In this interview from theCUBE + NYSE Wired: Security in the AI Era series, Proofpoint CEO Sumit Dhawan joins theCUBE’s John Furrier to unpack how AI is changing both offense and defense in cybersecurity. Dhawan explains Proofpoint’s shift from human-centric security to protecting humans and AI agents together: what he calls an “agentic workspace.” He details four key announcements: detecting and preventing AI exploits over email, expanding data security and governance, introducing an Agent Gateway to enforce guardrails on AI data sharing and enabling story agents with MCP access. The discussion highlights practical use cases, including real-world defenses against prompt injection attempts targeting tools like Copilot via hidden email instructions, and why unifying threat and data-risk signals on a single platform is resonating with CISOs.
The conversation also surfaces noteworthy metrics and adoption trends: 33% of enterprises already use AI agents, with 93% expected within 18 months, 60% of CISOs view AI enablement as a risk even as they move forward, and a recent leadership forum poll showed ~70–80% now hold AI security as a formal mandate. Dhawan outlines Proofpoint’s innovation strategy and growth vectors – rising GenAI-driven threat pressure, budget consolidation toward trusted platforms, and the tight linkage between data security and AI security. He closes by describing Proofpoint Satori agents and deeper MCP integrations designed to automate routine SOC tasks and accelerate secure AI adoption without fragmenting toolsets.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Zero Trust Cyber Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Zero Trust Cyber Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Zero Trust Cyber Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Zero Trust Cyber Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Zero Trust Cyber Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Zero Trust Cyber Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Sumit Dhawan, Proofpoint
In this interview from theCUBE + NYSE Wired: Security in the AI Era series, Proofpoint CEO Sumit Dhawan joins theCUBE’s John Furrier to unpack how AI is changing both offense and defense in cybersecurity. Dhawan explains Proofpoint’s shift from human-centric security to protecting humans and AI agents together: what he calls an “agentic workspace.” He details four key announcements: detecting and preventing AI exploits over email, expanding data security and governance, introducing an Agent Gateway to enforce guardrails on AI data sharing and enabling story agents with MCP access. The discussion highlights practical use cases, including real-world defenses against prompt injection attempts targeting tools like Copilot via hidden email instructions, and why unifying threat and data-risk signals on a single platform is resonating with CISOs.
The conversation also surfaces noteworthy metrics and adoption trends: 33% of enterprises already use AI agents, with 93% expected within 18 months, 60% of CISOs view AI enablement as a risk even as they move forward, and a recent leadership forum poll showed ~70–80% now hold AI security as a formal mandate. Dhawan outlines Proofpoint’s innovation strategy and growth vectors – rising GenAI-driven threat pressure, budget consolidation toward trusted platforms, and the tight linkage between data security and AI security. He closes by describing Proofpoint Satori agents and deeper MCP integrations designed to automate routine SOC tasks and accelerate secure AI adoption without fragmenting toolsets.
In this interview from theCUBE + NYSE Wired: Security in the AI Era series, Proofpoint CEO Sumit Dhawan joins theCUBE’s John Furrier to unpack how AI is changing both offense and defense in cybersecurity. Dhawan explains Proofpoint’s shift from human-centric security to protecting humans and AI agents together: what he calls an “agentic workspace.” He details four key announcements: detecting and preventing AI exploits over email, expanding data security and governance, introducing an Agent Gateway to enforce guardrails on AI data sharing and enabling story a...Read more
exploreKeep Exploring
What role does AI play in the mainstream adoption of technology, particularly in the field of cybersecurity?add
What is the value proposition of Proofpoint regarding the integration of AI in their human-centric security platform?add
What are current trends and challenges faced by CISOs regarding the integration of AI technologies in enterprises?add
What is the current perspective on the risks and opportunities associated with AI enablement in enterprises?add
>> Hello, I'm John Furrier here in our CUBE Studios on the East Coast, in the New York Stock Exchange. Of course, we have our Palo Alto Studio connecting Silicon Valley and Wall Street, the money and the tech converging in. Of course, AI is infused in all aspects of our lives and technology, so it's gone mainstream. Tech is mainstream and cybersecurity has been one of the hottest areas, because it's a data problem and AI is really making headway into that market where it's tough customer. They got a high bar in security, of course. They want to really kind peel back the onion and look at the value. Sumit is here, CEO of Proofpoint, CUBE alumni, part of our cyber leaders. Congratulations on a great event you just had. Welcome back to theCUBE. Thanks for coming on.
Sumit Dhawan
>> Thanks for having me. You got to be proud of CUBE, this is a great setup and thanks for having me here.>> You just had your event, your annual conference. How did it go?
Sumit Dhawan
>> It was an amazing success. Listen, from a customer conference perspective, Proofpoint has had more CISO level events in the past. We scaled it up to a full customer conference with thousands of people either live and then several thousand streamed in parts of the show. It was a great event for us. We are pumped up. We made some strategic announcements from product solutions, some alliances, so it was a great week.>> I want to talk about the four announcements, because I saw the news release, saw all the news. Detecting and preventing AI exploits over email, data security with governance, Secure Agent Gateway, and then story agents and MCP access. These are pretty key products. The theme all is capabilities, and to me, I'm reading it, I'm saying, "Okay, these are confidence boosters for AI and security." And at the same time, it's changing the game a little bit for the practitioners. What's their takeaway? What was your main message on those news points? How would you boil all four up into one bumper sticker or value proposition?
Sumit Dhawan
>> It's actually very simple. Proofpoint is all about human centric security. We protect people from threats and losing data. What we did at the conference was we said, "Listen, in the future, if not already, people are going to have AI assistance and agents." Let's call it agentic workspace. People, AI agents and assistants all working together. And these four announcements are to extend our human centric security platform to human and AI agent centric security. Why? Because AI mimics human. So AI risks are no different than humans. AI loses data. AI can mishandle data. AI loses credentials, AI can run malware, and AI can have prompt engineering just like humans having social engineering. So all of these four solutions are simply extending our human-centric security to human and agent-centric security.>> So what's the human agentic security mean? Human-directed? Is it like HR employee, "Hey, go do this?" I mean, take me through the use case of how a human-centric agentic would look like.
Sumit Dhawan
>> Look like. So let's say you, you probably already have Copilots, Microsoft Copilot or Google's Copilot, whatever it may be. You may have agents. Now, you are telling the agents what to do. I'm an attacker. What can I do? I can attack you. I can attack your Copilot and I can attack your agents. Now, if you have to secure your workspace, which is yourself, not just yourself but also your Copilots and agents, you have to do four additional things from human-centric security. You want to make sure your data has safeguards, because AI feeds off of data. So that's our data security announcement. Second, you want to make sure your agents don't mishandle data. Even if your data is safeguarded, an AI agent, which feeds off of data, that doesn't know which information can be shared with who. Third, you want to make sure the AI doesn't get attacked by an attacker. That's the AI exploit announcement. And then lastly, if you are operating all this security, you want to make sure you're also leveraging AI agents to protect. So this is protecting AI and using AI for protection. So that's how the theme of the conference are. And these are just four things we announced all making sure that your human and agents working together are protected from threats and data loss.>> I mean, it makes sense. The human has an extension. The agents are extension of my work.
Sumit Dhawan
>> Exactly.>> Kind of like the old school, my desktop.
Sumit Dhawan
>> Yes.>> Secure desktop.
Sumit Dhawan
>> Yes, yes.>> Now, I'm out everywhere. I'm doing data, I got certain credentials. How is that rendering itself into the customer, your customer? Because they're busy, they want to have that security. What are some of the use cases that you're seeing that gives them the confidence? Where's the wins? What are some of the things that they're doing?
Sumit Dhawan
>> What's happening right now in the enterprise is CISOs are being asked to go enable AI, not stand in the way. They're asked to do that, but CISOs or security professionals have, in the past, had the tendency to wait until something bad has happened or do risk by risk. What we see right now is that CISOs are now saying, "If I have to enable AI ..." And they're seeing agents, 33% enterprises, they've already have agents. And in the next 18 months, 93% enterprises will have agents enabled. So what they're saying is if that's the case, what security solution I can extend because I don't have time to vet out a brand new tech. I already use Proofpoint for protecting humans from threats and protecting data loss. So the use cases are in those two categories. Can I just extend my Proofpoint threat protection to protecting threats that are coming into AI? Check. Can I protect my data loss solution that I already have for humans to also work for humans and agents? Check. Those are the two use cases that drive everything.>> Yeah. And the AI side is so fast moving. I mean, you've seen some fast waves. This one's fast.
Sumit Dhawan
>> This one's fast.>> Pace of play is pretty high. So one of the things that's happening on the targeting side is malicious prompt injections.
Sumit Dhawan
>> Yes.>> Okay. This is becoming one. We've also seen MCP servers being targeted. The bad guys will find spots, but they go on after the language well, and they'll probably go after the agents. As you pointed out, you're securing those. What's that look like from your standpoint? How are you seeing that?
Sumit Dhawan
>> One of the most mundane thing we are seeing, which is here, and we are already protecting our customers from it, is attacks on Copilots. So think about this. If I'm an attacker and I'm sending you emails and you are ignoring me, you're sophisticated, you've ignored me. You know what I'm going to do? I'm going to send a message that is invisible to you, some text in the message, but it actually can be read by your Copilot. And I'm going to tell my Copilot to ignore when he gives you an instruction of doing ABC, do something different. Now, you don't know I've given Copilot that instructions. Copilot has read that email. So effectively, it's a prompt injection. So you know what the interesting part is? Every communication you're getting is a prompt for Copilot. So we are protecting that classic use case, AI. That's AI exploitation. So any communication you get, Copilot is protected. And that kind of a threat is here today, and we are defending our customers against it today.>> So Proofpoint doing the threat protection. What about this Agent Gateway?
Sumit Dhawan
>> Agent Gateway is for data security. So agents, I kind of made this joke at the conference, agents are like my aunties, my mother's sister. You put them together and you tell one of them something, they all know about it. They gossip. They don't know what's a secret, what's not a secret, or there is no secret among them. If you think about agents, agents are built to do something and they feed off of data. The problem with agents is they're not designed by themselves to know what information can be shared by who when they're serving customers, and that can be exploited. So Agent Gateway protects against that. It essentially puts some guardrails and policies on how information that's given to agents can be shared and who can get what information from agents.>> Talk about the innovations you guys going on. People want to know, okay, you had your conference. I know that you guys fresh off the customer meetings. What are the top innovations that you guys are doing? How would you boil the innovation strategy? How would you describe that?
Sumit Dhawan
>> Broadly speaking, our innovation is structured in extending our platform and signals on both threat side and data risk side from both humans and agents into a singular platform. Because our customers, at the same time, they want these whiz bang threat protection features. They want these new capabilities, but they don't want multiple platforms. There is this thing at this point in time among CISOs to say, "I want fewer but more integrated platforms." So one of the big theme for us as a company is when we are innovating, we are doing that in one single platform that's collecting more signals and is providing sort of the control points in an integrated fashion to enforce the right sort of controls when abnormalities are detected. So that part of strategy resonated this week really, really well. It was good for them to see that we are extending a platform that they use from humans to humans and agents, and we are doing that with a more strategic platform rather than just building a bunch of products that are not connected.>> Yeah. You and I have talked about this in the past many times on theCUBE, the governance balance between compliance and governance, making sure things are tight and innovation sometimes are at odds.
Sumit Dhawan
>> At odds.>> And so how do you look at it now? Data protection is super important. That's kind of a risk management and innovation opportunity, because you got some news around that. What's the current view from your standpoint on-
Sumit Dhawan
>> I think my current view is at this point in time, CEO level, top-down mandate is to enable AI. AI is a source of innovation. AI is a source of business transformation, and there is no one in the company who can stand against it. Okay?>> Yeah, it's too much of a force.
Sumit Dhawan
>> It's too big of a force. So the good news in this point of time, sort of a force, there's just force that's carrying innovation forward. There is no governance and security blocking it, so it's creating risk. It's creating risk because right now, every enterprise is enabling AI without the right checks and balances. That's just the truth. And so there is a lot of concern among CISOs. We did a CISO study. 60% of which is up from 54% think that AI enablement is a risk to their enterprise, but they're doing it. I think the good news is innovation is winning. And what I really hope is that we and our customers, our enterprises don't wait for an incident before they put safeguards. Because this whole analogy of brakes are put in a car, not to stop the car, but for you to make the car go faster. So that's kind of the hygiene of cyber. Cyber is there not to stop the innovation, it's to innovate faster. And I think at this point in time, if I were to just qualitatively assess, cyber has to very quickly step up, because by doing so, AI will go faster. And that's something that CEOs have to realize.>> Yeah, I like that brakes. Brakes are there to allow you to go faster, so you can slow down-
Sumit Dhawan
>> Exactly.... >> when you need to.
Sumit Dhawan
>> When you need to.>> And you'll have guardrails too-
Sumit Dhawan
>> Exactly. Exactly.... >> in case you need to throw guardrails in there. All right, Sumit, I got to ask you about something that I've been watching very closely. And there's no one standard because every enterprise is different, but there's starting to be patterns form. The chief AI officer is emerging. Now, you're in security, so you know there's a CISO and that's really top of the food chain, at least in my opinion. Someone will debate that, but you're starting to see the rise of a chief AI officer. So it's interesting. If it's a technical company, it usually like a CTO becomes the chief AI officer, which by the way, they still keep their day job.
Sumit Dhawan
>> Yeah, yeah, yeah.>> They just get both jobs, right? Same pay, maybe more options if it's a private company. And some make it a center of excellence. It's like a political position, or I'm going to build a kingdom of great AI people, and that's okay. May not have the technical chops, but it's more of maybe a management role either for center of excellence, training, and actually putting real policy in place. It kind of depends on the policy. And I'm kind of generalizing to make a point. Security tends to lean on the technical side where CISOs are driving it, where they might be involved in that. What's your observation based on the customer calls you've gone on? I know you talked to a lot of customers. You guys are customer-centric. I don't want to pin you out for a number, but just the order of magnitude. Is the chief AI officer role happening more? And if so, or if not, why or what do they do?
Sumit Dhawan
>> I think what I'm seeing->> And do you agree with my premise of-
Sumit Dhawan
>> Yeah, I understand. I think what I'm seeing is a business enablement leader from full transformation of something that lead to a workforce transformation. Those roles are getting set up. And then the AI officer or AI office or an AI center of excellence kind of merging one or the other, emerging under the CIO, in more non-technical companies, but have done digital transformation where CDIO title is there, they formulate an AI->> So similar to a CD-
Sumit Dhawan
>> CDIO kind of a thing. And so that I'm seeing more and more of, and it's a working model that's healthy. As long as the CDIO has the technical abilities and is not coming from purely transformation point of view, it works quite well. And I think in that case, what is happening is CDIO is handing off the security mandate to CISO. I think the verdict on how many CISOs can step up.>> They don't have time for another job.
Sumit Dhawan
>> To catch it is yet to be seen.>> I mean, they don't usually have time, but they are interested in the data side of it.
Sumit Dhawan
>> They are, they are.>> Again, that's why I asked the question because it makes sense. The chief data officers are involved in data. It's an AI data problem. The CISOs are very aware.
Sumit Dhawan
>> We recently did a CIO forum here in New York. We ran about amazing CIOs, brought them together. They're all enabling AI. They all have centers of excellence and they have either CIOs or CDIO titles, and CISOs typically work for them, almost all of them. And what they told us was we have got a CDI, or a chief AI either officer or an AI center of excellence leader, and they have been given charter for AI enablement and they're much further along than CISO. And now, they're asking CISOs or they're expecting CISOs to bring data security, which is a key enabler of AI, implement it ASAP. So that's the dynamic. So I think the ask from CISO to enable AI securely is happening now. At our event, we ran a poll from the CISOs. There were about less than 100 CISOs just in a special event that we did as a leadership forum. We just said, "Show of hands, AI security now is a mandate of yours, 70%, 80%." Data security is a big part of that AI security. Almost everyone that said AI security, and it's one of the top three priorities everyone. So it's starting, but it's new. It's new.>> Got it. All right. As the CEO of Proofpoint, I have to ask the CEO questions. How's business growth? What are your growth vectors? Obviously, you got the four big news items. Product is key to success. And I think you're right, I agree with you. AI has to be an all in bet at this point because if you're on the wrong side of history. You'll be replaced.
Sumit Dhawan
>> Yeah, yeah, yeah.>> It's generally an industry norm, but what's your strategy? What's your growth vector?
Sumit Dhawan
>> I think as a company, we are blessed. We are doing really well. It's been two years for me in the company. We had a great year last year. And so far, things are going very well, I feel great about it. Our growth vectors are pretty straightforward. I think there is a little bit of a GenAI that's a tailwind for us to be candid. It's creating a threat landscape that's really, really harsh for our enterprise customers. They want best in class solution. We are the only one who has this sophisticated models that are preventing the hardest of the threats coming in real time at scale. So we are seeing more customers across the globe relying on us, so that's our first sort of growth vector. Second, we are seeing the budgets on CISOs. What they're saying is, "Hey, listen, I'm going to basically see my ..." Cyber budgets will grow faster than IT budget and cyber budget is still growing, maybe sometimes faster than the overall spend of the company, but there is pressure to have a portion of their cyber budget assigned to AI. So how will you get the remaining budget consolidated? So we are seeing a little bit of tailwinds in that. Typically, when CISOs are consolidating their spend, they end up coming with us because we are a trusted partner, performing a critical capability, and our platform spend grows by consolidating other piece parts. And then I would say that data and AI security is the third thing. We are excited about that just because securing data and securing AI, which are tightly related at this point in time. Data security four years ago used to be a little bit of, "Oh, who cares?" Now, data and AI go hand in hand. And so those are our three levers, sort of making sure that we ... GenAI because of threats, we are benefiting from it. Consolidation, we are benefiting from it. And data and AI, we are continually growing the share.>> Yeah, we have this debate almost daily on our WhatsApp threads, our Slack channels on theCUBE. Not every day on theCUBE, but for the most part, it comes up a lot, labor, human labor. Not in a political way. Oh, lose their jobs. More like, okay, productivity. Labor is an input into ultimately is the outcome, which is productivity. Security has always been a productivity game. Labor shortage has always been high.
Sumit Dhawan
>> And skills are nearly hard to find.>> Skills gap, we all talk about that all the time. How are you seeing that AI equation? Because this is an opportunity.
Sumit Dhawan
>> It's a huge opportunity. I think this autonomous SOC that both CrowdStrike and Microsoft and Palo Alto have laid out. I am 100% supportive. The way we are playing in that is we announced at this conference new agents. We call them Proofpoint Satori. These are agents. And we also provided a full MCP access to our platform. So when you are going with autonomous SOC with either CrowdStrike or Microsoft, we provided deep integration with our agents and our technology into those platforms. So you can really say the mundane day-to-day task of DLP alert triage, a message triage, things that why are your highly high-caliber security professionals doing it? Let agents do it.>> Sumit, great to have you on. Good to see you. The bell is going to ring. We're going to close out with the bell as they start. That is a loud bell.
Sumit Dhawan
>> That was.>> Okay, let's keep rolling. We close that with the bell here. Proofpoint just coming fresh off the conference, their annual conference, all the customers and their community together. Again, very rapidly growing private company. Again, Sumit, congratulations and thanks for coming on theCUBE.
Sumit Dhawan
>> Thanks for having me.>> All right, I'm John Furrier, bringing in all the data here in our cyber series. Thanks for watching.
