In this interview from the theCUBE + NYSE Wired: Cyber Security Leaders event, Hasan Imam, chief executive officer of Obsidian Security, sits down with Dave Vellante to discuss the critical security paradigm shift driven by agentic AI. As enterprises move beyond human-centric SaaS access to autonomous agent workflows, Imam explains why traditional security models are falling short. He details how agentic platforms like Microsoft Copilot and Salesforce Agentforce utilize the same connectivity mechanisms as SaaS-to-SaaS integrations, creating a massive, complex attack surface. Imam highlights the evolving "shared responsibility" model, emphasizing that while platform providers manage the agents, enterprises must secure the interactions between those agents and sensitive business data.
The conversation dives into the anatomy of modern SaaS breaches, specifically focusing on the vulnerabilities of long-lived OAuth tokens and the significant risks posed by over-privileged agents. Imam outlines how Obsidian provides deep visibility and automated threat detection to prevent unauthorized data access at machine speed – addressing the reality that human teams cannot react fast enough to autonomous threats. He also differentiates Obsidian’s architecture-focused approach from network, endpoint and public cloud security vendors, arguing that a dedicated focus on the SaaS layer is essential for protecting the "business logic" and critical data in this new era of AI factories.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Zero Trust Cyber Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Zero Trust Cyber Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Zero Trust Cyber Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Zero Trust Cyber Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Hasan Imam, Obsidian Security
Inna Tokarev Sela is the CEO and founder of Illumex. The platform enables companies to extract value from structured data, creating a virtual semantic graph for users to interact with in natural language. Illumex focuses on contextualizing data in real-time and offers built-in governance features. By partnering with major data platform providers, Illumex has increased data usage for customers. The company has raised $13 million and has a diverse workforce. Inna's leadership style is described as empathetic. Illumex envisions a future where data interactions are seamless and efficient. Overall, the company aims to lead the industry towards a more streamlined application-free future.
In this interview from the theCUBE + NYSE Wired: Cyber Security Leaders event, Hasan Imam, chief executive officer of Obsidian Security, sits down with Dave Vellante to discuss the critical security paradigm shift driven by agentic AI. As enterprises move beyond human-centric SaaS access to autonomous agent workflows, Imam explains why traditional security models are falling short. He details how agentic platforms like Microsoft Copilot and Salesforce Agentforce utilize the same connectivity mechanisms as SaaS-to-SaaS integrations, creating a massive, complex...Read more
exploreKeep Exploring
What impact has the transition to AI had on the SaaS business model and how is your organization positioned in this changing landscape?add
What is the significance of the company's role in protecting SaaS-to-SaaS access in relation to agentic AI platforms?add
What is the responsibility regarding the management of privileges when using agentic platforms to access SaaS applications?add
What are the recent trends and concerns related to SaaS security, particularly regarding breaches involving Salesforce and other applications?add
What challenges are SaaS vendors facing in maintaining their business models?add
Who are the key stakeholders involved in selling SaaS solutions?add
>> Hi everybody. Welcome back to the New York Stock Exchange. My name is Dave Vellante. We're here with our ongoing AI factory series, NYSE Wired + theCUBE. Hasan Imam is here. He's the CEO of Obsidian Security. Their purpose built for complex SaaS environments that are running AI agents. They're all about agentic, bringing deep visibility into those environments and automated threat detection. We're going to get into that with Hasan. Thanks so much for coming in to our New York City studio. It's great to have you here face to face.
Hasan Imam
>> Well, thank you, Dave, for having us. We appreciate the time with you.
Dave Vellante
>> Yeah, so you're very welcome. And you heard my little upfront description of you guys, but let's get into it a little bit more detail. I mean, agentic and AI is changing everything. When we transitioned to SaaS from on prem software, everything changed. The operational model, the business model, the technology model, the pricing model, everything's changed. Now it's changing again as a result of AI. So, presumably you guys are sort of built for this. Now, you started before the AI heard round the world, but it just so happened that a lot of what you're doing fit very well with this AI and agentic era. Explain that.
Hasan Imam
>> Sure. So, if you think about SaaS, it started with how humans access SaaS, right? So 20 years ago, it was all about how my employees access SaaS applications, which resulted in humans accessing SaaS via Okta, Microsoft Azure Active Directory, etc., etc. In the last 20 years, what has happened is more access is taking place between SaaS applications. So, if you think about Salesforce, Salesforce isn't standalone. It works with Slack, it works with Marketo. Microsoft works with applications that are built around its ecosystem. So, as the company evolved, we realized it became very important to protect SaaS-to-SaaS access. And this is where we become very relevant as it relates to agentic AI access because the agentic AI platforms like ChatGPT Enterprise, Microsoft Copilot, Salesforce Agentforce is essentially plugging in through the same mechanism that allows two SaaS applications to talk to each other. Agents are using the same mechanism to talk to SaaS applications, and we are sitting right in the middle of that, and that's how we have become very relevant as it relates to protecting the data that lives in SaaS.
Dave Vellante
>> So, when you think about that, agents versus humans, there's some similarities, but there's also a lot of differences. So basically, agents are getting access to what humans have, but you have to make sure that they are supposed to have access to that.
Hasan Imam
>> Yeah.
Dave Vellante
>> Is that where you come in or is that Salesforce's or Workday's responsibility? Who owns that challenge?
Hasan Imam
>> It's shared responsibility, right?
Dave Vellante
>> Okay. Explain that.
Hasan Imam
>> So, if you think about agentic platforms accessing SaaS applications, now Microsoft needs to provide capabilities that allows you to manage the privileges with the agents that are built on top of Copilot. But when an agent from Copilot accesses data from Salesforce via, let's say, a service account, or let's say access data from Slack via another service account, how the privileges of the service accounts that allows you access into the SaaS application relate to the privileges of the agents, which may be tied to a human or may not be tied to a human, that is the enterprise's responsibility because they are creating the workflow, right? So, in terms of agent to the SaaS application-
Dave Vellante
>> It's their policy. Yeah....
Hasan Imam
>> it's their policies, right? So if you give an agent an access to a service account that is highly privileged relative to the agent's privilege, that is the enterprise responsibility. We are able to map that out. We can show that an agent is potentially significantly over-privileged or have access to data that it shouldn't have access to because we can see the SaaS side, but also we can see the agent side. So, I'll give you an example.
Dave Vellante
>> Yeah. So, you're the visibility piece, maybe you're more than that, but you at least give the visibility so that a human can say, "Hey, wait a minute, that individual's over, or that agent's over-privileged. We should really rethink that policy." But then as well, you can enforce those policies or is that not your role? That's the role of the SaaS platform, or?
Hasan Imam
>> Yeah. So, the enforcement is going to play out in many different ways. I think we are early days from an enforcement perspective. The CSOs are right now struggling to just understand the deployment of agentic AI.
Dave Vellante
>> What's going on out there? Yeah, right?
Hasan Imam
>> So their first question to us, and we support some of the most significant, sophisticated enterprises around the world, more than 10% of Fortune 500, two of the four largest banks, two of the three largest telcos, two of the three largest manufacturers in the country, in companies and gig economy, etc., etc. But right now, they just want to understand what is the state, right? But they want to move to enforcement, and I think enforcement plays out in many different ways. Microsoft recently released capabilities that would allow Copilot to make a call to us via an API. And before an agent is allowed to proceed, it will wait for us to respond and just say, "Is this task allowed by the agent?" And we can stop that near real-time, but we can also act alongside an MCP server. So we have a gateway that can sit alongside MCP server and MCP server can make a call to us for every ask that comes from an agent, and the gateway will respond near real-time in terms of if it is allowed or not relative to the task, privilege, etc.
Dave Vellante
>> So, how should people think about how the threat is changing in this world? You've got way more agents than you're going to have people. You've got MCP now, which is potentially, it's wonderful, but it's another seam that I can attack. I've got all this now, I'm creating all this new data and metadata. So, explain how the attack surface is changing, how it's getting more complex and how we should be thinking about protecting that.
Hasan Imam
>> Yeah. So, I think attack surface is definitely an important topic because you think about attack surface that's mostly defined by humans.
Dave Vellante
>> Right.
Hasan Imam
>> In enterprise, there may be 10,000 employees and you think about how do I protect these 10,000 employees? Now, you can create agents that could be 10X of the number of humans in an environment that's doing different tasks. So, obviously the surface area is much larger, but I think the surface area is just the tip of the iceberg, right? The way we truly get value out of agents is to make them autonomous, to give them the ability to access data, come up with new workflows, solve problems autonomously. So, what that means is that not only you have many agents, but you need to give it access to a lot of data, and you also need to give it privileges that allows it to figure things out, right? And I think there lies I think the biggest challenge for us, right? And I think the Anthropic breach really captures, right, what we should be worried about. The Anthropic breach is a scenario where an adversary was able to automate 90% of the kill chain. They were only targeting 30 enterprises. There wasn't a significant breach, but it shows us, and I think it's very experimental at this stage where a state actor is able to use piece of technology to be able to showcase that 90% can be automated, right, and there's very little human involvement. And ultimately attacks are about... State actors aside, if you think about a normal adversary, they want economic gain. So suddenly, something that requires 100 people, they can do with one person and an autonomous agent, it fundamentally changes the dynamics of the economics of attacking, right?
Dave Vellante
>> Right.
Hasan Imam
>> So, that's a big topic. The second thing is, we cannot react our way to solving this problem because fundamentally, an autonomous agent is moving at machine speed. So, the paradigm that where we see an attack and we react, right, and then the human on the other side is thinking about how do I circumvent the defense, is not going to work because it's machine speed, right? So, it will react a lot faster. It can do recon a lot faster and figure things out. So, we have to think more about how do we prevent these things from happening? How do we actually go back to reducing the privileges? How do we real-time recognize somebody, an agent accessing a piece of data that it should not have access to rather than reacting to an attack that gets by the defenses?
Dave Vellante
>> And the volume of activity is so much higher. I mean, prior to this whole AI wave, humans could, or at least we could probably stop 99% of the breaches and then the humans could deal with the other 1% being reactive. Now that's out the window. I mean, automated agents, as you're just describing, which was a novel attack, are way faster, there are way more of them, there's no way humans can react and respond to that. So, what's the answer?
Hasan Imam
>> I think we are figuring it out. I don't think we know what the answers are. I think there are things that Anthropics that are building foundational models need to be focused on, which is how do they ensure that if an adversary is using their capabilities with malicious intent is being picked up, I think that needs to happen. And I think Anthropics and OpenAIs are going to do more and more of that. But I think some of the thing that we are doing, right, at Obsidian is also very relevant.
Dave Vellante
>> I want to understand that because, and let me phrase it this way, I'm sorry to interrupt, but Palo Alto or CrowdStrike would say, "Well, buy our platform and we'll take care of everything." You don't need these upstarts. It's going to add another tool, add more complexity. What would you say to that?
Hasan Imam
>> Yeah. So, I think that ultimately to secure, you need to be in a good position as it relates to the architecture of your setup. Palo Alto is in a great position to be able to see what happens at the network layer. CrowdStrike is in a great position to see what happens on your endpoint. So, if the agent is running on your endpoint, absolutely, they should be able to understand that. Wiz is in a great position to see what happens in the public cloud. If an agent is running in a public cloud, they should be able to pick that up. But none of them have invested in understanding what happens inside a SaaS application. So, when you think about an agent that is running on top of a SaaS application like Copilot or Agentforce or ChatGPT enterprise, they're architecturally not well set up to see what is happening inside those applications, what are the activities of the agent. So ultimately, this is how a great company gets created because there's an architectural change and the company has certain architectural advantage and data advantage relative to the new architectural paradigm, and I think that's our opportunity.
Dave Vellante
>> Well, and this is why, when you talk to practitioners, they're unable to reduce the number of tools in their stack because something else comes along that the existing platform vendors haven't fully taken care of or maybe really haven't addressed yet. It's a problem. I mean, everybody's using SaaS as a result, I've got to do business with someone like you, or at least bring in that capability. And so, it's constantly changing and going at a pace.
Hasan Imam
>> By the way, that is a great thing for cyber, right? Because at the end of the day, if you just bought from Palo Alto and CrowdStrike, right, fundamentally you don't really have the competition necessary to create great answers. But on the consolidation topic, I do think that there will be consolidation in each of the layers. Palo Alto should consolidate things that are happening in the network layer. CrowdStrike should consolidate what happens in the endpoint layer. But we live in a different architecture layer, so that's why we have an opportunity to have a differentiated and durable offering over a period of time.
Dave Vellante
>> I think that's well said, Hasan. I mean, if you look at CrowdStrike's strategy, it's to partner with the Oktas of the world or the Zscalers, and then together that , or there's other partners as well that might do identity or SASE, and then they go to market together, understanding that's at least their swim lane. For now, we'll see, as TAM expansion becomes more pressure for George and Akesh, who knows what they do. But SaaS has been underserved generally because, well, when the cloud came up, people though, "Oh, I don't need to back up my data." The cloud guys do that. Of course, you pointed out the shared responsibility model before. And then, you saw the backup companies start to target Microsoft and Salesforce as providing basically backup and recovery. Security oftentimes has been an afterthought. This is an example where you guys are making it not an afterthought, not a bolt-on, you're trying to inject it into the equation. So, what is the trends that you're seeing in SaaS? What are the platforms that you are securing? What's the landscape look like?
Hasan Imam
>> Yeah, it's a great question. I think cloud is probably the best representative in terms of how SaaS is playing out. So, if you think about usage of public cloud infrastructure, it's been happening for the last 20 years. But the creation of a company like Wiz and the acceleration that we have seen of the Wiz journey was fundamentally driven by the Capital One breach, which happened in 2019. The key to that breach was OCC taking notice, and OCC finding Capital One for the breach of the customer data. There was $80 million of fine that was levied on Capital One related to that particular breach, which changed the dynamics in terms of, should it be afterthought or should we be proactive? Resulted in the financial industry recognizing that we need to have standards, we need to drive public cloud security.
Dave Vellante
>> So, that created greater awareness around public cloud generally in SaaS specifically, or no, not yet, right?
Hasan Imam
>> Not yet, not yet.
Dave Vellante
>> Okay.
Hasan Imam
>> I think that what will drive the, what will be an accelerant as it relates to SaaS security is what's happening right now. In the last three months, we have seen Salesforce instances being breached through SaaS-to-SaaS connections. So you had Dataloader which happened four to five months ago, then there was Salesloft, which is about a couple of months ago. And in the last month, there was the Gainsight, right? These are all SaaS applications that had connections into Salesforce.
Dave Vellante
>> So, what's the anatomy of that hack? The hack, is that the connection point?
Hasan Imam
>> The connection point.
Dave Vellante
>> That's the fragile theme.
Hasan Imam
>> Right. Because think about our investment, right? We invested in Okta, to do what? To make sure you can log into Salesforce safely.
Dave Vellante
>> Right.
Hasan Imam
>> We invested in Zscaler, why? Because we want you and your ability to log into an application, has a zero trust paradigm associated with it. But when SaaS is talking to another SaaS application, we depend on something that is very archaic, which is an OAuth token that is given to a service account, and these OAuth tokens are long-lived, meaning their session does not get...
Dave Vellante
>> They're not ephemeral.
Hasan Imam
>> Exactly.
Dave Vellante
>> Yeah. And so, that's an exposure point.
Hasan Imam
>> Huge exposure point.
Dave Vellante
>> Okay.
Hasan Imam
>> Huge exposure point. But the thing is, that particular exposure point is going to get 10, maybe 100X, because agentic AI is going to go through that same exposure point. And that is what is going to fundamentally change SaaS security and make it something that we can no longer react to, but we have to be proactive industry-wide.
Dave Vellante
>> So, the anatomy of the SaaS hack, the weakest link in this case is OAuth. So, do we have to re-architect sort of that capability? What's happening there?
Hasan Imam
>> So, I think there will be standards that we will together create, but at the same time, we are monitoring how OAuth tokens are being created, how OAuth tokens are being used between two SaaS applications right now for our customers. One of the things that I'm very proud to say is that each of these... We have close to, I think all of our Fortune 500 customers use Salesforce, no surprise over there. That's more than 50 Fortune 500 customers. None of them, and very proud about this, which is none of them were impacted by any of these breaches because we were able to get ahead. We were able to recognize that there was an anomalous activity associated with that connection, and we were able to then look at that anomalous connection and recognize that these breaches are not just limited to Salesforce, they potentially are impacting other SaaS applications. And we were able to represent that attack surface area and stop it for our customers.
Dave Vellante
>> So, let me make sure I understand. So, the OAuth credentials essentially persist, and are out there to be mined essentially and utilized by agents. You can monitor that and look for suspicious activity and stop it before it happens. Is that right?
Hasan Imam
>> Absolutely.
Dave Vellante
>> That's what you guys do. Okay. Interesting. Now, eventually that problem hopefully will be solved. Maybe it's a new architecture. So, there's other parts of your platform and your roadmap. I wonder if you could take us through that. What's next for you guys?
Hasan Imam
>> Yeah. I just want to say one thing about this problem getting eventually solved.
Dave Vellante
>> Yeah, it's going to take a while and it's probably...
Hasan Imam
>> Mainly because I think just the appreciation of how significant the problem is. There is about 38,000 SaaS applications.
Dave Vellante
>> And they're all using .
Hasan Imam
>> They're all talking to each other.
Dave Vellante
>> Yeah, right.
Hasan Imam
>> So, think about the enumeration, the number of connections, right? There's no . It's a big map, right? So we have to, as an industry, figure out the standard, we have to figure out how do we enforce it, how do we become proactive about it, etc., etc. But as we think about our journey forward-looking, what we are really trying to do right now is take our understanding in SaaS and elevate it to be able to understand how agentic platforms, let it be SaaS agentic platforms or agentic platforms in the cloud is accessing SaaS applications, and to be able to create safe access into SaaS data from the agentic platforms.
Dave Vellante
>> How are you dealing with, I'll call it like agent impersonization? I'm going to basically look to the system like I'm a legitimate agent. Can you detect that? I mean, how prominent is that? Is that on the rise?
Hasan Imam
>> Tell me a little bit more about what you mean by that.
Dave Vellante
>> So, I'm going to impersonate an agent that has credentials, that is able to access certain data or certain applications. Are you seeing the rise of agent impersonation, putting on sunglasses in a wig, maybe looking like a credentialed agent? I mean, is that happening or is that...
Hasan Imam
>> Not so much, not so much. At least in our environment where 87% of our customers have adopted Microsoft Copilot, the thing that we are more concerned about is that out of those 87% customers, 90% of them have over-privilege associated with the agents. I think that's a much bigger issue because if you can make sure-
Dave Vellante
>> They need to dial that down....
Hasan Imam
>> They need to dial that down. If you can make sure the privilege directly relates to the task that the agent needs to do, then the impersonation problem will be less of a topic.
Dave Vellante
>> Yep.
Hasan Imam
>> If you have highly privileged agents in your environment, then impersonation becomes much more of a topic. So, we need to focus on the root problem, right? And if we can do that, we can reduce, right, the impact of impersonation, impact of a breach, etc.
Dave Vellante
>> And of course, every SaaS platform is now building agents. There are many, if not most, are trying to get to the point where they can inject process into that. It's not just the workflows that exist in a static form or even program microservices that are pretty deterministic. It's now probabilistic. We got all these crazy workflows. So you've got, obviously, Microsoft is a key platform that you're targeting, ServiceNow, other SaaS platforms. You mentioned earlier, even ChatGPT enterprise, you talked about Anthropic. So, the LLM vendors are now getting into the SaaS game with designs to build essentially richer software on top. So, the number of software companies is exploding. The saying 15 years ago is every company's going to be a software company. That actually didn't really happen. It was hard to be a software company, but it's actually going to happen now. And so, the number of potential platforms that you can protect is going through the roof. How do you think about that? How do you think about your TAM?
Hasan Imam
>> Yeah. First of all, I think the SaaS vendors are in a fight for survival because if you think about what we pay for when we buy a license from a SaaS vendor, we are paying for the access layer and the business logic, not the data that sits in the SaaS layer. That's my data. I can move that around if I want.
Dave Vellante
>> Right.
Hasan Imam
>> What's happening is, it's now so easy to build the business logic because an agent can figure out business logic because it can harness the power of AI to be able to pull in tremendous amount of data and memory and essentially real time figure things out. So, every SaaS vendor has to build agentic capabilities to survive, otherwise they will lose the business logic layer, right? And which is a big part of how they're monetizing their service. Anthropics, OpenAIs, if you think about the amount of investment that's gone in there, they have to build that business. They have to build capabilities that allows us to take business away from the Microsoft and the Salesforces of the world. So, you're going to see this...
Dave Vellante
>> Kind of like BEA and Oracle all over again.
Hasan Imam
>> That's right, that's right.
Dave Vellante
>> You remember that, right? And Oracle had to respond to that. And that is a similar sort of dynamic going on today.
Hasan Imam
>> Yeah. So fundamentally, I think that you are going to see the 38,000 SaaS application build agentic platforms, but at the same time, you will see a lot of purpose built capabilities built on top of these foundational layers, which could be built by the Anthropics of the world, but it can also be built by partners of Anthropic, which harnesses the Anthropic and OpenAI's foundational model to be able to very quickly spin up the next CRM.
Dave Vellante
>> Yep. Right.
Hasan Imam
>> Spinning up the next CRM right now is you can do it in days, months. It's not a year long process.
Dave Vellante
>> And the crown jewels are really, it's the business logic, the process logic, all the metadata associated with that. The SaaS guys have to hold onto that and have to build agents that do a better job of some third party coming in and sort of stealing their lunch. It's going to be interesting to watch. All right. Give us the rundown of the company. You guys started in what, 2017, is that correct?
Hasan Imam
>> End of 2017.
Dave Vellante
>> You raised over $100 million. Is that right?
Hasan Imam
>> We raised close to $150 million.
Dave Vellante
>> $150 million. So, still pretty capital efficient. Where are you today? What can you tell us about, I mean, I think you gave us some stats on percentage of customers that are in large banks, etc. What else can you tell us about the company? Are you doing a raise? You got product market fit? You're scaling, go to market? Tell us more.
Hasan Imam
>> Yeah. So, found in 2017, we really went to market in 2021. 2021 to now, we have seen amazing growth cover Fortune 500, Global 2000. We have infrastructure in place in US, Europe, Middle East, and Saudi Arabia, Australia, New Zealand. So when we think about our customers, we think about the global 2000 as the market.
Dave Vellante
>> That's your target.
Hasan Imam
>> We plan to do series D next year, and we feel like we have the trajectory to be able to build a company that can stand alone, and hopefully one day we'll be here ringing the bell.
Dave Vellante
>> Yeah, I love it. Yeah.
Hasan Imam
>> So, that's the goal. So, we certainly have the market. We certainly have the depth of the problem to build something significant. I think the thing that we are very proud about is not only the number of Fortune 500 logos, but who we have in Fortune 500. Because at the end of the day, security or threats in the top banks, in the top telcos, it's 10X relative to the institutions that are in the Fortune 400 to 500. So, our ability to see this problem through the lens of the most significant enterprises in the world puts us in a unique position to stay ahead of this problem. And ultimately, I think that's why we feel like we have durability relative to what we are building and what we can build.
Dave Vellante
>> Are you selling to the CSO? Are you selling to the folks that are deploying SaaS, the lines of business? Who are you selling to?
Hasan Imam
>> So, CSO is almost always our executive sponsor, but there are stakeholders that we care about in a CSO's organization. Governance, risk and compliance are becoming important stakeholders because they need to govern AI, they need to govern SaaS. They're trying to react to regulators coming up with new requirements relative to how data is being managed in SaaS as well as access.
Dave Vellante
>> Even IT, portions of IT are stakeholders for you guys.
Hasan Imam
>> 100%. 100%. And then CyberOps, right?
Dave Vellante
>> Yeah, right.
Hasan Imam
>> Because CyberOps has to reinvent, right? They can no longer think about reacting to attacks. They have to think about how to be proactive, how to have data that has deep context.
Dave Vellante
>> And that brings in the dev team as well. So yeah, rich tapestry. Well, Hasan, thanks so much for coming on theCUBE. Really appreciate it. Great conversation.
Hasan Imam
>> Thank you.
Dave Vellante
>> You're very welcome. All right. Thank you for watching. This is Dave Vellante for John Furrier and the entire CUBE team and NYSE Wired. Keep it right there. We'll be right back to the New York Stock Exchange, right after this short break.
Dave Vellante