Sybil now that do this. They can do it continuously in the 23 minutes you described. And I'm like-

   20. NANikesh Arora29:38

       We, we run-

   21. SGSarah Guo29:38

       ... "That's exactly what an attacker would do."

   22. NANikesh Arora29:39

       We run seven by 24 by 365 at Palo Alto. We don't have, we don't hire third party people.

   23. EGElad Gil29:45

       Mm-hmm.

   24. NANikesh Arora29:45

       So what you're talking about as a company, we've done that-

   25. EGElad Gil29:47

       Mm-hmm.

   26. NANikesh Arora29:48

       ... as a default, 'cause that's our existence. We get compromised, we get breached, we have a problem.

   27. EGElad Gil29:52

       Yeah.

8. 29:53 – 32:56

   Deepfakes, Spearfishing, and Other Attacks

   1. EGElad Gil29:53

   2. SGSarah Guo29:53

      You mentioned email. Um-

   3. EGElad Gil29:55

      Yes.

   4. SGSarah Guo29:55

      ... I think it's, like, a well-known issue that a lot of the breaches, they happen because of social engineering, because of email, because, you know-

   5. NANikesh Arora30:03

      Credential take o- 89% of the attacks happen because of credential attempt.

   6. SGSarah Guo30:06

      Right.

   7. NANikesh Arora30:06

      Somebody becomes you or me.

   8. SGSarah Guo30:08

      Okay.

   9. NANikesh Arora30:08

      All right?

   10. SGSarah Guo30:08

       So people like us are not getting any smarter, and s- now you have models-

   11. NANikesh Arora30:12

       Oh, come on.

   12. SGSarah Guo30:12

       Ah. Like, we-

   13. NANikesh Arora30:13

       (laughs)

   14. SGSarah Guo30:13

       ... can try it 1% o- 1% a day.

   15. NANikesh Arora30:15

       Yeah, right. (laughs)

   16. SGSarah Guo30:15

       Right? Atomic habits. But, but you y- you know, now, uh, how concerned are you about, like, deepfakes and generated spear phishing and, you know, voice attacks and all that stuff?

   17. NANikesh Arora30:26

       So to the extent they enable the act of social engineering-

   18. SGSarah Guo30:30

       Mm-hmm.

   19. NANikesh Arora30:31

       ... yes, those are concerning because I think most forms of two-factor authentication are gonna be, you know, out of the window. I still-

   20. EGElad Gil30:37

       Mm-hmm.

   21. NANikesh Arora30:38

       ... won't say which bank is gonna go to call- caller, but I call them and they say, "Oh, can you please confirm your identity?" And they ask me three arcane questions which I'm pretty sure-

   22. EGElad Gil30:45

       (laughs)

   23. NANikesh Arora30:45

       ... ChatGPT or Gemini will be able to answer in subseconds because they're, they're always scouring the web to find public information about me and ask me questions. So, I think all those forms of authenticating who you are, are getting, uh, easier and easier to compromise.

   24. EGElad Gil31:00

       Mm-hmm.

   25. NANikesh Arora31:00

       So the question becomes... So let's, so the, the problem we have to figure out is educa- you can solve it their way or our way, as in the way they're looking at it or the way we're looking at it. At the end of the day, every one of these social engineering attacks, credential takeovers, eventually initiates some bad activity in the enterprise.

   26. SGSarah Guo31:19

       Mm-hmm.

   27. NANikesh Arora31:20

       And the bad activity in the enterprise often takes the form, takes on the form of what I will call anomalous behavior.

   28. EGElad Gil31:27

       Mm-hmm.

   29. NANikesh Arora31:27

       Right? Suddenly, Sarah decided to exfiltrate all the data in Elad's company, even though she used to do email with him every day. Today, suddenly, she's logged in and she's downloading everything onto her laptop.

   30. EGElad Gil31:38

       This actually happened last week.
9. 32:56 – 35:49

   Expanding Products at Palo Alto

   1. NANikesh Arora32:56

      Okay?

   2. EGElad Gil32:56

      So one of the things you've done incredibly well at Palo Alto, over time, is really starting with a core set of products and then expanding, and really providing both the platform and the add-ons that you mentioned. Was that something that you came into the company knowing that you wanted to do? Is that something that you ended up adopting over time? I'm a little bit curious how you thought about that puzzle.

   3. NANikesh Arora33:11

      Well, Elad, you know, I've worked together before, and I remember, you know, you had Google, a smart young man, and he's n- that hasn't changed. You know, I came to Palo Alto and I just analyzed the business problem-

   4. EGElad Gil33:21

      Mm-hmm.

   5. NANikesh Arora33:21

      ... you know, the product. So, you know, I came with two things. One, I understand business. Two, you know, Larry told me many years ago that if a technology company loses sight of the product-

   6. EGElad Gil33:31

      Mm-hmm.

   7. NANikesh Arora33:31

      ... it decimates over time, and that's been true-

   8. EGElad Gil33:33

      Mm-hmm.

   9. NANikesh Arora33:33

      ... across technology. You can pick your, take your pick across the, you know, the, the-

   10. EGElad Gil33:38

       Mm-hmm.

   11. NANikesh Arora33:38

       ... tons of companies which haven't made it. The business problem in enterprises eventually, if you look at a enterprise company less than a billion dollars in revenue-

   12. EGElad Gil33:46

       Mm-hmm.

   13. NANikesh Arora33:47

       ... 50 to 65% of the cost is cost of sales, marketing, and customer support.

   14. EGElad Gil33:51

       Mm-hmm.

   15. NANikesh Arora33:52

       Which leaves no room for margin. If you look at the largest enterprise companies, that number goes to 30%. So actually, it's all about taking that 70%, bringing it down to 30-

   16. SGSarah Guo34:00

       Mm-hmm.

   17. NANikesh Arora34:01

       ... because R&D, G&A don't change a lot past a billion to 10 billion or 100 billion.

   18. EGElad Gil34:05

       Mm-hmm.

   19. NANikesh Arora34:06

       You still maintain 12 to 16% of R&D cost, and you still maintain, you know, if you're, if you're, like, efficient like some of the large players on the market at 4% G&A, or you're at 6 or 8%. So, your maximal leverage comes from sales and marketing, customer support-

   20. EGElad Gil34:18

       Mm-hmm.

   21. NANikesh Arora34:18

       ... and marketing. And you realize, well, what is that? That is the ability to convince one customer that you're really good at what you do and be able to expand in that customer's environment with that trust, then you can do more and more things for them. So, that's the insight I came in with-

   22. EGElad Gil34:31

       Mm-hmm.

   23. NANikesh Arora34:31

       ... saying, "Why is it that, you know, Sarah's friend-

   24. EGElad Gil34:34

       Mm-hmm.

   25. NANikesh Arora34:35

       ... has 118 vendors who's in their infrastructure?"

   26. EGElad Gil34:38

       Mm-hmm.

   27. NANikesh Arora34:38

       'Cause each of them gets vetted, BoC. This is security.

   28. SGSarah Guo34:41

       Yeah.

   29. NANikesh Arora34:41

       It's not like s- like, buying some, like-

   30. EGElad Gil34:42

       Right.
10. 35:49 – 44:28

    AI Agents and Human Replaceability

    1. EGElad Gil35:49

       What do you... Do you view the future of those sort of functions being very AI-enabled and AI-heavy? Or how do you think about that transformation across companies like Sierra, Decagon, Rocks, and others?

    2. NANikesh Arora35:59

       ... yeah, I think you-

    3. EGElad Gil36:00

       I think that's it.

    4. NANikesh Arora36:00

       ... I'll answer the first half of the question.

    5. EGElad Gil36:02

       Yeah.

    6. NANikesh Arora36:02

       The second half is your domain and Sara's domain. I'm going to leave you to answer that question for him-

    7. EGElad Gil36:05

       Mm-hmm.

    8. NANikesh Arora36:05

       ... because I don't know the answer to-

    9. EGElad Gil36:07

       Mm-hmm.

    10. NANikesh Arora36:07

        ... the other companies. But I think, look, if- if you fundamentally look at it, and look at organizational efficiency-

    11. EGElad Gil36:14

        Mm-hmm.

    12. NANikesh Arora36:14

        ... perhaps, or perhaps the best word people are scared of, AI-based efficiency, I seriously doubt that an AI agent will convince the CIO or CISO faster than my human-

    13. EGElad Gil36:23

        Mm-hmm.

    14. NANikesh Arora36:23

        ... that goes and hangs out with them and shows them the product. So-

    15. EGElad Gil36:25

        Mm-hmm.

    16. NANikesh Arora36:26

        ... I think my sales teams are very happy in their existence. They don't believe they're-

    17. EGElad Gil36:30

        Mm-hmm.

    18. NANikesh Arora36:30

        ... imminently threatened by AI, so that's a good thing. Interestingly, on the product development side, I think people will be-

    19. EGElad Gil36:39

        Just to come back to that. Sorry to interrupt you. But, uh, there's other forms of sales enablement, you know, uh, a deck per customer that you customize or-

    20. NANikesh Arora36:48

        Yes. But those are-

    21. EGElad Gil36:49

        ... uh, sort of SDR, or sort of-

    22. NANikesh Arora36:50

        Yeah.

    23. EGElad Gil36:51

        ... you know.

    24. NANikesh Arora36:51

        Those are marginal. That's process efficiency which will come-

    25. EGElad Gil36:53

        Mm-hmm.

    26. NANikesh Arora36:54

        ... through it. But, you know, guess what? Before we get there-

    27. EGElad Gil36:56

        Uh-huh.

    28. NANikesh Arora36:56

        ... I'm probably going to need, you know, 15 AI-savvy people to-

    29. EGElad Gil36:59

        Mm-hmm.

    30. NANikesh Arora36:59

        ... build the workflow because an AI model is not just going to spit out a Palo Alto SASE proposal by itself.
11. 44:28 – 46:52

    Nikesh’s Thoughts on Growth at Scale

    1. SGSarah Guo44:28

       we talk a little bit about leadership?

    2. NANikesh Arora44:29

       Sure.

    3. SGSarah Guo44:29

       You're a very unique leader.

    4. NANikesh Arora44:30

       Sure. (laughs)

    5. SGSarah Guo44:30

       So this is a time of, like, at least a handful of companies growing very quickly, uh, because they create some-

    6. NANikesh Arora44:37

       Because they do trades in billions of dollars.

    7. SGSarah Guo44:40

       Y- yeah, yeah. Uh, well, and-

    8. NANikesh Arora44:41

       (laughs)

    9. SGSarah Guo44:42

       ... like, eh, you know, an optimist myself would say, like, eh, AI wrappers or not, they're creating a lot of value.

    10. NANikesh Arora44:47

        Yeah.

    11. SGSarah Guo44:47

        And consumers and enterprise are buying very quickly.

    12. NANikesh Arora44:49

        Yeah.

    13. SGSarah Guo44:50

        Google from 2004 to 2014, Palo Alto seven years in?

    14. NANikesh Arora44:54

        Mm-hmm.

    15. SGSarah Guo44:54

        You've added, like, the size of a Palo Alto originally every single year since in terms of enterprise value. That's wild. Like, what, what makes you a great leader in terms of growth at scale? Like, what do you, what, what advice do you have for some of these people who are, like, Guinness Book of World Records in terms of growth the first few years?

    16. NANikesh Arora45:11

        Well, I ... Look. If you step back, it's interesting. Every business that you identified or you looked at, we've talked about, has a much larger dam than any of these companies is able to touch. The, the, the markets are growing.

    17. EGElad Gil45:27

        Mm-hmm.

    18. NANikesh Arora45:27

        You have the opportunity to take share and grow in that market. So I'm a huge fan of growth businesses. I hate the idea of going restructuring something which is on a declining curve. It'd be sort of, well, scare me.

    19. EGElad Gil45:38

        Mm-hmm.

    20. NANikesh Arora45:38

        So it's good to find the right market from a growth perspective. I think, um, I always had this principle that nobody wakes up the morning and goes to work to screw up. Nobody wakes up saying, "Oh, shit."

    21. EGElad Gil45:48

        Mm-hmm.

    22. NANikesh Arora45:48

        "I'm on my worst job possible. No chance in hell." You know, you can find people, you can get a group of people together. They can be innovative as hell and go put, you know-

    23. EGElad Gil45:56

        Mm-hmm.

    24. NANikesh Arora45:56

        ... a rocket into space faster than NASA. These are all humans. They're all people out there. There's no difference in many of them than people who work at Palo Alto, the people who work at Google and elsewhere. So what creates the difference between great companies and companies that are not, uh, as good? Because I'd say within reason, the people-

    25. EGElad Gil46:14

        Mm-hmm.

    26. NANikesh Arora46:14

        ... you can find those people in every company. I think it boils down to understanding the market, setting the right North Star, getting enough buy-in, talking about the why, not just the what you need to get done, and getting people really excited and bought into it, and then making sure they have the resources to get their task done. If you do that, then my job is just saying, "Set the strategy, set the North Star, put the right people in place," and then basically act as their shield and keep blocking bad things or friction from slowing you down. So if you can do all of those things in a way, you know, there's a high probability you can create good outcomes. Never guaranteed.

12. 46:52 – 51:14

    Nikesh’s Leadership Tips

    1. NANikesh Arora46:52

    2. EGElad Gil46:52

       Are there any unique structures or approaches or tactics that you do that go against the grain? Uh, we've talked to Jensen a few times, and he's pointed out, for example, he has, like, 40 direct reports. He doesn't do one-on-ones.

    3. NANikesh Arora47:01

       (laughs)

    4. EGElad Gil47:01

       You know, it's a very-

    5. NANikesh Arora47:02

       I actually read that. I actually tried that.

    6. EGElad Gil47:03

       Yeah. (laughs)

    7. NANikesh Arora47:03

       I actually expanded my staff meeting from eight to 25 after I read that by Jensen.

    8. EGElad Gil47:08

       Yeah, that's good.

    9. NANikesh Arora47:08

       It's interesting, and it solves a different problem.

    10. EGElad Gil47:11

        Mm-hmm.

    11. NANikesh Arora47:12

        So at least from my case, I've discovered that I'm not always sure that these people communicate the whys to their teams.

    12. EGElad Gil47:18

        Yeah.

    13. NANikesh Arora47:18

        It at least eliminates one level of confusion. Why does he want this? Oh, actually, I heard him directly.

    14. EGElad Gil47:22

        Mm-hmm.

    15. NANikesh Arora47:22

        This is what he wants to get done, because sometimes, you know, you have this notion of you have to be clear, you have to be cold. Sometimes you have to be-

    16. EGElad Gil47:27

        Yeah.

    17. NANikesh Arora47:28

        ... directive. Sometimes you have to be-

    18. EGElad Gil47:29

        Mm-hmm.

    19. NANikesh Arora47:29

        ... you know, encouraging. It's like, "We're gonna climb that mountain. We are gonna climb that mountain." And it's like, and if you go back, it's, "We're gonna climb a mountain. Promise people you'll end up on that one."

    20. EGElad Gil47:37

        Yeah.

    21. NANikesh Arora47:38

        So it's important for people to understand the communication parts, and I've discovered that communication actually is underrated in organizations. And usually the way I do my sort of call it 360 degree test-

    22. EGElad Gil47:52

        Mm-hmm.

    23. NANikesh Arora47:53

        ... is I meet 50 employees every two weeks and ask them questions.

    24. EGElad Gil47:56

        Mm-hmm.

    25. NANikesh Arora47:57

        And then I discover, I'm like, ah, these people are asking questions which I thought was abundantly clear why we're doing this, what we're doing this for, and discover eventually that by the time you get to the person four or five, you know, levels removed from you, they actually don't understand exactly why we're doing certain things. They have fundamental questions about what we're doing. And that causes them to do it differently or not do it.

    26. EGElad Gil48:17

        Mm-hmm.

    27. NANikesh Arora48:17

        So-... that becomes sort of an issue with our community. Because you asked me about, you know, what do we do, what have we done differently compared to other people? I think communication, talking to people, making sure they're all bought in. But I think from a business strategy perspective-

    28. EGElad Gil48:32

        Mm-hmm.

    29. NANikesh Arora48:33

        ... we've taken a very different approach to M&A.

    30. EGElad Gil48:35

        Mm-hmm.
13. 51:14 – 54:18

    Nikesh on Ambition

    1. EGElad Gil51:14

    2. SGSarah Guo51:14

       You, at the beginning with Palo Alto and continued today, like, have been perhaps more ambitious than any other security company.

    3. NANikesh Arora51:22

       (laughs) Okay.

    4. SGSarah Guo51:24

       Uh, I- I think that's right. Um, how do you, how do you convince an organization to be more ambitious? Because, you know, you- uh, my understanding of the cyber industry before is you had like endpoint businesses and firewall business-

    5. NANikesh Arora51:36

       Yeah.

    6. SGSarah Guo51:36

       ... very sort of domain specific, right?

    7. NANikesh Arora51:38

       I don't think you have to convince humans to be more ambitious. I think we are natively and naturally ambitious. Like, you know, you meet somebody and saying, "Do you, can you do more?" I've never heard somebody say, "I think I'm done."

    8. EGElad Gil51:49

       Mm-hmm.

    9. NANikesh Arora51:50

       Like, everybody says, "I want more. I can do more." Right? We live in a consumptive society, we are all taught to aspire for more. So I don't think it's hard to make people at Palo Alto feel that we- we have the right to play at a bigger table on a constant basis. And- and people actually like the idea of ambition and aspiration and winning. Like, you know, trust me, if our stock wasn't up six or seven times in the last seven years, a lot more people internally would have questions on our strategy than they have now. So I think it's a sort of self-fulfilling prophecy-

    10. SGSarah Guo52:17

        Yeah.

    11. NANikesh Arora52:17

        ... it's a good thing across the board. But I think more fundamentally if you step back, our industry is not fully formed. It has 118 vendors, it's fragmented. Uh, you know, you take a look at the CRM industry, look at the ERP industry, look at the HR industry-

    12. EGElad Gil52:36

        Mm-hmm.

    13. NANikesh Arora52:36

        ... these things operate on singular platforms, right? Nobody has two Salesforces deployed in their enterprise. Nobody has two Workdays deployed in their enterprise.

    14. EGElad Gil52:42

        Mm-hmm.

    15. NANikesh Arora52:43

        Nobody has two SAPs deployed in their enterprise. Why? Because you need end-to-end visibility, a singular workflow, a singular set of analytics to solve the problem.

    16. EGElad Gil52:53

        Mm-hmm.

    17. NANikesh Arora52:54

        Our industry has started off because, "Oh my God, we have a threat, block the threat." You know, don't worry. So like we're playing Whac-A-Mole. So the point is, as I said, over time, as these requirements normalize, they somewhat sort of, you know, what do you say, converge in the capabilities of vendors, then how does it matter if you take from one source to the other, and what, what becomes more important? You know, all these platform companies I talked about, it's not like they have unique features on a feature by feature basis compared to their competitors. Over time, those have normalized. But what they do have, they have an end-to-end visibility and capability that integrates the functionality, that's why they're there. So if cybersecurity has to survive in the long term as a mature industry, we also have to become sort of a singular enterprise platform. If you believe that, we're almost there. Right? We've taken... We used to have 24 products when I came. We had four when I came, we took it to 24. We had 44 magic quarter in its top right mentions. We've turned that into three platforms.

    18. SGSarah Guo53:49

        Mm-hmm.

    19. NANikesh Arora53:49

        Now say, you know, if you're going on a journey with us, it's going to take you two to three years to get our platform deployed. We're at three right now because had we said one, oh my God, oh my God, your friend can't go from 118 to one, like it'd boggle his mind.

    20. SGSarah Guo54:00

        Mm-hmm.

    21. NANikesh Arora54:00

        So let's keep him at three first or one of three-

    22. SGSarah Guo54:03

        Yeah.

    23. NANikesh Arora54:03

        ... and hopefully get him to the next one, we get him to the third one. So I think the idea from our perspective is if we can become the platform of choice in the industry, that's a very big ambition, very big North Star. But you know, it's like you don't get there if you don't start.

    24. SGSarah Guo54:17

        Maybe

14. 54:18 – 58:21

    Nikesh’s Thoughts on AI

    1. SGSarah Guo54:18

       when you look forward both... Okay, Palo Alto, cybersecurity, AI. Three questions-

    2. NANikesh Arora54:23

       Mm-hmm.

    3. SGSarah Guo54:23

       ... what keeps you up at night? What do you think most about?

    4. NANikesh Arora54:25

       I think most about AI. Not-

    5. SGSarah Guo54:28

       Me too.

    6. NANikesh Arora54:29

       ... (laughs) I'm glad we think about-

    7. SGSarah Guo54:30

       Me too.

    8. NANikesh Arora54:30

       ... certainly something you and I agree on, right? (laughs)

    9. SGSarah Guo54:32

       Yeah. (laughs)

    10. NANikesh Arora54:33

        I think more about AI from the vantage point that if our view of the world how, of how this is going to evolve is not within the guardrails of where it's gonna be, we may end up taking Palo Alto in a different direction. Because remember, we exist to help you secure technological advancement in a certain direction before you fully deploy it.

    11. SGSarah Guo54:59

        Mm-hmm.

    12. NANikesh Arora54:59

        I want to give, like, you know, today our conversation with some of the big cloud providers was, "How is everybody thinking about Agentic now? I'm supposed to secure agents." The problem is, I can't get one person-

    13. SGSarah Guo55:11

        Mm-hmm.

    14. NANikesh Arora55:11

        ... to agree with the other person's definition of an agent. I'm like, "What's an agent?" Well-

    15. SGSarah Guo55:14

        Yeah.

    16. NANikesh Arora55:15

        ... are you going to use MCP protocols to .......................... Well, no, we just have connectors. What's a connector in, in an LLM? A connector's effectively an API call, microservices call. Why are you using API calls? They used to be called API calls in the past. Why aren't you-

    17. SGSarah Guo55:26

        Yeah.

    18. NANikesh Arora55:26

        ... ... using MCP server client and clients? Well, we're gonna get there, right? Well, are you... Well then, how are you going to do inspection of identities? We're going to register the identity somewhere else. Like-

    19. SGSarah Guo55:35

        Mm-hmm.

    20. NANikesh Arora55:36

        ... what's an agent? How are you going to ... Is it gonna be delegated?

    21. SGSarah Guo55:38

        I like that.

    22. NANikesh Arora55:38

        So there's, like, so many questions from an execution perspective from how the industry evolves that this kind of keeps me up at night. We talk about this every day. We have a team of people getting together every day for two hours, and we read everything. We d- didn't talk about saying, "What do you think about this? What do you think about that?" Because when you don't have an expert, then hopefully the collective wisdom of six or seven smart people, those people who I bring together every three, every two to three times, is probably better. So-

    23. SGSarah Guo56:02

        Mm-hmm.

    24. NANikesh Arora56:02

        ... we're constantly trying to paint a picture of how the world of AI is gonna evolve. So we're building our opinion, and based on that, we have to design a product.

    25. SGSarah Guo56:10

        Mm-hmm.

    26. NANikesh Arora56:11

        So that's, that's extremely bleeding edge.

    27. SGSarah Guo56:13

        Mm-hmm.

    28. NANikesh Arora56:14

        Right? And if you want to be the cybersecurity partner of choice, we have to be able to go with a bleeding-edge capability and tell our customers, "Look-"

    29. SGSarah Guo56:21

        Mm-hmm.

    30. NANikesh Arora56:22

        "... you have a problem, but we're solving it faster than anybody else, and we can help you deploy AI securely."

Episode duration: 58:21