Irina Denisenko, chief executive officer of Knox Systems, features in this episode of theCUBE's Mixture of Experts series in partnership with NYSE Wired. As part of the lead-up to the AI Agent Conference, Denisenko shares the journey behind Knox Systems and discusses emerging trends in cloud security and artificial intelligence (AI). Hosted by Gemma Allen, this episode sheds light on applications of AI and cloud innovations in a rapidly evolving technological landscape.
In an engaging session with Gemma Allen of theCUBE, Irina Denisenko details their path to establishing Knox Systems as a pioneer in expedited Federal Risk and Authorization Management Program (FedRAMP) cloud services. Denisenko's experience as a co-founder of Class.com propels them to tackle government complexities, providing crucial insights into cloud security standards and the importance of minimizing time and cost investments for Software as a Service (SaaS) companies. The discussion highlights theCUBE Research’s ongoing exploration of AI and technology developments guided by trusted hosts.
Denisenko notes that the key to navigating structural challenges in achieving FedRAMP compliance lies in leveraging AI-driven cloud management. They emphasize the critical nature of real-time monitoring and rapid responsiveness in cloud security, which Knox Systems uniquely delivers to its prominent clients such as Adobe and Armis. The conversation underscores the strategic significance of Knox Systems’ services, empowering SaaS vendors with cutting-edge technology and facilitating secure government collaborations.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: AI Agent Conference. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: AI Agent Conference.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: AI Agent Conference
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: AI Agent Conference.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: AI Agent Conference. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: AI Agent Conference.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: AI Agent Conference
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: AI Agent Conference. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Irina Denisenko, Knox Systems
Exploring the Advancements and Challenges in AI Agent Deployment
John Nay, founder and Chief Executive Officer of Norm Ai, joins theCUBE's special presentation with NYSE Wired, focusing on the upcoming Artificial Intelligence Agent Conference 2025. Hosted by John Furrier, co-founder and co-Chief Executive Officer of SiliconANGLE Media, this insightful discussion covers the pivotal developments in AI infrastructure and the regulatory complexities faced by enterprises.
In this episode, Nay shares their expertise in regulatory AI infrastructure, particularly as it pertains to AI agent deployment in highly regulated sectors. The conversation, hosted by Furrier, delves into the evolving landscape of AI technology, compliance challenges, and the strategic initiatives underway at Norm Ai to address the pressing issues surrounding AI deployment. The discussion provides valuable insights for both technology and policy influencers.
Key takeaways from the discussion include the emphasis on the need for dynamic, real-time compliance frameworks that align with regulatory standards, as emphasized by Nay. Furthermore, the episode highlights how enterprises can leverage existing compliance structures to integrate AI technologies more effectively, offering a glimpse into the future of AI agent scalability and regulation. The conversation underscores the importance of bridging the gap between engineering, policy, and technology for sustainable AI innovation.
>> Welcome back to theCUBE here at our studio at the New York Stock Exchange. This is our Mixture of Experts series in collaboration with NYSE Wired. And over the next couple of weeks, we are going to be talking to some of the leaders and speakers taking the stage at the AI Agent Conference in New York this coming May. Joining me now is one such leader, Irina Denisenko, CEO of Knox Systems. Welcome, Irina.
Irina Denisenko
>> Thank you, Gemma, so much for having me.
Gemma Allen
>> So before we get to the whole world of agentic AI and all of the promise and peril that might bring, first, tell me, Knox Systems, they say that sometimes you have to feel the pain to see the opportunity. I think that was certainly your story.
Irina Denisenko
>> Absolutely.
Gemma Allen
>> Fill us in on what led you to create this company and the journey you've been on.
Irina Denisenko
>> Thank you for having me, first of all, and absolutely. Maybe the first thing I'll say just in one line, what does Knox do? Knox runs the largest FedRAMP managed cloud, and what that means is we are able to get SaaS companies FedRAMP-authorized in 90 days for 90% off of what it costs to do it on your own. And FedRAMP, for those that don't know, is the standard that you have to meet as a SaaS provider in order to serve the federal government, the DOW, really anyone in the government. It's really the Olympics of cloud security, if you will.
Gemma Allen
>> For sure.
Irina Denisenko
>> So the TL;DR on how did I get here was I previously was the cofounder and chief operating officer of Class.com, one of the largest synchronous learning companies still out there today. And long story short, I had to acquire a company to get myself FedRAMP, to get Class.com FedRAMP, when the Air Force came to us and wanted to use our technology, and acquiring a company was literally the fastest way to do it. It was not the cheapest, but it was the fastest way to do it. The current process takes three years and $3 million to do.
Gemma Allen
>> It's insane.
Irina Denisenko
>> It is a massive investment, and that's before you see a single dollar in business from the government.
Gemma Allen
>> And tell me, why is it such a brick wall? It's also quite a lengthy policy. It's been in place for quite a while now, right? And it was born at a very different time-
Irina Denisenko
>> Absolutely....
Gemma Allen
>> in the evolution of tech.
Irina Denisenko
>> Absolutely.
Gemma Allen
>> Is it that things haven't changed much in the last 11 years, or why is this so notoriously difficult still?
Irina Denisenko
>> Absolutely. Well, FedRAMP is about 15 years old now, came out in 2011. And indeed, it was a very different cloud world back then. Right? AWS was not even referred to as a hyperscaler. This was, I would say, 2009. Even into 2011, not all of us were still comfortable putting our credit card into a web page online. Now, obviously, fast-forward to 2026, we pay with our face on our phone. Right? So things have definitely changed. FedRAMP has kept up in some ways in terms of the major security standards that you have to adopt. For example, supply chain integrity. But why is the process so long? It really comes down to a few things. One, you need to have U.S. citizens on U.S. soil touching production. That's a huge part of this. So it's a logistical challenge for a lot of companies who are global. Right? There's phenomenal companies out of Israel, out of Europe. Even within the United States, a lot of our workforce is not necessarily U.S. citizens. They might be green card holders, et cetera. From a technology perspective, it is a massive investment to build out basically a new enclave of your technology, of your application, launch it into a brand-new instance that is completely isolated from your commercial code, and then continue to maintain that. And third, you need to bring in, in the same way that if you are a financial company and you're going out for IPO or any sort of big financial transaction, M&A, you're going to need your financials audited by an auditing firm. So a Big Four. In the FedRAMP world, in the cloud security world, that's called a third-party assessor, and then you need it audited, let's call it, just in taxes. You'll need it audited by the IRS, or for an IPO, you'll need it audited by the SEC. Same thing for us. We need it audited by the FedRAMP agency, the FedRAMP department. All of that takes time.
Gemma Allen
>> Wow.
Irina Denisenko
>> Right? It is a very long process to get all of the shape of the application understood and for, ultimately, a CISO in the government to accept the cybersecurity risk from a brand-new vendor. Right? You come in. You're an application. You're, "Hey, I'm backed by XYZ, awesome investors. I'm five years old. I'm doing amazing stuff." Cool. As far as the government's concerned, they have no idea who you are. Right?
Gemma Allen
>> For sure.
Irina Denisenko
>> How do they know what your security posture is? How do they know that you're doing what you say you do? The way they know is FedRAMP, and it's just a very long and tenuous process, and their starting point is they start with, "I don't trust you." Right? Zero trust came from the government originally, and zero trust architecture. And so, they start from the position of, "I don't trust you. And so, prove to me why I should trust you and should put my data with you," whether that's IRS data, whether that's taxpayer data, whether that's VA healthcare data. It's obviously the biggest healthcare system in the world, whether it's DOW data from the Marines, from the Air Force, from the Army. You name it. That is what you're asking the government to do. So it's understandable that it takes so long and it's so painful, but that's why there needed to be a faster way, because at the end of the day, the government's got less than 500 apps that it can use. I mean, the fewer apps than are on your iPhone today is what the government has access to for cybersecurity, for HR tooling, for collaboration, kind of Atlassian, Jira, monday.com type stuff, for healthcare IT. I mean, literally pick any category of software across all of them. In total, there are 500 apps. That's insane.
Gemma Allen
>> Yeah.
Irina Denisenko
>> There's 10,000 apps on AWS Marketplace.
Gemma Allen
>> No, for sure. And especially considering how fast tech is evolving and how competitive the landscape is becoming too, even from a cost perspective. Right?
Irina Denisenko
>> Yeah.
Gemma Allen
>> So I get it. Governance is very administratively heavy. There's a lot of company structural requirements alone, even in terms of how you file, et cetera, and location. So talk me through the profile of some of the clients that you work with.
Irina Denisenko
>> Absolutely.
Gemma Allen
>> You're a SaaS player. You want to do some work with the DOD or whoever it is. Bring it to life for us.
Irina Denisenko
>> Sure. So we are so honored to serve some of just the most innovative and exciting technology companies out there today. One of our longest-standing customers and partners has been Adobe. And so, we've served them for well over 10 years now with kind of the origin of the company. But more recently, in the last year, as we've opened this up to more than just Adobe, we've brought on Celonis, who's obviously almost a billion in revenue, process mining, process intelligence, and AI. We've brought on Armis, who obviously just got acquired by ServiceNow for almost $8 billion. OutSystems, which is a half-billion-dollar, low-code, no-code provider. I refer to them as the adults in the room for vibe coding, because they've really been here for 20 years in this space, and just a ton others, Backupta, Capgemini, Syniti, Peregrine, Vannevar Labs. It's really a phenomenal mix of, I would say, very established commercial SaaS vendors as well who have been struggling to achieve FedRAMP and bring all of the fantastic technology that they have to agencies, as well as what I'll call scale-ups and folks just hitting that 100 million, roughly, mark. A great example of that is BigID, who is on our FedRAMP cloud. It's, how do you make AI make sense? Well, you first figure out where all your data is, and that's how you train your AI models. That's what BigID does. Right?
Gemma Allen
>> So some of those players, you would imagine, can throw a lot of money at a lot of problems. Right? It seems to me as though those are huge names in the industry, highly capable, huge brands, but still struggle, I guess, to make this a succinct and easy process to navigate. Talk to me a little bit about the graduation process for this. You provide the guardrails. You provide the environment. You provide the access.
Irina Denisenko
>> Correct.
Gemma Allen
>> What percentage of your clients do you envision will become completely 100% autonomous in the FedRAMP process, or do you see yourself as a long-term service provider to this ecosystem?
Irina Denisenko
>> It's a great question. Ultimately, when you think about what is it that we do, we run an AI-managed cloud, and why is that valuable? Well, today, it's certainly valuable because, well, we unlock FedRAMP. What I like to say to folks is, if FedRAMP is a very exclusive ZIP code, and to move into that ZIP code, it's three years, it's 3 million bucks, if you can get a permit, and this is key to the question you're asking, the permit is the federal sponsor. Right? Going back to that CISO who's going to sign the piece of paper that says, "Yes, I'm sponsoring. I am taking on the risk of this application."
Knox and our competitor, Palantir FedStart, for example, what we do is we run a luxury condo building on Main Street, and our customers move into units in that building. Why is that valuable long term? Right? You might think, "Well, when you move into the big city as a young kid, you move into an apartment, but eventually, you'll want to get your own house. Right? So why wouldn't folks want to get your own house?"
Well, I would say it's the same reason that, "Well, why does IBM have a billion-dollar managed cloud business?" I know Michael Dell was just here. Right? Why does Dell have a huge managed cloud business? It actually comes down to one very fundamental trait of, I think, just humans. This has actually little to do with technology even, and that is people don't want to do hard stuff. If someone else raises their hand and says, "Hey, you know those CVEs, those 10.0 CVEs?" which, by the way, in the age of AI, we've had more CVEs in the last six months than we've had in the last six years. Right? So, I mean, the hackers are hacking, whether it's rogue nations, script kiddies. AI is here, and it is actively pummeling every piece of software. If you raise your hand and say, "Hey, those 10.0 CVEs that pop up on a Saturday at 3:00 in the morning, I'll take care of those for you, rather than you having to take care of those." Assuming they trust you could do it and you've proven you can do it, folks will run to hand off the grunt work of running a secure cloud environment, because it's hard. It's hard, which is why, for us, it's really been about where... It's actually been less about finding folks who are interested in getting FedRAMP and staying FedRAMP and so on. It's been more about, how do we ensure that we can remediate autonomously extremely fast? Speed matters when it comes to responding to incidents. Speed matters when it comes to responding to vulnerabilities, and that's why, ultimately, folks are in no hurry to take back that responsibility of being on these extremely tight service SLAs, these deadlines, every time there's a finding of whether it's a vulnerability or so on.
And so, we don't see any of our customers leaving to go do it themselves, because it's the same reason why you don't see anyone saying, "You know what I feel like doing? I'm going to build my own data center. I'm not going to host in AWS. I would like to worry about whether my servers are staying online and the cooling doesn't turn off and the rat hasn't chewed through the cables. That seems like a great use of my engineer's time."
It's like, no, you just want to give that to AWS and focus on building your app. That's what we enable folks to do. We let the builders build, and we take care of the production security layer. Again, today, we're 100% focused on FedRAMP, but over time, we certainly see our customers coming to us with this request, which is, "Hey, can you run not just our federal production environment, but can you run our financial services production environment, our healthcare production environment?" and so on. That's a lot of what we'll talk about at the AI Agent Conference.
Gemma Allen
>> There's a lot of repeatability, right?
Irina Denisenko
>> Absolutely. Absolutely.
Gemma Allen
>> A lot of pattern recognition built into those processes.
Irina Denisenko
>> Security is security, right? And when you do the Olympics of cloud security-
Gemma Allen
>> Exactly. Why not?...
Irina Denisenko
>> walking down the mountain is easier than walking up it.
Gemma Allen
>> 100%. So let's talk about this market moment. You mentioned some of the very interesting occurrences over the last six months alone. If you think about the world 11 years ago in terms of what government was protecting from and for to now, 2026, the world of AI, superintelligence, agentic, it seems as though that lines of attack have shifted fundamentally in a very short space of time.
Irina Denisenko
>> Yeah.
Gemma Allen
>> From a technology perspective, talk me through what you're seeing, what you're building, what sorts of vulnerabilities you are addressing.
Irina Denisenko
>> I love this question. So it's interesting. When the original FedRAMP guidance was written, now it's been revised over time, but a lot of the DNA is still there, it was written for protecting paper files in file cabinets, which is, what was information security before the internet? It was files in file cabinets and safes and things like that. Obviously, a lot's changed in the last 20 years, certainly in the last 15 years. And so, what we're seeing a huge focus on is, one, indeed, how do you... Okay. In our case, you've got this self-driving infrastructure, or at least building towards self-driving infrastructure. Okay. How do you ensure that that AI is not being poisoned? Okay. You're leveraging Anthropic. You're leveraging OpenAI. You're leveraging Gemini. How are you ensuring that you've got guardrails on those foundational models? How are you ensuring that any models that you yourself are building, again, are locked down? So that's certainly one big piece. Another huge trend is, there's a lot of talk about supply chain risk management. We've seen a huge, huge shift, and we're big partners with these guys as well, into hardened images. Right? That's why you see Chainguard just doing so well. You see companies like RapidFort doing so well, for a good reason. Right? They're taking on the burden of saying, "Hey, I'll give you this image, and I'm going to worry about remediating the CVEs. You just worry about building your software." So those have been fantastic. The challenge that we've seen, kind of maybe to bring it up a level, is the government sometimes still thinks about things, again, not in cloud terms, but more in physical goods, and I'll give you a perfect example. There's been a big push on something called SBOM, software bill of materials, of course, but taking an approach that makes sense for a tank. Right? When you deconstruct the components of a tank, you want to know the provenance of every single chip and every single screw and so on. So you want to make sure that, obviously, China hasn't touched this, and North Korea hasn't touched this, and so on and so forth, and that makes sense. Well, if you try to do the same thing and deconstruct a piece of software, you're going to find a lot of open-source libraries. And in that case, I, with 100% certainty, will tell you that China did touch this, and North Korea did touch this, because it's open source. It's the internet. Everyone gets to touch it. That's kind of the beauty of what makes it also so secure, because everyone's hitting it, and offense and defense is happening from all sides all the time. So where that moves the government is what we've seen as a tremendous uptick in adopting CNAPPs, Wiz, CrowdStrike, even kind of the, I would say, more modern versions of Tenable, which has been awesome to see, because, I will tell you, we are huge users of all of those tools, because that is the only way you get a true, continuous picture. One of the latest, biggest changes, if you will, that we're seeing, which we're very happy to see, is the government is going from once-a-year audits and once-a-month check-ins on your cybersecurity posture to real-time monitoring and asking for a picture, a snapshot of the security posture of the vendors that are holding their data in real time. Give it to me over an API as opposed to how it's still happening today, which is literally, I show up, my team shows up to our, what's called, continuous monitoring meetings with our agencies. These are our sponsors. We come with a spreadsheet of all of our vulnerabilities that have been detected in the last month, and anything that's still open from prior months. We talk about the spreadsheet. We then upload the spreadsheet into a system called USDA. Then on the government side, they download the spreadsheet, and then they file it away somewhere, and that's kind of how we keep each other accountable on are we doing the thing. Obviously, the second you leave that meeting, it is stale. Right? We move at the speed of internet. Right?
Gemma Allen
>> And it's an active and ongoing commitment and dialogue. Right?
Irina Denisenko
>> Correct. Correct. Correct.
Gemma Allen
>> There's a lot of management in that too, I'm sure.
Irina Denisenko
>> So moving to real time is the key, and the only way you can move to real time and still understand the volume of data is you need AI. Right?
Gemma Allen
>> Yeah.
Irina Denisenko
>> A human is not going to read that. They're not even reading the current stuff, and that's once a month. If you need terabytes and terabytes of data every minute, it's too much.
Gemma Allen
>> Well, let's talk for a second about AI inside FedRAMP and AI at a government level broadly. Right? We've seen and heard a lot about the race against China, the AI wars, if you like, and the fact that a lot of very prolific people feel like the U.S. is certainly at risk of maybe not being where we should be in that race. Right? Who knows what's true? But that's certainly a narrative that's circulating. At the same time, we need regulation. We need security. We need to ensure that, to your point, these open-source opportunities that are potentially coming into government systems in a way that makes government more effective, faster, et cetera, are still safeguarded. Right?
Irina Denisenko
>> Right.
Gemma Allen
>> So what are you seeing from the perspective of new types of companies, new types of opportunities, and perhaps even some missed opportunities for particular services and offerings that government could use, but perhaps doesn't right now because of policy requirements like FedRAMP? If you were to say, "Oh, there's a whole market segment I need to go after," what would it be?
Irina Denisenko
>> Yeah. Oh my gosh. I mean, the good news is it's literally... There's tooling everywhere that is totally shut out of this market because of FedRAMP, but I'll give you maybe a very specific cybersecurity example. So there is a whole crop of just... I'll just use a more colloquial term, but just cracked research teams, cyber research teams that are absolutely on the bleeding edge of finding the latest and greatest, just mapping the threat landscape and finding the latest vulnerabilities before even the Wizzes of the world and the CrowdStrikes of the world are finding them. I'll give you a perfect example. One of the most recent additions to the Knox environment is a company called Aikido. They've raised a decent amount of money now at this point. So maybe 100 or so million dollars. So they're well-funded, well-backed, and they were the team that found the Shai-Hulud vulnerability back in Thanksgiving. It was a 10.0 CVE. It was the vulnerability within React. It was a not-so-fun Sunday and Monday and Tuesday after Thanksgiving for the cyber community, for those of us responding to it in real time. But they found it before anyone. They published it. They found it. They published the research with Wiz. Obviously, the entire industry kind of froze and was like, "Okay. We got to patch this." And we all moved very quickly. That's the type of solutions you want the U.S. government to have, because indeed, in the AI race, agreed, there's theories on both sides of the equation or both sides of the argument of, is America behind? Is China behind? It's probably a mix of both. Some days, we're ahead, and some days, they're ahead, but it's certainly not a gulf between us. It does seem like we are neck and neck. You want the U.S. government to have the absolute latest, the absolute greatest tooling, and the thing that folks need to understand is, well, folks say, "Well, why don't you just run a model fully air-gapped, fully on-prem?" Well, the problem is that that model loses access to the internet.
Gemma Allen
>> And it would have the opportunity of telemetry. Right? It wouldn't benefit from the basic-
Irina Denisenko
>> That's right. And also, how do these models learn? They need the internet to learn. If you starve it of data, if you put it in this air gap box, you've put a limit on it. You have to embrace the full power of the tooling out there, the full power of the applications out there, because China is embracing them. And so, I would say, if I had to pick one, it would be these absolutely bleeding-edge, new-technique cyber companies that are AI-native themselves, and that's, in lots of cases, why they're able to find something even before... I would consider Wiz AI-native. I mean, they're only four or five years old. Right? And somehow, they're being outrun by a much smaller team. Well, it's because they're just closer to the latest and greatest.
Gemma Allen
>> Well, Irina, looking forward to having you at the AI Agent Conference in May, hopefully seeing some very interesting conversation you're going to have on stage.
Irina Denisenko
>> Yes.
Gemma Allen
>> Tell me, between now and then, what's ahead for you and the team? Sounds like you have a busy couple of months.
Irina Denisenko
>> Yes.
Gemma Allen
>> Close us out with the plans.
Irina Denisenko
>> Absolutely. So, well, first, we're so excited to be at the conference. We're going to be with our federal advisory board member, Chad Tetreault. He is the federal and public sector CTO at Zscaler and just left Department of Homeland Security as their deputy CTO and chief AI officer. And so, he is extremely plugged into where Zscaler, but also where DHS and the whole government is on AI SOC, on offensive security, and so on. Over at Knox, of course, you will see a number of our customers who have already graduated talking about all of the agencies that they're serving. We're now up to 10-plus agencies that have deployed with applications on our cloud, which is incredible to see in just six months. You'll see a number of announcements around some additional partners and so on that are coming to the table, which are coming very soon here, and we're doubling the team. And so, we're making huge investments in offensive security, in building out the brain, so in our core engineering team, to build out Knox AI, and certainly the entire company around it. So very exciting times ahead. Look, last thing I'll say is, our mission very simply is to unlock access to cutting-edge technology for the U.S. government, and there is nothing more cutting edge than AI. And so, we're so excited to serve so many AI-first, AI-native, cloud-native companies, and we're excited to talk to all of them at the AI Agent Conference, because we want this government to have the access to the absolute best and cutting edge, and this is the way to do it.
Gemma Allen
>> Well, we're excited to follow your journey. Wish you all the best over the next couple of months, and see you in May.
Irina Denisenko
>> Thank you so much.
Gemma Allen
>> This is Mixture of Experts, one of our NYSE Wired programs. Thanks so much for watching.
>> Welcome back to theCUBE here at our studio at the New York Stock Exchange. This is our Mixture of Experts series in collaboration with NYSE Wired. And over the next couple of weeks, we are going to be talking to some of the leaders and speakers taking the stage at the AI Agent Conference in New York this coming May. Joining me now is one such leader, Irina Denisenko, CEO of Knox Systems. Welcome, Irina.
Irina Denisenko
>> Thank you, Gemma, so much for having me.
Gemma Allen
>> So before we get to the whole world of agentic AI and all of the promise and peril that might bring, first, tell me, Knox Systems, they say that sometimes you have to feel the pain to see the opportunity. I think that was certainly your story.
Irina Denisenko
>> Absolutely.
Gemma Allen
>> Fill us in on what led you to create this company and the journey you've been on.
Irina Denisenko
>> Thank you for having me, first of all, and absolutely. Maybe the first thing I'll say just in one line, what does Knox do? Knox runs the largest FedRAMP managed cloud, and what that means is we are able to get SaaS companies FedRAMP-authorized in 90 days for 90% off of what it costs to do it on your own. And FedRAMP, for those that don't know, is the standard that you have to meet as a SaaS provider in order to serve the federal government, the DOW, really anyone in the government. It's really the Olympics of cloud security, if you will.
Gemma Allen
>> For sure.
Irina Denisenko
>> So the TL;DR on how did I get here was I previously was the cofounder and chief operating officer of Class.com, one of the largest synchronous learning companies still out there today. And long story short, I had to acquire a company to get myself FedRAMP, to get Class.com FedRAMP, when the Air Force came to us and wanted to use our technology, and acquiring a company was literally the fastest way to do it. It was not the cheapest, but it was the fastest way to do it. The current process takes three years and $3 million to do.
Gemma Allen
>> It's insane.
Irina Denisenko
>> It is a massive investment, and that's before you see a single dollar in business from the government.
Gemma Allen
>> And tell me, why is it such a brick wall? It's also quite a lengthy policy. It's been in place for quite a while now, right? And it was born at a very different time-
Irina Denisenko
>> Absolutely....
Gemma Allen
>> in the evolution of tech.
Irina Denisenko
>> Absolutely.
Gemma Allen
>> Is it that things haven't changed much in the last 11 years, or why is this so notoriously difficult still?
Irina Denisenko
>> Absolutely. Well, FedRAMP is about 15 years old now, came out in 2011. And indeed, it was a very different cloud world back then. Right? AWS was not even referred to as a hyperscaler. This was, I would say, 2009. Even into 2011, not all of us were still comfortable putting our credit card into a web page online. Now, obviously, fast-forward to 2026, we pay with our face on our phone. Right? So things have definitely changed. FedRAMP has kept up in some ways in terms of the major security standards that you have to adopt. For example, supply chain integrity. But why is the process so long? It really comes down to a few things. One, you need to have U.S. citizens on U.S. soil touching production. That's a huge part of this. So it's a logistical challenge for a lot of companies who are global. Right? There's phenomenal companies out of Israel, out of Europe. Even within the United States, a lot of our workforce is not necessarily U.S. citizens. They might be green card holders, et cetera. From a technology perspective, it is a massive investment to build out basically a new enclave of your technology, of your application, launch it into a brand-new instance that is completely isolated from your commercial code, and then continue to maintain that. And third, you need to bring in, in the same way that if you are a financial company and you're going out for IPO or any sort of big financial transaction, M&A, you're going to need your financials audited by an auditing firm. So a Big Four. In the FedRAMP world, in the cloud security world, that's called a third-party assessor, and then you need it audited, let's call it, just in taxes. You'll need it audited by the IRS, or for an IPO, you'll need it audited by the SEC. Same thing for us. We need it audited by the FedRAMP agency, the FedRAMP department. All of that takes time.
Gemma Allen
>> Wow.
Irina Denisenko
>> Right? It is a very long process to get all of the shape of the application understood and for, ultimately, a CISO in the government to accept the cybersecurity risk from a brand-new vendor. Right? You come in. You're an application. You're, "Hey, I'm backed by XYZ, awesome investors. I'm five years old. I'm doing amazing stuff." Cool. As far as the government's concerned, they have no idea who you are. Right?
Gemma Allen
>> For sure.
Irina Denisenko
>> How do they know what your security posture is? How do they know that you're doing what you say you do? The way they know is FedRAMP, and it's just a very long and tenuous process, and their starting point is they start with, "I don't trust you." Right? Zero trust came from the government originally, and zero trust architecture. And so, they start from the position of, "I don't trust you. And so, prove to me why I should trust you and should put my data with you," whether that's IRS data, whether that's taxpayer data, whether that's VA healthcare data. It's obviously the biggest healthcare system in the world, whether it's DOW data from the Marines, from the Air Force, from the Army. You name it. That is what you're asking the government to do. So it's understandable that it takes so long and it's so painful, but that's why there needed to be a faster way, because at the end of the day, the government's got less than 500 apps that it can use. I mean, the fewer apps than are on your iPhone today is what the government has access to for cybersecurity, for HR tooling, for collaboration, kind of Atlassian, Jira, monday.com type stuff, for healthcare IT. I mean, literally pick any category of software across all of them. In total, there are 500 apps. That's insane.
Gemma Allen
>> Yeah.
Irina Denisenko
>> There's 10,000 apps on AWS Marketplace.
Gemma Allen
>> No, for sure. And especially considering how fast tech is evolving and how competitive the landscape is becoming too, even from a cost perspective. Right?
Irina Denisenko
>> Yeah.
Gemma Allen
>> So I get it. Governance is very administratively heavy. There's a lot of company structural requirements alone, even in terms of how you file, et cetera, and location. So talk me through the profile of some of the clients that you work with.
Irina Denisenko
>> Absolutely.
Gemma Allen
>> You're a SaaS player. You want to do some work with the DOD or whoever it is. Bring it to life for us.
Irina Denisenko
>> Sure. So we are so honored to serve some of just the most innovative and exciting technology companies out there today. One of our longest-standing customers and partners has been Adobe. And so, we've served them for well over 10 years now with kind of the origin of the company. But more recently, in the last year, as we've opened this up to more than just Adobe, we've brought on Celonis, who's obviously almost a billion in revenue, process mining, process intelligence, and AI. We've brought on Armis, who obviously just got acquired by ServiceNow for almost $8 billion. OutSystems, which is a half-billion-dollar, low-code, no-code provider. I refer to them as the adults in the room for vibe coding, because they've really been here for 20 years in this space, and just a ton others, Backupta, Capgemini, Syniti, Peregrine, Vannevar Labs. It's really a phenomenal mix of, I would say, very established commercial SaaS vendors as well who have been struggling to achieve FedRAMP and bring all of the fantastic technology that they have to agencies, as well as what I'll call scale-ups and folks just hitting that 100 million, roughly, mark. A great example of that is BigID, who is on our FedRAMP cloud. It's, how do you make AI make sense? Well, you first figure out where all your data is, and that's how you train your AI models. That's what BigID does. Right?
Gemma Allen
>> So some of those players, you would imagine, can throw a lot of money at a lot of problems. Right? It seems to me as though those are huge names in the industry, highly capable, huge brands, but still struggle, I guess, to make this a succinct and easy process to navigate. Talk to me a little bit about the graduation process for this. You provide the guardrails. You provide the environment. You provide the access.
Irina Denisenko
>> Correct.
Gemma Allen
>> What percentage of your clients do you envision will become completely 100% autonomous in the FedRAMP process, or do you see yourself as a long-term service provider to this ecosystem?
Irina Denisenko
>> It's a great question. Ultimately, when you think about what is it that we do, we run an AI-managed cloud, and why is that valuable? Well, today, it's certainly valuable because, well, we unlock FedRAMP. What I like to say to folks is, if FedRAMP is a very exclusive ZIP code, and to move into that ZIP code, it's three years, it's 3 million bucks, if you can get a permit, and this is key to the question you're asking, the permit is the federal sponsor. Right? Going back to that CISO who's going to sign the piece of paper that says, "Yes, I'm sponsoring. I am taking on the risk of this application."
Knox and our competitor, Palantir FedStart, for example, what we do is we run a luxury condo building on Main Street, and our customers move into units in that building. Why is that valuable long term? Right? You might think, "Well, when you move into the big city as a young kid, you move into an apartment, but eventually, you'll want to get your own house. Right? So why wouldn't folks want to get your own house?"
Well, I would say it's the same reason that, "Well, why does IBM have a billion-dollar managed cloud business?" I know Michael Dell was just here. Right? Why does Dell have a huge managed cloud business? It actually comes down to one very fundamental trait of, I think, just humans. This has actually little to do with technology even, and that is people don't want to do hard stuff. If someone else raises their hand and says, "Hey, you know those CVEs, those 10.0 CVEs?" which, by the way, in the age of AI, we've had more CVEs in the last six months than we've had in the last six years. Right? So, I mean, the hackers are hacking, whether it's rogue nations, script kiddies. AI is here, and it is actively pummeling every piece of software. If you raise your hand and say, "Hey, those 10.0 CVEs that pop up on a Saturday at 3:00 in the morning, I'll take care of those for you, rather than you having to take care of those." Assuming they trust you could do it and you've proven you can do it, folks will run to hand off the grunt work of running a secure cloud environment, because it's hard. It's hard, which is why, for us, it's really been about where... It's actually been less about finding folks who are interested in getting FedRAMP and staying FedRAMP and so on. It's been more about, how do we ensure that we can remediate autonomously extremely fast? Speed matters when it comes to responding to incidents. Speed matters when it comes to responding to vulnerabilities, and that's why, ultimately, folks are in no hurry to take back that responsibility of being on these extremely tight service SLAs, these deadlines, every time there's a finding of whether it's a vulnerability or so on.
And so, we don't see any of our customers leaving to go do it themselves, because it's the same reason why you don't see anyone saying, "You know what I feel like doing? I'm going to build my own data center. I'm not going to host in AWS. I would like to worry about whether my servers are staying online and the cooling doesn't turn off and the rat hasn't chewed through the cables. That seems like a great use of my engineer's time."
It's like, no, you just want to give that to AWS and focus on building your app. That's what we enable folks to do. We let the builders build, and we take care of the production security layer. Again, today, we're 100% focused on FedRAMP, but over time, we certainly see our customers coming to us with this request, which is, "Hey, can you run not just our federal production environment, but can you run our financial services production environment, our healthcare production environment?" and so on. That's a lot of what we'll talk about at the AI Agent Conference.
Gemma Allen
>> There's a lot of repeatability, right?
Irina Denisenko
>> Absolutely. Absolutely.
Gemma Allen
>> A lot of pattern recognition built into those processes.
Irina Denisenko
>> Security is security, right? And when you do the Olympics of cloud security-
Gemma Allen
>> Exactly. Why not?...
Irina Denisenko
>> walking down the mountain is easier than walking up it.
Gemma Allen
>> 100%. So let's talk about this market moment. You mentioned some of the very interesting occurrences over the last six months alone. If you think about the world 11 years ago in terms of what government was protecting from and for to now, 2026, the world of AI, superintelligence, agentic, it seems as though that lines of attack have shifted fundamentally in a very short space of time.
Irina Denisenko
>> Yeah.
Gemma Allen
>> From a technology perspective, talk me through what you're seeing, what you're building, what sorts of vulnerabilities you are addressing.
Irina Denisenko
>> I love this question. So it's interesting. When the original FedRAMP guidance was written, now it's been revised over time, but a lot of the DNA is still there, it was written for protecting paper files in file cabinets, which is, what was information security before the internet? It was files in file cabinets and safes and things like that. Obviously, a lot's changed in the last 20 years, certainly in the last 15 years. And so, what we're seeing a huge focus on is, one, indeed, how do you... Okay. In our case, you've got this self-driving infrastructure, or at least building towards self-driving infrastructure. Okay. How do you ensure that that AI is not being poisoned? Okay. You're leveraging Anthropic. You're leveraging OpenAI. You're leveraging Gemini. How are you ensuring that you've got guardrails on those foundational models? How are you ensuring that any models that you yourself are building, again, are locked down? So that's certainly one big piece. Another huge trend is, there's a lot of talk about supply chain risk management. We've seen a huge, huge shift, and we're big partners with these guys as well, into hardened images. Right? That's why you see Chainguard just doing so well. You see companies like RapidFort doing so well, for a good reason. Right? They're taking on the burden of saying, "Hey, I'll give you this image, and I'm going to worry about remediating the CVEs. You just worry about building your software." So those have been fantastic. The challenge that we've seen, kind of maybe to bring it up a level, is the government sometimes still thinks about things, again, not in cloud terms, but more in physical goods, and I'll give you a perfect example. There's been a big push on something called SBOM, software bill of materials, of course, but taking an approach that makes sense for a tank. Right? When you deconstruct the components of a tank, you want to know the provenance of every single chip and every single screw and so on. So you want to make sure that, obviously, China hasn't touched this, and North Korea hasn't touched this, and so on and so forth, and that makes sense. Well, if you try to do the same thing and deconstruct a piece of software, you're going to find a lot of open-source libraries. And in that case, I, with 100% certainty, will tell you that China did touch this, and North Korea did touch this, because it's open source. It's the internet. Everyone gets to touch it. That's kind of the beauty of what makes it also so secure, because everyone's hitting it, and offense and defense is happening from all sides all the time. So where that moves the government is what we've seen as a tremendous uptick in adopting CNAPPs, Wiz, CrowdStrike, even kind of the, I would say, more modern versions of Tenable, which has been awesome to see, because, I will tell you, we are huge users of all of those tools, because that is the only way you get a true, continuous picture. One of the latest, biggest changes, if you will, that we're seeing, which we're very happy to see, is the government is going from once-a-year audits and once-a-month check-ins on your cybersecurity posture to real-time monitoring and asking for a picture, a snapshot of the security posture of the vendors that are holding their data in real time. Give it to me over an API as opposed to how it's still happening today, which is literally, I show up, my team shows up to our, what's called, continuous monitoring meetings with our agencies. These are our sponsors. We come with a spreadsheet of all of our vulnerabilities that have been detected in the last month, and anything that's still open from prior months. We talk about the spreadsheet. We then upload the spreadsheet into a system called USDA. Then on the government side, they download the spreadsheet, and then they file it away somewhere, and that's kind of how we keep each other accountable on are we doing the thing. Obviously, the second you leave that meeting, it is stale. Right? We move at the speed of internet. Right?
Gemma Allen
>> And it's an active and ongoing commitment and dialogue. Right?
Irina Denisenko
>> Correct. Correct. Correct.
Gemma Allen
>> There's a lot of management in that too, I'm sure.
Irina Denisenko
>> So moving to real time is the key, and the only way you can move to real time and still understand the volume of data is you need AI. Right?
Gemma Allen
>> Yeah.
Irina Denisenko
>> A human is not going to read that. They're not even reading the current stuff, and that's once a month. If you need terabytes and terabytes of data every minute, it's too much.
Gemma Allen
>> Well, let's talk for a second about AI inside FedRAMP and AI at a government level broadly. Right? We've seen and heard a lot about the race against China, the AI wars, if you like, and the fact that a lot of very prolific people feel like the U.S. is certainly at risk of maybe not being where we should be in that race. Right? Who knows what's true? But that's certainly a narrative that's circulating. At the same time, we need regulation. We need security. We need to ensure that, to your point, these open-source opportunities that are potentially coming into government systems in a way that makes government more effective, faster, et cetera, are still safeguarded. Right?
Irina Denisenko
>> Right.
Gemma Allen
>> So what are you seeing from the perspective of new types of companies, new types of opportunities, and perhaps even some missed opportunities for particular services and offerings that government could use, but perhaps doesn't right now because of policy requirements like FedRAMP? If you were to say, "Oh, there's a whole market segment I need to go after," what would it be?
Irina Denisenko
>> Yeah. Oh my gosh. I mean, the good news is it's literally... There's tooling everywhere that is totally shut out of this market because of FedRAMP, but I'll give you maybe a very specific cybersecurity example. So there is a whole crop of just... I'll just use a more colloquial term, but just cracked research teams, cyber research teams that are absolutely on the bleeding edge of finding the latest and greatest, just mapping the threat landscape and finding the latest vulnerabilities before even the Wizzes of the world and the CrowdStrikes of the world are finding them. I'll give you a perfect example. One of the most recent additions to the Knox environment is a company called Aikido. They've raised a decent amount of money now at this point. So maybe 100 or so million dollars. So they're well-funded, well-backed, and they were the team that found the Shai-Hulud vulnerability back in Thanksgiving. It was a 10.0 CVE. It was the vulnerability within React. It was a not-so-fun Sunday and Monday and Tuesday after Thanksgiving for the cyber community, for those of us responding to it in real time. But they found it before anyone. They published it. They found it. They published the research with Wiz. Obviously, the entire industry kind of froze and was like, "Okay. We got to patch this." And we all moved very quickly. That's the type of solutions you want the U.S. government to have, because indeed, in the AI race, agreed, there's theories on both sides of the equation or both sides of the argument of, is America behind? Is China behind? It's probably a mix of both. Some days, we're ahead, and some days, they're ahead, but it's certainly not a gulf between us. It does seem like we are neck and neck. You want the U.S. government to have the absolute latest, the absolute greatest tooling, and the thing that folks need to understand is, well, folks say, "Well, why don't you just run a model fully air-gapped, fully on-prem?" Well, the problem is that that model loses access to the internet.
Gemma Allen
>> And it would have the opportunity of telemetry. Right? It wouldn't benefit from the basic-
Irina Denisenko
>> That's right. And also, how do these models learn? They need the internet to learn. If you starve it of data, if you put it in this air gap box, you've put a limit on it. You have to embrace the full power of the tooling out there, the full power of the applications out there, because China is embracing them. And so, I would say, if I had to pick one, it would be these absolutely bleeding-edge, new-technique cyber companies that are AI-native themselves, and that's, in lots of cases, why they're able to find something even before... I would consider Wiz AI-native. I mean, they're only four or five years old. Right? And somehow, they're being outrun by a much smaller team. Well, it's because they're just closer to the latest and greatest.
Gemma Allen
>> Well, Irina, looking forward to having you at the AI Agent Conference in May, hopefully seeing some very interesting conversation you're going to have on stage.
Irina Denisenko
>> Yes.
Gemma Allen
>> Tell me, between now and then, what's ahead for you and the team? Sounds like you have a busy couple of months.
Irina Denisenko
>> Yes.
Gemma Allen
>> Close us out with the plans.
Irina Denisenko
>> Absolutely. So, well, first, we're so excited to be at the conference. We're going to be with our federal advisory board member, Chad Tetreault. He is the federal and public sector CTO at Zscaler and just left Department of Homeland Security as their deputy CTO and chief AI officer. And so, he is extremely plugged into where Zscaler, but also where DHS and the whole government is on AI SOC, on offensive security, and so on. Over at Knox, of course, you will see a number of our customers who have already graduated talking about all of the agencies that they're serving. We're now up to 10-plus agencies that have deployed with applications on our cloud, which is incredible to see in just six months. You'll see a number of announcements around some additional partners and so on that are coming to the table, which are coming very soon here, and we're doubling the team. And so, we're making huge investments in offensive security, in building out the brain, so in our core engineering team, to build out Knox AI, and certainly the entire company around it. So very exciting times ahead. Look, last thing I'll say is, our mission very simply is to unlock access to cutting-edge technology for the U.S. government, and there is nothing more cutting edge than AI. And so, we're so excited to serve so many AI-first, AI-native, cloud-native companies, and we're excited to talk to all of them at the AI Agent Conference, because we want this government to have the access to the absolute best and cutting edge, and this is the way to do it.
Gemma Allen
>> Well, we're excited to follow your journey. Wish you all the best over the next couple of months, and see you in May.
Irina Denisenko
>> Thank you so much.
Gemma Allen
>> This is Mixture of Experts, one of our NYSE Wired programs. Thanks so much for watching.
Gemma Allen