Key Moments
Palo Alto Networks CEO: "AI Found 5 Years of Bugs in 6 Weeks"
All-In PodcastWant to know something specific about what's covered?
We've already dissected every moment. Ask and we will deliver (with timestamps).
Key Moments
AI found 5-7 years of code vulnerabilities in just 6 weeks, but early models have a 30% false positive rate, making them risky for defense without careful implementation.
Key Insights
Palo Alto Networks' market cap grew from $17 billion to $238 billion in CEO Nikesh Arora's eight years, with him aiming for $1 trillion.
AI model 'Mythos' identified vulnerabilities in Palo Alto's code within 6 weeks that would have typically required 5-7 years for humans to find.
The cost of AI vulnerability scanning was in the low millions, with ongoing cost reductions expected as models improve and become cheaper.
Analytical SaaS companies are likely to become obsolete as AI can directly analyze data without needing specialized third-party software.
System of work and system of record software will be reinvented over the next five years as AI agents automate tasks, potentially reducing human labor needs.
The weights of the newest AI models can fit on a USB stick, indicating IP is more about distilled knowledge than massive datasets, raising concerns about accessibility and control.
AI discovers vulnerabilities at an unprecedented pace
Palo Alto Networks CEO Nikesh Arora revealed that their AI model, Mythos, found years' worth of code vulnerabilities in a mere six weeks—a task that would typically take human analysts five to seven years. This rapid identification extends to chaining vulnerabilities to find new attack paths, highlighting AI's potential to significantly accelerate the cybersecurity defense cycle. While this capability is invaluable for identifying weaknesses, Arora noted that early models, like Mythos, can have high false positive rates (up to 30%), making them more effective for offense or testing than for immediate defense without proper contextualization and refinement. The cost for this extensive scan was in the low millions, with continued price reductions anticipated as AI models become more efficient and accessible.
Democratizing intelligence and business transformation
Arora drew an analogy between Google Search democratizing information and AI democratizing intelligence. This means increased consistency and capability across workforces, enabling a marketing team to produce 90% consistent output or customer-facing staff to interact with customers more uniformly. This democratization is expected to fundamentally alter how businesses operate, enhancing productivity and operational efficiency. The implications extend to areas like data analysis, where AI can reduce the need for numerous specialized SaaS tools. Arora predicts that analytical SaaS companies, whose value proposition is data analysis, will be phased out as users can directly query their own data with AI.
The demise of analytical SaaS and the rise of infrastructure
The traditional analytical Software as a Service (SaaS) model is facing obsolescence. As AI models become more capable of direct data analysis, the need for intermediary SaaS products designed for analysis diminishes. Instead, the future will likely favor core infrastructure software—databases, data management tools, and storage solutions—which will see a massive increase in demand, potentially ten times the current volume. Companies like DataBricks, Snowflake, and Oracle in the database space, and core storage providers, are well-positioned. Arora emphasized that businesses will need to consolidate data from various sources to run comprehensive analytics, a task that AI can facilitate more efficiently than navigating disparate SaaS platforms.
Reinventing the 'system of work' with AI agents
The advent of AI agents promises to transform enterprise software by eliminating the need for traditional user interfaces (UIs). Instead of interacting with complex software, users will simply instruct agents to perform tasks—such as summarizing sales calls and updating CRM systems. This shift means that 'systems of work' and 'systems of record' will be fundamentally re-engineered. The efficiency gains could be substantial, potentially reducing the workforce needed for administrative tasks. Arora speculated that this could lead to significant operational cost savings, with companies able to achieve higher operating margins by leveraging AI for internal optimization.
Cybersecurity race: Attackers vs. Defenders in the AI era
The cybersecurity landscape is now characterized by an intense race between AI-powered attackers and defenders. While advanced AI can find sophisticated vulnerabilities, Arora pointed out that a vast majority of breaches (89%) still stem from basic security failures like stolen credentials. This suggests that while AI offers potent offensive capabilities, particularly against critical infrastructure, the primary concern for most businesses lies in addressing these fundamental security hygiene issues. The risk of economic chaos from widespread breaches, even in smaller businesses, is elevated, especially if AI tools that can exploit vulnerabilities become widely accessible.
Models as a utility and the shift in profit pools
Arora views AI models as evolving into a utility layer, where businesses can procure intelligence on demand, paying for specific IQ levels or task capabilities rather than having to manage complex, general-purpose models. The primary profit pools are expected to shift from model development to applications built on top of these models. Companies will increasingly rely on specialized application providers—new AI-native startups or established players—to deliver AI-enabled solutions for HR, sales, and other business functions, rather than attempting to build everything in-house using raw models from providers like OpenAI or Anthropic.
The challenge of false positives and refining AI for defense
A critical challenge for AI in cybersecurity defense is the high rate of false positives. With Mythos showing a 30% false positive rate, meaning it incorrectly identified issues as vulnerabilities, its application in defense remains problematic. If used without proper safeguards, AI could lead to significant operational errors, such as incorrectly denying insurance claims or misidentifying threats. The key is to refine these models to achieve near-zero false positive rates, a complex post-development process that is essential for their effective and safe deployment in critical business functions and national security.
Hardware's enduring role and supply chain pressures
Despite the rise of AI and cloud computing, hardware remains crucial, especially for managing low-latency, high-throughput data, a necessity for industries like financial services. Data centers will persist, and hardware development cycles are evolving with AI-driven generative design. However, production remains the bottleneck, with component shortages and factory backlogs impacting the supply chain, particularly for GPUs. Arora expressed optimism that with significant investment, driven by industry bonanzas and government incentives, the US can ramp up production capacity over the next decade, ensuring the availability of necessary hardware for the AI infrastructure build-out.
Mentioned in This Episode
●Products
●Software & Apps
●Companies
●Organizations
●Concepts
●People Referenced
Common Questions
In a 6-week testing period using the Mythos AI tool, vulnerabilities were found that would have otherwise taken 5 to 7 years for humans to discover.
Topics
Mentioned in this video
A dominant company in the cybersecurity space, experiencing significant market cap growth and being a leader in AI-driven code analysis.
Mentioned for its historical role in democratizing information and its current potential to be the first $10 trillion company, with significant sales force assets.
A company developing AI models, mentioned as having cheaper and more consistent models. The discussion touches on their potential to release powerful models and their role in the application layer debate.
Mentioned for its $5 billion project to fix open-source software, highlighting a significant problem in the software landscape.
Developing AI models, mentioned as having released other models and potentially improving ARR faster than OpenAI, particularly by focusing on enterprise.
A company providing infrastructure software, specifically in the area of data collection and management.
Mentioned as a provider of infrastructure software for data collection and management.
Mentioned as a provider of database software and a system of record for sales data.
A prominent SaaS company whose marketplace for data analysis is becoming less relevant due to AI, and a potential system of record for sales data.
A clearing system whose breach led to significant economic disruption for physician offices, highlighting risks associated with package software and ransomware.
Mentioned as an example of critical infrastructure that needs protection from cyber threats.
Mentioned as an example of a company that successfully built an application layer on top of an operating system (Office), a model that AI companies might emulate.
Discussed in the 'Armchair CEO' segment, with the speaker expressing boredom and stating they cannot discuss it due to being on the board.
Mentioned in the 'Armchair CEO' segment; the speaker likes that the cars work and believes they should expand to more cities faster.
Mentioned as a company that has potentially recovered to a high market cap, indicating the continued relevance and potential resurgence of hardware companies.
Mentioned in the context of how hardware companies like Dell were perceived in the past.
A financial services company that uses hardware for low latency operations, making them hesitant to fully adopt cloud solutions.
A financial services firm that invests in hardware to maintain low latency, which is critical for their operations and profitability.
Used as an example of a company with significant consumer revenue, illustrating a fast path to revenue generation.
Mentioned as a company that is developing advanced self-driving car technology (Opus 4.8), highlighting the risks of high false positive rates in critical applications.
CEO of Palo Alto Networks, discussing the impact of AI on business, cybersecurity, and the future of software.
Mentioned as having spoken about 'over-beaten' companies, providing context for potential acquisition targets.
Mentioned as an example of a great CEO with a rare personality profile for taking risks and ownership.
His attempt to distinguish between founder CEOs and non-founder CEOs is mentioned, with the speaker disagreeing.
An AI tool that assesses code for vulnerabilities, demonstrating the ability to find in 6 weeks what would typically take 5-7 years for humans. It can chain vulnerabilities and is crucial for both offensive and defensive cybersecurity.
An AI model discussed in the context of its potential impact if restraints were not in place, possibly leading to chaos in corporations.
A company providing database software, part of the infrastructure software category discussed.
Mentioned briefly in the context of AI and future technology, with a positive sentiment.
The underlying technology of advanced AI, discussed in terms of their capabilities, limitations (e.g., false positives), and their evolution into a utility layer.
Mentioned as a source of inventory data that could be integrated with other enterprise data for comprehensive analytics.
National Security Agency, mentioned in the context of controlling or having access to highly advanced AI models for national security purposes.
Mentioned in relation to the Change Healthcare breach, which required United Health to provide significant financial credits to physicians.
Software as a Service, discussed as undergoing a transformation with analytical SaaS being obsolete and systems of work needing re-engineering due to AI.
Discussed as a major challenge in cybersecurity, with IBM investing $5 billion to fix it. Its accessibility also means advanced AI capabilities could become widely available.
The central theme of the discussion, focusing on its capabilities in democratizing intelligence, finding vulnerabilities, transforming business operations, and creating new profit pools.
A category of business software that is deeply embedded and will be re-engineered by AI agents, leading to increased efficiency and potential reduction in workforce.
Discussed in relation to false positives, emphasizing the challenge of reducing false positives without increasing false negatives in AI for defense.
A category of business software that is deeply embedded and will be reinvented by AI, potentially automating data entry through agents.
Discussed in contrast to on-premises hardware, particularly for financial services, where latency increases in the cloud can reduce profitability.
An emerging area of importance in AI and security, leading Palo Alto Networks to acquire a company in this space.
The primary industry focus, with AI revolutionizing vulnerability detection, defense strategies, and creating new profit pools.
A critical problem with AI models, especially in defense, where high false positive rates (like 30% in Mythos) render them unreliable for critical functions without proper mitigation.
The target for companies leveraging AI effectively, aiming for margins far in excess of industry averages, even in the '40s and '50s'.
Mergers and Acquisitions strategy at Palo Alto Networks, evolving from integrating product companies to acquiring for strategic inflection points like identity and leveraging AI for operational efficiency.
Graphics Processing Units are essential components for data centers, and global demand for them is driving backorders and straining the hardware supply chain.
A critical hardware component for which companies are committing significant investment to increase production, driven by AI demand.
More from All-In Podcast
View all 418 summaries
40 minWhy Secondary Markets Are Eating the IPO | All-In Liquidity Secondary Markets Panel
33 minThe IPO Comeback: Why Tech Giants Are Finally Going Public | All-In Liquidity IPO Panel
32 minDan Loeb: The Lost Art of Short Selling, and Why Stock Picking is Back
33 minThomas Laffont: The $4T AI IPO Wave Is Coming… and We’ve Never Seen Anything Like It
Ask anything from this episode.
Save it, chat with it, and connect it to Claude or ChatGPT. Get cited answers from the actual content — and build your own knowledge base of every podcast and video you care about.
Get Started Free