Transcript
delighted to be joined by Ravi Krishnamurthy, VP of AI Foundations and Responsible AI at ServiceNow. Great to see you, Ravi. Pleasure, Anna, to be here. And also joined by Ian Swanson, VP of AI Security Products at Palo Alto Networks. Great to see you, Ian. Thanks for having me. So we're talking about how we can securely accelerate AI. Everybody's talking about this, but Ravi, first, starting with you, from a ServiceNow perspective, how are you seeing AI transform the way organizations operate? Today, we are at an inflection point. I think there's been a lot of talk about AI for the last three, four years. People have been trying to do things. This is the year people are getting serious productivity gains. It is the time to accelerate. Yeah. Yeah. And what are the advantages they're seeing already? I mean, productivity, to start with. Customer service. I mean, I run our voice agent platform. I'm just astonished at how quickly people are adopting technology. I'm astonished at how quickly people, startups, go from zero to 100 million, 10 million, 20 million ARR. It's just the passion to get going. I mean, I've been in AI for 25, 30 years. I never thought I would see this in my lifetime. But enterprises are going all in. They're thinking about how do I transform my customer service? How do I transform my back office, my middle office? So, it's really the time when AI is becoming practical. And that's why this conference, I think, is coming at a very critical time because AI governance and security is going to be the very key driver or accelerator for this transformation. Absolutely. Ian, I would love to hear from you. From a security perspective, does this align with what you're seeing at Palo Alto Networks? So first and foremost, AI can be transformative for any company. It's really a CEO mandate now of how do we use AI to improve our bottom line of the operations of our business, but also build products that delight and surprise our customers in new and novel ways. So, I'm a firm believer in the power of AI. And like Ravi, I've been in AI for over two decades. Now, as the CEO is saying, move faster with AI, they're turning to the CISO and they're saying, how are you enabling this in a way that it's safe, that it's trusted, and that it's secure? And the headline here is there really should be no AI in any enterprise without security of AI. And the CISOs are straddling that line of one foot on the gas pedal and the other one on the brake, and really trying to calibrate, if you will, the adoption in a way that drives the business outcome, but does it in a way that's secure. And they want to transform in a secure way. They want to do this efficiently. They want to do this successfully. But what are the risks that are top of mind for CISOs when it comes to rolling out these agents and models? So a lot of the practices that we had in other areas of security do apply to AI, concepts like secure by design. And so as I meet with CISOs every single day, there's really three things in terms of this journey of what they're trying to check the box and make sure they cover. The first one, I need to discover all the AI that's deployed across my enterprise. So think of it as shadow AI. We need to expose that and really see where and how we're using AI. The second piece is how do we assess the risk? There's new and novel risks to AI. We must scan these artifacts. And then the third component is how do we protect this at the point of runtime from threats like prompt injections all the way through to now memory manipulation in agentic workflows. The tools of old in cybersecurity don't necessarily apply to this new and novel threats of AI. And that's why CISOs need to make sure they can discover, assess, and protect it at runtime. Very good. So I'd love to know about your collaboration. How are you helping CISOs mitigate these risks? So at ServiceNow, I actually four years back envisioned an AI control tower, because AI is a cross-functional team sport. Like Ian put it, there's the business side that wants to go fast, but then there is risk, security, data governance, residency. All of these have to come together so that you can balance ROI and risk, like Ian put it. Like you got to, these two have to be in. Any good executive does that, but how do you do that in the realm of AI? So at ServiceNow, we built this AI control tower that connects the dots across all of these. Think of it like the air traffic control. And what Palo Alto Networks brings is the ability to scan all the different artifacts that go through the system so that we can identify threats and then connect the dots and then come back with a response. And that's why the Better Together story is very strong here. Yeah, I agree. By the way, we're big fans of ServiceNow, and so it's a great partnership. Also, I've now become friends with Robin, so it's been great. But my view is I lead AI security at Palo Alto Networks, the world's largest cybersecurity company, is I need to bring security to where people are doing AI, where they consume AI, where they're building AI. And clearly, people are choosing to build AI in ServiceNow. And so we're taking our capabilities to this partnership where on one side, we can scan these unique artifacts like models for risk, we can behaviorally test them. But then as they put them in production using control tower, we're able to put these runtime protections at the point of inference when it's making decisions. And so again, it's really about how do I take all of our capabilities to where people are doing and building AI, and ServiceNow is a great partner for that. Okay. So any lessons learned that you can impart to our audience as final takeaways as to how they can really drive forward securely but not impacting innovation? My takeaway is it's an and. It's not should I go fast or should I manage risk? You got to do both. And when you do both at scale, using the right tools, the right processes, and with the right people, you have to do and. And that is the way forward in this new world. Okay. My view is very similar to what Ravi shared right now. If I were to expand on that, we're moving from AI that talks to AI that acts with agents. And so just like how it's a team sport, how do we educate our teams? How do we build in security natively, secure by design? We need to make sure that we're doing that end-to-end because AI is taking actions on behalf of systems and humans. It's machine to machine. And so it's a brand new space. And so my advice here to CISOs is, yes, you need to move fast. You need to be an enabler. But you also need to have one foot, again, on that brake, just kind of calibrating that to make sure that we are really securing this end-to-end. And that is critical because it's making very precise decisions that can have a lot of risk. And we need to be able to check that from time. So what you're saying is you don't need to choose between security and speed. I don't think you can. I think you have to move fast. You have to move fast. Otherwise, you're going to be left behind. The risk of not moving is higher than the risk of moving. But how can you move and, like Ian put it, manage risk at the same time? It's a new paradigm. I think a lot of the traditional cybersecurity concepts and tools apply. But the pace, the agility, it's got to be everywhere. Just the way you respond to it is very different. I advise, for example, I advise an AICOE. And they were spending six months writing, figuring out policies. And I'm like, no, you've got to get started. And you've got to do this. Because if you spend six months, your teams are going to build AI outside your secure boundaries anyway. So how do you do both at the same time? It's a very iterative. It's a very different way to approach the problem. But at the same time, all the concepts of the past, secure by design, zero trust, least privilege, you've got to apply them in this new world. They all apply. That's why we are working together to make that possible. And with a partnership like this, we want to enable CISOs along with CIOs to deploy AI bravely. Do it in a way that is, yes, has some amazing capabilities with ServiceNow, but with our security, you can deploy AI bravely where you're like, we're enabling, but we're also doing it in a secure, in a safe, in a trusted way. I want to pick up on that word bravely. How do they do that? What's the key to embracing that? Because they know they're backstopped from a standpoint of we're able to secure the artifacts and understand what they're doing at runtime, add that security and that trust layer in there that gives them the confidence to go tell their teams move fast. Yeah. And on top of that, when you see, I mean, again, it's a new space. When you see things, you have the ability to respond quickly with this partnership, with the control tower, with all the automated scanning and- Context, yeah. Context. You have the ability to pinpoint what happens and respond. So that's the power that people have to move fast and protect themselves. Well, it's an exciting time, no doubt. Thank you so much, Ravi. Thank you so much, Ian, for your perspectives and insights. Thank you. Thank you. And thanks so much for watching. For ISNG, I'm Anna Delaney.