Transcript
Welcome. So we're here talking about the trust layer for agentic enterprises. And the narrative is this, right? AI is rewriting the organizational roadmap, how data is accessed, and definitely how decisions are being made. So do you think that organizations than Shiva are keeping pace or are they playing catch up? It's a great question. So firstly, there's like a ton of FOMO, right? It's like you're at a dance party and your friends have gone out to the dance party and you're sitting at home. And so I sat at dinner with you, actually. We had dinner with a couple of colleagues and industry folks last night. And one of the conversations is everyone doesn't think they're doing enough. 65% of customers, a BCG survey came out yesterday, said that they're moving too fast with initiatives and not handling risk. And this is kind of real, like a really large technology company, won't give names, had an exposure for 40 minutes. Wasn't a breach, wasn't a security incident. It was an agentic system that had access or permission to information for HR data and exposed it for 40 minutes within its organization. The world of pre-world AI and the systems that we had to secure that no longer applies to the pace of change and inflection point that AI presents as a risk to the landscape that we're in at the moment. Well, I'm glad you brought up risk because everything's at scale, including risk. And so how are you then building a safety net that's fast enough to catch a system that's learning and executing at the same time in real time? Yeah, so like when you say how are you building a safety net, I think about it from a perspective of if you take an F1 car and you're driving super quick. I've thought about this before. Right. I just came from Miami. I had a great time at the F1. The F1 cars are moving super quick. That's AI. The safety piece is fuel and fuel for us is data. Okay. And so if you take that concept of fuel, you need clean data. You need to be able to know the context of that data, who has access to that data, what that data represents for your company, and the combination of those things within your organization. When you have those standing points or viewpoints, you can then think about a risk framework. When you don't have those, you just have agentic systems moving really quick in a very fast car with bad fuel, which leads to a couple of crashes on turn one or turn two of the first corner. Which none of us want. And the truth is that most organizations, many organizations, don't really know what kind of data their systems are consuming, especially, and this came up at our dinner last night, when employees are using tools like Gemini or Claude. So then how does an enterprise sort of regain visibility into the shadow AI without hindering innovation, which is ultimately what we want? So shadow AI is a fun concept. Shadow IT, prior to the AI world, is taboo. Shadow AI now, and this controversial topic that we talked about last night, I think in the next 10 years, the use of AI might be considered a human right, like water or internet. So if 70% of your organization is using Claude or using Gemini off script, that's not a problem, it's a signal. It's a signal that the world's using or the need for AI is almost like how I function to do my job. So the question isn't how do I restrict usage of shadow AI, it's how do I get context? How do I get visibility, classification to my data? How do I put guardrails? And for us, the way you do that at Veeam is we bought a company called Security AI, is to visualize the context or relation between systems, agentic systems, context to people, and uncover these sort of combinations and be able to safeguard or either detect, protect, or undo things that happen in real time. AI is a human right, do not tell my daughter that. Look, you talked about cleaning data, it's definitely a security mandate, we know that, but if these systems are, as they are doing right now, basically absorbing everything, including rot data, right, redundant, obsolete, trivial data, that a lot of people forgot they kind of had and had it laying around, how do you identify then that kind of toxic combination before the AI hallucinates, turns something, a simple data error, into this massive liability? Yeah, so I use the rot data analogy as like we all maybe have started coming back to the office begrudgingly, but when we were all working in the office, there was the office fridge, and there's always weird stuff in the office fridge. It's like that piece of food that maybe Mark just left there from a late night Indian takeaway, and in that, AI is not as discerning as humans, where you look at it, look at the mold and go, I'm not eating that. AI ingests all data, raw, obsolete, trivial, and when it ingests that data, without the guardrails, the equivalent of food poisoning occurs to the systems, so decisions you make are made off moldy data. Financial decisions and the direction of your company are made off these components, so how do we look at that? I think we've brought together two types of technology, two different disciplines, data security posture management, which is the classification and understanding of your data, and the ability that we do that at like machine learning and real speed to keep up with the volumes of unstructured data we have, and on the right hand side, then we have the security resilience. How do I uncover and undo bad things? So first thing, know your data, know who has access, know the identities that are associated with it, get rid of your rot data or the moldy Indian takeaway, I'm using Indian because someone said that was what I ate last night, whatever food of choice, and think about the concept of those things not being taken care of will truly poison your systems, and those systems are giving you intelligence to make decisions. So AI is forcing a lot of new conversations, but also folks in the same room, the CIO, the CISO, the Chief Digital Officer, who would you say then owns the risk in an agentic enterprise, and how do you prevent the leadership gap from becoming kind of a security disaster? Yeah, that's how it goes. So I think it's not the question of who owns the risk anymore. In a traditional world, you need an owner that owns the risk. We sat with last night various roles, risk officers, CDOs, CIOs, CISOs, and what I found was the commonality of it's a collective problem, but having a collective problem without roles and responsibilities is a problem in itself. Our thought process is it can still remain a collective problem, but the view in which you look at that problem has to be a unified platform, and that platform is kind of what we put together for our customer base. What we think about is bringing together the contextual data by role type. A CDO can look at it from a concept of trust, so do my customers, like a great example that I thought about the other day is at Canada, AI inferred a refund policy on its own and started issuing refunds. A Chevy dealer very recently by accident offered a one dollar car, and so when you don't, so the CDO's concept in that world is I need to ensure my data is trust. A CISO's view of the world is I need to ensure my data is secured and the right people don't have access. I have governance, I have risk, I have compliance standards. I spoke to someone in banking, like the implications of people's money is so severe that it's something that needs to be treated separately, and then a CIO needs to be able to recover that data in the instance of an outage if a data center went down. So there's three unique problems. My view is look at it from one lens. You have different reasons or different lenses to look at that one set up, but you need commonality. Context, security, and trust. So before I let you go, I'm interested in kind of your call to action and your final thought for folks. Yeah, and I've had to train myself through my own AI reasoning to not come in here and scare the hell out of everybody, that it's risk, doom, and gloom. AI is a phenomenal thing. Yeah. In the next 10 years, my bet, we'll put it on this stage, is it would be considered a human right. It's going to solve so many problems. It's going to solve medical problems. It's going to solve, and it's going to really reshape the way we look at the world. No revolution has been this sort of exponentially prevalent for us in the world. There are people whose task is to build and help us create the AI systems that will help us build. There's all of us here that we have to embrace those systems, and then Veeam, the company that I work for, our job is to make sure that's safe, trusted, and so that we protect the intent of what AI is, the benefits of AI, and how it can help us in the world. Awesome. Shiva, you're fantastic. Let's do this again. Thank you so much. Thanks, guys.
