Join us at the New York Stock Exchange as we explore the latest innovations in cybersecurity with Saket Bajoria, Chief Product Officer of Safe Security, and Saket Modi, co-founder and CEO of Safe Security, during theCUBE's coverage of the NYSE Wired Robotics and Artificial Intelligence Media Week. This engaging discussion reveals Safe Security’s advancements in third-party risk management, powered by the latest in generative artificial intelligence technology.
Saket Modi, an expert in cybersecurity solutions and the driving force behind Safe Security's industry-leading cyber risk management platform, converses with analysts from theCUBE Research. The conversation highlights their breakthrough autonomous system that transforms how businesses approach third-party risk, ensuring seamless integration of AI and enhancing enterprise security frameworks.
Discover key insights, such as Safe Security’s fully automated vendor risk management system. Modi points out that this system leverages over 25 generative AI agents to significantly reduce onboarding and monitoring time for businesses. According to theCUBE's analysts, this solution not only accelerates AI initiatives but also aligns cybersecurity with strategic business objectives, promoting a risk-based rather than compliance-focused approach.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Mixture of Experts Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Mixture of Experts Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Mixture of Experts Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Mixture of Experts Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Mixture of Experts Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Mixture of Experts Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Mixture of Experts Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Mixture of Experts Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Saket Bajoria & Saket Modi, Safe Security
Anshul Sadana, founder and Chief Executive Officer of Nexthop AI, joins theCUBE's John Furrier for an insightful discussion as part of the NYSE Wired Mixture of Experts Series. This session explores the intersection of advancements in artificial intelligence (AI) and infrastructure demands, supported by notable funding milestones.
In this engaging interview, Anshul Sadana unveils Nexthop AI's mission to revolutionize AI infrastructure with custom solutions tailored for cloud hyperscalers. Drawing from their experience at Arista Networks, Sadana discusses critical topics such as networking innovation, the development of leaf-spine designs, and the role of AI-scale infrastructure. Analysts from theCUBE, experts in tech industry dynamics, guide the conversation to uncover key insights.
Key takeaways from this discussion include the significance of power efficiency and product customization within AI infrastructure, as highlighted by Sadana and analysts. According to Sadana, collaboration with hyperscalers is driven by a pressing need for resilient networking systems that align with contemporary AI demands. The interview illuminates emerging trends and solutions that cater to complex data center architectures.
Hashtags: #NexthopAI #theCUBE #NYSEWired #MOESeries #Cybersecurity #AI #CloudHyperscalers #LeafSpineNetworking #CustomAIInfrastructure
Find more SiliconANGLE news and analysis https://siliconangle.com/.
Follow theCUBE's wall-to-wall event coverage https://siliconangle.com/events/
Learn about the latest theCUBE events https://www.thecube.net/
00:00 - Unveiling the Future: TheCUBE's AI Advancements and Nextup.ai's Strategic Growth
03:04 - Nextup.ai: Origins, Custom Solutions, and Market Trends
06:36 - Product Development and Deployment
09:39 - Designing the Future: Networking Innovations for AI Clusters
15:50 - The Role of Integrated Systems
18:52 - Company Vision and Culture
21:32 - Discussion Wrap-up and Closing Remarks
In this theCUBE + NYSE Wired: Mixture of Experts segment, Safe Security co-founder & CEO Saket Modi and Chief Product Officer Saket Bajoria join theCUBE’s John Furrier on the NYSE floor to unpack how agentic AI is redefining third-party risk. The guests share news of Safe Security’s push to “100% automate” third-party vendor risk management, describing an autopilot experience powered by 25+ GenAI agents. From initiating a vendor assessment with just a name and email, the system scans trust centers, SOC 2 disclosures, 10-K/8-K filings, breach history and priva...Read more
exploreKeep Exploring
What is the latest news from GenAI regarding their automation of third-party risk vendor management for cybersecurity?add
What are the potential risks and drawbacks of relying on vendors for businesses in terms of cybersecurity and data protection?add
What can AI agents do in terms of automating tasks such as scanning the internet for information like 8Ks, 10Ks, and trust centers for TPRM analysts and vendors?add
What is the fundamental problem in cybersecurity that has been very reactive, according to the conversation?add
What are the three fundamental things being disrupted in the third-party risk management space?add
>> Welcome back everyone. I'm John Furrier. We are here at the New York Stock Exchange for our Cube studios on the East coast. This is where our East coast subnet is. It's our access point of all the experts here. Of course, we've got Silicon Valley and Palo Alto connecting tech and money, Wall Street and technology connected with theCube and of course the NYSE Wired community. We've got Saket Modi here, co-founder and CEO, and SB, chief product officer at Safe Security. Again, innovation is all a part of this next wave. Guys, thanks for coming back to theCube. Welcome for the first time.
Saket Bajoria
>> Thank you for having us.>> We're in our new set here on the option floor. Going crazy here in Wall Street. The market's pretty active. As people start to figure out that the GenAI wave is coming, you're going to start to see a lot more turmoil in the market as new winners emerge and existing players either fall to the side or adapt. So it's adapt or die kind of model. Great to see you. You guys got some news? You got some new updates. Saket, give us the scoop.
Saket Modi
>> John, firstly, again, so glad to be here with you. So thank you so much for having us here. GenAI is changing the world, as cliche as it sounds these days. The news on our side is we've become the first vendor to go ahead and a hundred percent automate your ecosystem, your third-party risk vendor management for cybersecurity. So we've been able to go ahead and get to a portion where the human capital, which is required to onboard, monitor, and sometimes offboard your third parties can now be 100% automated, which finally will go ahead and deliver results in understanding and then subsequently managing your third-party risk. If I take a step back, John, we are in the middle of a big bang explosion of third-party vendors. Today with GenAI, one thing which is common, 99% of the companies are not building their models. They're not going ahead and building their own competence for everything that's coming with GenAI or the cloud for the last 10 years. What do you do? You rely and your business relies on vendors. And when that happens, John, you're at a point where any issue with the vendor has a direct impact on your own business. So your vendor's problems are your problems. Safe Security, as you know this already, has been the number one cyber risk quantification and prioritization platform for the last five years since we've existed, and we already have become the undisputed leader there. We're applying the same first principles only supercharged with agentic AI, where we are now launching this singularity platform where we have more than 25 GenAI agents talking to each other where almost like a Tesla fully self-drive or a Waymo, where you go in and just enter the destination and the car takes you there. The exact same thing is happening on our side in managing your ecosystem or vendor risk where you mention the name of the vendor along with the email address of the contact person, and that's it. From there, we take over as autopilot and starting from scanning that third party vendor from the outside, finding their trust center and the reports they've uploaded like SOC 2 out there, looking at their privacy policy on the website, looking at their 10K filings, 8K filings, looking at whether they've been hacked in the past or not, looking at all of the publicly disclosed information, we auto-fill the questionnaire and then go back to the vendor and say, "Hey, you would have required to fill 200 questions. We've already pre-filled 120 of those. The rest of them, please go ahead and fill it." And it's not a human, it's a GenAI agent which is doing that. And if you don't fill that in in a day or two, it actually nudges you till the time you get there. So that's a small sneak peek, and we have multiple such workflows that we've been able to end-to-end automate, which is absolutely a disruption in the market today.>> Well, first of all, I love the a hundred percent autonomous because the Tesla example is a great one because you can think everyone can relate to self-driving and Waymo, which is awesome. The thing that we're seeing, and this is where it gets my attention is everyone wants to bring AI into the enterprise, but the blocker is the security posture management, which you guys are addressing, and you're also talking about productivity. Everyone knows what these forms are, right? We've all been there, done that. It's like when you fill out those, it's mundane work. Okay. But also you guys are also doing extra work, which is a benefit of agents. So connect the dots. You mentioned ecosystem, just plugging in an name because I think this notion of a connected ecosystem is we're seeing that as a definite thing. APIs are connecting everyone. It shouldn't be a black box behind what the vendor is. It should be completely understood, the lineage, the data all needs to be understood. So how do you make that workable for the security teams, but also the compliance teams because they're the ones also doing the work. So you got the business management piece. Am I overcomplicating it? Or is it... I mean, it sounds complicated.
Saket Bajoria
>> Can we simplify that for a second? Right? So think of it as like a human body. You need your heart, your lung, you need all of these different organs working. Think of it as you have basically given all of your working functions to a third party today, right? And you actually have them run all of this, right? So you absolutely cannot survive without these functions working, right? So the fact that you call it third party is a misnomer, right? Because you think it's somebody else's problem, right? But it's actually your own body, it's your own enterprise, right? So third party risk is actually first party risk, and that's why it's so important that you do not treat it as a third person problem. You actually think of it your own problem.
Saket Modi
>> And we've been the leaders in first party risk management and quantification already, and we are basically extending the best things that we've learned from there to third party. So therefore, we are not launching a new product, John. This is an extension of our existing product. And to your point also, let's understand the pain. There are pain of two people involved here. Let's understand the person who's trying to get the assessment of the third party vendor done. Can you believe this? More than 80% of the time of a third party risk analyst is spent on chasing the vendors to ask them to fill in questionnaires and submit reports in a particular format, which is such a frustrating job.>> I mean, the data wrangling is off the charts.
Saket Modi
>> Yeah. And the other side, the person who's answering those questions, right? We serve some of the largest companies on the planet today as customers. So we are, in theory, their third party. Our person who actually takes all those questions and answers on an average 10 to 12 questionnaires every week. His job is one of the most difficult ones because it's the same damn questions asked by different people. And we've already publicly given our SOC 2 reports on our website, it's already publicly known that we have great posture because we've never been a part of a breach, et cetera, et cetera. None of that intelligence is used and everything starts from a clean slate. And this person needs to answer 200, 300, 400 questions for every single first party, which is trying to onboard us as a third party. So he has a big pain. We are solving for both of them. We are solving for the first person where a hundred percent autonomous, chasing, nudging, and actually going ahead and following up and making sure things stay on track. If they're still not answering, we will let the first party know that, hey, after sending 10 nudges, they're still not answering. On the third party side, now you don't have to answer everything from zero. We are leveraging things which are already publicly available. There's a lot of data publicly available today, and we put that together and say, "Hey, we already know some things and there are things which we don't know, so why don't we start from there?" So you already have a jumpstart, and that makes the job of this third party analyst. There's so many more innovations we have done to the point where we now don't need reports in a format. With GenAI, one of our 25 GenAI agents also makes it universal document uploader, where in the past we used to specify, I will only accept a SIG report or a SOC 2 report. Now we are going to a third party and basically the third party analyst can upload any report, I repeat, any, because our GenAI agent actually reads the report and takes out and extracts the information. So it doesn't matter what the report is. And we are able to go in and put that into the posture of the third party, which again, dynamically keeps changing because this is not a one-time thing. We keep monitoring the third party in a real-time basis.>> SB, the thing I like about this product is that I'm smiling because I know the problem. The problem is that most enterprises want to go faster and they want to re-architect. They know the obvious benefits of AI and accelerating AI, but you have two kind of departments, I call it the business department, compliance and governance, and you got the security departments. The security departments look at the as a lot of extra homework, right? It's like more work. The business partner is like I don't want to approve anything until I know what the answer is. So-
Saket Bajoria
>> Everybody's looking at each other.... >> this inherent conflict. Okay. I love how this simplifies, brings harmony to that. Okay, good. You sold me on that one. On the business model, you guys are certainly well-funded so that's validation. Over a hundred million. That's great, great, great news. But the agent thing is awesome because now the agents can do more than the low-hanging fruit, which is bring the love connection together between the two groups. You're also providing a fast track or like a TSA pre-clear, I just want to get on the plane and be secure. I don't need to go through, take my shoes off, take my laptop out. I mean, all this wrangling and call the van. Hey, Palo Alto. CrowdStrike. You have that form. Where's that patent? And all that shit that goes on is brutal, but the agent thing's compelling because now what happens next? Now I'm freed up, there's harmony.
Saket Bajoria
>> Yeah.>> What are the agents enabling?
Saket Bajoria
>> Yeah. Yeah. So let me answer them in two parts, right? So first of all, on an average there are about, every enterprise has about 5,000 3rd parties. And you're looking at between even a company like ours, 200 people, we deal with about 600 3rd parties, right? Give or take, right? So it's insane, right? So first of all, you have 5,000 3rd parties on an average. Now today, a typical TPRM team will have between one to five people, even the largest of the largest Fortune 500 companies we have spoken to, they still have three to five people. So now what happens is that they are able to scale only linearly and they're not able to go to beyond 500,000, 2,000 3rd parties, right? So now the problem is they are like, it's a necessary evil, let's just do the compliance bit of it. Let's just do the, we call it CYA, right? Just check the boxes, right? So that's why, first of all, with AI agents, the outcome is that you're able to scale to your entire ecosystem. Like Saket said, you can literally upload your 10,000 3rd parties and let AI agents do the job, right? Now, all the things that can be automated, right? AI agents can work in parallel. They can literally go and scan out the entire internet, figure out the 8Ks, 10Ks, all the trust centers. So now imagine this TPRM analyst sitting on the other side, sorry, the vendor sitting on the other side, who has already answered 10 questionnaires again and again, all they get is like, "Hey, I got everything from you. You're good." That's the best answer they want to get. Imagine how they'll be jumping out of the seats.>> It's like the scene in Matrix. I want to learn how to fly a helicopter instantly. So I want to learn a vendor, I just plug it right in because that's what is happening. That's what agents are doing, right?
Saket Bajoria
>> Exactly. So let me walk you through very quickly, right?>> Walk me through it.
Saket Bajoria
>> So a typical third party analyst, right? When they reach out to the vendor, we've interviewed many of them and they take about 30 to 50 steps to actually complete their entire assessment between four to eight weeks. Right? Now, each of those steps, we have very, very clearly understood what those steps are. And that's where we have used multiple AI agents, right? There's an AI agent called vendor onboarding. There's an AI agent, which it's called the chasing agent, right? Which does the job of like, hey, I still need this answer from you. Why is a human spending their time that, oh, this person has not answered, let me write an email, while there are AI agents out there which can compose an email, that's not a big deal. Those are simple stuff, right? But it's about articulating that, hey, you answered it, yes, but by mistake, you have uploaded like a marriage certificate. What the hell? Right? So you need computer->> You need reasoning and intelligence.
Saket Bajoria
>> Exactly. So what we have done is all the 30 steps, we have really studied it, and that's where we have deployed our agents so that you are hands off keyboard, full self-driving. You have given the email of the person. By the way, it's not as simple as two people talking. Sometimes that other person goes on leave, they're on vacation, your business is waiting, right? So it's smart enough to get a response from the person, auto or holiday response, and you can actually automatically send an email to your business owner. All that can happen automatically.>> All right. Getting some of the deployment, how do I deploy this and what's the cost? Take me through the use cases. So, okay, sounds cool.
Saket Modi
>> Let's do it.>> What's the onboarding?
Saket Modi
>> Well, it's as simple as going ahead and literally just entering your 10 3rd parties, 50 3rd parties as a test run. So we're giving away first 10 3rd parties free of cost to anybody because we want you to experience full self-drive what it looks like, right? And the beauty of our pricing model, it's like the Robinhood model. 99.9% of third party risk management vendors today charge you per third party. They charge you 500 bucks or a thousand dollars per third party, which makes it cost prohibitive for you to scale this to your entire third party ecosystem. We've gone to the point where we've now done this, almost like the Robinhood model, where you pay a flat fee and you can upload unlimited third parties in your environment. You still pay a fee, obviously. But before that, we give you a, it's almost like a freemium model where you come in, get 10 3rd parties->> You get experience. Classic bottoms up. Everyone's seen that. Every developer loves it, every group loves it. Try before you buy. But the freemium model, the Robinhood model, the all you can eat model, what's the profile of that customer? Is that large enterprise? Is that someone who's got a lot of vendors? Is it more distributed architecture?
Saket Modi
>> So the whole point of pricing was how do we super simplify it? Now, what is the thing about large vendors? What we've done is, or large companies, zero to 10 is free of cost. 10 to 100 vendors is a flat fee, 100 to 500 is a flat fee. And then from 500 to unlimited vendors is a flat fee. Now, what is the custom flat fee? Depends on the size of the company, which is out there because a Fortune 10 company, they're probably have a hundred thousand vendors versus a small company which can have 500 vendors. So it's totally up to you. But the important thing is there is predictability to say that, look, if I go from 1000 to 5,000 vendors, I don't have to pay five times the price.>> I mean, it's tiered bucket payments basically.
Saket Modi
>> Exactly. So tiered bucket payments, and after a point it becomes flat. And the good part here is because GenAI agents are doing the work, you can do a bulk upload. In fact, John, we go to the point where we integrate with your contract lifecycle management tools, which are the repository of all your vendors, where we take the contracts and read the contracts to see the limitation of liabilities. Because what most people today don't do, there is a different team looking at limitation of liabilities, which is the legal team. And then the cybersecurity team is looking at it completely separately for cybersecurity risk. Hold on. They are two similar things. Why? Because if the vendor goes down, there is an impact on your dollar. Now you're giving somebody a hundred thousand dollars contract where you're negotiating a limitation of liability of the contract value. But if they go down, it'll cost you $200 million. I mean, the limitation of liability doesn't even mean anything.>> I mean, back to the harmony. Harmony kicks in. What about, you mentioned, so I've got the bucket payments. Is that the platform fee? What about usage? Is usage on top of that or is that straight up?
Saket Modi
>> No, not at all. So we wanted to super simplify the pricing, which is there. You get unlimited seats. So we have customers, large Fortune 100, 200 customers where we get 40, 50, 60 people who log in into our platform because we want more broader use of the platform. So we have unlimited seats. There is absolutely no games here. It's for third party. It's directly a function of how many third parties. For first party, because we also do your own enterprise risk because that's what we've already been the number one players at, and we serve the largest names in the world, there we charge per API because we ingest your actual CrowdStrike, Palo Alto Networks, Zscaler Telemetry. So all of those are APIs.>> SB, it's like the human body analogy. The metabolism is the pricing. You working out, you get heart rates up. I mean, in the healthcare metaphor, you're taking care of the enterprise. That's first party.
Saket Bajoria
>> Yes, absolutely. So it's like focus on the health, don't focus on, yes, we will take care of understanding the moving parts, making sure it's all moving very well. And we'll tell you what, like you said, I love that. Go spend 10 more minutes on the treadmill, right? Or wake up earlier, whatever. Do some yoga and all that.>> They're going to do things to be healthy.
Saket Bajoria
>> Exactly.>> All enterprises want to do that.
Saket Bajoria
>> Focus on things to actually reduce the risk, right? Don't spend time on onboarding, don't spend time on chasing, don't spend time on reconciling. All of these things AI can take care of.>> You're a personal trainer for the enterprise.
Saket Bajoria
>> Oh, wow.
Saket Modi
>> I love that. The agenetic trainer.>> We're riffing in real time here.
Saket Modi
>> John, you should be part of our marketing team. I love that. But John, just to->> By the way, always been trying to solve this problem. Again, we've seen this in DevOps, too. When DevOps... When you have cultural collision inside companies, sometimes people look at things through their lens. You mentioned the liability, completely different views depending upon where you sit in the room.
Saket Modi
>> So if you think about, John, let's take the health analogy, what you just gave, right? The fundamental problem in cybersecurity has been, it's been very reactive. Because if you think about the SIEM XDR industry, what do they do? They look at logs and events and convert that into P1, P2, P3 incidents. Incident means it's already occurring slash has already occurred, right? Compliance checklists don't work. They're very reactive. It's more of a tick in the box. What customers want to know is the risk. What is my risk of ransomware in the next 12 months? What's the likelihood it will occur? How do I compare with my peers in the industry? And if it occurs, what's the dollar impact that we're looking at?>> Got it.
Saket Modi
>> We are the number one player in the world, which does that for the largest Fortune 100 companies that you can think of. So because we talk about taking your data and translating that into the business risk, we translate technical jargon into business risk. We're now doing the same in an autonomous way for both first-party and third-party cyber risk management in one platform. That's more of, we call it cyber risk singularity is what we .>> Well guys, thanks for coming in. Great conversation. Wish we had more time. Definitely do a deep dive again, love to find out what's going on in the tech. Maybe do another session on that. What's next? What happens after this?
Saket Bajoria
>> If I can just add one quick thing. So today, I think the way I look at it is that the TPRM analysts, they are spending all of this time doing all of this. We have an opportunity here to convert a TPRM analyst into a TPRM HR where they're actually monitoring the entire health of all of your moving parts, all of the things, and actually enabling the business. For example, today they are necessary evil. Like, oh, shit. I need to assess this vendor. They can actually go tell the business that, "Hey, wait a second. There are 10 vendors who can do the exact same thing, and this particular vendor is top of the chart. Why don't you work with them?">> I mean you guys extract away a lot of all that messiness and alerts by the way too, and all the noise. But the agents can settle it down. All they're doing is looking at how the big picture is going.
Saket Modi
>> If I were to summarize all of , the three fundamental things that we are fundamentally disrupting in the third-party risk management space, number one, one hundred percent autonomous assessments for a third-party vendor, one hundred percent autonomous. That's number one. Number two, a hundred times faster onboarding of vendors, because today, when it takes between eight to 24 weeks, we can cut it down to minutes. So a hundred times faster. And the last piece is a hundred percent of your decisions now can be based on risk. It is not based on compliance. So hundred percent automation, 100X faster and a hundred percent decisions based on risk, which means meaningful acceleration of your AI initiatives.
Saket Bajoria
>> And if you can trust your life with the code and AI driving you, why can't you do TPRM in a hundred percent automated way?>> This is an example of where GenAI and AI fits, makes life better for everyone. But also secure, Safe Security, of course, is a great tagline, great company name. Saket, Saket, SB, thanks for coming in. Love how we got two Sakets on theCube at the same time. It's not a mirror. But guys, thanks and congratulations on cracking the code and the success. Of course we'll be continuing to follow you guys. Thanks for coming on.
Saket Modi
>> Thanks for having us here John, thank you so much.
Saket Bajoria
>> Thanks for having us.>> I'm John Furrier, the NYSE East Coast series of mixture of experts. Of course, we've got the West Coast and Silicon Valley connecting Wall Street and Silicon Valley. I'm John Furrier, your host of theCUBE. Thanks for watching.
